318108 |
09-May-2017 |
bdrewery |
DIRDEPS_BUILD: Update dependencies.
This is a direct commit since MFCing these changes is impractical.
Sponsored by: Dell EMC Isilon |
312268 |
16-Jan-2017 |
ngie |
MFC r311140:
Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and MK_KERBEROS_SUPPORT != no
This fixes the odd case where someone specified MK_GSSAPI=no and MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense, but the build system doesn't prevent this case today, and it didn't when I filed the bug back in 2011 either).
PR: 159745 |
302408 |
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
298107 |
16-Apr-2016 |
gjb |
Merge the projects/release-pkg branch to head.
This allows packaging the base system with pkg(8), including but not limited to providing the ability to provide upstream binary update possibilities for non-tier-1 architectures.
This merge is a requirement of the 11.0-RELEASE, and as such, thank you to everyone that has tested the project branch.
Documentation in build(7) etc. is still somewhat sparse, but updates to those parts will follow.
Sponsored by: The FreeBSD Foundation
|
296633 |
11-Mar-2016 |
des |
Upgrade to OpenSSH 7.2p2.
|
291941 |
07-Dec-2015 |
bdrewery |
Replace unneeded manual dependency on header by adding it to SRCS.
bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed.
MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
|
291198 |
23-Nov-2015 |
des |
Retire the NONE cipher option.
|
284345 |
13-Jun-2015 |
sjg |
Add META_MODE support.
Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796 Reviewed by: brooks imp
|
275083 |
25-Nov-2014 |
bapt |
Reduce overlinking The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475
|
275077 |
25-Nov-2014 |
bapt |
Convert to LIBADD Reduce overlinking
|
270178 |
19-Aug-2014 |
ngie |
Fix typo (LIBLDNSADD -> LIBLDNS) to fix "make checkdpadd"
X-MFC with: r269648 Phabric: D634 Approved by: jmmv (mentor)
|
269648 |
06-Aug-2014 |
bapt |
Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS.
Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste
|
265420 |
06-May-2014 |
imp |
Use src.opts.mk in preference to bsd.own.mk except where we need stuff from the latter.
|
255829 |
23-Sep-2013 |
des |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise.
Approved by: re (marius)
|
255460 |
10-Sep-2013 |
des |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records.
Approved by: re (blanket)
|
255386 |
08-Sep-2013 |
des |
Make libldns and libssh private.
Approved by: re (blanket)
|
245527 |
17-Jan-2013 |
bz |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
|
233432 |
24-Mar-2012 |
eadler |
Restore the ability to use a non-standard LOCALBASE to sshd Add the ability to use a non-standard LOCALBASE to ssh
Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136)
|
233136 |
19-Mar-2012 |
eadler |
X11BASE is not used any more and has been killed by the x11 team.
Reviewed by: ??? Approved by: ??? MFC after: 3 days
|
204917 |
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
197679 |
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
181111 |
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
176844 |
05-Mar-2008 |
kris |
For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases.
However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found.
Instead, provide a copy of the default LOCALBASE?=/usr/local setting here.
We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth.
MFC after: 3 days Reported by: rwatson
|
158529 |
13-May-2006 |
des |
Add a manual dependency on ssh_namespace.h.
Discussed with: ru
|
158519 |
13-May-2006 |
des |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh)
Suggested by: lukem@netbsd.org MFC after: 6 weeks
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
153838 |
29-Dec-2005 |
dfr |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
|
147098 |
07-Jun-2005 |
des |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64.
Requested by: ru
|
147056 |
06-Jun-2005 |
des |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD.
|
147007 |
05-Jun-2005 |
des |
Update for OpenSSH 4.1p1.
|
126282 |
26-Feb-2004 |
des |
Update for 3.8p1, including workaround for a bug in gss-genr.c.
|
124249 |
08-Jan-2004 |
ru |
Fixed static linkage.
Reviewed by: des
|
124242 |
08-Jan-2004 |
des |
Enable GSSAPI support. [1] Also remove some duplicates from ssh's SRCS.
Submitted by: [1] Björn Grönvall <bg@sics.se>
|
124212 |
07-Jan-2004 |
des |
Update Makefiles for OpenSSH 3.7.1p2.
|
117181 |
02-Jul-2003 |
ru |
Fixed "make checkdpadd".
OK'ed by: markm
|
114709 |
05-May-2003 |
markm |
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked.
|
114302 |
30-Apr-2003 |
markm |
We no longer have a separate kerberos distribution. Its now just part of the regular security dist.
|
113915 |
23-Apr-2003 |
des |
Update for 3.6.1p1; also remove Kerberos IV shims.
|
106132 |
29-Oct-2002 |
des |
Update for OpenSSH 3.5p1.
|
99430 |
05-Jul-2002 |
des |
ssh-keysign(8) belongs in /usr/libexec, not in /usr/bin, and needs to be setuid so ssh(1) doesn't have to be.
Pointy hat to: des Submitted by: Katsuyuki TATEISHI <katsu@iec.hiroshima-u.ac.jp>
|
98820 |
25-Jun-2002 |
des |
No guts, no glory. Switch to OpenSSH-portable.
Sponsored by: DARPA, NAI Labs
|
98740 |
24-Jun-2002 |
des |
Previous commit made no sense.
|
98707 |
23-Jun-2002 |
des |
Install the new man pages.
|
95509 |
26-Apr-2002 |
ru |
Milestone #1 in cross-arch make releases.
Do not install games and profiled libraries to the ${CHROOTDIR} with the initial installworld.
Eliminate the need in the second installworld. For that, make sure _everything_ is built in the "world" environment, using the right tool chain.
Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the buildworld process into stages, and skip some stages when SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5 dists).
Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running makewhatis(1) at the end of installworld (used when making crypto, krb4, and krb5 dists).
In release/scripts/doFS.sh, ensure that the correct boot blocks are used.
Moved the creation of the "crypto" dist from release.5 to release.2.
In release.3 and doMFSKERN, build kernels in the "world" environment. KERNELS now means "additional" kernels, GENERIC is always built.
Ensure we build crunched binaries in the "world" environment. Obfuscate release/Makefile some more (WMAKEENV) to achieve this.
Inline createBOOTMFS target.
Use already built GENERIC kernel modules to augment mfsfd's /stand/modules. GC doMODULES as such.
Assorted fixes:
Get rid of the "afterdistribute" target by moving the single use of it from sys/Makefile to etc/Makefile's "distribute".
Makefile.inc1: apparently "etc" no longer needs to be last for "distribute" to succeed.
gnu/usr.bin/perl/library/Makefile.inc: do not override the "install" and "distribute" targets, do it the "canonical" way.
release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and catpages appear in the right dists. Note that because Perl does not respect the MANBUILDCAT (and NOMAN), this results in a loss of /usr/share/perl/man/cat* empty directories. This will be fixed soon.
Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it means "make KerberosIV"), as documented in the make.conf(5) manpage. Most of the userland makefiles did not test it for "YES" anyway.
XXX Should specialized kerberized libpam versions be included into the krb4 and krb5 dists? (libpam.a would be incorrect anyway if both krb4 and krb5 dists were choosen.)
Make sure "games" dist is made before "catpages", otherwise games catpages settle in the wrong dist.
Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
|
89705 |
23-Jan-2002 |
ru |
Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh.
Reviewed by: des, markm Approved by: markm
|
76264 |
04-May-2001 |
green |
Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new programs are now included: sftp(1) and ssh-keyscan(1).
|
74818 |
26-Mar-2001 |
ru |
secure/ build fixes:
- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.
- SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing.
- libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa.
- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.
Reviewed by: markm
- MAN[1-9] -> MAN.
|
68705 |
14-Nov-2000 |
green |
Disable /usr/bin/ssh being setuid root by default. Let the variable ENABLE_SUID_SSH being defined reenable it for those that want it.
This follows discussion favoring the change from September. It is not usually necessary to be setuid root, possibly less safe, and less convenient (cannot use $HOSTALIASES, for example).
Submitted by: jedgar
|
65675 |
10-Sep-2000 |
kris |
Update for OpenSSH 2.2.0
|
65029 |
23-Aug-2000 |
ache |
Add missing quotes around xauth path
|
65020 |
23-Aug-2000 |
kris |
Respect X11BASE to derive the location of xauth(1)
PR: 17818 Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
|
60577 |
15-May-2000 |
kris |
Update for OpenSSH 2.1
|
58586 |
26-Mar-2000 |
kris |
Update for latest OpenSSH
|
57743 |
03-Mar-2000 |
jhay |
MFI: Make ssh and sshd link in the krb5 part of make release.
Reviewed by: markm
|
57569 |
28-Feb-2000 |
markm |
New distribution names.
|
57475 |
25-Feb-2000 |
peter |
Don't pull in libRSAglue for the rsaref case. Since this is linked dynamically by default, we use the dlopen() calls to load librsaref.so on US code trees.
|
57434 |
24-Feb-2000 |
markm |
Add the OpenSSH userland-building Makefiles.
|