* New upstream release (LP: #535029).

  - After a transition period of about 10 years, this release disables SSH
    protocol 1 by default.  Clients and servers that need to use the
    legacy protocol must explicitly enable it in ssh_config / sshd_config
    or on the command-line.
  - Remove the libsectok/OpenSC-based smartcard code and add support for
    PKCS#11 tokens.  This support is enabled by default in the Debian
    packaging, since it now doesn't involve additional library
    dependencies (closes: #231472, LP: #16918).
  - Add support for certificate authentication of users and hosts using a
    new, minimal OpenSSH certificate format (closes: #482806).
  - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
  - Add the ability to revoke keys in sshd(8) and ssh(1).  (For the Debian
    package, this overlaps with the key blacklisting facility added in
    openssh 1:4.7p1-9, but with different file formats and slightly
    different scopes; for the moment, I've roughly merged the two.)
  - Various multiplexing improvements, including support for requesting
    port-forwardings via the multiplex protocol (closes: #360151).
  - Allow setting an explicit umask on the sftp-server(8) commandline to
    override whatever default the user has (closes: #496843).
  - Many sftp client improvements, including tab-completion, more options,
    and recursive transfer support for get/put (LP: #33378).  The old
    mget/mput commands never worked properly and have been removed
    (closes: #270399, #428082).
  - Do not prompt for a passphrase if we fail to open a keyfile, and log
    the reason why the open failed to debug (closes: #431538).
  - Prevent sftp from crashing when given a "-" without a command.  Also,
    allow whitespace to follow a "-" (closes: #531561).

1 files changed, 21 insertions, 32 deletions

diff --git a/config.h.in b/config.h.in
index 939840fc2..a61f0a6b5 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,8 +1,5 @@
 /* config.h.in.  Generated from configure.ac by autoheader.  */
 
-/* Define if building universal (internal helper macro) */
-#undef AC_APPLE_UNIVERSAL_BUILD
-
 /* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
    */
 #undef AIX_GETNAMEINFO_HACK
@@ -125,6 +122,9 @@
 /* Define if you don't want to use wtmpx */
 #undef DISABLE_WTMPX
 
+/* Enable for PKCS#11 support */
+#undef ENABLE_PKCS11
+
 /* Builtin PRNG command timeout */
 #undef ENTROPY_TIMEOUT_MSEC
 
@@ -464,6 +464,9 @@
 /* Define to 1 if you have the <glob.h> header file. */
 #undef HAVE_GLOB_H
 
+/* Define to 1 if you have the `group_from_gid' function. */
+#undef HAVE_GROUP_FROM_GID
+
 /* Define to 1 if you have the <gssapi_generic.h> header file. */
 #undef HAVE_GSSAPI_GENERIC_H
 
@@ -554,9 +557,6 @@
 /* Define to 1 if you have the `pam' library (-lpam). */
 #undef HAVE_LIBPAM
 
-/* Define to 1 if you have the `sectok' library (-lsectok). */
-#undef HAVE_LIBSECTOK
-
 /* Define to 1 if you have the `socket' library (-lsocket). */
 #undef HAVE_LIBSOCKET
 
@@ -738,9 +738,6 @@
 /* define if you have sa_family_t data type */
 #undef HAVE_SA_FAMILY_T
 
-/* Define to 1 if you have the <sectok.h> header file. */
-#undef HAVE_SECTOK_H
-
 /* Define if you have SecureWare-based protected password database */
 #undef HAVE_SECUREWARE
 
@@ -765,6 +762,9 @@
 /* Define to 1 if you have the `seteuid' function. */
 #undef HAVE_SETEUID
 
+/* Define to 1 if you have the `setgroupent' function. */
+#undef HAVE_SETGROUPENT
+
 /* Define to 1 if you have the `setgroups' function. */
 #undef HAVE_SETGROUPS
 
@@ -774,6 +774,9 @@
 /* Define to 1 if you have the `setluid' function. */
 #undef HAVE_SETLUID
 
+/* Define to 1 if you have the `setpassent' function. */
+#undef HAVE_SETPASSENT
+
 /* Define to 1 if you have the `setpcred' function. */
 #undef HAVE_SETPCRED
 
@@ -1077,6 +1080,9 @@
 /* Define to 1 if you have the <usersec.h> header file. */
 #undef HAVE_USERSEC_H
 
+/* Define to 1 if you have the `user_from_uid' function. */
+#undef HAVE_USER_FROM_UID
+
 /* Define to 1 if you have the <util.h> header file. */
 #undef HAVE_UTIL_H
 
@@ -1186,6 +1192,9 @@
    EOPNOTSUPP. */
 #undef LINK_OPNOTSUPP_ERRNO
 
+/* Adjust Linux out-of-memory killer */
+#undef LINUX_OOM_ADJUST
+
 /* max value of long long calculated by configure */
 #undef LLONG_MAX
 
@@ -1238,9 +1247,6 @@
 /* Define if X11 doesn't support AF_UNIX sockets on that system */
 #undef NO_X11_UNIX_SOCKETS
 
-/* Adjust Linux out-of-memory killer */
-#undef OOM_ADJUST
-
 /* Define if EVP_DigestUpdate returns void */
 #undef OPENSSL_EVP_DIGESTUPDATE_VOID
 
@@ -1308,9 +1314,6 @@
 /* Define if your skeychallenge() function takes 4 arguments (NetBSD) */
 #undef SKEYCHALLENGE_4ARG
 
-/* Define if you want smartcard support */
-#undef SMARTCARD
-
 /* Define as const if snprintf() can declare const char *fmt */
 #undef SNPRINTF_CONST
 
@@ -1381,9 +1384,6 @@
 /* Use libedit for sftp */
 #undef USE_LIBEDIT
 
-/* Define if you want smartcard support using OpenSC */
-#undef USE_OPENSC
-
 /* Enable OpenSSL engine support */
 #undef USE_OPENSSL_ENGINE
 
@@ -1393,9 +1393,6 @@
 /* Use PIPES instead of a socketpair() */
 #undef USE_PIPES
 
-/* Define if you want smartcard support using sectok */
-#undef USE_SECTOK
-
 /* platform has the Security Authorization Session API */
 #undef USE_SECURITY_SESSION_API
 
@@ -1424,17 +1421,9 @@
 /* Define if you want SELinux support. */
 #undef WITH_SELINUX
 
-/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
-   significant byte first (like Motorola and SPARC, unlike Intel). */
-#if defined AC_APPLE_UNIVERSAL_BUILD
-# if defined __BIG_ENDIAN__
-#  define WORDS_BIGENDIAN 1
-# endif
-#else
-# ifndef WORDS_BIGENDIAN
-#  undef WORDS_BIGENDIAN
-# endif
-#endif
+/* Define to 1 if your processor stores words with the most significant byte
+   first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
 
 /* Define if xauth is found in your path */
 #undef XAUTH_PATH