summaryrefslogtreecommitdiff
path: root/config.h.in
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2007-06-12 16:16:35 +0000
committerColin Watson <cjwatson@debian.org>2007-06-12 16:16:35 +0000
commitb7e40fa9da0b5491534a429dadb321eab5a77558 (patch)
treebed1da11e9f829925797aa093e379fc0b5868ecd /config.h.in
parent4f84beedf1005e44ff33c854abd6b711ffc0adb7 (diff)
parent086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff)
* New upstream release (closes: #395507, #397961, #420035). Important
changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi.
Diffstat (limited to 'config.h.in')
-rw-r--r--config.h.in62
1 files changed, 59 insertions, 3 deletions
diff --git a/config.h.in b/config.h.in
index b5cfdbb2c..a913487e1 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,5 +1,9 @@
1/* config.h.in. Generated from configure.ac by autoheader. */ 1/* config.h.in. Generated from configure.ac by autoheader. */
2 2
3/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
4 */
5#undef AIX_GETNAMEINFO_HACK
6
3/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ 7/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
4#undef AIX_LOGINFAILED_4ARG 8#undef AIX_LOGINFAILED_4ARG
5 9
@@ -190,6 +194,9 @@
190/* Define if your system uses ancillary data style file descriptor passing */ 194/* Define if your system uses ancillary data style file descriptor passing */
191#undef HAVE_CONTROL_IN_MSGHDR 195#undef HAVE_CONTROL_IN_MSGHDR
192 196
197/* Define to 1 if you have the <crypto/sha2.h> header file. */
198#undef HAVE_CRYPTO_SHA2_H
199
193/* Define to 1 if you have the <crypt.h> header file. */ 200/* Define to 1 if you have the <crypt.h> header file. */
194#undef HAVE_CRYPT_H 201#undef HAVE_CRYPT_H
195 202
@@ -203,6 +210,10 @@
203 don't. */ 210 don't. */
204#undef HAVE_DECL_AUTHENTICATE 211#undef HAVE_DECL_AUTHENTICATE
205 212
213/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
214 don't. */
215#undef HAVE_DECL_GLOB_NOMATCH
216
206/* Define to 1 if you have the declaration of `h_errno', and to 0 if you 217/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
207 don't. */ 218 don't. */
208#undef HAVE_DECL_H_ERRNO 219#undef HAVE_DECL_H_ERRNO
@@ -219,6 +230,10 @@
219 don't. */ 230 don't. */
220#undef HAVE_DECL_LOGINSUCCESS 231#undef HAVE_DECL_LOGINSUCCESS
221 232
233/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you
234 don't. */
235#undef HAVE_DECL_O_NONBLOCK
236
222/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you 237/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
223 don't. */ 238 don't. */
224#undef HAVE_DECL_PASSWDEXPIRED 239#undef HAVE_DECL_PASSWDEXPIRED
@@ -227,6 +242,14 @@
227 don't. */ 242 don't. */
228#undef HAVE_DECL_SETAUTHDB 243#undef HAVE_DECL_SETAUTHDB
229 244
245/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you
246 don't. */
247#undef HAVE_DECL_SHUT_RD
248
249/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
250 */
251#undef HAVE_DECL_WRITEV
252
230/* Define to 1 if you have the declaration of `_getlong', and to 0 if you 253/* Define to 1 if you have the declaration of `_getlong', and to 0 if you
231 don't. */ 254 don't. */
232#undef HAVE_DECL__GETLONG 255#undef HAVE_DECL__GETLONG
@@ -262,6 +285,9 @@
262/* Define if your system has /etc/default/login */ 285/* Define if your system has /etc/default/login */
263#undef HAVE_ETC_DEFAULT_LOGIN 286#undef HAVE_ETC_DEFAULT_LOGIN
264 287
288/* Define to 1 if you have the `EVP_sha256' function. */
289#undef HAVE_EVP_SHA256
290
265/* Define if you have ut_exit in utmp.h */ 291/* Define if you have ut_exit in utmp.h */
266#undef HAVE_EXIT_IN_UTMP 292#undef HAVE_EXIT_IN_UTMP
267 293
@@ -271,6 +297,12 @@
271/* Define to 1 if you have the `fchown' function. */ 297/* Define to 1 if you have the `fchown' function. */
272#undef HAVE_FCHOWN 298#undef HAVE_FCHOWN
273 299
300/* Use F_CLOSEM fcntl for closefrom */
301#undef HAVE_FCNTL_CLOSEM
302
303/* Define to 1 if you have the <fcntl.h> header file. */
304#undef HAVE_FCNTL_H
305
274/* Define to 1 if you have the <features.h> header file. */ 306/* Define to 1 if you have the <features.h> header file. */
275#undef HAVE_FEATURES_H 307#undef HAVE_FEATURES_H
276 308
@@ -334,6 +366,9 @@
334/* Define to 1 if you have the `getrusage' function. */ 366/* Define to 1 if you have the `getrusage' function. */
335#undef HAVE_GETRUSAGE 367#undef HAVE_GETRUSAGE
336 368
369/* Define to 1 if you have the `getseuserbyname' function. */
370#undef HAVE_GETSEUSERBYNAME
371
337/* Define to 1 if you have the `gettimeofday' function. */ 372/* Define to 1 if you have the `gettimeofday' function. */
338#undef HAVE_GETTIMEOFDAY 373#undef HAVE_GETTIMEOFDAY
339 374
@@ -358,6 +393,9 @@
358/* Define to 1 if you have the `getutxline' function. */ 393/* Define to 1 if you have the `getutxline' function. */
359#undef HAVE_GETUTXLINE 394#undef HAVE_GETUTXLINE
360 395
396/* Define to 1 if you have the `get_default_context_with_level' function. */
397#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
398
361/* Define to 1 if you have the `glob' function. */ 399/* Define to 1 if you have the `glob' function. */
362#undef HAVE_GLOB 400#undef HAVE_GLOB
363 401
@@ -532,6 +570,9 @@
532/* Define to 1 if you have the <netgroup.h> header file. */ 570/* Define to 1 if you have the <netgroup.h> header file. */
533#undef HAVE_NETGROUP_H 571#undef HAVE_NETGROUP_H
534 572
573/* Define to 1 if you have the <net/if_tun.h> header file. */
574#undef HAVE_NET_IF_TUN_H
575
535/* Define if you are on NeXT */ 576/* Define if you are on NeXT */
536#undef HAVE_NEXT 577#undef HAVE_NEXT
537 578
@@ -635,9 +676,6 @@
635/* Define to 1 if you have the <security/pam_appl.h> header file. */ 676/* Define to 1 if you have the <security/pam_appl.h> header file. */
636#undef HAVE_SECURITY_PAM_APPL_H 677#undef HAVE_SECURITY_PAM_APPL_H
637 678
638/* Define to 1 if you have the <selinux/selinux.h> header file. */
639#undef HAVE_SELINUX_SELINUX_H
640
641/* Define to 1 if you have the `sendmsg' function. */ 679/* Define to 1 if you have the `sendmsg' function. */
642#undef HAVE_SENDMSG 680#undef HAVE_SENDMSG
643 681
@@ -698,6 +736,12 @@
698/* Define to 1 if you have the `setvbuf' function. */ 736/* Define to 1 if you have the `setvbuf' function. */
699#undef HAVE_SETVBUF 737#undef HAVE_SETVBUF
700 738
739/* Define to 1 if you have the `SHA256_Update' function. */
740#undef HAVE_SHA256_UPDATE
741
742/* Define to 1 if you have the <sha2.h> header file. */
743#undef HAVE_SHA2_H
744
701/* Define to 1 if you have the <shadow.h> header file. */ 745/* Define to 1 if you have the <shadow.h> header file. */
702#undef HAVE_SHADOW_H 746#undef HAVE_SHADOW_H
703 747
@@ -1127,6 +1171,9 @@
1127/* Location of PRNGD/EGD random number socket */ 1171/* Location of PRNGD/EGD random number socket */
1128#undef PRNGD_SOCKET 1172#undef PRNGD_SOCKET
1129 1173
1174/* read(1) can return 0 for a non-closed fd */
1175#undef PTY_ZEROREAD
1176
1130/* Define if your platform breaks doing a seteuid before a setuid */ 1177/* Define if your platform breaks doing a seteuid before a setuid */
1131#undef SETEUID_BREAKS_SETUID 1178#undef SETEUID_BREAKS_SETUID
1132 1179
@@ -1197,6 +1244,9 @@
1197/* Define if you want a different $PATH for the superuser */ 1244/* Define if you want a different $PATH for the superuser */
1198#undef SUPERUSER_PATH 1245#undef SUPERUSER_PATH
1199 1246
1247/* syslog_r function is safe to use in in a signal handler */
1248#undef SYSLOG_R_SAFE_IN_SIGHAND
1249
1200/* Support passwords > 8 chars */ 1250/* Support passwords > 8 chars */
1201#undef UNIXWARE_LONG_PASSWORDS 1251#undef UNIXWARE_LONG_PASSWORDS
1202 1252
@@ -1221,6 +1271,9 @@
1221/* Define if you want smartcard support using OpenSC */ 1271/* Define if you want smartcard support using OpenSC */
1222#undef USE_OPENSC 1272#undef USE_OPENSC
1223 1273
1274/* Enable OpenSSL engine support */
1275#undef USE_OPENSSL_ENGINE
1276
1224/* Define if you want to enable PAM support */ 1277/* Define if you want to enable PAM support */
1225#undef USE_PAM 1278#undef USE_PAM
1226 1279
@@ -1233,6 +1286,9 @@
1233/* platform has the Security Authorization Session API */ 1286/* platform has the Security Authorization Session API */
1234#undef USE_SECURITY_SESSION_API 1287#undef USE_SECURITY_SESSION_API
1235 1288
1289/* Define if you have Solaris process contracts */
1290#undef USE_SOLARIS_PROCESS_CONTRACTS
1291
1236/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ 1292/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
1237#undef WITH_ABBREV_NO_TTY 1293#undef WITH_ABBREV_NO_TTY
1238 1294