* New upstream release (closes: #395507, #397961, #420035). Important

  changes not previously backported to 4.3p2:
  - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4):
    + On portable OpenSSH, fix a GSSAPI authentication abort that could be
      used to determine the validity of usernames on some platforms.
    + Implemented conditional configuration in sshd_config(5) using the
      "Match" directive. This allows some configuration options to be
      selectively overridden if specific criteria (based on user, group,
      hostname and/or address) are met. So far a useful subset of
      post-authentication options are supported and more are expected to
      be added in future releases.
    + Add support for Diffie-Hellman group exchange key agreement with a
      final hash of SHA256.
    + Added a "ForceCommand" directive to sshd_config(5). Similar to the
      command="..." option accepted in ~/.ssh/authorized_keys, this forces
      the execution of the specified command regardless of what the user
      requested. This is very useful in conjunction with the new "Match"
      option.
    + Add a "PermitOpen" directive to sshd_config(5). This mirrors the
      permitopen="..." authorized_keys option, allowing fine-grained
      control over the port-forwardings that a user is allowed to
      establish.
    + Add optional logging of transactions to sftp-server(8).
    + ssh(1) will now record port numbers for hosts stored in
      ~/.ssh/known_hosts when a non-standard port has been requested
      (closes: #50612).
    + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a
      non-zero exit code) when requested port forwardings could not be
      established.
    + Extend sshd_config(5) "SubSystem" declarations to allow the
      specification of command-line arguments.
    + Replacement of all integer overflow susceptible invocations of
      malloc(3) and realloc(3) with overflow-checking equivalents.
    + Many manpage fixes and improvements.
    + Add optional support for OpenSSL hardware accelerators (engines),
      enabled using the --with-ssl-engine configure option.
    + Tokens in configuration files may be double-quoted in order to
      contain spaces (closes: #319639).
    + Move a debug() call out of a SIGCHLD handler, fixing a hang when the
      session exits very quickly (closes: #307890).
    + Fix some incorrect buffer allocation calculations (closes: #410599).
    + ssh-add doesn't ask for a passphrase if key file permissions are too
      liberal (closes: #103677).
    + Likewise, ssh doesn't ask either (closes: #99675).
  - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6):
    + sshd now allows the enabling and disabling of authentication methods
      on a per user, group, host and network basis via the Match directive
      in sshd_config.
    + Fixed an inconsistent check for a terminal when displaying scp
      progress meter (closes: #257524).
    + Fix "hang on exit" when background processes are running at the time
      of exit on a ttyful/login session (closes: #88337).
* Update to current GSSAPI patch from
  http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch;
  install ChangeLog.gssapi.

1 files changed, 59 insertions, 3 deletions

diff --git a/config.h.in b/config.h.in
index b5cfdbb2c..a913487e1 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,5 +1,9 @@
 /* config.h.in.  Generated from configure.ac by autoheader.  */
 
+/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
+   */
+#undef AIX_GETNAMEINFO_HACK
+
 /* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
 #undef AIX_LOGINFAILED_4ARG
 
@@ -190,6 +194,9 @@
 /* Define if your system uses ancillary data style file descriptor passing */
 #undef HAVE_CONTROL_IN_MSGHDR
 
+/* Define to 1 if you have the <crypto/sha2.h> header file. */
+#undef HAVE_CRYPTO_SHA2_H
+
 /* Define to 1 if you have the <crypt.h> header file. */
 #undef HAVE_CRYPT_H
 
@@ -203,6 +210,10 @@
    don't. */
 #undef HAVE_DECL_AUTHENTICATE
 
+/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
+   don't. */
+#undef HAVE_DECL_GLOB_NOMATCH
+
 /* Define to 1 if you have the declaration of `h_errno', and to 0 if you
    don't. */
 #undef HAVE_DECL_H_ERRNO
@@ -219,6 +230,10 @@
    don't. */
 #undef HAVE_DECL_LOGINSUCCESS
 
+/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you
+   don't. */
+#undef HAVE_DECL_O_NONBLOCK
+
 /* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
    don't. */
 #undef HAVE_DECL_PASSWDEXPIRED
@@ -227,6 +242,14 @@
    don't. */
 #undef HAVE_DECL_SETAUTHDB
 
+/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you
+   don't. */
+#undef HAVE_DECL_SHUT_RD
+
+/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
+   */
+#undef HAVE_DECL_WRITEV
+
 /* Define to 1 if you have the declaration of `_getlong', and to 0 if you
    don't. */
 #undef HAVE_DECL__GETLONG
@@ -262,6 +285,9 @@
 /* Define if your system has /etc/default/login */
 #undef HAVE_ETC_DEFAULT_LOGIN
 
+/* Define to 1 if you have the `EVP_sha256' function. */
+#undef HAVE_EVP_SHA256
+
 /* Define if you have ut_exit in utmp.h */
 #undef HAVE_EXIT_IN_UTMP
 
@@ -271,6 +297,12 @@
 /* Define to 1 if you have the `fchown' function. */
 #undef HAVE_FCHOWN
 
+/* Use F_CLOSEM fcntl for closefrom */
+#undef HAVE_FCNTL_CLOSEM
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
 /* Define to 1 if you have the <features.h> header file. */
 #undef HAVE_FEATURES_H
 
@@ -334,6 +366,9 @@
 /* Define to 1 if you have the `getrusage' function. */
 #undef HAVE_GETRUSAGE
 
+/* Define to 1 if you have the `getseuserbyname' function. */
+#undef HAVE_GETSEUSERBYNAME
+
 /* Define to 1 if you have the `gettimeofday' function. */
 #undef HAVE_GETTIMEOFDAY
 
@@ -358,6 +393,9 @@
 /* Define to 1 if you have the `getutxline' function. */
 #undef HAVE_GETUTXLINE
 
+/* Define to 1 if you have the `get_default_context_with_level' function. */
+#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
+
 /* Define to 1 if you have the `glob' function. */
 #undef HAVE_GLOB
 
@@ -532,6 +570,9 @@
 /* Define to 1 if you have the <netgroup.h> header file. */
 #undef HAVE_NETGROUP_H
 
+/* Define to 1 if you have the <net/if_tun.h> header file. */
+#undef HAVE_NET_IF_TUN_H
+
 /* Define if you are on NeXT */
 #undef HAVE_NEXT
 
@@ -635,9 +676,6 @@
 /* Define to 1 if you have the <security/pam_appl.h> header file. */
 #undef HAVE_SECURITY_PAM_APPL_H
 
-/* Define to 1 if you have the <selinux/selinux.h> header file. */
-#undef HAVE_SELINUX_SELINUX_H
-
 /* Define to 1 if you have the `sendmsg' function. */
 #undef HAVE_SENDMSG
 
@@ -698,6 +736,12 @@
 /* Define to 1 if you have the `setvbuf' function. */
 #undef HAVE_SETVBUF
 
+/* Define to 1 if you have the `SHA256_Update' function. */
+#undef HAVE_SHA256_UPDATE
+
+/* Define to 1 if you have the <sha2.h> header file. */
+#undef HAVE_SHA2_H
+
 /* Define to 1 if you have the <shadow.h> header file. */
 #undef HAVE_SHADOW_H
 
@@ -1127,6 +1171,9 @@
 /* Location of PRNGD/EGD random number socket */
 #undef PRNGD_SOCKET
 
+/* read(1) can return 0 for a non-closed fd */
+#undef PTY_ZEROREAD
+
 /* Define if your platform breaks doing a seteuid before a setuid */
 #undef SETEUID_BREAKS_SETUID
 
@@ -1197,6 +1244,9 @@
 /* Define if you want a different $PATH for the superuser */
 #undef SUPERUSER_PATH
 
+/* syslog_r function is safe to use in in a signal handler */
+#undef SYSLOG_R_SAFE_IN_SIGHAND
+
 /* Support passwords > 8 chars */
 #undef UNIXWARE_LONG_PASSWORDS
 
@@ -1221,6 +1271,9 @@
 /* Define if you want smartcard support using OpenSC */
 #undef USE_OPENSC
 
+/* Enable OpenSSL engine support */
+#undef USE_OPENSSL_ENGINE
+
 /* Define if you want to enable PAM support */
 #undef USE_PAM
 
@@ -1233,6 +1286,9 @@
 /* platform has the Security Authorization Session API */
 #undef USE_SECURITY_SESSION_API
 
+/* Define if you have Solaris process contracts */
+#undef USE_SOLARIS_PROCESS_CONTRACTS
+
 /* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
 #undef WITH_ABBREV_NO_TTY