C99 compatiblity fixes

Apply upstream patches from the portable OpenSSH project to fix C99 compatibility issues in the configure script. For the PAM agent integration, apply a custom downstream fix, as the proposed upstream changes have not been merged yet. Related to: <https://fedoraproject.org/wiki/Changes/PortingToModernC> <https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
2023-04-12 12:07:21 +02:00 · 2023-04-12 12:07:21 +02:00 · d5591fb5ab
commit d5591fb5ab
parent e3597c03f1
5 changed files with 378 additions and 2 deletions
--- a/openssh-configure-c99-1.patch
+++ b/openssh-configure-c99-1.patch
@ -0,0 +1,26 @@
 commit 40b0a5eb6e3edfa2886b60c09c7803353b0cc7f5
 Author: Sam James <sam@gentoo.org>
 Date:   Sun Nov 6 04:47:35 2022 +0000
    configure.ac: Add <pty.h> include for openpty
    Another Clang 16ish fix (which makes -Wimplicit-function-declaration
    an error by default).  github PR#355.
    See: 2efd71da49b9cfeab7987058cf5919e473ff466b
    See: be197635329feb839865fdc738e34e24afd1fca8
 diff --git a/configure.ac b/configure.ac
 index 1e77ecfc..1866aea5 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -2373,6 +2373,9 @@ if test ! -z "$check_for_openpty_ctty_bug"; then
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 +#ifdef HAVE_PTY_H
 +# include <pty.h>
 +#endif
 #include <sys/fcntl.h>
 #include <sys/types.h>
 #include <sys/wait.h>
--- a/openssh-configure-c99-2.patch
+++ b/openssh-configure-c99-2.patch
@ -0,0 +1,47 @@
 commit 32fddb982fd61b11a2f218a115975a87ab126d43
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Mon Nov 7 10:39:01 2022 +1100
    Fix setres*id checks to work with clang-16.
    glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
    and clang 16 will error out on implicit function definitions, so add
    _GNU_SOURCE and the required headers to the configure checks.  From
    sam at @gentoo.org via bz#3497.
 diff --git a/configure.ac b/configure.ac
 index 4bf758ac..e172540a 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -863,7 +863,8 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 	check_for_openpty_ctty_bug=1
 	dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
 	dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
 -	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
 +	dnl _GNU_SOURCE is needed for setres*id prototypes.
 +	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
 	AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
 	AC_DEFINE([PAM_TTY_KLUDGE], [1],
 		[Work around problematic Linux PAM modules handling of PAM_TTY])
@@ -2168,8 +2169,9 @@ AC_CHECK_FUNCS([setresuid], [
 	AC_MSG_CHECKING([if setresuid seems to work])
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
 -#include <stdlib.h>
 #include <errno.h>
 +#include <stdlib.h>
 +#include <unistd.h>
 		]], [[
 	errno=0;
 	setresuid(0,0,0);
@@ -2191,8 +2193,9 @@ AC_CHECK_FUNCS([setresgid], [
 	AC_MSG_CHECKING([if setresgid seems to work])
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
 -#include <stdlib.h>
 #include <errno.h>
 +#include <stdlib.h>
 +#include <unistd.h>
 		]], [[
 	errno=0;
 	setresgid(0,0,0);
--- a/openssh-configure-c99-3.patch
+++ b/openssh-configure-c99-3.patch
@ -0,0 +1,41 @@
 commit 5eb796a369c64f18d55a6ae9b1fa9b35eea237fb
 Author: Harmen Stoppels <harmenstoppels@gmail.com>
 Date:   Thu Oct 13 16:08:46 2022 +0200
    Fix snprintf configure test for clang 15
    Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
    A handful of tests have "main(..." and not "int main(..." which caused
    the tests to produce incorrect results.
 diff --git a/configure.ac b/configure.ac
 index de60a1b1..165c49de 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -713,7 +713,7 @@ case "$host" in
 	AC_RUN_IFELSE([AC_LANG_SOURCE([[
 #include <mach-o/dyld.h>
 #include <stdlib.h>
 -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 +int main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 		exit(0);
 	else
 		exit(1);
@@ -4259,7 +4259,7 @@ dnl test snprintf (broken on SCO w/gcc)
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_SNPRINTF
 -main()
 +int main()
 {
 	char buf[50];
 	char expected_out[50];
@@ -4276,7 +4276,7 @@ main()
 	exit(0);
 }
 #else
 -main() { exit(0); }
 +int main() { exit(0); }
 #endif
 		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
 		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
--- a/openssh.spec
+++ b/openssh.spec
@ -54,7 +54,7 @@
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}.1
+Release: %{openssh_rel}%{?dist}.2
 URL: http://www.openssh.com/portable.html
 #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@ -106,6 +106,7 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
 Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2070113
 Patch308: pam_ssh_agent_auth-0.10.4-rsasha2.patch
 Patch309: pam_ssh_agent-configure-c99.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
 Patch400: openssh-7.8p1-role-mls.patch
@ -236,6 +237,10 @@ Patch1004: openssh-8.7p1-gssapi-auth.patch
 # https://github.com/openssh/openssh-portable/pull/323
 Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
 Patch1007: openssh-configure-c99-1.patch
 Patch1008: openssh-configure-c99-2.patch
 Patch1009: openssh-configure-c99-3.patch
 # downstream only
 # we skip some ssh-rsa/ssh-dss tests to make native test suite pass
 #Patch1100: openssh-8.8p1-skip-some-tests.patch
@ -314,7 +319,7 @@ Requires: openssh = %{version}-%{release}
 %package -n pam_ssh_agent_auth
 Summary: PAM module for authentication with ssh-agent
 Version: %{pam_ssh_agent_ver}
-Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.1
+Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.2
 License: BSD
 %description
@ -375,6 +380,7 @@ pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 %patch305 -p2 -b .psaa-agent
 %patch307 -p2 -b .psaa-deref
 %patch308 -p2 -b .rsasha2
 %patch309 -p1 -b .psaa-configure-c99
 # Remove duplicate headers and library files
 rm -f $(cat %{SOURCE5})
 popd
@ -441,6 +447,10 @@ popd
 %patch1006 -p1 -b .negotiate-supported-algs
 %patch1007 -p1 -b .configure-c99-1
 %patch1008 -p1 -b .configure-c99-2
 %patch1009 -p1 -b .configure-c99-3
 #%patch1100 -p1 -b .skipsshrsadsstests
 %patch100 -p1 -b .coverity
@ -749,6 +759,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 %changelog
 * Wed Apr 12 2023 Florian Weimer <fweimer@redhat.com> - 9.0p1-14.2
 - C99 compatiblity fixes
 * Tue Mar 14 2023 Timothée Ravier <tim@siosm.fr> - 9.0p1-14
 - Make sshd & sshd@ units want ssh-host-keys-migration.service
--- a/pam_ssh_agent-configure-c99.patch
+++ b/pam_ssh_agent-configure-c99.patch
@ -0,0 +1,249 @@
 configure.ac: Improve C99 compatibility
 Future compilers will not support implicit declarations and implicit
 ints by default.  This means that configure probes which rely on them
 will fail unconditionally, without actually testing anything.
 The changes mostly mirror what has been implemented in the openssh
 repository, but had to be adapted somewhat because of drift between
 the two versions of configure.ac.
 Sam James has submitted similar fixes upstream:
  <https://github.com/jbeverly/pam_ssh_agent_auth/pull/41>
 diff --git a/configure.ac b/configure.ac
 index 6496679..d927b62 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -500,10 +500,10 @@ int main(void) { exit(0); }
 	AC_DEFINE(HAVE_BUNDLE, 1, [Define if your system uses bundles instead of ELF shared objects])
 	AC_MSG_CHECKING(if we have working getaddrinfo)
 	AC_TRY_RUN([#include <mach-o/dyld.h>
 -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 -		exit(0);
 +int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 +		return 0;
 	else
 -		exit(1);
 +		return 1;
 }], [AC_MSG_RESULT(working)],
 	[AC_MSG_RESULT(buggy)
 	AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
@@ -917,8 +917,8 @@ AC_SUBST(LDFLAGS_SHARED)
 AC_MSG_CHECKING(compiler and flags for sanity)
 AC_RUN_IFELSE(
 	[AC_LANG_SOURCE([
 -#include <stdio.h>
 -int main(){exit(0);}
 +#include <stdlib.h>
 +int main(void){exit(0);}
 	])],
 	[	AC_MSG_RESULT(yes) ],
 	[
@@ -951,9 +951,9 @@ int main(int argc, char **argv) {
     strncpy(buf,"/etc", 32);
     s = dirname(buf);
     if (!s || strncmp(s, "/", 32) != 0) {
 -	exit(1);
 +	return 1;
     } else {
 -	exit(0);
 +	return 0;
     }
 }
 				]])],
@@ -1102,7 +1102,7 @@ AC_RUN_IFELSE(
 	[AC_LANG_SOURCE([[
 #include <sys/types.h>
 #include <dirent.h>
 -int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
 +int main(void){struct dirent d;return sizeof(d.d_name)<=sizeof(char);}
 	]])],
 	[AC_MSG_RESULT(yes)],
 	[
@@ -1327,8 +1327,10 @@ AC_CHECK_FUNCS(setresuid, [
 	AC_MSG_CHECKING(if setresuid seems to work)
 	AC_RUN_IFELSE(
 		[AC_LANG_SOURCE([[
 +#define _GNU_SOURCE
 #include <stdlib.h>
 #include <errno.h>
 +#include <unistd.h>
 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
 		]])],
 		[AC_MSG_RESULT(yes)],
@@ -1344,8 +1346,10 @@ AC_CHECK_FUNCS(setresgid, [
 	AC_MSG_CHECKING(if setresgid seems to work)
 	AC_RUN_IFELSE(
 		[AC_LANG_SOURCE([[
 +#define _GNU_SOURCE
 #include <stdlib.h>
 #include <errno.h>
 +#include <unistd.h>
 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
 		]])],
 		[AC_MSG_RESULT(yes)],
@@ -1384,7 +1388,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
 	AC_RUN_IFELSE(
 		[AC_LANG_SOURCE([[
 #include <stdio.h>
 -int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
 +int main(void){char b[5];snprintf(b,5,"123456789");return b[4]!='\0';}
 		]])],
 		[AC_MSG_RESULT(yes)],
 		[
@@ -1418,7 +1422,7 @@ int x_snprintf(char *str,size_t count,const char *fmt,...)
 int main(void)
 {
 	char x[1];
 -	exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
 +	return x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1;
 } ]])],
 		[AC_MSG_RESULT(yes)],
 		[
@@ -1467,7 +1471,8 @@ AC_MSG_CHECKING([for (overly) strict mkstemp])
 AC_RUN_IFELSE(
 	[AC_LANG_SOURCE([[
 #include <stdlib.h>
 -main() { char template[]="conftest.mkstemp-test";
 +#include <unistd.h>
 +int main(void) { char template[]="conftest.mkstemp-test";
 if (mkstemp(template) == -1)
 	exit(1);
 unlink(template); exit(0);
@@ -1492,10 +1497,14 @@ if test ! -z "$check_for_openpty_ctty_bug"; then
 	AC_MSG_CHECKING(if openpty correctly handles controlling tty)
 	AC_RUN_IFELSE(
 		[AC_LANG_SOURCE([[
 +#include <stdlib.h>
 #include <stdio.h>
 #include <sys/fcntl.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 +#ifdef HAVE_PTY_H
 +#include <pty.h>
 +#endif
 int
 main()
@@ -1543,6 +1552,7 @@ if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
 	AC_RUN_IFELSE(
 		[AC_LANG_SOURCE([[
 #include <stdio.h>
 +#include <stdlib.h>
 #include <sys/socket.h>
 #include <netdb.h>
 #include <errno.h>
@@ -1748,6 +1758,7 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
 AC_MSG_CHECKING([OpenSSL header version])
 AC_RUN_IFELSE(
 	[AC_LANG_SOURCE([[
 +#include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
 #include <openssl/opensslv.h>
@@ -1794,12 +1805,12 @@ int main(void) {
 	fd = fopen(DATA,"w");
 	if(fd == NULL)
 -		exit(1);
 +		return 1;
 	if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
 -		exit(1);
 +		return 1;
 -	exit(0);
 +	return 0;
 }
 	]])],
 	[
@@ -1829,7 +1840,7 @@ AC_RUN_IFELSE(
 	[AC_LANG_SOURCE([[
 #include <string.h>
 #include <openssl/opensslv.h>
 -int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
 +int main(void) { return SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1; }
 	]])],
 	[
 		AC_MSG_RESULT(yes)
@@ -2598,7 +2609,7 @@ dnl test snprintf (broken on SCO w/gcc)
 #include <stdio.h>
 #include <string.h>
 #ifdef HAVE_SNPRINTF
 -main()
 +int main(void)
 {
 	char buf[50];
 	char expected_out[50];
@@ -2611,11 +2622,11 @@ main()
 	strcpy(expected_out, "9223372036854775807");
 	snprintf(buf, mazsize, "%lld", num);
 	if(strcmp(buf, expected_out) != 0)
 -		exit(1);
 -	exit(0);
 +		return 1;
 +	return 0;
 }
 #else
 -main() { exit(0); }
 +int main(void) { return 0; }
 #endif
 		]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
 		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
@@ -2746,11 +2757,11 @@ AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
 int main() {
 #ifdef msg_accrights
 #error "msg_accrights is a macro"
 -exit(1);
 +return 1;
 #endif
 struct msghdr m;
 m.msg_accrights = 0;
 -exit(0);
 +return 0;
 }
 		])],
 		[ ac_cv_have_accrights_in_msghdr="yes" ],
@@ -2773,11 +2784,11 @@ AC_CACHE_CHECK([for msg_control field in struct msghdr],
 int main() {
 #ifdef msg_control
 #error "msg_control is a macro"
 -exit(1);
 +return 1;
 #endif
 struct msghdr m;
 m.msg_control = 0;
 -exit(0);
 +return 0;
 }
 		])],
 		[ ac_cv_have_control_in_msghdr="yes" ],
@@ -2791,7 +2802,7 @@ if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
 fi
 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
 -	AC_TRY_LINK([],
 +	AC_TRY_LINK([#include <stdio.h>],
 		[ extern char *__progname; printf("%s", __progname); ],
 		[ ac_cv_libc_defines___progname="yes" ],
 		[ ac_cv_libc_defines___progname="no" ]
@@ -2871,7 +2882,7 @@ if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
 fi
 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
 -	AC_TRY_LINK([],
 +	AC_TRY_LINK([#include <stdio.h>],
 		[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
 		[ ac_cv_libc_defines_sys_errlist="yes" ],
 		[ ac_cv_libc_defines_sys_errlist="no" ]
@@ -2884,7 +2895,7 @@ fi
 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
 -	AC_TRY_LINK([],
 +	AC_TRY_LINK([#include <stdio.h>],
 		[ extern int sys_nerr; printf("%i", sys_nerr);],
 		[ ac_cv_libc_defines_sys_nerr="yes" ],
 		[ ac_cv_libc_defines_sys_nerr="no" ]