Commit Graph

110 Commits

Author SHA1 Message Date
bapt
66a6b324d0 Reduce overlinking
The framework now ensure by itself that pthread is added to the link chain
as the last component if linked to kerberos hence avoid with out any explicit
addition prevent issue like CVE-2014-8475
2014-11-25 22:25:13 +00:00
bapt
1f18779318 Convert to LIBADD
Reduce overlinking
2014-11-25 21:18:18 +00:00
bapt
8a9380f42c Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
kib
3ae13c8b20 Fix order of libthr and libc in the global dso list for sshd, by
explicitely linking main binary with -lpthread.  Before, libthr
appeared in the list due to dependency of one of the kerberos libs.
Due to the change in ld(1) behaviour of not copying NEEDED entries
from direct dependencies into the link results, the order becomes
reversed.

The libthr must appear before libc to properly interpose libc symbols
and provide working rtld locks implementation.  The symptom was sshd
hanging on rtld bind lock during nested symbol binding from a signal
handler.

Approved by:	des (openssh maintainer)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2014-04-27 05:28:14 +00:00
jmmv
64b466d8f8 Add placeholder Kyuafiles for various top-level hierarchies.
This change adds tests/ directories in the source tree to create various
subdirectories in /usr/tests/ and to install placeholder Kyuafiles for
them.

the relevant hierarchies are: cddl, etc, games, gnu and secure.

The reason for this is to simplify the addition of new test programs for
utilities or libraries under any of these directories.  Doing so on a
case by case basis is unnecessary and is quite an obscure process.
2014-04-21 21:39:25 +00:00
des
ae82763de4 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
des
7573e91b12 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
des
476b7e3d43 Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by:	re (marius)
2013-09-23 20:35:54 +00:00
des
2a9ec0fc3e Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired.  The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available.  This allows it to verify signed
SSHFP records.

Approved by:	re (blanket)
2013-09-10 22:26:11 +00:00
des
aba57138f9 Make libldns and libssh private.
Approved by:	re (blanket)
2013-09-08 10:04:26 +00:00
bz
a3df209122 Add a src.conf(5) option to allow users to compile in the "NONE cipher",
which, only after authentication, disables crypto, and only for sessions
without a terminal.

Submitted by:	Jeremy Chadwick (freebsd jdc.parodius.com)
PR:		bin/163095
MFC after:	10 days
2013-01-17 01:51:04 +00:00
eadler
a3eef43dfb Restore the ability to use a non-standard LOCALBASE to sshd
Add the ability to use a non-standard LOCALBASE to ssh

Submitted by:	jhb
Reviewed by:	des
Approved by:	cperciva
MFC after:	0 days (with r233136)
2012-03-24 19:41:43 +00:00
eadler
dda1767423 X11BASE is not used any more and has been killed by the x11 team.
Reviewed by:	???
Approved by:	???
MFC after:	3 days
2012-03-19 00:41:40 +00:00
des
038442ad80 Upgrade to OpenSSH 5.9p1.
MFC after:	3 months
2011-10-05 22:08:17 +00:00
des
ee2afa8165 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
des
c3510f9e73 Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
ru
14768b6db6 (Almost) fixed static linkage. The remaining problem is with
libgssapi.a and libgssapi_krb5.a libraries that define the
same symbols.
2010-02-26 12:12:54 +00:00
des
c6a1085fef Upgrade to OpenSSH 5.3p1. 2009-10-01 17:12:52 +00:00
des
8bf56a9772 Upgrade to OpenSSH 5.2p1.
MFC after:	3 months
2009-05-22 18:46:28 +00:00
csjp
574ec4344c Enable getaudit_addr(2) for sshd again. This will un-break the subject
BSM audit tokens for IPv6.
2008-11-30 15:35:24 +00:00
des
b7aa600c41 Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
2008-08-01 02:48:36 +00:00
dfr
be0348cb75 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
kris
b6a1392796 For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade
that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was
hard-wired to the now-wrong location in old releases.

However, both X11BASE and LOCALBASE have moved out of scope of src/
into ports/ now, which causes problems for upgraded users who have old
make.conf files still containing the above setting.  X11BASE becomes
null and we instruct ssh and sshd to look for xauth in /bin/xauth
where it is unlikely to be found.

Instead, provide a copy of the default LOCALBASE?=/usr/local setting
here.

We also have to deal with the case where the user only overrides
LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set
implicitly but not here), which will also move the location of xauth.

MFC after:	 3 days
Reported by:	 rwatson
2008-03-05 20:58:15 +00:00
des
16ff11ca6a Update for OpenSSH 4.4p1.
MFC after:	1 week
2006-09-30 13:41:26 +00:00
des
456f2593a5 Add a manual dependency on ssh_namespace.h.
Discussed with:	ru
2006-05-13 21:38:16 +00:00
des
148092431d Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
2006-05-13 13:47:45 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
csjp
8e902c8278 Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support
have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into
build conditionally.

For users which do not care for audit support and do not want to compile
it into their SSH servers, add the following to the /etc/make.conf:

	NO_AUDIT=true

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
2006-02-12 07:19:45 +00:00
dfr
d9cbcb50b5 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
des
d78c118916 Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by:	ru
2005-06-07 09:31:28 +00:00
des
6ea5ed6d7a Make libssh an INTERNALLIB like it is in {Net,Open}BSD. 2005-06-06 16:13:07 +00:00
des
189d70072d Update for OpenSSH 4.1p1. 2005-06-05 15:47:07 +00:00
ru
ba3655c74f NOLIBC_R -> NO_LIBC_R
NOLIBPTHREAD -> NO_LIBPTHREAD
NOLIBTHR -> NO_LIBTHR
2004-12-21 09:00:26 +00:00
des
ca12ec184b Update for OpenSSH 3.9p1. 2004-10-28 16:04:23 +00:00
des
ac19f1d43e Update for 3.8p1, including workaround for a bug in gss-genr.c. 2004-02-26 11:26:46 +00:00
ru
c6ac567da3 Use the default threading library if requested.
Reviewed by:	des, deischen
2004-02-07 08:23:48 +00:00
ru
955c424e12 - Removed libmd from the Kerberos library set.
- Removed libopie and libmd; libopie used to serve auth-skey.c
  which is compiled now only to ease maintenance, as well as
  a few other auth-*.c sources.

Reviewed by:	des
2004-02-02 22:00:35 +00:00
ru
2e62c8ec0a Fixed static linkage.
Reviewed by:	des
2004-01-08 11:40:19 +00:00
des
f9a1018d27 Enable GSSAPI support. [1]
Also remove some duplicates from ssh's SRCS.

Submitted by:	[1] Björn Grönvall <bg@sics.se>
2004-01-08 09:05:24 +00:00
des
0e9909da2c Update Makefiles for OpenSSH 3.7.1p2. 2004-01-07 11:17:23 +00:00
ru
c8976315a3 Fixed "make checkdpadd".
OK'ed by:	markm
2003-07-02 23:38:42 +00:00
markm
ee63e7dc15 Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
markm
06bd19ebb1 We no longer have a separate kerberos distribution. Its now just
part of the regular security dist.
2003-04-30 17:46:24 +00:00
ru
807a352217 The including makefile's directory is tried first for .include "...". 2003-04-30 07:54:39 +00:00
des
ea5dc58e56 Update for 3.6.1p1; also remove Kerberos IV shims. 2003-04-23 17:25:47 +00:00
des
5a36cfc6d3 ia64 and sparc64 both have libc_r now. 2003-01-09 08:36:05 +00:00
des
4db7824c37 Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need.
Use pthreads for PAM if the platform supports it and the user asked for it
(by setting OPENSSH_USE_POSIX_THREADS)

Sponsored by:	DARPA, NAI Labs
2002-12-14 13:54:57 +00:00
des
513df53f59 No guts, no glory. Switch to OpenSSH-portable.
Sponsored by:	DARPA, NAI Labs
2002-06-25 19:10:09 +00:00
des
107ff84363 Install the new man pages. 2002-06-23 21:43:43 +00:00