aboutsummaryrefslogtreecommitdiff
path: root/secure/usr.bin/ssh
Commit message (Collapse)AuthorAgeFilesLines
* Remove MK_GSSAPILexi Winter2025-08-201-1/+1
| | | | | | | | | | | | | | | For MIT Kerberos, MK_GSSAPI has no meaning: GSSAPI is a required part of Kerberos and is always built if MK_KERBEROS is enabled. Backport this behaviour to Heimdal so it works the same way. While here, change Heimdal's libcom_err and compile_et to be selected by MK_KERBEROS, not MK_KERBEROS_SUPPORT, since these are part of Kerberos and third-party users might need it even if Kerberos support is disabled in the base system. This means MK_KERBEROS_SUPPORT installs the same files with both MIT and Heimdal. Reviewed by: cy Differential Revision: https://reviews.freebsd.org/D51859
* gssapi,krb5: Replace libgssapi with the MIT versionCy Schubert2025-08-071-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | lib/libgssapi is based on Heimdal. As on Linux systems, the MIT libgssapi_krb5 replaces it. With both gssapi libraries and header files installed results in broken buildworld (gssd) and ports that will not build without modifications to support the MIT gssapi in an alternate location. 73ed0c7992fd removed the MIT GSSAPI headers from /usr/include. Apps using MIT KRB5 gssapi functions and structures will fail to build without this patch. This patch includes a temporary patch to usr.sbin/gssd to allow it to build with this patch. rmacklem@ has a patch for this and for kgssapi that uses this patch to resolve kgssapi issues for NFS with Kerberos. This patch is an updated version of D51661 to allow it to build following additional patchs to the tree. This should have been implmented with 7e35117eb07f. Fixes: 7e35117eb07f, 73ed0c7992fd Differential Revision: https://reviews.freebsd.org/D51661
* secure: Adapt Makefile to ssh-sk-client everywhereJose Luis Duran2025-04-171-1/+1
| | | | | | | | | Upstream commit 7b47b40b1 ("adapt Makefile to ssh-sk-client everywhere") adapted the Makefiles to ssh-sk-client. Do the same here. Reviewed by: emaste Approved by: emaste (mentor) Differential Revision: https://reviews.freebsd.org/D49795
* ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mkEd Maste2025-02-201-4/+0
| | | | | | | | | | | Commit 9d63429fa163 ("ssh: move common Makefile boilerplate to a new ssh.mk") introduced ssh.mk for common OpenSSH paths and flags, as part of enabling FIDO/U2F. Move duplicated MK_LDNS and MK_TCP_WRAPPERS handling there. Reviewed by: kevans Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31896
* ssh: tidy include handlingEd Maste2025-02-201-2/+0
| | | | | | | | | | | Centralize optional krb5_config.h handling in ssh.mk. Do not add headers (that are committed to the src tree) to SRCS as there is no need. Reviewed by: imp, jlduran, kevans (all earlier) MFC after: 1 month Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34409
* ssh: Move XAUTH_PATH setting to ssh.mkEd Maste2025-02-101-4/+0
| | | | | | | | | | | | | | XAUTH_PATH is normally set (in the upstream build infrastructure) in config.h. We previously set it in ssh and sshd's Makefiles if LOCALBASE is set, and over time have sometimes also defined it in config.h. Leave it unset in config.h and move the CFLAGS logic to to ssh.mk so that it will be set when building all ssh libraries and programs but still be set by LOCALBASE. Reviewed by: jlduran Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48907
* Remove residual blank line at start of MakefileWarner Losh2024-07-151-1/+0
| | | | | | | This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
* Remove $FreeBSD$: one-line sh patternWarner Losh2023-08-163-3/+0
| | | | Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
* Update/fix Makefile.depend for userlandSimon J. Gerraty2023-04-191-6/+0
|
* ssh: move common Makefile boilerplate to a new ssh.mkEd Maste2021-11-031-3/+1
| | | | | | | | | | This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808
* Revert "Add workaround for a QoS-related bug in VMWare Workstation."Ed Maste2021-04-251-3/+0
| | | | | | | | | | | | | | | This reverts commit 77c2fe20df6a9a7c1a353e1a4ab2ba80fefab881. The VMware Workstation issue was fixed in 2019[1], and we'd rather not carry unnecessary local changes in OpenSSH. [1] https://communities.vmware.com/t5/VMware-Workstation-Pro/Regression-ssh-results-in-broken-pipe-upon-connecting-in-Vmware/m-p/486105/highlight/true#M25470 PR: 234426 Discussed with: yuripv Approved by: des MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
* Update Makefile.depend filesSimon J. Gerraty2019-12-111-2/+2
| | | | | | | | | | | | | Update a bunch of Makefile.depend files as a result of adding Makefile.depend.options files Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22494 Notes: svn path=/head/; revision=355617
* Add Makefile.depend.optionsSimon J. Gerraty2019-12-111-0/+6
| | | | | | | | | | | | | | | | | | | | Leaf directories that have dependencies impacted by options need a Makefile.depend.options file to avoid churn in Makefile.depend DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc can be set in local.dirdeps-options.mk which can add to those set in Makefile.depend.options See share/mk/dirdeps-options.mk Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22469 Notes: svn path=/head/; revision=355616
* Add workaround for a QoS-related bug in VMWare Workstation.Dag-Erling Smørgrav2019-03-271-0/+3
| | | | | | | | Submitted by: yuripv Differential Revision: https://reviews.freebsd.org/D18636 Notes: svn path=/head/; revision=345579
* Move ssh config file handling into the ssh Makefiles.Brad Davis2018-08-151-0/+2
| | | | | | | | | | This helps with pkgbase by using CONFS and tagging these as config files. Approved by: allanjude (mentor), des Differential Revision: https://reviews.freebsd.org/D16678 Notes: svn path=/head/; revision=337852
* Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.Dag-Erling Smørgrav2018-05-081-1/+1
| | | | | | | | | This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11. Notes: svn path=/head/; revision=333389
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2017-10-311-1/+0
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325188
* Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI andEnji Cooper2017-01-021-1/+1
| | | | | | | | | | | | | | | MK_KERBEROS_SUPPORT != no This fixes the odd case where someone specified MK_GSSAPI=no and MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense, but the build system doesn't prevent this case today, and it didn't when I filed the bug back in 2011 either). MFC after: 2 weeks PR: 159745 Notes: svn path=/head/; revision=311140
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2016-08-311-2/+0
| | | | | | | Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=305146
* MFHGlen Barber2016-03-141-2/+1
|\ | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=296869
| * Upgrade to OpenSSH 7.2p2.Dag-Erling Smørgrav2016-03-111-2/+1
| | | | | | | | Notes: svn path=/head/; revision=296633
* | MFH r289384-r293170Glen Barber2016-01-041-10/+4
|\| | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=293172
| * Replace unneeded manual dependency on header by adding it to SRCS.Bryan Drewery2015-12-071-6/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=291941
| * Retire the NONE cipher option.Dag-Erling Smørgrav2015-11-231-4/+0
| | | | | | | | Notes: svn path=/head/; revision=291198
* | Merge from headBaptiste Daroussin2015-06-151-0/+31
|\| | | | | | | Notes: svn path=/projects/release-pkg/; revision=284410
| * Add META_MODE support.Simon J. Gerraty2015-06-131-0/+31
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp Notes: svn path=/head/; revision=284345
| | * dirdeps.mk now sets DEP_RELDIRSimon J. Gerraty2015-06-081-2/+0
| | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=284172
| | * Merge sync of headSimon J. Gerraty2015-05-272-17/+3
| | |\ | | |/ | |/| | | | Notes: svn path=/projects/bmake/; revision=283595
| | * Merge from head@274682Simon J. Gerraty2014-11-191-2/+2
| | |\ | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=274683
| | * \ Merge head from 7/28Simon J. Gerraty2014-08-191-1/+0
| | |\ \ | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=270164
| | * | | Updated dependenciesSimon J. Gerraty2014-05-161-0/+2
| | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=266219
| | * | | Merge from headSimon J. Gerraty2014-05-081-1/+1
| | |\| | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=265720
| | * | | Merge head@256284Simon J. Gerraty2013-10-131-1/+4
| | |\ \ \ | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=256424
| | * | | | Updated dependenciesSimon J. Gerraty2013-10-131-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=256419
| | * | | | Merge headSimon J. Gerraty2013-09-111-5/+12
| | |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=255477
| | * | | | | Updated dependenciesSimon J. Gerraty2013-03-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=248169
| | * | | | | Updated dependenciesSimon J. Gerraty2013-02-161-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=246868
| | * | | | | Sync with HEAD.David E. O'Brien2013-02-081-0/+4
| | |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=246555
| | * | | | | | Sync FreeBSD's bmake branch with Juniper's internal bmake branch.Marcel Moolenaar2012-08-221-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Requested by: Simon Gerraty <sjg@juniper.net> Notes: svn path=/projects/bmake/; revision=239572
* | | | | | | | Move ssh into a dedicated packageBaptiste Daroussin2015-03-051-0/+1
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Flag config files as "to be merged on upgrade" Notes: svn path=/projects/release-pkg/; revision=279674
* | | | | | | Reduce overlinkingBaptiste Daroussin2014-11-251-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475 Notes: svn path=/head/; revision=275083
* | | | | | | Convert to LIBADDBaptiste Daroussin2014-11-251-10/+4
| |_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce overlinking Notes: svn path=/head/; revision=275077
* | | | | | Fix typo (LIBLDNSADD -> LIBLDNS) to fix "make checkdpadd"Enji Cooper2014-08-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X-MFC with: r269648 Phabric: D634 Approved by: jmmv (mentor) Notes: svn path=/head/; revision=270178
* | | | | | Rework privatelib/internallibBaptiste Daroussin2014-08-061-2/+2
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste Notes: svn path=/head/; revision=269648
* | | | | Use src.opts.mk in preference to bsd.own.mk except where we need stuffWarner Losh2014-05-061-1/+1
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | from the latter. Notes: svn path=/head/; revision=265420
* | | | Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of aDag-Erling Smørgrav2013-09-231-1/+4
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius) Notes: svn path=/head/; revision=255829
* | | Clean up the OpenSSH build. It is now possible to build most componentsDag-Erling Smørgrav2013-09-101-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket) Notes: svn path=/head/; revision=255460
* | | Make libldns and libssh private.Dag-Erling Smørgrav2013-09-081-0/+1
| |/ |/| | | | | | | | | | | Approved by: re (blanket) Notes: svn path=/head/; revision=255386
* | Add a src.conf(5) option to allow users to compile in the "NONE cipher",Bjoern A. Zeeb2013-01-171-0/+4
|/ | | | | | | | | | | | which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days Notes: svn path=/head/; revision=245527
* Restore the ability to use a non-standard LOCALBASE to sshdEitan Adler2012-03-241-0/+4
| | | | | | | | | | | | Add the ability to use a non-standard LOCALBASE to ssh Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136) Notes: svn path=/head/; revision=233432
generated by cgit v1.3 (git 2.53.0) at 2026-03-12 20:24:37 +0000