diff options
author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /configure.ac | |
parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 84 |
1 files changed, 18 insertions, 66 deletions
diff --git a/configure.ac b/configure.ac index a3ff2b545..dfd63765b 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.427 2009/09/11 04:56:08 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.444 2010/03/05 04:04:35 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) | 17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) |
18 | AC_REVISION($Revision: 1.427 $) | 18 | AC_REVISION($Revision: 1.444 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | 20 | ||
21 | AC_CONFIG_HEADER(config.h) | 21 | AC_CONFIG_HEADER(config.h) |
@@ -108,7 +108,7 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | |||
108 | ;; | 108 | ;; |
109 | 2.*) no_attrib_nonnull=1 ;; | 109 | 2.*) no_attrib_nonnull=1 ;; |
110 | 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;; | 110 | 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;; |
111 | 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;; | 111 | 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing" ;; |
112 | *) ;; | 112 | *) ;; |
113 | esac | 113 | esac |
114 | 114 | ||
@@ -446,7 +446,7 @@ int main(void) { exit(0); } | |||
446 | AC_DEFINE(DISABLE_FD_PASSING, 1, | 446 | AC_DEFINE(DISABLE_FD_PASSING, 1, |
447 | [Define if your platform needs to skip post auth | 447 | [Define if your platform needs to skip post auth |
448 | file descriptor passing]) | 448 | file descriptor passing]) |
449 | AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size]) | 449 | AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size]) |
450 | ;; | 450 | ;; |
451 | *-*-dgux*) | 451 | *-*-dgux*) |
452 | AC_DEFINE(IP_TOS_IS_BROKEN, 1, | 452 | AC_DEFINE(IP_TOS_IS_BROKEN, 1, |
@@ -613,6 +613,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
613 | if it doesn't return EOPNOTSUPP.]) | 613 | if it doesn't return EOPNOTSUPP.]) |
614 | AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) | 614 | AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) |
615 | AC_DEFINE(USE_BTMP) | 615 | AC_DEFINE(USE_BTMP) |
616 | AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer]) | ||
616 | inet6_default_4in6=yes | 617 | inet6_default_4in6=yes |
617 | case `uname -r` in | 618 | case `uname -r` in |
618 | 1.*|2.0.*) | 619 | 1.*|2.0.*) |
@@ -630,7 +631,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
630 | AC_DEFINE(SSH_TUN_PREPEND_AF, 1, | 631 | AC_DEFINE(SSH_TUN_PREPEND_AF, 1, |
631 | [Prepend the address family to IP tunnel traffic]) | 632 | [Prepend the address family to IP tunnel traffic]) |
632 | fi | 633 | fi |
633 | AC_DEFINE(OOM_ADJUST, 1, [Adjust Linux out-of-memory killer]) | ||
634 | ;; | 634 | ;; |
635 | mips-sony-bsd|mips-sony-newsos4) | 635 | mips-sony-bsd|mips-sony-newsos4) |
636 | AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty]) | 636 | AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty]) |
@@ -768,9 +768,11 @@ mips-sony-bsd|mips-sony-newsos4) | |||
768 | ;; | 768 | ;; |
769 | # UnixWare 7.x, OpenUNIX 8 | 769 | # UnixWare 7.x, OpenUNIX 8 |
770 | *-*-sysv5*) | 770 | *-*-sysv5*) |
771 | CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" | ||
771 | AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) | 772 | AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) |
772 | AC_DEFINE(USE_PIPES) | 773 | AC_DEFINE(USE_PIPES) |
773 | AC_DEFINE(SETEUID_BREAKS_SETUID) | 774 | AC_DEFINE(SETEUID_BREAKS_SETUID) |
775 | AC_DEFINE(BROKEN_GETADDRINFO) | ||
774 | AC_DEFINE(BROKEN_SETREUID) | 776 | AC_DEFINE(BROKEN_SETREUID) |
775 | AC_DEFINE(BROKEN_SETREGID) | 777 | AC_DEFINE(BROKEN_SETREGID) |
776 | AC_DEFINE(PASSWD_NEEDS_USERNAME) | 778 | AC_DEFINE(PASSWD_NEEDS_USERNAME) |
@@ -809,6 +811,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
809 | AC_DEFINE(DISABLE_SHADOW) | 811 | AC_DEFINE(DISABLE_SHADOW) |
810 | AC_DEFINE(DISABLE_FD_PASSING) | 812 | AC_DEFINE(DISABLE_FD_PASSING) |
811 | AC_DEFINE(SETEUID_BREAKS_SETUID) | 813 | AC_DEFINE(SETEUID_BREAKS_SETUID) |
814 | AC_DEFINE(BROKEN_GETADDRINFO) | ||
812 | AC_DEFINE(BROKEN_SETREUID) | 815 | AC_DEFINE(BROKEN_SETREUID) |
813 | AC_DEFINE(BROKEN_SETREGID) | 816 | AC_DEFINE(BROKEN_SETREGID) |
814 | AC_DEFINE(WITH_ABBREV_NO_TTY) | 817 | AC_DEFINE(WITH_ABBREV_NO_TTY) |
@@ -1375,6 +1378,7 @@ AC_CHECK_FUNCS( \ | |||
1375 | getrlimit \ | 1378 | getrlimit \ |
1376 | getttyent \ | 1379 | getttyent \ |
1377 | glob \ | 1380 | glob \ |
1381 | group_from_gid \ | ||
1378 | inet_aton \ | 1382 | inet_aton \ |
1379 | inet_ntoa \ | 1383 | inet_ntoa \ |
1380 | inet_ntop \ | 1384 | inet_ntop \ |
@@ -1401,8 +1405,10 @@ AC_CHECK_FUNCS( \ | |||
1401 | setegid \ | 1405 | setegid \ |
1402 | setenv \ | 1406 | setenv \ |
1403 | seteuid \ | 1407 | seteuid \ |
1408 | setgroupent \ | ||
1404 | setgroups \ | 1409 | setgroups \ |
1405 | setlogin \ | 1410 | setlogin \ |
1411 | setpassent\ | ||
1406 | setpcred \ | 1412 | setpcred \ |
1407 | setproctitle \ | 1413 | setproctitle \ |
1408 | setregid \ | 1414 | setregid \ |
@@ -1431,12 +1437,18 @@ AC_CHECK_FUNCS( \ | |||
1431 | truncate \ | 1437 | truncate \ |
1432 | unsetenv \ | 1438 | unsetenv \ |
1433 | updwtmpx \ | 1439 | updwtmpx \ |
1440 | user_from_uid \ | ||
1434 | vasprintf \ | 1441 | vasprintf \ |
1435 | vhangup \ | 1442 | vhangup \ |
1436 | vsnprintf \ | 1443 | vsnprintf \ |
1437 | waitpid \ | 1444 | waitpid \ |
1438 | ) | 1445 | ) |
1439 | 1446 | ||
1447 | # PKCS#11 support requires dlopen() and co | ||
1448 | AC_SEARCH_LIBS(dlopen, dl, | ||
1449 | AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) | ||
1450 | ) | ||
1451 | |||
1440 | # IRIX has a const char return value for gai_strerror() | 1452 | # IRIX has a const char return value for gai_strerror() |
1441 | AC_CHECK_FUNCS(gai_strerror,[ | 1453 | AC_CHECK_FUNCS(gai_strerror,[ |
1442 | AC_DEFINE(HAVE_GAI_STRERROR) | 1454 | AC_DEFINE(HAVE_GAI_STRERROR) |
@@ -3280,66 +3292,6 @@ if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then | |||
3280 | AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr]) | 3292 | AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr]) |
3281 | fi | 3293 | fi |
3282 | 3294 | ||
3283 | SCARD_MSG="no" | ||
3284 | # Check whether user wants sectok support | ||
3285 | AC_ARG_WITH(sectok, | ||
3286 | [ --with-sectok Enable smartcard support using libsectok], | ||
3287 | [ | ||
3288 | if test "x$withval" != "xno" ; then | ||
3289 | if test "x$withval" != "xyes" ; then | ||
3290 | CPPFLAGS="$CPPFLAGS -I${withval}" | ||
3291 | LDFLAGS="$LDFLAGS -L${withval}" | ||
3292 | if test ! -z "$need_dash_r" ; then | ||
3293 | LDFLAGS="$LDFLAGS -R${withval}" | ||
3294 | fi | ||
3295 | if test ! -z "$blibpath" ; then | ||
3296 | blibpath="$blibpath:${withval}" | ||
3297 | fi | ||
3298 | fi | ||
3299 | AC_CHECK_HEADERS(sectok.h) | ||
3300 | if test "$ac_cv_header_sectok_h" != yes; then | ||
3301 | AC_MSG_ERROR(Can't find sectok.h) | ||
3302 | fi | ||
3303 | AC_CHECK_LIB(sectok, sectok_open) | ||
3304 | if test "$ac_cv_lib_sectok_sectok_open" != yes; then | ||
3305 | AC_MSG_ERROR(Can't find libsectok) | ||
3306 | fi | ||
3307 | AC_DEFINE(SMARTCARD, 1, | ||
3308 | [Define if you want smartcard support]) | ||
3309 | AC_DEFINE(USE_SECTOK, 1, | ||
3310 | [Define if you want smartcard support | ||
3311 | using sectok]) | ||
3312 | SCARD_MSG="yes, using sectok" | ||
3313 | fi | ||
3314 | ] | ||
3315 | ) | ||
3316 | |||
3317 | # Check whether user wants OpenSC support | ||
3318 | OPENSC_CONFIG="no" | ||
3319 | AC_ARG_WITH(opensc, | ||
3320 | [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], | ||
3321 | [ | ||
3322 | if test "x$withval" != "xno" ; then | ||
3323 | if test "x$withval" != "xyes" ; then | ||
3324 | OPENSC_CONFIG=$withval/bin/opensc-config | ||
3325 | else | ||
3326 | AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) | ||
3327 | fi | ||
3328 | if test "$OPENSC_CONFIG" != "no"; then | ||
3329 | LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` | ||
3330 | LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` | ||
3331 | CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" | ||
3332 | LIBS="$LIBS $LIBOPENSC_LIBS" | ||
3333 | AC_DEFINE(SMARTCARD) | ||
3334 | AC_DEFINE(USE_OPENSC, 1, | ||
3335 | [Define if you want smartcard support | ||
3336 | using OpenSC]) | ||
3337 | SCARD_MSG="yes, using OpenSC" | ||
3338 | fi | ||
3339 | fi | ||
3340 | ] | ||
3341 | ) | ||
3342 | |||
3343 | # Check libraries needed by DNS fingerprint support | 3295 | # Check libraries needed by DNS fingerprint support |
3344 | AC_SEARCH_LIBS(getrrsetbyname, resolv, | 3296 | AC_SEARCH_LIBS(getrrsetbyname, resolv, |
3345 | [AC_DEFINE(HAVE_GETRRSETBYNAME, 1, | 3297 | [AC_DEFINE(HAVE_GETRRSETBYNAME, 1, |
@@ -4210,7 +4162,7 @@ fi | |||
4210 | AC_EXEEXT | 4162 | AC_EXEEXT |
4211 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ | 4163 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ |
4212 | openbsd-compat/Makefile openbsd-compat/regress/Makefile \ | 4164 | openbsd-compat/Makefile openbsd-compat/regress/Makefile \ |
4213 | scard/Makefile ssh_prng_cmds survey.sh]) | 4165 | ssh_prng_cmds survey.sh]) |
4214 | AC_OUTPUT | 4166 | AC_OUTPUT |
4215 | 4167 | ||
4216 | # Print summary of options | 4168 | # Print summary of options |