aboutsummaryrefslogtreecommitdiff
path: root/secure/usr.bin/ssh/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* Remove MK_GSSAPILexi Winter2025-08-201-1/+1
| | | | | | | | | | | | | | | For MIT Kerberos, MK_GSSAPI has no meaning: GSSAPI is a required part of Kerberos and is always built if MK_KERBEROS is enabled. Backport this behaviour to Heimdal so it works the same way. While here, change Heimdal's libcom_err and compile_et to be selected by MK_KERBEROS, not MK_KERBEROS_SUPPORT, since these are part of Kerberos and third-party users might need it even if Kerberos support is disabled in the base system. This means MK_KERBEROS_SUPPORT installs the same files with both MIT and Heimdal. Reviewed by: cy Differential Revision: https://reviews.freebsd.org/D51859
* gssapi,krb5: Replace libgssapi with the MIT versionCy Schubert2025-08-071-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | lib/libgssapi is based on Heimdal. As on Linux systems, the MIT libgssapi_krb5 replaces it. With both gssapi libraries and header files installed results in broken buildworld (gssd) and ports that will not build without modifications to support the MIT gssapi in an alternate location. 73ed0c7992fd removed the MIT GSSAPI headers from /usr/include. Apps using MIT KRB5 gssapi functions and structures will fail to build without this patch. This patch includes a temporary patch to usr.sbin/gssd to allow it to build with this patch. rmacklem@ has a patch for this and for kgssapi that uses this patch to resolve kgssapi issues for NFS with Kerberos. This patch is an updated version of D51661 to allow it to build following additional patchs to the tree. This should have been implmented with 7e35117eb07f. Fixes: 7e35117eb07f, 73ed0c7992fd Differential Revision: https://reviews.freebsd.org/D51661
* secure: Adapt Makefile to ssh-sk-client everywhereJose Luis Duran2025-04-171-1/+1
| | | | | | | | | Upstream commit 7b47b40b1 ("adapt Makefile to ssh-sk-client everywhere") adapted the Makefiles to ssh-sk-client. Do the same here. Reviewed by: emaste Approved by: emaste (mentor) Differential Revision: https://reviews.freebsd.org/D49795
* ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mkEd Maste2025-02-201-4/+0
| | | | | | | | | | | Commit 9d63429fa163 ("ssh: move common Makefile boilerplate to a new ssh.mk") introduced ssh.mk for common OpenSSH paths and flags, as part of enabling FIDO/U2F. Move duplicated MK_LDNS and MK_TCP_WRAPPERS handling there. Reviewed by: kevans Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31896
* ssh: tidy include handlingEd Maste2025-02-201-2/+0
| | | | | | | | | | | Centralize optional krb5_config.h handling in ssh.mk. Do not add headers (that are committed to the src tree) to SRCS as there is no need. Reviewed by: imp, jlduran, kevans (all earlier) MFC after: 1 month Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34409
* ssh: Move XAUTH_PATH setting to ssh.mkEd Maste2025-02-101-4/+0
| | | | | | | | | | | | | | XAUTH_PATH is normally set (in the upstream build infrastructure) in config.h. We previously set it in ssh and sshd's Makefiles if LOCALBASE is set, and over time have sometimes also defined it in config.h. Leave it unset in config.h and move the CFLAGS logic to to ssh.mk so that it will be set when building all ssh libraries and programs but still be set by LOCALBASE. Reviewed by: jlduran Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48907
* Remove residual blank line at start of MakefileWarner Losh2024-07-151-1/+0
| | | | | | | This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
* Remove $FreeBSD$: one-line sh patternWarner Losh2023-08-161-1/+0
| | | | Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
* ssh: move common Makefile boilerplate to a new ssh.mkEd Maste2021-11-031-3/+1
| | | | | | | | | | This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808
* Revert "Add workaround for a QoS-related bug in VMWare Workstation."Ed Maste2021-04-251-3/+0
| | | | | | | | | | | | | | | This reverts commit 77c2fe20df6a9a7c1a353e1a4ab2ba80fefab881. The VMware Workstation issue was fixed in 2019[1], and we'd rather not carry unnecessary local changes in OpenSSH. [1] https://communities.vmware.com/t5/VMware-Workstation-Pro/Regression-ssh-results-in-broken-pipe-upon-connecting-in-Vmware/m-p/486105/highlight/true#M25470 PR: 234426 Discussed with: yuripv Approved by: des MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
* Add workaround for a QoS-related bug in VMWare Workstation.Dag-Erling Smørgrav2019-03-271-0/+3
| | | | | | | | Submitted by: yuripv Differential Revision: https://reviews.freebsd.org/D18636 Notes: svn path=/head/; revision=345579
* Move ssh config file handling into the ssh Makefiles.Brad Davis2018-08-151-0/+2
| | | | | | | | | | This helps with pkgbase by using CONFS and tagging these as config files. Approved by: allanjude (mentor), des Differential Revision: https://reviews.freebsd.org/D16678 Notes: svn path=/head/; revision=337852
* Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.Dag-Erling Smørgrav2018-05-081-1/+1
| | | | | | | | | This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11. Notes: svn path=/head/; revision=333389
* Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI andEnji Cooper2017-01-021-1/+1
| | | | | | | | | | | | | | | MK_KERBEROS_SUPPORT != no This fixes the odd case where someone specified MK_GSSAPI=no and MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense, but the build system doesn't prevent this case today, and it didn't when I filed the bug back in 2011 either). MFC after: 2 weeks PR: 159745 Notes: svn path=/head/; revision=311140
* MFHGlen Barber2016-03-141-2/+1
|\ | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=296869
| * Upgrade to OpenSSH 7.2p2.Dag-Erling Smørgrav2016-03-111-2/+1
| | | | | | | | Notes: svn path=/head/; revision=296633
* | MFH r289384-r293170Glen Barber2016-01-041-10/+4
|\| | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=293172
| * Replace unneeded manual dependency on header by adding it to SRCS.Bryan Drewery2015-12-071-6/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=291941
| * Retire the NONE cipher option.Dag-Erling Smørgrav2015-11-231-4/+0
| | | | | | | | Notes: svn path=/head/; revision=291198
* | Move ssh into a dedicated packageBaptiste Daroussin2015-03-051-0/+1
|/ | | | | | | Flag config files as "to be merged on upgrade" Notes: svn path=/projects/release-pkg/; revision=279674
* Reduce overlinkingBaptiste Daroussin2014-11-251-3/+2
| | | | | | | | | The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475 Notes: svn path=/head/; revision=275083
* Convert to LIBADDBaptiste Daroussin2014-11-251-10/+4
| | | | | | | Reduce overlinking Notes: svn path=/head/; revision=275077
* Fix typo (LIBLDNSADD -> LIBLDNS) to fix "make checkdpadd"Enji Cooper2014-08-191-1/+1
| | | | | | | | | X-MFC with: r269648 Phabric: D634 Approved by: jmmv (mentor) Notes: svn path=/head/; revision=270178
* Rework privatelib/internallibBaptiste Daroussin2014-08-061-2/+2
| | | | | | | | | | | | | | | | | Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste Notes: svn path=/head/; revision=269648
* Use src.opts.mk in preference to bsd.own.mk except where we need stuffWarner Losh2014-05-061-1/+1
| | | | | | | from the latter. Notes: svn path=/head/; revision=265420
* Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of aDag-Erling Smørgrav2013-09-231-1/+4
| | | | | | | | | | | | repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius) Notes: svn path=/head/; revision=255829
* Clean up the OpenSSH build. It is now possible to build most componentsDag-Erling Smørgrav2013-09-101-5/+11
| | | | | | | | | | | | | as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket) Notes: svn path=/head/; revision=255460
* Make libldns and libssh private.Dag-Erling Smørgrav2013-09-081-0/+1
| | | | | | | Approved by: re (blanket) Notes: svn path=/head/; revision=255386
* Add a src.conf(5) option to allow users to compile in the "NONE cipher",Bjoern A. Zeeb2013-01-171-0/+4
| | | | | | | | | | | | which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days Notes: svn path=/head/; revision=245527
* Restore the ability to use a non-standard LOCALBASE to sshdEitan Adler2012-03-241-0/+4
| | | | | | | | | | | | Add the ability to use a non-standard LOCALBASE to ssh Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136) Notes: svn path=/head/; revision=233432
* X11BASE is not used any more and has been killed by the x11 team.Eitan Adler2012-03-191-13/+0
| | | | | | | | | Reviewed by: ??? Approved by: ??? MFC after: 3 days Notes: svn path=/head/; revision=233136
* Upgrade to OpenSSH 5.4p1.Dag-Erling Smørgrav2010-03-091-1/+1
| | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=204917
* Upgrade to OpenSSH 5.3p1.Dag-Erling Smørgrav2009-10-011-1/+4
| | | | Notes: svn path=/head/; revision=197679
* Upgrade to OpenSSH 5.1p1.Dag-Erling Smørgrav2008-08-011-1/+1
| | | | | | | | | | | | | I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks Notes: svn path=/head/; revision=181111
* For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgradeKris Kennaway2008-03-051-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases. However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found. Instead, provide a copy of the default LOCALBASE?=/usr/local setting here. We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth. MFC after: 3 days Reported by: rwatson Notes: svn path=/head/; revision=176844
* Add a manual dependency on ssh_namespace.h.Dag-Erling Smørgrav2006-05-131-0/+2
| | | | | | | Discussed with: ru Notes: svn path=/head/; revision=158529
* Introduce a namespace munging hack inspired by NetBSD to avoid pollutingDag-Erling Smørgrav2006-05-131-1/+1
| | | | | | | | | | | the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks Notes: svn path=/head/; revision=158519
* Reimplementation of world/kernel build options. For details, see:Ruslan Ermilov2006-03-171-1/+3
| | | | | | | | | | | http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine) Notes: svn path=/head/; revision=156813
* Add a new extensible GSS-API layer which can support GSS-API plugins,Doug Rabson2005-12-291-3/+3
| | | | | | | | | | | | similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts) Notes: svn path=/head/; revision=153838
* Revert the commits that made libssh an INTERNALLIB; they caused too muchDag-Erling Smørgrav2005-06-071-4/+4
| | | | | | | | | trouble, especially on amd64. Requested by: ru Notes: svn path=/head/; revision=147098
* Make libssh an INTERNALLIB like it is in {Net,Open}BSD.Dag-Erling Smørgrav2005-06-061-4/+4
| | | | Notes: svn path=/head/; revision=147056
* Update for OpenSSH 4.1p1.Dag-Erling Smørgrav2005-06-051-1/+1
| | | | Notes: svn path=/head/; revision=147007
* Update for 3.8p1, including workaround for a bug in gss-genr.c.Dag-Erling Smørgrav2004-02-261-1/+2
| | | | Notes: svn path=/head/; revision=126282
* Fixed static linkage.Ruslan Ermilov2004-01-081-2/+5
| | | | | | | Reviewed by: des Notes: svn path=/head/; revision=124249
* Enable GSSAPI support. [1]Dag-Erling Smørgrav2004-01-081-4/+4
| | | | | | | | | Also remove some duplicates from ssh's SRCS. Submitted by: [1] Björn Grönvall <bg@sics.se> Notes: svn path=/head/; revision=124242
* Update Makefiles for OpenSSH 3.7.1p2.Dag-Erling Smørgrav2004-01-071-2/+2
| | | | Notes: svn path=/head/; revision=124212
* Fixed "make checkdpadd".Ruslan Ermilov2003-07-021-2/+2
| | | | | | | OK'ed by: markm Notes: svn path=/head/; revision=117181
* Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extraMark Murray2003-05-051-1/+1
| | | | | | | | cleanups were necessary in release/Makefile, and the tinderbox code was syntax checked, not run checked. Notes: svn path=/head/; revision=114709
* We no longer have a separate kerberos distribution. Its now justMark Murray2003-04-301-1/+0
| | | | | | | part of the regular security dist. Notes: svn path=/head/; revision=114302
* Update for 3.6.1p1; also remove Kerberos IV shims.Dag-Erling Smørgrav2003-04-231-7/+0
| | | | Notes: svn path=/head/; revision=113915
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-04 14:20:10 +0000