#
5f4c09dd |
|
11-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
Track upstream project rename in contrib/blocklistd Upstream is now https://github.com/zoulasc/blocklist/. Rename the contrib directory and update Makefiles to match, in advance of the next vendor branch update. Sponsored by: The FreeBSD Foundation
|
#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
38a52bd3 |
|
19-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.1p1 Release notes are available at https://www.openssh.com/txt/release-9.1 9.1 contains fixes for three minor memory safety problems; these have lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base system. Some highlights copied from the release notes: Potentially-incompatible changes -------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. New features ------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429 MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
9d63429f |
|
02-Nov-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: move common Makefile boilerplate to a new ssh.mk This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808 |
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
b749a1b9 |
|
16-Aug-2018 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix build after r337852: Don't rebuild moduli based on unrelated moduli.c Reported by: many, delphij (moduli.c issue) |
#
f0a51d9d |
|
15-Aug-2018 |
Brad Davis <brd@FreeBSD.org> |
Move ssh config file handling into the ssh Makefiles. This helps with pkgbase by using CONFS and tagging these as config files. Approved by: allanjude (mentor), des Differential Revision: https://reviews.freebsd.org/D16678 |
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
233932cc |
|
07-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Conditionalize building libwrap support into sshd Only build libwrap support into sshd if MK_TCP_WRAPPERS != no This will unbreak the build if libwrap has been removed from the system MFC after: 2 weeks PR: 210141 Submitted by: kpect@protonmail.com Differential Revision: D9049 |
#
94ef145e |
|
02-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and MK_KERBEROS_SUPPORT != no This fixes the odd case where someone specified MK_GSSAPI=no and MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense, but the build system doesn't prevent this case today, and it didn't when I filed the bug back in 2011 either). MFC after: 2 weeks PR: 159745 |
#
b2af61ec |
|
30-Aug-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Add refactored blacklist support to sshd Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file. Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init(). Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file. Reviewed by: des Approved by: des MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D7051 |
#
faebc97a |
|
24-Jun-2016 |
Glen Barber <gjb@FreeBSD.org> |
Revert r301551, which added blacklistd(8) to sshd(8). This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation |
#
c0cc3641 |
|
07-Jun-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Add blacklist support to sshd Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915 |
#
53835448 |
|
14-Mar-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH Sponsored by: The FreeBSD Foundation
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
59d43d11 |
|
20-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH Sponsored by: The FreeBSD Foundation
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
b626f5a7 |
|
04-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH r289384-r293170 Sponsored by: The FreeBSD Foundation
|
#
e42070a7 |
|
07-Dec-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Replace unneeded manual dependency on header by adding it to SRCS. bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division |
#
1765946b |
|
22-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Retire the NONE cipher option. |
#
f94594b3 |
|
11-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Finish merging from head, messed up in previous attempt
|
#
bfa800d3 |
|
04-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Remove remnant from USEPRIVATELIB removal Sponsored by: gandi.net |
#
0bd7d22e |
|
05-Mar-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Move ssh into a dedicated package Flag config files as "to be merged on upgrade" |
#
ff75e007 |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Reduce overlinking The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475 |
#
ee5a34ec |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Convert to LIBADD Reduce overlinking |
#
d029c3aa |
|
06-Aug-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Rework privatelib/internallib Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste |
#
c6063d0d |
|
05-May-2014 |
Warner Losh <imp@FreeBSD.org> |
Use src.opts.mk in preference to bsd.own.mk except where we need stuff from the latter. |
#
a9e285b0 |
|
26-Apr-2014 |
Konstantin Belousov <kib@FreeBSD.org> |
Fix order of libthr and libc in the global dso list for sshd, by explicitely linking main binary with -lpthread. Before, libthr appeared in the list due to dependency of one of the kerberos libs. Due to the change in ld(1) behaviour of not copying NEEDED entries from direct dependencies into the link results, the order becomes reversed. The libthr must appear before libc to properly interpose libc symbols and provide working rtld locks implementation. The symptom was sshd hanging on rtld bind lock during nested symbol binding from a signal handler. Approved by: des (openssh maintainer) Sponsored by: The FreeBSD Foundation MFC after: 1 week |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
0085282b |
|
23-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius) |
#
9cfa8b3f |
|
10-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket) |
#
0b2766bd |
|
08-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libldns and libssh private. Approved by: re (blanket) |
#
e6a64a84 |
|
16-Jan-2013 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days |
#
2774871b |
|
24-Mar-2012 |
Eitan Adler <eadler@FreeBSD.org> |
Restore the ability to use a non-standard LOCALBASE to sshd Add the ability to use a non-standard LOCALBASE to ssh Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136) |
#
57f8914d |
|
18-Mar-2012 |
Eitan Adler <eadler@FreeBSD.org> |
X11BASE is not used any more and has been killed by the x11 team. Reviewed by: ??? Approved by: ??? MFC after: 3 days |
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
38ea9102 |
|
25-Feb-2010 |
Ruslan Ermilov <ru@FreeBSD.org> |
(Almost) fixed static linkage. The remaining problem is with libgssapi.a and libgssapi_krb5.a libraries that define the same symbols. |
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
25d33e3d |
|
30-Nov-2008 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Enable getaudit_addr(2) for sshd again. This will un-break the subject BSM audit tokens for IPv6. |
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
33f12199 |
|
07-May-2008 |
Doug Rabson <dfr@FreeBSD.org> |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi. |
#
ac188d74 |
|
05-Mar-2008 |
Kris Kennaway <kris@FreeBSD.org> |
For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases. However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found. Instead, provide a copy of the default LOCALBASE?=/usr/local setting here. We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth. MFC after: 3 days Reported by: rwatson |
#
bb79c11d |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.4p1. MFC after: 1 week |
#
9fd9594d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a manual dependency on ssh_namespace.h. Discussed with: ru |
#
ed22e27d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks |
#
e1fe3dba |
|
17-Mar-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Reimplementation of world/kernel build options. For details, see: http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine) |
#
d57d58da |
|
12-Feb-2006 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into build conditionally. For users which do not care for audit support and do not want to compile it into their SSH servers, add the following to the /etc/make.conf: NO_AUDIT=true Discussed with: rwatson Obtained from: TrustedBSD Project |
#
c0b9f4fe |
|
29-Dec-2005 |
Doug Rabson <dfr@FreeBSD.org> |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts) |
#
40e0db94 |
|
07-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64. Requested by: ru |
#
32f80c77 |
|
06-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD. |
#
015bad35 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.1p1. |
#
f1f6253f |
|
21-Dec-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
NOLIBC_R -> NO_LIBC_R NOLIBPTHREAD -> NO_LIBPTHREAD NOLIBTHR -> NO_LIBTHR |
#
5ba618aa |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 3.9p1. |
#
40dd33e8 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.8p1, including workaround for a bug in gss-genr.c. |
#
9ee9ecea |
|
07-Feb-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Use the default threading library if requested. Reviewed by: des, deischen |
#
526f81a8 |
|
02-Feb-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Removed libmd from the Kerberos library set. - Removed libopie and libmd; libopie used to serve auth-skey.c which is compiled now only to ease maintenance, as well as a few other auth-*.c sources. Reviewed by: des |
#
e1542a40 |
|
08-Jan-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed static linkage. Reviewed by: des |
#
9f80be8e |
|
08-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Enable GSSAPI support. [1] Also remove some duplicates from ssh's SRCS. Submitted by: [1] Björn Grönvall <bg@sics.se> |
#
a04e3d6c |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.7.1p2. |
#
55c90a95 |
|
02-Jul-2003 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed "make checkdpadd". OK'ed by: markm |
#
dbf104e6 |
|
05-May-2003 |
Mark Murray <markm@FreeBSD.org> |
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked. |
#
59199aeb |
|
30-Apr-2003 |
Mark Murray <markm@FreeBSD.org> |
We no longer have a separate kerberos distribution. Its now just part of the regular security dist. |
#
d8b043c8 |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.6.1p1; also remove Kerberos IV shims. |
#
2f34cbe5 |
|
09-Jan-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
ia64 and sparc64 both have libc_r now. |
#
11025839 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need. Use pthreads for PAM if the platform supports it and the user asked for it (by setting OPENSSH_USE_POSIX_THREADS) Sponsored by: DARPA, NAI Labs |
#
f0b56c5c |
|
25-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
No guts, no glory. Switch to OpenSSH-portable. Sponsored by: DARPA, NAI Labs |
#
8d024c66 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Install the new man pages. |
#
fd9fc3f0 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.3. |
#
6bde859f |
|
26-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Milestone #1 in cross-arch make releases. Do not install games and profiled libraries to the ${CHROOTDIR} with the initial installworld. Eliminate the need in the second installworld. For that, make sure _everything_ is built in the "world" environment, using the right tool chain. Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the buildworld process into stages, and skip some stages when SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5 dists). Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running makewhatis(1) at the end of installworld (used when making crypto, krb4, and krb5 dists). In release/scripts/doFS.sh, ensure that the correct boot blocks are used. Moved the creation of the "crypto" dist from release.5 to release.2. In release.3 and doMFSKERN, build kernels in the "world" environment. KERNELS now means "additional" kernels, GENERIC is always built. Ensure we build crunched binaries in the "world" environment. Obfuscate release/Makefile some more (WMAKEENV) to achieve this. Inline createBOOTMFS target. Use already built GENERIC kernel modules to augment mfsfd's /stand/modules. GC doMODULES as such. Assorted fixes: Get rid of the "afterdistribute" target by moving the single use of it from sys/Makefile to etc/Makefile's "distribute". Makefile.inc1: apparently "etc" no longer needs to be last for "distribute" to succeed. gnu/usr.bin/perl/library/Makefile.inc: do not override the "install" and "distribute" targets, do it the "canonical" way. release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and catpages appear in the right dists. Note that because Perl does not respect the MANBUILDCAT (and NOMAN), this results in a loss of /usr/share/perl/man/cat* empty directories. This will be fixed soon. Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it means "make KerberosIV"), as documented in the make.conf(5) manpage. Most of the userland makefiles did not test it for "YES" anyway. XXX Should specialized kerberized libpam versions be included into the krb4 and krb5 dists? (libpam.a would be incorrect anyway if both krb4 and krb5 dists were choosen.) Make sure "games" dist is made before "catpages", otherwise games catpages settle in the wrong dist. Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com> |
#
2735cfee |
|
25-Mar-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.) Reviewed by: bde |
#
da4dc1ee |
|
20-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Use PAM instead of S/Key (or OPIE) for SSH2. Sponsored by: DARPA, NAI Labs |
#
3876d839 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't forget auth-skey.c. |
#
0509dca0 |
|
23-Jan-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm |
#
049015c2 |
|
29-Aug-2001 |
Bruce Evans <bde@FreeBSD.org> |
Fixed world breakage in rev.1.13. -lpam must never be used directly since it doesn't work for static linkage. |
#
e7edf5a1 |
|
11-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Enable Kerberos 5 support in sshd again. |
#
d70e08c6 |
|
04-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.9. Somehow this missed getting committed yesterday. |
#
9513e1a8 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Don't build with Kerberos 5 support for now. I'll fix this soon, but I don't want to break Kerberos 5 users' worlds too much in the meantime. |
#
b8cba406 |
|
26-Mar-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
secure/ build fixes: - TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there. - SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing. - libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa. - Removed BINOWN, BINMODE, BINDIR and SRCS with default values. Reviewed by: markm - MAN[1-9] -> MAN. |
#
18ae4e64 |
|
08-Feb-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Define HAVE_PAM_GETENVLIST for build. Now environmental variables set by PAM modules will be exported (correctly). |
#
94193b58 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update for OpenSSH 2.3.0. |
#
2f538dad |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for OpenSSH 2.2.0 |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
957dc12d |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Link explicitly against -lmd. I'm not sure what was pulling this in on -current, but it doesnt do it on -stable. |
#
4fc93544 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for OpenSSH 2.1 |
#
1ef4beca |
|
26-Mar-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for latest OpenSSH |
#
283073b4 |
|
09-Mar-2000 |
Mark Murray <markm@FreeBSD.org> |
Make LOGIN_CAP work properly. Submitted by: ache |
#
aa77fdaa |
|
03-Mar-2000 |
John Hay <jhay@FreeBSD.org> |
MFI: Make ssh and sshd link in the krb5 part of make release. Reviewed by: markm |
#
e1eaf14c |
|
28-Feb-2000 |
Mark Murray <markm@FreeBSD.org> |
New distribution names. |
#
8df7a1fa |
|
25-Feb-2000 |
Peter Wemm <peter@FreeBSD.org> |
Don't pull in libRSAglue for the rsaref case. Since this is linked dynamically by default, we use the dlopen() calls to load librsaref.so on US code trees. |
#
c23e256e |
|
24-Feb-2000 |
Mark Murray <markm@FreeBSD.org> |
Add the OpenSSH userland-building Makefiles. |
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
9d63429f |
|
02-Nov-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: move common Makefile boilerplate to a new ssh.mk This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808 |
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
b749a1b9 |
|
16-Aug-2018 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix build after r337852: Don't rebuild moduli based on unrelated moduli.c Reported by: many, delphij (moduli.c issue) |
#
f0a51d9d |
|
15-Aug-2018 |
Brad Davis <brd@FreeBSD.org> |
Move ssh config file handling into the ssh Makefiles. This helps with pkgbase by using CONFS and tagging these as config files. Approved by: allanjude (mentor), des Differential Revision: https://reviews.freebsd.org/D16678 |
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
233932cc |
|
07-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Conditionalize building libwrap support into sshd Only build libwrap support into sshd if MK_TCP_WRAPPERS != no This will unbreak the build if libwrap has been removed from the system MFC after: 2 weeks PR: 210141 Submitted by: kpect@protonmail.com Differential Revision: D9049 |
#
94ef145e |
|
02-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and MK_KERBEROS_SUPPORT != no This fixes the odd case where someone specified MK_GSSAPI=no and MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense, but the build system doesn't prevent this case today, and it didn't when I filed the bug back in 2011 either). MFC after: 2 weeks PR: 159745 |
#
b2af61ec |
|
30-Aug-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Add refactored blacklist support to sshd Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file. Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init(). Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file. Reviewed by: des Approved by: des MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D7051 |
#
faebc97a |
|
24-Jun-2016 |
Glen Barber <gjb@FreeBSD.org> |
Revert r301551, which added blacklistd(8) to sshd(8). This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation |
#
c0cc3641 |
|
07-Jun-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Add blacklist support to sshd Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915 |
#
53835448 |
|
14-Mar-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH Sponsored by: The FreeBSD Foundation
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
59d43d11 |
|
20-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH Sponsored by: The FreeBSD Foundation
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
b626f5a7 |
|
04-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH r289384-r293170 Sponsored by: The FreeBSD Foundation
|
#
e42070a7 |
|
07-Dec-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Replace unneeded manual dependency on header by adding it to SRCS. bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division |
#
1765946b |
|
22-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Retire the NONE cipher option. |
#
f94594b3 |
|
11-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Finish merging from head, messed up in previous attempt
|
#
bfa800d3 |
|
04-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Remove remnant from USEPRIVATELIB removal Sponsored by: gandi.net |
#
0bd7d22e |
|
05-Mar-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Move ssh into a dedicated package Flag config files as "to be merged on upgrade" |
#
ff75e007 |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Reduce overlinking The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475 |
#
ee5a34ec |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Convert to LIBADD Reduce overlinking |
#
d029c3aa |
|
06-Aug-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Rework privatelib/internallib Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste |
#
c6063d0d |
|
05-May-2014 |
Warner Losh <imp@FreeBSD.org> |
Use src.opts.mk in preference to bsd.own.mk except where we need stuff from the latter. |
#
a9e285b0 |
|
26-Apr-2014 |
Konstantin Belousov <kib@FreeBSD.org> |
Fix order of libthr and libc in the global dso list for sshd, by explicitely linking main binary with -lpthread. Before, libthr appeared in the list due to dependency of one of the kerberos libs. Due to the change in ld(1) behaviour of not copying NEEDED entries from direct dependencies into the link results, the order becomes reversed. The libthr must appear before libc to properly interpose libc symbols and provide working rtld locks implementation. The symptom was sshd hanging on rtld bind lock during nested symbol binding from a signal handler. Approved by: des (openssh maintainer) Sponsored by: The FreeBSD Foundation MFC after: 1 week |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
0085282b |
|
23-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius) |
#
9cfa8b3f |
|
10-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket) |
#
0b2766bd |
|
08-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libldns and libssh private. Approved by: re (blanket) |
#
e6a64a84 |
|
16-Jan-2013 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days |
#
2774871b |
|
24-Mar-2012 |
Eitan Adler <eadler@FreeBSD.org> |
Restore the ability to use a non-standard LOCALBASE to sshd Add the ability to use a non-standard LOCALBASE to ssh Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136) |
#
57f8914d |
|
18-Mar-2012 |
Eitan Adler <eadler@FreeBSD.org> |
X11BASE is not used any more and has been killed by the x11 team. Reviewed by: ??? Approved by: ??? MFC after: 3 days |
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
38ea9102 |
|
25-Feb-2010 |
Ruslan Ermilov <ru@FreeBSD.org> |
(Almost) fixed static linkage. The remaining problem is with libgssapi.a and libgssapi_krb5.a libraries that define the same symbols. |
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
25d33e3d |
|
30-Nov-2008 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Enable getaudit_addr(2) for sshd again. This will un-break the subject BSM audit tokens for IPv6. |
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
33f12199 |
|
07-May-2008 |
Doug Rabson <dfr@FreeBSD.org> |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi. |
#
ac188d74 |
|
05-Mar-2008 |
Kris Kennaway <kris@FreeBSD.org> |
For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases. However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found. Instead, provide a copy of the default LOCALBASE?=/usr/local setting here. We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth. MFC after: 3 days Reported by: rwatson |
#
bb79c11d |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.4p1. MFC after: 1 week |
#
9fd9594d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a manual dependency on ssh_namespace.h. Discussed with: ru |
#
ed22e27d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks |
#
e1fe3dba |
|
17-Mar-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Reimplementation of world/kernel build options. For details, see: http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine) |
#
d57d58da |
|
12-Feb-2006 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into build conditionally. For users which do not care for audit support and do not want to compile it into their SSH servers, add the following to the /etc/make.conf: NO_AUDIT=true Discussed with: rwatson Obtained from: TrustedBSD Project |
#
c0b9f4fe |
|
29-Dec-2005 |
Doug Rabson <dfr@FreeBSD.org> |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts) |
#
40e0db94 |
|
07-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64. Requested by: ru |
#
32f80c77 |
|
06-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD. |
#
015bad35 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.1p1. |
#
f1f6253f |
|
21-Dec-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
NOLIBC_R -> NO_LIBC_R NOLIBPTHREAD -> NO_LIBPTHREAD NOLIBTHR -> NO_LIBTHR |
#
5ba618aa |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 3.9p1. |
#
40dd33e8 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.8p1, including workaround for a bug in gss-genr.c. |
#
9ee9ecea |
|
07-Feb-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Use the default threading library if requested. Reviewed by: des, deischen |
#
526f81a8 |
|
02-Feb-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Removed libmd from the Kerberos library set. - Removed libopie and libmd; libopie used to serve auth-skey.c which is compiled now only to ease maintenance, as well as a few other auth-*.c sources. Reviewed by: des |
#
e1542a40 |
|
08-Jan-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed static linkage. Reviewed by: des |
#
9f80be8e |
|
08-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Enable GSSAPI support. [1] Also remove some duplicates from ssh's SRCS. Submitted by: [1] Björn Grönvall <bg@sics.se> |
#
a04e3d6c |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.7.1p2. |
#
55c90a95 |
|
02-Jul-2003 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed "make checkdpadd". OK'ed by: markm |
#
dbf104e6 |
|
05-May-2003 |
Mark Murray <markm@FreeBSD.org> |
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked. |
#
59199aeb |
|
30-Apr-2003 |
Mark Murray <markm@FreeBSD.org> |
We no longer have a separate kerberos distribution. Its now just part of the regular security dist. |
#
d8b043c8 |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.6.1p1; also remove Kerberos IV shims. |
#
2f34cbe5 |
|
09-Jan-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
ia64 and sparc64 both have libc_r now. |
#
11025839 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need. Use pthreads for PAM if the platform supports it and the user asked for it (by setting OPENSSH_USE_POSIX_THREADS) Sponsored by: DARPA, NAI Labs |
#
f0b56c5c |
|
25-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
No guts, no glory. Switch to OpenSSH-portable. Sponsored by: DARPA, NAI Labs |
#
8d024c66 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Install the new man pages. |
#
fd9fc3f0 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.3. |
#
6bde859f |
|
26-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Milestone #1 in cross-arch make releases. Do not install games and profiled libraries to the ${CHROOTDIR} with the initial installworld. Eliminate the need in the second installworld. For that, make sure _everything_ is built in the "world" environment, using the right tool chain. Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the buildworld process into stages, and skip some stages when SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5 dists). Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running makewhatis(1) at the end of installworld (used when making crypto, krb4, and krb5 dists). In release/scripts/doFS.sh, ensure that the correct boot blocks are used. Moved the creation of the "crypto" dist from release.5 to release.2. In release.3 and doMFSKERN, build kernels in the "world" environment. KERNELS now means "additional" kernels, GENERIC is always built. Ensure we build crunched binaries in the "world" environment. Obfuscate release/Makefile some more (WMAKEENV) to achieve this. Inline createBOOTMFS target. Use already built GENERIC kernel modules to augment mfsfd's /stand/modules. GC doMODULES as such. Assorted fixes: Get rid of the "afterdistribute" target by moving the single use of it from sys/Makefile to etc/Makefile's "distribute". Makefile.inc1: apparently "etc" no longer needs to be last for "distribute" to succeed. gnu/usr.bin/perl/library/Makefile.inc: do not override the "install" and "distribute" targets, do it the "canonical" way. release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and catpages appear in the right dists. Note that because Perl does not respect the MANBUILDCAT (and NOMAN), this results in a loss of /usr/share/perl/man/cat* empty directories. This will be fixed soon. Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it means "make KerberosIV"), as documented in the make.conf(5) manpage. Most of the userland makefiles did not test it for "YES" anyway. XXX Should specialized kerberized libpam versions be included into the krb4 and krb5 dists? (libpam.a would be incorrect anyway if both krb4 and krb5 dists were choosen.) Make sure "games" dist is made before "catpages", otherwise games catpages settle in the wrong dist. Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com> |
#
2735cfee |
|
25-Mar-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.) Reviewed by: bde |
#
da4dc1ee |
|
20-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Use PAM instead of S/Key (or OPIE) for SSH2. Sponsored by: DARPA, NAI Labs |
#
3876d839 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't forget auth-skey.c. |
#
0509dca0 |
|
23-Jan-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm |
#
049015c2 |
|
29-Aug-2001 |
Bruce Evans <bde@FreeBSD.org> |
Fixed world breakage in rev.1.13. -lpam must never be used directly since it doesn't work for static linkage. |
#
e7edf5a1 |
|
11-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Enable Kerberos 5 support in sshd again. |
#
d70e08c6 |
|
04-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.9. Somehow this missed getting committed yesterday. |
#
9513e1a8 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Don't build with Kerberos 5 support for now. I'll fix this soon, but I don't want to break Kerberos 5 users' worlds too much in the meantime. |
#
b8cba406 |
|
26-Mar-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
secure/ build fixes: - TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there. - SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing. - libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa. - Removed BINOWN, BINMODE, BINDIR and SRCS with default values. Reviewed by: markm - MAN[1-9] -> MAN. |
#
18ae4e64 |
|
08-Feb-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Define HAVE_PAM_GETENVLIST for build. Now environmental variables set by PAM modules will be exported (correctly). |
#
94193b58 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update for OpenSSH 2.3.0. |
#
2f538dad |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for OpenSSH 2.2.0 |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
957dc12d |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Link explicitly against -lmd. I'm not sure what was pulling this in on -current, but it doesnt do it on -stable. |
#
4fc93544 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for OpenSSH 2.1 |
#
1ef4beca |
|
26-Mar-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for latest OpenSSH |
#
283073b4 |
|
09-Mar-2000 |
Mark Murray <markm@FreeBSD.org> |
Make LOGIN_CAP work properly. Submitted by: ache |
#
aa77fdaa |
|
03-Mar-2000 |
John Hay <jhay@FreeBSD.org> |
MFI: Make ssh and sshd link in the krb5 part of make release. Reviewed by: markm |
#
e1eaf14c |
|
28-Feb-2000 |
Mark Murray <markm@FreeBSD.org> |
New distribution names. |
#
8df7a1fa |
|
25-Feb-2000 |
Peter Wemm <peter@FreeBSD.org> |
Don't pull in libRSAglue for the rsaref case. Since this is linked dynamically by default, we use the dlopen() calls to load librsaref.so on US code trees. |
#
c23e256e |
|
24-Feb-2000 |
Mark Murray <markm@FreeBSD.org> |
Add the OpenSSH userland-building Makefiles. |
#
9d63429f |
|
02-Nov-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: move common Makefile boilerplate to a new ssh.mk This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
b749a1b9 |
|
16-Aug-2018 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix build after r337852: Don't rebuild moduli based on unrelated moduli.c Reported by: many, delphij (moduli.c issue) |
#
f0a51d9d |
|
15-Aug-2018 |
Brad Davis <brd@FreeBSD.org> |
Move ssh config file handling into the ssh Makefiles. This helps with pkgbase by using CONFS and tagging these as config files. Approved by: allanjude (mentor), des Differential Revision: https://reviews.freebsd.org/D16678 |
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
233932cc |
|
07-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Conditionalize building libwrap support into sshd Only build libwrap support into sshd if MK_TCP_WRAPPERS != no This will unbreak the build if libwrap has been removed from the system MFC after: 2 weeks PR: 210141 Submitted by: kpect@protonmail.com Differential Revision: D9049 |
#
94ef145e |
|
02-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and MK_KERBEROS_SUPPORT != no This fixes the odd case where someone specified MK_GSSAPI=no and MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense, but the build system doesn't prevent this case today, and it didn't when I filed the bug back in 2011 either). MFC after: 2 weeks PR: 159745 |
#
b2af61ec |
|
30-Aug-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Add refactored blacklist support to sshd Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file. Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init(). Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file. Reviewed by: des Approved by: des MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D7051 |
#
faebc97a |
|
24-Jun-2016 |
Glen Barber <gjb@FreeBSD.org> |
Revert r301551, which added blacklistd(8) to sshd(8). This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation |
#
c0cc3641 |
|
07-Jun-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Add blacklist support to sshd Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915 |
#
53835448 |
|
14-Mar-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH Sponsored by: The FreeBSD Foundation
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
59d43d11 |
|
20-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH Sponsored by: The FreeBSD Foundation
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
b626f5a7 |
|
04-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH r289384-r293170 Sponsored by: The FreeBSD Foundation
|
#
e42070a7 |
|
07-Dec-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Replace unneeded manual dependency on header by adding it to SRCS. bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division |
#
1765946b |
|
22-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Retire the NONE cipher option. |
#
f94594b3 |
|
11-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Finish merging from head, messed up in previous attempt
|
#
bfa800d3 |
|
04-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Remove remnant from USEPRIVATELIB removal Sponsored by: gandi.net |
#
0bd7d22e |
|
05-Mar-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Move ssh into a dedicated package Flag config files as "to be merged on upgrade" |
#
ff75e007 |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Reduce overlinking The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475 |
#
ee5a34ec |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Convert to LIBADD Reduce overlinking |
#
d029c3aa |
|
06-Aug-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Rework privatelib/internallib Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste |
#
c6063d0d |
|
05-May-2014 |
Warner Losh <imp@FreeBSD.org> |
Use src.opts.mk in preference to bsd.own.mk except where we need stuff from the latter. |
#
a9e285b0 |
|
26-Apr-2014 |
Konstantin Belousov <kib@FreeBSD.org> |
Fix order of libthr and libc in the global dso list for sshd, by explicitely linking main binary with -lpthread. Before, libthr appeared in the list due to dependency of one of the kerberos libs. Due to the change in ld(1) behaviour of not copying NEEDED entries from direct dependencies into the link results, the order becomes reversed. The libthr must appear before libc to properly interpose libc symbols and provide working rtld locks implementation. The symptom was sshd hanging on rtld bind lock during nested symbol binding from a signal handler. Approved by: des (openssh maintainer) Sponsored by: The FreeBSD Foundation MFC after: 1 week |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
0085282b |
|
23-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius) |
#
9cfa8b3f |
|
10-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket) |
#
0b2766bd |
|
08-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libldns and libssh private. Approved by: re (blanket) |
#
e6a64a84 |
|
16-Jan-2013 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days |
#
2774871b |
|
24-Mar-2012 |
Eitan Adler <eadler@FreeBSD.org> |
Restore the ability to use a non-standard LOCALBASE to sshd Add the ability to use a non-standard LOCALBASE to ssh Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136) |
#
57f8914d |
|
18-Mar-2012 |
Eitan Adler <eadler@FreeBSD.org> |
X11BASE is not used any more and has been killed by the x11 team. Reviewed by: ??? Approved by: ??? MFC after: 3 days |
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
38ea9102 |
|
25-Feb-2010 |
Ruslan Ermilov <ru@FreeBSD.org> |
(Almost) fixed static linkage. The remaining problem is with libgssapi.a and libgssapi_krb5.a libraries that define the same symbols. |
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
25d33e3d |
|
30-Nov-2008 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Enable getaudit_addr(2) for sshd again. This will un-break the subject BSM audit tokens for IPv6. |
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
33f12199 |
|
07-May-2008 |
Doug Rabson <dfr@FreeBSD.org> |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi. |
#
ac188d74 |
|
05-Mar-2008 |
Kris Kennaway <kris@FreeBSD.org> |
For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases. However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found. Instead, provide a copy of the default LOCALBASE?=/usr/local setting here. We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth. MFC after: 3 days Reported by: rwatson |
#
bb79c11d |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.4p1. MFC after: 1 week |
#
9fd9594d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a manual dependency on ssh_namespace.h. Discussed with: ru |
#
ed22e27d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks |
#
e1fe3dba |
|
17-Mar-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Reimplementation of world/kernel build options. For details, see: http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine) |
#
d57d58da |
|
12-Feb-2006 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into build conditionally. For users which do not care for audit support and do not want to compile it into their SSH servers, add the following to the /etc/make.conf: NO_AUDIT=true Discussed with: rwatson Obtained from: TrustedBSD Project |
#
c0b9f4fe |
|
29-Dec-2005 |
Doug Rabson <dfr@FreeBSD.org> |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts) |
#
40e0db94 |
|
07-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64. Requested by: ru |
#
32f80c77 |
|
06-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD. |
#
015bad35 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.1p1. |
#
f1f6253f |
|
21-Dec-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
NOLIBC_R -> NO_LIBC_R NOLIBPTHREAD -> NO_LIBPTHREAD NOLIBTHR -> NO_LIBTHR |
#
5ba618aa |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 3.9p1. |
#
40dd33e8 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.8p1, including workaround for a bug in gss-genr.c. |
#
9ee9ecea |
|
07-Feb-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Use the default threading library if requested. Reviewed by: des, deischen |
#
526f81a8 |
|
02-Feb-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Removed libmd from the Kerberos library set. - Removed libopie and libmd; libopie used to serve auth-skey.c which is compiled now only to ease maintenance, as well as a few other auth-*.c sources. Reviewed by: des |
#
e1542a40 |
|
08-Jan-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed static linkage. Reviewed by: des |
#
9f80be8e |
|
08-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Enable GSSAPI support. [1] Also remove some duplicates from ssh's SRCS. Submitted by: [1] Björn Grönvall <bg@sics.se> |
#
a04e3d6c |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.7.1p2. |
#
55c90a95 |
|
02-Jul-2003 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed "make checkdpadd". OK'ed by: markm |
#
dbf104e6 |
|
05-May-2003 |
Mark Murray <markm@FreeBSD.org> |
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked. |
#
59199aeb |
|
30-Apr-2003 |
Mark Murray <markm@FreeBSD.org> |
We no longer have a separate kerberos distribution. Its now just part of the regular security dist. |
#
d8b043c8 |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.6.1p1; also remove Kerberos IV shims. |
#
2f34cbe5 |
|
09-Jan-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
ia64 and sparc64 both have libc_r now. |
#
11025839 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need. Use pthreads for PAM if the platform supports it and the user asked for it (by setting OPENSSH_USE_POSIX_THREADS) Sponsored by: DARPA, NAI Labs |
#
f0b56c5c |
|
25-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
No guts, no glory. Switch to OpenSSH-portable. Sponsored by: DARPA, NAI Labs |
#
8d024c66 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Install the new man pages. |
#
fd9fc3f0 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.3. |
#
6bde859f |
|
26-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Milestone #1 in cross-arch make releases. Do not install games and profiled libraries to the ${CHROOTDIR} with the initial installworld. Eliminate the need in the second installworld. For that, make sure _everything_ is built in the "world" environment, using the right tool chain. Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the buildworld process into stages, and skip some stages when SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5 dists). Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running makewhatis(1) at the end of installworld (used when making crypto, krb4, and krb5 dists). In release/scripts/doFS.sh, ensure that the correct boot blocks are used. Moved the creation of the "crypto" dist from release.5 to release.2. In release.3 and doMFSKERN, build kernels in the "world" environment. KERNELS now means "additional" kernels, GENERIC is always built. Ensure we build crunched binaries in the "world" environment. Obfuscate release/Makefile some more (WMAKEENV) to achieve this. Inline createBOOTMFS target. Use already built GENERIC kernel modules to augment mfsfd's /stand/modules. GC doMODULES as such. Assorted fixes: Get rid of the "afterdistribute" target by moving the single use of it from sys/Makefile to etc/Makefile's "distribute". Makefile.inc1: apparently "etc" no longer needs to be last for "distribute" to succeed. gnu/usr.bin/perl/library/Makefile.inc: do not override the "install" and "distribute" targets, do it the "canonical" way. release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and catpages appear in the right dists. Note that because Perl does not respect the MANBUILDCAT (and NOMAN), this results in a loss of /usr/share/perl/man/cat* empty directories. This will be fixed soon. Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it means "make KerberosIV"), as documented in the make.conf(5) manpage. Most of the userland makefiles did not test it for "YES" anyway. XXX Should specialized kerberized libpam versions be included into the krb4 and krb5 dists? (libpam.a would be incorrect anyway if both krb4 and krb5 dists were choosen.) Make sure "games" dist is made before "catpages", otherwise games catpages settle in the wrong dist. Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com> |
#
2735cfee |
|
25-Mar-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.) Reviewed by: bde |
#
da4dc1ee |
|
20-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Use PAM instead of S/Key (or OPIE) for SSH2. Sponsored by: DARPA, NAI Labs |
#
3876d839 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't forget auth-skey.c. |
#
0509dca0 |
|
23-Jan-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm |
#
049015c2 |
|
29-Aug-2001 |
Bruce Evans <bde@FreeBSD.org> |
Fixed world breakage in rev.1.13. -lpam must never be used directly since it doesn't work for static linkage. |
#
e7edf5a1 |
|
11-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Enable Kerberos 5 support in sshd again. |
#
d70e08c6 |
|
04-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.9. Somehow this missed getting committed yesterday. |
#
9513e1a8 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Don't build with Kerberos 5 support for now. I'll fix this soon, but I don't want to break Kerberos 5 users' worlds too much in the meantime. |
#
b8cba406 |
|
26-Mar-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
secure/ build fixes: - TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there. - SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing. - libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa. - Removed BINOWN, BINMODE, BINDIR and SRCS with default values. Reviewed by: markm - MAN[1-9] -> MAN. |
#
18ae4e64 |
|
08-Feb-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Define HAVE_PAM_GETENVLIST for build. Now environmental variables set by PAM modules will be exported (correctly). |
#
94193b58 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update for OpenSSH 2.3.0. |
#
2f538dad |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for OpenSSH 2.2.0 |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
957dc12d |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Link explicitly against -lmd. I'm not sure what was pulling this in on -current, but it doesnt do it on -stable. |
#
4fc93544 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for OpenSSH 2.1 |
#
1ef4beca |
|
26-Mar-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for latest OpenSSH |
#
283073b4 |
|
09-Mar-2000 |
Mark Murray <markm@FreeBSD.org> |
Make LOGIN_CAP work properly. Submitted by: ache |
#
aa77fdaa |
|
03-Mar-2000 |
John Hay <jhay@FreeBSD.org> |
MFI: Make ssh and sshd link in the krb5 part of make release. Reviewed by: markm |
#
e1eaf14c |
|
28-Feb-2000 |
Mark Murray <markm@FreeBSD.org> |
New distribution names. |
#
8df7a1fa |
|
25-Feb-2000 |
Peter Wemm <peter@FreeBSD.org> |
Don't pull in libRSAglue for the rsaref case. Since this is linked dynamically by default, we use the dlopen() calls to load librsaref.so on US code trees. |
#
c23e256e |
|
24-Feb-2000 |
Mark Murray <markm@FreeBSD.org> |
Add the OpenSSH userland-building Makefiles. |
#
b749a1b9 |
|
16-Aug-2018 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix build after r337852: Don't rebuild moduli based on unrelated moduli.c Reported by: many, delphij (moduli.c issue)
|
#
f0a51d9d |
|
15-Aug-2018 |
Brad Davis <brd@FreeBSD.org> |
Move ssh config file handling into the ssh Makefiles. This helps with pkgbase by using CONFS and tagging these as config files. Approved by: allanjude (mentor), des Differential Revision: https://reviews.freebsd.org/D16678
|
#
233932cc |
|
07-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Conditionalize building libwrap support into sshd Only build libwrap support into sshd if MK_TCP_WRAPPERS != no This will unbreak the build if libwrap has been removed from the system MFC after: 2 weeks PR: 210141 Submitted by: kpect@protonmail.com Differential Revision: D9049
|
#
94ef145e |
|
02-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and MK_KERBEROS_SUPPORT != no This fixes the odd case where someone specified MK_GSSAPI=no and MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense, but the build system doesn't prevent this case today, and it didn't when I filed the bug back in 2011 either). MFC after: 2 weeks PR: 159745
|
#
b2af61ec |
|
30-Aug-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Add refactored blacklist support to sshd Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file. Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init(). Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file. Reviewed by: des Approved by: des MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D7051
|
#
faebc97a |
|
24-Jun-2016 |
Glen Barber <gjb@FreeBSD.org> |
Revert r301551, which added blacklistd(8) to sshd(8). This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation
|
#
c0cc3641 |
|
07-Jun-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Add blacklist support to sshd Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915
|
#
e42070a7 |
|
07-Dec-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Replace unneeded manual dependency on header by adding it to SRCS. bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
|
#
1765946b |
|
22-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Retire the NONE cipher option.
|
#
bfa800d3 |
|
04-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Remove remnant from USEPRIVATELIB removal Sponsored by: gandi.net
|
#
0bd7d22e |
|
05-Mar-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Move ssh into a dedicated package Flag config files as "to be merged on upgrade"
|
#
ff75e007 |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Reduce overlinking The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475
|
#
ee5a34ec |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Convert to LIBADD Reduce overlinking
|
#
d029c3aa |
|
06-Aug-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Rework privatelib/internallib Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste
|
#
c6063d0d |
|
05-May-2014 |
Warner Losh <imp@FreeBSD.org> |
Use src.opts.mk in preference to bsd.own.mk except where we need stuff from the latter.
|
#
a9e285b0 |
|
26-Apr-2014 |
Konstantin Belousov <kib@FreeBSD.org> |
Fix order of libthr and libc in the global dso list for sshd, by explicitely linking main binary with -lpthread. Before, libthr appeared in the list due to dependency of one of the kerberos libs. Due to the change in ld(1) behaviour of not copying NEEDED entries from direct dependencies into the link results, the order becomes reversed. The libthr must appear before libc to properly interpose libc symbols and provide working rtld locks implementation. The symptom was sshd hanging on rtld bind lock during nested symbol binding from a signal handler. Approved by: des (openssh maintainer) Sponsored by: The FreeBSD Foundation MFC after: 1 week
|
#
0085282b |
|
23-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius)
|
#
9cfa8b3f |
|
10-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket)
|
#
0b2766bd |
|
08-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libldns and libssh private. Approved by: re (blanket)
|
#
e6a64a84 |
|
16-Jan-2013 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
|
#
2774871b |
|
24-Mar-2012 |
Eitan Adler <eadler@FreeBSD.org> |
Restore the ability to use a non-standard LOCALBASE to sshd Add the ability to use a non-standard LOCALBASE to ssh Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136)
|
#
57f8914d |
|
18-Mar-2012 |
Eitan Adler <eadler@FreeBSD.org> |
X11BASE is not used any more and has been killed by the x11 team. Reviewed by: ??? Approved by: ??? MFC after: 3 days
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
124981e1 |
|
21-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
MFH OpenSSH 5.4p1
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
38ea9102 |
|
25-Feb-2010 |
Ruslan Ermilov <ru@FreeBSD.org> |
(Almost) fixed static linkage. The remaining problem is with libgssapi.a and libgssapi_krb5.a libraries that define the same symbols.
|
#
25d33e3d |
|
30-Nov-2008 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Enable getaudit_addr(2) for sshd again. This will un-break the subject BSM audit tokens for IPv6.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
33f12199 |
|
07-May-2008 |
Doug Rabson <dfr@FreeBSD.org> |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi.
|
#
ac188d74 |
|
05-Mar-2008 |
Kris Kennaway <kris@FreeBSD.org> |
For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases. However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found. Instead, provide a copy of the default LOCALBASE?=/usr/local setting here. We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth. MFC after: 3 days Reported by: rwatson
|
#
bb79c11d |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.4p1. MFC after: 1 week
|
#
9fd9594d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a manual dependency on ssh_namespace.h. Discussed with: ru
|
#
ed22e27d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks
|
#
e1fe3dba |
|
17-Mar-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Reimplementation of world/kernel build options. For details, see: http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
#
d57d58da |
|
12-Feb-2006 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into build conditionally. For users which do not care for audit support and do not want to compile it into their SSH servers, add the following to the /etc/make.conf: NO_AUDIT=true Discussed with: rwatson Obtained from: TrustedBSD Project
|
#
c0b9f4fe |
|
29-Dec-2005 |
Doug Rabson <dfr@FreeBSD.org> |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
|
#
40e0db94 |
|
07-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64. Requested by: ru
|
#
32f80c77 |
|
06-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD.
|
#
015bad35 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.1p1.
|
#
f1f6253f |
|
21-Dec-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
NOLIBC_R -> NO_LIBC_R NOLIBPTHREAD -> NO_LIBPTHREAD NOLIBTHR -> NO_LIBTHR
|
#
5ba618aa |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 3.9p1.
|
#
40dd33e8 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.8p1, including workaround for a bug in gss-genr.c.
|
#
9ee9ecea |
|
07-Feb-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Use the default threading library if requested. Reviewed by: des, deischen
|
#
526f81a8 |
|
02-Feb-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Removed libmd from the Kerberos library set. - Removed libopie and libmd; libopie used to serve auth-skey.c which is compiled now only to ease maintenance, as well as a few other auth-*.c sources. Reviewed by: des
|
#
e1542a40 |
|
08-Jan-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed static linkage. Reviewed by: des
|
#
9f80be8e |
|
08-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Enable GSSAPI support. [1] Also remove some duplicates from ssh's SRCS. Submitted by: [1] Björn Grönvall <bg@sics.se>
|
#
a04e3d6c |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.7.1p2.
|
#
55c90a95 |
|
02-Jul-2003 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed "make checkdpadd". OK'ed by: markm
|
#
dbf104e6 |
|
05-May-2003 |
Mark Murray <markm@FreeBSD.org> |
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked.
|
#
59199aeb |
|
30-Apr-2003 |
Mark Murray <markm@FreeBSD.org> |
We no longer have a separate kerberos distribution. Its now just part of the regular security dist.
|
#
d8b043c8 |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.6.1p1; also remove Kerberos IV shims.
|
#
2f34cbe5 |
|
09-Jan-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
ia64 and sparc64 both have libc_r now.
|
#
11025839 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need. Use pthreads for PAM if the platform supports it and the user asked for it (by setting OPENSSH_USE_POSIX_THREADS) Sponsored by: DARPA, NAI Labs
|
#
f0b56c5c |
|
25-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
No guts, no glory. Switch to OpenSSH-portable. Sponsored by: DARPA, NAI Labs
|
#
8d024c66 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Install the new man pages.
|
#
fd9fc3f0 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.3.
|
#
6bde859f |
|
26-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Milestone #1 in cross-arch make releases. Do not install games and profiled libraries to the ${CHROOTDIR} with the initial installworld. Eliminate the need in the second installworld. For that, make sure _everything_ is built in the "world" environment, using the right tool chain. Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the buildworld process into stages, and skip some stages when SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5 dists). Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running makewhatis(1) at the end of installworld (used when making crypto, krb4, and krb5 dists). In release/scripts/doFS.sh, ensure that the correct boot blocks are used. Moved the creation of the "crypto" dist from release.5 to release.2. In release.3 and doMFSKERN, build kernels in the "world" environment. KERNELS now means "additional" kernels, GENERIC is always built. Ensure we build crunched binaries in the "world" environment. Obfuscate release/Makefile some more (WMAKEENV) to achieve this. Inline createBOOTMFS target. Use already built GENERIC kernel modules to augment mfsfd's /stand/modules. GC doMODULES as such. Assorted fixes: Get rid of the "afterdistribute" target by moving the single use of it from sys/Makefile to etc/Makefile's "distribute". Makefile.inc1: apparently "etc" no longer needs to be last for "distribute" to succeed. gnu/usr.bin/perl/library/Makefile.inc: do not override the "install" and "distribute" targets, do it the "canonical" way. release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and catpages appear in the right dists. Note that because Perl does not respect the MANBUILDCAT (and NOMAN), this results in a loss of /usr/share/perl/man/cat* empty directories. This will be fixed soon. Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it means "make KerberosIV"), as documented in the make.conf(5) manpage. Most of the userland makefiles did not test it for "YES" anyway. XXX Should specialized kerberized libpam versions be included into the krb4 and krb5 dists? (libpam.a would be incorrect anyway if both krb4 and krb5 dists were choosen.) Make sure "games" dist is made before "catpages", otherwise games catpages settle in the wrong dist. Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
|
#
2735cfee |
|
25-Mar-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.) Reviewed by: bde
|
#
da4dc1ee |
|
20-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Use PAM instead of S/Key (or OPIE) for SSH2. Sponsored by: DARPA, NAI Labs
|
#
3876d839 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't forget auth-skey.c.
|
#
0509dca0 |
|
23-Jan-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm
|
#
049015c2 |
|
29-Aug-2001 |
Bruce Evans <bde@FreeBSD.org> |
Fixed world breakage in rev.1.13. -lpam must never be used directly since it doesn't work for static linkage.
|
#
e7edf5a1 |
|
11-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Enable Kerberos 5 support in sshd again.
|
#
d70e08c6 |
|
04-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.9. Somehow this missed getting committed yesterday.
|
#
9513e1a8 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Don't build with Kerberos 5 support for now. I'll fix this soon, but I don't want to break Kerberos 5 users' worlds too much in the meantime.
|
#
b8cba406 |
|
26-Mar-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
secure/ build fixes: - TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there. - SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing. - libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa. - Removed BINOWN, BINMODE, BINDIR and SRCS with default values. Reviewed by: markm - MAN[1-9] -> MAN.
|
#
18ae4e64 |
|
08-Feb-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Define HAVE_PAM_GETENVLIST for build. Now environmental variables set by PAM modules will be exported (correctly).
|
#
94193b58 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update for OpenSSH 2.3.0.
|
#
2f538dad |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for OpenSSH 2.2.0
|
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature.
|
#
957dc12d |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Link explicitly against -lmd. I'm not sure what was pulling this in on -current, but it doesnt do it on -stable.
|
#
4fc93544 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for OpenSSH 2.1
|
#
1ef4beca |
|
26-Mar-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Update for latest OpenSSH
|
#
283073b4 |
|
09-Mar-2000 |
Mark Murray <markm@FreeBSD.org> |
Make LOGIN_CAP work properly. Submitted by: ache
|
#
aa77fdaa |
|
03-Mar-2000 |
John Hay <jhay@FreeBSD.org> |
MFI: Make ssh and sshd link in the krb5 part of make release. Reviewed by: markm
|
#
e1eaf14c |
|
28-Feb-2000 |
Mark Murray <markm@FreeBSD.org> |
New distribution names.
|
#
8df7a1fa |
|
25-Feb-2000 |
Peter Wemm <peter@FreeBSD.org> |
Don't pull in libRSAglue for the rsaref case. Since this is linked dynamically by default, we use the dlopen() calls to load librsaref.so on US code trees.
|
#
c23e256e |
|
24-Feb-2000 |
Mark Murray <markm@FreeBSD.org> |
Add the OpenSSH userland-building Makefiles.
|