Commit Graph

507 Commits

Author SHA1 Message Date
Christian S.J. Peron
25d33e3d81 Enable getaudit_addr(2) for sshd again. This will un-break the subject
BSM audit tokens for IPv6.
2008-11-30 15:35:24 +00:00
Dag-Erling Smørgrav
d4af9e693f Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
2008-08-01 02:48:36 +00:00
Warner Losh
c71665a590 Merge from p4:
Implement openssl config needed for mips.

Submitted by:	gonzo@
Reviewed by:	simon@
2008-07-23 17:38:33 +00:00
Peter Wemm
126f58e813 Add $FreeBSD$ 2008-07-03 03:36:58 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
Kris Kennaway
ac188d74d6 For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade
that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was
hard-wired to the now-wrong location in old releases.

However, both X11BASE and LOCALBASE have moved out of scope of src/
into ports/ now, which causes problems for upgraded users who have old
make.conf files still containing the above setting.  X11BASE becomes
null and we instruct ssh and sshd to look for xauth in /bin/xauth
where it is unlikely to be found.

Instead, provide a copy of the default LOCALBASE?=/usr/local setting
here.

We also have to deal with the case where the user only overrides
LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set
implicitly but not here), which will also move the location of xauth.

MFC after:	 3 days
Reported by:	 rwatson
2008-03-05 20:58:15 +00:00
Ruslan Ermilov
b7498df286 getopt(3) returns -1, not EOF. 2008-02-19 07:09:19 +00:00
Rong-En Fan
27cfc42fc5 - Bump share library version which were missed in last bump
Reported by: 	     jhb
Discussed with:	     deischen, des, doubg, harti
Approved by:	     re (kensmith)
2007-06-18 18:47:54 +00:00
George V. Neville-Neil
559d3390d0 Integrate the Camellia Block Cipher. For more information see RFC 4132
and its bibliography.

Submitted by:   Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after:      1 month
2007-05-09 19:37:02 +00:00
Simon L. B. Nielsen
60f20fcae6 Upgrade to OpenSSL 0.9.8e. 2007-03-15 20:15:15 +00:00
Ruslan Ermilov
5b3dc7cf10 Fix static compilation. 2006-10-07 17:32:05 +00:00
Simon L. B. Nielsen
6d08f20507 Upgrade to OpenSSL 0.9.8d. 2006-10-01 07:56:51 +00:00
Dag-Erling Smørgrav
bb79c11d8a Update for OpenSSH 4.4p1.
MFC after:	1 week
2006-09-30 13:41:26 +00:00
Ruslan Ermilov
2b46c64c9c Remove alpha left-overs. 2006-08-22 08:03:01 +00:00
Simon L. B. Nielsen
e7926dc0a5 Upgrade to OpenSSL 0.9.8b. 2006-07-29 19:41:41 +00:00
Simon L. B. Nielsen
af7ca25b1e Enable DSO (Dynamic Shared Object) support. This makes it possible
for OpenSSL to load engines run-time, e.g. for using the opensc
engine port.

The OpenSSL Configure script enables DSO support on FreeBSD by
default, we just don't use the Configure script during OpenSSL builds
in the base system.

This is committed to -CURRENT now (before OpenSSL 0.9.8b import), so
it can be tested at bit in -CURRENT before being MFC'ed to 6-STABLE.

Prodded by:	ale
PR:		bin/79570
MFC after:	1 week
2006-07-17 11:47:35 +00:00
Dag-Erling Smørgrav
9fd9594daf Add a manual dependency on ssh_namespace.h.
Discussed with:	ru
2006-05-13 21:38:16 +00:00
Dag-Erling Smørgrav
ed22e27d8a Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
2006-05-13 13:47:45 +00:00
Ruslan Ermilov
6dd8b8288a Clean generated headers. 2006-04-10 08:47:18 +00:00
Dag-Erling Smørgrav
6a75ff16ed Add port-tun.c. 2006-03-22 20:42:05 +00:00
Ruslan Ermilov
fcaa466865 Provide alternate default for SHLIBDIR before bsd.own.mk does this.
Reported by:	phk
2006-03-18 11:01:06 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Christian S.J. Peron
d57d58dac4 Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support
have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into
build conditionally.

For users which do not care for audit support and do not want to compile
it into their SSH servers, add the following to the /etc/make.conf:

	NO_AUDIT=true

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
2006-02-12 07:19:45 +00:00
Doug Rabson
c0b9f4fe65 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
Ruslan Ermilov
c1c28da069 Revert last revision by phk@, it's redundant since bsd.incs.mk
already handles this, FWIW.
2005-11-19 07:04:17 +00:00
Dag-Erling Smørgrav
725f8b7693 Update for OpenSSH 4.2p1. 2005-09-03 07:10:33 +00:00
Poul-Henning Kamp
f06e2f8233 Don't install includes if NO_TOOLCHAIN 2005-08-03 09:18:59 +00:00
Ken Smith
a84020c2b9 Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
Dag-Erling Smørgrav
40e0db94af Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by:	ru
2005-06-07 09:31:28 +00:00
Dag-Erling Smørgrav
32f80c77d0 Make libssh an INTERNALLIB like it is in {Net,Open}BSD. 2005-06-06 16:13:07 +00:00
Dag-Erling Smørgrav
015bad3598 Update for OpenSSH 4.1p1. 2005-06-05 15:47:07 +00:00
Jacques Vidrine
d6608aaa6e Update OpenSSL 0.9.7d -> 0.9.7e. 2005-02-25 06:04:12 +00:00
Ruslan Ermilov
e7b3b699a2 Define PLATFORM correctly when cross-building. 2005-02-16 20:55:47 +00:00
Ruslan Ermilov
ca78f10352 Sync program's usage() with manpage's SYNOPSIS. 2005-02-10 14:47:06 +00:00
Diomidis Spinellis
a13476cc13 Correctly hide the command arguments.
PR:		bin/76374
MFC after:	2 weeks
2005-01-17 21:46:13 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
ab7a294721 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
Ruslan Ermilov
f1f6253f4f NOLIBC_R -> NO_LIBC_R
NOLIBPTHREAD -> NO_LIBPTHREAD
NOLIBTHR -> NO_LIBTHR
2004-12-21 09:00:26 +00:00
Dag-Erling Smørgrav
5ba618aa27 Update for OpenSSH 3.9p1. 2004-10-28 16:04:23 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Mark Murray
1f9bb6cd25 Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes
from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
2004-08-14 13:38:35 +00:00
Colin Percival
d37df47d31 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
Olivier Houchard
59315819d5 Import the openssl conf for arm. 2004-05-14 12:26:51 +00:00
Ruslan Ermilov
1116791977 Record the libssl.so dependency on libcrypto.so. This should
help some ports that depend on libradius that recently gained
the dependency on libssl.  This is also how the stock OpenSSL
build would link libssl.so on FreeBSD.

Prompted by:	kris
OK'ed by:	markm, nectar
2004-05-13 07:51:47 +00:00
Marcel Moolenaar
a1cd6de6a6 Fix release builds (release.3 target). We also need to rebuild libradius,
because otherwise it will remain having a dependency upon libssl. This
breaks the non-crypto build that happens for release.3

While here, order the list of programs and libraries.

Speculating review feedback from: ru
2004-05-02 17:38:27 +00:00
Ruslan Ermilov
1f2cef4790 Turn MAKE_IDEA into a true "bool" type variable, as documented in
the make.conf(5) manpage.

PR:		conf/65738
OK'ed by:	markm
2004-04-19 11:35:15 +00:00
Peter Wemm
d901a5218e Turn on the amd64-specific bignum code in openssl. This is actually
a variant of the C code but with some scattered asm and things laid out
more optimally for the platform.  This means that we need to the asm
directory to the search path for the amd64 case so that make can find
the source.
2004-04-14 23:26:26 +00:00
David Malone
8a56b12482 Remove the -pthread from the last commit, as OpenSSL doesn't actually
call any pthread functions as we use compile it. We keep the
-DOPENSSL_THREADS, which stops OpenSSL doing thread-unsafe stuff.

Requested by:	ru
2004-03-30 21:04:04 +00:00
David Malone
1251855f52 Build OpenSSL so that it extects that is may be used in a threaded
environment. This stops some ports keeling over on an OpenSSL assert.
(The patch is not exactly the one from the PR, but has been refined
based on advice from freebsd-threads.)

PR:		51205
Submitted by:	Jim Westfall <jwestfall@surrealistic.net>
MFC after:	1 month
2004-03-30 11:30:02 +00:00
Mark Murray
f3d90904b0 Re-add the hand-optimised assembler versions of some of the ciphers
to the build.

Should have done this ages ago:	markm
Reminded above to do this:	peter
2004-03-23 08:32:29 +00:00
Jacques Vidrine
03886b3681 Update manual pages for OpenSSL 0.9.7d. 2004-03-17 16:15:46 +00:00
Dag-Erling Smørgrav
40dd33e888 Update for 3.8p1, including workaround for a bug in gss-genr.c. 2004-02-26 11:26:46 +00:00
Johan Karlsson
604d24db95 style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
Ruslan Ermilov
9ee9ecea00 Use the default threading library if requested.
Reviewed by:	des, deischen
2004-02-07 08:23:48 +00:00
Ruslan Ermilov
47d7e8a96f Fixed style of DPADD and LDADD assignments as per style.Makefile(5). 2004-02-05 22:44:25 +00:00
Ruslan Ermilov
526f81a883 - Removed libmd from the Kerberos library set.
- Removed libopie and libmd; libopie used to serve auth-skey.c
  which is compiled now only to ease maintenance, as well as
  a few other auth-*.c sources.

Reviewed by:	des
2004-02-02 22:00:35 +00:00
Ruslan Ermilov
640e686c42 Added two utility targets "secure" and "insecure", analogous to
"kerberize" and "dekerberize" in kerberos5/Makefile.  These can
be used to recompile bits with optional crypto support with and
without crypto, respectively.

Reviewed by:	markm
2004-01-18 07:44:53 +00:00
Ruslan Ermilov
90165ba56f Once upon a time we had both "crypto" and "krb5" distributions,
and rebuilt some bits with crypto but without Kerberos support
(most notably SSH) during "make release", to put them into the
"crypto" distribution.

Now that we don't ship the separate "krb5" distribution anymore
(it's now part of the "crypto" distribuion), don't waste time
recompiling SSH bits without crypto and without Kerberos support
in an attempt to put them in the "base" distribution -- it just
doesn't work as SSH always uses crypto code.

We avoid this by not rebuilding KPROGS from kerberos5/Makefile in
release/Makefile and adding "libpam" to SPROGS in secure/Makefile
to ensure it's still rebuilt without crypto support for the "base"
distribution.  (Disabling crypto (NOCRYPT) also disables building
of Kerberos-related PAM modules, and it's OK to depend on this.)

This should be a no-op change saving some "make release" time.
2004-01-17 19:22:36 +00:00
Ruslan Ermilov
d82881651b - Properly build both crypto and non-crypto versions of the
package management tools.

- Drop redundant dependency of pkg_create(1) and pkg_delete(1)
  on crypto libraries now that they do not link with libfetch.
2004-01-17 13:41:16 +00:00
Ruslan Ermilov
0ad21c4f14 Removed well outdated comment. 2004-01-17 03:12:46 +00:00
Ruslan Ermilov
9387ab35e7 Cosmetics: rearrange the dependency list to match that of ssh and sshd.
Reviewed by:	des
2004-01-08 11:41:02 +00:00
Ruslan Ermilov
e1542a4058 Fixed static linkage.
Reviewed by:	des
2004-01-08 11:40:19 +00:00
Dag-Erling Smørgrav
e7ffa415e8 Use += instead of = with DPADD / LDADD. 2004-01-08 09:50:56 +00:00
Dag-Erling Smørgrav
9f80be8e3d Enable GSSAPI support. [1]
Also remove some duplicates from ssh's SRCS.

Submitted by:	[1] Björn Grönvall <bg@sics.se>
2004-01-08 09:05:24 +00:00
Dag-Erling Smørgrav
3b7f13a03b Previous commit erroneously listed some sources with .o suffixes. 2004-01-07 11:59:52 +00:00
Dag-Erling Smørgrav
a04e3d6c30 Update Makefiles for OpenSSH 3.7.1p2. 2004-01-07 11:17:23 +00:00
Gordon Tetlow
c45db69312 Explicitly add libz and libcrypto to LDADD for any ssh utilities missing
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.

I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.

Reviewed by:	des
2003-08-19 07:45:03 +00:00
Gordon Tetlow
41d8423f71 Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
2003-08-17 08:28:46 +00:00
Mark Murray
4afa371832 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
Ruslan Ermilov
55c90a95a4 Fixed "make checkdpadd".
OK'ed by:	markm
2003-07-02 23:38:42 +00:00
Mark Murray
8027fe397a Fix for the NO_OPENSSL case.
Reported by:	Marius Strobl <marius@alchemy.franken.de>
2003-06-08 08:24:07 +00:00
Mark Murray
75e936f168 Drop this MAINTAINER bit. I'll reclaim an "Advisory Maintainership"
for this area later.
2003-06-04 16:10:20 +00:00
Mark Murray
485721b25e I'm now happy that this is no longer needed. Libcrypto has
all its functionality, and all its consumers have been converted.
2003-06-04 15:26:34 +00:00
Mark Murray
e4a3b084f9 Disconnect libcipher from the build. It only does DES, and we already
have libcrypto to do that. Both consumers of this lib have been
converted to use libcrypto. (bin/ed and secure/usr.bin/bdes).
2003-06-02 20:03:32 +00:00
Mark Murray
c8fa8e25d7 Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.
2003-06-02 19:17:24 +00:00
Mark Murray
af91929794 Modernise. Use libcrypto instead of libcipher for DES. 2003-06-02 19:10:59 +00:00
David E. O'Brien
631a2b1ed8 Ugg, wrong version.
CSTD=gnu89, c89 wont do.
2003-06-01 23:39:16 +00:00
David E. O'Brien
90f6678b64 This isn't C99 clean. 2003-06-01 23:37:46 +00:00
Mark Murray
dbf104e68d Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
Mark Murray
59199aeb7e We no longer have a separate kerberos distribution. Its now just
part of the regular security dist.
2003-04-30 17:46:24 +00:00
Ruslan Ermilov
f7fa0cbd70 The including makefile's directory is tried first for .include "...". 2003-04-30 07:54:39 +00:00
Ruslan Ermilov
6402d39a2b Most things depend on !defined(NO_OPENSSL); make it look so. 2003-04-30 07:51:51 +00:00
Ruslan Ermilov
bce0c9275c NOSECURE is implied by NOCRYPT, meaning if the latter is defined
we won't be here.
2003-04-30 07:34:14 +00:00
Dag-Erling Smørgrav
581ff5e326 Remove Kerberos IV shims. 2003-04-23 17:26:01 +00:00
Dag-Erling Smørgrav
d8b043c8d4 Update for 3.6.1p1; also remove Kerberos IV shims. 2003-04-23 17:25:47 +00:00
Bruce Evans
d76abd2739 Silence `make -s' (echo -> ${ECHO}). 2003-04-13 14:13:28 +00:00
Ruslan Ermilov
6c4e523908 libtelnet depends on OpenSSL.
PR:	50507
2003-04-01 12:50:40 +00:00
Philippe Charnier
45ebb0c103 The .Nm utility 2003-03-24 16:09:07 +00:00
David E. O'Brien
a6c3fa5b5f Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f'
doesn't need to be prefixed with '-'.  Keep the pointy hat for myself
for not reading the code closely.
2003-03-11 17:19:37 +00:00
David E. O'Brien
167cec7565 Don't error out the build if removing a "stale" symlink fails.
Pointy hat for breaking my installworld:	nectar
2003-03-10 19:43:56 +00:00
Mike Makonnen
a5c21394e3 Fix mixed up arguments passed to a locally defined err(int, char *)
function.

Approved by:	markm (mentor)
Submitted by:	till toenges <tt@mail.isis.de>
PR:		bin/48963
2003-03-07 16:00:55 +00:00
Ruslan Ermilov
aa1cd79b7f Handle includes the normal way.
Reviewed by:	markm
Approved by:	nectar
2003-02-27 23:07:26 +00:00
Jacques Vidrine
b7d18f9a8a Regenerate man pages after import of OpenSSL 0.9.7a. 2003-02-19 23:30:52 +00:00
Jacques Vidrine
c819173716 LIBDIR/INCLUDEDIR do not include DESTDIR.
Reported by:	Andrzej Tobola <san@iem.pw.edu.pl>
2003-02-18 17:29:04 +00:00
Jacques Vidrine
ba5637c376 Follow-up to previous commit: we had a des.h symlink, too. Remove
that.
2003-02-18 16:07:33 +00:00
Jacques Vidrine
419b10b514 Previously, libcrypto contained symbols that were identical to EAY
libdes, and functionally close enough so that we created symlinks
(libdes -> libcrypto) to help older applications.  With the import of
OpenSSL 0.9.7, this is no longer true and we no longer install these
symlinks.  However, systems that are upgraded may have these symlinks,
which could cause non-obvious breakage at build-time.  Therefore, blow
any old symlinks away in the `afterinstall' target.
2003-02-18 14:23:11 +00:00
Jacques Vidrine
715430f81d Correct path for finding asm-generating files. 2003-02-14 12:25:00 +00:00
Jacques Vidrine
6042ca2e01 Install the OpenSSL man pages in /usr/share/openssl/man
and remove the WANT_OPENSSL_MANPAGES knob.
2003-02-10 19:57:56 +00:00
Jacques Vidrine
a097def45b Do not define OPENSSL_NO_KRB5 here in CFLAGS. It is handled in
opensslconf.h.

Reminded by:	reports from des, obrien
2003-02-09 14:59:56 +00:00
Jacques Vidrine
5654cc45c0 Re-add WANT_OPENSSL_MANPAGES knob.
Noticed by:	ru
2003-01-31 11:30:38 +00:00