| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Submitted by: gallatin
|
|
|
|
|
|
|
|
| |
does include code for the alpha, but as far as I can tell, it is
non-functional (e.g. it's not even compiled by the native openssl build on
the alpha).
Noticed by: gallatin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
through the use of a new build directive, MACHINE_CPU, which contains a
list of the CPU generations/features for which optimizations are desired.
This feature will be extended to cover the ports tree in the future.
Currently OpenSSL provides optimizations for i386, i586 and i686-class
CPUs. Currently it has not been tested on an i386 or i486.
Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not
defined (namely, the lowest common denominator CPU we support for each
architecture). Currently this is i386 for the i386 architecture and ev4
for the alpha. sys.mk also sets the variable as a last resort for
consistency with MACHINE_ARCH and bootstrapping from very old versions of
make.
Benchmarks show a significant speed increase even in the i386 case, with
additional improvements for i586 and i686 systems. For maximum performance
define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.
Based on a patch submitted by: Mike Silbersack <silby@silby.com>
Reviewed by: current
|
|
|
|
| |
by PAM modules will be exported (correctly).
|
| |
|
|
|
|
|
| |
PR: 24434
Submitted by: Bill Cheswick <ches@bell-labs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.
Reviewed-by: jkh
(flame-proof suit on)
|
| |
|
|
|
|
| |
Submitted by: Mike Heffner <mheffner@vt.edu>
|
|
|
|
| |
Submitted by: roberto
|
|
|
|
|
|
|
|
|
|
| |
ENABLE_SUID_SSH being defined reenable it for those that want it.
This follows discussion favoring the change from September. It
is not usually necessary to be setuid root, possibly less safe,
and less convenient (cannot use $HOSTALIASES, for example).
Submitted by: jedgar
|
| |
|
|
|
|
|
|
|
|
|
|
| |
mimics that of tcpdump in that for normal builds, sendmail will only be
built once. For 'make release', it is built once for the bin dist and
once for the crypto dist. This method also removes the need for two separate
Makefiles (which could become out of sync).
Suggested by: bde
Assisted by: kris
|
|
|
|
| |
Submitted by: bde
|
|
|
|
|
|
| |
/usr/sbin/ instead of /usr/libexec/sendmail/
Submitted by: bde
|
| |
|
|
|
|
|
|
|
| |
issues that brings, build the non-TLS version of sendmail in
src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail.
This allows the TLS version to be part of the secure distribution when
building a release.
|
|
|
|
| |
Waiting to hear back regarding the best way to do this.
|
|
|
|
|
| |
lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than
appending to them with +=.
|
| |
|
|
|
|
|
|
| |
Still need to solve the distribution problem.
Submitted by: kris
|
| |
|
|
|
|
|
| |
if bootstrapping from a system on which the openssl headers are not
already present.
|
|
|
|
| |
environment so they can enable functionality such as SASL, LDAP, Hesiod.
|
| |
|
| |
|
|
|
|
| |
Obtained from: Sergei Vyshenski <svysh@pn.sinp.msu.ru>
|
| |
|
|
|
|
| |
It's the only way to be sure.
|
|
|
|
|
|
|
|
|
|
| |
-- Unknown
Now that the RSA algorithm is released into the public domain, build
librsaintl by default unless NO_RSAINTL is set in make.conf.
The native OpenSSL implementation of RSA is much faster, doesn't have
an artificial keysize limitation, has 30% fewer calories and tastes great!
|
|
|
|
| |
was using this feature.
|
|
|
|
|
|
| |
the real evp.h.
Reported by: markm
|
| |
|
|
|
|
| |
support NFS(ro) installworlds.
|
|
|
|
|
| |
PR: 17818
Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for crypt(3) by now. In any case:
Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).
The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)
Reviewed by: peter
|
| |
|
|
|
|
| |
now exists in the distribution.
|
|
|
|
|
|
| |
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
|
|
|
|
|
| |
getting rid of the check for NO_IDEA (in evp.h) completely if it's
installed without MAKE_IDEA=YES.
|
|
|
|
| |
something in the location where OpenSSH likes to point.
|
|
|
|
| |
Submitted by: stephen@math.missouri.edu
|
|
|
|
| |
attempts to link against libcrypto.
|
| |
|
| |
|
|
|
|
|
|
|
| |
MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to
confuse myself last time and made make.conf different to the code. ;-(
Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>
|
| |
|
|
|
|
|
|
| |
Use that to be the final arbiter of whether or not to build the
librsaintl.so plugin for openssl/openssh. Add a magic WANT_RSAINTL flag
to force building even if USA_RESIDENT=YES.
|
|
|
|
|
| |
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
|