Fix integer overflow in IGMP protocol. [SA-15:04]

Fix vt(4) crash with improper ioctl parameters. [EN-15:01]

Updated base system OpenSSL to 1.0.1l. [EN-15:02]

Fix freebsd-update libraries update ordering issue. [EN-15:03]

Approved by: so

[SA-14:24] Fix denial of service attack against sshd(8).
[SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2).
[SA-14:26] Fix remote command execution in ftp(1).
[EN-14:12] Fix NFSv4 and ZFS cache consistency issue.

Approved by: so (des)

- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by: re (marius)

Replace claims that DES is a strong cryptosystem with a warning stating
that it should no longer be considered secure.

Approved by: re (gjb)

Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.

Approved by: re (blanket)

Make libldns and libssh private.

Approved by: re (blanket)

Remove references to MK_IDEA.

As of r249959, we want to build with IDEA support enabled
unconditionally. As this change removed the MK_IDEA flag, update these
Makefiles accordingly.

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Retire the mislabeled ENABLE_SUID_SSH knob.

Merge OpenSSL 1.0.1e.

Approved by: secteam (simon), benl (silence)

Add a src.conf(5) option to allow users to compile in the "NONE cipher",
which, only after authentication, disables crypto, and only for sessions
without a terminal.

Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com)
PR: bin/163095
MFC after: 10 days

Fix typo; s/ouput/output

Upgrade OpenSSH to 6.1p1.

Sort ASM definitions by crypto module for slightly easier maintenance.
Specifically, GHASH_ASM belongs to crypto/modes.

Merge OpenSSL 1.0.1c.

Approved by: benl (maintainer)

Regen ca(1) for r237658. This re-applies r227458, i.e., add a missing "be".

Merge OpenSSL 0.9.8x.

Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days

Update the previous openssl fix. [12:01]

Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)

Restore the ability to use a non-standard LOCALBASE to sshd
Add the ability to use a non-standard LOCALBASE to ssh

Submitted by: jhb
Reviewed by: des
Approved by: cperciva
MFC after: 0 days (with r233136)

X11BASE is not used any more and has been killed by the x11 team.

Reviewed by: ???
Approved by: ???
MFC after: 3 days

Return NULL on error rather than ":", per the crypt(3) man page.
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3

Force linker error when created shared library contains a relocation
against text. Provide the override switch to turn off the strict
behaviour. Apparently, openssl libcrypto needs it due to assembler
code not being PIC.

Discussed with: bf
MFC after: 2 weeks

- add a missing "be" and "in"
- fix other errors introduced when committing r226436
- add 'function' to a sentence where it makes sense

Submitted by: delphij
Submitted by: dougb
Submitted by: jhb
Approved by: dougb
Approved by: jhb

- change "is is" to "is" or "it is"
- change "the the" to "the"

Approved by: lstewart
Approved by: sahil (mentor)
MFC after: 3 days

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Upgrade to OpenSSH 5.8p2.

Fix some leftover binaries and shared libraries in the system that still
have an executable stack, due to linking in hand-assembled .S or .s
files, that have no .GNU-stack sections:

RWX --- --- /lib/libcrypto.so.6
RWX --- --- /lib/libmd.so.5
RWX --- --- /lib/libz.so.6
RWX --- --- /lib/libzpool.so.2
RWX --- --- /usr/lib/liblzma.so.5

These were found using scanelf, from the sysutils/pax-utils port.

Reviewed by: kib

Regenerate manual pages for OpenSSL 0.9.8q.

Regenerate manual pages for OpenSSL 0.9.8p.

Revert changes of 'assure' to 'ensure' made in r211936.

Approved by: rrs (mentor)

Fix incorrect usage of 'assure' and 'insure'.

Approved by: rrs (mentor)

Repair some build breakage introduced in r211725 and garbage collect some
code made obsolete in the same commit.

MFtbemd:

Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.

Fix buildworld -DNO_CLEAN when using with Perforce, which marks files as
read-only by default, meaning files copied can't be overwritten next time.

Reviewed by: imp
Approved by: ken (mentor)

Whitespace fix for last check-in, move empty line to below endif.

MIPS 64 bit support.

When compiled for MIPS n64 ABI
- DES_LONG should be 'unsigned int'
- BN_LLONG should be undefined
- SIXTY_FOUR_BIT_LONG should be defined.

OpenSSL configuration for powerpc64

Obtained from: projects/ppc64

Regenerate manual pages for OpenSSL 0.9.8n.

- Make it slightly simpler to update OpenSSL version information
for regenerating OpenSSL manual pages.
- Explicitly set the OpenSSL release date so manual pages contain
the date OpenSSL was released and not just the date OpenSSL was
imported into the FreeBSD base system.
- Update for Makefile for OpenSSL 0.9.8n.

Regenerate manual pages for OpenSSL 0.9.8m.

MFC after: 3 weeks

Merge OpenSSL 0.9.8m into head.

This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after: 3 weeks

Revert r204939

Forgot to svn add the Makefile.

Fix the build. The ssh-pkcs11-helper directory is empty, which is
causing confusion.

Upgrade to OpenSSH 5.4p1.

MFC after: 1 month

(Almost) fixed static linkage. The remaining problem is with
libgssapi.a and libgssapi_krb5.a libraries that define the
same symbols.

Fix 'make checkdpadd'

Submitted by: ru@

Remove -static; it was a failed experiment that got committed by accident.

Build lib/ with WARNS=6 by default.

Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.

Remove pppd, it's gone.

Fix globbing

Noticed by: delphij, David Cornejo <dave@dogwood.com>
Forgotten by: des

Fix a couple of comment typos.

MFC after: 1 week

Upgrade to OpenSSH 5.3p1.

Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by: kib
Approved by: re (rwatson)

Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl),
roberto (ntp), jkim (acpica)
Approved by: re (kib)

Use the closefrom(2) system call.

Reviewed by: des

Regenerate manual pages for OpenSSL 0.9.8k.

Update build infrastructure for OpenSSL 0.9.8k.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Enable getaudit_addr(2) for sshd again. This will un-break the subject
BSM audit tokens for IPv6.

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Merge from p4:

Implement openssl config needed for mips.

Submitted by: gonzo@
Reviewed by: simon@

Set magic fbsd:nokeywords property that allows files to bypass
keyword expansion. (file-specific replacement for CVSROOT/exclude)

Add $FreeBSD$

Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.

For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade
that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was
hard-wired to the now-wrong location in old releases.

However, both X11BASE and LOCALBASE have moved out of scope of src/
into ports/ now, which causes problems for upgraded users who have old
make.conf files still containing the above setting. X11BASE becomes
null and we instruct ssh and sshd to look for xauth in /bin/xauth
where it is unlikely to be found.

Instead, provide a copy of the default LOCALBASE?=/usr/local setting
here.

We also have to deal with the case where the user only overrides
LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set
implicitly but not here), which will also move the location of xauth.

MFC after: 3 days
Reported by: rwatson

getopt(3) returns -1, not EOF.

- Bump share library version which were missed in last bump

Reported by: jhb
Discussed with: deischen, des, doubg, harti
Approved by: re (kensmith)

Integrate the Camellia Block Cipher. For more information see RFC 4132
and its bibliography.

Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after: 1 month

Upgrade to OpenSSL 0.9.8e.

Fix static compilation.

Upgrade to OpenSSL 0.9.8d.

Update for OpenSSH 4.4p1.

MFC after: 1 week

Remove alpha left-overs.

Upgrade to OpenSSL 0.9.8b.

Enable DSO (Dynamic Shared Object) support. This makes it possible
for OpenSSL to load engines run-time, e.g. for using the opensc
engine port.

The OpenSSL Configure script enables DSO support on FreeBSD by
default, we just don't use the Configure script during OpenSSL builds
in the base system.

This is committed to -CURRENT now (before OpenSSL 0.9.8b import), so
it can be tested at bit in -CURRENT before being MFC'ed to 6-STABLE.

Prodded by: ale
PR: bin/79570
MFC after: 1 week

Add a manual dependency on ssh_namespace.h.

Discussed with: ru

Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by: lukem@netbsd.org
MFC after: 6 weeks

Clean generated headers.

Add port-tun.c.

Provide alternate default for SHLIBDIR before bsd.own.mk does this.

Reported by: phk

Reimplementation of world/kernel build options. For details, see:

http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)

Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support
have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into
build conditionally.

For users which do not care for audit support and do not want to compile
it into their SSH servers, add the following to the /etc/make.conf:

NO_AUDIT=true

Discussed with: rwatson
Obtained from: TrustedBSD Project

Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)

Revert last revision by phk@, it's redundant since bsd.incs.mk
already handles this, FWIW.

Update for OpenSSH 4.2p1.

Don't install includes if NO_TOOLCHAIN

Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by: ru
Approved by: re (not needed for commit check but in principle...)

Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by: ru

Make libssh an INTERNALLIB like it is in {Net,Open}BSD.

Update for OpenSSH 4.1p1.

Update OpenSSL 0.9.7d -> 0.9.7e.

Define PLATFORM correctly when cross-building.

Sync program's usage() with manpage's SYNOPSIS.

Correctly hide the command arguments.

PR: bin/76374
MFC after: 2 weeks

NOCRYPT -> NO_CRYPT

NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE

NOLIBC_R -> NO_LIBC_R
NOLIBPTHREAD -> NO_LIBPTHREAD
NOLIBTHR -> NO_LIBTHR

Update for OpenSSH 3.9p1.

For variables that are only checked with defined(), don't provide
any fake value.

Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes
from OpenSSL 0.9.5 (yet to be released), and is pretty complete.

Join the 21st century: Cryptography is no longer an optional component
of releases. The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by: re (scottl), markm
Discussed on: freebsd-current, in late April 2004

Import the openssl conf for arm.

Record the libssl.so dependency on libcrypto.so. This should
help some ports that depend on libradius that recently gained
the dependency on libssl. This is also how the stock OpenSSL
build would link libssl.so on FreeBSD.

Prompted by: kris
OK'ed by: markm, nectar

Fix release builds (release.3 target). We also need to rebuild libradius,
because otherwise it will remain having a dependency upon libssl. This
breaks the non-crypto build that happens for release.3

While here, order the list of programs and libraries.

Speculating review feedback from: ru

Turn MAKE_IDEA into a true "bool" type variable, as documented in
the make.conf(5) manpage.

PR: conf/65738
OK'ed by: markm

Turn on the amd64-specific bignum code in openssl. This is actually
a variant of the C code but with some scattered asm and things laid out
more optimally for the platform. This means that we need to the asm
directory to the search path for the amd64 case so that make can find
the source.

Remove the -pthread from the last commit, as OpenSSL doesn't actually
call any pthread functions as we use compile it. We keep the
-DOPENSSL_THREADS, which stops OpenSSL doing thread-unsafe stuff.

Requested by: ru

Build OpenSSL so that it extects that is may be used in a threaded
environment. This stops some ports keeling over on an OpenSSL assert.
(The patch is not exactly the one from the PR, but has been refined
based on advice from freebsd-threads.)

PR: 51205
Submitted by: Jim Westfall <jwestfall@surrealistic.net>
MFC after: 1 month

Re-add the hand-optimised assembler versions of some of the ciphers
to the build.

Should have done this ages ago: markm
Reminded above to do this: peter

Update manual pages for OpenSSL 0.9.7d.

Update for 3.8p1, including workaround for a bug in gss-genr.c.

style.Makefile(5):
Use WARNS?= instead of WARNS=.

Use the default threading library if requested.

Reviewed by: des, deischen

Fixed style of DPADD and LDADD assignments as per style.Makefile(5).

- Removed libmd from the Kerberos library set.

- Removed libopie and libmd; libopie used to serve auth-skey.c
which is compiled now only to ease maintenance, as well as
a few other auth-*.c sources.

Reviewed by: des

Added two utility targets "secure" and "insecure", analogous to
"kerberize" and "dekerberize" in kerberos5/Makefile. These can
be used to recompile bits with optional crypto support with and
without crypto, respectively.

Reviewed by: markm

Once upon a time we had both "crypto" and "krb5" distributions,
and rebuilt some bits with crypto but without Kerberos support
(most notably SSH) during "make release", to put them into the
"crypto" distribution.

Now that we don't ship the separate "krb5" distribution anymore
(it's now part of the "crypto" distribuion), don't waste time
recompiling SSH bits without crypto and without Kerberos support
in an attempt to put them in the "base" distribution -- it just
doesn't work as SSH always uses crypto code.

We avoid this by not rebuilding KPROGS from kerberos5/Makefile in
release/Makefile and adding "libpam" to SPROGS in secure/Makefile
to ensure it's still rebuilt without crypto support for the "base"
distribution. (Disabling crypto (NOCRYPT) also disables building
of Kerberos-related PAM modules, and it's OK to depend on this.)

This should be a no-op change saving some "make release" time.

- Properly build both crypto and non-crypto versions of the
package management tools.

- Drop redundant dependency of pkg_create(1) and pkg_delete(1)
on crypto libraries now that they do not link with libfetch.

Removed well outdated comment.

Cosmetics: rearrange the dependency list to match that of ssh and sshd.

Reviewed by: des

Fixed static linkage.

Reviewed by: des

Use += instead of = with DPADD / LDADD.

Enable GSSAPI support. [1]
Also remove some duplicates from ssh's SRCS.

Submitted by: [1] Björn Grönvall <bg@sics.se>

Previous commit erroneously listed some sources with .o suffixes.

Update Makefiles for OpenSSH 3.7.1p2.

Explicitly add libz and libcrypto to LDADD for any ssh utilities missing
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.

I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.

Reviewed by: des

Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.

Very big makeover in the way telnet, telnetd and libtelnet are built.

Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.

Fixed "make checkdpadd".

OK'ed by: markm

Fix for the NO_OPENSSL case.

Reported by: Marius Strobl <marius@alchemy.franken.de>

Drop this MAINTAINER bit. I'll reclaim an "Advisory Maintainership"
for this area later.

I'm now happy that this is no longer needed. Libcrypto has
all its functionality, and all its consumers have been converted.

Disconnect libcipher from the build. It only does DES, and we already
have libcrypto to do that. Both consumers of this lib have been
converted to use libcrypto. (bin/ed and secure/usr.bin/bdes).

Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.

Modernise. Use libcrypto instead of libcipher for DES.

Ugg, wrong version.
CSTD=gnu89, c89 wont do.

This isn't C99 clean.

Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.

We no longer have a separate kerberos distribution. Its now just
part of the regular security dist.

The including makefile's directory is tried first for .include "...".

Most things depend on !defined(NO_OPENSSL); make it look so.

NOSECURE is implied by NOCRYPT, meaning if the latter is defined
we won't be here.

Remove Kerberos IV shims.

Update for 3.6.1p1; also remove Kerberos IV shims.

Silence `make -s' (echo -> ${ECHO}).

libtelnet depends on OpenSSL.

PR: 50507

The .Nm utility

Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f'
doesn't need to be prefixed with '-'. Keep the pointy hat for myself
for not reading the code closely.

Don't error out the build if removing a "stale" symlink fails.

Pointy hat for breaking my installworld: nectar

Fix mixed up arguments passed to a locally defined err(int, char *)
function.

Approved by: markm (mentor)
Submitted by: till toenges <tt@mail.isis.de>
PR: bin/48963

Handle includes the normal way.

Reviewed by: markm
Approved by: nectar

Regenerate man pages after import of OpenSSL 0.9.7a.

LIBDIR/INCLUDEDIR do not include DESTDIR.

Reported by: Andrzej Tobola <san@iem.pw.edu.pl>

Follow-up to previous commit: we had a des.h symlink, too. Remove
that.

Previously, libcrypto contained symbols that were identical to EAY
libdes, and functionally close enough so that we created symlinks
(libdes -> libcrypto) to help older applications. With the import of
OpenSSL 0.9.7, this is no longer true and we no longer install these
symlinks. However, systems that are upgraded may have these symlinks,
which could cause non-obvious breakage at build-time. Therefore, blow
any old symlinks away in the `afterinstall' target.

Correct path for finding asm-generating files.

Install the OpenSSL man pages in /usr/share/openssl/man
and remove the WANT_OPENSSL_MANPAGES knob.

Do not define OPENSSL_NO_KRB5 here in CFLAGS. It is handled in
opensslconf.h.

Reminded by: reports from des, obrien

Re-add WANT_OPENSSL_MANPAGES knob.

Noticed by: ru

Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).

Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:

des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.

des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.

Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.

Re-add WANT_OPENSSL_MANPAGES knob.

Hopefully fix world for folks not compiling IDEA (the default).
NO_IDEA is now spelled OPENSSL_NO_IDEA. Update the bmake glue accordingly
or the IDEA references are not stripped from <openssl/evp.h>

Force OPENSSL_NO_KRB5. OpenSSL's current implementation of RFC 2712
can only be built with MIT Kerberos.

If we didn't define this here, then SSL-using applications would have
to define OPENSSL_NO_KRB5 themselves in order to build.

Update for OpenSSL 0.9.7. No assembler code at the moment. This
will follow.

ia64 and sparc64 both have libc_r now.

Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need.
Use pthreads for PAM if the platform supports it and the user asked for it
(by setting OPENSSH_USE_POSIX_THREADS)

Sponsored by: DARPA, NAI Labs

Remove myself as maintainer of openssl; I no longer have enough time to
devote to it.

DON'T EVER PUT THIS BACK!

Pointy hat to: obrien

Style sync with rest of FreeBSD.

Update for OpenSSH 3.5p1.

Don't lint contrib'ed sources, even if the builder has asked for linting.
Its Just Too Noisy.

Bandaid for a broken world. The real fix is somewhat more
complicated and will be sent for a review.

Added the missing dependencies for openssl/ headers.

Use `uint32_t' instead of `unsigned long', since the code assumes 32-bit
arithmetic.

Reviewed by: make test

The fact that bdes(1) didn't work was
Reported by: Fred Clift <fclift@verio.net>

Update list of installed manual pages after regenerating them.

This commit was generated by cvs2svn to compensate for changes in r100946,
which included commits to RCS files with non-trunk default branches.

Update to match reality (i.e. reference libcrypto headers and
libraries, not the no-longer-existent libdes).

s,/usr/include,${INCLUDEDIR},

Removed the (never used) help-distribute target from here.

(Similar targets were once used during the release building
process for kerberosIV and kerberos5.)

ssh-keysign(8) belongs in /usr/libexec, not in /usr/bin, and needs to be
setuid so ssh(1) doesn't have to be.

Pointy hat to: des
Submitted by: Katsuyuki TATEISHI <katsu@iec.hiroshima-u.ac.jp>

Switch over to 3.4p1.

No guts, no glory. Switch to OpenSSH-portable.

Sponsored by: DARPA, NAI Labs

My previous style commits weren't entirely right. Fix some bugs I
introduced, and a few more I hadn't yet fixed.

Submitted by: bde

Previous commit made no sense.

Fix style and unbreal static build.

Install the new man pages.

Update Makefiles for OpenSSH 3.3.

Make NO_OPENSSL actually imply NO_OPENSSH, as documented in make.conf(5).

for OpenSSL 0.9.5a

Build using pregenerated manpages; don't use perl to translate .pod's.
The translated .pod's have already been committed.

This commit was generated by cvs2svn to compensate for changes in r96593,
which included commits to RCS files with non-trunk default branches.

Removed now unused INTERNALSTATICLIB.
INTERNALLIB now implies NOPIC and NOPROFILE.
Removed gratuitous NOMAN.

Added new bsd.incs.mk which handles installing of header files
via INCS. Implemented INCSLINKS (equivalent to SYMLINKS) to
handle symlinking include files. Allow for multiple groups of
include files to be installed, with the powerful INCSGROUPS knob.
Documentation to follow.

Added standard `includes' and `incsinstall' targets, use them
in Makefile.inc1. Headers from the following makefiles were
not installed before (during `includes' in Makefile.inc1):

kerberos5/lib/libtelnet/Makefile
lib/libbz2/Makefile
lib/libdevinfo/Makefile
lib/libform/Makefile
lib/libisc/Makefile
lib/libmenu/Makefile
lib/libmilter/Makefile
lib/libpanel/Makefile

Replaced all `beforeinstall' targets for installing includes
with the INCS stuff.

Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS,
and for compatibility with NetBSD. Similarly for INCOWN, INCGRP,
and INCMODE.

Consistently use INCLUDEDIR instead of /usr/include.

gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes
were only lightly tested due to the missing contrib/libstdc++-v3.
I fully tested the pre-WIP_GCC31 version of this patch with the
contrib/libstdc++.295 stuff.

These changes have been tested on i386 with the -DNO_WERROR "make
world" and "make release".

Pre-generate the optimized x86 crypto code and check it in rather than
depending on perl at build time. Makefile.asm is a helper for after the
next import.

With my cvs@ hat on, the relatively small repo cost of this is acceptable,
especially given that we have other (much bigger) things like
lib*.so.gz.uu checked in under src/lib/compat/*.

Reviewed by: kris (maintainer)

Milestone #1 in cross-arch make releases.

Do not install games and profiled libraries to the ${CHROOTDIR}
with the initial installworld.

Eliminate the need in the second installworld. For that, make sure
_everything_ is built in the "world" environment, using the right
tool chain.

Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the
buildworld process into stages, and skip some stages when
SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5
dists).

Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running
makewhatis(1) at the end of installworld (used when making crypto,
krb4, and krb5 dists).

In release/scripts/doFS.sh, ensure that the correct boot blocks are
used.

Moved the creation of the "crypto" dist from release.5 to
release.2.

In release.3 and doMFSKERN, build kernels in the "world"
environment. KERNELS now means "additional" kernels, GENERIC is
always built.

Ensure we build crunched binaries in the "world" environment.
Obfuscate release/Makefile some more (WMAKEENV) to achieve this.

Inline createBOOTMFS target.

Use already built GENERIC kernel modules to augment mfsfd's
/stand/modules. GC doMODULES as such.

Assorted fixes:

Get rid of the "afterdistribute" target by moving the single use
of it from sys/Makefile to etc/Makefile's "distribute".

Makefile.inc1: apparently "etc" no longer needs to be last for
"distribute" to succeed.

gnu/usr.bin/perl/library/Makefile.inc: do not override the
"install" and "distribute" targets, do it the "canonical" way.

release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and
catpages appear in the right dists. Note that because Perl does
not respect the MANBUILDCAT (and NOMAN), this results in a loss of
/usr/share/perl/man/cat* empty directories. This will be fixed
soon.

Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it
means "make KerberosIV"), as documented in the make.conf(5)
manpage. Most of the userland makefiles did not test it for "YES"
anyway.

XXX Should specialized kerberized libpam versions be included into
the krb4 and krb5 dists? (libpam.a would be incorrect anyway if
both krb4 and krb5 dists were choosen.)

Make sure "games" dist is made before "catpages", otherwise games
catpages settle in the wrong dist.

Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>

The library itself does not depend on Kerberos bits.
Otherwise, we would have broken krb4 and krb5 dists.

Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation. Reduces diffs to OpenSSH.)

Reviewed by: bde

Install headers with -C. Ideally, these Makefiles should not need to
override the beforeinstall target at all, but this has proven difficult
to achieve.

Use PAM instead of S/Key (or OPIE) for SSH2.

Sponsored by: DARPA, NAI Labs

Don't forget auth-skey.c.

Adjust for OpenSSH 3.1.

Sponsored by: DARPA, NAI Labs

Fixed some style bugs. Mainly, don't use ${.ALLSRC} in implicit rules.
This change should have been in rev.1.37.

Use NO_PERL as well as NOPERL. The latter is going to (eventually) go.

No functional change, but big code cleanup. WARNS, lint(1) and style(9).

o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on: alpha, i386
Reviewed by: bde, jake, tmm

Now that cross-tools ld(1) has been fixed to look for dynamic
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by: markm

Set WFORMAT=0, overlooked in previous commits to libexec/.

Reported by: jhay

Update list of manpages

Add pam_ssh support to the static PAM library, libpam.a:

- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
dynamic linkage with -lssh.

Reviewed by: des, markm
Approved by: markm

Clean up makefiles, and turn on WARNS=2. Take into account the telnet
#if cleanup.

Opensslconf for sparc64. Just a copy of the alpha one for now.

Approved by: kkenn (maintainer)

Install libssh and libssh_pic. These are needed when building
statically, and when building things (like login(8)) standalone.
libssh_pic is needed for libpam and modules.

Requested by: peter

__FBSDID() (second half of src/lib/libcrypt changes)

Argh! Shoot me! (add closing */ after $FreeBSD$ )

Add an ia64 configuration. This is not likely to be optimal, but does
compile and seems to work. We should run configure after everything
else is self hosting to test the speeds of the various options.

Sync this file up with its i386 brother. This appears to have been missed
when 0.9.5a was imported.

Approved by: kris

mdoc(7) police: Use the new .In macro for #include statements.

Fix cross-building, etc:

1. To cross-build, one now needs to set TARGET_ARCH, and not the
MACHINE_ARCH. MACHINE_ARCH should never be changed manually!

2. Initialize DESTDIR= explicitly for bootstrap-tools, build-tools,
and cross-tools stages. This fixes broken header and library
dependencies problem. We build them in the host environment,
and obviously want them to depend on host headers and libraries.
The problem with broken header dependencies for bootstrap-tools
and cross-tools was already partially solved (see BOOTSTRAPPING
tests in bsd.prog.mk and bsd.lib.mk), but it was still there for
build-tools if the user ran "make world DESTDIR=/foo". Also,
for all of these stages, the library dependencies were broken
because of how bsd.libnames.mk define DPADD members.

We still provide a glue to install bootstrap- and cross-tools
under the ${WORLDTMP}.

Removed PATH overrides for bootstrap-, build-, and cross-tools
stages. There is just no reason why we would need to override
it, and the hacks to clean up the ${WORLDTMP} in the -DNOCLEAN
case are no longer needed with fixes from this step.

That is, we now never use ${WORLDTMP} headers and libraries,
and we don't use any ${WORLDTMP} installed binaries during
these stages. Again, these stages depend solely on the host
environment, including compiler, headers, and libraries.

3. Moved "miniperl" back from cross-tools (it has nothing to do
with a cross-compiler) to build-tools where it belongs. The
change from step 1 let to do this. Also, to make this work,
build-tools targets of "cc_tools" and "miniperl" were modified
to call "depend". Here follow the detailed explanations.

There are two categories of build tools, for now. In the first
category there are "cc_tools" and "miniperl". They occupy the
whole (sub)directory, and nothing needs to be done in this
subdirectory later during the "all" stage. They are also
constructed using system makefiles. We must build the .depend
early in the build-tools stage because:

1) They use (and depend on) the host environment.

2) If we don't do this in build-tools, the "depend" stage of
buildworld will do this for us; wrong library and header
dependencies will be recorded (DESTDIR=${WORLDTMP}) and,
what's worse, the "all" stage may then clobber the
build-architecture format tools (that we built in the
build-tools stage) with the target-architecture format
ones, breaking cross build.

In the second category there are all other build-tools. They
share their directory with the "main" module that needs them
in the "all" stage, and they don't show up themselves in the
.depend file. The portion of this fix was already committed
in gnu/usr.bin/cc/cc_tools/Makefile,v 1.52.

4. "libperl" is no longer a build tool, and "miniperl" is the
stand-alone application. I had to make this change because
build-tools and "all" stages share the same object directory.
Without this change, if we cross compile, libperl.a is first
built for the build architecture during the build-tools stage
(for the purposes of immediate linkage with "miniperl").
Later on, the "all" stage sees this library as up-to-date,
and doesn't rebuild it. The effect is that the wrong format
static libperl library is installed with installworld.

5. Fixed "includes" to install secure/lib/libtelnet headers if
required.

Reviewed by: bde

Fixed world breakage in rev.1.13. -lpam must never be used directly since
it doesn't work for static linkage.

Diff reduce all the crypto telnet Makefiles.

mdoc(7) police: s/NetBSD/.Nx/ where appropriate.

mdoc(7) police: join split punctuation to macro calls.

Link to libcipher in the usual way. `bdes' depended on a nonexistent
library. This only worked because of the undocmented feature of make(1)
that targets named foo.a are always up to date.

Fixed some style bugs.

Revamp and diff-reduce the various secure telnets. Make sure that
Kerberos5 has _a_ telnet (which is not currently K5 enabled).
Incorporate BDE's static linking fixes.

Fixed world breakage when NOSHARED=yes. libmp now depends on libcrypto,
so it must be linked before libcrypto to work right.

Added missing DPADD and CLEANFILES.

mdoc(7) police: removed HISTORY info from the .Os call.

Remove stale file.

Enable Kerberos 5 support in sshd again.

Update for OpenSSL 0.9.6a

MFC after: 2 weeks

Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the libraries necessary for static linkage.

Fixed missing ${LIBPAM} in DPADD.

Fixed some style bugs in DPADD and LDADD.

Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the lbraries necessary for static linkage.

Fixed new and old bugs in DPADD. ${LIBPAM} was missing, and the
library order was different from that in LDADD so `make checkdpadd'
reported a non-bug.

Add PAM support to SRA authentication. Cribbed mostly from ftpd. This
doesn't solve the problem of root being allowed to log in, but that sort
of thing is something PAM should be doing anyway.

Update to OpenSSH 2.9. Somehow this missed getting committed yesterday.

Don't build with Kerberos 5 support for now. I'll fix this soon,
but I don't want to break Kerberos 5 users' worlds too much in the
meantime.

Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new
programs are now included: sftp(1) and ssh-keyscan(1).

Add the new version.c to libssh.

Reactivate SRA.

Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.

Merged src/lib/libtelnet rev.1.9 (fixed removing of obsolete shared
library: wrong library directory, wrong library extension and wrong
comment). This is mainly of historical interest, if any. The library
that gets removed is aout.

Also, backout the beforeinstall -> afterinstall change in rev.1.20
that was required to install proper telnet.h into /usr/include/arpa.
The actual problem is in <bsd.lib.mk>, and I am going to fix it.

Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.

Approved by: markm

secure/ build fixes:

- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a
in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.

- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
New LIBSSH is introduced for libssh.a (an internal static lib).
Previously, build without prior `obj' was broken; SSH modules
always looked for libssh.a in ${.OBJDIR}. Also, the dependancies
on the libssh.a were missing.

- libtelnet/ did not install the crypto version of telnet.h into
/usr/include/arpa.

- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.

Reviewed by: markm

- MAN[1-9] -> MAN.

disable SRA
this impacts negatively to POLA since once autologin is enabled,
telnet will prompt for a password using getpass() and thus not allow
the usual signal characters or C-]

Attempt to fix the problem with -j builds, and du-uglify the asm code
generation and assembly targets.

Help from: bde, obrien

Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by: Paul Herman <pherman@frenchfries.net>

MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6

Install the des.h link under ${DESTDIR}. Fixes buildworld.

Submitted by: Christian Weisgerber <naddy@mips.inka.de>

Clean up the installation of the compatibility libdes header/library
symlinks

Pointed out by: bde

Don't override CPUTYPE (actually this predates the <bsd.cpu.mk> use of
CPUTYPE, and I forgot I used it here already)

Pointed out by: bde

setlocale(3) has been fixed to match POSIX standard:
LC_ALL takes precedence over other LC_* envariables.

Update the list of OpenSSL manpages (now contains many more describing
libssl, for example), and hide it behind a make.conf option,
WANT_OPENSSL_MANPAGES, instead of having it commented out. We still can't
install these by default because of clobbering of a number of system
manpages with the same name, but they're there for people who want them.

Add back a missing file from the no-asm case

Submitted by: gallatin

Remove a remnant of my attempt to get alpha asm code working. OpenSSL
does include code for the alpha, but as far as I can tell, it is
non-functional (e.g. it's not even compiled by the native openssl build on
the alpha).

Noticed by: gallatin

Introduce support for using OpenSSL ASM optimizations. This is done
through the use of a new build directive, MACHINE_CPU, which contains a
list of the CPU generations/features for which optimizations are desired.
This feature will be extended to cover the ports tree in the future.

Currently OpenSSL provides optimizations for i386, i586 and i686-class
CPUs. Currently it has not been tested on an i386 or i486.

Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not
defined (namely, the lowest common denominator CPU we support for each
architecture). Currently this is i386 for the i386 architecture and ev4
for the alpha. sys.mk also sets the variable as a last resort for
consistency with MACHINE_ARCH and bootstrapping from very old versions of
make.

Benchmarks show a significant speed increase even in the i386 case, with
additional improvements for i586 and i686 systems. For maximum performance
define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.

Based on a patch submitted by: Mike Silbersack <silby@silby.com>
Reviewed by: current

Define HAVE_PAM_GETENVLIST for build. Now environmental variables set
by PAM modules will be exported (correctly).

Fixed missing include of <unistd.h> and wrong prototype for setkey().

Add .Lb libcipher

PR: 24434
Submitted by: Bill Cheswick <ches@bell-labs.com>

man(7) -> mdoc(7).

Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)

Update for OpenSSH 2.3.0.

Fixed a typo from the last commit.

Submitted by: Mike Heffner <mheffner@vt.edu>

Correct some fallout from the semi-automated way I updated the makefile.

Submitted by: roberto

Disable /usr/bin/ssh being setuid root by default. Let the variable
ENABLE_SUID_SSH being defined reenable it for those that want it.

This follows discussion favoring the change from September. It
is not usually necessary to be setuid root, possibly less safe,
and less convenient (cannot use $HOSTALIASES, for example).

Submitted by: jedgar

Update for OpenSSL 0.9.6

Fix up the build for the STARTTLS version of sendmail (again). This method
mimics that of tcpdump in that for normal builds, sendmail will only be
built once. For 'make release', it is built once for the bin dist and
once for the crypto dist. This method also removes the need for two separate
Makefiles (which could become out of sync).

Suggested by: bde
Assisted by: kris

Do not override BINDIR settings from subdirectory Makefiles.

Submitted by: bde

../Makefile.inc was clobbering BINDIR so sendmail was being installed in
/usr/sbin/ instead of /usr/libexec/sendmail/

Submitted by: bde

Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSL

Given that sendmail's STARTTLS support requires OpenSSL and the bootstrap
issues that brings, build the non-TLS version of sendmail in
src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail.
This allows the TLS version to be part of the secure distribution when
building a release.

Remove STARTTLS support as it breaks builds without crypto installed.
Waiting to hear back regarding the best way to do this.

With apoligies to Greg Shapiro, fix the world. The previous commit
lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than
appending to them with +=.

Style fixes

NOCRYPT imples NO_OPENSSL.
Still need to solve the distribution problem.

Submitted by: kris

Build sendmail with STARTTLS support unless NO_OPENSSL is set.

Overhaul of the build-time include file generation. Don't break in evp.h
if bootstrapping from a system on which the openssl headers are not
already present.

Give users a way to alter the sendmail (and related utilities) build
environment so they can enable functionality such as SASL, LDAP, Hesiod.

Only build sftp-server conditionally

Add sftp-server

Allow users to add libraries for sendmail (e.g. Cyrus SASL)

Obtained from: Sergei Vyshenski <svysh@pn.sinp.msu.ru>

Update for OpenSSH 2.2.0

Nuke RSAREF support from orbit.

It's the only way to be sure.

``Anyone is now free to rub two primes together for their own gratification''
-- Unknown

Now that the RSA algorithm is released into the public domain, build
librsaintl by default unless NO_RSAINTL is set in make.conf.

The native OpenSSL implementation of RSA is much faster, doesn't have
an artificial keysize limitation, has 30% fewer calories and tastes great!

Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
was using this feature.

Make the temporary file _evp.h instead of evp.h to not conflict with
the real evp.h.

Reported by: markm

Add missing quotes around xauth path

Generate a new evp.h at build-time instead of install-time to properly
support NFS(ro) installworlds.

Respect X11BASE to derive the location of xauth(1)

PR: 17818
Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>

Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now. In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by: peter

Turn on support for IPv6

Get rid of the /etc/aliases -> /etc/mail/aliases hack. /etc/mail/aliases
now exists in the distribution.

The rest of the changes needed to support the new version of sendmail (8.11.0).
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.

Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by
getting rid of the check for NO_IDEA (in evp.h) completely if it's
installed without MAKE_IDEA=YES.

Install the openssl(1) manpage with an MLINK from ssl(8) to at least put
something in the location where OpenSSH likes to point.

Don't build sshd if NO_OPENSSL defined.

Submitted by: stephen@math.missouri.edu

Don't build crypto-enabled telnetd if NO_OPENSSL is defined, since it
attempts to link against libcrypto.

WITH_IDEA --> MAKE_IDEA fix.

Add missing $FreeBSD$ to files that are NOT still on vendor a branch.

Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using
MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to
confuse myself last time and made make.conf different to the code. ;-(

Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>

Argh. Cut/paste transcription error. Fix syntax of previous commit.

USA_RESIDENT is forced to YES or NO at the start of Makefile.inc1
Use that to be the final arbiter of whether or not to build the
librsaintl.so plugin for openssl/openssh. Add a magic WANT_RSAINTL flag
to force building even if USA_RESIDENT=YES.

MFI. This is a documentation-only, diffreducing patch, that if
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.

Link explicitly against -lmd. I'm not sure what was pulling this in
on -current, but it doesnt do it on -stable.

Add a new file to SRCS

/dev/urandom is the default random device, so no use in stateing it here.
Also simplify the conditionals a little.

This version is slightly better than rev 1.10. There are still missing
dependencies for openssl/*.h. I cannot reproduce any critical race
conditions with this revision.

Use unadorned `mkdir -p', removing the "test ... ||".
There are sometimes problems with "&&" and "||" in the `make -j' case, as
it appears multiple processes may process parts of the execution line.

Update for OpenSSH 2.1

Use the C locale for running date(1).

Submitted by: ache

Update for OpenSSL 0.9.5a and clean up a bit.

Update for OpenSSL 0.9.5a and clean up a bit.
Take responsibility for this makefile again :-)

* Fix dependancies so that ``make depend'' is not required.
* Some style fixes

Approved by: kris

* Fix dependancies so that ``make depend'' is not required.
* Some style fixes

Approved by: kris

Add libcrypto to LDADD. This fixes problems seen with e.g. apache-modssl

Submitted by: Jim Bloom <bloom@acm.org>

Missed a fix for the new openssh; this fixes make world.

Update for latest OpenSSH

Add a new function stub to libcrypto() which resolves to a symbol in
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.

Make LOGIN_CAP work properly.

Submitted by: ache

Buildworld fixes for NO_OPENSSH and NO_OPENSSL

Approved by: jkh

Build a shared library too - ports expect it.

Reviewed by: peter
Approved by: jkh

Merge from internat.freebsd.org; cleanup stray rsaref glue code reference

MFI: Make ssh and sshd link in the krb5 part of make release.

Reviewed by: markm

Resurrect the old libdes manpages (after a repo copy) until we have better
ones.

Merge from internat.freebsd.org: add libcrypto to librsaUSA's symbol search
path so that ERR_load_strings() is found in certain circumstances
involving dlopen(). eg: main program dlopened foo.so which is linked
against libcrypto. If libcrypto then dlopens librsaUSA.so, then it's
search path doens't find libcrypto (!). One "fix" is to force
modules (eg main opening foo.so) to use the RTLD_GLOBAL flag, the other
is to explicitly declare dependencies (as done here).

MFI: stupid typo of mine.

Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt
symlinks. The name is against my better judgement, but I defer to ancient
tradition here because I'm a nice guy.

Reviewed by: -current

New distribution names.

New distribution name.

Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)

Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.

Merge from internat.freebsd.org; deal with -DRSAref the same way as
libcrypto - not that it means much on the US code tree.

Merge from internat.freebsd.org; make RSAREF=YES work correctly, although
this is not very useful as the US repo is missing bits.

Create a stub libRSAglue for bsd.port.mk's sake

Don't pull in libRSAglue for the rsaref case. Since this is linked
dynamically by default, we use the dlopen() calls to load librsaref.so
on US code trees.

Fold libRSAglue into libcrypto so we don't have to special-case
all the builds. There is still no actual RSA implementation code
in libcrypto or src/* on US code trees.

Sync with internat; delete a trailing space

Remove port components not needed in 4.n+

Submitted by: Half the freaking planet....

libdes is OBE

Build everything properly. This means:

o Don't b uild libdes.

o Crypto is now housed in libcrypto (with a compatability symlink to
libdes)

o RSA may depend on RSAREF at your locale.

o OpenSSH is now a part of the base system.

Add the OpenSSH userland-building Makefiles.

Freefall/Internat diff reducer.

Freefall/Internat diff reducer.

Freefall/Internat diff reducer.

Diff reducer. Comes from Internat.

Remove useless whitespace.

Part of big commit OK'ed by: JKH

Back out the previous commit - it broke world and was not approved.
I don't know what I was thinking committing without approval - sorry.

Link dynamically, not statically.

Add NO_OPENSSL knob to turn off building of openssl

Requested by: wollman

Add NO_OPENSSL knob to turn off building of openssl

Requested by: wollman

another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project

Don't search for libraries in ${LOCALBASE}. This should fix the problems
people were seeing with conflicts with the openssl port.

Activate librsaglue

Move the rsaref gunk to libRSAglue where ports expect it.

Build infrastructure for libRSAglue, required for compatability with
ports even though it doesn't seem to do anything which requires it
to be separate from libcrypto.

The wrong version of the file was committed previously which explains the
problems seen here.

Turn back on openssl building.

Turn back on libcrypto and libssl building.

*** empty log message ***

Add MAINTAINER tag so people don't feel the need to randomly frob with this.

We cannot have libcrypto, and therefore OpenSSL at all, without RSA.
If you need examples of breakage, I'm ready to provide more than a
few.

Connect OpenSSL to the build.

Build infrastructure for OpenSSL

Really really remove SHA-1 support.

Routines needed by new kerberos.

Remove the SHA stuff properly.

Since /etc/sendmail.cf got moved to /etc/mail/sendmail.cf, a 'make world'
would leave you with a broken sendmail and local mail loss.
This evil hack moves sendmail.cf from the old location to the new one (if
required) at install time.

Install sendmail in it's new location.

RIP xntpd.

I missed the LDADD/DPADD for -lmd in the secure cases. :-(

Pointed out by: marcel

Revert -lmd changes now that libcrypt doesn't expose this binutils/ld
bug any more.

Add libmd to DPADD and LDADD.

Dont build telenet if we are going for kerberised telnet; this just
jumps all over kerberised telnet otherwise.

Make telnet with SRA work.

Submitted by: Nick Sayer

Colour me stupid. This is a better way of using the macros.

Do this the same way as Internat to reduce diffs.

Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons.
Revert the major number back to 2.

libcrypt only export one function, before the recent changes and now:
char *crypt(const char *key, const char *salt);
The prototype didn't changed. Internal representation of `char' and `char *'
didn't changed. Therefore, there is no reason to change the version number.

Restore SONAME setting, otherwise libdescrypt.so.3 doesn't end up with
a special SONAME of libcrypt.so.3 and the runtime symlink doesn't work.

Make this completely dependant on the exportable libcrypt, to avoid
duplication of effort. Also a large cleanup of the code, inspired
by Brandon Gillespie.

libdes is bmaked and built from src/crypto/... now.

This commit was generated by cvs2svn to compensate for changes in r50894,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r50760,
which included commits to RCS files with non-trunk default branches.

$Header$ -> $FreeBSD$

$Id$ -> $FreeBSD$

Claim ownership

Various man page cleanup:

- Be consistent with section names as outlined in mdoc(7).
- Other misc mdoc cleanup.

Typo in comment.

Enable tcp_wrapper support by default.

MaxHeaderLines is now MaxHeadersLength (in bytes)

Support 'O MaxHeaderLines=' to override the default header count and line
length limits. The configuration keyword is: confMAX_HEADER_LINES

Fix symlinking. Without the -f "force" option, the wrong version
can be found.
Submitted by: Bruce

The new crypt code breaks "make world". Back it out.

Removed from the secure/lib/libcrypt area, because of the rewrite to how
the Makefile handles des support by just including the single .c file.

Reviewed by: Mark Murray

Update for 8.9.2 (new file, control.c)
Also, turn on support for the MaxMimeHeaderLength option in sendmail.cf.

Remove useless `BINOWN=root' now that it is the default.

BINFORMAT -> OBJFORMAT ready for E-day. Untested 'cause I'm outside
the US and not allowed to see this. I kept my eyes closed. 8-)

Connect up sendmail-8.9.1

Staticise a variable.
PR: 4722
Submitted by: Karl Denninger

Changes to support full make parallelism (-j<n>) in the world
target.
Reviewed by: <many different folks>
Submitted by: Nickolay N. Dudorov" <nnd@nnd.itfs.nsk.su>

Teach libdescrypt about elf builds.

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Sort cross references.

Secure telnet is now in eBones.

Remove references to TELNET*.

Fold sendmail-8.8.2 changes into files that have been touched.

(^!&@$#&^! delete !!@^@^ trailing !@^&#$!& whitespace!!!)

cmp -s || install -c --> install -C

Same as non-secure telnetd, add support for ``-P altlogin'' to specify
an alternate /usr/bin/login type program to be run.

This commit was generated by cvs2svn to compensate for changes in r17497,
which included commits to RCS files with non-trunk default branches.

Some breakeages sneaked in. This fixes them.
(this relates to a name change in a library that was not properly backed
up by the author)
Reported by: too mant :-(

Merge, remove rubbish and bump the MAJOR.MINOR to 3.0

This commit was generated by cvs2svn to compensate for changes in r17330,
which included commits to RCS files with non-trunk default branches.

Mrege conflicts etc.

This commit was generated by cvs2svn to compensate for changes in r17315,
which included commits to RCS files with non-trunk default branches.

Add necessary item to CLEANFILES

Bring in my changes for removing the pestilent obj links (unless you
really want them) from /usr/src. This is the final version of the
patches, incorporating the feedback I've received from -current.

Bring in a change that got lost when we spammed over the CVS repository
to fix the mega-commits spamming.

pst 96/05/29 20:09:25

Modified: secure/usr.bin/telnet Makefile main.c
Log:
Remove obsolete SOCKSv4 support

Submitted by: pst
Obtained from: A mirrored CVS repository that will disappear next SUP

Localize time

Add extra targets a' la' eBones/Makefile for release/Makefile.
(bootstrap etc)

Add randomness from /dev/random if it is available.

Add support for socks

typo shmrsh -> smrsh

Enable proper installation of sendmail restricted shell smrsh(8).

This program is a wrapper for the prog mailer in sendmail. It does shell
meta character masking and restricts the list of executables to those found
in /usr/libexec/sm.bin.

The default sendmail.cf file does not use this tool, however you can enable
it by either changing /bin/sh to /usr/libexec/smrsh or adding the line
FEATURE(smrsh) into your sendmail .mc file and rebuilding your .cf file.

For more info, RTFMP.

Split libcrypt and libcipher man pages.

Split the libcrypt and libcipher man pages.

Install crypt.3 so that libcipher will install if /usr/share/man
has been blown away. Previously it depended on an existing
crypt.3 to be present for the man page links to install properly.

Comment out the NOPROFILE=yes to make this orthogonal with the rest of our
libs.

Big clean-up job. Remove ancient and never-to-be used stuff.
The look much more like BSD Makefiles now.

Fix typo #ifdef -> .if defined().
Tidy uo this file a bit.

Fix typo - -des -> -ldes

Sense MAKE_EBONES, DESTDIR
SRCS, DPADD cleanup

Sense MAKE_EBONES, DESTDIR
SRCS cleanup
DPADD cleanup

Sense MAKE_EBONES, DESTDIR
SRCS cleanup
DPADD cleanup

Add back missing crypt.3 man page.

Another round of man page cleanups.

Down to only about 100 items left to cleanup! :-)

Add the new libdes to the build

Rats. Forgot to `cvs add' this.

iImport a FreeBSD Makefile, BSD-ise the header and correct a typo. As the
interface has changed a bit (there are more rentry points), the
shared library has been bumped to libdes.so.2.1.

This commit was generated by cvs2svn to compensate for changes in r14009,
which included commits to RCS files with non-trunk default branches.

Correct some manual page cross reference errors. E.g. su is a section
one man page, not section eight. This is the first round of such changes
and only fixes man pages in manual section one.

This commit was generated by cvs2svn to compensate for changes in r13122,
which included commits to RCS files with non-trunk default branches.

recording cvs-1.6 file death

Pick correct library dir whenever obj exists or not

Dual personality crypt(3). This crypt will choose its encryption algorithm
(DES or MD5) based on the type of salt used. Salt beginning with "$1$"
indicates MD5.

*GULP* cvs remove the uncomfortably large list of files that are no longer
part of sendmail 8.7.2...

Re-disable the cf/cf SUBDIR - we were not building it before anyway.
The Makefile down there does not handle the obj dir well..

Import Sendmail-8.7.2 as discussed on -current.

The conflict merge will happen shortly after.

Remove LD_NOSTD_PATH unsetenv, it isn't exist anymore

Fix original patch error with ! before strncmp
Zap only needed LD_* variables

Don't allow LD_* env. variables to be tricked
Submitted by: Sam Hartman <hartmans@mit.edu>

Remove MAKE_EBONES conditionals. They were originally placed here because
of missing functionality in our libkrb which is no longer a problem.

Remove duplicated targets which now build from main tree
if available and allowed

Add TELNETOBJDIR and CRYPTOBJDIR for use in LDADD entries. This makes
secure reference the libraries that were just build instead of in /usr/lib.

Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES.

Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES.
Fix up some of the des calls to be compatible with eBones.

sys_term.c: killed sleep(1) as this should no longer be a problem with
the move of startslave().
telnetd.c: fix bug introduced with the move of startslave()...the number
of arguments was wrong and "level" and "user_name" had to be made globals.

Move erase cleanup outside linemode conditional

Avoid race condition with telnet options processing (login: prompt lost).

Submitted by: John Capo & Peter Wemm

Set erase character for login: prompt.

Submitted by: Peter Wemm & John Capo

Do NOT compile with -DKLUDGELINEMODE...hoses many telnet clients

Import Sendmail v8.6.12, onto the CSRG(!) branch.
A seperate commit to fix the conflicts wil follow.

Comment out LDADD+=-ldescrypt, it is not yet active due to
missng defines for krb4encpwd and rsaencpwd and missing rsa library too.

Change default banner to FreeBSD, properly ifdefed by __FreeBSD__
Reviewed by:
Submitted by:
Obtained from:

After pst and ache fixed secure telnet, it was still not in the main
makefiles. This puts it in.

PLEASE NOTE - YOU WILL NEED TO BUILD AND INSTALL THE libtelnet IN secure/
Reviewed by:
Submitted by:
Obtained from:

Final cleanup pass through Makefiles, now this stuff
autodetect kerberos/eBones and work even with eBones,
but with reduced functionality (don't pick up des/krb stuff
in this case)

Add -ldescrypt, or wrong crypt version can be picked from libc
Reviewed by:
Submitted by:
Obtained from:

Add LDADD+= -ldescrypt
Reviewed by:
Submitted by:
Obtained from:

Move -ldes under kerb stuff, my fault
Reviewed by:
Submitted by:
Obtained from:

Since this stuff not works with eBones, ifdef kerberos stuff
with MAKE_KERBEROS to allow other things to live
Reviewed by:
Submitted by:
Obtained from:

Since this stuff not works with eBones, ifdef kerberos stuff
with MAKE_KERBEROS to allow other things to live
Submitted by:
Obtained from:

Add comment about new_rnd_key.c module needed from original
libdes (and not present in eBones libdes)

Add comment about new_rbd_key.c module needed from
original libdes

Fix dependances, typing errors, etc.
Note: this thing need original libdes not Eric Young libdes from eBones
Submitted by:
Obtained from:

Point to proper DESTDIR now
Reviewed by:
Submitted by:
Obtained from:

Fix many bogus things, typing error, dependance errors, etc.,
now it compiles.
Note: this stuff requires original libdes, not libdes from
Eric Yang which we have in eBones.

When hostname len > 8, name replaced with dot notation when -u flag
not specified (default case).
Use _PATH_* for utmp/wtmp.

Support for >32 PTYs.
>Submitted by: Heikki Suonsivu <hsu@cs.hut.fi>

Plug already known security hole. (Brought over from 1.1.5):
Fixed security problem with telnetd, which allowed
telnet -l -hcert.org localhost
to change the user's host in utmp.
Thanks to Matthew Green <mrgreen@@mame.mu.oz.au> for showing me this one.

>Reviewed by: karl, guido
>Submitted by: mrgreen@mame.mu.oz.au

Obtained from: FreeBSD insecure telnetd

The final negotiation of DO_BINARY in the LINEMODE portion of the telnetd code
causes some clients that do not support linemode to mis-interpret the return
key (i.e. double returns).
The fix is to only do the state check for binary options if linemode will
be used.
Closes PR#505.

Submitted by: Charles Henrich
Obtained from: FreeBSD insecure telnetd

Update telnet to the 95.05.31 release.

Obtained from: Dave Borman <dab@cray.com>

Remove trailing whitespace.

Argh! Another instance of DES rather than des that I forgot. Truly,
this keyword is in too many places! :(

Rename secure to DES.

This commit was generated by cvs2svn to compensate for changes in r7283,
which included commits to RCS files with non-trunk default branches.

Security fixes.
CERT Advisory CA-95:03.telnet.encryption

Obtained from: CERT

Change name of secrdist to secure.

Fix secrdist sharedlib bug.

des DISTRIBUTION became secrdist.

fix libdescrypt reference.

Make the "distribute" target build the "des" distribution. Make des'ed
init and ed, by pointing to real sources.

!Just! fixing makefile, no code changes Geoff

More elegant fix for short settings.
(Our existing fixes already plugged the security holes involved.)
Submitted by: Geoff Rehmet after consultation with David Burren

Add libcipher.a: libcrypt exports only crypt() but not des_setkey()
which is in libcipher.a

Change all references to LIBTERM and -ltermlib to LIBTERMCAP and -ltermcap

fix bogus .include
Submitted by: Geoff.

add libcipher to Makefile
Submitted by: Geoff.

- Remove crypt() - it's in libcrypt
- remove ^L's - CTM will probably choke on them
- add PRECIOUSLIB to Makefile
- name changes libcrypt -> libcipher
Submitted by: Geoff.

This commit was generated by cvs2svn to compensate for changes in r2546,
which included commits to RCS files with non-trunk default branches.

Back out static hacks & build of usr.bin until Geoff informs the
world of his master plan.

Submitted by: pst

Remove static in front of declarations for des_setkey and des_cipher
so that linking against -lcrypt (-ldescrypt) will give us the good
versions instead of the stubs in libc. (These changes need to be
made to the non-US version of libdescrypt too!)

Allow building and support for bdes program.
A bit more work still needs to be done on secure telnet.

Submitted by: pst

This commit was generated by cvs2svn to compensate for changes in r2316,
which included commits to RCS files with non-trunk default branches.

Hopefully fix bogus permissions.

Install libdescrypt.so immutable.

Fix afterinstall rule for generating links to the real libcrypt
Submitted by: Geoff

This commit was generated by cvs2svn to compensate for changes in r2050,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r2047,
which included commits to RCS files with non-trunk default branches.

when making test programs, look for libdescrypt, not libcrypt
Submitted by: Geoff Rehmet

1) don't make bdes yet
2) fix .include in secure/lib/Makefile.inc
3) fix afterinstall rule in libcrypt/Makefile
Submitted by: Geoff Rehmet

Install secure/lib/libcrypt as libdescrypt, and symlink it to
libcrypt. There may be a little modification neede to this makefile once
we start working on tidy make world's.
Submitted by: geoff.

add lib subdir

add Makefiles for secure/lib. Makefile.inc just includes src/lib/Makefile.inc
in order to get things like SHLIB_MAJOR etc.

Modify libcrypt so that the only exported symbol is _crypt().
Submitted by: Geoff Rehmet

This commit was generated by cvs2svn to compensate for changes in r1956,
which included commits to RCS files with non-trunk default branches.

Unecumbered securedist from FreeBSD 1.1.5.1 - sources for libcrypt.
The next commit will remove all symbols except _crypt()
Reviewed by: Geoff Rehmet
Submitted by: David Burren

Allow the `bdes' program to compile.

Moved from usr.bin/bdes for export-control.

BSD 4.4 Lite usr.sbin Sources