Commit Graph

528 Commits

Author SHA1 Message Date
des
c4824258ac Remove -static; it was a failed experiment that got committed by accident. 2010-02-25 21:26:50 +00:00
ed
09818ac28e Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
trasz
76eb2bb5eb Remove pppd, it's gone. 2009-12-29 20:14:39 +00:00
des
ca406db9c3 Fix globbing
Noticed by:	delphij, David Cornejo <dave@dogwood.com>
Forgotten by:	des
2009-11-10 09:45:43 +00:00
jhb
b4a2916c56 Fix a couple of comment typos.
MFC after:	1 week
2009-11-03 18:40:42 +00:00
des
c6a1085fef Upgrade to OpenSSH 5.3p1. 2009-10-01 17:12:52 +00:00
kensmith
9c2c634ee9 Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE.  Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by:    kib
Approved by:    re (rwatson)
2009-07-19 17:25:24 +00:00
cperciva
45e5ee4e4a Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by:	scottl (hptrr), gshapiro (sendmail), simon (openssl),
		roberto (ntp), jkim (acpica)
Approved by:	re (kib)
2009-07-11 22:30:37 +00:00
jhb
056d36800b Use the closefrom(2) system call.
Reviewed by:	des
2009-06-16 15:30:10 +00:00
simon
c2624ed238 Regenerate manual pages for OpenSSL 0.9.8k. 2009-06-14 19:51:05 +00:00
simon
55bfce5e08 Update build infrastructure for OpenSSL 0.9.8k. 2009-06-14 19:46:18 +00:00
des
8bf56a9772 Upgrade to OpenSSH 5.2p1.
MFC after:	3 months
2009-05-22 18:46:28 +00:00
csjp
574ec4344c Enable getaudit_addr(2) for sshd again. This will un-break the subject
BSM audit tokens for IPv6.
2008-11-30 15:35:24 +00:00
des
b7aa600c41 Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
2008-08-01 02:48:36 +00:00
imp
fea35767dd Merge from p4:
Implement openssl config needed for mips.

Submitted by:	gonzo@
Reviewed by:	simon@
2008-07-23 17:38:33 +00:00
peter
6b7a0b40a0 Add $FreeBSD$ 2008-07-03 03:36:58 +00:00
dfr
be0348cb75 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
kris
b6a1392796 For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade
that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was
hard-wired to the now-wrong location in old releases.

However, both X11BASE and LOCALBASE have moved out of scope of src/
into ports/ now, which causes problems for upgraded users who have old
make.conf files still containing the above setting.  X11BASE becomes
null and we instruct ssh and sshd to look for xauth in /bin/xauth
where it is unlikely to be found.

Instead, provide a copy of the default LOCALBASE?=/usr/local setting
here.

We also have to deal with the case where the user only overrides
LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set
implicitly but not here), which will also move the location of xauth.

MFC after:	 3 days
Reported by:	 rwatson
2008-03-05 20:58:15 +00:00
ru
2aa5a61fd3 getopt(3) returns -1, not EOF. 2008-02-19 07:09:19 +00:00
rafan
5fd49d94d5 - Bump share library version which were missed in last bump
Reported by: 	     jhb
Discussed with:	     deischen, des, doubg, harti
Approved by:	     re (kensmith)
2007-06-18 18:47:54 +00:00
gnn
38b76f0623 Integrate the Camellia Block Cipher. For more information see RFC 4132
and its bibliography.

Submitted by:   Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after:      1 month
2007-05-09 19:37:02 +00:00
simon
eeba690190 Upgrade to OpenSSL 0.9.8e. 2007-03-15 20:15:15 +00:00
ru
e35429e3f2 Fix static compilation. 2006-10-07 17:32:05 +00:00
simon
3673099c4c Upgrade to OpenSSL 0.9.8d. 2006-10-01 07:56:51 +00:00
des
16ff11ca6a Update for OpenSSH 4.4p1.
MFC after:	1 week
2006-09-30 13:41:26 +00:00
ru
4d582ffe09 Remove alpha left-overs. 2006-08-22 08:03:01 +00:00
simon
018ef6efe1 Upgrade to OpenSSL 0.9.8b. 2006-07-29 19:41:41 +00:00
simon
a3ca2e6974 Enable DSO (Dynamic Shared Object) support. This makes it possible
for OpenSSL to load engines run-time, e.g. for using the opensc
engine port.

The OpenSSL Configure script enables DSO support on FreeBSD by
default, we just don't use the Configure script during OpenSSL builds
in the base system.

This is committed to -CURRENT now (before OpenSSL 0.9.8b import), so
it can be tested at bit in -CURRENT before being MFC'ed to 6-STABLE.

Prodded by:	ale
PR:		bin/79570
MFC after:	1 week
2006-07-17 11:47:35 +00:00
des
456f2593a5 Add a manual dependency on ssh_namespace.h.
Discussed with:	ru
2006-05-13 21:38:16 +00:00
des
148092431d Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
2006-05-13 13:47:45 +00:00
ru
8af3d24050 Clean generated headers. 2006-04-10 08:47:18 +00:00
des
4c8759bdd0 Add port-tun.c. 2006-03-22 20:42:05 +00:00
ru
17d5388342 Provide alternate default for SHLIBDIR before bsd.own.mk does this.
Reported by:	phk
2006-03-18 11:01:06 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
csjp
8e902c8278 Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support
have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into
build conditionally.

For users which do not care for audit support and do not want to compile
it into their SSH servers, add the following to the /etc/make.conf:

	NO_AUDIT=true

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
2006-02-12 07:19:45 +00:00
dfr
d9cbcb50b5 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
ru
197c8754aa Revert last revision by phk@, it's redundant since bsd.incs.mk
already handles this, FWIW.
2005-11-19 07:04:17 +00:00
des
bba97f4018 Update for OpenSSH 4.2p1. 2005-09-03 07:10:33 +00:00
phk
c67149f940 Don't install includes if NO_TOOLCHAIN 2005-08-03 09:18:59 +00:00
kensmith
f97f77429f Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
des
d78c118916 Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by:	ru
2005-06-07 09:31:28 +00:00
des
6ea5ed6d7a Make libssh an INTERNALLIB like it is in {Net,Open}BSD. 2005-06-06 16:13:07 +00:00
des
189d70072d Update for OpenSSH 4.1p1. 2005-06-05 15:47:07 +00:00
nectar
deac0ae54c Update OpenSSL 0.9.7d -> 0.9.7e. 2005-02-25 06:04:12 +00:00
ru
28e20b0b08 Define PLATFORM correctly when cross-building. 2005-02-16 20:55:47 +00:00
ru
77cdf1ecc0 Sync program's usage() with manpage's SYNOPSIS. 2005-02-10 14:47:06 +00:00
dds
99025e3e58 Correctly hide the command arguments.
PR:		bin/76374
MFC after:	2 weeks
2005-01-17 21:46:13 +00:00
ru
f4c44b761b NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
ru
74176cc161 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
ru
ba3655c74f NOLIBC_R -> NO_LIBC_R
NOLIBPTHREAD -> NO_LIBPTHREAD
NOLIBTHR -> NO_LIBTHR
2004-12-21 09:00:26 +00:00
des
ca12ec184b Update for OpenSSH 3.9p1. 2004-10-28 16:04:23 +00:00
ru
5db2b9d5b3 For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
markm
1659a5207b Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes
from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
2004-08-14 13:38:35 +00:00
cperciva
e629b37603 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
cognet
2abb24a3b4 Import the openssl conf for arm. 2004-05-14 12:26:51 +00:00
ru
8bf7da3d6e Record the libssl.so dependency on libcrypto.so. This should
help some ports that depend on libradius that recently gained
the dependency on libssl.  This is also how the stock OpenSSL
build would link libssl.so on FreeBSD.

Prompted by:	kris
OK'ed by:	markm, nectar
2004-05-13 07:51:47 +00:00
marcel
578eca06dc Fix release builds (release.3 target). We also need to rebuild libradius,
because otherwise it will remain having a dependency upon libssl. This
breaks the non-crypto build that happens for release.3

While here, order the list of programs and libraries.

Speculating review feedback from: ru
2004-05-02 17:38:27 +00:00
ru
82e4cd2161 Turn MAKE_IDEA into a true "bool" type variable, as documented in
the make.conf(5) manpage.

PR:		conf/65738
OK'ed by:	markm
2004-04-19 11:35:15 +00:00
peter
bd06e547e0 Turn on the amd64-specific bignum code in openssl. This is actually
a variant of the C code but with some scattered asm and things laid out
more optimally for the platform.  This means that we need to the asm
directory to the search path for the amd64 case so that make can find
the source.
2004-04-14 23:26:26 +00:00
dwmalone
f28a31ce92 Remove the -pthread from the last commit, as OpenSSL doesn't actually
call any pthread functions as we use compile it. We keep the
-DOPENSSL_THREADS, which stops OpenSSL doing thread-unsafe stuff.

Requested by:	ru
2004-03-30 21:04:04 +00:00
dwmalone
e4d2e331fb Build OpenSSL so that it extects that is may be used in a threaded
environment. This stops some ports keeling over on an OpenSSL assert.
(The patch is not exactly the one from the PR, but has been refined
based on advice from freebsd-threads.)

PR:		51205
Submitted by:	Jim Westfall <jwestfall@surrealistic.net>
MFC after:	1 month
2004-03-30 11:30:02 +00:00
markm
1d9f598c39 Re-add the hand-optimised assembler versions of some of the ciphers
to the build.

Should have done this ages ago:	markm
Reminded above to do this:	peter
2004-03-23 08:32:29 +00:00
nectar
58c7296bfa Update manual pages for OpenSSL 0.9.7d. 2004-03-17 16:15:46 +00:00
des
ac19f1d43e Update for 3.8p1, including workaround for a bug in gss-genr.c. 2004-02-26 11:26:46 +00:00
johan
31854a224a style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
ru
c6ac567da3 Use the default threading library if requested.
Reviewed by:	des, deischen
2004-02-07 08:23:48 +00:00
ru
743cc6d002 Fixed style of DPADD and LDADD assignments as per style.Makefile(5). 2004-02-05 22:44:25 +00:00
ru
955c424e12 - Removed libmd from the Kerberos library set.
- Removed libopie and libmd; libopie used to serve auth-skey.c
  which is compiled now only to ease maintenance, as well as
  a few other auth-*.c sources.

Reviewed by:	des
2004-02-02 22:00:35 +00:00
ru
97f28e9489 Added two utility targets "secure" and "insecure", analogous to
"kerberize" and "dekerberize" in kerberos5/Makefile.  These can
be used to recompile bits with optional crypto support with and
without crypto, respectively.

Reviewed by:	markm
2004-01-18 07:44:53 +00:00
ru
9260b63f07 Once upon a time we had both "crypto" and "krb5" distributions,
and rebuilt some bits with crypto but without Kerberos support
(most notably SSH) during "make release", to put them into the
"crypto" distribution.

Now that we don't ship the separate "krb5" distribution anymore
(it's now part of the "crypto" distribuion), don't waste time
recompiling SSH bits without crypto and without Kerberos support
in an attempt to put them in the "base" distribution -- it just
doesn't work as SSH always uses crypto code.

We avoid this by not rebuilding KPROGS from kerberos5/Makefile in
release/Makefile and adding "libpam" to SPROGS in secure/Makefile
to ensure it's still rebuilt without crypto support for the "base"
distribution.  (Disabling crypto (NOCRYPT) also disables building
of Kerberos-related PAM modules, and it's OK to depend on this.)

This should be a no-op change saving some "make release" time.
2004-01-17 19:22:36 +00:00
ru
aa715558f4 - Properly build both crypto and non-crypto versions of the
package management tools.

- Drop redundant dependency of pkg_create(1) and pkg_delete(1)
  on crypto libraries now that they do not link with libfetch.
2004-01-17 13:41:16 +00:00
ru
36f667de89 Removed well outdated comment. 2004-01-17 03:12:46 +00:00
ru
4a8b6d970d Cosmetics: rearrange the dependency list to match that of ssh and sshd.
Reviewed by:	des
2004-01-08 11:41:02 +00:00
ru
2e62c8ec0a Fixed static linkage.
Reviewed by:	des
2004-01-08 11:40:19 +00:00
des
b1f53e3dd8 Use += instead of = with DPADD / LDADD. 2004-01-08 09:50:56 +00:00
des
f9a1018d27 Enable GSSAPI support. [1]
Also remove some duplicates from ssh's SRCS.

Submitted by:	[1] Björn Grönvall <bg@sics.se>
2004-01-08 09:05:24 +00:00
des
7a85d4b654 Previous commit erroneously listed some sources with .o suffixes. 2004-01-07 11:59:52 +00:00
des
0e9909da2c Update Makefiles for OpenSSH 3.7.1p2. 2004-01-07 11:17:23 +00:00
gordon
7166b89595 Explicitly add libz and libcrypto to LDADD for any ssh utilities missing
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.

I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.

Reviewed by:	des
2003-08-19 07:45:03 +00:00
gordon
5901302929 Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
2003-08-17 08:28:46 +00:00
markm
d6aec2b6d6 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
ru
c8976315a3 Fixed "make checkdpadd".
OK'ed by:	markm
2003-07-02 23:38:42 +00:00
markm
c9989cede1 Fix for the NO_OPENSSL case.
Reported by:	Marius Strobl <marius@alchemy.franken.de>
2003-06-08 08:24:07 +00:00
markm
6d070a0d03 Drop this MAINTAINER bit. I'll reclaim an "Advisory Maintainership"
for this area later.
2003-06-04 16:10:20 +00:00
markm
8e268e6fc3 I'm now happy that this is no longer needed. Libcrypto has
all its functionality, and all its consumers have been converted.
2003-06-04 15:26:34 +00:00
markm
0e343897fb Disconnect libcipher from the build. It only does DES, and we already
have libcrypto to do that. Both consumers of this lib have been
converted to use libcrypto. (bin/ed and secure/usr.bin/bdes).
2003-06-02 20:03:32 +00:00
markm
c9e0f045e6 Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.
2003-06-02 19:17:24 +00:00
markm
eea4d78677 Modernise. Use libcrypto instead of libcipher for DES. 2003-06-02 19:10:59 +00:00
obrien
113e55804c Ugg, wrong version.
CSTD=gnu89, c89 wont do.
2003-06-01 23:39:16 +00:00
obrien
39c3dcb697 This isn't C99 clean. 2003-06-01 23:37:46 +00:00
markm
ee63e7dc15 Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
markm
06bd19ebb1 We no longer have a separate kerberos distribution. Its now just
part of the regular security dist.
2003-04-30 17:46:24 +00:00
ru
807a352217 The including makefile's directory is tried first for .include "...". 2003-04-30 07:54:39 +00:00
ru
4e8be68394 Most things depend on !defined(NO_OPENSSL); make it look so. 2003-04-30 07:51:51 +00:00
ru
026dd985be NOSECURE is implied by NOCRYPT, meaning if the latter is defined
we won't be here.
2003-04-30 07:34:14 +00:00
des
97c8ef8dd1 Remove Kerberos IV shims. 2003-04-23 17:26:01 +00:00
des
ea5dc58e56 Update for 3.6.1p1; also remove Kerberos IV shims. 2003-04-23 17:25:47 +00:00
bde
b290b293cf Silence `make -s' (echo -> ${ECHO}). 2003-04-13 14:13:28 +00:00
ru
17f3ff85b3 libtelnet depends on OpenSSL.
PR:	50507
2003-04-01 12:50:40 +00:00
charnier
ed068996dc The .Nm utility 2003-03-24 16:09:07 +00:00