summaryrefslogtreecommitdiffstats
path: root/secure
Commit message (Collapse)AuthorAgeFilesLines
* Upgrade to OpenSSH 5.2p1.des2009-05-222-2/+2
| | | | MFC after: 3 months
* Enable getaudit_addr(2) for sshd again. This will un-break the subjectcsjp2008-11-301-1/+1
| | | | BSM audit tokens for IPv6.
* Upgrade to OpenSSH 5.1p1.des2008-08-014-7/+7
| | | | | | | | | | I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
* Merge from p4:imp2008-07-231-0/+205
| | | | | | | Implement openssl config needed for mips. Submitted by: gonzo@ Reviewed by: simon@
* Add $FreeBSD$peter2008-07-031-0/+1
|
* Fix conflicts after heimdal-1.1 import and add build infrastructure. Importdfr2008-05-072-5/+5
| | | | all non-style changes made by heimdal to our own libgssapi.
* For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgradekris2008-03-052-1/+19
| | | | | | | | | | | | | | | | | | | | | that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases. However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found. Instead, provide a copy of the default LOCALBASE?=/usr/local setting here. We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth. MFC after: 3 days Reported by: rwatson
* getopt(3) returns -1, not EOF.ru2008-02-191-1/+1
|
* - Bump share library version which were missed in last bumprafan2007-06-181-1/+1
| | | | | | Reported by: jhb Discussed with: deischen, des, doubg, harti Approved by: re (kensmith)
* Integrate the Camellia Block Cipher. For more information see RFC 4132gnn2007-05-094-9/+12
| | | | | | | and its bibliography. Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp> MFC after: 1 month
* Upgrade to OpenSSL 0.9.8e.simon2007-03-15281-603/+606
|
* Fix static compilation.ru2006-10-071-2/+2
|
* Upgrade to OpenSSL 0.9.8d.simon2006-10-01285-284/+346
|
* Update for OpenSSH 4.4p1.des2006-09-302-3/+3
| | | | MFC after: 1 week
* Remove alpha left-overs.ru2006-08-222-179/+0
|
* Upgrade to OpenSSL 0.9.8b.simon2006-07-29299-3674/+6561
|
* Enable DSO (Dynamic Shared Object) support. This makes it possiblesimon2006-07-171-1/+1
| | | | | | | | | | | | | | | | for OpenSSL to load engines run-time, e.g. for using the opensc engine port. The OpenSSL Configure script enables DSO support on FreeBSD by default, we just don't use the Configure script during OpenSSL builds in the base system. This is committed to -CURRENT now (before OpenSSL 0.9.8b import), so it can be tested at bit in -CURRENT before being MFC'ed to 6-STABLE. Prodded by: ale PR: bin/79570 MFC after: 1 week
* Add a manual dependency on ssh_namespace.h.des2006-05-1311-0/+22
| | | | Discussed with: ru
* Introduce a namespace munging hack inspired by NetBSD to avoid pollutingdes2006-05-1311-11/+11
| | | | | | | | the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks
* Clean generated headers.ru2006-04-101-0/+2
|
* Add port-tun.c.des2006-03-221-1/+1
|
* Provide alternate default for SHLIBDIR before bsd.own.mk does this.ru2006-03-181-1/+2
| | | | Reported by: phk
* Reimplementation of world/kernel build options. For details, see:ru2006-03-1711-24/+44
| | | | | | | | http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
* Hook audit into OpenSSH. Now that the necessary bits for OpenSSH supportcsjp2006-02-121-0/+6
| | | | | | | | | | | | | have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into build conditionally. For users which do not care for audit support and do not want to compile it into their SSH servers, add the following to the /etc/make.conf: NO_AUDIT=true Discussed with: rwatson Obtained from: TrustedBSD Project
* Add a new extensible GSS-API layer which can support GSS-API plugins,dfr2005-12-293-5/+5
| | | | | | | | | similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
* Revert last revision by phk@, it's redundant since bsd.incs.mkru2005-11-191-2/+0
| | | | already handles this, FWIW.
* Update for OpenSSH 4.2p1.des2005-09-031-3/+4
|
* Don't install includes if NO_TOOLCHAINphk2005-08-031-0/+2
|
* Bump the shared library version number of all libraries that have notkensmith2005-07-223-3/+3
| | | | | | | been bumped since RELENG_5. Reviewed by: ru Approved by: re (not needed for commit check but in principle...)
* Revert the commits that made libssh an INTERNALLIB; they caused too muchdes2005-06-0711-34/+24
| | | | | | trouble, especially on amd64. Requested by: ru
* Make libssh an INTERNALLIB like it is in {Net,Open}BSD.des2005-06-0611-24/+34
|
* Update for OpenSSH 4.1p1.des2005-06-056-18/+16
|
* Update OpenSSL 0.9.7d -> 0.9.7e.nectar2005-02-25192-5848/+5257
|
* Define PLATFORM correctly when cross-building.ru2005-02-161-2/+2
|
* Sync program's usage() with manpage's SYNOPSIS.ru2005-02-101-1/+1
|
* Correctly hide the command arguments.dds2005-01-171-15/+2
| | | | | PR: bin/76374 MFC after: 2 weeks
* NOCRYPT -> NO_CRYPTru2004-12-211-5/+5
|
* NODOCCOMPRESS -> NO_DOCCOMPRESSru2004-12-213-3/+3
| | | | | | | | NOINFO -> NO_INFO NOINFOCOMPRESS -> NO_INFOCOMPRESS NOLINT -> NO_LINT NOPIC -> NO_PIC NOPROFILE -> NO_PROFILE
* NOLIBC_R -> NO_LIBC_Rru2004-12-211-2/+2
| | | | | NOLIBPTHREAD -> NO_LIBPTHREAD NOLIBTHR -> NO_LIBTHR
* Update for OpenSSH 3.9p1.des2004-10-282-7/+6
|
* For variables that are only checked with defined(), don't provideru2004-10-243-3/+3
| | | | any fake value.
* Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comesmarkm2004-08-141-1/+1
| | | | from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
* Join the 21st century: Cryptography is no longer an optional componentcperciva2004-08-061-2/+0
| | | | | | | | | | of releases. The -DNOCRYPT build option still exists for anyone who really wants to build non-cryptographic binaries, but the "crypto" release distribution is now part of "base", and anyone installing from a release will get cryptographic binaries. Approved by: re (scottl), markm Discussed on: freebsd-current, in late April 2004
* Import the openssl conf for arm.cognet2004-05-141-0/+177
|
* Record the libssl.so dependency on libcrypto.so. This shouldru2004-05-131-0/+3
| | | | | | | | | help some ports that depend on libradius that recently gained the dependency on libssl. This is also how the stock OpenSSL build would link libssl.so on FreeBSD. Prompted by: kris OK'ed by: markm, nectar
* Fix release builds (release.3 target). We also need to rebuild libradius,marcel2004-05-021-4/+4
| | | | | | | | | because otherwise it will remain having a dependency upon libssl. This breaks the non-crypto build that happens for release.3 While here, order the list of programs and libraries. Speculating review feedback from: ru
* Turn MAKE_IDEA into a true "bool" type variable, as documented inru2004-04-193-5/+5
| | | | | | | the make.conf(5) manpage. PR: conf/65738 OK'ed by: markm
* Turn on the amd64-specific bignum code in openssl. This is actuallypeter2004-04-141-0/+7
| | | | | | | a variant of the C code but with some scattered asm and things laid out more optimally for the platform. This means that we need to the asm directory to the search path for the amd64 case so that make can find the source.
* Remove the -pthread from the last commit, as OpenSSL doesn't actuallydwmalone2004-03-301-1/+1
| | | | | | | call any pthread functions as we use compile it. We keep the -DOPENSSL_THREADS, which stops OpenSSL doing thread-unsafe stuff. Requested by: ru
* Build OpenSSL so that it extects that is may be used in a threadeddwmalone2004-03-301-0/+1
| | | | | | | | | | environment. This stops some ports keeling over on an OpenSSL assert. (The patch is not exactly the one from the PR, but has been refined based on advice from freebsd-threads.) PR: 51205 Submitted by: Jim Westfall <jwestfall@surrealistic.net> MFC after: 1 month
OpenPOWER on IntegriCloud