aboutsummaryrefslogtreecommitdiff
path: root/secure/usr.sbin
Commit message (Collapse)AuthorAgeFilesLines
* ssh: update to OpenSSH v8.9p1Ed Maste2022-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
* ssh: move common Makefile boilerplate to a new ssh.mkEd Maste2021-11-031-2/+1
| | | | | | | | | | This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808
* openssh: update to OpenSSH v8.7p1Ed Maste2021-09-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
* Update Makefile.depend filesSimon J. Gerraty2019-12-111-12/+3
| | | | | | | | | | | | | Update a bunch of Makefile.depend files as a result of adding Makefile.depend.options files Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22494 Notes: svn path=/head/; revision=355617
* Add Makefile.depend.optionsSimon J. Gerraty2019-12-111-0/+6
| | | | | | | | | | | | | | | | | | | | Leaf directories that have dependencies impacted by options need a Makefile.depend.options file to avoid churn in Makefile.depend DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc can be set in local.dirdeps-options.mk which can add to those set in Makefile.depend.options See share/mk/dirdeps-options.mk Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22469 Notes: svn path=/head/; revision=355616
* Upgrade to OpenSSH 7.8p1.Dag-Erling Smørgrav2018-09-101-2/+2
| | | | | | | Approved by: re (kib@) Notes: svn path=/head/; revision=338561
* Fix build after r337852: Don't rebuild moduli based on unrelated moduli.cBryan Drewery2018-08-161-0/+3
| | | | | | | Reported by: many, delphij (moduli.c issue) Notes: svn path=/head/; revision=337928
* Move ssh config file handling into the ssh Makefiles.Brad Davis2018-08-151-0/+2
| | | | | | | | | | This helps with pkgbase by using CONFS and tagging these as config files. Approved by: allanjude (mentor), des Differential Revision: https://reviews.freebsd.org/D16678 Notes: svn path=/head/; revision=337852
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2017-10-311-1/+0
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325188
* Convert traditional ${MK_TESTS} conditional idiom for including testEnji Cooper2017-08-021-3/+1
| | | | | | | | | | | | | | directories to SUBDIR.${MK_TESTS} idiom This is being done to pave the way for future work (and homogenity) in ^/projects/make-check-sandbox . No functional change intended. MFC after: 1 weeks Notes: svn path=/head/; revision=321912
* Upgrade to OpenSSH 7.4p1.Dag-Erling Smørgrav2017-03-061-7/+7
| | | | Notes: svn path=/head/; revision=314720
* Conditionalize building libwrap support into sshdEnji Cooper2017-01-071-1/+6
| | | | | | | | | | | | | | Only build libwrap support into sshd if MK_TCP_WRAPPERS != no This will unbreak the build if libwrap has been removed from the system MFC after: 2 weeks PR: 210141 Submitted by: kpect@protonmail.com Differential Revision: D9049 Notes: svn path=/head/; revision=311585
* Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI andEnji Cooper2017-01-021-1/+1
| | | | | | | | | | | | | | | MK_KERBEROS_SUPPORT != no This fixes the odd case where someone specified MK_GSSAPI=no and MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense, but the build system doesn't prevent this case today, and it didn't when I filed the bug back in 2011 either). MFC after: 2 weeks PR: 159745 Notes: svn path=/head/; revision=311140
* Add refactored blacklist support to sshdKurt Lidl2016-08-302-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file. Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init(). Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file. Reviewed by: des Approved by: des MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D7051 Notes: svn path=/head/; revision=305065
* Revert r301551, which added blacklistd(8) to sshd(8).Glen Barber2016-06-242-8/+0
| | | | | | | | | | | | | This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=302182
* DIRDEPS_BUILD: Update dependenciesBryan Drewery2016-06-141-0/+1
| | | | | | | | Approved by: re (gjb) Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=301891
* Add blacklist support to sshdKurt Lidl2016-06-071-0/+7
| | | | | | | | | | | Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915 Notes: svn path=/head/; revision=301551
* Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installedEnji Cooper2016-05-041-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | after r298107 Summary of changes: - Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that namespacing is kept with FILES appropriately, and that this shouldn't need to be repeated if the namespace changes -- only the definition of PACKAGE needs to be changed - Allow PACKAGE to be overridden by callers instead of forcing it to always be `tests`. In the event we get to the point where things can be split up enough in the base system, it would make more sense to group the tests with the blocks they're a part of, e.g. byacc with byacc-tests, etc - Remove PACKAGE definitions where possible, i.e. where FILES wasn't used previously. - Remove unnecessary TESTSPACKAGE definitions; this has been elided into bsd.tests.mk - Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES; ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk. - Fix installation of files under data/ subdirectories in lib/libc/tests/hash and lib/libc/tests/net/getaddrinfo - Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup) Document the proposed changes in share/examples/tests/tests/... via examples so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of replacing FILES. share/mk/bsd.README didn't seem like the appropriate method of communicating that info. MFC after: never probably X-MFC with: r298107 PR: 209114 Relnotes: yes Tested with: buildworld, installworld, checkworld; buildworld, packageworld Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=299094
* Fix including Kyuafile in packaged base system.Glen Barber2016-04-291-1/+2
| | | | | | | | | | | | | | | Fix a related typo while here. Note, this change results in the Kyuafile inclusion in the runtime package, which needs to be fixed, however addresses the PR as far as I can tell in my tests. PR: 209114 Submitted by: ngie Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=298768
* MFHGlen Barber2016-03-141-2/+2
|\ | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=296869
| * Upgrade to OpenSSH 7.2p2.Dag-Erling Smørgrav2016-03-111-2/+2
| | | | | | | | Notes: svn path=/head/; revision=296633
* | MFHGlen Barber2016-03-101-0/+11
|\| | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=296625
| * DIRDEPS_BUILD: Connect MK_TESTS.Bryan Drewery2016-03-091-0/+11
| | | | | | | | | | | | | | Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=296587
* | First pass to fix the 'tests' packages.Glen Barber2016-02-021-0/+5
| | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=295171
* | MFHGlen Barber2016-01-201-2/+1
|\| | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=294408
| * Upgrade to OpenSSH 6.8p1.Dag-Erling Smørgrav2016-01-191-2/+1
| | | | | | | | Notes: svn path=/head/; revision=294332
* | MFH r289384-r293170Glen Barber2016-01-042-9/+4
|\| | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=293172
| * Replace unneeded manual dependency on header by adding it to SRCS.Bryan Drewery2015-12-071-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if there is not yet a depend file. The headers in SRCS are never built or installed. After 'make depend' the header was already added as a proper dependency on the objects where needed. MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=291941
| * Retire the NONE cipher option.Dag-Erling Smørgrav2015-11-231-4/+0
| | | | | | | | Notes: svn path=/head/; revision=291198
| * Add more SUBDIR_PARALLEL.Bryan Drewery2015-10-151-0/+2
| | | | | | | | | | | | | | | | MFC after: 3 weeks Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=289393
* | MFH to r289370Glen Barber2015-10-151-3/+1
|\| | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=289371
| * Refactor the test/ Makefiles after recent changes to bsd.test.mk (r289158) andEnji Cooper2015-10-121-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | netbsd-tests.test.mk (r289151) - Eliminate explicit OBJTOP/SRCTOP setting - Convert all ad hoc NetBSD test integration over to netbsd-tests.test.mk - Remove unnecessary TESTSDIR setting - Use SRCTOP where possible for clarity MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Divison Notes: svn path=/head/; revision=289172
* | Finish merging from head, messed up in previous attemptBaptiste Daroussin2015-09-121-1/+0
|\| | | | | | | Notes: svn path=/projects/release-pkg/; revision=287710
| * Remove remnant from USEPRIVATELIB removalBaptiste Daroussin2015-09-041-1/+0
| | | | | | | | | | | | | | Sponsored by: gandi.net Notes: svn path=/head/; revision=287466
* | Merge from headBaptiste Daroussin2015-06-151-0/+40
|\| | | | | | | Notes: svn path=/projects/release-pkg/; revision=284410
| * Add META_MODE support.Simon J. Gerraty2015-06-131-0/+40
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp Notes: svn path=/head/; revision=284345
| | * dirdeps.mk now sets DEP_RELDIRSimon J. Gerraty2015-06-081-2/+0
| | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=284172
| | * Merge sync of headSimon J. Gerraty2015-05-272-22/+6
| | |\ | | |/ | |/| | | | Notes: svn path=/projects/bmake/; revision=283595
| | * Merge from head@274682Simon J. Gerraty2014-11-191-2/+2
| | |\ | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=274683
| | * \ Merge head from 7/28Simon J. Gerraty2014-08-191-1/+0
| | |\ \ | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=270164
| | * | | Updated dependenciesSimon J. Gerraty2014-05-161-0/+1
| | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=266219
| | * | | Merge from headSimon J. Gerraty2014-05-082-2/+2
| | |\| | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=265720
| | * | | Merge headSimon J. Gerraty2014-04-283-3/+28
| | |\ \ \ | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=265044
| | * \ \ \ Merge head@256284Simon J. Gerraty2013-10-131-2/+4
| | |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=256424
| | * | | | | Updated dependenciesSimon J. Gerraty2013-10-131-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=256419
| | * | | | | Merge headSimon J. Gerraty2013-09-111-8/+18
| | |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=255477
| | * | | | | | Updated dependenciesSimon J. Gerraty2013-03-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=248169
| | * | | | | | Updated dependenciesSimon J. Gerraty2013-02-161-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=246868
| | * | | | | | Sync with HEAD.David E. O'Brien2013-02-081-0/+4
| | |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=246555
| | * | | | | | | Sync FreeBSD's bmake branch with Juniper's internal bmake branch.Marcel Moolenaar2012-08-221-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Requested by: Simon Gerraty <sjg@juniper.net> Notes: svn path=/projects/bmake/; revision=239572