summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2008-05-25Restore OOM killer adjustment for child processes (thanks, Vaclav Ovsik;Colin Watson
closes: #480020).
2008-02-04* Fix configure detection of getseuserbyname andColin Watson
get_default_context_with_level (LP: #188136).
2007-12-24* New upstream release (closes: #453367).Colin Watson
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec (closes: #444738). - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. - The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. - ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. - A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. - Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. - ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work. - Make scp(1) skip FIFOs rather than hanging (closes: #246774). - Encode non-printing characters in scp(1) filenames. These could cause copies to be aborted with a "protocol error". - Handle SIGINT in sshd(8) privilege separation child process to ensure that wtmp and lastlog records are correctly updated. - Report GSSAPI mechanism in errors, for libraries that support multiple mechanisms. - Improve documentation for ssh-add(1)'s -d option. - Rearrange and tidy GSSAPI code, removing server-only code being linked into the client. - Delay execution of ssh(1)'s LocalCommand until after all forwardings have been established. - In scp(1), do not truncate non-regular files. - Improve exit message from ControlMaster clients. - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error (closes: #365541). - pam_end() was not being called if authentication failed (closes: #405041). - Manual page datestamps updated (closes: #433181).
2007-08-10 - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From.Darren Tucker
Matt Kraai, ok djm@.
2007-06-25 - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.inDarren Tucker
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h] Add an implementation of poll() built on top of select(2). Code from OpenNTPD with changes suggested by djm. ok djm@
2007-06-12* New upstream release (closes: #395507, #397961, #420035). ImportantColin Watson
changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi.
2007-06-11 - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), thenDamien Miller
fallback to provided bit-swizzing functions
2007-05-0920070509Tim Rice
- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
2007-04-29 - (dtucker) [configure.ac defines.h] Have configure check for offsetofDarren Tucker
to prevent redefinition warnings.
2007-04-29 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__Darren Tucker
__nonnull__ for versions of GCC that don't support it.
2007-04-29 - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKSDarren Tucker
so we don't get redefinition warnings.
2007-04-29 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use theDarren Tucker
platform's _res if it has one. Should fix problem of DNSSEC record lookups on NetBSD as reported by Curt Sampson.
2007-03-2620070326Tim Rice
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-25 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,Darren Tucker
LIBWRAP and LIBPAM variables in Makefile with the general-purpose SSHDLIBS. "I like" djm@
2007-03-21 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: UseDarren Tucker
getpeerucred to implement getpeereid (currently only Solaris 10 and up). Patch by Jan.Pechanec at Sun.
2007-03-05 - (djm) [configure.ac] add a --without-openssl-header-check option toDamien Miller
configure, as some platforms (OS X) ship OpenSSL headers whose version does not match that of the shipping library. ok dtucker@
2007-03-02 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allowsDarren Tucker
CRLF as well as LF lineendings) and write in binary mode. Patch from vinschen at redhat.com.
2006-12-06* Fix quoting error in configure.ac and regenerate configure (thanks, BenColin Watson
Pfaff; closes: #391248).
2006-10-27Incorporate Manoj's NMU:Colin Watson
* NMU to update SELinux patch, bringing it in line with current selinux releases. The patch for this NMU is simply the Bug#394795 patch, and no other changes. (closes: #394795)
2006-10-07 - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing forDarren Tucker
SELinux functions so they're detected correctly. Patch from pebenito at gentoo.org.
2006-10-03 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specificTim Rice
section so additional platform specific CHECK_HEADER tests will work correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no Feedback and "seems like a good idea" dtucker@
2006-09-29 - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engineDarren Tucker
support. Patch from andrew.benham at thus net.
2006-09-2420060924Tim Rice
- (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added to rev 1.308) to work around broken gcc 2.x header file.
2006-09-23 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather thanDarren Tucker
$LDFLAGS. Patch from vapier at gentoo org.
2006-09-18 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allowDarren Tucker
macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. Allows build out of the box with older VAC and XLC compilers. Found by David Bronder and Bernhard Simon.
2006-09-12 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]Damien Miller
Support SMF in Solaris Packages if enabled by configure. Patch from Chad Mynhier, tested by dtucker@
2006-09-10 - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB.Darren Tucker
2006-09-09 - (dtucker) [configure.ac] The BSM header test needs time.h in some cases.Darren Tucker
2006-09-06 - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6Tim Rice
2006-09-05 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.Darren Tucker
2006-09-04 - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the nativeDarren Tucker
updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, ok djm@
2006-09-03 - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check forDarren Tucker
declaration of writev(2) and declare it ourselves if necessary. Makes the atomiciov() calls build on really old systems. ok djm@
2006-09-01 - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] ExplicitlyDarren Tucker
test for GLOB_NOMATCH and use our glob functions if it's not found. Stops sftp from segfaulting when attempting to get a nonexistent file on Cygwin (previous versions of OpenSSH didn't use the native glob). Partly from and tested by Corinna Vinschen.
2006-08-31 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]Damien Miller
[platform.c platform.h sshd.c openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] [openbsd-compat/port-solaris.h] Add support for Solaris process contracts, enabled with --use-solaris-contracts. Patch from Chad Mynhier, tweaked by dtucker@ and myself; ok dtucker@
2006-08-20 - (dtucker) [configure.ac] Remove errant "-".Darren Tucker
2006-08-20 - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSLDarren Tucker
(0.9.8a and presumably newer) requires -ldl to successfully link.
2006-08-20 - (dtucker) [configure.ac] Relocate --with-pam parts in preparation forDarren Tucker
fixing bug #1181. No changes yet.
2006-08-20 - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restoreDarren Tucker
afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl.
2006-08-19 - (djm) Disable sigdie() for platforms that cannot safely syslog insideDamien Miller
a signal handler (basically all of them, excepting OpenBSD); ok dtucker@
2006-08-18 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync withDarren Tucker
closefrom.c from sudo.
2006-08-17 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntlDarren Tucker
for closefrom() on AIX. Pointed out by William Ahern.
2006-08-04 - (dtucker) [configure.ac] The "crippled AES" test does not work on recentDarren Tucker
versions of Solaris, so use AC_LINK_IFELSE to actually link the test program rather than just compiling it. Spotted by dlg@.
2006-07-12 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>Darren Tucker
for SHUT_RD.
2006-07-12 - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and ↵Darren Tucker
O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably more.
2006-07-11 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.cDarren Tucker
openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally include paths.h. Fixes build error on Solaris.
2006-07-06 - (dtucker) [configure.ac] Try AIX blibpath test in different order whenDarren Tucker
compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so configure would not select the correct libpath linker flags.
2006-06-27 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problemsDarren Tucker
with autoconf 2.60. Patch from vapier at gentoo.org.
2006-06-24 - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.Darren Tucker
Works around limitation in Solaris' passwd program for changing passwords where the username is longer than 8 characters. ok djm@
2006-06-23 - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIXDarren Tucker
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes on the pty slave as zero-length reads on the pty master, which sshd interprets as the descriptor closing. Since most things don't do zero length writes this rarely matters, but occasionally it happens, and when it does the SSH pty session appears to hang, so we add a special case for this condition. ok djm@
2006-06-23 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] AddDarren Tucker
tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch from reyk@, tested by anil@