296853 |
14-Mar-2016 |
des |
MFS (r296781): MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679 Security: CVE-2016-3115 Approved by: re (marius) |
296373 |
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
296371 |
04-Mar-2016 |
jkim |
Re-enable SSLv2 support to restore ABI.
Excerpt from CHANGES:
Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client and server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available.
Approved by: re (marius, gjb), so (delphij)
|
296317 |
02-Mar-2016 |
delphij |
Merge OpenSSL 1.0.1s. This is a security update.
Relnotes: yes Approved by: re (so@ implicit)
|
295367 |
07-Feb-2016 |
des |
MFH (r265214, r294333, r294407, r294467): misc prop fixes MFH (r285975, r287143): register mergeinfo for security fixes MFH (r294497, r294498, r295139): internal documentation MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap MFH (r294332): upgrade to openssh 6.8p1 MFH (r294367): update pam_ssh for api changes MFH (r294909): switch usedns back on MFH (r294336): upgrade to openssh 6.9p1 MFH (r294495): re-enable dsa keys MFH (r294464): upgrade to openssh 7.0p1 MFH (r294496): upgrade to openssh 7.1p2
Approved by: re (gjb) Relnotes: yes
|
295016 |
28-Jan-2016 |
jkim |
Merge OpenSSL 1.0.1r.
Relnotes: yes
|
294693 |
24-Jan-2016 |
des |
MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563)
Remove the HPN and None cipher patches.
|
293396 |
07-Jan-2016 |
bdrewery |
MFC r291941:
Replace unneeded manual dependency on header by adding it to SRCS.
|
291721 |
03-Dec-2015 |
jkim |
Merge OpenSSL 1.0.1q.
|
290575 |
09-Nov-2015 |
ngie |
MFC r290178:
Fix GOST engine cipher linkage by adding e_gost_err.c to SRCS so it picks up undefined symbols, like "ERR_load_GOST_strings"
PR: 184805 Submitted by: Ivan IvanZhdanov <ivan.zhdanov@gmail.com> Sponsored by: EMC / Isilon Storage Division
|
290274 |
02-Nov-2015 |
jkim |
MFC: r290121
Define endianness for non-x86 platforms.
|
288611 |
03-Oct-2015 |
bdrewery |
MFC r287981:
Replace afterinstall: hack from r111083 with 'make delete-old' functionality.
|
285330 |
09-Jul-2015 |
jkim |
MFC: r285329
Merge OpenSSL 1.0.1p.
Approved by: re (gjb) Relnotes: yes
|
284330 |
12-Jun-2015 |
jkim |
MFC: r284329
Merge OpenSSL 1.0.1o.
Note it is instantly merged because it restores ABI compatibility broken by the previous OpenSSL 1.0.1n.
Relnotes: yes
|
284285 |
11-Jun-2015 |
jkim |
MFC: r284283
Merge OpenSSL 1.0.1n.
|
280304 |
20-Mar-2015 |
jkim |
MFC: r280297
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
280266 |
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293
|
277598 |
23-Jan-2015 |
jkim |
MFC: r277274
Update buildinf.h to make SSLeay_version(3) little bit more useful.
|
277597 |
23-Jan-2015 |
jkim |
MFC: r277270
Merge OpenSSL 1.0.1l.
Relnotes: yes
|
276864 |
09-Jan-2015 |
jkim |
MFC: r276861, r276863
Merge OpenSSL 1.0.1k.
|
276486 |
31-Dec-2014 |
ngie |
MFC r264400,r265836:
r264400:
NO_MAN= has been deprecated in favor of MAN= for some time, go ahead and finish the job. ncurses is now the only Makefile in the tree that uses it since it wasn't a simple mechanical change, and will be addressed in a future commit.
r265836:
Remove last two NO_MAN= in the tree. In both of these cases, MAN= is what is needed.
|
273149 |
15-Oct-2014 |
jkim |
MFC: r273144, r273146
Merge OpenSSL 1.0.1j.
Relnotes: yes
|
269686 |
07-Aug-2014 |
jkim |
MFC: r269682
Merge OpenSSL 1.0.1i.
|
267258 |
09-Jun-2014 |
jkim |
MFC: r267256
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
266816 |
28-May-2014 |
delphij |
MFC r265995:
Switch using the new $2b$ format by default, when bcrypt is used.
Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
|
265037 |
28-Apr-2014 |
jmmv |
MFC r264741: Add placeholder Kyuafiles for various top-level hierarchies.
This is "make tinderbox" clean.
|
264377 |
12-Apr-2014 |
des |
MFH (r263712): upgrade openssh to 6.6p1 MFH (r264308): restore p level in debugging output
|
264331 |
10-Apr-2014 |
jkim |
MFC: r261037, r264278
Merge OpenSSL 1.0.1f and 1.0.1g.
|
263783 |
27-Mar-2014 |
delphij |
MFC r262501:
Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:
- Support of $2b$ password format to address a problem where very long passwords (more than 256 characters, when an integer overflow would happen and cause the length to wrap at 256). - Updated pseudo code in comments to reflect the reality. - Removed our local shortcut of processing magic string and rely on the centralized and tigntened validation. - Diff reduction from upstream.
For now we are still generating the older $2a$ format of password but we will migrate to the new format once the format is formally finalized.
|
262566 |
27-Feb-2014 |
des |
MFH (r261320): upgrade openssh to 6.5p1 MFH (r261340): enable sandboxing by default
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
255829 |
23-Sep-2013 |
des |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise.
Approved by: re (marius)
|
255460 |
10-Sep-2013 |
des |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records.
Approved by: re (blanket)
|
255386 |
08-Sep-2013 |
des |
Make libldns and libssh private.
Approved by: re (blanket)
|
249971 |
27-Apr-2013 |
ed |
Remove references to MK_IDEA.
As of r249959, we want to build with IDEA support enabled unconditionally. As this change removed the MK_IDEA flag, update these Makefiles accordingly.
|
248619 |
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
246772 |
13-Feb-2013 |
jkim |
Merge OpenSSL 1.0.1e.
Approved by: secteam (simon), benl (silence)
|
245527 |
17-Jan-2013 |
bz |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
|
240075 |
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
238407 |
12-Jul-2012 |
jkim |
Sort ASM definitions by crypto module for slightly easier maintenance. Specifically, GHASH_ASM belongs to crypto/modes.
|
238405 |
12-Jul-2012 |
jkim |
Merge OpenSSL 1.0.1c.
Approved by: benl (maintainer)
|
237657 |
27-Jun-2012 |
jkim |
Merge OpenSSL 0.9.8x.
Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
|
236304 |
30-May-2012 |
bz |
Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
|
231986 |
22-Feb-2012 |
kevlo |
Return NULL on error rather than ":", per the crypt(3) man page. Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
|
228307 |
06-Dec-2011 |
kib |
Force linker error when created shared library contains a relocation against text. Provide the override switch to turn off the strict behaviour. Apparently, openssl libcrypto needs it due to assembler code not being PIC.
Discussed with: bf MFC after: 2 weeks
|
226436 |
16-Oct-2011 |
eadler |
- change "is is" to "is" or "it is" - change "the the" to "the"
Approved by: lstewart Approved by: sahil (mentor) MFC after: 3 days
|
221420 |
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
218723 |
15-Feb-2011 |
dim |
Fix some leftover binaries and shared libraries in the system that still have an executable stack, due to linking in hand-assembled .S or .s files, that have no .GNU-stack sections:
RWX --- --- /lib/libcrypto.so.6 RWX --- --- /lib/libmd.so.5 RWX --- --- /lib/libz.so.6 RWX --- --- /lib/libzpool.so.2 RWX --- --- /usr/lib/liblzma.so.5
These were found using scanelf, from the sysutils/pax-utils port.
Reviewed by: kib
|
216167 |
03-Dec-2010 |
simon |
Regenerate manual pages for OpenSSL 0.9.8q.
|
215698 |
22-Nov-2010 |
simon |
Regenerate manual pages for OpenSSL 0.9.8p.
|
212463 |
11-Sep-2010 |
brucec |
Revert changes of 'assure' to 'ensure' made in r211936.
Approved by: rrs (mentor)
|
211936 |
28-Aug-2010 |
brucec |
Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
|
211934 |
28-Aug-2010 |
nwhitehorn |
Repair some build breakage introduced in r211725 and garbage collect some code made obsolete in the same commit.
|
211725 |
23-Aug-2010 |
imp |
MFtbemd:
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want to test of all the CPUs of a given family conform.
|
211243 |
12-Aug-2010 |
will |
Fix buildworld -DNO_CLEAN when using with Perforce, which marks files as read-only by default, meaning files copied can't be overwritten next time.
Reviewed by: imp Approved by: ken (mentor)
|
210843 |
04-Aug-2010 |
jchandra |
Whitespace fix for last check-in, move empty line to below endif.
|
210842 |
04-Aug-2010 |
jchandra |
MIPS 64 bit support.
When compiled for MIPS n64 ABI - DES_LONG should be 'unsigned int' - BN_LLONG should be undefined - SIXTY_FOUR_BIT_LONG should be defined.
|
209890 |
10-Jul-2010 |
nwhitehorn |
OpenSSL configuration for powerpc64
Obtained from: projects/ppc64
|
206048 |
01-Apr-2010 |
simon |
Regenerate manual pages for OpenSSL 0.9.8n.
|
206047 |
01-Apr-2010 |
simon |
- Make it slightly simpler to update OpenSSL version information for regenerating OpenSSL manual pages. - Explicitly set the OpenSSL release date so manual pages contain the date OpenSSL was released and not just the date OpenSSL was imported into the FreeBSD base system. - Update for Makefile for OpenSSL 0.9.8n.
|
205129 |
13-Mar-2010 |
simon |
Regenerate manual pages for OpenSSL 0.9.8m.
MFC after: 3 weeks
|
205128 |
13-Mar-2010 |
simon |
Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support.
MFC after: 3 weeks
|
204917 |
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
199131 |
10-Nov-2009 |
des |
Fix globbing
Noticed by: delphij, David Cornejo <dave@dogwood.com> Forgotten by: des
|
195767 |
19-Jul-2009 |
kensmith |
Bump the version of all non-symbol-versioned shared libraries in preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib Approved by: re (rwatson)
|
195626 |
11-Jul-2009 |
cperciva |
Remove build timestamps from the following files: /boot/kernel/hptrr.ko /etc/mail/*.cf /lib/libcrypto.so.5 /usr/bin/ntpq /usr/sbin/amd /usr/sbin/iasl /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc
There does not appear to be any purpose to having these timestamps, and they have the irritating consequence that the aforementioned files will be different every time they are rebuilt.
After this commit, the only remaining build timestamps are in the kernel, the boot loaders, /usr/include/osreldate.h (the year in the copyright notice), and lib*.a (the timestamps on all of the included .o files).
Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl), roberto (ntp), jkim (acpica) Approved by: re (kib)
|
194297 |
16-Jun-2009 |
jhb |
Use the closefrom(2) system call.
Reviewed by: des
|
194208 |
14-Jun-2009 |
simon |
Regenerate manual pages for OpenSSL 0.9.8k.
|
194207 |
14-Jun-2009 |
simon |
Update build infrastructure for OpenSSL 0.9.8k.
|
192595 |
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
181111 |
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
180767 |
23-Jul-2008 |
imp |
Merge from p4:
Implement openssl config needed for mips.
Submitted by: gonzo@ Reviewed by: simon@
|
180208 |
03-Jul-2008 |
peter |
Set magic fbsd:nokeywords property that allows files to bypass keyword expansion. (file-specific replacement for CVSROOT/exclude)
|
178828 |
07-May-2008 |
dfr |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi.
|
170925 |
18-Jun-2007 |
rafan |
- Bump share library version which were missed in last bump
Reported by: jhb Discussed with: deischen, des, doubg, harti Approved by: re (kensmith)
|
169425 |
09-May-2007 |
gnn |
Integrate the Camellia Block Cipher. For more information see RFC 4132 and its bibliography.
Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp> MFC after: 1 month
|
167616 |
15-Mar-2007 |
simon |
Upgrade to OpenSSL 0.9.8e.
|
162915 |
01-Oct-2006 |
simon |
Upgrade to OpenSSL 0.9.8d.
|
162861 |
30-Sep-2006 |
des |
Update for OpenSSH 4.4p1.
MFC after: 1 week
|
161526 |
22-Aug-2006 |
ru |
Remove alpha left-overs.
|
160819 |
29-Jul-2006 |
simon |
Upgrade to OpenSSL 0.9.8b.
|
160433 |
17-Jul-2006 |
simon |
Enable DSO (Dynamic Shared Object) support. This makes it possible for OpenSSL to load engines run-time, e.g. for using the opensc engine port.
The OpenSSL Configure script enables DSO support on FreeBSD by default, we just don't use the Configure script during OpenSSL builds in the base system.
This is committed to -CURRENT now (before OpenSSL 0.9.8b import), so it can be tested at bit in -CURRENT before being MFC'ed to 6-STABLE.
Prodded by: ale PR: bin/79570 MFC after: 1 week
|
158529 |
13-May-2006 |
des |
Add a manual dependency on ssh_namespace.h.
Discussed with: ru
|
158519 |
13-May-2006 |
des |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh)
Suggested by: lukem@netbsd.org MFC after: 6 weeks
|
157625 |
10-Apr-2006 |
ru |
Clean generated headers.
|
157021 |
22-Mar-2006 |
des |
Add port-tun.c.
|
156837 |
18-Mar-2006 |
ru |
Provide alternate default for SHLIBDIR before bsd.own.mk does this.
Reported by: phk
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
153838 |
29-Dec-2005 |
dfr |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
|
152603 |
19-Nov-2005 |
ru |
Revert last revision by phk@, it's redundant since bsd.incs.mk already handles this, FWIW.
|
149755 |
03-Sep-2005 |
des |
Update for OpenSSH 4.2p1.
|
148672 |
03-Aug-2005 |
phk |
Don't install includes if NO_TOOLCHAIN
|
148297 |
22-Jul-2005 |
kensmith |
Bump the shared library version number of all libraries that have not been bumped since RELENG_5.
Reviewed by: ru Approved by: re (not needed for commit check but in principle...)
|
147098 |
07-Jun-2005 |
des |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64.
Requested by: ru
|
147056 |
06-Jun-2005 |
des |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD.
|
147007 |
05-Jun-2005 |
des |
Update for OpenSSH 4.1p1.
|
142429 |
25-Feb-2005 |
nectar |
Update OpenSSL 0.9.7d -> 0.9.7e.
|
141988 |
16-Feb-2005 |
ru |
Define PLATFORM correctly when cross-building.
|
139106 |
21-Dec-2004 |
ru |
NODOCCOMPRESS -> NO_DOCCOMPRESS NOINFO -> NO_INFO NOINFOCOMPRESS -> NO_INFOCOMPRESS NOLINT -> NO_LINT NOPIC -> NO_PIC NOPROFILE -> NO_PROFILE
|
137018 |
28-Oct-2004 |
des |
Update for OpenSSH 3.9p1.
|
136910 |
24-Oct-2004 |
ru |
For variables that are only checked with defined(), don't provide any fake value.
|
133718 |
14-Aug-2004 |
markm |
Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
|
129209 |
14-May-2004 |
cognet |
Import the openssl conf for arm.
|
129174 |
13-May-2004 |
ru |
Record the libssl.so dependency on libcrypto.so. This should help some ports that depend on libradius that recently gained the dependency on libssl. This is also how the stock OpenSSL build would link libssl.so on FreeBSD.
Prompted by: kris OK'ed by: markm, nectar
|
128425 |
19-Apr-2004 |
ru |
Turn MAKE_IDEA into a true "bool" type variable, as documented in the make.conf(5) manpage.
PR: conf/65738 OK'ed by: markm
|
128264 |
14-Apr-2004 |
peter |
Turn on the amd64-specific bignum code in openssl. This is actually a variant of the C code but with some scattered asm and things laid out more optimally for the platform. This means that we need to the asm directory to the search path for the amd64 case so that make can find the source.
|
127643 |
30-Mar-2004 |
dwmalone |
Remove the -pthread from the last commit, as OpenSSL doesn't actually call any pthread functions as we use compile it. We keep the -DOPENSSL_THREADS, which stops OpenSSL doing thread-unsafe stuff.
Requested by: ru
|
127616 |
30-Mar-2004 |
dwmalone |
Build OpenSSL so that it extects that is may be used in a threaded environment. This stops some ports keeling over on an OpenSSL assert. (The patch is not exactly the one from the PR, but has been refined based on advice from freebsd-threads.)
PR: 51205 Submitted by: Jim Westfall <jwestfall@surrealistic.net> MFC after: 1 month
|
127326 |
23-Mar-2004 |
markm |
Re-add the hand-optimised assembler versions of some of the ciphers to the build.
Should have done this ages ago: markm Reminded above to do this: peter
|
127131 |
17-Mar-2004 |
nectar |
Update manual pages for OpenSSL 0.9.7d.
|
126282 |
26-Feb-2004 |
des |
Update for 3.8p1, including workaround for a bug in gss-genr.c.
|
124250 |
08-Jan-2004 |
ru |
Cosmetics: rearrange the dependency list to match that of ssh and sshd.
Reviewed by: des
|
124245 |
08-Jan-2004 |
des |
Use += instead of = with DPADD / LDADD.
|
124242 |
08-Jan-2004 |
des |
Enable GSSAPI support. [1] Also remove some duplicates from ssh's SRCS.
Submitted by: [1] Björn Grönvall <bg@sics.se>
|
124215 |
07-Jan-2004 |
des |
Previous commit erroneously listed some sources with .o suffixes.
|
124212 |
07-Jan-2004 |
des |
Update Makefiles for OpenSSH 3.7.1p2.
|
119017 |
17-Aug-2003 |
gordon |
Stage 3 of dynamic root support. Make all the libraries needed to run binaries in /bin and /sbin installed in /lib. Only the versioned files reside in /lib, the .so symlink continues to live /usr/lib so the toolchain doesn't need to be modified.
|
117675 |
16-Jul-2003 |
markm |
Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version that lived in the usual places, and a crypto version that lived in crypto/telnet/. The latter was built in a broken manner somewhat akin to other "contribified" sources. This meant that there were 4 telnets competing with each other at build time - KerberosIV, Kerberos5, plain-old-secure and base. KerberosIV is no longer in the running, but the other three took it in turns to jump all over each other during a "make buildworld".
As the crypto issue has been clarified, and crypto _calls_ are not a problem, crypto/telnet has been repo-copied to contrib/telnet, and with this commit, all telnets are now "contribified". The contrib path was chosen to not destroy history in the repository, and differs from other contrib/ entries in that it may be worked on as "normal" BSD code. There is no dangerous crypto in these sources, only a very weak system less strong than enigma(1).
Kerberos5 telnet and Secure telnet are now selected by using the usual macros in /etc/make.conf, and the build process is unsurprising and less treacherous.
|
115830 |
04-Jun-2003 |
markm |
I'm now happy that this is no longer needed. Libcrypto has all its functionality, and all its consumers have been converted.
|
115724 |
02-Jun-2003 |
markm |
Disconnect libcipher from the build. It only does DES, and we already have libcrypto to do that. Both consumers of this lib have been converted to use libcrypto. (bin/ed and secure/usr.bin/bdes).
|
115719 |
02-Jun-2003 |
markm |
Strip the private blowfish code down to only that which is required to make crypt(3) blowfish "$2a$..." hashes. Lint and warnsify.
|
115654 |
01-Jun-2003 |
obrien |
Ugg, wrong version. CSTD=gnu89, c89 wont do.
|
115653 |
01-Jun-2003 |
obrien |
This isn't C99 clean.
|
114709 |
05-May-2003 |
markm |
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked.
|
114283 |
30-Apr-2003 |
ru |
The including makefile's directory is tried first for .include "...".
|
114282 |
30-Apr-2003 |
ru |
Most things depend on !defined(NO_OPENSSL); make it look so.
|
114281 |
30-Apr-2003 |
ru |
NOSECURE is implied by NOCRYPT, meaning if the latter is defined we won't be here.
|
113916 |
23-Apr-2003 |
des |
Remove Kerberos IV shims.
|
113915 |
23-Apr-2003 |
des |
Update for 3.6.1p1; also remove Kerberos IV shims.
|
113436 |
13-Apr-2003 |
bde |
Silence `make -s' (echo -> ${ECHO}).
|
112942 |
01-Apr-2003 |
ru |
libtelnet depends on OpenSSL.
PR: 50507
|
112097 |
11-Mar-2003 |
obrien |
Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f' doesn't need to be prefixed with '-'. Keep the pointy hat for myself for not reading the code closely.
|
112064 |
10-Mar-2003 |
obrien |
Don't error out the build if removing a "stale" symlink fails.
Pointy hat for breaking my installworld: nectar
|
111651 |
27-Feb-2003 |
ru |
Handle includes the normal way.
Reviewed by: markm Approved by: nectar
|
111151 |
19-Feb-2003 |
nectar |
Regenerate man pages after import of OpenSSL 0.9.7a.
|
111088 |
18-Feb-2003 |
nectar |
LIBDIR/INCLUDEDIR do not include DESTDIR.
Reported by: Andrzej Tobola <san@iem.pw.edu.pl>
|
111085 |
18-Feb-2003 |
nectar |
Follow-up to previous commit: we had a des.h symlink, too. Remove that.
|
111083 |
18-Feb-2003 |
nectar |
Previously, libcrypto contained symbols that were identical to EAY libdes, and functionally close enough so that we created symlinks (libdes -> libcrypto) to help older applications. With the import of OpenSSL 0.9.7, this is no longer true and we no longer install these symlinks. However, systems that are upgraded may have these symlinks, which could cause non-obvious breakage at build-time. Therefore, blow any old symlinks away in the `afterinstall' target.
|
110855 |
14-Feb-2003 |
nectar |
Correct path for finding asm-generating files.
|
110655 |
10-Feb-2003 |
nectar |
Install the OpenSSL man pages in /usr/share/openssl/man and remove the WANT_OPENSSL_MANPAGES knob.
|
110590 |
09-Feb-2003 |
nectar |
Do not define OPENSSL_NO_KRB5 here in CFLAGS. It is handled in opensslconf.h.
Reminded by: reports from des, obrien
|
110141 |
31-Jan-2003 |
nectar |
Re-add WANT_OPENSSL_MANPAGES knob.
Noticed by: ru
|
110049 |
29-Jan-2003 |
nectar |
Background: When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.
|
110042 |
29-Jan-2003 |
nectar |
Re-add WANT_OPENSSL_MANPAGES knob.
|
110017 |
29-Jan-2003 |
peter |
Hopefully fix world for folks not compiling IDEA (the default). NO_IDEA is now spelled OPENSSL_NO_IDEA. Update the bmake glue accordingly or the IDEA references are not stripped from <openssl/evp.h>
|
110015 |
29-Jan-2003 |
nectar |
Force OPENSSL_NO_KRB5. OpenSSL's current implementation of RFC 2712 can only be built with MIT Kerberos.
If we didn't define this here, then SSL-using applications would have to define OPENSSL_NO_KRB5 themselves in order to build.
|
110010 |
28-Jan-2003 |
markm |
Update for OpenSSL 0.9.7. No assembler code at the moment. This will follow.
|
107133 |
21-Nov-2002 |
kris |
Remove myself as maintainer of openssl; I no longer have enough time to devote to it.
|
106618 |
08-Nov-2002 |
ru |
DON'T EVER PUT THIS BACK!
Pointy hat to: obrien
|
106538 |
06-Nov-2002 |
obrien |
Style sync with rest of FreeBSD.
|
106132 |
29-Oct-2002 |
des |
Update for OpenSSH 3.5p1.
|
103960 |
25-Sep-2002 |
markm |
Don't lint contrib'ed sources, even if the builder has asked for linting. Its Just Too Noisy.
|
103674 |
20-Sep-2002 |
ru |
Bandaid for a broken world. The real fix is somewhat more complicated and will be sent for a review.
|
103635 |
19-Sep-2002 |
ru |
Added the missing dependencies for openssl/ headers.
|
102343 |
24-Aug-2002 |
nectar |
Use `uint32_t' instead of `unsigned long', since the code assumes 32-bit arithmetic.
Reviewed by: make test
The fact that bdes(1) didn't work was Reported by: Fred Clift <fclift@verio.net>
|
100949 |
30-Jul-2002 |
nectar |
Update list of installed manual pages after regenerating them.
|
100947 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100946, which included commits to RCS files with non-trunk default branches.
|
100933 |
30-Jul-2002 |
nectar |
Update to match reality (i.e. reference libcrypto headers and libraries, not the no-longer-existent libdes).
|
100493 |
22-Jul-2002 |
ru |
s,/usr/include,${INCLUDEDIR},
|
98820 |
25-Jun-2002 |
des |
No guts, no glory. Switch to OpenSSH-portable.
Sponsored by: DARPA, NAI Labs
|
98685 |
23-Jun-2002 |
des |
Update Makefiles for OpenSSH 3.3.
|
98548 |
21-Jun-2002 |
ru |
Make NO_OPENSSL actually imply NO_OPENSSH, as documented in make.conf(5).
|
96643 |
15-May-2002 |
obrien |
for OpenSSL 0.9.5a
|
96603 |
14-May-2002 |
markm |
Build using pregenerated manpages; don't use perl to translate .pod's. The translated .pod's have already been committed.
|
96594 |
14-May-2002 |
markm |
This commit was generated by cvs2svn to compensate for changes in r96593, which included commits to RCS files with non-trunk default branches.
|
96513 |
13-May-2002 |
ru |
Removed now unused INTERNALSTATICLIB. INTERNALLIB now implies NOPIC and NOPROFILE. Removed gratuitous NOMAN.
|
96462 |
12-May-2002 |
ru |
Added new bsd.incs.mk which handles installing of header files via INCS. Implemented INCSLINKS (equivalent to SYMLINKS) to handle symlinking include files. Allow for multiple groups of include files to be installed, with the powerful INCSGROUPS knob. Documentation to follow.
Added standard `includes' and `incsinstall' targets, use them in Makefile.inc1. Headers from the following makefiles were not installed before (during `includes' in Makefile.inc1):
kerberos5/lib/libtelnet/Makefile lib/libbz2/Makefile lib/libdevinfo/Makefile lib/libform/Makefile lib/libisc/Makefile lib/libmenu/Makefile lib/libmilter/Makefile lib/libpanel/Makefile
Replaced all `beforeinstall' targets for installing includes with the INCS stuff.
Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS, and for compatibility with NetBSD. Similarly for INCOWN, INCGRP, and INCMODE.
Consistently use INCLUDEDIR instead of /usr/include.
gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes were only lightly tested due to the missing contrib/libstdc++-v3. I fully tested the pre-WIP_GCC31 version of this patch with the contrib/libstdc++.295 stuff.
These changes have been tested on i386 with the -DNO_WERROR "make world" and "make release".
|
95967 |
03-May-2002 |
peter |
Pre-generate the optimized x86 crypto code and check it in rather than depending on perl at build time. Makefile.asm is a helper for after the next import.
With my cvs@ hat on, the relatively small repo cost of this is acceptable, especially given that we have other (much bigger) things like lib*.so.gz.uu checked in under src/lib/compat/*.
Reviewed by: kris (maintainer)
|
95309 |
23-Apr-2002 |
ru |
The library itself does not depend on Kerberos bits. Otherwise, we would have broken krb4 and krb5 dists.
|
93034 |
23-Mar-2002 |
des |
Install headers with -C. Ideally, these Makefiles should not need to override the beforeinstall target at all, but this has proven difficult to achieve.
|
92563 |
18-Mar-2002 |
des |
Adjust for OpenSSH 3.1.
Sponsored by: DARPA, NAI Labs
|
92489 |
17-Mar-2002 |
bde |
Fixed some style bugs. Mainly, don't use ${.ALLSRC} in implicit rules. This change should have been in rev.1.37.
|
92411 |
16-Mar-2002 |
markm |
Use NO_PERL as well as NOPERL. The latter is going to (eventually) go.
|
91754 |
06-Mar-2002 |
markm |
No functional change, but big code cleanup. WARNS, lint(1) and style(9).
|
90868 |
18-Feb-2002 |
mike |
o Move NTOHL() and associated macros into <sys/param.h>. These are deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386 Reviewed by: bde, jake, tmm
|
90405 |
08-Feb-2002 |
ru |
Now that cross-tools ld(1) has been fixed to look for dynamic dependencies in the correct place, record the fact that -lssh depends on -lcrypto and -lz.
Removed false dependencies on -lz (except ssh(1) and sshd(8)). Removed false dependencies on -lcrypto and -lutil for scp(1).
Reviewed by: markm
|
89841 |
27-Jan-2002 |
kris |
Update list of manpages
|
89705 |
23-Jan-2002 |
ru |
Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh.
Reviewed by: des, markm Approved by: markm
|
87141 |
30-Nov-2001 |
markm |
Clean up makefiles, and turn on WARNS=2. Take into account the telnet #if cleanup.
|
86559 |
18-Nov-2001 |
jake |
Opensslconf for sparc64. Just a copy of the alpha one for now.
Approved by: kkenn (maintainer)
|
85744 |
30-Oct-2001 |
markm |
Install libssh and libssh_pic. These are needed when building statically, and when building things (like login(8)) standalone. libssh_pic is needed for libpam and modules.
Requested by: peter
|
85358 |
23-Oct-2001 |
peter |
__FBSDID() (second half of src/lib/libcrypt changes)
|
85309 |
22-Oct-2001 |
peter |
Argh! Shoot me! (add closing */ after $FreeBSD$ )
|
84773 |
10-Oct-2001 |
peter |
Add an ia64 configuration. This is not likely to be optimal, but does compile and seems to work. We should run configure after everything else is self hosting to test the speeds of the various options.
|
84698 |
09-Oct-2001 |
peter |
Sync this file up with its i386 brother. This appears to have been missed when 0.9.5a was imported.
Approved by: kris
|
84306 |
01-Oct-2001 |
ru |
mdoc(7) police: Use the new .In macro for #include statements.
|
84136 |
29-Sep-2001 |
ru |
Fix cross-building, etc:
1. To cross-build, one now needs to set TARGET_ARCH, and not the MACHINE_ARCH. MACHINE_ARCH should never be changed manually!
2. Initialize DESTDIR= explicitly for bootstrap-tools, build-tools, and cross-tools stages. This fixes broken header and library dependencies problem. We build them in the host environment, and obviously want them to depend on host headers and libraries. The problem with broken header dependencies for bootstrap-tools and cross-tools was already partially solved (see BOOTSTRAPPING tests in bsd.prog.mk and bsd.lib.mk), but it was still there for build-tools if the user ran "make world DESTDIR=/foo". Also, for all of these stages, the library dependencies were broken because of how bsd.libnames.mk define DPADD members.
We still provide a glue to install bootstrap- and cross-tools under the ${WORLDTMP}.
Removed PATH overrides for bootstrap-, build-, and cross-tools stages. There is just no reason why we would need to override it, and the hacks to clean up the ${WORLDTMP} in the -DNOCLEAN case are no longer needed with fixes from this step.
That is, we now never use ${WORLDTMP} headers and libraries, and we don't use any ${WORLDTMP} installed binaries during these stages. Again, these stages depend solely on the host environment, including compiler, headers, and libraries.
3. Moved "miniperl" back from cross-tools (it has nothing to do with a cross-compiler) to build-tools where it belongs. The change from step 1 let to do this. Also, to make this work, build-tools targets of "cc_tools" and "miniperl" were modified to call "depend". Here follow the detailed explanations.
There are two categories of build tools, for now. In the first category there are "cc_tools" and "miniperl". They occupy the whole (sub)directory, and nothing needs to be done in this subdirectory later during the "all" stage. They are also constructed using system makefiles. We must build the .depend early in the build-tools stage because:
1) They use (and depend on) the host environment.
2) If we don't do this in build-tools, the "depend" stage of buildworld will do this for us; wrong library and header dependencies will be recorded (DESTDIR=${WORLDTMP}) and, what's worse, the "all" stage may then clobber the build-architecture format tools (that we built in the build-tools stage) with the target-architecture format ones, breaking cross build.
In the second category there are all other build-tools. They share their directory with the "main" module that needs them in the "all" stage, and they don't show up themselves in the .depend file. The portion of this fix was already committed in gnu/usr.bin/cc/cc_tools/Makefile,v 1.52.
4. "libperl" is no longer a build tool, and "miniperl" is the stand-alone application. I had to make this change because build-tools and "all" stages share the same object directory. Without this change, if we cross compile, libperl.a is first built for the build architecture during the build-tools stage (for the purposes of immediate linkage with "miniperl"). Later on, the "all" stage sees this library as up-to-date, and doesn't rebuild it. The effect is that the wrong format static libperl library is installed with installworld.
5. Fixed "includes" to install secure/lib/libtelnet headers if required.
Reviewed by: bde
|
81967 |
20-Aug-2001 |
markm |
Diff reduce all the crypto telnet Makefiles.
|
81590 |
13-Aug-2001 |
ru |
mdoc(7) police: s/NetBSD/.Nx/ where appropriate.
|
81462 |
10-Aug-2001 |
ru |
mdoc(7) police: join split punctuation to macro calls.
|
81104 |
03-Aug-2001 |
markm |
Revamp and diff-reduce the various secure telnets. Make sure that Kerberos5 has _a_ telnet (which is not currently K5 enabled). Incorporate BDE's static linking fixes.
|
79530 |
10-Jul-2001 |
ru |
mdoc(7) police: removed HISTORY info from the .Os call.
|
79252 |
04-Jul-2001 |
kris |
Remove stale file.
|
76872 |
20-May-2001 |
kris |
Update for OpenSSL 0.9.6a
MFC after: 2 weeks
|
76264 |
04-May-2001 |
green |
Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new programs are now included: sftp(1) and ssh-keyscan(1).
|
76229 |
03-May-2001 |
green |
Add the new version.c to libssh.
|
75236 |
05-Apr-2001 |
nsayer |
Reactivate SRA.
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode(). This allows people to break out of SRA authentication if they wish to.
|
74929 |
28-Mar-2001 |
ru |
Merged src/lib/libtelnet rev.1.9 (fixed removing of obsolete shared library: wrong library directory, wrong library extension and wrong comment). This is mainly of historical interest, if any. The library that gets removed is aout.
Also, backout the beforeinstall -> afterinstall change in rev.1.20 that was required to install proper telnet.h into /usr/include/arpa. The actual problem is in <bsd.lib.mk>, and I am going to fix it.
|
74928 |
28-Mar-2001 |
ru |
Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.
Approved by: markm
|
74818 |
26-Mar-2001 |
ru |
secure/ build fixes:
- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.
- SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing.
- libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa.
- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.
Reviewed by: markm
- MAN[1-9] -> MAN.
|
74702 |
23-Mar-2001 |
assar |
disable SRA this impacts negatively to POLA since once autologin is enabled, telnet will prompt for a password using getpass() and thus not allow the usual signal characters or C-]
|
74243 |
14-Mar-2001 |
kris |
Attempt to fix the problem with -j builds, and du-uglify the asm code generation and assembly targets.
Help from: bde, obrien
|
74106 |
11-Mar-2001 |
markm |
Add OpenBSD-style blowfish password hashing. This makes one less gratuitous difference between us and our sister project.
This was given to me _ages_ ago. May apologies to Paul for the length of time its taken me to commit.
Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD Submitted by: Paul Herman <pherman@frenchfries.net>
|
73983 |
08-Mar-2001 |
kris |
MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6
|
73553 |
04-Mar-2001 |
kris |
Install the des.h link under ${DESTDIR}. Fixes buildworld.
Submitted by: Christian Weisgerber <naddy@mips.inka.de>
|
73423 |
04-Mar-2001 |
kris |
Clean up the installation of the compatibility libdes header/library symlinks
Pointed out by: bde
|
73420 |
04-Mar-2001 |
kris |
Don't override CPUTYPE (actually this predates the <bsd.cpu.mk> use of CPUTYPE, and I forgot I used it here already)
Pointed out by: bde
|
73349 |
02-Mar-2001 |
ru |
setlocale(3) has been fixed to match POSIX standard: LC_ALL takes precedence over other LC_* envariables.
|
73043 |
25-Feb-2001 |
kris |
Update the list of OpenSSL manpages (now contains many more describing libssl, for example), and hide it behind a make.conf option, WANT_OPENSSL_MANPAGES, instead of having it commented out. We still can't install these by default because of clobbering of a number of system manpages with the same name, but they're there for people who want them.
|
72731 |
20-Feb-2001 |
kris |
Add back a missing file from the no-asm case
Submitted by: gallatin
|
72716 |
19-Feb-2001 |
kris |
Remove a remnant of my attempt to get alpha asm code working. OpenSSL does include code for the alpha, but as far as I can tell, it is non-functional (e.g. it's not even compiled by the native openssl build on the alpha).
Noticed by: gallatin
|
72679 |
19-Feb-2001 |
kris |
Introduce support for using OpenSSL ASM optimizations. This is done through the use of a new build directive, MACHINE_CPU, which contains a list of the CPU generations/features for which optimizations are desired. This feature will be extended to cover the ports tree in the future.
Currently OpenSSL provides optimizations for i386, i586 and i686-class CPUs. Currently it has not been tested on an i386 or i486.
Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not defined (namely, the lowest common denominator CPU we support for each architecture). Currently this is i386 for the i386 architecture and ev4 for the alpha. sys.mk also sets the variable as a last resort for consistency with MACHINE_ARCH and bootstrapping from very old versions of make.
Benchmarks show a significant speed increase even in the i386 case, with additional improvements for i586 and i686 systems. For maximum performance define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.
Based on a patch submitted by: Mike Silbersack <silby@silby.com> Reviewed by: current
|
72069 |
06-Feb-2001 |
bde |
Fixed missing include of <unistd.h> and wrong prototype for setkey().
|
71591 |
24-Jan-2001 |
ben |
Add .Lb libcipher
PR: 24434 Submitted by: Bill Cheswick <ches@bell-labs.com>
|
70419 |
28-Dec-2000 |
peter |
Merge into a single US-exportable libcrypt, which only provides one-way hash functions for authentication purposes. There is no more "set the libcrypt->libXXXcrypt" nightmare. - Undo the libmd.so hack, use -D to hide the md5c.c internals. - Remove the symlink hacks in release/Makefile - the algorthm is set by set_crypt_format() as before. If this is not called, it tries to heuristically figure out the hash format, and if all else fails, it uses the optional auth.conf entry to chose the overall default hash. - Since source has non-hidden crypto in it there may be some issues with having the source it in some countries, so preserve the "secure/*" division. You can still build a des-free libcrypt library if you want to badly enough. This should not be a problem in the US or exporting from the US as freebsd.org had notified BXA some time ago. That makes this stuff re-exportable by anyone. - For consistancy, the default in absence of any other clues is md5. This is to try and minimize POLA across buildworld where folk may suddenly be activating des-crypt()-hash support. Since the des hash may not always be present, it seemed sensible to make the stronger md5 algorithm the default. All things being equal, no functionality is lost.
Reviewed-by: jkh
(flame-proof suit on)
|
69593 |
05-Dec-2000 |
green |
Update for OpenSSH 2.3.0.
|
68744 |
15-Nov-2000 |
ru |
Fixed a typo from the last commit.
Submitted by: Mike Heffner <mheffner@vt.edu>
|
68736 |
14-Nov-2000 |
kris |
Correct some fallout from the semi-automated way I updated the makefile.
Submitted by: roberto
|
68655 |
13-Nov-2000 |
kris |
Update for OpenSSL 0.9.6
|
65971 |
17-Sep-2000 |
kris |
Overhaul of the build-time include file generation. Don't break in evp.h if bootstrapping from a system on which the openssl headers are not already present.
|
65675 |
10-Sep-2000 |
kris |
Update for OpenSSH 2.2.0
|
65653 |
10-Sep-2000 |
kris |
Nuke RSAREF support from orbit.
It's the only way to be sure.
|
65551 |
06-Sep-2000 |
kris |
``Anyone is now free to rub two primes together for their own gratification'' -- Unknown
Now that the RSA algorithm is released into the public domain, build librsaintl by default unless NO_RSAINTL is set in make.conf.
The native OpenSSL implementation of RSA is much faster, doesn't have an artificial keysize limitation, has 30% fewer calories and tastes great!
|
65060 |
24-Aug-2000 |
green |
Make the temporary file _evp.h instead of evp.h to not conflict with the real evp.h.
Reported by: markm
|
65024 |
23-Aug-2000 |
green |
Generate a new evp.h at build-time instead of install-time to properly support NFS(ro) installworlds.
|
64918 |
22-Aug-2000 |
green |
Add working and easy crypt(3)-switching. Yes, we need a whole new API for crypt(3) by now. In any case:
Add crypt_set_format(3) + documentation to -lcrypt. Add login_setcryptfmt(3) + documentation to -lutil. Support for switching crypt formats in passwd(8). Support for switching crypt formats in pw(8).
The simple synopsis is: edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)
Reviewed by: peter
|
64219 |
04-Aug-2000 |
green |
Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by getting rid of the check for NO_IDEA (in evp.h) completely if it's installed without MAKE_IDEA=YES.
|
63123 |
14-Jul-2000 |
peter |
Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to confuse myself last time and made make.conf different to the code. ;-(
Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>
|
62437 |
03-Jul-2000 |
peter |
Argh. Cut/paste transcription error. Fix syntax of previous commit.
|
62434 |
03-Jul-2000 |
peter |
USA_RESIDENT is forced to YES or NO at the start of Makefile.inc1 Use that to be the final arbiter of whether or not to build the librsaintl.so plugin for openssl/openssh. Add a magic WANT_RSAINTL flag to force building even if USA_RESIDENT=YES.
|
62030 |
24-Jun-2000 |
markm |
MFI. This is a documentation-only, diffreducing patch, that if invoked will cause breakage. US Users - DO NOT try to turn on IDEA - the sources are not included.
|
61213 |
03-Jun-2000 |
kris |
Add a new file to SRCS
|
60615 |
15-May-2000 |
obrien |
/dev/urandom is the default random device, so no use in stateing it here. Also simplify the conditionals a little.
|
60610 |
15-May-2000 |
obrien |
This version is slightly better than rev 1.10. There are still missing dependencies for openssl/*.h. I cannot reproduce any critical race conditions with this revision.
|
60609 |
15-May-2000 |
obrien |
Use unadorned `mkdir -p', removing the "test ... ||". There are sometimes problems with "&&" and "||" in the `make -j' case, as it appears multiple processes may process parts of the execution line.
|
60577 |
15-May-2000 |
kris |
Update for OpenSSH 2.1
|
59426 |
20-Apr-2000 |
kris |
Use the C locale for running date(1).
Submitted by: ache
|
59196 |
13-Apr-2000 |
kris |
Update for OpenSSL 0.9.5a and clean up a bit.
|
59195 |
13-Apr-2000 |
kris |
Update for OpenSSL 0.9.5a and clean up a bit. Take responsibility for this makefile again :-)
|
59146 |
11-Apr-2000 |
obrien |
* Fix dependancies so that ``make depend'' is not required. * Some style fixes
Approved by: kris
|
59145 |
11-Apr-2000 |
obrien |
* Fix dependancies so that ``make depend'' is not required. * Some style fixes
Approved by: kris
|
59000 |
04-Apr-2000 |
kris |
Add libcrypto to LDADD. This fixes problems seen with e.g. apache-modssl
Submitted by: Jim Bloom <bloom@acm.org>
|
57971 |
13-Mar-2000 |
kris |
Add a new function stub to libcrypto() which resolves to a symbol in the librsa* library and reports which version of the library (OpenSSL/RSAREF) is being used.
This is then used in openssh to detect the failure case of RSAREF and a RSA key >1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai led.'
This is a 4.0-RELEASE candidate.
|
57804 |
07-Mar-2000 |
kris |
Build a shared library too - ports expect it.
Reviewed by: peter Approved by: jkh
|
57766 |
05-Mar-2000 |
peter |
Merge from internat.freebsd.org; cleanup stray rsaref glue code reference
|
57682 |
02-Mar-2000 |
kris |
Resurrect the old libdes manpages (after a repo copy) until we have better ones.
|
57681 |
02-Mar-2000 |
peter |
Merge from internat.freebsd.org: add libcrypto to librsaUSA's symbol search path so that ERR_load_strings() is found in certain circumstances involving dlopen(). eg: main program dlopened foo.so which is linked against libcrypto. If libcrypto then dlopens librsaUSA.so, then it's search path doens't find libcrypto (!). One "fix" is to force modules (eg main opening foo.so) to use the RTLD_GLOBAL flag, the other is to explicitly declare dependencies (as done here).
|
57615 |
29-Feb-2000 |
markm |
MFI: stupid typo of mine.
|
57582 |
29-Feb-2000 |
kris |
Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt symlinks. The name is against my better judgement, but I defer to ancient tradition here because I'm a nice guy.
Reviewed by: -current
|
57569 |
28-Feb-2000 |
markm |
New distribution names.
|
57511 |
26-Feb-2000 |
peter |
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
|
57484 |
25-Feb-2000 |
peter |
Merge from internat.freebsd.org; make RSAREF=YES work correctly, although this is not very useful as the US repo is missing bits.
|
57476 |
25-Feb-2000 |
peter |
Create a stub libRSAglue for bsd.port.mk's sake
|
57474 |
25-Feb-2000 |
peter |
Fold libRSAglue into libcrypto so we don't have to special-case all the builds. There is still no actual RSA implementation code in libcrypto or src/* on US code trees.
|
57471 |
25-Feb-2000 |
peter |
Sync with internat; delete a trailing space
|
57456 |
24-Feb-2000 |
markm |
Remove port components not needed in 4.n+
Submitted by: Half the freaking planet....
|
57440 |
24-Feb-2000 |
markm |
libdes is OBE
|
57437 |
24-Feb-2000 |
markm |
Build everything properly. This means:
o Don't b uild libdes.
o Crypto is now housed in libcrypto (with a compatability symlink to libdes)
o RSA may depend on RSAREF at your locale.
o OpenSSH is now a part of the base system.
|
57434 |
24-Feb-2000 |
markm |
Add the OpenSSH userland-building Makefiles.
|
57414 |
24-Feb-2000 |
markm |
Freefall/Internat diff reducer.
|
57413 |
24-Feb-2000 |
markm |
Freefall/Internat diff reducer.
|
57412 |
24-Feb-2000 |
markm |
Freefall/Internat diff reducer.
|
56898 |
30-Jan-2000 |
kris |
Add NO_OPENSSL knob to turn off building of openssl
Requested by: wollman
|
56316 |
20-Jan-2000 |
kris |
Activate librsaglue
|
56315 |
20-Jan-2000 |
kris |
Move the rsaref gunk to libRSAglue where ports expect it.
|
56314 |
20-Jan-2000 |
kris |
Build infrastructure for libRSAglue, required for compatability with ports even though it doesn't seem to do anything which requires it to be separate from libcrypto.
|
56089 |
16-Jan-2000 |
kris |
Turn back on libcrypto and libssl building.
|
56087 |
16-Jan-2000 |
kris |
*** empty log message ***
|
56080 |
16-Jan-2000 |
kris |
Add MAINTAINER tag so people don't feel the need to randomly frob with this.
|
56050 |
15-Jan-2000 |
green |
We cannot have libcrypto, and therefore OpenSSL at all, without RSA. If you need examples of breakage, I'm ready to provide more than a few.
|
55956 |
14-Jan-2000 |
kris |
Connect OpenSSL to the build.
|
55950 |
14-Jan-2000 |
kris |
Build infrastructure for OpenSSL
|
55688 |
09-Jan-2000 |
kris |
Really really remove SHA-1 support.
|
55654 |
09-Jan-2000 |
markm |
Routines needed by new kerberos.
|
55585 |
08-Jan-2000 |
jkh |
Remove the SHA stuff properly.
|
54829 |
19-Dec-1999 |
peter |
I missed the LDADD/DPADD for -lmd in the secure cases. :-(
Pointed out by: marcel
|
52167 |
12-Oct-1999 |
markm |
Dont build telenet if we are going for kerberised telnet; this just jumps all over kerberised telnet otherwise.
|
51993 |
07-Oct-1999 |
markm |
Make telnet with SRA work.
Submitted by: Nick Sayer
|
51524 |
21-Sep-1999 |
markm |
Colour me stupid. This is a better way of using the macros.
|
51511 |
21-Sep-1999 |
markm |
Do this the same way as Internat to reduce diffs.
|
51510 |
21-Sep-1999 |
dt |
Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons. Revert the major number back to 2.
libcrypt only export one function, before the recent changes and now: char *crypt(const char *key, const char *salt); The prototype didn't changed. Internal representation of `char' and `char *' didn't changed. Therefore, there is no reason to change the version number.
|
51507 |
21-Sep-1999 |
peter |
Restore SONAME setting, otherwise libdescrypt.so.3 doesn't end up with a special SONAME of libcrypt.so.3 and the runtime symlink doesn't work.
|
51461 |
20-Sep-1999 |
markm |
Make this completely dependant on the exportable libcrypt, to avoid duplication of effort. Also a large cleanup of the code, inspired by Brandon Gillespie.
|
51425 |
19-Sep-1999 |
markm |
libdes is bmaked and built from src/crypto/... now.
|
50895 |
04-Sep-1999 |
markm |
This commit was generated by cvs2svn to compensate for changes in r50894, which included commits to RCS files with non-trunk default branches.
|
50761 |
01-Sep-1999 |
markm |
This commit was generated by cvs2svn to compensate for changes in r50760, which included commits to RCS files with non-trunk default branches.
|
50488 |
28-Aug-1999 |
peter |
$Header$ -> $FreeBSD$
|
50479 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
49830 |
15-Aug-1999 |
mpp |
Various man page cleanup:
- Be consistent with section names as outlined in mdoc(7). - Other misc mdoc cleanup.
|
43152 |
24-Jan-1999 |
markm |
Fix symlinking. Without the -f "force" option, the wrong version can be found. Submitted by: Bruce
|
43091 |
23-Jan-1999 |
markm |
The new crypt code breaks "make world". Back it out.
|
42983 |
21-Jan-1999 |
brandon |
Removed from the secure/lib/libcrypt area, because of the rewrite to how the Makefile handles des support by just including the single .c file.
Reviewed by: Mark Murray
|
38664 |
31-Aug-1998 |
jb |
BINFORMAT -> OBJFORMAT ready for E-day. Untested 'cause I'm outside the US and not allowed to see this. I kept my eyes closed. 8-)
|
30217 |
08-Oct-1997 |
markm |
Staticise a variable. PR: 4722 Submitted by: Karl Denninger
|
29147 |
05-Sep-1997 |
peter |
Teach libdescrypt about elf builds.
|
22990 |
22-Feb-1997 |
peter |
Revert $FreeBSD$ to $Id$
|
21673 |
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
21635 |
13-Jan-1997 |
wosch |
Sort cross references.
|
19502 |
07-Nov-1996 |
markm |
Secure telnet is now in eBones.
|
17945 |
30-Aug-1996 |
peter |
cmp -s || install -c --> install -C
|
17498 |
10-Aug-1996 |
markm |
This commit was generated by cvs2svn to compensate for changes in r17497, which included commits to RCS files with non-trunk default branches.
|
17356 |
30-Jul-1996 |
markm |
Some breakeages sneaked in. This fixes them. (this relates to a name change in a library that was not properly backed up by the author) Reported by: too mant :-(
|
17333 |
29-Jul-1996 |
markm |
Merge, remove rubbish and bump the MAJOR.MINOR to 3.0
|
17331 |
29-Jul-1996 |
markm |
This commit was generated by cvs2svn to compensate for changes in r17330, which included commits to RCS files with non-trunk default branches.
|
17318 |
28-Jul-1996 |
markm |
Mrege conflicts etc.
|
17316 |
28-Jul-1996 |
markm |
This commit was generated by cvs2svn to compensate for changes in r17315, which included commits to RCS files with non-trunk default branches.
|
17309 |
27-Jul-1996 |
jkh |
Add necessary item to CLEANFILES
|
16663 |
24-Jun-1996 |
jkh |
Bring in my changes for removing the pestilent obj links (unless you really want them) from /usr/src. This is the final version of the patches, incorporating the feedback I've received from -current.
|
15609 |
04-May-1996 |
markm |
Add randomness from /dev/random if it is available.
|
15228 |
13-Apr-1996 |
markm |
Split libcrypt and libcipher man pages.
|
15225 |
13-Apr-1996 |
markm |
Split the libcrypt and libcipher man pages.
|
15159 |
09-Apr-1996 |
mpp |
Install crypt.3 so that libcipher will install if /usr/share/man has been blown away. Previously it depended on an existing crypt.3 to be present for the man page links to install properly.
|
14656 |
17-Mar-1996 |
markm |
Comment out the NOPROFILE=yes to make this orthogonal with the rest of our libs.
|
14548 |
11-Mar-1996 |
markm |
Big clean-up job. Remove ancient and never-to-be used stuff. The look much more like BSD Makefiles now.
|
14534 |
11-Mar-1996 |
markm |
Fix typo #ifdef -> .if defined(). Tidy uo this file a bit.
|
14462 |
10-Mar-1996 |
markm |
Fix typo - -des -> -ldes
|
14438 |
09-Mar-1996 |
ache |
Sense MAKE_EBONES, DESTDIR SRCS cleanup DPADD cleanup
|
14168 |
21-Feb-1996 |
jkh |
Add back missing crypt.3 man page.
|
14045 |
12-Feb-1996 |
mpp |
Another round of man page cleanups.
Down to only about 100 items left to cleanup! :-)
|
14020 |
11-Feb-1996 |
markm |
Add the new libdes to the build
|
14014 |
10-Feb-1996 |
markm |
Rats. Forgot to `cvs add' this.
|
14012 |
10-Feb-1996 |
markm |
iImport a FreeBSD Makefile, BSD-ise the header and correct a typo. As the interface has changed a bit (there are more rentry points), the shared library has been bumped to libdes.so.2.1.
|
14010 |
10-Feb-1996 |
markm |
This commit was generated by cvs2svn to compensate for changes in r14009, which included commits to RCS files with non-trunk default branches.
|
12884 |
16-Dec-1995 |
markm |
Dual personality crypt(3). This crypt will choose its encryption algorithm (DES or MD5) based on the type of salt used. Salt beginning with "$1$" indicates MD5.
|
11419 |
11-Oct-1995 |
gibbs |
Remove MAKE_EBONES conditionals. They were originally placed here because of missing functionality in our libkrb which is no longer a problem.
|
11074 |
29-Sep-1995 |
ache |
Remove duplicated targets which now build from main tree if available and allowed
|
10740 |
14-Sep-1995 |
gibbs |
Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES. Fix up some of the des calls to be compatible with eBones.
|
9932 |
05-Aug-1995 |
ache |
Comment out LDADD+=-ldescrypt, it is not yet active due to missng defines for krb4encpwd and rsaencpwd and missing rsa library too.
|
9760 |
29-Jul-1995 |
markm |
After pst and ache fixed secure telnet, it was still not in the main makefiles. This puts it in.
PLEASE NOTE - YOU WILL NEED TO BUILD AND INSTALL THE libtelnet IN secure/ Reviewed by: Submitted by: Obtained from:
|
9694 |
24-Jul-1995 |
ache |
Final cleanup pass through Makefiles, now this stuff autodetect kerberos/eBones and work even with eBones, but with reduced functionality (don't pick up des/krb stuff in this case)
|
9691 |
24-Jul-1995 |
ache |
Add LDADD+= -ldescrypt Reviewed by: Submitted by: Obtained from:
|
9690 |
24-Jul-1995 |
ache |
Move -ldes under kerb stuff, my fault Reviewed by: Submitted by: Obtained from:
|
9688 |
24-Jul-1995 |
ache |
Since this stuff not works with eBones, ifdef kerberos stuff with MAKE_KERBEROS to allow other things to live Submitted by: Obtained from:
|
9686 |
24-Jul-1995 |
ache |
Add comment about new_rbd_key.c module needed from original libdes
|
9683 |
24-Jul-1995 |
ache |
Fix many bogus things, typing error, dependance errors, etc., now it compiles. Note: this stuff requires original libdes, not libdes from Eric Yang which we have in eBones.
|
9590 |
20-Jul-1995 |
pst |
Update telnet to the 95.05.31 release.
Obtained from: Dave Borman <dab@cray.com>
|
8871 |
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
6514 |
17-Feb-1995 |
dima |
Security fixes. CERT Advisory CA-95:03.telnet.encryption
Obtained from: CERT
|
4806 |
24-Nov-1994 |
phk |
Fix secrdist sharedlib bug.
|
4485 |
14-Nov-1994 |
phk |
Make the "distribute" target build the "des" distribution. Make des'ed init and ed, by pointing to real sources.
|
2900 |
19-Sep-1994 |
csgr |
More elegant fix for short settings. (Our existing fixes already plugged the security holes involved.) Submitted by: Geoff Rehmet after consultation with David Burren
|
2601 |
09-Sep-1994 |
csgr |
fix bogus .include Submitted by: Geoff.
|
2584 |
08-Sep-1994 |
csgr |
add libcipher to Makefile Submitted by: Geoff.
|
2550 |
07-Sep-1994 |
csgr |
- Remove crypt() - it's in libcrypt - remove ^L's - CTM will probably choke on them - add PRECIOUSLIB to Makefile - name changes libcrypt -> libcipher Submitted by: Geoff.
|
2547 |
07-Sep-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r2546, which included commits to RCS files with non-trunk default branches.
|
2539 |
07-Sep-1994 |
pst |
Back out static hacks & build of usr.bin until Geoff informs the world of his master plan.
Submitted by: pst
|
2536 |
07-Sep-1994 |
pst |
Remove static in front of declarations for des_setkey and des_cipher so that linking against -lcrypt (-ldescrypt) will give us the good versions instead of the stubs in libc. (These changes need to be made to the non-US version of libdescrypt too!)
Allow building and support for bdes program. A bit more work still needs to be done on secure telnet.
Submitted by: pst
|
2306 |
26-Aug-1994 |
wollman |
Hopefully fix bogus permissions.
|
2300 |
26-Aug-1994 |
wollman |
Install libdescrypt.so immutable.
|
2156 |
20-Aug-1994 |
csgr |
Fix afterinstall rule for generating links to the real libcrypt Submitted by: Geoff
|
2048 |
12-Aug-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r2047, which included commits to RCS files with non-trunk default branches.
|
2046 |
12-Aug-1994 |
csgr |
when making test programs, look for libdescrypt, not libcrypt Submitted by: Geoff Rehmet
|
2044 |
12-Aug-1994 |
csgr |
1) don't make bdes yet 2) fix .include in secure/lib/Makefile.inc 3) fix afterinstall rule in libcrypt/Makefile Submitted by: Geoff Rehmet
|
1990 |
09-Aug-1994 |
csgr |
Install secure/lib/libcrypt as libdescrypt, and symlink it to libcrypt. There may be a little modification neede to this makefile once we start working on tidy make world's. Submitted by: geoff.
|
1961 |
08-Aug-1994 |
csgr |
add Makefiles for secure/lib. Makefile.inc just includes src/lib/Makefile.inc in order to get things like SHLIB_MAJOR etc.
|
1959 |
08-Aug-1994 |
csgr |
Modify libcrypt so that the only exported symbol is _crypt(). Submitted by: Geoff Rehmet
|
1957 |
08-Aug-1994 |
csgr |
This commit was generated by cvs2svn to compensate for changes in r1956, which included commits to RCS files with non-trunk default branches.
|
1956 |
08-Aug-1994 |
csgr |
Unecumbered securedist from FreeBSD 1.1.5.1 - sources for libcrypt. The next commit will remove all symbols except _crypt() Reviewed by: Geoff Rehmet Submitted by: David Burren
|