38a52bd3b5
Release notes are available at https://www.openssh.com/txt/release-9.1 9.1 contains fixes for three minor memory safety problems; these have lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base system. Some highlights copied from the release notes: Potentially-incompatible changes -------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. New features ------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429 MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation
123 lines
2.0 KiB
Makefile
123 lines
2.0 KiB
Makefile
sysconfdir=@sysconfdir@
|
|
piddir=@piddir@
|
|
srcdir=@srcdir@
|
|
top_srcdir=@top_srcdir@
|
|
|
|
VPATH=@srcdir@
|
|
CC=@CC@
|
|
LD=@LD@
|
|
CFLAGS=@CFLAGS@
|
|
CFLAGS_NOPIE=@CFLAGS_NOPIE@
|
|
CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
|
|
PICFLAG=@PICFLAG@
|
|
LIBS=@LIBS@
|
|
AR=@AR@
|
|
RANLIB=@RANLIB@
|
|
INSTALL=@INSTALL@
|
|
LDFLAGS=-L. @LDFLAGS@
|
|
LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDFLAGS_NOPIE@
|
|
|
|
OPENBSD=arc4random.o \
|
|
arc4random_uniform.o \
|
|
base64.o \
|
|
basename.o \
|
|
bcrypt_pbkdf.o \
|
|
bindresvport.o \
|
|
blowfish.o \
|
|
daemon.o \
|
|
dirname.o \
|
|
explicit_bzero.o \
|
|
fmt_scaled.o \
|
|
freezero.o \
|
|
fnmatch.o \
|
|
getcwd.o \
|
|
getgrouplist.o \
|
|
getopt_long.o \
|
|
getrrsetbyname.o \
|
|
glob.o \
|
|
inet_aton.o \
|
|
inet_ntoa.o \
|
|
inet_ntop.o \
|
|
md5.o \
|
|
memmem.o \
|
|
mktemp.o \
|
|
pwcache.o \
|
|
readpassphrase.o \
|
|
reallocarray.o \
|
|
recallocarray.o \
|
|
rresvport.o \
|
|
setenv.o \
|
|
setproctitle.o \
|
|
sha1.o \
|
|
sha2.o \
|
|
sigact.o \
|
|
strcasestr.o \
|
|
strlcat.o \
|
|
strlcpy.o \
|
|
strmode.o \
|
|
strndup.o \
|
|
strnlen.o \
|
|
strptime.o \
|
|
strsep.o \
|
|
strtoll.o \
|
|
strtonum.o \
|
|
strtoull.o \
|
|
strtoul.o \
|
|
timingsafe_bcmp.o \
|
|
vis.o
|
|
|
|
COMPAT= bsd-asprintf.o \
|
|
bsd-closefrom.o \
|
|
bsd-cygwin_util.o \
|
|
bsd-err.o \
|
|
bsd-flock.o \
|
|
bsd-getentropy.o \
|
|
bsd-getline.o \
|
|
bsd-getpagesize.o \
|
|
bsd-getpeereid.o \
|
|
bsd-malloc.o \
|
|
bsd-misc.o \
|
|
bsd-nextstep.o \
|
|
bsd-openpty.o \
|
|
bsd-poll.o \
|
|
bsd-pselect.o \
|
|
bsd-setres_id.o \
|
|
bsd-signal.o \
|
|
bsd-snprintf.o \
|
|
bsd-statvfs.o \
|
|
bsd-timegm.o \
|
|
bsd-waitpid.o \
|
|
fake-rfc2553.o \
|
|
getrrsetbyname-ldns.o \
|
|
kludge-fd_set.o \
|
|
openssl-compat.o \
|
|
libressl-api-compat.o \
|
|
xcrypt.o
|
|
|
|
PORTS= port-aix.o \
|
|
port-irix.o \
|
|
port-linux.o \
|
|
port-prngd.o \
|
|
port-solaris.o \
|
|
port-net.o \
|
|
port-uw.o
|
|
|
|
.c.o:
|
|
$(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $<
|
|
|
|
all: libopenbsd-compat.a
|
|
|
|
$(COMPAT): ../config.h
|
|
$(OPENBSD): ../config.h
|
|
$(PORTS): ../config.h
|
|
|
|
libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS)
|
|
$(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS)
|
|
$(RANLIB) $@
|
|
|
|
clean:
|
|
rm -f *.o *.a core
|
|
|
|
distclean: clean
|
|
rm -f Makefile *~
|