Commit Graph

306 Commits

Author SHA1 Message Date
gshapiro
c87c01266a Given that sendmail's STARTTLS support requires OpenSSL and the bootstrap
issues that brings, build the non-TLS version of sendmail in
src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail.
This allows the TLS version to be part of the secure distribution when
building a release.
2000-10-13 03:20:43 +00:00
gshapiro
9feaadf365 Remove STARTTLS support as it breaks builds without crypto installed.
Waiting to hear back regarding the best way to do this.
2000-10-12 17:04:32 +00:00
peter
fcb6e94f11 With apoligies to Greg Shapiro, fix the world. The previous commit
lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than
appending to them with +=.
2000-10-11 12:19:42 +00:00
gshapiro
e0b2de2c8f Style fixes 2000-10-11 05:04:21 +00:00
gshapiro
e5336b1b20 NOCRYPT imples NO_OPENSSL.
Still need to solve the distribution problem.

Submitted by:	kris
2000-10-11 03:35:32 +00:00
gshapiro
a8f95eb1e9 Build sendmail with STARTTLS support unless NO_OPENSSL is set. 2000-10-10 18:15:41 +00:00
kris
e785331769 Overhaul of the build-time include file generation. Don't break in evp.h
if bootstrapping from a system on which the openssl headers are not
already present.
2000-09-17 06:45:27 +00:00
gshapiro
1f7ac54fbd Give users a way to alter the sendmail (and related utilities) build
environment so they can enable functionality such as SASL, LDAP, Hesiod.
2000-09-17 00:41:33 +00:00
kris
8d2aad5ae9 Only build sftp-server conditionally 2000-09-16 22:43:00 +00:00
ache
ec0b442175 Add sftp-server 2000-09-15 01:04:32 +00:00
gshapiro
07746c099a Allow users to add libraries for sendmail (e.g. Cyrus SASL)
Obtained from:	Sergei Vyshenski <svysh@pn.sinp.msu.ru>
2000-09-13 04:16:16 +00:00
kris
f9e92409b4 Update for OpenSSH 2.2.0 2000-09-10 09:43:29 +00:00
kris
e4a753d311 Nuke RSAREF support from orbit.
It's the only way to be sure.
2000-09-10 00:09:37 +00:00
kris
28c07215c2 ``Anyone is now free to rub two primes together for their own gratification''
-- Unknown

Now that the RSA algorithm is released into the public domain, build
librsaintl by default unless NO_RSAINTL is set in make.conf.

The native OpenSSL implementation of RSA is much faster, doesn't have
an artificial keysize limitation, has 30% fewer calories and tastes great!
2000-09-06 23:46:50 +00:00
kris
868b20c6a8 Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
was using this feature.
2000-09-02 07:32:05 +00:00
green
37ca913ab7 Make the temporary file _evp.h instead of evp.h to not conflict with
the real evp.h.

Reported by:	markm
2000-08-24 19:06:55 +00:00
ache
c0ebc50c76 Add missing quotes around xauth path 2000-08-23 19:14:48 +00:00
green
3226a5dc26 Generate a new evp.h at build-time instead of install-time to properly
support NFS(ro) installworlds.
2000-08-23 11:41:01 +00:00
kris
aba57a02e8 Respect X11BASE to derive the location of xauth(1)
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00
green
67c40ef892 Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter
2000-08-22 02:15:54 +00:00
gshapiro
34bd54827a Turn on support for IPv6 2000-08-14 02:36:29 +00:00
gshapiro
eec2af9031 Get rid of the /etc/aliases -> /etc/mail/aliases hack. /etc/mail/aliases
now exists in the distribution.
2000-08-13 08:36:40 +00:00
gshapiro
002ef51d6e The rest of the changes needed to support the new version of sendmail (8.11.0).
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
2000-08-12 22:39:25 +00:00
green
11f08cadc6 Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by
getting rid of the check for NO_IDEA (in evp.h) completely if it's
installed without MAKE_IDEA=YES.
2000-08-04 04:25:59 +00:00
kris
509680f8f3 Install the openssl(1) manpage with an MLINK from ssl(8) to at least put
something in the location where OpenSSH likes to point.
2000-08-03 05:29:04 +00:00
kris
b6b7791276 Don't build sshd if NO_OPENSSL defined.
Submitted by:	stephen@math.missouri.edu
2000-07-30 22:25:54 +00:00
kris
9cf81bab1e Don't build crypto-enabled telnetd if NO_OPENSSL is defined, since it
attempts to link against libcrypto.
2000-07-25 01:11:17 +00:00
markm
1840dc9bdf WITH_IDEA --> MAKE_IDEA fix. 2000-07-16 12:20:28 +00:00
peter
e2062d0bd5 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
peter
b9b09beff7 Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using
MAKE_foo for things like MAKE_KERBEROS etc.  Use that.  I managed to
confuse myself last time and made make.conf different to the code. ;-(

Reported by:  Jun Kuriyama <kuriyama@FreeBSD.org>
2000-07-14 09:18:21 +00:00
peter
07b679d7be Argh. Cut/paste transcription error. Fix syntax of previous commit. 2000-07-03 06:26:30 +00:00
peter
5e51a5bb2d USA_RESIDENT is forced to YES or NO at the start of Makefile.inc1
Use that to be the final arbiter of whether or not to build the
librsaintl.so plugin for openssl/openssh.  Add a magic WANT_RSAINTL flag
to force building even if USA_RESIDENT=YES.
2000-07-03 06:24:23 +00:00
markm
2fe0472e39 MFI. This is a documentation-only, diffreducing patch, that if
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
2000-06-24 06:50:58 +00:00
kris
4b9e219ff8 Link explicitly against -lmd. I'm not sure what was pulling this in
on -current, but it doesnt do it on -stable.
2000-06-11 05:30:52 +00:00
kris
de18291bd3 Add a new file to SRCS 2000-06-03 10:04:31 +00:00
obrien
b448bd5eed /dev/urandom is the default random device, so no use in stateing it here.
Also simplify the conditionals a little.
2000-05-15 23:29:03 +00:00
obrien
56b2127f5c This version is slightly better than rev 1.10. There are still missing
dependencies for openssl/*.h.  I cannot reproduce any critical race
conditions with this revision.
2000-05-15 17:28:06 +00:00
obrien
20bcb4fdbc Use unadorned `mkdir -p', removing the "test ... ||".
There are sometimes problems with "&&" and "||" in the `make -j' case, as
it appears multiple processes may process parts of the execution line.
2000-05-15 16:52:57 +00:00
kris
45c7889547 Update for OpenSSH 2.1 2000-05-15 05:26:50 +00:00
kris
922c39a5a6 Use the C locale for running date(1).
Submitted by:	ache
2000-04-20 07:26:46 +00:00
kris
ec2fce6561 Update for OpenSSL 0.9.5a and clean up a bit. 2000-04-13 07:37:35 +00:00
kris
4e4529727e Update for OpenSSL 0.9.5a and clean up a bit.
Take responsibility for this makefile again :-)
2000-04-13 07:37:26 +00:00
obrien
bbbb5181e6 * Fix dependancies so that ``make depend'' is not required.
* Some style fixes

Approved by:	kris
2000-04-11 09:27:24 +00:00
obrien
e872f9007a * Fix dependancies so that ``make depend'' is not required.
* Some style fixes

Approved by:	kris
2000-04-11 08:28:47 +00:00
kris
4d1e096b22 Add libcrypto to LDADD. This fixes problems seen with e.g. apache-modssl
Submitted by:	Jim Bloom <bloom@acm.org>
2000-04-04 07:31:01 +00:00
kris
2325c37f86 Missed a fix for the new openssh; this fixes make world. 2000-03-26 21:17:11 +00:00
kris
f2ad2382fd Update for latest OpenSSH 2000-03-26 07:54:12 +00:00
kris
0d170b1596 Add a new function stub to libcrypto() which resolves to a symbol in
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
2000-03-13 09:55:53 +00:00
markm
eeb8008dd3 Make LOGIN_CAP work properly.
Submitted by:	ache
2000-03-09 14:54:00 +00:00
kris
0d1f47825b Buildworld fixes for NO_OPENSSH and NO_OPENSSL
Approved by:	jkh
2000-03-09 06:29:05 +00:00
kris
c56608d1a8 Build a shared library too - ports expect it.
Reviewed by:	peter
Approved by:	jkh
2000-03-07 20:55:55 +00:00
peter
edd585d0c1 Merge from internat.freebsd.org; cleanup stray rsaref glue code reference 2000-03-05 14:20:57 +00:00
jhay
9e73fea413 MFI: Make ssh and sshd link in the krb5 part of make release.
Reviewed by:	markm
2000-03-03 20:34:05 +00:00
kris
1064439c50 Resurrect the old libdes manpages (after a repo copy) until we have better
ones.
2000-03-02 06:06:35 +00:00
peter
c01fb7a6e5 Merge from internat.freebsd.org: add libcrypto to librsaUSA's symbol search
path so that ERR_load_strings() is found in certain circumstances
involving dlopen().  eg: main program dlopened foo.so which is linked
against libcrypto.  If libcrypto then dlopens librsaUSA.so, then it's
search path doens't find libcrypto (!).  One "fix" is to force
modules (eg main opening foo.so) to use the RTLD_GLOBAL flag, the other
is to explicitly declare dependencies (as done here).
2000-03-02 05:22:46 +00:00
markm
13286e4af4 MFI: stupid typo of mine. 2000-02-29 09:56:11 +00:00
kris
fb49122cc2 Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt
symlinks. The name is against my better judgement, but I defer to ancient
tradition here because I'm a nice guy.

Reviewed by:	-current
2000-02-29 05:47:52 +00:00
markm
b401a071dd New distribution names. 2000-02-28 19:25:34 +00:00
markm
3750b037a1 New distribution name. 2000-02-28 19:24:33 +00:00
peter
58c2a78aa2 Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.
2000-02-26 13:13:03 +00:00
peter
3e7de8aad5 Merge from internat.freebsd.org; deal with -DRSAref the same way as
libcrypto - not that it means much on the US code tree.
2000-02-25 14:15:31 +00:00
peter
2649bf3728 Merge from internat.freebsd.org; make RSAREF=YES work correctly, although
this is not very useful as the US repo is missing bits.
2000-02-25 14:08:35 +00:00
peter
9f02798cbf Create a stub libRSAglue for bsd.port.mk's sake 2000-02-25 09:47:17 +00:00
peter
47e3d89f30 Don't pull in libRSAglue for the rsaref case. Since this is linked
dynamically by default, we use the dlopen() calls to load librsaref.so
on US code trees.
2000-02-25 08:21:35 +00:00
peter
fe21c9e7b5 Fold libRSAglue into libcrypto so we don't have to special-case
all the builds.  There is still no actual RSA implementation code
in libcrypto or src/* on US code trees.
2000-02-25 08:18:43 +00:00
peter
153f059ef0 Sync with internat; delete a trailing space 2000-02-25 05:35:37 +00:00
markm
60d4791e24 Remove port components not needed in 4.n+
Submitted by:	Half the freaking planet....
2000-02-24 22:39:24 +00:00
markm
7ba9efa321 libdes is OBE 2000-02-24 19:08:24 +00:00
markm
ef025b40ab Build everything properly. This means:
o Don't b uild libdes.

o Crypto is now housed in libcrypto (with a compatability symlink to
  libdes)

o RSA may depend on RSAREF at your locale.

o OpenSSH is now a part of the base system.
2000-02-24 18:59:34 +00:00
markm
e2eb488588 Add the OpenSSH userland-building Makefiles. 2000-02-24 17:00:55 +00:00
markm
fd6da7cf96 Freefall/Internat diff reducer. 2000-02-24 10:37:29 +00:00
markm
6f148d13ec Freefall/Internat diff reducer. 2000-02-24 10:21:56 +00:00
markm
3b9684411f Freefall/Internat diff reducer. 2000-02-24 10:06:57 +00:00
markm
95d086535d Diff reducer. Comes from Internat. 2000-02-24 09:52:37 +00:00
markm
785e71a1db Remove useless whitespace.
Part of big commit OK'ed by: JKH
2000-02-24 09:48:58 +00:00
kris
85bfffb077 Back out the previous commit - it broke world and was not approved.
I don't know what I was thinking committing without approval - sorry.
2000-02-14 08:09:52 +00:00
kris
f7d8edf2df Link dynamically, not statically. 2000-02-13 00:53:12 +00:00
kris
e47db973e2 Add NO_OPENSSL knob to turn off building of openssl
Requested by:   wollman
2000-01-30 04:12:49 +00:00
kris
4a0df206ce Add NO_OPENSSL knob to turn off building of openssl
Requested by:	wollman
2000-01-30 04:11:37 +00:00
shin
ce15efb7c0 another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
2000-01-27 09:28:38 +00:00
kris
6dea110be6 Don't search for libraries in ${LOCALBASE}. This should fix the problems
people were seeing with conflicts with the openssl port.
2000-01-20 07:29:01 +00:00
kris
720968f83d Activate librsaglue 2000-01-20 07:27:49 +00:00
kris
c14f52207d Move the rsaref gunk to libRSAglue where ports expect it. 2000-01-20 07:27:38 +00:00
kris
3698c50454 Build infrastructure for libRSAglue, required for compatability with
ports even though it doesn't seem to do anything which requires it
to be separate from libcrypto.
2000-01-20 07:24:40 +00:00
kris
fb35998cf9 The wrong version of the file was committed previously which explains the
problems seen here.
2000-01-16 21:00:06 +00:00
kris
c4ff3eee89 Turn back on openssl building. 2000-01-16 05:25:26 +00:00
kris
dc0cb3b9c0 Turn back on libcrypto and libssl building. 2000-01-16 05:24:47 +00:00
kris
e34db3169c *** empty log message *** 2000-01-16 05:19:27 +00:00
kris
980132129f Add MAINTAINER tag so people don't feel the need to randomly frob with this. 2000-01-16 02:20:03 +00:00
green
3404ef4464 We cannot have libcrypto, and therefore OpenSSL at all, without RSA.
If you need examples of breakage, I'm ready to provide more than a
few.
2000-01-15 18:02:10 +00:00
kris
e64b093666 Connect OpenSSL to the build. 2000-01-14 08:01:51 +00:00
kris
fdd71b0f8f Build infrastructure for OpenSSL 2000-01-14 05:49:29 +00:00
kris
07fe4126ec Really really remove SHA-1 support. 2000-01-09 21:22:48 +00:00
markm
21fa5046a3 Routines needed by new kerberos. 2000-01-09 10:09:40 +00:00
jkh
5c1350ecfe Remove the SHA stuff properly. 2000-01-08 03:01:13 +00:00
peter
37d997842b Since /etc/sendmail.cf got moved to /etc/mail/sendmail.cf, a 'make world'
would leave you with a broken sendmail and local mail loss.
This evil hack moves sendmail.cf from the old location to the new one (if
required) at install time.
1999-12-29 18:56:55 +00:00
peter
fa91ef53d7 Install sendmail in it's new location. 1999-12-29 18:40:56 +00:00
markm
3a481b8c57 RIP xntpd. 1999-12-22 19:15:02 +00:00
peter
d82c29ef6e I missed the LDADD/DPADD for -lmd in the secure cases. :-(
Pointed out by: marcel
1999-12-19 16:50:33 +00:00
peter
bf11704e75 Revert -lmd changes now that libcrypt doesn't expose this binutils/ld
bug any more.
1999-12-18 16:42:33 +00:00