272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
265313 |
04-May-2014 |
kib |
MFC r265003: Fix order of libthr and libc in the global dso list for sshd.
|
265037 |
28-Apr-2014 |
jmmv |
MFC r264741: Add placeholder Kyuafiles for various top-level hierarchies.
This is "make tinderbox" clean.
|
264377 |
12-Apr-2014 |
des |
MFH (r263712): upgrade openssh to 6.6p1 MFH (r264308): restore p level in debugging output
|
262566 |
27-Feb-2014 |
des |
MFH (r261320): upgrade openssh to 6.5p1 MFH (r261340): enable sandboxing by default
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
255829 |
23-Sep-2013 |
des |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise.
Approved by: re (marius)
|
255460 |
10-Sep-2013 |
des |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records.
Approved by: re (blanket)
|
255386 |
08-Sep-2013 |
des |
Make libldns and libssh private.
Approved by: re (blanket)
|
245527 |
17-Jan-2013 |
bz |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
|
233432 |
24-Mar-2012 |
eadler |
Restore the ability to use a non-standard LOCALBASE to sshd Add the ability to use a non-standard LOCALBASE to ssh
Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136)
|
233136 |
19-Mar-2012 |
eadler |
X11BASE is not used any more and has been killed by the x11 team.
Reviewed by: ??? Approved by: ??? MFC after: 3 days
|
226046 |
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
221420 |
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
204917 |
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
204355 |
26-Feb-2010 |
ru |
(Almost) fixed static linkage. The remaining problem is with libgssapi.a and libgssapi_krb5.a libraries that define the same symbols.
|
197679 |
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
192595 |
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
185476 |
30-Nov-2008 |
csjp |
Enable getaudit_addr(2) for sshd again. This will un-break the subject BSM audit tokens for IPv6.
|
181111 |
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
178828 |
07-May-2008 |
dfr |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi.
|
176844 |
05-Mar-2008 |
kris |
For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases.
However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found.
Instead, provide a copy of the default LOCALBASE?=/usr/local setting here.
We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth.
MFC after: 3 days Reported by: rwatson
|
162861 |
30-Sep-2006 |
des |
Update for OpenSSH 4.4p1.
MFC after: 1 week
|
158529 |
13-May-2006 |
des |
Add a manual dependency on ssh_namespace.h.
Discussed with: ru
|
158519 |
13-May-2006 |
des |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh)
Suggested by: lukem@netbsd.org MFC after: 6 weeks
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
155563 |
12-Feb-2006 |
csjp |
Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into build conditionally.
For users which do not care for audit support and do not want to compile it into their SSH servers, add the following to the /etc/make.conf:
NO_AUDIT=true
Discussed with: rwatson Obtained from: TrustedBSD Project
|
153838 |
29-Dec-2005 |
dfr |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
|
147098 |
07-Jun-2005 |
des |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64.
Requested by: ru
|
147056 |
06-Jun-2005 |
des |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD.
|
147007 |
05-Jun-2005 |
des |
Update for OpenSSH 4.1p1.
|
139104 |
21-Dec-2004 |
ru |
NOLIBC_R -> NO_LIBC_R NOLIBPTHREAD -> NO_LIBPTHREAD NOLIBTHR -> NO_LIBTHR
|
137018 |
28-Oct-2004 |
des |
Update for OpenSSH 3.9p1.
|
126282 |
26-Feb-2004 |
des |
Update for 3.8p1, including workaround for a bug in gss-genr.c.
|
125557 |
07-Feb-2004 |
ru |
Use the default threading library if requested.
Reviewed by: des, deischen
|
125346 |
02-Feb-2004 |
ru |
- Removed libmd from the Kerberos library set.
- Removed libopie and libmd; libopie used to serve auth-skey.c which is compiled now only to ease maintenance, as well as a few other auth-*.c sources.
Reviewed by: des
|
124249 |
08-Jan-2004 |
ru |
Fixed static linkage.
Reviewed by: des
|
124242 |
08-Jan-2004 |
des |
Enable GSSAPI support. [1] Also remove some duplicates from ssh's SRCS.
Submitted by: [1] Björn Grönvall <bg@sics.se>
|
124212 |
07-Jan-2004 |
des |
Update Makefiles for OpenSSH 3.7.1p2.
|
117181 |
02-Jul-2003 |
ru |
Fixed "make checkdpadd".
OK'ed by: markm
|
114709 |
05-May-2003 |
markm |
Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked.
|
114302 |
30-Apr-2003 |
markm |
We no longer have a separate kerberos distribution. Its now just part of the regular security dist.
|
114283 |
30-Apr-2003 |
ru |
The including makefile's directory is tried first for .include "...".
|
113915 |
23-Apr-2003 |
des |
Update for 3.6.1p1; also remove Kerberos IV shims.
|
108993 |
09-Jan-2003 |
des |
ia64 and sparc64 both have libc_r now.
|
107862 |
14-Dec-2002 |
des |
Don't build auth-pam.c and auth2-pam.c, auth2-pam-freebsd.c is all we need. Use pthreads for PAM if the platform supports it and the user asked for it (by setting OPENSSH_USE_POSIX_THREADS)
Sponsored by: DARPA, NAI Labs
|
98820 |
25-Jun-2002 |
des |
No guts, no glory. Switch to OpenSSH-portable.
Sponsored by: DARPA, NAI Labs
|
98707 |
23-Jun-2002 |
des |
Install the new man pages.
|
98685 |
23-Jun-2002 |
des |
Update Makefiles for OpenSSH 3.3.
|
95509 |
26-Apr-2002 |
ru |
Milestone #1 in cross-arch make releases.
Do not install games and profiled libraries to the ${CHROOTDIR} with the initial installworld.
Eliminate the need in the second installworld. For that, make sure _everything_ is built in the "world" environment, using the right tool chain.
Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the buildworld process into stages, and skip some stages when SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5 dists).
Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running makewhatis(1) at the end of installworld (used when making crypto, krb4, and krb5 dists).
In release/scripts/doFS.sh, ensure that the correct boot blocks are used.
Moved the creation of the "crypto" dist from release.5 to release.2.
In release.3 and doMFSKERN, build kernels in the "world" environment. KERNELS now means "additional" kernels, GENERIC is always built.
Ensure we build crunched binaries in the "world" environment. Obfuscate release/Makefile some more (WMAKEENV) to achieve this.
Inline createBOOTMFS target.
Use already built GENERIC kernel modules to augment mfsfd's /stand/modules. GC doMODULES as such.
Assorted fixes:
Get rid of the "afterdistribute" target by moving the single use of it from sys/Makefile to etc/Makefile's "distribute".
Makefile.inc1: apparently "etc" no longer needs to be last for "distribute" to succeed.
gnu/usr.bin/perl/library/Makefile.inc: do not override the "install" and "distribute" targets, do it the "canonical" way.
release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and catpages appear in the right dists. Note that because Perl does not respect the MANBUILDCAT (and NOMAN), this results in a loss of /usr/share/perl/man/cat* empty directories. This will be fixed soon.
Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it means "make KerberosIV"), as documented in the make.conf(5) manpage. Most of the userland makefiles did not test it for "YES" anyway.
XXX Should specialized kerberized libpam versions be included into the krb4 and krb5 dists? (libpam.a would be incorrect anyway if both krb4 and krb5 dists were choosen.)
Make sure "games" dist is made before "catpages", otherwise games catpages settle in the wrong dist.
Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
|
93221 |
26-Mar-2002 |
ru |
Switch over to using pam_login_access(8) module in sshd(8). (Fixes static compilation. Reduces diffs to OpenSSH.)
Reviewed by: bde
|
92876 |
21-Mar-2002 |
des |
Use PAM instead of S/Key (or OPIE) for SSH2.
Sponsored by: DARPA, NAI Labs
|
92595 |
18-Mar-2002 |
des |
Don't forget auth-skey.c.
|
89705 |
23-Jan-2002 |
ru |
Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh.
Reviewed by: des, markm Approved by: markm
|
82484 |
29-Aug-2001 |
bde |
Fixed world breakage in rev.1.13. -lpam must never be used directly since it doesn't work for static linkage.
|
78129 |
12-Jun-2001 |
green |
Enable Kerberos 5 support in sshd again.
|
76284 |
04-May-2001 |
green |
Update to OpenSSH 2.9. Somehow this missed getting committed yesterday.
|
76266 |
04-May-2001 |
green |
Don't build with Kerberos 5 support for now. I'll fix this soon, but I don't want to break Kerberos 5 users' worlds too much in the meantime.
|
74818 |
26-Mar-2001 |
ru |
secure/ build fixes:
- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.
- SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing.
- libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa.
- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.
Reviewed by: markm
- MAN[1-9] -> MAN.
|
72184 |
08-Feb-2001 |
nectar |
Define HAVE_PAM_GETENVLIST for build. Now environmental variables set by PAM modules will be exported (correctly).
|
69593 |
05-Dec-2000 |
green |
Update for OpenSSH 2.3.0.
|
67502 |
24-Oct-2000 |
gshapiro |
Fix up the build for the STARTTLS version of sendmail (again). This method mimics that of tcpdump in that for normal builds, sendmail will only be built once. For 'make release', it is built once for the bin dist and once for the crypto dist. This method also removes the need for two separate Makefiles (which could become out of sync).
Suggested by: bde Assisted by: kris
|
67085 |
13-Oct-2000 |
gshapiro |
Do not override BINDIR settings from subdirectory Makefiles.
Submitted by: bde
|
67083 |
13-Oct-2000 |
gshapiro |
../Makefile.inc was clobbering BINDIR so sendmail was being installed in /usr/sbin/ instead of /usr/libexec/sendmail/
Submitted by: bde
|
67053 |
13-Oct-2000 |
gshapiro |
Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSL
|
67052 |
13-Oct-2000 |
gshapiro |
Given that sendmail's STARTTLS support requires OpenSSL and the bootstrap issues that brings, build the non-TLS version of sendmail in src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail. This allows the TLS version to be part of the secure distribution when building a release.
|
67029 |
12-Oct-2000 |
gshapiro |
Remove STARTTLS support as it breaks builds without crypto installed. Waiting to hear back regarding the best way to do this.
|
66977 |
11-Oct-2000 |
peter |
With apoligies to Greg Shapiro, fix the world. The previous commit lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than appending to them with +=.
|
66961 |
11-Oct-2000 |
gshapiro |
Style fixes
|
66959 |
11-Oct-2000 |
gshapiro |
NOCRYPT imples NO_OPENSSL. Still need to solve the distribution problem.
Submitted by: kris
|
66944 |
10-Oct-2000 |
gshapiro |
Build sendmail with STARTTLS support unless NO_OPENSSL is set.
|
65970 |
17-Sep-2000 |
gshapiro |
Give users a way to alter the sendmail (and related utilities) build environment so they can enable functionality such as SASL, LDAP, Hesiod.
|
65797 |
13-Sep-2000 |
gshapiro |
Allow users to add libraries for sendmail (e.g. Cyrus SASL)
Obtained from: Sergei Vyshenski <svysh@pn.sinp.msu.ru>
|
65675 |
10-Sep-2000 |
kris |
Update for OpenSSH 2.2.0
|
65361 |
02-Sep-2000 |
kris |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature.
|
64628 |
14-Aug-2000 |
gshapiro |
Turn on support for IPv6
|
64597 |
13-Aug-2000 |
gshapiro |
Get rid of the /etc/aliases -> /etc/mail/aliases hack. /etc/mail/aliases now exists in the distribution.
|
64567 |
12-Aug-2000 |
gshapiro |
The rest of the changes needed to support the new version of sendmail (8.11.0). Beyond changes to the build system, this includes fixing up the sample freebsd.mc configuration for changes in defaults and syntax, removing outdated documentation, and updating the release notes.
|
64034 |
30-Jul-2000 |
kris |
Don't build sshd if NO_OPENSSL defined.
Submitted by: stephen@math.missouri.edu
|
61538 |
11-Jun-2000 |
kris |
Link explicitly against -lmd. I'm not sure what was pulling this in on -current, but it doesnt do it on -stable.
|
60577 |
15-May-2000 |
kris |
Update for OpenSSH 2.1
|
58586 |
26-Mar-2000 |
kris |
Update for latest OpenSSH
|
57854 |
09-Mar-2000 |
markm |
Make LOGIN_CAP work properly.
Submitted by: ache
|
57743 |
03-Mar-2000 |
jhay |
MFI: Make ssh and sshd link in the krb5 part of make release.
Reviewed by: markm
|
57569 |
28-Feb-2000 |
markm |
New distribution names.
|
57475 |
25-Feb-2000 |
peter |
Don't pull in libRSAglue for the rsaref case. Since this is linked dynamically by default, we use the dlopen() calls to load librsaref.so on US code trees.
|
57434 |
24-Feb-2000 |
markm |
Add the OpenSSH userland-building Makefiles.
|
55239 |
29-Dec-1999 |
peter |
Since /etc/sendmail.cf got moved to /etc/mail/sendmail.cf, a 'make world' would leave you with a broken sendmail and local mail loss. This evil hack moves sendmail.cf from the old location to the new one (if required) at install time.
|
55236 |
29-Dec-1999 |
peter |
Install sendmail in it's new location.
|
55010 |
22-Dec-1999 |
markm |
RIP xntpd.
|
50479 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
45090 |
28-Mar-1999 |
markm |
Enable tcp_wrapper support by default.
|
43735 |
07-Feb-1999 |
peter |
MaxHeaderLines is now MaxHeadersLength (in bytes)
|
43153 |
24-Jan-1999 |
peter |
Support 'O MaxHeaderLines=' to override the default header count and line length limits. The configuration keyword is: confMAX_HEADER_LINES
|
42584 |
12-Jan-1999 |
peter |
Update for 8.9.2 (new file, control.c) Also, turn on support for the MaxMimeHeaderLength option in sendmail.cf.
|
39496 |
19-Sep-1998 |
obrien |
Remove useless `BINOWN=root' now that it is the default.
|
38094 |
04-Aug-1998 |
peter |
Connect up sendmail-8.9.1
|
19149 |
24-Oct-1996 |
peter |
Fold sendmail-8.8.2 changes into files that have been touched.
(^!&@$#&^! delete !!@^@^ trailing !@^&#$!& whitespace!!!)
|
15349 |
22-Apr-1996 |
pst |
typo shmrsh -> smrsh
|
15338 |
21-Apr-1996 |
pst |
Enable proper installation of sendmail restricted shell smrsh(8).
This program is a wrapper for the prog mailer in sendmail. It does shell meta character masking and restricts the list of executables to those found in /usr/libexec/sm.bin.
The default sendmail.cf file does not use this tool, however you can enable it by either changing /bin/sh to /usr/libexec/smrsh or adding the line FEATURE(smrsh) into your sendmail .mc file and rebuilding your .cf file.
For more info, RTFMP.
|
12583 |
02-Dec-1995 |
peter |
*GULP* cvs remove the uncomfortably large list of files that are no longer part of sendmail 8.7.2...
|
12576 |
02-Dec-1995 |
peter |
Re-disable the cf/cf SUBDIR - we were not building it before anyway. The Makefile down there does not handle the obj dir well..
|
12571 |
02-Dec-1995 |
peter |
Import Sendmail-8.7.2 as discussed on -current.
The conflict merge will happen shortly after.
|
10088 |
17-Aug-1995 |
peter |
Import Sendmail v8.6.12, onto the CSRG(!) branch. A seperate commit to fix the conflicts wil follow.
|
8871 |
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
7284 |
23-Mar-1995 |
wollman |
This commit was generated by cvs2svn to compensate for changes in r7283, which included commits to RCS files with non-trunk default branches.
|
1553 |
26-May-1994 |
rgrimes |
BSD 4.4 Lite usr.sbin Sources
|