Merge head@256284

4 files changed, 19 insertions, 32 deletions

diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile
index 387272b..5536f66 100644
--- a/secure/lib/libssh/Makefile
+++ b/secure/lib/libssh/Makefile
@@ -39,7 +39,7 @@ USEPRIVATELIB+= ldns
 CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
 
 .if ${MK_KERBEROS_SUPPORT} != "no"
-CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
+CFLAGS+= -include krb5_config.h
 DPADD+=	${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCOM_ERR} ${LIBMD} ${LIBROKEN}
 LDADD+=	-lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken
 .endif
@@ -58,3 +58,6 @@ LDADD+=	-lcrypto -lcrypt -lz
 .PATH: ${SSHDIR} ${SSHDIR}/openbsd-compat
 
 ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
+.if ${MK_KERBEROS_SUPPORT} != "no"
+${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
+.endif
diff --git a/secure/usr.bin/bdes/bdes.1 b/secure/usr.bin/bdes/bdes.1
index 8863a84..86df614 100644
--- a/secure/usr.bin/bdes/bdes.1
+++ b/secure/usr.bin/bdes/bdes.1
@@ -35,12 +35,12 @@
 .\"	@(#)bdes.1	8.1 (Berkeley) 6/29/93
 .\" $FreeBSD$
 .\"
-.Dd June 29, 1993
+.Dd September 20, 2013
 .Dt BDES 1
 .Os
 .Sh NAME
 .Nm bdes
-.Nd "encrypt/decrypt using the Data Encryption Standard (DES)"
+.Nd "encrypt / decrypt using the Data Encryption Standard (DES)"
 .Sh SYNOPSIS
 .Nm
 .Op Fl abdp
@@ -51,6 +51,11 @@
 .Op Fl o Ar N
 .Op Fl v Ar vector
 .Sh DESCRIPTION
+.Bf -symbolic
+The DES cipher should no longer be considered secure.
+Please consider using a more modern alternative.
+.Ef
+.Pp
 The
 .Nm
 utility implements all
@@ -215,22 +220,6 @@ is given in binary or hex,
 and can be disabled for
 .Tn ASCII
 keys as well.
-.Pp
-The
-.Tn DES
-is considered a very strong cryptosystem,
-and other than table lookup attacks,
-key search attacks,
-and Hellman's time-memory tradeoff
-(all of which are very expensive and time-consuming),
-no cryptanalytic methods
-for breaking the
-.Tn DES
-are known in the open literature.
-No doubt the choice of keys
-and key security
-are the most vulnerable aspect of
-.Nm .
 .Sh IMPLEMENTATION NOTES
 For implementors wishing to write
 software compatible with this program,
@@ -347,16 +336,6 @@ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGE.
 .Ed
 .Sh BUGS
-There is a controversy raging over whether the
-.Tn DES
-will still be secure
-in a few years.
-The advent of special-purpose hardware
-could reduce the cost of any of the
-methods of attack named above
-so that they are no longer
-computationally infeasible.
-.Pp
 As the key or key schedule
 is stored in memory,
 the encryption can be
diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile
index 459d21f..4a46429 100644
--- a/secure/usr.bin/ssh/Makefile
+++ b/secure/usr.bin/ssh/Makefile
@@ -27,7 +27,7 @@ USEPRIVATELIB+= ldns
 .endif
 
 .if ${MK_KERBEROS_SUPPORT} != "no"
-CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
+CFLAGS+= -include krb5_config.h
 DPADD+=	 ${LIBGSSAPI}
 LDADD+=	 -lgssapi
 .endif
@@ -48,3 +48,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
 .PATH:	${SSHDIR}
 
 ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
+.if ${MK_KERBEROS_SUPPORT} != "no"
+${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
+.endif
diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile
index daba994..587eb67 100644
--- a/secure/usr.sbin/sshd/Makefile
+++ b/secure/usr.sbin/sshd/Makefile
@@ -42,8 +42,7 @@ LDADD+=  -lbsm
 .endif
 
 .if ${MK_KERBEROS_SUPPORT} != "no"
-CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \
-	-DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1
+CFLAGS+= -include krb5_config.h
 DPADD+=	 ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \
 	${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC}
 LDADD+=	 -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \
@@ -66,3 +65,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
 .PATH:	${SSHDIR}
 
 ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
+.if ${MK_KERBEROS_SUPPORT} != "no"
+${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
+.endif