diff options
| author | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
| commit | c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch) | |
| tree | b72c0867348e7e7914d64af6fc5e25c728922e03 /config.h.in | |
| parent | 6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff) | |
| parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) | |
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
Diffstat (limited to 'config.h.in')
| -rw-r--r-- | config.h.in | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/config.h.in b/config.h.in index a913487e1..9577c0e5f 100644 --- a/config.h.in +++ b/config.h.in | |||
| @@ -155,6 +155,9 @@ | |||
| 155 | /* OpenBSD's gcc has bounded */ | 155 | /* OpenBSD's gcc has bounded */ |
| 156 | #undef HAVE_ATTRIBUTE__BOUNDED__ | 156 | #undef HAVE_ATTRIBUTE__BOUNDED__ |
| 157 | 157 | ||
| 158 | /* Have attribute nonnull */ | ||
| 159 | #undef HAVE_ATTRIBUTE__NONNULL__ | ||
| 160 | |||
| 158 | /* OpenBSD's gcc has sentinel */ | 161 | /* OpenBSD's gcc has sentinel */ |
| 159 | #undef HAVE_ATTRIBUTE__SENTINEL__ | 162 | #undef HAVE_ATTRIBUTE__SENTINEL__ |
| 160 | 163 | ||
| @@ -230,6 +233,14 @@ | |||
| 230 | don't. */ | 233 | don't. */ |
| 231 | #undef HAVE_DECL_LOGINSUCCESS | 234 | #undef HAVE_DECL_LOGINSUCCESS |
| 232 | 235 | ||
| 236 | /* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you | ||
| 237 | don't. */ | ||
| 238 | #undef HAVE_DECL_MAXSYMLINKS | ||
| 239 | |||
| 240 | /* Define to 1 if you have the declaration of `offsetof', and to 0 if you | ||
| 241 | don't. */ | ||
| 242 | #undef HAVE_DECL_OFFSETOF | ||
| 243 | |||
| 233 | /* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you | 244 | /* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you |
| 234 | don't. */ | 245 | don't. */ |
| 235 | #undef HAVE_DECL_O_NONBLOCK | 246 | #undef HAVE_DECL_O_NONBLOCK |
| @@ -354,6 +365,9 @@ | |||
| 354 | /* Define to 1 if you have the `getpeereid' function. */ | 365 | /* Define to 1 if you have the `getpeereid' function. */ |
| 355 | #undef HAVE_GETPEEREID | 366 | #undef HAVE_GETPEEREID |
| 356 | 367 | ||
| 368 | /* Define to 1 if you have the `getpeerucred' function. */ | ||
| 369 | #undef HAVE_GETPEERUCRED | ||
| 370 | |||
| 357 | /* Define to 1 if you have the `getpwanam' function. */ | 371 | /* Define to 1 if you have the `getpwanam' function. */ |
| 358 | #undef HAVE_GETPWANAM | 372 | #undef HAVE_GETPWANAM |
| 359 | 373 | ||
| @@ -480,9 +494,6 @@ | |||
| 480 | /* Define to 1 if you have the <libgen.h> header file. */ | 494 | /* Define to 1 if you have the <libgen.h> header file. */ |
| 481 | #undef HAVE_LIBGEN_H | 495 | #undef HAVE_LIBGEN_H |
| 482 | 496 | ||
| 483 | /* Define to 1 if you have the `iaf' library (-liaf). */ | ||
| 484 | #undef HAVE_LIBIAF | ||
| 485 | |||
| 486 | /* Define to 1 if you have the `nsl' library (-lnsl). */ | 497 | /* Define to 1 if you have the `nsl' library (-lnsl). */ |
| 487 | #undef HAVE_LIBNSL | 498 | #undef HAVE_LIBNSL |
| 488 | 499 | ||
| @@ -619,6 +630,12 @@ | |||
| 619 | /* define if you have pid_t data type */ | 630 | /* define if you have pid_t data type */ |
| 620 | #undef HAVE_PID_T | 631 | #undef HAVE_PID_T |
| 621 | 632 | ||
| 633 | /* Define to 1 if you have the `poll' function. */ | ||
| 634 | #undef HAVE_POLL | ||
| 635 | |||
| 636 | /* Define to 1 if you have the <poll.h> header file. */ | ||
| 637 | #undef HAVE_POLL_H | ||
| 638 | |||
| 622 | /* Define to 1 if you have the `prctl' function. */ | 639 | /* Define to 1 if you have the `prctl' function. */ |
| 623 | #undef HAVE_PRCTL | 640 | #undef HAVE_PRCTL |
| 624 | 641 | ||
| @@ -736,6 +753,9 @@ | |||
| 736 | /* Define to 1 if you have the `setvbuf' function. */ | 753 | /* Define to 1 if you have the `setvbuf' function. */ |
| 737 | #undef HAVE_SETVBUF | 754 | #undef HAVE_SETVBUF |
| 738 | 755 | ||
| 756 | /* Define to 1 if you have the `set_id' function. */ | ||
| 757 | #undef HAVE_SET_ID | ||
| 758 | |||
| 739 | /* Define to 1 if you have the `SHA256_Update' function. */ | 759 | /* Define to 1 if you have the `SHA256_Update' function. */ |
| 740 | #undef HAVE_SHA256_UPDATE | 760 | #undef HAVE_SHA256_UPDATE |
| 741 | 761 | ||
| @@ -844,6 +864,9 @@ | |||
| 844 | /* define if you have struct timeval */ | 864 | /* define if you have struct timeval */ |
| 845 | #undef HAVE_STRUCT_TIMEVAL | 865 | #undef HAVE_STRUCT_TIMEVAL |
| 846 | 866 | ||
| 867 | /* Define to 1 if you have the `swap32' function. */ | ||
| 868 | #undef HAVE_SWAP32 | ||
| 869 | |||
| 847 | /* Define to 1 if you have the `sysconf' function. */ | 870 | /* Define to 1 if you have the `sysconf' function. */ |
| 848 | #undef HAVE_SYSCONF | 871 | #undef HAVE_SYSCONF |
| 849 | 872 | ||
| @@ -958,6 +981,9 @@ | |||
| 958 | /* Define if you have ut_type in utmpx.h */ | 981 | /* Define if you have ut_type in utmpx.h */ |
| 959 | #undef HAVE_TYPE_IN_UTMPX | 982 | #undef HAVE_TYPE_IN_UTMPX |
| 960 | 983 | ||
| 984 | /* Define to 1 if you have the <ucred.h> header file. */ | ||
| 985 | #undef HAVE_UCRED_H | ||
| 986 | |||
| 961 | /* define if you have uintxx_t data type */ | 987 | /* define if you have uintxx_t data type */ |
| 962 | #undef HAVE_UINTXX_T | 988 | #undef HAVE_UINTXX_T |
| 963 | 989 | ||
| @@ -1039,6 +1065,9 @@ | |||
| 1039 | /* Define to 1 if you have the `_getshort' function. */ | 1065 | /* Define to 1 if you have the `_getshort' function. */ |
| 1040 | #undef HAVE__GETSHORT | 1066 | #undef HAVE__GETSHORT |
| 1041 | 1067 | ||
| 1068 | /* Define if you have struct __res_state _res as an extern */ | ||
| 1069 | #undef HAVE__RES_EXTERN | ||
| 1070 | |||
| 1042 | /* Define to 1 if you have the `__b64_ntop' function. */ | 1071 | /* Define to 1 if you have the `__b64_ntop' function. */ |
| 1043 | #undef HAVE___B64_NTOP | 1072 | #undef HAVE___B64_NTOP |
| 1044 | 1073 | ||