Lines Matching +full:zlib +full:- +full:dev

2 # Copyright (c) 1999-2004 Damien Miller
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
22 if test "$i" -nt "$srcdir/configure"; then
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
37 ]], [[return F(1, 2, -3);]])],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
72 MANFMT="$NROFF -mandoc"
74 MANFMT="$GROFF -mandoc -Tascii"
87 if test -x /sbin/sh; then
96 if test -z "$AR" ; then
101 if test ! -z "$PATH_PASSWD_PROG" ; then
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
120 #include <dev/systrace.h>
135 …[ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL…
154 [ --without-stackprotect Don't use compiler's stack protection], [
159 [ --without-hardening Don't use toolchain hardening flags], [
164 [ --without-retpoline Enable retpoline spectre mitigation], [
169 # We use -Werror for the tests only so that we catch warnings like "this is
170 # on by default" for things like -fPIE.
171 AC_MSG_CHECKING([if $CC supports -Werror])
173 CFLAGS="$CFLAGS -Werror"
176 WERROR="-Werror"],
184 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
196 ver="`$CC -v 2>&1`"
197 if echo "$ver" | grep "Apple" >/dev/null; then
198 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \
206 OSSH_CHECK_CFLAG_COMPILE([-pipe])
207 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
208 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
209 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
210 OSSH_CHECK_CFLAG_COMPILE([-Wall])
211 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
213 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
214 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
215 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
216 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
217 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
218 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
219 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
220 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
221 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
222 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
223 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
225 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
226 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
227 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
228 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
229 # NB. -ftrapv expects certain support functions to be present in
234 OSSH_CHECK_CFLAG_LINK([-ftrapv])
235 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See
237 # https://github.com/llvm/llvm-project/issues/59242
241 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
243 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
245 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
248 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
249 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
252 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
254 CFLAGS="$CFLAGS -fno-builtin-memset"
262 # -fstack-protector-all doesn't always work for some GCC versions
264 # on a given platform gcc will emit a warning so we use -Werror.
266 for t in -fstack-protector-strong -fstack-protector-all \
267 -fstack-protector; do
271 CFLAGS="$CFLAGS $t -Werror"
272 LDFLAGS="$LDFLAGS $t -Werror"
309 if test -z "$have_llong_max"; then
310 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
313 CFLAGS="$CFLAGS -std=gnu99"
349 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
359 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
371 [ --without-rpath Disable auto-added -R linker paths],
376 rpath_opt="-R"
385 [ --with-cflags Specify additional flags to pass to compiler],
387 if test -n "$withval" && test "x$withval" != "xno" && \
394 AC_ARG_WITH([cflags-after],
395 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
397 if test -n "$withval" && test "x$withval" != "xno" && \
404 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
406 if test -n "$withval" && test "x$withval" != "xno" && \
413 [ --with-ldflags Specify additional flags to pass to linker],
415 if test -n "$withval" && test "x$withval" != "xno" && \
421 AC_ARG_WITH([ldflags-after],
422 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
424 if test -n "$withval" && test "x$withval" != "xno" && \
431 [ --with-libs Specify additional libraries to link with],
433 if test -n "$withval" && test "x$withval" != "xno" && \
440 [ --with-Werror Build main code with -Werror],
442 if test -n "$withval" && test "x$withval" != "xno"; then
443 werror_flags="-Werror"
451 dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
612 # Messages for features tested for in target-specific section
619 # the --with-solaris-privs option and --with-sandbox=solaris).
622 # Check for some target-specific stuff
624 *-*-aix*)
626 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
638 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
639 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
640 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
645 if (test -z "$blibpath"); then
650 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
652 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
655 if (test -z "$blibflags"); then
661 if (test -z "$blibflags"); then
663 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
673 LIBS="$LIBS -ls"
710 supported by bsd-setproctitle.c])
713 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
718 *-*-android*)
722 *-*-cygwin*)
739 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
741 *-*-dgux*)
748 *-*-darwin*)
752 #include <mach-o/dyld.h>
786 supported by bsd-setproctitle.c])
790 SSHDLIBS="$SSHDLIBS -lsandbox"
792 # proc_pidinfo()-based closefrom() replacement.
795 # poll(2) is broken for character-special devices (at least).
800 *-*-dragonfly*)
804 *-*-haiku*)
805 LIBS="$LIBS -lbsd "
806 CFLAGS="$CFLAGS -D_BSD_SOURCE"
812 *-*-hpux*)
813 # first we define all of the options common to all HP-UX releases
814 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
823 LIBS="$LIBS -lsec"
825 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
829 *-*-hpux10*)
830 if test -z "$GCC"; then
831 CFLAGS="$CFLAGS -Ae"
835 *-*-hpux11*)
837 [Define if you are using Solaris-derived PAM which
850 *-*-hpux10.26)
852 [Define if you have SecureWare-based
855 LIBS="$LIBS -lsecpw"
859 *-*-irix5*)
872 *-*-irix6*)
876 (cluster-wide session management, not C arrays)])
891 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
898 *-*-linux*)
902 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
905 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
917 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
919 case `uname -r` in
968 x86_64-*)
971 i*86-*)
974 arm*-*)
977 aarch64*-*)
980 s390x-*)
983 s390-*)
986 powerpc-*)
989 powerpc64-*)
992 powerpc64le-*)
995 mips-*)
998 mipsel-*)
1001 mips64-*)
1011 mips64el-*)
1021 riscv64-*)
1033 *-*-minix)
1035 # poll(2) seems to choke on /dev/null; "Bad file descriptor"
1039 mips-sony-bsd|mips-sony-newsos4)
1043 *-*-netbsd*)
1045 rpath_opt="-R"
1047 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1057 *-*-freebsd*)
1070 *-*-freebsd9.*|*-*-freebsd10.*)
1071 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1075 *-*-bsdi*)
1080 *-next-*)
1089 *-*-openbsd*)
1098 *-*-solaris*)
1100 rpath_opt="-R"
1120 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1121 if test "$sol2ver" -ge 8; then
1133 AC_ARG_WITH([solaris-contracts],
1134 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1139 LIBS="$LIBS -lcontract"
1143 AC_ARG_WITH([solaris-projects],
1144 [ --with-solaris-projects Enable Solaris projects (experimental)],
1149 LIBS="$LIBS -lproject"
1153 AC_ARG_WITH([solaris-privs],
1154 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1157 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1168 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1174 *-*-sunos4*)
1175 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1184 *-ncr-sysv*)
1185 LIBS="$LIBS -lc89"
1192 *-sni-sysv*)
1195 # -lresolv needs to be at the end of LIBS or DNS lookups break
1196 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1210 *-*-sysv4.2*)
1220 *-*-sysv5*)
1221 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1232 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1235 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1236 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1243 *-*-sysv*)
1246 *-*-sco3.2v4*)
1250 *-*-sco3.2v5*)
1251 if test -z "$GCC"; then
1252 CFLAGS="$CFLAGS -belf"
1254 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1272 *-dec-osf*)
1276 [ --with-osfsia Enable Digital Unix SIA],
1284 if test -z "$no_osfsia" ; then
1285 if test -f /etc/sia/matrix.conf; then
1294 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1309 *-*-nto-qnx*)
1317 *-*-nto-qnx6*)
1323 *-*-ultrix*)
1324 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1334 mkdir -p netinet
1336 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1346 *-*-lynxos)
1347 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1373 LIBS="$LIBS -lgen"
1399 LIBS="$LIBS -lgen"
1407 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1411 dnl zlib defaults to enabled
1412 zlib=yes
1413 AC_ARG_WITH([zlib], optwith
1414 [ --with-zlib=PATH Use zlib in PATH],
1416 zlib=no
1418 if test -d "$withval/lib"; then
1419 if test -n "${rpath_opt}"; then
1420 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1422 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1425 if test -n "${rpath_opt}"; then
1426 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1428 LDFLAGS="-L${withval} ${LDFLAGS}"
1431 if test -d "$withval/include"; then
1432 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1434 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1441 AC_MSG_CHECKING([for zlib])
1442 if test "x${zlib}" = "xno"; then
1446 CHANNELLIBS="$CHANNELLIBS -lz"
1448 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1449 …AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check confi…
1454 dnl Check default zlib install dir
1455 if test -n "${rpath_opt}"; then
1456 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1458 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1460 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1463 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1469 AC_ARG_WITH([zlib-version-check],
1470 [ --without-zlib-version-check Disable zlib version check],
1477 AC_MSG_CHECKING([for possibly buggy zlib])
1481 #include <zlib.h>
1489 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1503 if test -z "$zlib_check_nonfatal" ; then
1504 AC_MSG_ERROR([*** zlib too old - check config.log ***
1505 Your reported zlib version has known security problems. It's possible your
1508 "./configure --without-zlib-version-check".
1509 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1510 See http://www.gzip.org/zlib/ for details.])
1512 AC_MSG_WARN([zlib version may have security problems])
1515 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1522 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1526 LIBS="$LIBS -lc89"]) ]
1550 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1555 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1569 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1658 if test -d "/proc/$$/fd" ; then
1667 AC_ARG_WITH([tcp-wrappers],
1668 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1674 if test -n "${withval}" && \
1676 if test -d "${withval}/lib"; then
1677 if test -n "${need_dash_r}"; then
1678 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1680 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1683 if test -n "${need_dash_r}"; then
1684 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1686 LDFLAGS="-L${withval} ${LDFLAGS}"
1689 if test -d "${withval}/include"; then
1690 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1692 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1695 LIBS="-lwrap $LIBS"
1710 SSHDLIBS="$SSHDLIBS -lwrap"
1723 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1727 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1729 LIBS="-lldns $LIBS"
1732 LIBS="$LIBS `$LDNSCONFIG --libs`"
1733 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1737 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1738 LDFLAGS="$LDFLAGS -L${withval}/lib"
1739 LIBS="-lldns $LIBS"
1770 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1783 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1784 if test -n "${rpath_opt}"; then
1785 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1787 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1791 LIBEDIT=`$PKGCONFIG --libs libedit`
1792 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1794 LIBEDIT="-ledit -lcurses"
1796 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1825 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1848 if test "$sol2ver" -ge 11; then
1849 SSHDLIBS="$SSHDLIBS -lscf"
1859 SSHDLIBS="$SSHDLIBS -laudit"
1877 [ --with-pie Build Position Independent Executables if possible], [
1909 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1910 OSSH_CHECK_LDFLAG_LINK([-pie])
1911 # We use both -fPIE and -pie or neither.
1912 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1913 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1914 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1923 AC_MSG_CHECKING([whether -fPIC is accepted])
1925 CFLAGS="$CFLAGS -fPIC"
1929 PICFLAG="-fPIC"; ],
2093 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2113 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2122 AC_ARG_ENABLE([security-key],
2123 [ --disable-security-key disable U2F/FIDO support code [no]],
2131 AC_ARG_WITH([security-key-builtin],
2132 [ --with-security-key-builtin include builtin U2F/FIDO support],
2137 AC_ARG_ENABLE([dsa-keys],
2138 [ --disable-dsa-keys disable DSA key support [no]],
2145 test -z "$disable_ecdsa" &&
2174 dnl check if we need -D_REENTRANT for localtime_r declaration.
2177 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2351 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2358 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2467 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2480 if test ! -z "$check_for_openpty_ctty_bug"; then
2510 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2525 AC_MSG_RESULT([cross-compiling, assuming yes])
2559 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2560 if (ai->ai_family != AF_INET6)
2563 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2576 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2579 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2594 AC_MSG_RESULT([cross-compiling, assuming yes])
2628 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2629 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2632 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2636 if (ai->ai_family == AF_INET && err != 0) {
2647 for the all-zeros IPv6 address])
2654 AC_MSG_RESULT([cross-compiling, assuming no])
2751 exit(r == -1 ? 0 : 1);
2775 AC_ARG_WITH([ssl-dir],
2776 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2779 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2786 if test -d "$withval/lib"; then
2788 elif test -d "$withval/lib64"; then
2794 if test -n "${rpath_opt}"; then
2795 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2797 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2799 if test -d "$withval/include"; then
2800 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2802 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2806 if test -x "${withval}/bin/openssl" && \
2807 "${withval}/bin/openssl" version >/dev/null 2>&1; then
2809 elif test -x "${withval}/apps/openssl" && \
2810 "${withval}/apps/openssl" version >/dev/null 2>&1; then
2819 AC_ARG_WITH([openssl-header-check],
2820 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2829 AC_ARG_WITH([ssl-engine],
2830 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2834 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2843 LIBS="-lcrypto $LIBS"
2844 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2848 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2919 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
2928 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
2936 lver=`echo "$sslver" | sed 's/.*libressl-//'`
2946 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2950 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2968 x86_64-*)
2971 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2996 by running "./configure --without-openssl-header-check".
3019 LIBS="$LIBS -ldl"
3020 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
3026 CHANNELLIBS="$CHANNELLIBS -ldl"
3194 [ AC_MSG_WARN([cross-compiling: assuming yes])
3213 ecdsa-sha2-nistp256 \
3214 ecdh-sha2-nistp256 \
3215 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3221 ecdsa-sha2-nistp384 \
3222 ecdh-sha2-nistp384 \
3223 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3229 ecdh-sha2-nistp521 \
3230 ecdsa-sha2-nistp521 \
3231 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3273 if test ! -z "$disable_pkcs11" ; then
3276 if test ! -z "$disable_sk" ; then
3289 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3291 # Do not try to build sk-dummy library.
3296 # Now check for built-in security key support.
3297 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3309 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3310 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3312 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3314 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3328 if test ! -z "$fido2_error" ; then
3338 [Enable for built-in U2F/FIDO support])
3339 enable_sk="built-in"
3392 AC_ARG_WITH([prngd-port],
3393 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3399 [[0-9]]*)
3402 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3405 if test ! -z "$withval" ; then
3414 AC_ARG_WITH([prngd-socket],
3415 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3419 withval="/var/run/egd-pool"
3431 if test ! -z "$withval" ; then
3432 if test ! -z "$PRNGD_PORT" ; then
3435 if test ! -r "$withval" ; then
3448 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3449 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3455 if test ! -z "$PRNGD_SOCKET" ; then
3465 if test ! -z "$PRNGD_PORT" ; then
3467 elif test ! -z "$PRNGD_SOCKET" ; then
3469 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3474 …AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this dev…
3476 …figure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --
3482 LIBS="$LIBS -liaf"
3483 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3493 LIBS="-lcrypt $LIBS"
3494 SSHDLIBS="-lcrypt $SSHDLIBS"
3502 [ --with-pam Enable PAM support ],
3519 SSHDLIBS="$SSHDLIBS -lpam"
3525 *-ldl*)
3529 SSHDLIBS="$SSHDLIBS -ldl"
3537 AC_ARG_WITH([pam-service],
3538 [ --with-pam-service=name Specify PAM service name ],
3560 (void)pam_strerror((pam_handle_t *)NULL, -1);
3572 *-*-cygwin*)
3579 AC_ARG_WITH([privsep-user],
3580 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3582 if test -n "$withval" && test "x$withval" != "xno" && \
3590 [Cygwin function to fetch non-privileged user for privilege separation])
3593 [non-privileged user for privilege separation])
3648 …[ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, sec…
3691 fd = open("/dev/null", O_RDONLY);
3700 if (r == -1)
3706 if (r == -1)
3735 exit (r == -1 ? 1 : 0);
3766 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3772 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3778 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3780 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3786 ( test -z "$sandbox_arg" && \
3805 ( test -z "$sandbox_arg" && \
3816 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3826 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3829 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3834 AC_MSG_ERROR([unsupported --with-sandbox])
3837 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3838 if test ! -z "$SONY" ; then
3839 LIBS="$LIBS -liberty";
3867 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3880 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3893 if (fprintf(f, "-") < 0)
3894 return -1;
3900 if (fprintf(f, "%d", l[--i]) < 0)
3901 return -1;
3904 return -1;
3927 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3928 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3998 if (test -z "$have_intxx_t" && \
4042 if test -z "$have_u_intxx_t" ; then
4064 if (test -z "$have_u_int64_t" && \
4077 if test -z "$have_u_intxx_t" ; then
4096 if (test -z "$have_uintxx_t" && \
4109 if (test -z "$have_uintxx_t" && \
4122 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4695 LIBS="$LIBS -lresolv"
4696 AC_MSG_CHECKING([for res_query in -lresolv])
4745 [ --with-selinux Enable SELinux support],
4754 [ LIBSELINUX="-lselinux"
4755 LIBS="$LIBS -lselinux"
4767 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4789 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4790 K5LIBS=`$PKGCONFIG --libs krb5`
4794 if "$PKGCONFIG" krb5-gssapi; then
4799 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4800 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4815 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4816 [$KRB5ROOT/bin/krb5-config],
4818 if test -x $KRB5CONF ; then
4819 K5CFLAGS="`$KRB5CONF --cflags`"
4820 K5LIBS="`$KRB5CONF --libs`"
4824 if $KRB5CONF | grep gssapi >/dev/null ; then
4829 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4830 GSSLIBS="`$KRB5CONF --libs gssapi`"
4845 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4846 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4852 K5LIBS="-lkrb5"
4853 K5LIBS="$K5LIBS -lcom_err -lasn1"
4855 [K5LIBS="$K5LIBS -lroken"])
4857 [K5LIBS="$K5LIBS -ldes"])
4859 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4865 GSSLIBS="-lgssapi_krb5" ],
4868 GSSLIBS="-lgssapi" ],
4871 GSSLIBS="-lgss" ],
4872 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4878 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4880 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4886 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4892 if test -n "${rpath_opt}" ; then
4895 if test ! -z "$blibpath" ; then
4934 AC_ARG_WITH([privsep-path],
4935 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4937 if test -n "$withval" && test "x$withval" != "xno" && \
4946 [ --with-xauth=PATH Specify path to xauth program ],
4948 if test -n "$withval" && test "x$withval" != "xno" && \
4960 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4966 STRIP_OPT=-s
4968 [ --disable-strip Disable calling strip(1) on install],
4977 if test -z "$xauth_path" ; then
4987 dnl # --with-maildir=/path/to/mail gets top priority.
4997 [ --with-maildir=/path/to/mail Specify your system mail directory],
5045 maildir_what=`awk -F: '{print $1}' conftest.maildir`
5046 maildir=`awk -F: '{print $2}' conftest.maildir \
5063 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5070 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5071 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5074 if test -z "$no_dev_ptmx" ; then
5076 AC_CHECK_FILE(["/dev/ptmx"],
5079 [Define if you have /dev/ptmx])
5086 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5087 AC_CHECK_FILE(["/dev/ptc"],
5090 [Define if you have /dev/ptc])
5095 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5100 [ --with-mantype=man|cat|doc Set man page type],
5112 if test -z "$MANTYPE"; then
5113 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5115 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5117 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5133 [ --without-shadow Disable shadow password support],
5142 if test -z "$disable_shadow" ; then
5162 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5169 AC_ARG_WITH([ipaddr-display],
5170 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5181 AC_ARG_ENABLE([etc-default-login],
5182 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5189 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5207 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5215 AC_ARG_WITH([default-path],
5216 [ --with-default-path= Specify default $PATH environment for server],
5220 --with-default-path=PATH has no effect on this system.
5223 if test ! -z "$external_path_file" ; then
5225 --with-default-path=PATH will only be used if PATH is not defined in
5235 if test ! -z "$external_path_file" ; then
5278 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5287 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
5288 if test $? -ne 0 ; then
5289 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
5290 if test $? -ne 0 ; then
5303 AC_ARG_WITH([superuser-path],
5304 [ --with-superuser-path= Specify different path for super-user],
5306 if test -n "$withval" && test "x$withval" != "xno" && \
5317 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5320 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5344 AC_ARG_WITH([bsd-auth],
5345 [ --with-bsd-auth Enable BSD auth support],
5358 if test ! -d $piddir ; then
5365 AC_ARG_WITH([pid-dir],
5366 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5368 if test -n "$withval" && test "x$withval" != "xno" && \
5371 if test ! -d $piddir ; then
5383 AC_ARG_ENABLE([fd-passing],
5384 [ --disable-fd-passing disable file descriptor passsing [no]],
5394 [ --disable-lastlog disable use of lastlog even if detected [no]],
5402 [ --disable-utmp disable use of utmp even if detected [no]],
5410 [ --disable-utmpx disable use of utmpx even if detected [no]],
5419 [ --disable-wtmp disable use of wtmp even if detected [no]],
5427 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5436 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5444 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5454 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5464 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5468 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5476 dnl need for command-line parameters
5516 if test -z "$conf_lastlog_location"; then
5519 if (test -d "$f" || test -f "$f") ; then
5523 if test -z "$conf_lastlog_location"; then
5525 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5530 if test -n "$conf_lastlog_location"; then
5548 if test -z "$conf_utmp_location"; then
5551 if test -f $f ; then
5555 if test -z "$conf_utmp_location"; then
5560 if test -n "$conf_utmp_location"; then
5578 if test -z "$conf_wtmp_location"; then
5581 if test -f $f ; then
5585 if test -z "$conf_wtmp_location"; then
5590 if test -n "$conf_wtmp_location"; then
5611 if test -z "$conf_wtmpx_location"; then
5621 if test ! -z "$blibpath" ; then
5663 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5692 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5693 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5699 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5710 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5731 if test ! -z "$external_path_file"; then
5736 if test ! -z "$superuser_path" ; then
5766 if test ! -z "${CHANNELLIBS}"; then
5769 if test ! -z "${LIBFIDO2}"; then
5772 if test ! -z "${SSHDLIBS}"; then
5791 if test ! -z "$NO_PEERCHECK" ; then
5796 echo "ssh-agent. Their absence increases the risk that a malicious"