Commit Graph

728 Commits

Author SHA1 Message Date
Xin LI
43e3038611 Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:

 - Support of $2b$ password format to address a problem where very
   long passwords (more than 256 characters, when an integer
   overflow would happen and cause the length to wrap at 256).
 - Updated pseudo code in comments to reflect the reality.
 - Removed our local shortcut of processing magic string and rely
   on the centralized and tigntened validation.
 - Diff reduction from upstream.

For now we are still generating the older $02a$ format of password
but we will migrate to the new format once the format is formally
finalized.

MFC after:	1 month
2014-02-25 23:03:48 +00:00
Dag-Erling Smørgrav
f7167e0ea0 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
Jung-uk Kim
de78d5d8fd Merge OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:57:11 +00:00
Simon J. Gerraty
3caf0790a8 Merge head@256284 2013-10-13 02:35:19 +00:00
Simon J. Gerraty
34b33809b7 Updated dependencies 2013-10-13 00:24:00 +00:00
Dag-Erling Smørgrav
0085282b6a Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by:	re (marius)
2013-09-23 20:35:54 +00:00
Dag-Erling Smørgrav
2859ca23da Replace claims that DES is a strong cryptosystem with a warning stating
that it should no longer be considered secure.

Approved by:	re (gjb)
2013-09-21 11:10:09 +00:00
Simon J. Gerraty
d466a5b069 Merge head 2013-09-11 18:16:18 +00:00
Dag-Erling Smørgrav
9cfa8b3fee Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired.  The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available.  This allows it to verify signed
SSHFP records.

Approved by:	re (blanket)
2013-09-10 22:26:11 +00:00
Dag-Erling Smørgrav
0b2766bd4e Make libldns and libssh private.
Approved by:	re (blanket)
2013-09-08 10:04:26 +00:00
Simon J. Gerraty
d1d0158641 Merge from head 2013-09-05 20:18:59 +00:00
Ed Schouten
2bc87cacee Remove references to MK_IDEA.
As of r249959, we want to build with IDEA support enabled
unconditionally. As this change removed the MK_IDEA flag, update these
Makefiles accordingly.
2013-04-27 05:44:39 +00:00
Simon J. Gerraty
69e6d7b75e sync from head 2013-04-12 20:48:55 +00:00
Dag-Erling Smørgrav
6888a9be56 Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
Dag-Erling Smørgrav
0041e47595 Retire the mislabeled ENABLE_SUID_SSH knob. 2013-03-22 14:10:15 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Jung-uk Kim
09286989d3 Merge OpenSSL 1.0.1e.
Approved by:	secteam (simon), benl (silence)
2013-02-13 23:07:20 +00:00
David E. O'Brien
d9a447559b Sync with HEAD. 2013-02-08 16:10:16 +00:00
Bjoern A. Zeeb
e6a64a84ea Add a src.conf(5) option to allow users to compile in the "NONE cipher",
which, only after authentication, disables crypto, and only for sessions
without a terminal.

Submitted by:	Jeremy Chadwick (freebsd jdc.parodius.com)
PR:		bin/163095
MFC after:	10 days
2013-01-17 01:51:04 +00:00
Simon J. Gerraty
7cd2dcf076 Updated/new Makefile.depend 2012-11-08 21:24:17 +00:00
Kevin Lo
0f5e7edc14 Fix typo; s/ouput/output 2012-11-07 07:00:59 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Dag-Erling Smørgrav
462c32cb8d Upgrade OpenSSH to 6.1p1. 2012-09-03 16:51:41 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Jung-uk Kim
80e5822c0e Sort ASM definitions by crypto module for slightly easier maintenance.
Specifically, GHASH_ASM belongs to crypto/modes.
2012-07-12 21:31:53 +00:00
Jung-uk Kim
1f13597d10 Merge OpenSSL 1.0.1c.
Approved by:	benl (maintainer)
2012-07-12 19:30:53 +00:00
Jung-uk Kim
49ce68b369 Regen ca(1) for r237658. This re-applies r227458, i.e., add a missing "be". 2012-06-27 21:35:45 +00:00
Jung-uk Kim
12de4ed299 Merge OpenSSL 0.9.8x.
Reviewed by:	stas
Approved by:	benl (maintainer)
MFC after:	3 days
2012-06-27 18:44:36 +00:00
Bjoern A. Zeeb
071183ef48 Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security:	FreeBSD-SA-12:01.openssl (revised)
Security:	FreeBSD-SA-12:02.crypt
Approved by:	so (bz, simon)
2012-05-30 12:01:28 +00:00
Eitan Adler
2774871bdf Restore the ability to use a non-standard LOCALBASE to sshd
Add the ability to use a non-standard LOCALBASE to ssh

Submitted by:	jhb
Reviewed by:	des
Approved by:	cperciva
MFC after:	0 days (with r233136)
2012-03-24 19:41:43 +00:00
Eitan Adler
57f8914dfa X11BASE is not used any more and has been killed by the x11 team.
Reviewed by:	???
Approved by:	???
MFC after:	3 days
2012-03-19 00:41:40 +00:00
Kevin Lo
19ab58bfe3 Return NULL on error rather than ":", per the crypt(3) man page.
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
2012-02-22 01:23:14 +00:00
Konstantin Belousov
bd4632e6ca Force linker error when created shared library contains a relocation
against text. Provide the override switch to turn off the strict
behaviour. Apparently, openssl libcrypto needs it due to assembler
code not being PIC.

Discussed with:	bf
MFC after:	2 weeks
2011-12-06 11:28:17 +00:00
Eitan Adler
14517324d0 - add a missing "be" and "in"
- fix other errors introduced when committing r226436
- add 'function' to a sentence where it makes sense

Submitted by:	delphij
Submitted by:	dougb
Submitted by:	jhb
Approved by:	dougb
Approved by:	jhb
2011-11-11 22:27:09 +00:00
Eitan Adler
36daf0495a - change "is is" to "is" or "it is"
- change "the the" to "the"

Approved by:	lstewart
Approved by:	sahil (mentor)
MFC after:	3 days
2011-10-16 14:30:28 +00:00
Dag-Erling Smørgrav
e146993e33 Upgrade to OpenSSH 5.9p1.
MFC after:	3 months
2011-10-05 22:08:17 +00:00
Dag-Erling Smørgrav
4a421b6336 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
Dimitry Andric
152e60f2fe Fix some leftover binaries and shared libraries in the system that still
have an executable stack, due to linking in hand-assembled .S or .s
files, that have no .GNU-stack sections:

RWX --- ---  /lib/libcrypto.so.6
RWX --- ---  /lib/libmd.so.5
RWX --- ---  /lib/libz.so.6
RWX --- ---  /lib/libzpool.so.2
RWX --- ---  /usr/lib/liblzma.so.5

These were found using scanelf, from the sysutils/pax-utils port.

Reviewed by:	kib
2011-02-15 22:03:09 +00:00
Simon L. B. Nielsen
c1ecc6cd22 Regenerate manual pages for OpenSSL 0.9.8q. 2010-12-03 23:07:45 +00:00
Simon L. B. Nielsen
b2846bd65d Regenerate manual pages for OpenSSL 0.9.8p. 2010-11-22 18:29:00 +00:00
Rebecca Cran
5512804bb8 Revert changes of 'assure' to 'ensure' made in r211936.
Approved by: rrs (mentor)
2010-09-11 10:49:56 +00:00
Rebecca Cran
e7f8dd75b3 Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
2010-08-28 16:32:01 +00:00
Nathan Whitehorn
b12277d1d4 Repair some build breakage introduced in r211725 and garbage collect some
code made obsolete in the same commit.
2010-08-28 15:03:11 +00:00
Warner Losh
25faff346c MFtbemd:
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.
2010-08-23 22:24:11 +00:00
Will Andrews
4be3feb212 Fix buildworld -DNO_CLEAN when using with Perforce, which marks files as
read-only by default, meaning files copied can't be overwritten next time.

Reviewed by:	imp
Approved by:	ken (mentor)
2010-08-12 20:46:49 +00:00
Jayachandran C.
4ed16d3dff Whitespace fix for last check-in, move empty line to below endif. 2010-08-04 10:46:17 +00:00
Jayachandran C.
a6af87a526 MIPS 64 bit support.
When compiled for MIPS n64 ABI
- DES_LONG should be 'unsigned int'
- BN_LLONG should be undefined
- SIXTY_FOUR_BIT_LONG should be defined.
2010-08-04 10:42:06 +00:00
Nathan Whitehorn
5e1bcd019c OpenSSL configuration for powerpc64
Obtained from:	projects/ppc64
2010-07-10 22:07:48 +00:00
Simon L. B. Nielsen
5f143fdbaf Regenerate manual pages for OpenSSL 0.9.8n. 2010-04-01 15:37:38 +00:00
Simon L. B. Nielsen
3df672379c - Make it slightly simpler to update OpenSSL version information
for regenerating OpenSSL manual pages.
- Explicitly set the OpenSSL release date so manual pages contain
  the date OpenSSL was released and not just the date OpenSSL was
  imported into the FreeBSD base system.
- Update for Makefile for OpenSSL 0.9.8n.
2010-04-01 15:35:29 +00:00
Simon L. B. Nielsen
10deaff4ee Regenerate manual pages for OpenSSL 0.9.8m.
MFC after:	3 weeks
2010-03-13 19:30:29 +00:00
Simon L. B. Nielsen
6a599222bb Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL.  The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after:	3 weeks
2010-03-13 19:22:41 +00:00
Dag-Erling Smørgrav
b911c45c24 Revert r204939 2010-03-10 11:33:15 +00:00
Dag-Erling Smørgrav
e130c2317c Forgot to svn add the Makefile. 2010-03-10 11:05:31 +00:00
Doug Barton
32202de70d Fix the build. The ssh-pkcs11-helper directory is empty, which is
causing confusion.
2010-03-10 02:17:57 +00:00
Dag-Erling Smørgrav
b15c83408c Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
Ruslan Ermilov
38ea91022c (Almost) fixed static linkage. The remaining problem is with
libgssapi.a and libgssapi_krb5.a libraries that define the
same symbols.
2010-02-26 12:12:54 +00:00
Dag-Erling Smørgrav
db5b5f06b1 Fix 'make checkdpadd'
Submitted by:	ru@
2010-02-25 22:44:23 +00:00
Dag-Erling Smørgrav
329a9a116e Remove -static; it was a failed experiment that got committed by accident. 2010-02-25 21:26:50 +00:00
Ed Schouten
daaf575910 Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
Edward Tomasz Napierala
7022a9ebc5 Remove pppd, it's gone. 2009-12-29 20:14:39 +00:00
Dag-Erling Smørgrav
0c56c384d6 Fix globbing
Noticed by:	delphij, David Cornejo <dave@dogwood.com>
Forgotten by:	des
2009-11-10 09:45:43 +00:00
John Baldwin
9144dd07ad Fix a couple of comment typos.
MFC after:	1 week
2009-11-03 18:40:42 +00:00
Dag-Erling Smørgrav
7aee6ffee0 Upgrade to OpenSSH 5.3p1. 2009-10-01 17:12:52 +00:00
Ken Smith
3ca3047aee Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE.  Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by:    kib
Approved by:    re (rwatson)
2009-07-19 17:25:24 +00:00
Colin Percival
7d845dde8d Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by:	scottl (hptrr), gshapiro (sendmail), simon (openssl),
		roberto (ntp), jkim (acpica)
Approved by:	re (kib)
2009-07-11 22:30:37 +00:00
John Baldwin
5d54b264b7 Use the closefrom(2) system call.
Reviewed by:	des
2009-06-16 15:30:10 +00:00
Simon L. B. Nielsen
00c49c7a2d Regenerate manual pages for OpenSSL 0.9.8k. 2009-06-14 19:51:05 +00:00
Simon L. B. Nielsen
6eefed9283 Update build infrastructure for OpenSSL 0.9.8k. 2009-06-14 19:46:18 +00:00
Dag-Erling Smørgrav
cce7d3464f Upgrade to OpenSSH 5.2p1.
MFC after:	3 months
2009-05-22 18:46:28 +00:00
Christian S.J. Peron
25d33e3d81 Enable getaudit_addr(2) for sshd again. This will un-break the subject
BSM audit tokens for IPv6.
2008-11-30 15:35:24 +00:00
Dag-Erling Smørgrav
d4af9e693f Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
2008-08-01 02:48:36 +00:00
Warner Losh
c71665a590 Merge from p4:
Implement openssl config needed for mips.

Submitted by:	gonzo@
Reviewed by:	simon@
2008-07-23 17:38:33 +00:00
Peter Wemm
126f58e813 Add $FreeBSD$ 2008-07-03 03:36:58 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
Kris Kennaway
ac188d74d6 For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade
that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was
hard-wired to the now-wrong location in old releases.

However, both X11BASE and LOCALBASE have moved out of scope of src/
into ports/ now, which causes problems for upgraded users who have old
make.conf files still containing the above setting.  X11BASE becomes
null and we instruct ssh and sshd to look for xauth in /bin/xauth
where it is unlikely to be found.

Instead, provide a copy of the default LOCALBASE?=/usr/local setting
here.

We also have to deal with the case where the user only overrides
LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set
implicitly but not here), which will also move the location of xauth.

MFC after:	 3 days
Reported by:	 rwatson
2008-03-05 20:58:15 +00:00
Ruslan Ermilov
b7498df286 getopt(3) returns -1, not EOF. 2008-02-19 07:09:19 +00:00
Rong-En Fan
27cfc42fc5 - Bump share library version which were missed in last bump
Reported by: 	     jhb
Discussed with:	     deischen, des, doubg, harti
Approved by:	     re (kensmith)
2007-06-18 18:47:54 +00:00
George V. Neville-Neil
559d3390d0 Integrate the Camellia Block Cipher. For more information see RFC 4132
and its bibliography.

Submitted by:   Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after:      1 month
2007-05-09 19:37:02 +00:00
Simon L. B. Nielsen
60f20fcae6 Upgrade to OpenSSL 0.9.8e. 2007-03-15 20:15:15 +00:00
Ruslan Ermilov
5b3dc7cf10 Fix static compilation. 2006-10-07 17:32:05 +00:00
Simon L. B. Nielsen
6d08f20507 Upgrade to OpenSSL 0.9.8d. 2006-10-01 07:56:51 +00:00
Dag-Erling Smørgrav
bb79c11d8a Update for OpenSSH 4.4p1.
MFC after:	1 week
2006-09-30 13:41:26 +00:00
Ruslan Ermilov
2b46c64c9c Remove alpha left-overs. 2006-08-22 08:03:01 +00:00
Simon L. B. Nielsen
e7926dc0a5 Upgrade to OpenSSL 0.9.8b. 2006-07-29 19:41:41 +00:00
Simon L. B. Nielsen
af7ca25b1e Enable DSO (Dynamic Shared Object) support. This makes it possible
for OpenSSL to load engines run-time, e.g. for using the opensc
engine port.

The OpenSSL Configure script enables DSO support on FreeBSD by
default, we just don't use the Configure script during OpenSSL builds
in the base system.

This is committed to -CURRENT now (before OpenSSL 0.9.8b import), so
it can be tested at bit in -CURRENT before being MFC'ed to 6-STABLE.

Prodded by:	ale
PR:		bin/79570
MFC after:	1 week
2006-07-17 11:47:35 +00:00
Dag-Erling Smørgrav
9fd9594daf Add a manual dependency on ssh_namespace.h.
Discussed with:	ru
2006-05-13 21:38:16 +00:00
Dag-Erling Smørgrav
ed22e27d8a Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
2006-05-13 13:47:45 +00:00
Ruslan Ermilov
6dd8b8288a Clean generated headers. 2006-04-10 08:47:18 +00:00
Dag-Erling Smørgrav
6a75ff16ed Add port-tun.c. 2006-03-22 20:42:05 +00:00
Ruslan Ermilov
fcaa466865 Provide alternate default for SHLIBDIR before bsd.own.mk does this.
Reported by:	phk
2006-03-18 11:01:06 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Christian S.J. Peron
d57d58dac4 Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support
have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into
build conditionally.

For users which do not care for audit support and do not want to compile
it into their SSH servers, add the following to the /etc/make.conf:

	NO_AUDIT=true

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
2006-02-12 07:19:45 +00:00
Doug Rabson
c0b9f4fe65 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
Ruslan Ermilov
c1c28da069 Revert last revision by phk@, it's redundant since bsd.incs.mk
already handles this, FWIW.
2005-11-19 07:04:17 +00:00
Dag-Erling Smørgrav
725f8b7693 Update for OpenSSH 4.2p1. 2005-09-03 07:10:33 +00:00
Poul-Henning Kamp
f06e2f8233 Don't install includes if NO_TOOLCHAIN 2005-08-03 09:18:59 +00:00
Ken Smith
a84020c2b9 Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
Dag-Erling Smørgrav
40e0db94af Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by:	ru
2005-06-07 09:31:28 +00:00
Dag-Erling Smørgrav
32f80c77d0 Make libssh an INTERNALLIB like it is in {Net,Open}BSD. 2005-06-06 16:13:07 +00:00
Dag-Erling Smørgrav
015bad3598 Update for OpenSSH 4.1p1. 2005-06-05 15:47:07 +00:00
Jacques Vidrine
d6608aaa6e Update OpenSSL 0.9.7d -> 0.9.7e. 2005-02-25 06:04:12 +00:00
Ruslan Ermilov
e7b3b699a2 Define PLATFORM correctly when cross-building. 2005-02-16 20:55:47 +00:00
Ruslan Ermilov
ca78f10352 Sync program's usage() with manpage's SYNOPSIS. 2005-02-10 14:47:06 +00:00
Diomidis Spinellis
a13476cc13 Correctly hide the command arguments.
PR:		bin/76374
MFC after:	2 weeks
2005-01-17 21:46:13 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
ab7a294721 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
Ruslan Ermilov
f1f6253f4f NOLIBC_R -> NO_LIBC_R
NOLIBPTHREAD -> NO_LIBPTHREAD
NOLIBTHR -> NO_LIBTHR
2004-12-21 09:00:26 +00:00
Dag-Erling Smørgrav
5ba618aa27 Update for OpenSSH 3.9p1. 2004-10-28 16:04:23 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Mark Murray
1f9bb6cd25 Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes
from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
2004-08-14 13:38:35 +00:00
Colin Percival
d37df47d31 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
Olivier Houchard
59315819d5 Import the openssl conf for arm. 2004-05-14 12:26:51 +00:00
Ruslan Ermilov
1116791977 Record the libssl.so dependency on libcrypto.so. This should
help some ports that depend on libradius that recently gained
the dependency on libssl.  This is also how the stock OpenSSL
build would link libssl.so on FreeBSD.

Prompted by:	kris
OK'ed by:	markm, nectar
2004-05-13 07:51:47 +00:00
Marcel Moolenaar
a1cd6de6a6 Fix release builds (release.3 target). We also need to rebuild libradius,
because otherwise it will remain having a dependency upon libssl. This
breaks the non-crypto build that happens for release.3

While here, order the list of programs and libraries.

Speculating review feedback from: ru
2004-05-02 17:38:27 +00:00
Ruslan Ermilov
1f2cef4790 Turn MAKE_IDEA into a true "bool" type variable, as documented in
the make.conf(5) manpage.

PR:		conf/65738
OK'ed by:	markm
2004-04-19 11:35:15 +00:00
Peter Wemm
d901a5218e Turn on the amd64-specific bignum code in openssl. This is actually
a variant of the C code but with some scattered asm and things laid out
more optimally for the platform.  This means that we need to the asm
directory to the search path for the amd64 case so that make can find
the source.
2004-04-14 23:26:26 +00:00
David Malone
8a56b12482 Remove the -pthread from the last commit, as OpenSSL doesn't actually
call any pthread functions as we use compile it. We keep the
-DOPENSSL_THREADS, which stops OpenSSL doing thread-unsafe stuff.

Requested by:	ru
2004-03-30 21:04:04 +00:00
David Malone
1251855f52 Build OpenSSL so that it extects that is may be used in a threaded
environment. This stops some ports keeling over on an OpenSSL assert.
(The patch is not exactly the one from the PR, but has been refined
based on advice from freebsd-threads.)

PR:		51205
Submitted by:	Jim Westfall <jwestfall@surrealistic.net>
MFC after:	1 month
2004-03-30 11:30:02 +00:00
Mark Murray
f3d90904b0 Re-add the hand-optimised assembler versions of some of the ciphers
to the build.

Should have done this ages ago:	markm
Reminded above to do this:	peter
2004-03-23 08:32:29 +00:00
Jacques Vidrine
03886b3681 Update manual pages for OpenSSL 0.9.7d. 2004-03-17 16:15:46 +00:00
Dag-Erling Smørgrav
40dd33e888 Update for 3.8p1, including workaround for a bug in gss-genr.c. 2004-02-26 11:26:46 +00:00
Johan Karlsson
604d24db95 style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
Ruslan Ermilov
9ee9ecea00 Use the default threading library if requested.
Reviewed by:	des, deischen
2004-02-07 08:23:48 +00:00
Ruslan Ermilov
47d7e8a96f Fixed style of DPADD and LDADD assignments as per style.Makefile(5). 2004-02-05 22:44:25 +00:00
Ruslan Ermilov
526f81a883 - Removed libmd from the Kerberos library set.
- Removed libopie and libmd; libopie used to serve auth-skey.c
  which is compiled now only to ease maintenance, as well as
  a few other auth-*.c sources.

Reviewed by:	des
2004-02-02 22:00:35 +00:00
Ruslan Ermilov
640e686c42 Added two utility targets "secure" and "insecure", analogous to
"kerberize" and "dekerberize" in kerberos5/Makefile.  These can
be used to recompile bits with optional crypto support with and
without crypto, respectively.

Reviewed by:	markm
2004-01-18 07:44:53 +00:00
Ruslan Ermilov
90165ba56f Once upon a time we had both "crypto" and "krb5" distributions,
and rebuilt some bits with crypto but without Kerberos support
(most notably SSH) during "make release", to put them into the
"crypto" distribution.

Now that we don't ship the separate "krb5" distribution anymore
(it's now part of the "crypto" distribuion), don't waste time
recompiling SSH bits without crypto and without Kerberos support
in an attempt to put them in the "base" distribution -- it just
doesn't work as SSH always uses crypto code.

We avoid this by not rebuilding KPROGS from kerberos5/Makefile in
release/Makefile and adding "libpam" to SPROGS in secure/Makefile
to ensure it's still rebuilt without crypto support for the "base"
distribution.  (Disabling crypto (NOCRYPT) also disables building
of Kerberos-related PAM modules, and it's OK to depend on this.)

This should be a no-op change saving some "make release" time.
2004-01-17 19:22:36 +00:00
Ruslan Ermilov
d82881651b - Properly build both crypto and non-crypto versions of the
package management tools.

- Drop redundant dependency of pkg_create(1) and pkg_delete(1)
  on crypto libraries now that they do not link with libfetch.
2004-01-17 13:41:16 +00:00
Ruslan Ermilov
0ad21c4f14 Removed well outdated comment. 2004-01-17 03:12:46 +00:00
Ruslan Ermilov
9387ab35e7 Cosmetics: rearrange the dependency list to match that of ssh and sshd.
Reviewed by:	des
2004-01-08 11:41:02 +00:00
Ruslan Ermilov
e1542a4058 Fixed static linkage.
Reviewed by:	des
2004-01-08 11:40:19 +00:00
Dag-Erling Smørgrav
e7ffa415e8 Use += instead of = with DPADD / LDADD. 2004-01-08 09:50:56 +00:00
Dag-Erling Smørgrav
9f80be8e3d Enable GSSAPI support. [1]
Also remove some duplicates from ssh's SRCS.

Submitted by:	[1] Björn Grönvall <bg@sics.se>
2004-01-08 09:05:24 +00:00
Dag-Erling Smørgrav
3b7f13a03b Previous commit erroneously listed some sources with .o suffixes. 2004-01-07 11:59:52 +00:00
Dag-Erling Smørgrav
a04e3d6c30 Update Makefiles for OpenSSH 3.7.1p2. 2004-01-07 11:17:23 +00:00
Gordon Tetlow
c45db69312 Explicitly add libz and libcrypto to LDADD for any ssh utilities missing
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.

I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.

Reviewed by:	des
2003-08-19 07:45:03 +00:00
Gordon Tetlow
41d8423f71 Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
2003-08-17 08:28:46 +00:00
Mark Murray
4afa371832 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
Ruslan Ermilov
55c90a95a4 Fixed "make checkdpadd".
OK'ed by:	markm
2003-07-02 23:38:42 +00:00
Mark Murray
8027fe397a Fix for the NO_OPENSSL case.
Reported by:	Marius Strobl <marius@alchemy.franken.de>
2003-06-08 08:24:07 +00:00
Mark Murray
75e936f168 Drop this MAINTAINER bit. I'll reclaim an "Advisory Maintainership"
for this area later.
2003-06-04 16:10:20 +00:00
Mark Murray
485721b25e I'm now happy that this is no longer needed. Libcrypto has
all its functionality, and all its consumers have been converted.
2003-06-04 15:26:34 +00:00
Mark Murray
e4a3b084f9 Disconnect libcipher from the build. It only does DES, and we already
have libcrypto to do that. Both consumers of this lib have been
converted to use libcrypto. (bin/ed and secure/usr.bin/bdes).
2003-06-02 20:03:32 +00:00
Mark Murray
c8fa8e25d7 Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.
2003-06-02 19:17:24 +00:00
Mark Murray
af91929794 Modernise. Use libcrypto instead of libcipher for DES. 2003-06-02 19:10:59 +00:00
David E. O'Brien
631a2b1ed8 Ugg, wrong version.
CSTD=gnu89, c89 wont do.
2003-06-01 23:39:16 +00:00
David E. O'Brien
90f6678b64 This isn't C99 clean. 2003-06-01 23:37:46 +00:00
Mark Murray
dbf104e68d Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
Mark Murray
59199aeb7e We no longer have a separate kerberos distribution. Its now just
part of the regular security dist.
2003-04-30 17:46:24 +00:00
Ruslan Ermilov
f7fa0cbd70 The including makefile's directory is tried first for .include "...". 2003-04-30 07:54:39 +00:00
Ruslan Ermilov
6402d39a2b Most things depend on !defined(NO_OPENSSL); make it look so. 2003-04-30 07:51:51 +00:00
Ruslan Ermilov
bce0c9275c NOSECURE is implied by NOCRYPT, meaning if the latter is defined
we won't be here.
2003-04-30 07:34:14 +00:00
Dag-Erling Smørgrav
581ff5e326 Remove Kerberos IV shims. 2003-04-23 17:26:01 +00:00
Dag-Erling Smørgrav
d8b043c8d4 Update for 3.6.1p1; also remove Kerberos IV shims. 2003-04-23 17:25:47 +00:00
Bruce Evans
d76abd2739 Silence `make -s' (echo -> ${ECHO}). 2003-04-13 14:13:28 +00:00
Ruslan Ermilov
6c4e523908 libtelnet depends on OpenSSL.
PR:	50507
2003-04-01 12:50:40 +00:00
Philippe Charnier
45ebb0c103 The .Nm utility 2003-03-24 16:09:07 +00:00
David E. O'Brien
a6c3fa5b5f Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f'
doesn't need to be prefixed with '-'.  Keep the pointy hat for myself
for not reading the code closely.
2003-03-11 17:19:37 +00:00
David E. O'Brien
167cec7565 Don't error out the build if removing a "stale" symlink fails.
Pointy hat for breaking my installworld:	nectar
2003-03-10 19:43:56 +00:00
Mike Makonnen
a5c21394e3 Fix mixed up arguments passed to a locally defined err(int, char *)
function.

Approved by:	markm (mentor)
Submitted by:	till toenges <tt@mail.isis.de>
PR:		bin/48963
2003-03-07 16:00:55 +00:00
Ruslan Ermilov
aa1cd79b7f Handle includes the normal way.
Reviewed by:	markm
Approved by:	nectar
2003-02-27 23:07:26 +00:00
Jacques Vidrine
b7d18f9a8a Regenerate man pages after import of OpenSSL 0.9.7a. 2003-02-19 23:30:52 +00:00
Jacques Vidrine
c819173716 LIBDIR/INCLUDEDIR do not include DESTDIR.
Reported by:	Andrzej Tobola <san@iem.pw.edu.pl>
2003-02-18 17:29:04 +00:00
Jacques Vidrine
ba5637c376 Follow-up to previous commit: we had a des.h symlink, too. Remove
that.
2003-02-18 16:07:33 +00:00
Jacques Vidrine
419b10b514 Previously, libcrypto contained symbols that were identical to EAY
libdes, and functionally close enough so that we created symlinks
(libdes -> libcrypto) to help older applications.  With the import of
OpenSSL 0.9.7, this is no longer true and we no longer install these
symlinks.  However, systems that are upgraded may have these symlinks,
which could cause non-obvious breakage at build-time.  Therefore, blow
any old symlinks away in the `afterinstall' target.
2003-02-18 14:23:11 +00:00
Jacques Vidrine
715430f81d Correct path for finding asm-generating files. 2003-02-14 12:25:00 +00:00
Jacques Vidrine
6042ca2e01 Install the OpenSSL man pages in /usr/share/openssl/man
and remove the WANT_OPENSSL_MANPAGES knob.
2003-02-10 19:57:56 +00:00
Jacques Vidrine
a097def45b Do not define OPENSSL_NO_KRB5 here in CFLAGS. It is handled in
opensslconf.h.

Reminded by:	reports from des, obrien
2003-02-09 14:59:56 +00:00
Jacques Vidrine
5654cc45c0 Re-add WANT_OPENSSL_MANPAGES knob.
Noticed by:	ru
2003-01-31 11:30:38 +00:00
Jacques Vidrine
4b2eaea43f Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
 interfaces that the former implemented but the latter did not.  Because
 some software in the base system still depended upon these interfaces,
 we simply included them in our libcrypto (rnd_keys.c).

Now, finally get around to removing the dependencies on these
interfaces.  There were basically two cases:

  des_new_random_key -- This is just a wrapper for des_random_key, and
     these calls were replaced.

  des_init_random_number_generator et. al. -- A few functions were used
     by the application to seed libdes's PRNG.  These are not necessary
     when using libcrypto, as OpenSSL internally seeds the PRNG from
     /dev/random.  These calls were simply removed.

Again, some of the Kerberos 4 files have been taken off the vendor
branch.  I do not expect there to be future imports of KTH Kerberos 4.
2003-01-29 18:14:29 +00:00
Jacques Vidrine
1db5309254 Re-add WANT_OPENSSL_MANPAGES knob. 2003-01-29 13:35:40 +00:00
Peter Wemm
0e46522662 Hopefully fix world for folks not compiling IDEA (the default).
NO_IDEA is now spelled OPENSSL_NO_IDEA.  Update the bmake glue accordingly
or the IDEA references are not stripped from <openssl/evp.h>
2003-01-29 02:19:15 +00:00
Jacques Vidrine
a01bf47081 Force OPENSSL_NO_KRB5. OpenSSL's current implementation of RFC 2712
can only be built with MIT Kerberos.

If we didn't define this here, then SSL-using applications would have
to define OPENSSL_NO_KRB5 themselves in order to build.
2003-01-29 01:06:15 +00:00
Mark Murray
ab643b4d66 Update for OpenSSL 0.9.7. No assembler code at the moment. This
will follow.
2003-01-28 22:58:14 +00:00
Dag-Erling Smørgrav
2f34cbe564 ia64 and sparc64 both have libc_r now. 2003-01-09 08:36:05 +00:00
Dag-Erling Smørgrav
11025839d5 Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need.
Use pthreads for PAM if the platform supports it and the user asked for it
(by setting OPENSSH_USE_POSIX_THREADS)

Sponsored by:	DARPA, NAI Labs
2002-12-14 13:54:57 +00:00
Kris Kennaway
c55ae80a58 Remove myself as maintainer of openssl; I no longer have enough time to
devote to it.
2002-11-21 08:48:08 +00:00
Ruslan Ermilov
7d96ca40e6 DON'T EVER PUT THIS BACK!
Pointy hat to:	obrien
2002-11-08 12:47:51 +00:00
David E. O'Brien
dcb2279368 Style sync with rest of FreeBSD. 2002-11-06 22:54:58 +00:00
Dag-Erling Smørgrav
4d56bc2300 Update for OpenSSH 3.5p1. 2002-10-29 10:18:00 +00:00
Mark Murray
88eede7915 Don't lint contrib'ed sources, even if the builder has asked for linting.
Its Just Too Noisy.
2002-09-25 09:58:00 +00:00
Ruslan Ermilov
47fae43eab Bandaid for a broken world. The real fix is somewhat more
complicated and will be sent for a review.
2002-09-20 12:33:19 +00:00
Ruslan Ermilov
cbf5496382 Added the missing dependencies for openssl/ headers. 2002-09-19 13:24:27 +00:00
Jacques Vidrine
6e44c1a6e4 Use uint32_t' instead of unsigned long', since the code assumes 32-bit
arithmetic.

Reviewed by:	make test

The fact that bdes(1) didn't work was
Reported by:	Fred Clift <fclift@verio.net>
2002-08-24 02:53:23 +00:00
Jacques Vidrine
9ea8ab8314 Update list of installed manual pages after regenerating them. 2002-07-30 14:47:24 +00:00
Jacques Vidrine
d9b11086b0 Import the regenerated OpenSSL man pages after import of OpenSSL 0.9.6e. 2002-07-30 14:34:51 +00:00
Jacques Vidrine
2488110620 Update to match reality (i.e. reference libcrypto headers and
libraries, not the no-longer-existent libdes).
2002-07-30 12:53:15 +00:00
Ruslan Ermilov
dad7ed015c s,/usr/include,${INCLUDEDIR}, 2002-07-22 10:59:22 +00:00
Ruslan Ermilov
11fdc8a318 Removed the (never used) help-distribute target from here.
(Similar targets were once used during the release building
process for kerberosIV and kerberos5.)
2002-07-11 13:31:52 +00:00
Dag-Erling Smørgrav
81d858170e ssh-keysign(8) belongs in /usr/libexec, not in /usr/bin, and needs to be
setuid so ssh(1) doesn't have to be.

Pointy hat to:	des
Submitted by:	Katsuyuki TATEISHI <katsu@iec.hiroshima-u.ac.jp>
2002-07-05 08:39:09 +00:00
Dag-Erling Smørgrav
7fba17037d Switch over to 3.4p1. 2002-06-29 12:16:50 +00:00
Dag-Erling Smørgrav
f0b56c5c7e No guts, no glory. Switch to OpenSSH-portable.
Sponsored by:	DARPA, NAI Labs
2002-06-25 19:10:09 +00:00
Dag-Erling Smørgrav
360c9f6a02 My previous style commits weren't entirely right. Fix some bugs I
introduced, and a few more I hadn't yet fixed.

Submitted by:	bde
2002-06-24 12:32:30 +00:00
Dag-Erling Smørgrav
16c52d154b Previous commit made no sense. 2002-06-24 10:17:26 +00:00
Dag-Erling Smørgrav
dca1f43686 Fix style and unbreal static build. 2002-06-24 10:16:38 +00:00
Dag-Erling Smørgrav
8d024c6627 Install the new man pages. 2002-06-23 21:43:43 +00:00
Dag-Erling Smørgrav
fd9fc3f0c2 Update Makefiles for OpenSSH 3.3. 2002-06-23 16:09:29 +00:00
Ruslan Ermilov
072f6798f8 Make NO_OPENSSL actually imply NO_OPENSSH, as documented in make.conf(5). 2002-06-21 08:54:03 +00:00
David E. O'Brien
49b60543d7 for OpenSSL 0.9.5a 2002-05-15 09:17:27 +00:00
Mark Murray
01e8018af8 Build using pregenerated manpages; don't use perl to translate .pod's.
The translated .pod's have already been committed.
2002-05-14 19:39:00 +00:00
Mark Murray
3daf4cff10 As the perl-generated assembler files have been committed, add the
perl-generated (.pod) manual pages too. This is another nail in the
perl5 coffin (for base perl, not the port or the language in general).
2002-05-14 16:06:50 +00:00
Ruslan Ermilov
46f8fdc34e Removed now unused INTERNALSTATICLIB.
INTERNALLIB now implies NOPIC and NOPROFILE.
Removed gratuitous NOMAN.
2002-05-13 11:09:07 +00:00
Ruslan Ermilov
c7b111cba8 Added new bsd.incs.mk which handles installing of header files
via INCS.  Implemented INCSLINKS (equivalent to SYMLINKS) to
handle symlinking include files.  Allow for multiple groups of
include files to be installed, with the powerful INCSGROUPS knob.
Documentation to follow.

Added standard `includes' and `incsinstall' targets, use them
in Makefile.inc1.  Headers from the following makefiles were
not installed before (during `includes' in Makefile.inc1):

	kerberos5/lib/libtelnet/Makefile
	lib/libbz2/Makefile
	lib/libdevinfo/Makefile
	lib/libform/Makefile
	lib/libisc/Makefile
	lib/libmenu/Makefile
	lib/libmilter/Makefile
	lib/libpanel/Makefile

Replaced all `beforeinstall' targets for installing includes
with the INCS stuff.

Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS,
and for compatibility with NetBSD.  Similarly for INCOWN, INCGRP,
and INCMODE.

Consistently use INCLUDEDIR instead of /usr/include.

gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes
were only lightly tested due to the missing contrib/libstdc++-v3.
I fully tested the pre-WIP_GCC31 version of this patch with the
contrib/libstdc++.295 stuff.

These changes have been tested on i386 with the -DNO_WERROR "make
world" and "make release".
2002-05-12 16:01:00 +00:00
Peter Wemm
81fb684cc3 Pre-generate the optimized x86 crypto code and check it in rather than
depending on perl at build time.  Makefile.asm is a helper for after the
next import.

With my cvs@ hat on, the relatively small repo cost of this is acceptable,
especially given that we have other (much bigger) things like
lib*.so.gz.uu checked in under src/lib/compat/*.

Reviewed by:	kris (maintainer)
2002-05-03 00:14:39 +00:00
Ruslan Ermilov
6bde859f40 Milestone #1 in cross-arch make releases.
Do not install games and profiled libraries to the ${CHROOTDIR}
with the initial installworld.

Eliminate the need in the second installworld.  For that, make sure
_everything_ is built in the "world" environment, using the right
tool chain.

Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1.  Split the
buildworld process into stages, and skip some stages when
SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5
dists).

Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running
makewhatis(1) at the end of installworld (used when making crypto,
krb4, and krb5 dists).

In release/scripts/doFS.sh, ensure that the correct boot blocks are
used.

Moved the creation of the "crypto" dist from release.5 to
release.2.

In release.3 and doMFSKERN, build kernels in the "world"
environment.  KERNELS now means "additional" kernels, GENERIC is
always built.

Ensure we build crunched binaries in the "world" environment.
Obfuscate release/Makefile some more (WMAKEENV) to achieve this.

Inline createBOOTMFS target.

Use already built GENERIC kernel modules to augment mfsfd's
/stand/modules.  GC doMODULES as such.

Assorted fixes:

Get rid of the "afterdistribute" target by moving the single use
of it from sys/Makefile to etc/Makefile's "distribute".

Makefile.inc1: apparently "etc" no longer needs to be last for
"distribute" to succeed.

gnu/usr.bin/perl/library/Makefile.inc: do not override the
"install" and "distribute" targets, do it the "canonical" way.

release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and
catpages appear in the right dists.  Note that because Perl does
not respect the MANBUILDCAT (and NOMAN), this results in a loss of
/usr/share/perl/man/cat* empty directories.  This will be fixed
soon.

Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it
means "make KerberosIV"), as documented in the make.conf(5)
manpage.  Most of the userland makefiles did not test it for "YES"
anyway.

XXX Should specialized kerberized libpam versions be included into
the krb4 and krb5 dists?  (libpam.a would be incorrect anyway if
both krb4 and krb5 dists were choosen.)

Make sure "games" dist is made before "catpages", otherwise games
catpages settle in the wrong dist.

Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
2002-04-26 17:55:27 +00:00
Ruslan Ermilov
191ca0354f The library itself does not depend on Kerberos bits.
Otherwise, we would have broken krb4 and krb5 dists.
2002-04-23 11:33:29 +00:00
Ruslan Ermilov
2735cfee64 Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation.  Reduces diffs to OpenSSH.)

Reviewed by:	bde
2002-03-26 12:52:28 +00:00
Dag-Erling Smørgrav
de11a611b5 Install headers with -C. Ideally, these Makefiles should not need to
override the beforeinstall target at all, but this has proven difficult
to achieve.
2002-03-23 18:01:01 +00:00
Dag-Erling Smørgrav
da4dc1eeb5 Use PAM instead of S/Key (or OPIE) for SSH2.
Sponsored by:	DARPA, NAI Labs
2002-03-21 12:18:27 +00:00
Dag-Erling Smørgrav
3876d839e5 Don't forget auth-skey.c. 2002-03-18 16:17:57 +00:00
Dag-Erling Smørgrav
8f7701469e Adjust for OpenSSH 3.1.
Sponsored by:	DARPA, NAI Labs
2002-03-18 10:20:33 +00:00
Bruce Evans
bb791077c7 Fixed some style bugs. Mainly, don't use ${.ALLSRC} in implicit rules.
This change should have been in rev.1.37.
2002-03-17 09:53:21 +00:00
Mark Murray
aee10446c1 Use NO_PERL as well as NOPERL. The latter is going to (eventually) go. 2002-03-16 15:12:13 +00:00
Mark Murray
f2ac424af7 No functional change, but big code cleanup. WARNS, lint(1) and style(9). 2002-03-06 17:18:09 +00:00
Mike Barcroft
fd8e4ebc8c o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
  source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
  Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
  POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
  and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
  complexities associated with having MD (asm and inline) versions, and
  having to prevent exposure of these functions in other headers that
  happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
  third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on:	alpha, i386
Reviewed by:	bde, jake, tmm
2002-02-18 20:35:27 +00:00
Ruslan Ermilov
e47a40e7f7 Now that cross-tools ld(1) has been fixed to look for dynamic
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by:	markm
2002-02-08 13:42:58 +00:00
Kris Kennaway
8bf216d4a3 Set WFORMAT=0, overlooked in previous commits to libexec/.
Reported by:	jhay
2002-02-06 11:07:55 +00:00
Kris Kennaway
3bf31598f8 Update list of manpages 2002-01-27 03:36:57 +00:00
Ruslan Ermilov
0509dca0c3 Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:54:17 +00:00
Mark Murray
f3c99bd05e Clean up makefiles, and turn on WARNS=2. Take into account the telnet
#if cleanup.
2001-11-30 21:10:58 +00:00
Jake Burkholder
e12e1f3baf Opensslconf for sparc64. Just a copy of the alpha one for now.
Approved by:	kkenn (maintainer)
2001-11-18 20:58:19 +00:00
Mark Murray
fa293fd48d Install libssh and libssh_pic. These are needed when building
statically, and when building things (like login(8)) standalone.
libssh_pic is needed for libpam and modules.

Requested by:	peter
2001-10-30 19:45:00 +00:00
Peter Wemm
68344a9547 __FBSDID() (second half of src/lib/libcrypt changes) 2001-10-23 10:23:32 +00:00
Peter Wemm
a731d80743 Argh! Shoot me! (add closing */ after $FreeBSD$ ) 2001-10-22 09:54:17 +00:00
Peter Wemm
a4476fcc22 Add an ia64 configuration. This is not likely to be optimal, but does
compile and seems to work.  We should run configure after everything
else is self hosting to test the speeds of the various options.
2001-10-10 19:07:31 +00:00
Peter Wemm
cabacc4a0a Sync this file up with its i386 brother. This appears to have been missed
when 0.9.5a was imported.

Approved by:	kris
2001-10-09 01:28:15 +00:00
Ruslan Ermilov
32eef9aeb1 mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
Ruslan Ermilov
4448c79e47 Fix cross-building, etc:
1.  To cross-build, one now needs to set TARGET_ARCH, and not the
    MACHINE_ARCH.  MACHINE_ARCH should never be changed manually!

2.  Initialize DESTDIR= explicitly for bootstrap-tools, build-tools,
    and cross-tools stages.  This fixes broken header and library
    dependencies problem.  We build them in the host environment,
    and obviously want them to depend on host headers and libraries.
    The problem with broken header dependencies for bootstrap-tools
    and cross-tools was already partially solved (see BOOTSTRAPPING
    tests in bsd.prog.mk and bsd.lib.mk), but it was still there for
    build-tools if the user ran "make world DESTDIR=/foo".  Also,
    for all of these stages, the library dependencies were broken
    because of how bsd.libnames.mk define DPADD members.

    We still provide a glue to install bootstrap- and cross-tools
    under the ${WORLDTMP}.

    Removed PATH overrides for bootstrap-, build-, and cross-tools
    stages.  There is just no reason why we would need to override
    it, and the hacks to clean up the ${WORLDTMP} in the -DNOCLEAN
    case are no longer needed with fixes from this step.

    That is, we now never use ${WORLDTMP} headers and libraries,
    and we don't use any ${WORLDTMP} installed binaries during
    these stages.  Again, these stages depend solely on the host
    environment, including compiler, headers, and libraries.

3.  Moved "miniperl" back from cross-tools (it has nothing to do
    with a cross-compiler) to build-tools where it belongs.  The
    change from step 1 let to do this.  Also, to make this work,
    build-tools targets of "cc_tools" and "miniperl" were modified
    to call "depend".  Here follow the detailed explanations.

    There are two categories of build tools, for now.  In the first
    category there are "cc_tools" and "miniperl".  They occupy the
    whole (sub)directory, and nothing needs to be done in this
    subdirectory later during the "all" stage.  They are also
    constructed using system makefiles.  We must build the .depend
    early in the build-tools stage because:

    1)  They use (and depend on) the host environment.

    2)  If we don't do this in build-tools, the "depend" stage of
        buildworld will do this for us; wrong library and header
        dependencies will be recorded (DESTDIR=${WORLDTMP}) and,
        what's worse, the "all" stage may then clobber the
        build-architecture format tools (that we built in the
        build-tools stage) with the target-architecture format
        ones, breaking cross build.

    In the second category there are all other build-tools.  They
    share their directory with the "main" module that needs them
    in the "all" stage, and they don't show up themselves in the
    .depend file.  The portion of this fix was already committed
    in gnu/usr.bin/cc/cc_tools/Makefile,v 1.52.

4.  "libperl" is no longer a build tool, and "miniperl" is the
    stand-alone application.  I had to make this change because
    build-tools and "all" stages share the same object directory.
    Without this change, if we cross compile, libperl.a is first
    built for the build architecture during the build-tools stage
    (for the purposes of immediate linkage with "miniperl").
    Later on, the "all" stage sees this library as up-to-date,
    and doesn't rebuild it.  The effect is that the wrong format
    static libperl library is installed with installworld.

5.  Fixed "includes" to install secure/lib/libtelnet headers if
    required.

Reviewed by:	bde
2001-09-29 13:17:54 +00:00
Bruce Evans
049015c264 Fixed world breakage in rev.1.13. -lpam must never be used directly since
it doesn't work for static linkage.
2001-08-29 07:07:48 +00:00
Mark Murray
7c5a3600ab Diff reduce all the crypto telnet Makefiles. 2001-08-20 12:32:45 +00:00
Ruslan Ermilov
d013e3f544 mdoc(7) police: s/NetBSD/.Nx/ where appropriate. 2001-08-13 17:00:36 +00:00
Ruslan Ermilov
94ba280c59 mdoc(7) police: join split punctuation to macro calls. 2001-08-10 17:35:21 +00:00
Bruce Evans
ea36b96388 Link to libcipher in the usual way. `bdes' depended on a nonexistent
library.  This only worked because of the undocmented feature of make(1)
that targets named foo.a are always up to date.

Fixed some style bugs.
2001-08-03 22:28:25 +00:00
Mark Murray
563df95270 Revamp and diff-reduce the various secure telnets. Make sure that
Kerberos5 has _a_ telnet (which is not currently K5 enabled).
Incorporate BDE's static linking fixes.
2001-08-03 16:03:26 +00:00
Bruce Evans
4c05509cd0 Fixed world breakage when NOSHARED=yes. libmp now depends on libcrypto,
so it must be linked before libcrypto to work right.
2001-07-30 14:36:19 +00:00
Ruslan Ermilov
f091f0029a Added missing DPADD and CLEANFILES. 2001-07-12 09:17:51 +00:00
Ruslan Ermilov
9fe48c6e8d mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
Kris Kennaway
d6580eb1a8 Remove stale file. 2001-07-04 21:27:10 +00:00
Brian Feldman
e7edf5a116 Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
Kris Kennaway
a3ea7e2448 Update for OpenSSL 0.9.6a
MFC after:	2 weeks
2001-05-20 03:43:14 +00:00
Bruce Evans
e2413c56ed Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the libraries necessary for static linkage.

Fixed missing ${LIBPAM} in DPADD.

Fixed some style bugs in DPADD and LDADD.
2001-05-09 14:30:49 +00:00
Bruce Evans
f61dcf5281 Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the lbraries necessary for static linkage.

Fixed new and old bugs in DPADD.  ${LIBPAM} was missing, and the
library order was different from that in LDADD so `make checkdpadd'
reported a non-bug.
2001-05-09 14:23:54 +00:00
Nick Sayer
76235b992b Add PAM support to SRA authentication. Cribbed mostly from ftpd. This
doesn't solve the problem of root being allowed to log in, but that sort
of thing is something PAM should be doing anyway.
2001-05-07 20:38:39 +00:00
Brian Feldman
d70e08c642 Update to OpenSSH 2.9. Somehow this missed getting committed yesterday. 2001-05-04 23:55:18 +00:00
Brian Feldman
9513e1a83d Don't build with Kerberos 5 support for now. I'll fix this soon,
but I don't want to break Kerberos 5 users' worlds too much in the
meantime.
2001-05-04 05:07:43 +00:00
Brian Feldman
d350064e0b Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new
programs are now included: sftp(1) and ssh-keyscan(1).
2001-05-04 04:21:25 +00:00
Brian Feldman
718acf91af Add the new version.c to libssh. 2001-05-03 00:45:03 +00:00
Nick Sayer
6a1fe28e41 Reactivate SRA.
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00