| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was
hard-wired to the now-wrong location in old releases.
However, both X11BASE and LOCALBASE have moved out of scope of src/
into ports/ now, which causes problems for upgraded users who have old
make.conf files still containing the above setting. X11BASE becomes
null and we instruct ssh and sshd to look for xauth in /bin/xauth
where it is unlikely to be found.
Instead, provide a copy of the default LOCALBASE?=/usr/local setting
here.
We also have to deal with the case where the user only overrides
LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set
implicitly but not here), which will also move the location of xauth.
MFC after: 3 days
Reported by: rwatson
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Discussed with: ru
|
|
|
|
|
|
|
|
| |
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)
Suggested by: lukem@netbsd.org
MFC after: 6 weeks
|
|
|
|
|
|
|
|
| |
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
|
|
|
|
|
|
|
|
| |
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
|
|
|
|
|
|
| |
trouble, especially on amd64.
Requested by: ru
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
PR: bin/76374
MFC after: 2 weeks
|
| |
|
|
|
|
| |
Use WARNS?= instead of WARNS=.
|
|
|
|
| |
Reviewed by: des
|
|
|
|
|
|
| |
Also remove some duplicates from ssh's SRCS.
Submitted by: [1] Björn Grönvall <bg@sics.se>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.
I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.
Reviewed by: des
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".
As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).
Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
|
|
|
|
| |
OK'ed by: markm
|
|
|
|
| |
Reported by: Marius Strobl <marius@alchemy.franken.de>
|
| |
|
|
|
|
|
| |
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
|
|
|
|
| |
part of the regular security dist.
|
| |
|
| |
|
|
|
|
| |
we won't be here.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
function.
Approved by: markm (mentor)
Submitted by: till toenges <tt@mail.isis.de>
PR: bin/48963
|
|
|
|
|
| |
Reviewed by: markm
Approved by: nectar
|
| |
|
|
|
|
| |
and remove the WANT_OPENSSL_MANPAGES knob.
|
|
|
|
| |
will follow.
|
|
|
|
| |
devote to it.
|
| |
|
|
|
|
|
|
|
| |
setuid so ssh(1) doesn't have to be.
Pointy hat to: des
Submitted by: Katsuyuki TATEISHI <katsu@iec.hiroshima-u.ac.jp>
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
| |
introduced, and a few more I hadn't yet fixed.
Submitted by: bde
|
| |
|
| |
|
| |
|
| |
|