diff options
Diffstat (limited to '')
| -rw-r--r-- | configure.ac | 476 |
1 files changed, 368 insertions, 108 deletions
diff --git a/configure.ac b/configure.ac index 18d59b6..1f2e4d7 100644 --- a/configure.ac +++ b/configure.ac @@ -13,8 +13,8 @@ dnl # config.sub. # -AC_PREREQ(2.69) -AC_INIT(tcpdump, m4_esyscmd_s([cat VERSION])) +AC_PREREQ([2.69]) +AC_INIT([tcpdump],[m4_esyscmd_s(cat VERSION)]) AC_CONFIG_SRCDIR(tcpdump.c) AC_CANONICAL_HOST @@ -31,7 +31,16 @@ fi AC_LBL_C_INIT(V_CCOPT, V_INCLS) AC_LBL_C_INLINE -AC_CHECK_HEADERS(fcntl.h rpc/rpc.h rpc/rpcent.h net/if.h) +AC_CHECK_HEADERS(rpc/rpc.h rpc/rpcent.h net/if.h) +# +# Get the size of a void *, to know whether this is a 32-bit or 64-bit build. +# +AC_CHECK_SIZEOF([void *]) + +# +# Get the size of a time_t, to know whether it's 32-bit or 64-bit. +# +AC_CHECK_SIZEOF([time_t],,[#include <time.h>]) case "$host_os" in @@ -63,6 +72,15 @@ darwin*) ;; esac +# +# Do we have pkg-config? +# +PKG_PROG_PKG_CONFIG + +# +# Do we have the brew command from Homebrew? +# +AC_PATH_PROG([BREW], [brew]) AC_ARG_WITH([smi], [AS_HELP_STRING([--with-smi], @@ -84,8 +102,7 @@ if test "x$with_smi" != "xno" ; then AC_MSG_CHECKING([whether to enable libsmi]) savedlibs="$LIBS" LIBS="-lsmi $LIBS" - AC_TRY_RUN( - [ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ /* libsmi available check */ #include <stdio.h> #include <stdlib.h> @@ -106,6 +123,7 @@ int main() exit(4); exit(0); } + ]]) ], [ AC_MSG_RESULT(yes) @@ -137,6 +155,33 @@ int main() ]) fi +AC_MSG_CHECKING([whether to enable the instrument functions code]) +AC_ARG_ENABLE([instrument-functions], + [AS_HELP_STRING([--enable-instrument-functions], + [enable instrument functions code [default=no]])], + [], + [enableval=no]) +case "$enableval" in +yes) AC_MSG_RESULT(yes) + AC_CHECK_LIB([bfd], [bfd_init], + [true], + [AC_MSG_ERROR( + [--enable-instrument-functions was given, but test for library libbfd failed. Please install the 'binutils-dev' package.])], + []) + AC_DEFINE(ENABLE_INSTRUMENT_FUNCTIONS, 1, + [define if you want to build the instrument functions code]) + LOCALSRC="$LOCALSRC instrument-functions.c" + # Add '-finstrument-functions' instrumentation option to generate + # instrumentation calls for entry and exit to functions. + # Try to avoid Address Space Layout Randomization (ALSR). + CFLAGS="$CFLAGS -O0 -ggdb -finstrument-functions -fno-stack-protector -fno-pic" + LDFLAGS="$LDFLAGS -O0 -ggdb -fno-stack-protector -no-pie" + LIBS="$LIBS -lbfd" + ;; +*) AC_MSG_RESULT(no) + ;; +esac + AC_MSG_CHECKING([whether to enable the possibly-buggy SMB printer]) AC_ARG_ENABLE([smb], [AS_HELP_STRING([--enable-smb], @@ -153,25 +198,42 @@ yes) AC_MSG_RESULT(yes) ;; esac -AC_ARG_WITH(user, [ --with-user=USERNAME drop privileges by default to USERNAME]) AC_MSG_CHECKING([whether to drop root privileges by default]) -if test ! -z "$with_user" ; then - AC_DEFINE_UNQUOTED(WITH_USER, "$withval", - [define if should drop privileges by default]) - AC_MSG_RESULT(to \"$withval\") -else - AC_MSG_RESULT(no) -fi +AC_ARG_WITH( + [user], + [AS_HELP_STRING([--with-user=USERNAME], + [drop privileges by default to USERNAME] + )], + [], + [withval=no]) +AS_CASE(["$withval"], + [no], [AC_MSG_RESULT(no)], + [''|yes], [AC_MSG_ERROR([--with-user requires a username])], + [ + AC_DEFINE_UNQUOTED(WITH_USER, "$withval", + [define if should drop privileges by default]) + AC_MSG_RESULT([yes, to user "$withval"]) + ] +) -AC_ARG_WITH(chroot, [ --with-chroot=DIRECTORY when dropping privileges, chroot to DIRECTORY]) AC_MSG_CHECKING([whether to chroot]) -if test ! -z "$with_chroot" && test "$with_chroot" != "no" ; then - AC_DEFINE_UNQUOTED(WITH_CHROOT, "$withval", - [define if should chroot when dropping privileges]) - AC_MSG_RESULT(to \"$withval\") -else - AC_MSG_RESULT(no) -fi +AC_ARG_WITH( + [chroot], + [AS_HELP_STRING([--with-chroot=DIRECTORY], + [when dropping privileges, chroot to DIRECTORY] + )], + [], + [withval=no] +) +AS_CASE(["$withval"], + [no], [AC_MSG_RESULT(no)], + [''|yes], [AC_MSG_ERROR([--with-chroot requires a directory])], + [ + AC_DEFINE_UNQUOTED(WITH_CHROOT, "$withval", + [define if should chroot when dropping privileges]) + AC_MSG_RESULT([yes, to directory "$withval"]) + ] +) AC_ARG_WITH(sandbox-capsicum, AS_HELP_STRING([--with-sandbox-capsicum], @@ -384,29 +446,64 @@ AC_CHECK_FUNCS(fork vfork) AC_CHECK_FUNCS(setlinebuf) # -# Make sure we have vsnprintf() and snprintf(); we require them. +# Make sure we have snprintf(); we require it. # -AC_CHECK_FUNC(vsnprintf,, - AC_MSG_ERROR([vsnprintf() is required but wasn't found])) AC_CHECK_FUNC(snprintf,, AC_MSG_ERROR([snprintf() is required but wasn't found])) # -# Define HAVE_NO_PRINTF_Z to make it possible to disable test cases that -# depend on %zu. +# It became apparent at some point that using a suitable C99 compiler does not +# automatically mean snprintf(3) implementation in the libc supports all the +# modifiers and specifiers used in the project, so let's test that before the +# build, not after. +# +# Testing the sizeof_t length modifier takes making an snprintf() call and +# comparing the actual result with the expected result. If this fails, it will +# most likely happen at run time, not compile time. # -AC_MSG_CHECKING([whether printf(3) supports the z length modifier]) +# Testing the 64-bit conversion specifiers in addition to that requires the +# <inttypes.h> header to be present and the macros to be defined, so if this +# fails, it will more likely happen at compile time. +# +AC_MSG_CHECKING([whether snprintf is suitable]) AC_RUN_IFELSE( [ AC_LANG_SOURCE([[ #include <stdio.h> #include <string.h> +#include <inttypes.h> +#include <sys/types.h> int main() { char buf[100]; + uint64_t t = (uint64_t)1 << 32; + snprintf(buf, sizeof(buf), "%zu", sizeof(buf)); - return strncmp(buf, "100", sizeof(buf)) ? 1 : 0; + if (strncmp(buf, "100", sizeof(buf))) + return 1; + + snprintf(buf, sizeof(buf), "%zd", -sizeof(buf)); + if (strncmp(buf, "-100", sizeof(buf))) + return 2; + + snprintf(buf, sizeof(buf), "%" PRId64, -t); + if (strncmp(buf, "-4294967296", sizeof(buf))) + return 3; + + snprintf(buf, sizeof(buf), "0o%" PRIo64, t); + if (strncmp(buf, "0o40000000000", sizeof(buf))) + return 4; + + snprintf(buf, sizeof(buf), "0x%" PRIx64, t); + if (strncmp(buf, "0x100000000", sizeof(buf))) + return 5; + + snprintf(buf, sizeof(buf), "%" PRIu64, t); + if (strncmp(buf, "4294967296", sizeof(buf))) + return 6; + + return 0; } ]]) ], @@ -415,8 +512,9 @@ int main() ], [ AC_MSG_RESULT(no) - AC_DEFINE(HAVE_NO_PRINTF_Z, 1, - [Define to 1 if printf(3) does not support the z length modifier.]) + AC_MSG_ERROR( +[The snprintf(3) implementation in this libc is not suitable, +tcpdump would not work correctly even if it managed to compile.]) ], [ AC_MSG_RESULT(not while cross-compiling) @@ -448,7 +546,7 @@ AC_LBL_LIBPCAP(V_PCAPDEP, V_INCLS) # AC_CHECK_FUNCS(ether_ntohost, [ AC_CACHE_CHECK(for buggy ether_ntohost, ac_cv_buggy_ether_ntohost, [ - AC_TRY_RUN([ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <netdb.h> #include <netinet/ether.h> #include <stdlib.h> @@ -465,6 +563,7 @@ AC_CHECK_FUNCS(ether_ntohost, [ ether_ntohost(name, (struct ether_addr *)ea); exit(0); } + ]]) ], [ac_cv_buggy_ether_ntohost=no], [ac_cv_buggy_ether_ntohost=yes], [ac_cv_buggy_ether_ntohost="not while cross-compiling"])]) @@ -506,7 +605,7 @@ if test "$ac_cv_func_ether_ntohost" = yes -a \ unset ac_cv_have_decl_ether_ntohost AC_CHECK_DECL(ether_ntohost, [ - AC_DEFINE(NETINET_ETHER_H_DECLARES_ETHER_NTOHOST,, + AC_DEFINE(NETINET_ETHER_H_DECLARES_ETHER_NTOHOST,1, [Define to 1 if netinet/ether.h declares `ether_ntohost']) ],, [ @@ -701,27 +800,17 @@ fi # if we have them. # AC_CHECK_FUNCS(pcap_findalldevs) -if test $ac_cv_func_pcap_findalldevs = "yes" ; then -dnl Check for libpcap having pcap_findalldevs() but the pcap.h header -dnl not having pcap_if_t; some versions of Mac OS X shipped with pcap.h -dnl from 0.6 and libpcap 0.8, so that libpcap had pcap_findalldevs but -dnl pcap.h didn't have pcap_if_t. - savedcppflags="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $V_INCLS" - AC_CHECK_TYPES(pcap_if_t, , , [#include <pcap.h>]) - CPPFLAGS="$savedcppflags" -fi AC_CHECK_FUNCS(pcap_dump_flush pcap_lib_version) if test $ac_cv_func_pcap_lib_version = "no" ; then AC_MSG_CHECKING(whether pcap_version is defined by libpcap) - AC_TRY_LINK([], - [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ extern char pcap_version[]; return (int)pcap_version; + ]]) ], - ac_lbl_cv_pcap_version_defined=yes, - ac_lbl_cv_pcap_version_defined=no) + [ac_lbl_cv_pcap_version_defined=yes], + [ac_lbl_cv_pcap_version_defined=no]) if test "$ac_lbl_cv_pcap_version_defined" = yes ; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_PCAP_VERSION, 1, [define if libpcap has pcap_version]) @@ -730,7 +819,14 @@ if test $ac_cv_func_pcap_lib_version = "no" ; then fi fi AC_CHECK_FUNCS(pcap_setdirection pcap_set_immediate_mode pcap_dump_ftell64) -AC_CHECK_FUNCS(pcap_open pcap_findalldevs_ex) +# +# See the comment in AC_LBL_LIBPCAP in aclocal.m4 for the reason +# why we don't check for remote-capture APIs if we're building +# with the system libpcap on macOS. +# +if test "$_dont_check_for_remote_apis" != "yes"; then + AC_CHECK_FUNCS(pcap_open pcap_findalldevs_ex) +fi AC_REPLACE_FUNCS(pcap_dump_ftell) # @@ -743,14 +839,14 @@ if test "$ac_cv_func_pcap_set_parser_debug" = "no" ; then # filter expression parser debug flag; can we directly set the # flag? AC_MSG_CHECKING(whether pcap_debug is defined by libpcap) - AC_TRY_LINK([], - [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ extern int pcap_debug; return pcap_debug; + ]]) ], - ac_lbl_cv_pcap_debug_defined=yes, - ac_lbl_cv_pcap_debug_defined=no) + [ac_lbl_cv_pcap_debug_defined=yes], + [ac_lbl_cv_pcap_debug_defined=no]) if test "$ac_lbl_cv_pcap_debug_defined" = yes ; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_PCAP_DEBUG, 1, [define if libpcap has pcap_debug]) @@ -760,14 +856,14 @@ if test "$ac_cv_func_pcap_set_parser_debug" = "no" ; then # OK, what about "yydebug"? # AC_MSG_CHECKING(whether yydebug is defined by libpcap) - AC_TRY_LINK([], - [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ extern int yydebug; return yydebug; + ]]) ], - ac_lbl_cv_yydebug_defined=yes, - ac_lbl_cv_yydebug_defined=no) + [ac_lbl_cv_yydebug_defined=yes], + [ac_lbl_cv_yydebug_defined=no]) if test "$ac_lbl_cv_yydebug_defined" = yes ; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_YYDEBUG, 1, [define if libpcap has yydebug]) @@ -779,10 +875,6 @@ fi AC_CHECK_FUNCS(pcap_set_optimizer_debug) AC_REPLACE_FUNCS(bpf_dump) dnl moved to libpcap in 0.6 -V_GROUP=0 -if test -f /etc/group -a ! -z "`grep '^wheel:' /etc/group`" ; then - V_GROUP=wheel -fi # # Assume V7/BSD convention for man pages (file formats in section 5, # miscellaneous info in section 7). @@ -825,8 +917,6 @@ osf*) ;; solaris*) - V_GROUP=sys - # # Use System V conventions for man pages. # @@ -835,23 +925,26 @@ solaris*) ;; esac -if test -f /dev/bpf0 ; then - V_GROUP=bpf -fi - # # Make sure we have a definition for C99's uintptr_t (regardless of # whether the environment is a C99 environment or not). # AC_TYPE_UINTPTR_T +savedcppflags="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $V_INCLS" + # # Check whether we have pcap/pcap-inttypes.h. # If we do, we use that to get the C99 types defined. # -savedcppflags="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS $V_INCLS" AC_CHECK_HEADERS(pcap/pcap-inttypes.h) + +# +# At compile time HAVE_PCAP_FINDALLDEVS depends on HAVE_PCAP_IF_T. +# +AC_CHECK_TYPES(pcap_if_t, , , [#include <pcap.h>]) + CPPFLAGS="$savedcppflags" # @@ -913,13 +1006,6 @@ AC_ARG_WITH(crypto, want_libcrypto=yes libcrypto_root=$withval AC_MSG_RESULT([yes, using the version installed in $withval]) - - # - # Put the subdirectories of the libcrypto root directory - # at the front of the header and library search path. - # - CFLAGS="-I$withval/include $CFLAGS" - LIBS="-L$withval/lib $LIBS" fi ],[ # @@ -931,42 +1017,216 @@ AC_ARG_WITH(crypto, ]) if test "$want_libcrypto" != "no"; then # - # Don't check for libcrypto unless we have its headers; - # Apple, bless their pointy little heads, apparently ship - # libcrypto as a library, but not the header files, in - # El Capitan, probably because they don't want you writing - # nasty portable code that could run on other UN*Xes, they - # want you writing code that uses their Shiny New Crypto - # Library and that only runs on macOS. + # Were we told where to look for libcrypto? # - AC_CHECK_HEADER(openssl/crypto.h, - [ - AC_CHECK_LIB(crypto, DES_cbc_encrypt) - if test "$ac_cv_lib_crypto_DES_cbc_encrypt" = "yes"; then - AC_CHECK_HEADERS(openssl/evp.h) + if test -z "$libcrypto_root"; then + # + # No. + # + # First, try looking for it with pkg-config, if we have it. + # + # Homebrew's pkg-config does not, by default, look for + # pkg-config files for packages it has installed. + # Furthermore, at least for OpenSSL, they appear to be + # dumped in package-specific directories whose paths are + # not only package-specific but package-version-specific. + # + # So the only way to find openssl is to get the value of + # PKG_CONFIG_PATH from "brew --env openssl" and add that + # to PKG_CONFIG_PATH. (No, we can't just assume it's under + # /usr/local; Homebrew have conveniently chosen to put it + # under /opt/homebrew on ARM.) + # + # That's the nice thing about Homebrew - it makes things easier! + # Thanks! + # + save_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" + if test -n "$BREW"; then + openssl_pkgconfig_dir=`$BREW --env --plain openssl | sed -n 's/PKG_CONFIG_PATH: //p'` + PKG_CONFIG_PATH="$openssl_pkgconfig_dir:$PKG_CONFIG_PATH" + fi + PKG_CHECK_MODULE(LIBCRYPTO, libcrypto, + [ # - # OK, then: + # We found OpenSSL/libressl libcrypto. + # + HAVE_LIBCRYPTO=yes + ]) + PKG_CONFIG_PATH="$save_PKG_CONFIG_PATH" + + # + # If it wasn't found, and we have Homebrew installed, see + # if it's in Homebrew. + # + if test "x$HAVE_LIBCRYPTO" != "xyes" -a -n "$BREW"; then + AC_MSG_CHECKING(for openssl in Homebrew) # - # 1) do we have EVP_CIPHER_CTX_new? - # If so, we use it to allocate an - # EVP_CIPHER_CTX, as EVP_CIPHER_CTX may be - # opaque; otherwise, we allocate it ourselves. + # The brew man page lies when it speaks of + # $BREW --prefix --installed <formula> + # outputting nothing. In Homebrew 3.3.16, + # it produces output regardless of whether + # the formula is installed or not, so we + # send the standard output and error to + # the bit bucket. # - # 2) do we have EVP_DecryptInit_ex()? - # If so, we use it, because we need to be - # able to make two "initialize the cipher" - # calls, one with the cipher and key, and - # one with the IV, and, as of OpenSSL 1.1, - # You Can't Do That with EVP_DecryptInit(), - # because a call to EVP_DecryptInit() will - # unconditionally clear the context, and - # if you don't supply a cipher, it'll - # clear the cipher, rendering the context - # unusable and causing a crash. + # libcrypto isn't a formula, openssl is a formula. # - AC_CHECK_FUNCS(EVP_CIPHER_CTX_new EVP_DecryptInit_ex) + if $BREW --prefix --installed openssl >/dev/null 2>&1; then + # + # Yes. Get the include directory and library + # directory. (No, we can't just assume it's + # under /usr/local; Homebrew have conveniently + # chosen to put it under /opt/homebrew on ARM.) + # + AC_MSG_RESULT(yes) + HAVE_LIBCRYPTO=yes + openssl_path=`$BREW --prefix openssl` + LIBCRYPTO_CFLAGS="-I$openssl_path/include" + LIBCRYPTO_LIBS="-L$openssl_path/lib -lcrypto" + else + AC_MSG_RESULT(no) + fi fi - ]) + + # + # If it wasn't found, and /usr/local/include and /usr/local/lib + # exist, check if it's in /usr/local. (We check whether they + # exist because, if they don't exist, the compiler will warn + # about that and then ignore the argument, so they test + # using just the system header files and libraries.) + # + # We include the standard include file to 1) make sure that + # it's installed (if it's just a shared library for the + # benefit of existing programs, that's not useful) and 2) + # because SSL_library_init() is a library routine in some + # versions and a #defined wrapper around OPENSSL_init_ssl() + # in others. + # + if test "x$HAVE_LIBCRYPTO" != "xyes" -a -d "/usr/local/include" -a -d "/usr/local/lib"; then + AC_LBL_SAVE_CHECK_STATE + CFLAGS="$CFLAGS -I/usr/local/include" + LIBS="$LIBS -L/usr/local/lib -lcrypto" + AC_MSG_CHECKING(whether we have an OpenSSL/libressl libcrypto in /usr/local that we can use) + AC_LINK_IFELSE([AC_LANG_PROGRAM( + [[ +#include <openssl/evp.h> + ]], + [[ +EVP_CIPHER_CTX_block_size((EVP_CIPHER_CTX *)0); +return 0; + ]])], + [ + AC_MSG_RESULT(yes) + HAVE_LIBCRYPTO=yes + LIBCRYPTO_CFLAGS="-I/usr/local/include" + LIBCRYPTO_LIBS="-L/usr/local/lib -lcrypto" + ], + AC_MSG_RESULT(no)) + AC_LBL_RESTORE_CHECK_STATE + fi + + # + # If it wasn't found, check if it's a system library. + # + # We include the standard include file to 1) make sure that + # it's installed (if it's just a shared library for the + # benefit of existing programs, that's not useful) and 2) + # make sure this isn't a newer macOS that provides libcrypto + # as a shared library but doesn't provide headers - Apple, + # bless their pointy little heads, apparently ship libcrypto + # as a library, but not the header files, in El Capitan and + # later, probably because they don't want you writing nasty + # portable code that could run on other UN*Xes, they want you + # writing code that uses their Shiny New Crypto Library and + # that thus only runs on macOS. + # + if test "x$HAVE_LIBCRYPTO" != "xyes"; then + AC_LBL_SAVE_CHECK_STATE + LIBS="$LIBS -lcrypto" + AC_MSG_CHECKING(whether we have a system OpenSSL/libressl that we can use) + AC_LINK_IFELSE([AC_LANG_PROGRAM( + [[ +#include <openssl/evp.h> + ]], + [[ +EVP_CIPHER_CTX_block_size((EVP_CIPHER_CTX *)0); +return 0; + ]])], + [ + AC_MSG_RESULT(yes) + HAVE_LIBCRYPTO=yes + LIBCRYPTO_LIBS="-lcrypto" + ], + AC_MSG_RESULT(no)) + AC_LBL_RESTORE_CHECK_STATE + fi + else + # + # Yes. + # + # Look for it there. + # + AC_LBL_SAVE_CHECK_STATE + CFLAGS="$CFLAGS -I$libcrypto_root/include" + LIBS="$LIBS -L$libcrypto_root/lib -lcrypto" + AC_MSG_CHECKING(whether we have a system OpenSSL/libressl that we can use) + AC_LINK_IFELSE([AC_LANG_PROGRAM( + [[ +#include <openssl/evp.h> + ]], + [[ +EVP_CIPHER_CTX_block_size((EVP_CIPHER_CTX *)0); +return 0; + ]])], + [ + AC_MSG_RESULT(yes) + HAVE_LIBCRYPTO=yes + LIBCRYPTO_CFLAGS="-I$libcrypto_root/include" + LIBCRYPTO_LIBS="-L$libcrypto_root/lib -lcrypto" + ], + AC_MSG_RESULT(no)) + AC_LBL_RESTORE_CHECK_STATE + fi + + # + # OK, did we find it? + # + if test "x$HAVE_LIBCRYPTO" = "xyes"; then + AC_DEFINE([HAVE_LIBCRYPTO], [1], [Define to 1 if you have a usable `crypto' library (-lcrypto).]) + + # + # Put the subdirectories of the libcrypto root directory + # at the end of the header and library search path, to + # make sure they come after any -I or -L flags for + # a local libpcap - those must take precedence of any + # directory that might contain an installed version of + # libpcap. + # + V_INCLS="$V_INCLS $LIBCRYPTO_CFLAGS" + LIBS="$LIBS $LIBCRYPTO_LIBS" + + # + # OK, then: + # + # 1) do we have EVP_CIPHER_CTX_new? + # If so, we use it to allocate an EVP_CIPHER_CTX, as + # EVP_CIPHER_CTX may be opaque; otherwise, we allocate it + # ourselves. + # + # 2) do we have EVP_DecryptInit_ex()? + # If so, we use it, because we need to be able to make + # two "initialize the cipher" calls, one with the cipher + # and key, and one with the IV, and, as of OpenSSL 1.1, + # You Can't Do That with EVP_DecryptInit(), because a + # call to EVP_DecryptInit() will unconditionally clear + # the context, and if you don't supply a cipher, it'll + # clear the cipher, rendering the context unusable and + # causing a crash. + # + AC_CHECK_FUNCS(EVP_CIPHER_CTX_new EVP_DecryptInit_ex) + else + AC_MSG_NOTICE(OpenSSL/libressl libcrypto not found) + fi fi # Check for libcap-ng @@ -1007,7 +1267,6 @@ fi AC_SUBST(V_CCOPT) AC_SUBST(V_DEFS) -AC_SUBST(V_GROUP) AC_SUBST(V_INCLS) AC_SUBST(V_PCAPDEP) AC_SUBST(LOCALSRC) @@ -1018,10 +1277,11 @@ AC_PROG_INSTALL AC_CONFIG_HEADER(config.h) -AC_OUTPUT_COMMANDS([if test -f .devel; then +AC_CONFIG_COMMANDS([.devel],[[if test -f .devel; then echo timestamp > stamp-h cat $srcdir/Makefile-devel-adds >> Makefile make depend || exit 1 -fi]) -AC_OUTPUT(Makefile tcpdump.1) +fi]],[[]]) +AC_CONFIG_FILES([Makefile tcpdump.1]) +AC_OUTPUT exit 0 |