279264 |
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so |
274110 |
04-Nov-2014 |
des |
[SA-14:24] Fix denial of service attack against sshd(8). [SA-14:25] Fix kernel stack disclosure in setlogin(2) / getlogin(2). [SA-14:26] Fix remote command execution in ftp(1). [EN-14:12] Fix NFSv4 and ZFS cache consistency issue.
Approved by: so (des) |
259065 |
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
255829 |
23-Sep-2013 |
des |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise.
Approved by: re (marius)
|
255760 |
21-Sep-2013 |
des |
Replace claims that DES is a strong cryptosystem with a warning stating that it should no longer be considered secure.
Approved by: re (gjb)
|
255460 |
10-Sep-2013 |
des |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records.
Approved by: re (blanket)
|
255386 |
08-Sep-2013 |
des |
Make libldns and libssh private.
Approved by: re (blanket)
|
249971 |
27-Apr-2013 |
ed |
Remove references to MK_IDEA.
As of r249959, we want to build with IDEA support enabled unconditionally. As this change removed the MK_IDEA flag, update these Makefiles accordingly.
|
248619 |
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
248617 |
22-Mar-2013 |
des |
Retire the mislabeled ENABLE_SUID_SSH knob.
|
246772 |
13-Feb-2013 |
jkim |
Merge OpenSSL 1.0.1e.
Approved by: secteam (simon), benl (silence)
|
245527 |
17-Jan-2013 |
bz |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
|
242692 |
07-Nov-2012 |
kevlo |
Fix typo; s/ouput/output
|
240075 |
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
238407 |
12-Jul-2012 |
jkim |
Sort ASM definitions by crypto module for slightly easier maintenance. Specifically, GHASH_ASM belongs to crypto/modes.
|
238405 |
12-Jul-2012 |
jkim |
Merge OpenSSL 1.0.1c.
Approved by: benl (maintainer)
|
237666 |
27-Jun-2012 |
jkim |
Regen ca(1) for r237658. This re-applies r227458, i.e., add a missing "be".
|
237657 |
27-Jun-2012 |
jkim |
Merge OpenSSL 0.9.8x.
Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
|
236304 |
30-May-2012 |
bz |
Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
|
233432 |
24-Mar-2012 |
eadler |
Restore the ability to use a non-standard LOCALBASE to sshd Add the ability to use a non-standard LOCALBASE to ssh
Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136)
|
233136 |
19-Mar-2012 |
eadler |
X11BASE is not used any more and has been killed by the x11 team.
Reviewed by: ??? Approved by: ??? MFC after: 3 days
|
231986 |
22-Feb-2012 |
kevlo |
Return NULL on error rather than ":", per the crypt(3) man page. Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
|
228307 |
06-Dec-2011 |
kib |
Force linker error when created shared library contains a relocation against text. Provide the override switch to turn off the strict behaviour. Apparently, openssl libcrypto needs it due to assembler code not being PIC.
Discussed with: bf MFC after: 2 weeks
|
227458 |
11-Nov-2011 |
eadler |
- add a missing "be" and "in" - fix other errors introduced when committing r226436 - add 'function' to a sentence where it makes sense
Submitted by: delphij Submitted by: dougb Submitted by: jhb Approved by: dougb Approved by: jhb
|
226436 |
16-Oct-2011 |
eadler |
- change "is is" to "is" or "it is" - change "the the" to "the"
Approved by: lstewart Approved by: sahil (mentor) MFC after: 3 days
|
226046 |
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
221420 |
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
218723 |
15-Feb-2011 |
dim |
Fix some leftover binaries and shared libraries in the system that still have an executable stack, due to linking in hand-assembled .S or .s files, that have no .GNU-stack sections:
RWX --- --- /lib/libcrypto.so.6 RWX --- --- /lib/libmd.so.5 RWX --- --- /lib/libz.so.6 RWX --- --- /lib/libzpool.so.2 RWX --- --- /usr/lib/liblzma.so.5
These were found using scanelf, from the sysutils/pax-utils port.
Reviewed by: kib
|
216167 |
03-Dec-2010 |
simon |
Regenerate manual pages for OpenSSL 0.9.8q.
|
215698 |
22-Nov-2010 |
simon |
Regenerate manual pages for OpenSSL 0.9.8p.
|
212463 |
11-Sep-2010 |
brucec |
Revert changes of 'assure' to 'ensure' made in r211936.
Approved by: rrs (mentor)
|
211936 |
28-Aug-2010 |
brucec |
Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
|
211934 |
28-Aug-2010 |
nwhitehorn |
Repair some build breakage introduced in r211725 and garbage collect some code made obsolete in the same commit.
|
211725 |
23-Aug-2010 |
imp |
MFtbemd:
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want to test of all the CPUs of a given family conform.
|
211243 |
12-Aug-2010 |
will |
Fix buildworld -DNO_CLEAN when using with Perforce, which marks files as read-only by default, meaning files copied can't be overwritten next time.
Reviewed by: imp Approved by: ken (mentor)
|
210843 |
04-Aug-2010 |
jchandra |
Whitespace fix for last check-in, move empty line to below endif.
|
210842 |
04-Aug-2010 |
jchandra |
MIPS 64 bit support.
When compiled for MIPS n64 ABI - DES_LONG should be 'unsigned int' - BN_LLONG should be undefined - SIXTY_FOUR_BIT_LONG should be defined.
|
209890 |
10-Jul-2010 |
nwhitehorn |
OpenSSL configuration for powerpc64
Obtained from: projects/ppc64
|
206048 |
01-Apr-2010 |
simon |
Regenerate manual pages for OpenSSL 0.9.8n.
|
206047 |
01-Apr-2010 |
simon |
- Make it slightly simpler to update OpenSSL version information for regenerating OpenSSL manual pages. - Explicitly set the OpenSSL release date so manual pages contain the date OpenSSL was released and not just the date OpenSSL was imported into the FreeBSD base system. - Update for Makefile for OpenSSL 0.9.8n.
|
205129 |
13-Mar-2010 |
simon |
Regenerate manual pages for OpenSSL 0.9.8m.
MFC after: 3 weeks
|
205128 |
13-Mar-2010 |
simon |
Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support.
MFC after: 3 weeks
|
204949 |
10-Mar-2010 |
des |
Revert r204939
|
204948 |
10-Mar-2010 |
des |
Forgot to svn add the Makefile.
|
204939 |
10-Mar-2010 |
dougb |
Fix the build. The ssh-pkcs11-helper directory is empty, which is causing confusion.
|
204917 |
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
204355 |
26-Feb-2010 |
ru |
(Almost) fixed static linkage. The remaining problem is with libgssapi.a and libgssapi_krb5.a libraries that define the same symbols.
|
204340 |
25-Feb-2010 |
des |
Fix 'make checkdpadd'
Submitted by: ru@
|
204334 |
25-Feb-2010 |
des |
Remove -static; it was a failed experiment that got committed by accident.
|
201381 |
02-Jan-2010 |
ed |
Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and lower it when needed.
I'm setting WARNS?=0 for secure/. It seems secure/ includes the Makefile.inc provided by lib/. I'm not going to touch that directory. Most of the code there is contributed anyway.
|
201210 |
29-Dec-2009 |
trasz |
Remove pppd, it's gone.
|
199131 |
10-Nov-2009 |
des |
Fix globbing
Noticed by: delphij, David Cornejo <dave@dogwood.com> Forgotten by: des
|
198856 |
03-Nov-2009 |
jhb |
Fix a couple of comment typos.
MFC after: 1 week
|
197679 |
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
195767 |
19-Jul-2009 |
kensmith |
Bump the version of all non-symbol-versioned shared libraries in preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib Approved by: re (rwatson)
|
195626 |
11-Jul-2009 |
cperciva |
Remove build timestamps from the following files: /boot/kernel/hptrr.ko /etc/mail/*.cf /lib/libcrypto.so.5 /usr/bin/ntpq /usr/sbin/amd /usr/sbin/iasl /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc
There does not appear to be any purpose to having these timestamps, and they have the irritating consequence that the aforementioned files will be different every time they are rebuilt.
After this commit, the only remaining build timestamps are in the kernel, the boot loaders, /usr/include/osreldate.h (the year in the copyright notice), and lib*.a (the timestamps on all of the included .o files).
Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl), roberto (ntp), jkim (acpica) Approved by: re (kib)
|
194297 |
16-Jun-2009 |
jhb |
Use the closefrom(2) system call.
Reviewed by: des
|
194208 |
14-Jun-2009 |
simon |
Regenerate manual pages for OpenSSL 0.9.8k.
|
194207 |
14-Jun-2009 |
simon |
Update build infrastructure for OpenSSL 0.9.8k.
|
192595 |
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
185476 |
30-Nov-2008 |
csjp |
Enable getaudit_addr(2) for sshd again. This will un-break the subject BSM audit tokens for IPv6.
|
181111 |
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
180767 |
23-Jul-2008 |
imp |
Merge from p4:
Implement openssl config needed for mips.
Submitted by: gonzo@ Reviewed by: simon@
|
180208 |
03-Jul-2008 |
peter |
Set magic fbsd:nokeywords property that allows files to bypass keyword expansion. (file-specific replacement for CVSROOT/exclude)
|
180206 |
03-Jul-2008 |
peter |
Add $FreeBSD$
|
178828 |
07-May-2008 |
dfr |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi.
|
176844 |
05-Mar-2008 |
kris |
For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases.
However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found.
Instead, provide a copy of the default LOCALBASE?=/usr/local setting here.
We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth.
MFC after: 3 days Reported by: rwatson
|
176407 |
19-Feb-2008 |
ru |
getopt(3) returns -1, not EOF.
|
170925 |
18-Jun-2007 |
rafan |
- Bump share library version which were missed in last bump
Reported by: jhb Discussed with: deischen, des, doubg, harti Approved by: re (kensmith)
|
169425 |
09-May-2007 |
gnn |
Integrate the Camellia Block Cipher. For more information see RFC 4132 and its bibliography.
Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp> MFC after: 1 month
|
167616 |
15-Mar-2007 |
simon |
Upgrade to OpenSSL 0.9.8e.
|
163089 |
07-Oct-2006 |
ru |
Fix static compilation.
|
162915 |
01-Oct-2006 |
simon |
Upgrade to OpenSSL 0.9.8d.
|
162861 |
30-Sep-2006 |
des |
Update for OpenSSH 4.4p1.
MFC after: 1 week
|
161526 |
22-Aug-2006 |
ru |
Remove alpha left-overs.
|
160819 |
29-Jul-2006 |
simon |
Upgrade to OpenSSL 0.9.8b.
|
160433 |
17-Jul-2006 |
simon |
Enable DSO (Dynamic Shared Object) support. This makes it possible for OpenSSL to load engines run-time, e.g. for using the opensc engine port.
The OpenSSL Configure script enables DSO support on FreeBSD by default, we just don't use the Configure script during OpenSSL builds in the base system.
This is committed to -CURRENT now (before OpenSSL 0.9.8b import), so it can be tested at bit in -CURRENT before being MFC'ed to 6-STABLE.
Prodded by: ale PR: bin/79570 MFC after: 1 week
|
158529 |
13-May-2006 |
des |
Add a manual dependency on ssh_namespace.h.
Discussed with: ru
|
158519 |
13-May-2006 |
des |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh)
Suggested by: lukem@netbsd.org MFC after: 6 weeks
|
157625 |
10-Apr-2006 |
ru |
Clean generated headers.
|
157021 |
22-Mar-2006 |
des |
Add port-tun.c.
|
156837 |
18-Mar-2006 |
ru |
Provide alternate default for SHLIBDIR before bsd.own.mk does this.
Reported by: phk
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
155563 |
12-Feb-2006 |
csjp |
Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into build conditionally.
For users which do not care for audit support and do not want to compile it into their SSH servers, add the following to the /etc/make.conf:
NO_AUDIT=true
Discussed with: rwatson Obtained from: TrustedBSD Project
|
153838 |
29-Dec-2005 |
dfr |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
|
152603 |
19-Nov-2005 |
ru |
Revert last revision by phk@, it's redundant since bsd.incs.mk already handles this, FWIW.
|
149755 |
03-Sep-2005 |
des |
Update for OpenSSH 4.2p1.
|
148672 |
03-Aug-2005 |
phk |
Don't install includes if NO_TOOLCHAIN
|
148297 |
22-Jul-2005 |
kensmith |
Bump the shared library version number of all libraries that have not been bumped since RELENG_5.
Reviewed by: ru Approved by: re (not needed for commit check but in principle...)
|
147098 |
07-Jun-2005 |
des |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64.
Requested by: ru
|
147056 |
06-Jun-2005 |
des |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD.
|
147007 |
05-Jun-2005 |
des |
Update for OpenSSH 4.1p1.
|
142429 |
25-Feb-2005 |
nectar |
Update OpenSSL 0.9.7d -> 0.9.7e.
|
141988 |
16-Feb-2005 |
ru |
Define PLATFORM correctly when cross-building.
|
141651 |
10-Feb-2005 |
ru |
Sync program's usage() with manpage's SYNOPSIS.
|
140394 |
17-Jan-2005 |
dds |
Correctly hide the command arguments.
PR: bin/76374 MFC after: 2 weeks
|
139113 |
21-Dec-2004 |
ru |
NOCRYPT -> NO_CRYPT
|
139106 |
21-Dec-2004 |
ru |
NODOCCOMPRESS -> NO_DOCCOMPRESS NOINFO -> NO_INFO NOINFOCOMPRESS -> NO_INFOCOMPRESS NOLINT -> NO_LINT NOPIC -> NO_PIC NOPROFILE -> NO_PROFILE
|
139104 |
21-Dec-2004 |
ru |
NOLIBC_R -> NO_LIBC_R NOLIBPTHREAD -> NO_LIBPTHREAD NOLIBTHR -> NO_LIBTHR
|
137018 |
28-Oct-2004 |
des |
Update for OpenSSH 3.9p1.
|
136910 |
24-Oct-2004 |
ru |
For variables that are only checked with defined(), don't provide any fake value.
|
133718 |
14-Aug-2004 |
markm |
Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
|
133196 |
06-Aug-2004 |
cperciva |
Join the 21st century: Cryptography is no longer an optional component of releases. The -DNOCRYPT build option still exists for anyone who really wants to build non-cryptographic binaries, but the "crypto" release distribution is now part of "base", and anyone installing from a release will get cryptographic binaries.
Approved by: re (scottl), markm Discussed on: freebsd-current, in late April 2004
|
129209 |
14-May-2004 |
cognet |
Import the openssl conf for arm.
|
129174 |
13-May-2004 |
ru |
Record the libssl.so dependency on libcrypto.so. This should help some ports that depend on libradius that recently gained the dependency on libssl. This is also how the stock OpenSSL build would link libssl.so on FreeBSD.
Prompted by: kris OK'ed by: markm, nectar
|
128833 |
02-May-2004 |
marcel |
Fix release builds (release.3 target). We also need to rebuild libradius, because otherwise it will remain having a dependency upon libssl. This breaks the non-crypto build that happens for release.3
While here, order the list of programs and libraries.
Speculating review feedback from: ru
|
128425 |
19-Apr-2004 |
ru |
Turn MAKE_IDEA into a true "bool" type variable, as documented in the make.conf(5) manpage.
PR: conf/65738 OK'ed by: markm
|
128264 |
14-Apr-2004 |
peter |
Turn on the amd64-specific bignum code in openssl. This is actually a variant of the C code but with some scattered asm and things laid out more optimally for the platform. This means that we need to the asm directory to the search path for the amd64 case so that make can find the source.
|
127643 |
30-Mar-2004 |
dwmalone |
Remove the -pthread from the last commit, as OpenSSL doesn't actually call any pthread functions as we use compile it. We keep the -DOPENSSL_THREADS, which stops OpenSSL doing thread-unsafe stuff.
Requested by: ru
|
127616 |
30-Mar-2004 |
dwmalone |
Build OpenSSL so that it extects that is may be used in a threaded environment. This stops some ports keeling over on an OpenSSL assert. (The patch is not exactly the one from the PR, but has been refined based on advice from freebsd-threads.)
PR: 51205 Submitted by: Jim Westfall <jwestfall@surrealistic.net> MFC after: 1 month
|
127326 |
23-Mar-2004 |
markm |
Re-add the hand-optimised assembler versions of some of the ciphers to the build.
Should have done this ages ago: markm Reminded above to do this: peter
|
127131 |
17-Mar-2004 |
nectar |
Update manual pages for OpenSSL 0.9.7d.
|
126282 |
26-Feb-2004 |
des |
Update for 3.8p1, including workaround for a bug in gss-genr.c.
|
126178 |
23-Feb-2004 |
johan |
style.Makefile(5): Use WARNS?= instead of WARNS=.
|
125557 |
07-Feb-2004 |
ru |
Use the default threading library if requested.
Reviewed by: des, deischen
|
125503 |
05-Feb-2004 |
ru |
Fixed style of DPADD and LDADD assignments as per style.Makefile(5).
|
125346 |
02-Feb-2004 |
ru |
- Removed libmd from the Kerberos library set.
- Removed libopie and libmd; libopie used to serve auth-skey.c which is compiled now only to ease maintenance, as well as a few other auth-*.c sources.
Reviewed by: des
|
124651 |
18-Jan-2004 |
ru |
Added two utility targets "secure" and "insecure", analogous to "kerberize" and "dekerberize" in kerberos5/Makefile. These can be used to recompile bits with optional crypto support with and without crypto, respectively.
Reviewed by: markm
|
124638 |
17-Jan-2004 |
ru |
Once upon a time we had both "crypto" and "krb5" distributions, and rebuilt some bits with crypto but without Kerberos support (most notably SSH) during "make release", to put them into the "crypto" distribution.
Now that we don't ship the separate "krb5" distribution anymore (it's now part of the "crypto" distribuion), don't waste time recompiling SSH bits without crypto and without Kerberos support in an attempt to put them in the "base" distribution -- it just doesn't work as SSH always uses crypto code.
We avoid this by not rebuilding KPROGS from kerberos5/Makefile in release/Makefile and adding "libpam" to SPROGS in secure/Makefile to ensure it's still rebuilt without crypto support for the "base" distribution. (Disabling crypto (NOCRYPT) also disables building of Kerberos-related PAM modules, and it's OK to depend on this.)
This should be a no-op change saving some "make release" time.
|
124633 |
17-Jan-2004 |
ru |
- Properly build both crypto and non-crypto versions of the package management tools.
- Drop redundant dependency of pkg_create(1) and pkg_delete(1) on crypto libraries now that they do not link with libfetch.
|
124607 |
17-Jan-2004 |
ru |
Removed well outdated comment.
|
124250 |
08-Jan-2004 |
ru |
Cosmetics: rearrange the dependency list to match that of ssh and sshd.
Reviewed by: des
|
124249 |
08-Jan-2004 |
ru |
Fixed static linkage.
Reviewed by: des
|
124245 |
08-Jan-2004 |
des |
Use += instead of = with DPADD / LDADD.
|
124242 |
08-Jan-2004 |
des |
Enable GSSAPI support. [1] Also remove some duplicates from ssh's SRCS.
Submitted by: [1] Björn Grönvall <bg@sics.se>
|
124215 |
07-Jan-2004 |
des |
Previous commit erroneously listed some sources with .o suffixes.
|
124212 |
07-Jan-2004 |
des |
Update Makefiles for OpenSSH 3.7.1p2.
|
119116 |
19-Aug-2003 |
gordon |
Explicitly add libz and libcrypto to LDADD for any ssh utilities missing it. While not strictly required, it unbreaks the cross-build world that is resulting from moving the libraries around.
I have a more permanent solution to this problem in the works, but I asked des for permission to commit this to get the ball rolling. This also makes the ssh build more along the lines of what the openssh-portable and OpenBSD openssh Makefile glue does.
Reviewed by: des
|
119017 |
17-Aug-2003 |
gordon |
Stage 3 of dynamic root support. Make all the libraries needed to run binaries in /bin and /sbin installed in /lib. Only the versioned files reside in /lib, the .so symlink continues to live /usr/lib so the toolchain doesn't need to be modified.
|
117675 |
16-Jul-2003 |
markm |
Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version that lived in the usual places, and a crypto version that lived in crypto/telnet/. The latter was built in a broken manner somewhat akin to other "contribified" sources. This meant that there were 4 telnets competing with each other at build time - KerberosIV, Kerberos5, plain-old-secure and base. KerberosIV is no longer in the running, but the other three took it in turns to jump all over each other during a "make buildworld".
As the crypto issue has been clarified, and crypto _calls_ are not a problem, crypto/telnet has been repo-copied to contrib/telnet, and with this commit, all telnets are now "contribified". The contrib path was chosen to not destroy history in the repository, and differs from other contrib/ entries in that it may be worked on as "normal" BSD code. There is no dangerous crypto in these sources, only a very weak system less strong than enigma(1).
Kerberos5 telnet and Secure telnet are now selected by using the usual macros in /etc/make.conf, and the build process is unsurprising and less treacherous.
|
117181 |
02-Jul-2003 |
ru |
Fixed "make checkdpadd".
OK'ed by: markm
|
116015 |
08-Jun-2003 |
markm |
Fix for the NO_OPENSSL case.
Reported by: Marius Strobl <marius@alchemy.franken.de>
|
115842 |
04-Jun-2003 |
markm |
Drop this MAINTAINER bit. I'll reclaim an "Advisory Maintainership" for this area later.
|
115830 |
04-Jun-2003 |
markm |
I'm now happy that this is no longer needed. Libcrypto has all its functionality, and all its consumers have been converted.
|
115724 |
02-Jun-2003 |
markm |
Disconnect libcipher from the build. It only does DES, and we already have libcrypto to do that. Both consumers of this lib have been converted to use libcrypto. (bin/ed and secure/usr.bin/bdes).
|
115719 |
02-Jun-2003 |
markm |
Strip the private blowfish code down to only that which is required to make crypt(3) blowfish "$2a$..." hashes. Lint and warnsify.
|
115718 |
02-Jun-2003 |
markm |
Modernise. Use libcrypto instead of libcipher for DES.
|
115654 |
01-Jun-2003 |
obrien |
Ugg, wrong version. CSTD=gnu89, c89 wont do.
|
115653 |
01-Jun-2003 |
obrien |
This isn't C99 clean.
|
114709 |
05-May-2003 |
markm |
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked.
|
114302 |
30-Apr-2003 |
markm |
We no longer have a separate kerberos distribution. Its now just part of the regular security dist.
|
114283 |
30-Apr-2003 |
ru |
The including makefile's directory is tried first for .include "...".
|
114282 |
30-Apr-2003 |
ru |
Most things depend on !defined(NO_OPENSSL); make it look so.
|
114281 |
30-Apr-2003 |
ru |
NOSECURE is implied by NOCRYPT, meaning if the latter is defined we won't be here.
|
113916 |
23-Apr-2003 |
des |
Remove Kerberos IV shims.
|
113915 |
23-Apr-2003 |
des |
Update for 3.6.1p1; also remove Kerberos IV shims.
|
113436 |
13-Apr-2003 |
bde |
Silence `make -s' (echo -> ${ECHO}).
|
112942 |
01-Apr-2003 |
ru |
libtelnet depends on OpenSSL.
PR: 50507
|
112544 |
24-Mar-2003 |
charnier |
The .Nm utility
|
112097 |
11-Mar-2003 |
obrien |
Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f' doesn't need to be prefixed with '-'. Keep the pointy hat for myself for not reading the code closely.
|
112064 |
10-Mar-2003 |
obrien |
Don't error out the build if removing a "stale" symlink fails.
Pointy hat for breaking my installworld: nectar
|
111963 |
07-Mar-2003 |
mtm |
Fix mixed up arguments passed to a locally defined err(int, char *) function.
Approved by: markm (mentor) Submitted by: till toenges <tt@mail.isis.de> PR: bin/48963
|
111651 |
27-Feb-2003 |
ru |
Handle includes the normal way.
Reviewed by: markm Approved by: nectar
|
111151 |
19-Feb-2003 |
nectar |
Regenerate man pages after import of OpenSSL 0.9.7a.
|
111088 |
18-Feb-2003 |
nectar |
LIBDIR/INCLUDEDIR do not include DESTDIR.
Reported by: Andrzej Tobola <san@iem.pw.edu.pl>
|
111085 |
18-Feb-2003 |
nectar |
Follow-up to previous commit: we had a des.h symlink, too. Remove that.
|
111083 |
18-Feb-2003 |
nectar |
Previously, libcrypto contained symbols that were identical to EAY libdes, and functionally close enough so that we created symlinks (libdes -> libcrypto) to help older applications. With the import of OpenSSL 0.9.7, this is no longer true and we no longer install these symlinks. However, systems that are upgraded may have these symlinks, which could cause non-obvious breakage at build-time. Therefore, blow any old symlinks away in the `afterinstall' target.
|
110855 |
14-Feb-2003 |
nectar |
Correct path for finding asm-generating files.
|
110655 |
10-Feb-2003 |
nectar |
Install the OpenSSL man pages in /usr/share/openssl/man and remove the WANT_OPENSSL_MANPAGES knob.
|
110590 |
09-Feb-2003 |
nectar |
Do not define OPENSSL_NO_KRB5 here in CFLAGS. It is handled in opensslconf.h.
Reminded by: reports from des, obrien
|
110141 |
31-Jan-2003 |
nectar |
Re-add WANT_OPENSSL_MANPAGES knob.
Noticed by: ru
|
110049 |
29-Jan-2003 |
nectar |
Background: When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.
|
110042 |
29-Jan-2003 |
nectar |
Re-add WANT_OPENSSL_MANPAGES knob.
|
110017 |
29-Jan-2003 |
peter |
Hopefully fix world for folks not compiling IDEA (the default). NO_IDEA is now spelled OPENSSL_NO_IDEA. Update the bmake glue accordingly or the IDEA references are not stripped from <openssl/evp.h>
|
110015 |
29-Jan-2003 |
nectar |
Force OPENSSL_NO_KRB5. OpenSSL's current implementation of RFC 2712 can only be built with MIT Kerberos.
If we didn't define this here, then SSL-using applications would have to define OPENSSL_NO_KRB5 themselves in order to build.
|
110010 |
28-Jan-2003 |
markm |
Update for OpenSSL 0.9.7. No assembler code at the moment. This will follow.
|
108993 |
09-Jan-2003 |
des |
ia64 and sparc64 both have libc_r now.
|
107862 |
14-Dec-2002 |
des |
Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need. Use pthreads for PAM if the platform supports it and the user asked for it (by setting OPENSSH_USE_POSIX_THREADS)
Sponsored by: DARPA, NAI Labs
|
107133 |
21-Nov-2002 |
kris |
Remove myself as maintainer of openssl; I no longer have enough time to devote to it.
|
106618 |
08-Nov-2002 |
ru |
DON'T EVER PUT THIS BACK!
Pointy hat to: obrien
|
106538 |
06-Nov-2002 |
obrien |
Style sync with rest of FreeBSD.
|
106132 |
29-Oct-2002 |
des |
Update for OpenSSH 3.5p1.
|
103960 |
25-Sep-2002 |
markm |
Don't lint contrib'ed sources, even if the builder has asked for linting. Its Just Too Noisy.
|
103674 |
20-Sep-2002 |
ru |
Bandaid for a broken world. The real fix is somewhat more complicated and will be sent for a review.
|
103635 |
19-Sep-2002 |
ru |
Added the missing dependencies for openssl/ headers.
|
102343 |
24-Aug-2002 |
nectar |
Use `uint32_t' instead of `unsigned long', since the code assumes 32-bit arithmetic.
Reviewed by: make test
The fact that bdes(1) didn't work was Reported by: Fred Clift <fclift@verio.net>
|
100949 |
30-Jul-2002 |
nectar |
Update list of installed manual pages after regenerating them.
|
100947 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100946, which included commits to RCS files with non-trunk default branches.
|
100933 |
30-Jul-2002 |
nectar |
Update to match reality (i.e. reference libcrypto headers and libraries, not the no-longer-existent libdes).
|
100493 |
22-Jul-2002 |
ru |
s,/usr/include,${INCLUDEDIR},
|
99770 |
11-Jul-2002 |
ru |
Removed the (never used) help-distribute target from here.
(Similar targets were once used during the release building process for kerberosIV and kerberos5.)
|
99430 |
05-Jul-2002 |
des |
ssh-keysign(8) belongs in /usr/libexec, not in /usr/bin, and needs to be setuid so ssh(1) doesn't have to be.
Pointy hat to: des Submitted by: Katsuyuki TATEISHI <katsu@iec.hiroshima-u.ac.jp>
|
99066 |
29-Jun-2002 |
des |
Switch over to 3.4p1.
|
98820 |
25-Jun-2002 |
des |
No guts, no glory. Switch to OpenSSH-portable.
Sponsored by: DARPA, NAI Labs
|
98749 |
24-Jun-2002 |
des |
My previous style commits weren't entirely right. Fix some bugs I introduced, and a few more I hadn't yet fixed.
Submitted by: bde
|
98740 |
24-Jun-2002 |
des |
Previous commit made no sense.
|
98739 |
24-Jun-2002 |
des |
Fix style and unbreal static build.
|
98707 |
23-Jun-2002 |
des |
Install the new man pages.
|
98685 |
23-Jun-2002 |
des |
Update Makefiles for OpenSSH 3.3.
|
98548 |
21-Jun-2002 |
ru |
Make NO_OPENSSL actually imply NO_OPENSSH, as documented in make.conf(5).
|
96643 |
15-May-2002 |
obrien |
for OpenSSL 0.9.5a
|
96603 |
14-May-2002 |
markm |
Build using pregenerated manpages; don't use perl to translate .pod's. The translated .pod's have already been committed.
|
96594 |
14-May-2002 |
markm |
This commit was generated by cvs2svn to compensate for changes in r96593, which included commits to RCS files with non-trunk default branches.
|
96513 |
13-May-2002 |
ru |
Removed now unused INTERNALSTATICLIB. INTERNALLIB now implies NOPIC and NOPROFILE. Removed gratuitous NOMAN.
|
96462 |
12-May-2002 |
ru |
Added new bsd.incs.mk which handles installing of header files via INCS. Implemented INCSLINKS (equivalent to SYMLINKS) to handle symlinking include files. Allow for multiple groups of include files to be installed, with the powerful INCSGROUPS knob. Documentation to follow.
Added standard `includes' and `incsinstall' targets, use them in Makefile.inc1. Headers from the following makefiles were not installed before (during `includes' in Makefile.inc1):
kerberos5/lib/libtelnet/Makefile lib/libbz2/Makefile lib/libdevinfo/Makefile lib/libform/Makefile lib/libisc/Makefile lib/libmenu/Makefile lib/libmilter/Makefile lib/libpanel/Makefile
Replaced all `beforeinstall' targets for installing includes with the INCS stuff.
Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS, and for compatibility with NetBSD. Similarly for INCOWN, INCGRP, and INCMODE.
Consistently use INCLUDEDIR instead of /usr/include.
gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes were only lightly tested due to the missing contrib/libstdc++-v3. I fully tested the pre-WIP_GCC31 version of this patch with the contrib/libstdc++.295 stuff.
These changes have been tested on i386 with the -DNO_WERROR "make world" and "make release".
|
95967 |
03-May-2002 |
peter |
Pre-generate the optimized x86 crypto code and check it in rather than depending on perl at build time. Makefile.asm is a helper for after the next import.
With my cvs@ hat on, the relatively small repo cost of this is acceptable, especially given that we have other (much bigger) things like lib*.so.gz.uu checked in under src/lib/compat/*.
Reviewed by: kris (maintainer)
|
95509 |
26-Apr-2002 |
ru |
Milestone #1 in cross-arch make releases.
Do not install games and profiled libraries to the ${CHROOTDIR} with the initial installworld.
Eliminate the need in the second installworld. For that, make sure _everything_ is built in the "world" environment, using the right tool chain.
Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the buildworld process into stages, and skip some stages when SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5 dists).
Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running makewhatis(1) at the end of installworld (used when making crypto, krb4, and krb5 dists).
In release/scripts/doFS.sh, ensure that the correct boot blocks are used.
Moved the creation of the "crypto" dist from release.5 to release.2.
In release.3 and doMFSKERN, build kernels in the "world" environment. KERNELS now means "additional" kernels, GENERIC is always built.
Ensure we build crunched binaries in the "world" environment. Obfuscate release/Makefile some more (WMAKEENV) to achieve this.
Inline createBOOTMFS target.
Use already built GENERIC kernel modules to augment mfsfd's /stand/modules. GC doMODULES as such.
Assorted fixes:
Get rid of the "afterdistribute" target by moving the single use of it from sys/Makefile to etc/Makefile's "distribute".
Makefile.inc1: apparently "etc" no longer needs to be last for "distribute" to succeed.
gnu/usr.bin/perl/library/Makefile.inc: do not override the "install" and "distribute" targets, do it the "canonical" way.
release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and catpages appear in the right dists. Note that because Perl does not respect the MANBUILDCAT (and NOMAN), this results in a loss of /usr/share/perl/man/cat* empty directories. This will be fixed soon.
Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it means "make KerberosIV"), as documented in the make.conf(5) manpage. Most of the userland makefiles did not test it for "YES" anyway.
XXX Should specialized kerberized libpam versions be included into the krb4 and krb5 dists? (libpam.a would be incorrect anyway if both krb4 and krb5 dists were choosen.)
Make sure "games" dist is made before "catpages", otherwise games catpages settle in the wrong dist.
Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
|
95309 |
23-Apr-2002 |
ru |
The library itself does not depend on Kerberos bits. Otherwise, we would have broken krb4 and krb5 dists.
|
93221 |
26-Mar-2002 |
ru |
Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
|
93034 |
23-Mar-2002 |
des |
Install headers with -C. Ideally, these Makefiles should not need to override the beforeinstall target at all, but this has proven difficult to achieve.
|
92876 |
21-Mar-2002 |
des |
Use PAM instead of S/Key (or OPIE) for SSH2.
Sponsored by: DARPA, NAI Labs
|
92595 |
18-Mar-2002 |
des |
Don't forget auth-skey.c.
|
92563 |
18-Mar-2002 |
des |
Adjust for OpenSSH 3.1.
Sponsored by: DARPA, NAI Labs
|
92489 |
17-Mar-2002 |
bde |
Fixed some style bugs. Mainly, don't use ${.ALLSRC} in implicit rules. This change should have been in rev.1.37.
|
92411 |
16-Mar-2002 |
markm |
Use NO_PERL as well as NOPERL. The latter is going to (eventually) go.
|
91754 |
06-Mar-2002 |
markm |
No functional change, but big code cleanup. WARNS, lint(1) and style(9).
|
90868 |
18-Feb-2002 |
mike |
o Move NTOHL() and associated macros into <sys/param.h>. These are deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386 Reviewed by: bde, jake, tmm
|
90405 |
08-Feb-2002 |
ru |
Now that cross-tools ld(1) has been fixed to look for dynamic dependencies in the correct place, record the fact that -lssh depends on -lcrypto and -lz.
Removed false dependencies on -lz (except ssh(1) and sshd(8)). Removed false dependencies on -lcrypto and -lutil for scp(1).
Reviewed by: markm
|
90296 |
06-Feb-2002 |
kris |
Set WFORMAT=0, overlooked in previous commits to libexec/.
Reported by: jhay
|
89841 |
27-Jan-2002 |
kris |
Update list of manpages
|
89705 |
23-Jan-2002 |
ru |
Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh.
Reviewed by: des, markm Approved by: markm
|
87141 |
30-Nov-2001 |
markm |
Clean up makefiles, and turn on WARNS=2. Take into account the telnet #if cleanup.
|
86559 |
18-Nov-2001 |
jake |
Opensslconf for sparc64. Just a copy of the alpha one for now.
Approved by: kkenn (maintainer)
|
85744 |
30-Oct-2001 |
markm |
Install libssh and libssh_pic. These are needed when building statically, and when building things (like login(8)) standalone. libssh_pic is needed for libpam and modules.
Requested by: peter
|
85358 |
23-Oct-2001 |
peter |
__FBSDID() (second half of src/lib/libcrypt changes)
|
85309 |
22-Oct-2001 |
peter |
Argh! Shoot me! (add closing */ after $FreeBSD$ )
|
84773 |
10-Oct-2001 |
peter |
Add an ia64 configuration. This is not likely to be optimal, but does compile and seems to work. We should run configure after everything else is self hosting to test the speeds of the various options.
|
84698 |
09-Oct-2001 |
peter |
Sync this file up with its i386 brother. This appears to have been missed when 0.9.5a was imported.
Approved by: kris
|
84306 |
01-Oct-2001 |
ru |
mdoc(7) police: Use the new .In macro for #include statements.
|
84136 |
29-Sep-2001 |
ru |
Fix cross-building, etc:
1. To cross-build, one now needs to set TARGET_ARCH, and not the MACHINE_ARCH. MACHINE_ARCH should never be changed manually!
2. Initialize DESTDIR= explicitly for bootstrap-tools, build-tools, and cross-tools stages. This fixes broken header and library dependencies problem. We build them in the host environment, and obviously want them to depend on host headers and libraries. The problem with broken header dependencies for bootstrap-tools and cross-tools was already partially solved (see BOOTSTRAPPING tests in bsd.prog.mk and bsd.lib.mk), but it was still there for build-tools if the user ran "make world DESTDIR=/foo". Also, for all of these stages, the library dependencies were broken because of how bsd.libnames.mk define DPADD members.
We still provide a glue to install bootstrap- and cross-tools under the ${WORLDTMP}.
Removed PATH overrides for bootstrap-, build-, and cross-tools stages. There is just no reason why we would need to override it, and the hacks to clean up the ${WORLDTMP} in the -DNOCLEAN case are no longer needed with fixes from this step.
That is, we now never use ${WORLDTMP} headers and libraries, and we don't use any ${WORLDTMP} installed binaries during these stages. Again, these stages depend solely on the host environment, including compiler, headers, and libraries.
3. Moved "miniperl" back from cross-tools (it has nothing to do with a cross-compiler) to build-tools where it belongs. The change from step 1 let to do this. Also, to make this work, build-tools targets of "cc_tools" and "miniperl" were modified to call "depend". Here follow the detailed explanations.
There are two categories of build tools, for now. In the first category there are "cc_tools" and "miniperl". They occupy the whole (sub)directory, and nothing needs to be done in this subdirectory later during the "all" stage. They are also constructed using system makefiles. We must build the .depend early in the build-tools stage because:
1) They use (and depend on) the host environment.
2) If we don't do this in build-tools, the "depend" stage of buildworld will do this for us; wrong library and header dependencies will be recorded (DESTDIR=${WORLDTMP}) and, what's worse, the "all" stage may then clobber the build-architecture format tools (that we built in the build-tools stage) with the target-architecture format ones, breaking cross build.
In the second category there are all other build-tools. They share their directory with the "main" module that needs them in the "all" stage, and they don't show up themselves in the .depend file. The portion of this fix was already committed in gnu/usr.bin/cc/cc_tools/Makefile,v 1.52.
4. "libperl" is no longer a build tool, and "miniperl" is the stand-alone application. I had to make this change because build-tools and "all" stages share the same object directory. Without this change, if we cross compile, libperl.a is first built for the build architecture during the build-tools stage (for the purposes of immediate linkage with "miniperl"). Later on, the "all" stage sees this library as up-to-date, and doesn't rebuild it. The effect is that the wrong format static libperl library is installed with installworld.
5. Fixed "includes" to install secure/lib/libtelnet headers if required.
Reviewed by: bde
|
82484 |
29-Aug-2001 |
bde |
Fixed world breakage in rev.1.13. -lpam must never be used directly since it doesn't work for static linkage.
|
81967 |
20-Aug-2001 |
markm |
Diff reduce all the crypto telnet Makefiles.
|
81590 |
13-Aug-2001 |
ru |
mdoc(7) police: s/NetBSD/.Nx/ where appropriate.
|
81462 |
10-Aug-2001 |
ru |
mdoc(7) police: join split punctuation to macro calls.
|
81119 |
03-Aug-2001 |
bde |
Link to libcipher in the usual way. `bdes' depended on a nonexistent library. This only worked because of the undocmented feature of make(1) that targets named foo.a are always up to date.
Fixed some style bugs.
|
81104 |
03-Aug-2001 |
markm |
Revamp and diff-reduce the various secure telnets. Make sure that Kerberos5 has _a_ telnet (which is not currently K5 enabled). Incorporate BDE's static linking fixes.
|
80637 |
30-Jul-2001 |
bde |
Fixed world breakage when NOSHARED=yes. libmp now depends on libcrypto, so it must be linked before libcrypto to work right.
|
79618 |
12-Jul-2001 |
ru |
Added missing DPADD and CLEANFILES.
|
79530 |
10-Jul-2001 |
ru |
mdoc(7) police: removed HISTORY info from the .Os call.
|
79252 |
04-Jul-2001 |
kris |
Remove stale file.
|
78129 |
12-Jun-2001 |
green |
Enable Kerberos 5 support in sshd again.
|
76872 |
20-May-2001 |
kris |
Update for OpenSSL 0.9.6a
MFC after: 2 weeks
|
76408 |
09-May-2001 |
bde |
Fixed world breakage in previous commit. -lpam must never be used directly (except in the definition of MINUSLPAM in bsd.libnames.mk) since it doesn't give all the libraries necessary for static linkage.
Fixed missing ${LIBPAM} in DPADD.
Fixed some style bugs in DPADD and LDADD.
|
76407 |
09-May-2001 |
bde |
Fixed world breakage in previous commit. -lpam must never be used directly (except in the definition of MINUSLPAM in bsd.libnames.mk) since it doesn't give all the lbraries necessary for static linkage.
Fixed new and old bugs in DPADD. ${LIBPAM} was missing, and the library order was different from that in LDADD so `make checkdpadd' reported a non-bug.
|
76337 |
07-May-2001 |
nsayer |
Add PAM support to SRA authentication. Cribbed mostly from ftpd. This doesn't solve the problem of root being allowed to log in, but that sort of thing is something PAM should be doing anyway.
|
76284 |
04-May-2001 |
green |
Update to OpenSSH 2.9. Somehow this missed getting committed yesterday.
|
76266 |
04-May-2001 |
green |
Don't build with Kerberos 5 support for now. I'll fix this soon, but I don't want to break Kerberos 5 users' worlds too much in the meantime.
|
76264 |
04-May-2001 |
green |
Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new programs are now included: sftp(1) and ssh-keyscan(1).
|
76229 |
03-May-2001 |
green |
Add the new version.c to libssh.
|
75236 |
05-Apr-2001 |
nsayer |
Reactivate SRA.
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode(). This allows people to break out of SRA authentication if they wish to.
|
74929 |
28-Mar-2001 |
ru |
Merged src/lib/libtelnet rev.1.9 (fixed removing of obsolete shared library: wrong library directory, wrong library extension and wrong comment). This is mainly of historical interest, if any. The library that gets removed is aout.
Also, backout the beforeinstall -> afterinstall change in rev.1.20 that was required to install proper telnet.h into /usr/include/arpa. The actual problem is in <bsd.lib.mk>, and I am going to fix it.
|
74928 |
28-Mar-2001 |
ru |
Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.
Approved by: markm
|
74818 |
26-Mar-2001 |
ru |
secure/ build fixes:
- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.
- SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing.
- libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa.
- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.
Reviewed by: markm
- MAN[1-9] -> MAN.
|
74702 |
23-Mar-2001 |
assar |
disable SRA this impacts negatively to POLA since once autologin is enabled, telnet will prompt for a password using getpass() and thus not allow the usual signal characters or C-]
|
74243 |
14-Mar-2001 |
kris |
Attempt to fix the problem with -j builds, and du-uglify the asm code generation and assembly targets.
Help from: bde, obrien
|
74106 |
11-Mar-2001 |
markm |
Add OpenBSD-style blowfish password hashing. This makes one less gratuitous difference between us and our sister project.
This was given to me _ages_ ago. May apologies to Paul for the length of time its taken me to commit.
Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD Submitted by: Paul Herman <pherman@frenchfries.net>
|
73983 |
08-Mar-2001 |
kris |
MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6
|
73553 |
04-Mar-2001 |
kris |
Install the des.h link under ${DESTDIR}. Fixes buildworld.
Submitted by: Christian Weisgerber <naddy@mips.inka.de>
|
73423 |
04-Mar-2001 |
kris |
Clean up the installation of the compatibility libdes header/library symlinks
Pointed out by: bde
|
73420 |
04-Mar-2001 |
kris |
Don't override CPUTYPE (actually this predates the <bsd.cpu.mk> use of CPUTYPE, and I forgot I used it here already)
Pointed out by: bde
|
73349 |
02-Mar-2001 |
ru |
setlocale(3) has been fixed to match POSIX standard: LC_ALL takes precedence over other LC_* envariables.
|
73043 |
25-Feb-2001 |
kris |
Update the list of OpenSSL manpages (now contains many more describing libssl, for example), and hide it behind a make.conf option, WANT_OPENSSL_MANPAGES, instead of having it commented out. We still can't install these by default because of clobbering of a number of system manpages with the same name, but they're there for people who want them.
|
72731 |
20-Feb-2001 |
kris |
Add back a missing file from the no-asm case
Submitted by: gallatin
|
72716 |
19-Feb-2001 |
kris |
Remove a remnant of my attempt to get alpha asm code working. OpenSSL does include code for the alpha, but as far as I can tell, it is non-functional (e.g. it's not even compiled by the native openssl build on the alpha).
Noticed by: gallatin
|
72679 |
19-Feb-2001 |
kris |
Introduce support for using OpenSSL ASM optimizations. This is done through the use of a new build directive, MACHINE_CPU, which contains a list of the CPU generations/features for which optimizations are desired. This feature will be extended to cover the ports tree in the future.
Currently OpenSSL provides optimizations for i386, i586 and i686-class CPUs. Currently it has not been tested on an i386 or i486.
Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not defined (namely, the lowest common denominator CPU we support for each architecture). Currently this is i386 for the i386 architecture and ev4 for the alpha. sys.mk also sets the variable as a last resort for consistency with MACHINE_ARCH and bootstrapping from very old versions of make.
Benchmarks show a significant speed increase even in the i386 case, with additional improvements for i586 and i686 systems. For maximum performance define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.
Based on a patch submitted by: Mike Silbersack <silby@silby.com> Reviewed by: current
|
72184 |
08-Feb-2001 |
nectar |
Define HAVE_PAM_GETENVLIST for build. Now environmental variables set by PAM modules will be exported (correctly).
|
72069 |
06-Feb-2001 |
bde |
Fixed missing include of <unistd.h> and wrong prototype for setkey().
|
71591 |
24-Jan-2001 |
ben |
Add .Lb libcipher
PR: 24434 Submitted by: Bill Cheswick <ches@bell-labs.com>
|
71115 |
16-Jan-2001 |
ru |
man(7) -> mdoc(7).
|
70419 |
28-Dec-2000 |
peter |
Merge into a single US-exportable libcrypt, which only provides one-way hash functions for authentication purposes. There is no more "set the libcrypt->libXXXcrypt" nightmare. - Undo the libmd.so hack, use -D to hide the md5c.c internals. - Remove the symlink hacks in release/Makefile - the algorthm is set by set_crypt_format() as before. If this is not called, it tries to heuristically figure out the hash format, and if all else fails, it uses the optional auth.conf entry to chose the overall default hash. - Since source has non-hidden crypto in it there may be some issues with having the source it in some countries, so preserve the "secure/*" division. You can still build a des-free libcrypt library if you want to badly enough. This should not be a problem in the US or exporting from the US as freebsd.org had notified BXA some time ago. That makes this stuff re-exportable by anyone. - For consistancy, the default in absence of any other clues is md5. This is to try and minimize POLA across buildworld where folk may suddenly be activating des-crypt()-hash support. Since the des hash may not always be present, it seemed sensible to make the stronger md5 algorithm the default. All things being equal, no functionality is lost.
Reviewed-by: jkh
(flame-proof suit on)
|
69593 |
05-Dec-2000 |
green |
Update for OpenSSH 2.3.0.
|
68744 |
15-Nov-2000 |
ru |
Fixed a typo from the last commit.
Submitted by: Mike Heffner <mheffner@vt.edu>
|
68736 |
14-Nov-2000 |
kris |
Correct some fallout from the semi-automated way I updated the makefile.
Submitted by: roberto
|
68705 |
14-Nov-2000 |
green |
Disable /usr/bin/ssh being setuid root by default. Let the variable ENABLE_SUID_SSH being defined reenable it for those that want it.
This follows discussion favoring the change from September. It is not usually necessary to be setuid root, possibly less safe, and less convenient (cannot use $HOSTALIASES, for example).
Submitted by: jedgar
|
68655 |
13-Nov-2000 |
kris |
Update for OpenSSL 0.9.6
|
67502 |
24-Oct-2000 |
gshapiro |
Fix up the build for the STARTTLS version of sendmail (again). This method mimics that of tcpdump in that for normal builds, sendmail will only be built once. For 'make release', it is built once for the bin dist and once for the crypto dist. This method also removes the need for two separate Makefiles (which could become out of sync).
Suggested by: bde Assisted by: kris
|
67085 |
13-Oct-2000 |
gshapiro |
Do not override BINDIR settings from subdirectory Makefiles.
Submitted by: bde
|
67083 |
13-Oct-2000 |
gshapiro |
../Makefile.inc was clobbering BINDIR so sendmail was being installed in /usr/sbin/ instead of /usr/libexec/sendmail/
Submitted by: bde
|
67053 |
13-Oct-2000 |
gshapiro |
Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSL
|
67052 |
13-Oct-2000 |
gshapiro |
Given that sendmail's STARTTLS support requires OpenSSL and the bootstrap issues that brings, build the non-TLS version of sendmail in src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail. This allows the TLS version to be part of the secure distribution when building a release.
|
67029 |
12-Oct-2000 |
gshapiro |
Remove STARTTLS support as it breaks builds without crypto installed. Waiting to hear back regarding the best way to do this.
|
66977 |
11-Oct-2000 |
peter |
With apoligies to Greg Shapiro, fix the world. The previous commit lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than appending to them with +=.
|
66961 |
11-Oct-2000 |
gshapiro |
Style fixes
|
66959 |
11-Oct-2000 |
gshapiro |
NOCRYPT imples NO_OPENSSL. Still need to solve the distribution problem.
Submitted by: kris
|
66944 |
10-Oct-2000 |
gshapiro |
Build sendmail with STARTTLS support unless NO_OPENSSL is set.
|
65971 |
17-Sep-2000 |
kris |
Overhaul of the build-time include file generation. Don't break in evp.h if bootstrapping from a system on which the openssl headers are not already present.
|
65970 |
17-Sep-2000 |
gshapiro |
Give users a way to alter the sendmail (and related utilities) build environment so they can enable functionality such as SASL, LDAP, Hesiod.
|
65961 |
16-Sep-2000 |
kris |
Only build sftp-server conditionally
|
65872 |
15-Sep-2000 |
ache |
Add sftp-server
|
65797 |
13-Sep-2000 |
gshapiro |
Allow users to add libraries for sendmail (e.g. Cyrus SASL)
Obtained from: Sergei Vyshenski <svysh@pn.sinp.msu.ru>
|
65675 |
10-Sep-2000 |
kris |
Update for OpenSSH 2.2.0
|
65653 |
10-Sep-2000 |
kris |
Nuke RSAREF support from orbit.
It's the only way to be sure.
|
65551 |
06-Sep-2000 |
kris |
``Anyone is now free to rub two primes together for their own gratification'' -- Unknown
Now that the RSA algorithm is released into the public domain, build librsaintl by default unless NO_RSAINTL is set in make.conf.
The native OpenSSL implementation of RSA is much faster, doesn't have an artificial keysize limitation, has 30% fewer calories and tastes great!
|
65361 |
02-Sep-2000 |
kris |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature.
|
65060 |
24-Aug-2000 |
green |
Make the temporary file _evp.h instead of evp.h to not conflict with the real evp.h.
Reported by: markm
|
65029 |
23-Aug-2000 |
ache |
Add missing quotes around xauth path
|
65024 |
23-Aug-2000 |
green |
Generate a new evp.h at build-time instead of install-time to properly support NFS(ro) installworlds.
|
65020 |
23-Aug-2000 |
kris |
Respect X11BASE to derive the location of xauth(1)
PR: 17818 Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
|
64918 |
22-Aug-2000 |
green |
Add working and easy crypt(3)-switching. Yes, we need a whole new API for crypt(3) by now. In any case:
Add crypt_set_format(3) + documentation to -lcrypt. Add login_setcryptfmt(3) + documentation to -lutil. Support for switching crypt formats in passwd(8). Support for switching crypt formats in pw(8).
The simple synopsis is: edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)
Reviewed by: peter
|
64628 |
14-Aug-2000 |
gshapiro |
Turn on support for IPv6
|
64597 |
13-Aug-2000 |
gshapiro |
Get rid of the /etc/aliases -> /etc/mail/aliases hack. /etc/mail/aliases now exists in the distribution.
|
64567 |
12-Aug-2000 |
gshapiro |
The rest of the changes needed to support the new version of sendmail (8.11.0). Beyond changes to the build system, this includes fixing up the sample freebsd.mc configuration for changes in defaults and syntax, removing outdated documentation, and updating the release notes.
|
64219 |
04-Aug-2000 |
green |
Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by getting rid of the check for NO_IDEA (in evp.h) completely if it's installed without MAKE_IDEA=YES.
|
64177 |
03-Aug-2000 |
kris |
Install the openssl(1) manpage with an MLINK from ssl(8) to at least put something in the location where OpenSSH likes to point.
|
64034 |
30-Jul-2000 |
kris |
Don't build sshd if NO_OPENSSL defined.
Submitted by: stephen@math.missouri.edu
|
63824 |
25-Jul-2000 |
kris |
Don't build crypto-enabled telnetd if NO_OPENSSL is defined, since it attempts to link against libcrypto.
|
63268 |
16-Jul-2000 |
markm |
WITH_IDEA --> MAKE_IDEA fix.
|
63248 |
16-Jul-2000 |
peter |
Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
|
63123 |
14-Jul-2000 |
peter |
Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to confuse myself last time and made make.conf different to the code. ;-(
Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>
|
62437 |
03-Jul-2000 |
peter |
Argh. Cut/paste transcription error. Fix syntax of previous commit.
|
62434 |
03-Jul-2000 |
peter |
USA_RESIDENT is forced to YES or NO at the start of Makefile.inc1 Use that to be the final arbiter of whether or not to build the librsaintl.so plugin for openssl/openssh. Add a magic WANT_RSAINTL flag to force building even if USA_RESIDENT=YES.
|
62030 |
24-Jun-2000 |
markm |
MFI. This is a documentation-only, diffreducing patch, that if invoked will cause breakage. US Users - DO NOT try to turn on IDEA - the sources are not included.
|
61538 |
11-Jun-2000 |
kris |
Link explicitly against -lmd. I'm not sure what was pulling this in on -current, but it doesnt do it on -stable.
|
61213 |
03-Jun-2000 |
kris |
Add a new file to SRCS
|
60615 |
15-May-2000 |
obrien |
/dev/urandom is the default random device, so no use in stateing it here. Also simplify the conditionals a little.
|
60610 |
15-May-2000 |
obrien |
This version is slightly better than rev 1.10. There are still missing dependencies for openssl/*.h. I cannot reproduce any critical race conditions with this revision.
|
60609 |
15-May-2000 |
obrien |
Use unadorned `mkdir -p', removing the "test ... ||". There are sometimes problems with "&&" and "||" in the `make -j' case, as it appears multiple processes may process parts of the execution line.
|
60577 |
15-May-2000 |
kris |
Update for OpenSSH 2.1
|
59426 |
20-Apr-2000 |
kris |
Use the C locale for running date(1).
Submitted by: ache
|
59196 |
13-Apr-2000 |
kris |
Update for OpenSSL 0.9.5a and clean up a bit.
|
59195 |
13-Apr-2000 |
kris |
Update for OpenSSL 0.9.5a and clean up a bit. Take responsibility for this makefile again :-)
|
59146 |
11-Apr-2000 |
obrien |
* Fix dependancies so that ``make depend'' is not required. * Some style fixes
Approved by: kris
|
59145 |
11-Apr-2000 |
obrien |
* Fix dependancies so that ``make depend'' is not required. * Some style fixes
Approved by: kris
|
59000 |
04-Apr-2000 |
kris |
Add libcrypto to LDADD. This fixes problems seen with e.g. apache-modssl
Submitted by: Jim Bloom <bloom@acm.org>
|
58639 |
26-Mar-2000 |
kris |
Missed a fix for the new openssh; this fixes make world.
|
58586 |
26-Mar-2000 |
kris |
Update for latest OpenSSH
|
57971 |
13-Mar-2000 |
kris |
Add a new function stub to libcrypto() which resolves to a symbol in the librsa* library and reports which version of the library (OpenSSL/RSAREF) is being used.
This is then used in openssh to detect the failure case of RSAREF and a RSA key >1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai led.'
This is a 4.0-RELEASE candidate.
|
57854 |
09-Mar-2000 |
markm |
Make LOGIN_CAP work properly.
Submitted by: ache
|
57841 |
09-Mar-2000 |
kris |
Buildworld fixes for NO_OPENSSH and NO_OPENSSL
Approved by: jkh
|
57804 |
07-Mar-2000 |
kris |
Build a shared library too - ports expect it.
Reviewed by: peter Approved by: jkh
|
57766 |
05-Mar-2000 |
peter |
Merge from internat.freebsd.org; cleanup stray rsaref glue code reference
|
57743 |
03-Mar-2000 |
jhay |
MFI: Make ssh and sshd link in the krb5 part of make release.
Reviewed by: markm
|
57682 |
02-Mar-2000 |
kris |
Resurrect the old libdes manpages (after a repo copy) until we have better ones.
|
57681 |
02-Mar-2000 |
peter |
Merge from internat.freebsd.org: add libcrypto to librsaUSA's symbol search path so that ERR_load_strings() is found in certain circumstances involving dlopen(). eg: main program dlopened foo.so which is linked against libcrypto. If libcrypto then dlopens librsaUSA.so, then it's search path doens't find libcrypto (!). One "fix" is to force modules (eg main opening foo.so) to use the RTLD_GLOBAL flag, the other is to explicitly declare dependencies (as done here).
|
57615 |
29-Feb-2000 |
markm |
MFI: stupid typo of mine.
|
57582 |
29-Feb-2000 |
kris |
Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt symlinks. The name is against my better judgement, but I defer to ancient tradition here because I'm a nice guy.
Reviewed by: -current
|
57569 |
28-Feb-2000 |
markm |
New distribution names.
|
57568 |
28-Feb-2000 |
markm |
New distribution name.
|
57511 |
26-Feb-2000 |
peter |
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
|
57485 |
25-Feb-2000 |
peter |
Merge from internat.freebsd.org; deal with -DRSAref the same way as libcrypto - not that it means much on the US code tree.
|
57484 |
25-Feb-2000 |
peter |
Merge from internat.freebsd.org; make RSAREF=YES work correctly, although this is not very useful as the US repo is missing bits.
|
57476 |
25-Feb-2000 |
peter |
Create a stub libRSAglue for bsd.port.mk's sake
|
57475 |
25-Feb-2000 |
peter |
Don't pull in libRSAglue for the rsaref case. Since this is linked dynamically by default, we use the dlopen() calls to load librsaref.so on US code trees.
|
57474 |
25-Feb-2000 |
peter |
Fold libRSAglue into libcrypto so we don't have to special-case all the builds. There is still no actual RSA implementation code in libcrypto or src/* on US code trees.
|
57471 |
25-Feb-2000 |
peter |
Sync with internat; delete a trailing space
|
57456 |
24-Feb-2000 |
markm |
Remove port components not needed in 4.n+
Submitted by: Half the freaking planet....
|
57440 |
24-Feb-2000 |
markm |
libdes is OBE
|
57437 |
24-Feb-2000 |
markm |
Build everything properly. This means:
o Don't b uild libdes.
o Crypto is now housed in libcrypto (with a compatability symlink to libdes)
o RSA may depend on RSAREF at your locale.
o OpenSSH is now a part of the base system.
|
57434 |
24-Feb-2000 |
markm |
Add the OpenSSH userland-building Makefiles.
|
57414 |
24-Feb-2000 |
markm |
Freefall/Internat diff reducer.
|
57413 |
24-Feb-2000 |
markm |
Freefall/Internat diff reducer.
|
57412 |
24-Feb-2000 |
markm |
Freefall/Internat diff reducer.
|
57411 |
24-Feb-2000 |
markm |
Diff reducer. Comes from Internat.
|
57410 |
24-Feb-2000 |
markm |
Remove useless whitespace.
Part of big commit OK'ed by: JKH
|
57202 |
14-Feb-2000 |
kris |
Back out the previous commit - it broke world and was not approved. I don't know what I was thinking committing without approval - sorry.
|
57175 |
13-Feb-2000 |
kris |
Link dynamically, not statically.
|
56899 |
30-Jan-2000 |
kris |
Add NO_OPENSSL knob to turn off building of openssl
Requested by: wollman
|
56898 |
30-Jan-2000 |
kris |
Add NO_OPENSSL knob to turn off building of openssl
Requested by: wollman
|
56668 |
27-Jan-2000 |
shin |
another tcp apps IPv6 updates.(should be make world safe) ftp, telnet, ftpd, faithd also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
|
56317 |
20-Jan-2000 |
kris |
Don't search for libraries in ${LOCALBASE}. This should fix the problems people were seeing with conflicts with the openssl port.
|
56316 |
20-Jan-2000 |
kris |
Activate librsaglue
|
56315 |
20-Jan-2000 |
kris |
Move the rsaref gunk to libRSAglue where ports expect it.
|
56314 |
20-Jan-2000 |
kris |
Build infrastructure for libRSAglue, required for compatability with ports even though it doesn't seem to do anything which requires it to be separate from libcrypto.
|
56124 |
16-Jan-2000 |
kris |
The wrong version of the file was committed previously which explains the problems seen here.
|
56090 |
16-Jan-2000 |
kris |
Turn back on openssl building.
|
56089 |
16-Jan-2000 |
kris |
Turn back on libcrypto and libssl building.
|
56087 |
16-Jan-2000 |
kris |
*** empty log message ***
|
56080 |
16-Jan-2000 |
kris |
Add MAINTAINER tag so people don't feel the need to randomly frob with this.
|
56050 |
15-Jan-2000 |
green |
We cannot have libcrypto, and therefore OpenSSL at all, without RSA. If you need examples of breakage, I'm ready to provide more than a few.
|
55956 |
14-Jan-2000 |
kris |
Connect OpenSSL to the build.
|
55950 |
14-Jan-2000 |
kris |
Build infrastructure for OpenSSL
|
55688 |
09-Jan-2000 |
kris |
Really really remove SHA-1 support.
|
55654 |
09-Jan-2000 |
markm |
Routines needed by new kerberos.
|
55585 |
08-Jan-2000 |
jkh |
Remove the SHA stuff properly.
|
55239 |
29-Dec-1999 |
peter |
Since /etc/sendmail.cf got moved to /etc/mail/sendmail.cf, a 'make world' would leave you with a broken sendmail and local mail loss. This evil hack moves sendmail.cf from the old location to the new one (if required) at install time.
|
55236 |
29-Dec-1999 |
peter |
Install sendmail in it's new location.
|
55010 |
22-Dec-1999 |
markm |
RIP xntpd.
|
54829 |
19-Dec-1999 |
peter |
I missed the LDADD/DPADD for -lmd in the secure cases. :-(
Pointed out by: marcel
|
54783 |
18-Dec-1999 |
peter |
Revert -lmd changes now that libcrypt doesn't expose this binutils/ld bug any more.
|
54737 |
17-Dec-1999 |
marcel |
Add libmd to DPADD and LDADD.
|
52167 |
12-Oct-1999 |
markm |
Dont build telenet if we are going for kerberised telnet; this just jumps all over kerberised telnet otherwise.
|
51993 |
07-Oct-1999 |
markm |
Make telnet with SRA work.
Submitted by: Nick Sayer
|
51524 |
21-Sep-1999 |
markm |
Colour me stupid. This is a better way of using the macros.
|
51511 |
21-Sep-1999 |
markm |
Do this the same way as Internat to reduce diffs.
|
51510 |
21-Sep-1999 |
dt |
Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons. Revert the major number back to 2.
libcrypt only export one function, before the recent changes and now: char *crypt(const char *key, const char *salt); The prototype didn't changed. Internal representation of `char' and `char *' didn't changed. Therefore, there is no reason to change the version number.
|
51507 |
21-Sep-1999 |
peter |
Restore SONAME setting, otherwise libdescrypt.so.3 doesn't end up with a special SONAME of libcrypt.so.3 and the runtime symlink doesn't work.
|
51461 |
20-Sep-1999 |
markm |
Make this completely dependant on the exportable libcrypt, to avoid duplication of effort. Also a large cleanup of the code, inspired by Brandon Gillespie.
|
51425 |
19-Sep-1999 |
markm |
libdes is bmaked and built from src/crypto/... now.
|
50895 |
04-Sep-1999 |
markm |
This commit was generated by cvs2svn to compensate for changes in r50894, which included commits to RCS files with non-trunk default branches.
|
50761 |
01-Sep-1999 |
markm |
This commit was generated by cvs2svn to compensate for changes in r50760, which included commits to RCS files with non-trunk default branches.
|
50488 |
28-Aug-1999 |
peter |
$Header$ -> $FreeBSD$
|
50479 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
49971 |
17-Aug-1999 |
markm |
Claim ownership
|
49830 |
15-Aug-1999 |
mpp |
Various man page cleanup:
- Be consistent with section names as outlined in mdoc(7). - Other misc mdoc cleanup.
|
46064 |
25-Apr-1999 |
kris |
Typo in comment.
|
45090 |
28-Mar-1999 |
markm |
Enable tcp_wrapper support by default.
|
43735 |
07-Feb-1999 |
peter |
MaxHeaderLines is now MaxHeadersLength (in bytes)
|
43153 |
24-Jan-1999 |
peter |
Support 'O MaxHeaderLines=' to override the default header count and line length limits. The configuration keyword is: confMAX_HEADER_LINES
|
43152 |
24-Jan-1999 |
markm |
Fix symlinking. Without the -f "force" option, the wrong version can be found. Submitted by: Bruce
|
43091 |
23-Jan-1999 |
markm |
The new crypt code breaks "make world". Back it out.
|
42983 |
21-Jan-1999 |
brandon |
Removed from the secure/lib/libcrypt area, because of the rewrite to how the Makefile handles des support by just including the single .c file.
Reviewed by: Mark Murray
|
42584 |
12-Jan-1999 |
peter |
Update for 8.9.2 (new file, control.c) Also, turn on support for the MaxMimeHeaderLength option in sendmail.cf.
|
39496 |
19-Sep-1998 |
obrien |
Remove useless `BINOWN=root' now that it is the default.
|
38664 |
31-Aug-1998 |
jb |
BINFORMAT -> OBJFORMAT ready for E-day. Untested 'cause I'm outside the US and not allowed to see this. I kept my eyes closed. 8-)
|
38094 |
04-Aug-1998 |
peter |
Connect up sendmail-8.9.1
|
30217 |
08-Oct-1997 |
markm |
Staticise a variable. PR: 4722 Submitted by: Karl Denninger
|
30113 |
05-Oct-1997 |
jkh |
Changes to support full make parallelism (-j<n>) in the world target. Reviewed by: <many different folks> Submitted by: Nickolay N. Dudorov" <nnd@nnd.itfs.nsk.su>
|
29147 |
05-Sep-1997 |
peter |
Teach libdescrypt about elf builds.
|
22990 |
22-Feb-1997 |
peter |
Revert $FreeBSD$ to $Id$
|
21673 |
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
21635 |
13-Jan-1997 |
wosch |
Sort cross references.
|
19502 |
07-Nov-1996 |
markm |
Secure telnet is now in eBones.
|
19501 |
07-Nov-1996 |
markm |
Remove references to TELNET*.
|
19149 |
24-Oct-1996 |
peter |
Fold sendmail-8.8.2 changes into files that have been touched.
(^!&@$#&^! delete !!@^@^ trailing !@^&#$!& whitespace!!!)
|
17945 |
30-Aug-1996 |
peter |
cmp -s || install -c --> install -C
|
17569 |
13-Aug-1996 |
peter |
Same as non-secure telnetd, add support for ``-P altlogin'' to specify an alternate /usr/bin/login type program to be run.
|
17498 |
10-Aug-1996 |
markm |
This commit was generated by cvs2svn to compensate for changes in r17497, which included commits to RCS files with non-trunk default branches.
|
17356 |
30-Jul-1996 |
markm |
Some breakeages sneaked in. This fixes them. (this relates to a name change in a library that was not properly backed up by the author) Reported by: too mant :-(
|
17333 |
29-Jul-1996 |
markm |
Merge, remove rubbish and bump the MAJOR.MINOR to 3.0
|
17331 |
29-Jul-1996 |
markm |
This commit was generated by cvs2svn to compensate for changes in r17330, which included commits to RCS files with non-trunk default branches.
|
17318 |
28-Jul-1996 |
markm |
Mrege conflicts etc.
|
17316 |
28-Jul-1996 |
markm |
This commit was generated by cvs2svn to compensate for changes in r17315, which included commits to RCS files with non-trunk default branches.
|
17309 |
27-Jul-1996 |
jkh |
Add necessary item to CLEANFILES
|
16663 |
24-Jun-1996 |
jkh |
Bring in my changes for removing the pestilent obj links (unless you really want them) from /usr/src. This is the final version of the patches, incorporating the feedback I've received from -current.
|
16150 |
05-Jun-1996 |
nate |
Bring in a change that got lost when we spammed over the CVS repository to fix the mega-commits spamming.
pst 96/05/29 20:09:25
Modified: secure/usr.bin/telnet Makefile main.c Log: Remove obsolete SOCKSv4 support
Submitted by: pst Obtained from: A mirrored CVS repository that will disappear next SUP
|
15661 |
07-May-1996 |
ache |
Localize time
|
15615 |
04-May-1996 |
markm |
Add extra targets a' la' eBones/Makefile for release/Makefile. (bootstrap etc)
|
15609 |
04-May-1996 |
markm |
Add randomness from /dev/random if it is available.
|
15358 |
23-Apr-1996 |
pst |
Add support for socks
|
15349 |
22-Apr-1996 |
pst |
typo shmrsh -> smrsh
|
15338 |
21-Apr-1996 |
pst |
Enable proper installation of sendmail restricted shell smrsh(8).
This program is a wrapper for the prog mailer in sendmail. It does shell meta character masking and restricts the list of executables to those found in /usr/libexec/sm.bin.
The default sendmail.cf file does not use this tool, however you can enable it by either changing /bin/sh to /usr/libexec/smrsh or adding the line FEATURE(smrsh) into your sendmail .mc file and rebuilding your .cf file.
For more info, RTFMP.
|
15228 |
13-Apr-1996 |
markm |
Split libcrypt and libcipher man pages.
|
15225 |
13-Apr-1996 |
markm |
Split the libcrypt and libcipher man pages.
|
15159 |
09-Apr-1996 |
mpp |
Install crypt.3 so that libcipher will install if /usr/share/man has been blown away. Previously it depended on an existing crypt.3 to be present for the man page links to install properly.
|
14656 |
17-Mar-1996 |
markm |
Comment out the NOPROFILE=yes to make this orthogonal with the rest of our libs.
|
14548 |
11-Mar-1996 |
markm |
Big clean-up job. Remove ancient and never-to-be used stuff. The look much more like BSD Makefiles now.
|
14534 |
11-Mar-1996 |
markm |
Fix typo #ifdef -> .if defined(). Tidy uo this file a bit.
|
14462 |
10-Mar-1996 |
markm |
Fix typo - -des -> -ldes
|
14439 |
09-Mar-1996 |
ache |
Sense MAKE_EBONES, DESTDIR SRCS, DPADD cleanup
|
14438 |
09-Mar-1996 |
ache |
Sense MAKE_EBONES, DESTDIR SRCS cleanup DPADD cleanup
|
14437 |
09-Mar-1996 |
ache |
Sense MAKE_EBONES, DESTDIR SRCS cleanup DPADD cleanup
|
14168 |
21-Feb-1996 |
jkh |
Add back missing crypt.3 man page.
|
14045 |
12-Feb-1996 |
mpp |
Another round of man page cleanups.
Down to only about 100 items left to cleanup! :-)
|
14020 |
11-Feb-1996 |
markm |
Add the new libdes to the build
|
14014 |
10-Feb-1996 |
markm |
Rats. Forgot to `cvs add' this.
|
14012 |
10-Feb-1996 |
markm |
iImport a FreeBSD Makefile, BSD-ise the header and correct a typo. As the interface has changed a bit (there are more rentry points), the shared library has been bumped to libdes.so.2.1.
|
14010 |
10-Feb-1996 |
markm |
This commit was generated by cvs2svn to compensate for changes in r14009, which included commits to RCS files with non-trunk default branches.
|
13835 |
02-Feb-1996 |
mpp |
Correct some manual page cross reference errors. E.g. su is a section one man page, not section eight. This is the first round of such changes and only fixes man pages in manual section one.
|
13123 |
30-Dec-1995 |
peter |
This commit was generated by cvs2svn to compensate for changes in r13122, which included commits to RCS files with non-trunk default branches.
|
13122 |
30-Dec-1995 |
peter |
recording cvs-1.6 file death
|
12950 |
21-Dec-1995 |
ache |
Pick correct library dir whenever obj exists or not
|
12884 |
16-Dec-1995 |
markm |
Dual personality crypt(3). This crypt will choose its encryption algorithm (DES or MD5) based on the type of salt used. Salt beginning with "$1$" indicates MD5.
|
12583 |
02-Dec-1995 |
peter |
*GULP* cvs remove the uncomfortably large list of files that are no longer part of sendmail 8.7.2...
|
12576 |
02-Dec-1995 |
peter |
Re-disable the cf/cf SUBDIR - we were not building it before anyway. The Makefile down there does not handle the obj dir well..
|
12571 |
02-Dec-1995 |
peter |
Import Sendmail-8.7.2 as discussed on -current.
The conflict merge will happen shortly after.
|
11768 |
24-Oct-1995 |
ache |
Remove LD_NOSTD_PATH unsetenv, it isn't exist anymore
|
11597 |
20-Oct-1995 |
ache |
Fix original patch error with ! before strncmp Zap only needed LD_* variables
|
11590 |
20-Oct-1995 |
ache |
Don't allow LD_* env. variables to be tricked Submitted by: Sam Hartman <hartmans@mit.edu>
|
11419 |
11-Oct-1995 |
gibbs |
Remove MAKE_EBONES conditionals. They were originally placed here because of missing functionality in our libkrb which is no longer a problem.
|
11074 |
29-Sep-1995 |
ache |
Remove duplicated targets which now build from main tree if available and allowed
|
10814 |
16-Sep-1995 |
gibbs |
Add TELNETOBJDIR and CRYPTOBJDIR for use in LDADD entries. This makes secure reference the libraries that were just build instead of in /usr/lib.
|
10741 |
14-Sep-1995 |
gibbs |
Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES.
|
10740 |
14-Sep-1995 |
gibbs |
Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES. Fix up some of the des calls to be compatible with eBones.
|
10679 |
11-Sep-1995 |
dg |
sys_term.c: killed sleep(1) as this should no longer be a problem with the move of startslave(). telnetd.c: fix bug introduced with the move of startslave()...the number of arguments was wrong and "level" and "user_name" had to be made globals.
|
10571 |
06-Sep-1995 |
pst |
Move erase cleanup outside linemode conditional
|
10563 |
05-Sep-1995 |
pst |
Avoid race condition with telnet options processing (login: prompt lost).
Submitted by: John Capo & Peter Wemm
|
10562 |
05-Sep-1995 |
pst |
Set erase character for login: prompt.
Submitted by: Peter Wemm & John Capo
|
10398 |
28-Aug-1995 |
pst |
Do NOT compile with -DKLUDGELINEMODE...hoses many telnet clients
|
10088 |
17-Aug-1995 |
peter |
Import Sendmail v8.6.12, onto the CSRG(!) branch. A seperate commit to fix the conflicts wil follow.
|
9932 |
05-Aug-1995 |
ache |
Comment out LDADD+=-ldescrypt, it is not yet active due to missng defines for krb4encpwd and rsaencpwd and missing rsa library too.
|
9883 |
04-Aug-1995 |
ache |
Change default banner to FreeBSD, properly ifdefed by __FreeBSD__ Reviewed by: Submitted by: Obtained from:
|
9760 |
29-Jul-1995 |
markm |
After pst and ache fixed secure telnet, it was still not in the main makefiles. This puts it in.
PLEASE NOTE - YOU WILL NEED TO BUILD AND INSTALL THE libtelnet IN secure/ Reviewed by: Submitted by: Obtained from:
|
9694 |
24-Jul-1995 |
ache |
Final cleanup pass through Makefiles, now this stuff autodetect kerberos/eBones and work even with eBones, but with reduced functionality (don't pick up des/krb stuff in this case)
|
9692 |
24-Jul-1995 |
ache |
Add -ldescrypt, or wrong crypt version can be picked from libc Reviewed by: Submitted by: Obtained from:
|
9691 |
24-Jul-1995 |
ache |
Add LDADD+= -ldescrypt Reviewed by: Submitted by: Obtained from:
|
9690 |
24-Jul-1995 |
ache |
Move -ldes under kerb stuff, my fault Reviewed by: Submitted by: Obtained from:
|
9689 |
24-Jul-1995 |
ache |
Since this stuff not works with eBones, ifdef kerberos stuff with MAKE_KERBEROS to allow other things to live Reviewed by: Submitted by: Obtained from:
|
9688 |
24-Jul-1995 |
ache |
Since this stuff not works with eBones, ifdef kerberos stuff with MAKE_KERBEROS to allow other things to live Submitted by: Obtained from:
|
9687 |
24-Jul-1995 |
ache |
Add comment about new_rnd_key.c module needed from original libdes (and not present in eBones libdes)
|
9686 |
24-Jul-1995 |
ache |
Add comment about new_rbd_key.c module needed from original libdes
|
9685 |
24-Jul-1995 |
ache |
Fix dependances, typing errors, etc. Note: this thing need original libdes not Eric Young libdes from eBones Submitted by: Obtained from:
|
9684 |
24-Jul-1995 |
ache |
Point to proper DESTDIR now Reviewed by: Submitted by: Obtained from:
|
9683 |
24-Jul-1995 |
ache |
Fix many bogus things, typing error, dependance errors, etc., now it compiles. Note: this stuff requires original libdes, not libdes from Eric Yang which we have in eBones.
|
9592 |
20-Jul-1995 |
pst |
When hostname len > 8, name replaced with dot notation when -u flag not specified (default case). Use _PATH_* for utmp/wtmp.
Support for >32 PTYs. >Submitted by: Heikki Suonsivu <hsu@cs.hut.fi>
Plug already known security hole. (Brought over from 1.1.5): Fixed security problem with telnetd, which allowed telnet -l -hcert.org localhost to change the user's host in utmp. Thanks to Matthew Green <mrgreen@@mame.mu.oz.au> for showing me this one.
>Reviewed by: karl, guido >Submitted by: mrgreen@mame.mu.oz.au
Obtained from: FreeBSD insecure telnetd
|
9591 |
20-Jul-1995 |
pst |
The final negotiation of DO_BINARY in the LINEMODE portion of the telnetd code causes some clients that do not support linemode to mis-interpret the return key (i.e. double returns). The fix is to only do the state check for binary options if linemode will be used. Closes PR#505.
Submitted by: Charles Henrich Obtained from: FreeBSD insecure telnetd
|
9590 |
20-Jul-1995 |
pst |
Update telnet to the 95.05.31 release.
Obtained from: Dave Borman <dab@cray.com>
|
8871 |
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
8462 |
11-May-1995 |
jkh |
Argh! Another instance of DES rather than des that I forgot. Truly, this keyword is in too many places! :(
|
8373 |
09-May-1995 |
jkh |
Rename secure to DES.
|
7284 |
23-Mar-1995 |
wollman |
This commit was generated by cvs2svn to compensate for changes in r7283, which included commits to RCS files with non-trunk default branches.
|
6514 |
17-Feb-1995 |
dima |
Security fixes. CERT Advisory CA-95:03.telnet.encryption
Obtained from: CERT
|
5597 |
14-Jan-1995 |
jkh |
Change name of secrdist to secure.
|
4806 |
24-Nov-1994 |
phk |
Fix secrdist sharedlib bug.
|
4767 |
22-Nov-1994 |
phk |
des DISTRIBUTION became secrdist.
|
4730 |
21-Nov-1994 |
phk |
fix libdescrypt reference.
|
4485 |
14-Nov-1994 |
phk |
Make the "distribute" target build the "des" distribution. Make des'ed init and ed, by pointing to real sources.
|
3232 |
30-Sep-1994 |
pst |
!Just! fixing makefile, no code changes Geoff
|
2900 |
19-Sep-1994 |
csgr |
More elegant fix for short settings. (Our existing fixes already plugged the security holes involved.) Submitted by: Geoff Rehmet after consultation with David Burren
|
2695 |
12-Sep-1994 |
ache |
Add libcipher.a: libcrypt exports only crypt() but not des_setkey() which is in libcipher.a
|
2678 |
11-Sep-1994 |
rgrimes |
Change all references to LIBTERM and -ltermlib to LIBTERMCAP and -ltermcap
|
2601 |
09-Sep-1994 |
csgr |
fix bogus .include Submitted by: Geoff.
|
2584 |
08-Sep-1994 |
csgr |
add libcipher to Makefile Submitted by: Geoff.
|
2550 |
07-Sep-1994 |
csgr |
- Remove crypt() - it's in libcrypt - remove ^L's - CTM will probably choke on them - add PRECIOUSLIB to Makefile - name changes libcrypt -> libcipher Submitted by: Geoff.
|
2547 |
07-Sep-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r2546, which included commits to RCS files with non-trunk default branches.
|
2539 |
07-Sep-1994 |
pst |
Back out static hacks & build of usr.bin until Geoff informs the world of his master plan.
Submitted by: pst
|
2536 |
07-Sep-1994 |
pst |
Remove static in front of declarations for des_setkey and des_cipher so that linking against -lcrypt (-ldescrypt) will give us the good versions instead of the stubs in libc. (These changes need to be made to the non-US version of libdescrypt too!)
Allow building and support for bdes program. A bit more work still needs to be done on secure telnet.
Submitted by: pst
|
2317 |
27-Aug-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r2316, which included commits to RCS files with non-trunk default branches.
|
2306 |
26-Aug-1994 |
wollman |
Hopefully fix bogus permissions.
|
2300 |
26-Aug-1994 |
wollman |
Install libdescrypt.so immutable.
|
2156 |
20-Aug-1994 |
csgr |
Fix afterinstall rule for generating links to the real libcrypt Submitted by: Geoff
|
2051 |
12-Aug-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r2050, which included commits to RCS files with non-trunk default branches.
|
2048 |
12-Aug-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r2047, which included commits to RCS files with non-trunk default branches.
|
2046 |
12-Aug-1994 |
csgr |
when making test programs, look for libdescrypt, not libcrypt Submitted by: Geoff Rehmet
|
2044 |
12-Aug-1994 |
csgr |
1) don't make bdes yet 2) fix .include in secure/lib/Makefile.inc 3) fix afterinstall rule in libcrypt/Makefile Submitted by: Geoff Rehmet
|
1990 |
09-Aug-1994 |
csgr |
Install secure/lib/libcrypt as libdescrypt, and symlink it to libcrypt. There may be a little modification neede to this makefile once we start working on tidy make world's. Submitted by: geoff.
|
1962 |
08-Aug-1994 |
csgr |
add lib subdir
|
1961 |
08-Aug-1994 |
csgr |
add Makefiles for secure/lib. Makefile.inc just includes src/lib/Makefile.inc in order to get things like SHLIB_MAJOR etc.
|
1959 |
08-Aug-1994 |
csgr |
Modify libcrypt so that the only exported symbol is _crypt(). Submitted by: Geoff Rehmet
|
1957 |
08-Aug-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r1956, which included commits to RCS files with non-trunk default branches.
|
1956 |
08-Aug-1994 |
csgr |
Unecumbered securedist from FreeBSD 1.1.5.1 - sources for libcrypt. The next commit will remove all symbols except _crypt() Reviewed by: Geoff Rehmet Submitted by: David Burren
|
1908 |
07-Aug-1994 |
wollman |
Allow the `bdes' program to compile.
|
1899 |
07-Aug-1994 |
wollman |
Moved from usr.bin/bdes for export-control.
|
1553 |
26-May-1994 |
rgrimes |
BSD 4.4 Lite usr.sbin Sources
|