#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
38a52bd3 |
|
19-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.1p1 Release notes are available at https://www.openssh.com/txt/release-9.1 9.1 contains fixes for three minor memory safety problems; these have lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base system. Some highlights copied from the release notes: Potentially-incompatible changes -------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. New features ------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429 MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
9d63429f |
|
02-Nov-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: move common Makefile boilerplate to a new ssh.mk This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808 |
#
53835448 |
|
14-Mar-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH Sponsored by: The FreeBSD Foundation
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
b626f5a7 |
|
04-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH r289384-r293170 Sponsored by: The FreeBSD Foundation
|
#
e42070a7 |
|
07-Dec-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Replace unneeded manual dependency on header by adding it to SRCS. bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division |
#
f94594b3 |
|
11-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Finish merging from head, messed up in previous attempt
|
#
bfa800d3 |
|
04-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Remove remnant from USEPRIVATELIB removal Sponsored by: gandi.net |
#
0bd7d22e |
|
05-Mar-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Move ssh into a dedicated package Flag config files as "to be merged on upgrade" |
#
ff75e007 |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Reduce overlinking The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475 |
#
ee5a34ec |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Convert to LIBADD Reduce overlinking |
#
d029c3aa |
|
06-Aug-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Rework privatelib/internallib Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste |
#
80189b3b |
|
17-Jul-2014 |
Brooks Davis <brooks@FreeBSD.org> |
Replace all uses of libncurses and libtermcap with their wide character variants. This allows usable file system images (i.e. those with both a shell and an editor) to be created with only one copy of the curses library. Exp-run: antoine PR: 189842 Discussed with: bapt Sponsored by: DARPA, AFRL |
#
c6063d0d |
|
05-May-2014 |
Warner Losh <imp@FreeBSD.org> |
Use src.opts.mk in preference to bsd.own.mk except where we need stuff from the latter. |
#
9cfa8b3f |
|
10-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket) |
#
0b2766bd |
|
08-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libldns and libssh private. Approved by: re (blanket) |
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
5b3dc7cf |
|
07-Oct-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fix static compilation. |
#
9fd9594d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a manual dependency on ssh_namespace.h. Discussed with: ru |
#
ed22e27d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks |
#
40e0db94 |
|
07-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64. Requested by: ru |
#
32f80c77 |
|
06-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD. |
#
015bad35 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.1p1. |
#
40dd33e8 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.8p1, including workaround for a bug in gss-genr.c. |
#
a04e3d6c |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.7.1p2. |
#
c45db693 |
|
19-Aug-2003 |
Gordon Tetlow <gordon@FreeBSD.org> |
Explicitly add libz and libcrypto to LDADD for any ssh utilities missing it. While not strictly required, it unbreaks the cross-build world that is resulting from moving the libraries around. I have a more permanent solution to this problem in the works, but I asked des for permission to commit this to get the ball rolling. This also makes the ssh build more along the lines of what the openssh-portable and OpenBSD openssh Makefile glue does. Reviewed by: des |
#
f0b56c5c |
|
25-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
No guts, no glory. Switch to OpenSSH-portable. Sponsored by: DARPA, NAI Labs |
#
360c9f6a |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
My previous style commits weren't entirely right. Fix some bugs I introduced, and a few more I hadn't yet fixed. Submitted by: bde |
#
8f770146 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Adjust for OpenSSH 3.1. Sponsored by: DARPA, NAI Labs |
#
e47a40e7 |
|
08-Feb-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Now that cross-tools ld(1) has been fixed to look for dynamic dependencies in the correct place, record the fact that -lssh depends on -lcrypto and -lz. Removed false dependencies on -lz (except ssh(1) and sshd(8)). Removed false dependencies on -lcrypto and -lutil for scp(1). Reviewed by: markm |
#
0509dca0 |
|
23-Jan-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm |
#
d350064e |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new programs are now included: sftp(1) and ssh-keyscan(1). |
#
9d63429f |
|
02-Nov-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: move common Makefile boilerplate to a new ssh.mk This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808
|
#
e42070a7 |
|
07-Dec-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Replace unneeded manual dependency on header by adding it to SRCS. bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
|
#
bfa800d3 |
|
04-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Remove remnant from USEPRIVATELIB removal Sponsored by: gandi.net
|
#
0bd7d22e |
|
05-Mar-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Move ssh into a dedicated package Flag config files as "to be merged on upgrade"
|
#
ff75e007 |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Reduce overlinking The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475
|
#
ee5a34ec |
|
25-Nov-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Convert to LIBADD Reduce overlinking
|
#
d029c3aa |
|
06-Aug-2014 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Rework privatelib/internallib Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste
|
#
80189b3b |
|
17-Jul-2014 |
Brooks Davis <brooks@FreeBSD.org> |
Replace all uses of libncurses and libtermcap with their wide character variants. This allows usable file system images (i.e. those with both a shell and an editor) to be created with only one copy of the curses library. Exp-run: antoine PR: 189842 Discussed with: bapt Sponsored by: DARPA, AFRL
|
#
c6063d0d |
|
05-May-2014 |
Warner Losh <imp@FreeBSD.org> |
Use src.opts.mk in preference to bsd.own.mk except where we need stuff from the latter.
|
#
9cfa8b3f |
|
10-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket)
|
#
0b2766bd |
|
08-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libldns and libssh private. Approved by: re (blanket)
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
124981e1 |
|
21-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
MFH OpenSSH 5.4p1
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
5b3dc7cf |
|
07-Oct-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fix static compilation.
|
#
9fd9594d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a manual dependency on ssh_namespace.h. Discussed with: ru
|
#
ed22e27d |
|
13-May-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Introduce a namespace munging hack inspired by NetBSD to avoid polluting the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks
|
#
40e0db94 |
|
07-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert the commits that made libssh an INTERNALLIB; they caused too much trouble, especially on amd64. Requested by: ru
|
#
32f80c77 |
|
06-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make libssh an INTERNALLIB like it is in {Net,Open}BSD.
|
#
015bad35 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for OpenSSH 4.1p1.
|
#
40dd33e8 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 3.8p1, including workaround for a bug in gss-genr.c.
|
#
a04e3d6c |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update Makefiles for OpenSSH 3.7.1p2.
|
#
c45db693 |
|
19-Aug-2003 |
Gordon Tetlow <gordon@FreeBSD.org> |
Explicitly add libz and libcrypto to LDADD for any ssh utilities missing it. While not strictly required, it unbreaks the cross-build world that is resulting from moving the libraries around. I have a more permanent solution to this problem in the works, but I asked des for permission to commit this to get the ball rolling. This also makes the ssh build more along the lines of what the openssh-portable and OpenBSD openssh Makefile glue does. Reviewed by: des
|
#
f0b56c5c |
|
25-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
No guts, no glory. Switch to OpenSSH-portable. Sponsored by: DARPA, NAI Labs
|
#
360c9f6a |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
My previous style commits weren't entirely right. Fix some bugs I introduced, and a few more I hadn't yet fixed. Submitted by: bde
|
#
8f770146 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Adjust for OpenSSH 3.1. Sponsored by: DARPA, NAI Labs
|
#
e47a40e7 |
|
08-Feb-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Now that cross-tools ld(1) has been fixed to look for dynamic dependencies in the correct place, record the fact that -lssh depends on -lcrypto and -lz. Removed false dependencies on -lz (except ssh(1) and sshd(8)). Removed false dependencies on -lcrypto and -lutil for scp(1). Reviewed by: markm
|
#
0509dca0 |
|
23-Jan-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Add pam_ssh support to the static PAM library, libpam.a: - Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh. Reviewed by: des, markm Approved by: markm
|
#
d350064e |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new programs are now included: sftp(1) and ssh-keyscan(1).
|