system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-19 06:44:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
151514 commits 77 branches 139 tags 3.4 GiB
Commit graph

466 commits

Author SHA1 Message Date
Kris Kennaway 47585c927f Add back a missing file from the no-asm case 
Submitted by:	gallatin
 2001-02-20 01:50:25 +00:00
Kris Kennaway b9d37a4027 Remove a remnant of my attempt to get alpha asm code working. OpenSSL 
does include code for the alpha, but as far as I can tell, it is
non-functional (e.g. it's not even compiled by the native openssl build on
the alpha).

Noticed by:	gallatin
 2001-02-19 23:31:53 +00:00
Kris Kennaway 0937df81ca Introduce support for using OpenSSL ASM optimizations. This is done 
through the use of a new build directive, MACHINE_CPU, which contains a
list of the CPU generations/features for which optimizations are desired.
This feature will be extended to cover the ports tree in the future.

Currently OpenSSL provides optimizations for i386, i586 and i686-class
CPUs. Currently it has not been tested on an i386 or i486.

Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not
defined (namely, the lowest common denominator CPU we support for each
architecture).  Currently this is i386 for the i386 architecture and ev4
for the alpha.  sys.mk also sets the variable as a last resort for
consistency with MACHINE_ARCH and bootstrapping from very old versions of
make.

Benchmarks show a significant speed increase even in the i386 case, with
additional improvements for i586 and i686 systems.  For maximum performance
define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.

Based on a patch submitted by:  Mike Silbersack <silby@silby.com>
Reviewed by:    current
 2001-02-19 03:59:05 +00:00
Jacques Vidrine 18ae4e64cf Define HAVE_PAM_GETENVLIST for build. Now environmental variables set 
by PAM modules will be exported (correctly).
 2001-02-08 21:16:34 +00:00
Bruce Evans 0be3a10c91 Fixed missing include of <unistd.h> and wrong prototype for setkey(). 2001-02-06 01:17:59 +00:00
Ben Smithurst 48cd1cfb63 Add .Lb libcipher 
PR:		24434
Submitted by:	Bill Cheswick <ches@bell-labs.com>
 2001-01-24 14:27:30 +00:00
Ruslan Ermilov e9f98cd047 man(7) -> mdoc(7). 2001-01-16 15:28:12 +00:00
Peter Wemm 9886bcdf93 Merge into a single US-exportable libcrypt, which only provides 
one-way hash functions for authentication purposes.  There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before.  If this is
  not called, it tries to heuristically figure out the hash format, and
  if all else fails, it uses the optional auth.conf entry to chose the
  overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
  having the source it in some countries, so preserve the "secure/*"
  division.  You can still build a des-free libcrypt library if you want
  to badly enough.  This should not be a problem in the US or exporting
  from the US as freebsd.org had notified BXA some time ago.  That makes
  this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5.  This
  is to try and minimize POLA across buildworld where folk may suddenly
  be activating des-crypt()-hash support.  Since the des hash may not
  always be present, it seemed sensible to make the stronger md5 algorithm
  the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)
 2000-12-28 10:32:02 +00:00
Brian Feldman 94193b581b Update for OpenSSH 2.3.0. 2000-12-05 03:01:33 +00:00
Ruslan Ermilov 2b7f803bd3 Fixed a typo from the last commit. 
Submitted by:	Mike Heffner <mheffner@vt.edu>
 2000-11-15 07:45:23 +00:00
Kris Kennaway 326df993d7 Correct some fallout from the semi-automated way I updated the makefile. 
Submitted by:	roberto
 2000-11-14 22:12:02 +00:00
Brian Feldman 087815f8bc Disable /usr/bin/ssh being setuid root by default. Let the variable 
ENABLE_SUID_SSH being defined reenable it for those that want it.

This follows discussion favoring the change from September.  It
is not usually necessary to be setuid root, possibly less safe,
and less convenient (cannot use $HOSTALIASES, for example).

Submitted by:	jedgar
 2000-11-14 04:42:25 +00:00
Kris Kennaway 95200624a6 Update for OpenSSL 0.9.6 2000-11-13 02:21:38 +00:00
Gregory Neil Shapiro 85e427cc94 Fix up the build for the STARTTLS version of sendmail (again). This method 
mimics that of tcpdump in that for normal builds, sendmail will only be
built once.  For 'make release', it is built once for the bin dist and
once for the crypto dist.  This method also removes the need for two separate
Makefiles (which could become out of sync).

Suggested by: bde
Assisted by: kris
 2000-10-24 16:04:56 +00:00
Gregory Neil Shapiro e11cbdb767 Do not override BINDIR settings from subdirectory Makefiles. 
Submitted by:	bde
 2000-10-13 16:57:03 +00:00
Gregory Neil Shapiro 1e503e9884 ../Makefile.inc was clobbering BINDIR so sendmail was being installed in 
/usr/sbin/ instead of /usr/libexec/sendmail/

Submitted by:	bde
 2000-10-13 16:51:05 +00:00
Gregory Neil Shapiro c1f12b17ff Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSL 2000-10-13 03:21:37 +00:00
Gregory Neil Shapiro fa54144cce Given that sendmail's STARTTLS support requires OpenSSL and the bootstrap 
issues that brings, build the non-TLS version of sendmail in
src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail.
This allows the TLS version to be part of the secure distribution when
building a release.
 2000-10-13 03:20:43 +00:00
Gregory Neil Shapiro cec19acfbc Remove STARTTLS support as it breaks builds without crypto installed. 
Waiting to hear back regarding the best way to do this.
 2000-10-12 17:04:32 +00:00
Peter Wemm 0a69c17a48 With apoligies to Greg Shapiro, fix the world. The previous commit 
lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than
appending to them with +=.
 2000-10-11 12:19:42 +00:00
Gregory Neil Shapiro c6cc60252d Style fixes 2000-10-11 05:04:21 +00:00
Gregory Neil Shapiro 79c8873163 NOCRYPT imples NO_OPENSSL. 
Still need to solve the distribution problem.

Submitted by:	kris
 2000-10-11 03:35:32 +00:00
Gregory Neil Shapiro 0c2b976cf8 Build sendmail with STARTTLS support unless NO_OPENSSL is set. 2000-10-10 18:15:41 +00:00
Kris Kennaway b5a1cc3a5c Overhaul of the build-time include file generation. Don't break in evp.h 
if bootstrapping from a system on which the openssl headers are not
already present.
 2000-09-17 06:45:27 +00:00
Gregory Neil Shapiro cf1fec423a Give users a way to alter the sendmail (and related utilities) build 
environment so they can enable functionality such as SASL, LDAP, Hesiod.
 2000-09-17 00:41:33 +00:00
Kris Kennaway 65c9b74cc6 Only build sftp-server conditionally 2000-09-16 22:43:00 +00:00
Andrey A. Chernov 89cdeb294d Add sftp-server 2000-09-15 01:04:32 +00:00
Gregory Neil Shapiro da69ece541 Allow users to add libraries for sendmail (e.g. Cyrus SASL) 
Obtained from:	Sergei Vyshenski <svysh@pn.sinp.msu.ru>
 2000-09-13 04:16:16 +00:00
Kris Kennaway 2f538dadf7 Update for OpenSSH 2.2.0 2000-09-10 09:43:29 +00:00
Kris Kennaway 690a362571 Nuke RSAREF support from orbit. 
It's the only way to be sure.
 2000-09-10 00:09:37 +00:00
Kris Kennaway e1f99b045c ``Anyone is now free to rub two primes together for their own gratification'' 
-- Unknown

Now that the RSA algorithm is released into the public domain, build
librsaintl by default unless NO_RSAINTL is set in make.conf.

The native OpenSSL implementation of RSA is much faster, doesn't have
an artificial keysize limitation, has 30% fewer calories and tastes great!
 2000-09-06 23:46:50 +00:00
Kris Kennaway 939c32909c Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody 
was using this feature.
 2000-09-02 07:32:05 +00:00
Brian Feldman dd62c1ebeb Make the temporary file _evp.h instead of evp.h to not conflict with 
the real evp.h.

Reported by:	markm
 2000-08-24 19:06:55 +00:00
Andrey A. Chernov 0305cfcec6 Add missing quotes around xauth path 2000-08-23 19:14:48 +00:00
Brian Feldman 4eb207a1ae Generate a new evp.h at build-time instead of install-time to properly 
support NFS(ro) installworlds.
 2000-08-23 11:41:01 +00:00
Kris Kennaway 4d858ef441 Respect X11BASE to derive the location of xauth(1) 
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
 2000-08-23 09:39:20 +00:00
Brian Feldman 04c9749ff0 Add working and easy crypt(3)-switching. Yes, we need a whole new API 
for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter
 2000-08-22 02:15:54 +00:00
Gregory Neil Shapiro d0b3252609 Turn on support for IPv6 2000-08-14 02:36:29 +00:00
Gregory Neil Shapiro 478c940682 Get rid of the /etc/aliases -> /etc/mail/aliases hack. /etc/mail/aliases 
now exists in the distribution.
 2000-08-13 08:36:40 +00:00
Gregory Neil Shapiro 88c75941e6 The rest of the changes needed to support the new version of sendmail (8.11.0). 
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
 2000-08-12 22:39:25 +00:00
Brian Feldman 314844b39a Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by 
getting rid of the check for NO_IDEA (in evp.h) completely if it's
installed without MAKE_IDEA=YES.
 2000-08-04 04:25:59 +00:00
Kris Kennaway 283cfe50ae Install the openssl(1) manpage with an MLINK from ssl(8) to at least put 
something in the location where OpenSSH likes to point.
 2000-08-03 05:29:04 +00:00
Kris Kennaway b682213c87 Don't build sshd if NO_OPENSSL defined. 
Submitted by:	stephen@math.missouri.edu
 2000-07-30 22:25:54 +00:00
Kris Kennaway abe829c0e3 Don't build crypto-enabled telnetd if NO_OPENSSL is defined, since it 
attempts to link against libcrypto.
 2000-07-25 01:11:17 +00:00
Mark Murray 1200a0a6e4 WITH_IDEA --> MAKE_IDEA fix. 2000-07-16 12:20:28 +00:00
Peter Wemm ecece7e319 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
Peter Wemm 97e8e70bd1 Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using 
MAKE_foo for things like MAKE_KERBEROS etc.  Use that.  I managed to
confuse myself last time and made make.conf different to the code. ;-(

Reported by:  Jun Kuriyama <kuriyama@FreeBSD.org>
 2000-07-14 09:18:21 +00:00
Peter Wemm 8e7cbb3c91 Argh. Cut/paste transcription error. Fix syntax of previous commit. 2000-07-03 06:26:30 +00:00
Peter Wemm 86c9b3ab20 USA_RESIDENT is forced to YES or NO at the start of Makefile.inc1 
Use that to be the final arbiter of whether or not to build the
librsaintl.so plugin for openssl/openssh.  Add a magic WANT_RSAINTL flag
to force building even if USA_RESIDENT=YES.
 2000-07-03 06:24:23 +00:00
Mark Murray ce09ad5098 MFI. This is a documentation-only, diffreducing patch, that if 
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
 2000-06-24 06:50:58 +00:00
Kris Kennaway 957dc12dec Link explicitly against -lmd. I'm not sure what was pulling this in 
on -current, but it doesnt do it on -stable.
 2000-06-11 05:30:52 +00:00
Kris Kennaway d52b295063 Add a new file to SRCS 2000-06-03 10:04:31 +00:00
David E. O'Brien 14a8a54168 /dev/urandom is the default random device, so no use in stateing it here. 
Also simplify the conditionals a little.
 2000-05-15 23:29:03 +00:00
David E. O'Brien f254f0ac49 This version is slightly better than rev 1.10. There are still missing 
dependencies for openssl/*.h.  I cannot reproduce any critical race
conditions with this revision.
 2000-05-15 17:28:06 +00:00
David E. O'Brien f80c5c4a34 Use unadorned `mkdir -p', removing the "test ... ||". 
There are sometimes problems with "&&" and "||" in the `make -j' case, as
it appears multiple processes may process parts of the execution line.
 2000-05-15 16:52:57 +00:00
Kris Kennaway 4fc9354419 Update for OpenSSH 2.1 2000-05-15 05:26:50 +00:00
Kris Kennaway 0ae5a27cf8 Use the C locale for running date(1). 
Submitted by:	ache
 2000-04-20 07:26:46 +00:00
Kris Kennaway 9ccbd450e8 Update for OpenSSL 0.9.5a and clean up a bit. 2000-04-13 07:37:35 +00:00
Kris Kennaway a7aaf459e7 Update for OpenSSL 0.9.5a and clean up a bit. 
Take responsibility for this makefile again :-)
 2000-04-13 07:37:26 +00:00
David E. O'Brien 63bfdbdb0a * Fix dependancies so that ``make depend'' is not required. 
* Some style fixes

Approved by:	kris
 2000-04-11 09:27:24 +00:00
David E. O'Brien 2461ce422b * Fix dependancies so that ``make depend'' is not required. 
* Some style fixes

Approved by:	kris
 2000-04-11 08:28:47 +00:00
Kris Kennaway aad873b098 Add libcrypto to LDADD. This fixes problems seen with e.g. apache-modssl 
Submitted by:	Jim Bloom <bloom@acm.org>
 2000-04-04 07:31:01 +00:00
Kris Kennaway fcd9d76716 Missed a fix for the new openssh; this fixes make world. 2000-03-26 21:17:11 +00:00
Kris Kennaway 1ef4beca5f Update for latest OpenSSH 2000-03-26 07:54:12 +00:00
Kris Kennaway 9fd4066575 Add a new function stub to libcrypto() which resolves to a symbol in 
the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
 2000-03-13 09:55:53 +00:00
Mark Murray 283073b4e6 Make LOGIN_CAP work properly. 
Submitted by:	ache
 2000-03-09 14:54:00 +00:00
Kris Kennaway bb49f794f5 Buildworld fixes for NO_OPENSSH and NO_OPENSSL 
Approved by:	jkh
 2000-03-09 06:29:05 +00:00
Kris Kennaway d7d9ad4214 Build a shared library too - ports expect it. 
Reviewed by:	peter
Approved by:	jkh
 2000-03-07 20:55:55 +00:00
Peter Wemm 5a0a2ee966 Merge from internat.freebsd.org; cleanup stray rsaref glue code reference 2000-03-05 14:20:57 +00:00
John Hay aa77fdaa47 MFI: Make ssh and sshd link in the krb5 part of make release. 
Reviewed by:	markm
 2000-03-03 20:34:05 +00:00
Kris Kennaway a5ee11a77a Resurrect the old libdes manpages (after a repo copy) until we have better 
ones.
 2000-03-02 06:06:35 +00:00
Peter Wemm 3187486c8a Merge from internat.freebsd.org: add libcrypto to librsaUSA's symbol search 
path so that ERR_load_strings() is found in certain circumstances
involving dlopen().  eg: main program dlopened foo.so which is linked
against libcrypto.  If libcrypto then dlopens librsaUSA.so, then it's
search path doens't find libcrypto (!).  One "fix" is to force
modules (eg main opening foo.so) to use the RTLD_GLOBAL flag, the other
is to explicitly declare dependencies (as done here).
 2000-03-02 05:22:46 +00:00
Mark Murray 87afaaf75a MFI: stupid typo of mine. 2000-02-29 09:56:11 +00:00
Kris Kennaway 06f13592e1 Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt 
symlinks. The name is against my better judgement, but I defer to ancient
tradition here because I'm a nice guy.

Reviewed by:	-current
 2000-02-29 05:47:52 +00:00
Mark Murray e1eaf14cd7 New distribution names. 2000-02-28 19:25:34 +00:00
Mark Murray c62e13f4cf New distribution name. 2000-02-28 19:24:33 +00:00
Peter Wemm 9fa5f5fd96 Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing) 
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.
 2000-02-26 13:13:03 +00:00
Peter Wemm 42a75d55f1 Merge from internat.freebsd.org; deal with -DRSAref the same way as 
libcrypto - not that it means much on the US code tree.
 2000-02-25 14:15:31 +00:00
Peter Wemm cfd62b902e Merge from internat.freebsd.org; make RSAREF=YES work correctly, although 
this is not very useful as the US repo is missing bits.
 2000-02-25 14:08:35 +00:00
Peter Wemm 6681286022 Create a stub libRSAglue for bsd.port.mk's sake 2000-02-25 09:47:17 +00:00
Peter Wemm 8df7a1fa29 Don't pull in libRSAglue for the rsaref case. Since this is linked 
dynamically by default, we use the dlopen() calls to load librsaref.so
on US code trees.
 2000-02-25 08:21:35 +00:00
Peter Wemm 07a0979e84 Fold libRSAglue into libcrypto so we don't have to special-case 
all the builds.  There is still no actual RSA implementation code
in libcrypto or src/* on US code trees.
 2000-02-25 08:18:43 +00:00
Peter Wemm 08c0f1c7dd Sync with internat; delete a trailing space 2000-02-25 05:35:37 +00:00
Mark Murray 51a4536595 Remove port components not needed in 4.n+ 
Submitted by:	Half the freaking planet....
 2000-02-24 22:39:24 +00:00
Mark Murray b87f0bc988 libdes is OBE 2000-02-24 19:08:24 +00:00
Mark Murray c9f2d5f483 Build everything properly. This means: 
o Don't b uild libdes.

o Crypto is now housed in libcrypto (with a compatability symlink to
  libdes)

o RSA may depend on RSAREF at your locale.

o OpenSSH is now a part of the base system.
 2000-02-24 18:59:34 +00:00
Mark Murray c23e256eef Add the OpenSSH userland-building Makefiles. 2000-02-24 17:00:55 +00:00
Mark Murray 228c5a5af7 Freefall/Internat diff reducer. 2000-02-24 10:37:29 +00:00
Mark Murray 22dcf83566 Freefall/Internat diff reducer. 2000-02-24 10:21:56 +00:00
Mark Murray 1b87af6b57 Freefall/Internat diff reducer. 2000-02-24 10:06:57 +00:00
Mark Murray 97dacfda2b Diff reducer. Comes from Internat. 2000-02-24 09:52:37 +00:00
Mark Murray 4486a1f099 Remove useless whitespace. 
Part of big commit OK'ed by: JKH
 2000-02-24 09:48:58 +00:00
Kris Kennaway 0c7304fede Back out the previous commit - it broke world and was not approved. 
I don't know what I was thinking committing without approval - sorry.
 2000-02-14 08:09:52 +00:00
Kris Kennaway b0ba1374bc Link dynamically, not statically. 2000-02-13 00:53:12 +00:00
Kris Kennaway 8c52579a78 Add NO_OPENSSL knob to turn off building of openssl 
Requested by:   wollman
 2000-01-30 04:12:49 +00:00
Kris Kennaway c6680962bf Add NO_OPENSSL knob to turn off building of openssl 
Requested by:	wollman
 2000-01-30 04:11:37 +00:00
Yoshinobu Inoue 4dd8b5ab79 another tcp apps IPv6 updates.(should be make world safe) 
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
 2000-01-27 09:28:38 +00:00
Kris Kennaway a5c3c93893 Don't search for libraries in ${LOCALBASE}. This should fix the problems 
people were seeing with conflicts with the openssl port.
 2000-01-20 07:29:01 +00:00
Kris Kennaway 04c111ac5f Activate librsaglue 2000-01-20 07:27:49 +00:00
Kris Kennaway 486bbb25ef Move the rsaref gunk to libRSAglue where ports expect it. 2000-01-20 07:27:38 +00:00
Kris Kennaway 5afe765e66 Build infrastructure for libRSAglue, required for compatability with 
ports even though it doesn't seem to do anything which requires it
to be separate from libcrypto.
 2000-01-20 07:24:40 +00:00
Kris Kennaway e36de8f1b1 The wrong version of the file was committed previously which explains the 
problems seen here.
 2000-01-16 21:00:06 +00:00
Kris Kennaway f9992f30fc Turn back on openssl building. 2000-01-16 05:25:26 +00:00
Kris Kennaway 3e3bfbad52 Turn back on libcrypto and libssl building. 2000-01-16 05:24:47 +00:00
Kris Kennaway ac242a29d9 *** empty log message *** 2000-01-16 05:19:27 +00:00
Kris Kennaway 2f00e5fdc4 Add MAINTAINER tag so people don't feel the need to randomly frob with this. 2000-01-16 02:20:03 +00:00
Brian Feldman d82f495687 We cannot have libcrypto, and therefore OpenSSL at all, without RSA. 
If you need examples of breakage, I'm ready to provide more than a
few.
 2000-01-15 18:02:10 +00:00
Kris Kennaway 45b8027e25 Connect OpenSSL to the build. 2000-01-14 08:01:51 +00:00
Kris Kennaway 41e8e5da52 Build infrastructure for OpenSSL 2000-01-14 05:49:29 +00:00
Kris Kennaway 63f691b33c Really really remove SHA-1 support. 2000-01-09 21:22:48 +00:00
Mark Murray 8ab773c3cf Routines needed by new kerberos. 2000-01-09 10:09:40 +00:00
Jordan K. Hubbard e63a240576 Remove the SHA stuff properly. 2000-01-08 03:01:13 +00:00
Peter Wemm 049239a46c Since /etc/sendmail.cf got moved to /etc/mail/sendmail.cf, a 'make world' 
would leave you with a broken sendmail and local mail loss.
This evil hack moves sendmail.cf from the old location to the new one (if
required) at install time.
 1999-12-29 18:56:55 +00:00
Peter Wemm 8ea9610d48 Install sendmail in it's new location. 1999-12-29 18:40:56 +00:00
Mark Murray 1c7d04a82f RIP xntpd. 1999-12-22 19:15:02 +00:00
Peter Wemm 1a9527eaaa I missed the LDADD/DPADD for -lmd in the secure cases. :-( 
Pointed out by: marcel
 1999-12-19 16:50:33 +00:00
Peter Wemm ed9823add9 Revert -lmd changes now that libcrypt doesn't expose this binutils/ld 
bug any more.
 1999-12-18 16:42:33 +00:00
Marcel Moolenaar 6b5f58c5c3 Add libmd to DPADD and LDADD. 1999-12-17 11:45:28 +00:00
Mark Murray 1a19815c14 Dont build telenet if we are going for kerberised telnet; this just 
jumps all over kerberised telnet otherwise.
 1999-10-12 19:48:05 +00:00
Mark Murray d14fc57cb7 Make telnet with SRA work. 
Submitted by:	Nick Sayer
 1999-10-07 19:47:09 +00:00
Mark Murray e267a66620 Colour me stupid. This is a better way of using the macros. 1999-09-21 22:13:07 +00:00
Mark Murray af37a7967b Do this the same way as Internat to reduce diffs. 1999-09-21 17:57:09 +00:00
Dmitrij Tejblum 462da152d2 Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons. 
Revert the major number back to 2.

libcrypt only export one function, before the recent changes and now:
char *crypt(const char *key, const char *salt);
The prototype didn't changed. Internal representation of `char' and `char *'
didn't changed. Therefore, there is no reason to change the version number.
 1999-09-21 17:52:05 +00:00
Peter Wemm 6fd36d7d11 Restore SONAME setting, otherwise libdescrypt.so.3 doesn't end up with 
a special SONAME of libcrypt.so.3 and the runtime symlink doesn't work.
 1999-09-21 14:47:36 +00:00
Mark Murray e1e54354b5 Make this completely dependant on the exportable libcrypt, to avoid 
duplication of effort. Also a large cleanup of the code, inspired
by Brandon Gillespie.
 1999-09-20 12:40:06 +00:00
Mark Murray 5cd82127f8 libdes is bmaked and built from src/crypto/... now. 1999-09-19 18:49:58 +00:00
Mark Murray 056bcb03a1 This commit was generated by cvs2svn to compensate for changes in r50894, 
which included commits to RCS files with non-trunk default branches.
 1999-09-04 12:45:43 +00:00
Mark Murray caf39ecc96 Vendor import EAY's LIBSSL to fix comments, etc. 1999-09-04 12:45:43 +00:00
Mark Murray 0a21b04f59 Drat. Import this into the right place. Pass me the pointy hat. 1999-09-01 19:59:25 +00:00
Mark Murray 778981c288 This commit was generated by cvs2svn to compensate for changes in r50760, 
which included commits to RCS files with non-trunk default branches.
 1999-09-01 19:59:25 +00:00
Peter Wemm a1a4f1a0d8 $Header$ -> $FreeBSD$ 1999-08-28 05:11:36 +00:00
Peter Wemm 97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Mark Murray e3f08ba406 Claim ownership 1999-08-17 13:39:28 +00:00
Mike Pritchard 36b3fda178 Various man page cleanup: 
- Be consistent with section names as outlined in mdoc(7).
- Other misc mdoc cleanup.
 1999-08-15 10:01:15 +00:00
Kris Kennaway 3e977c59cf Typo in comment. 1999-04-25 13:14:36 +00:00
Mark Murray 2331d1600b Enable tcp_wrapper support by default. 1999-03-28 10:55:03 +00:00
Peter Wemm 9e5e26b31a MaxHeaderLines is now MaxHeadersLength (in bytes) 1999-02-07 09:48:52 +00:00
Peter Wemm 5e418b65f6 Support 'O MaxHeaderLines=' to override the default header count and line 
length limits.  The configuration keyword is: confMAX_HEADER_LINES
 1999-01-24 07:54:30 +00:00
Mark Murray 1b340441b7 Fix symlinking. Without the -f "force" option, the wrong version 
can be found.
Submitted by:   Bruce
 1999-01-24 07:51:33 +00:00
Mark Murray 945c0b6dde The new crypt code breaks "make world". Back it out. 1999-01-23 08:26:11 +00:00
Brandon Gillespie 5287069da8 Removed from the secure/lib/libcrypt area, because of the rewrite to how 
the Makefile handles des support by just including the single .c file.

Reviewed by:	Mark Murray
 1999-01-21 13:51:49 +00:00
Peter Wemm 3539ed8b65 Update for 8.9.2 (new file, control.c) 
Also, turn on support for the MaxMimeHeaderLength option in sendmail.cf.
 1999-01-12 12:47:54 +00:00
David E. O'Brien 2887f586f0 Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:14 +00:00
John Birrell 7dcd8b7c45 BINFORMAT -> OBJFORMAT ready for E-day. Untested 'cause I'm outside 
the US and not allowed to see this. I kept my eyes closed. 8-)
 1998-08-31 00:35:10 +00:00
Peter Wemm 22751f562c Connect up sendmail-8.9.1 1998-08-04 15:24:04 +00:00
Mark Murray 4586e1abc5 Staticise a variable. 
PR:		4722
Submitted by:	Karl Denninger
 1997-10-08 07:02:48 +00:00
Jordan K. Hubbard 97fe7f477f Changes to support full make parallelism (-j<n>) in the world 
target.
Reviewed by:	<many different folks>
Submitted by:	Nickolay N. Dudorov" <nnd@nnd.itfs.nsk.su>
 1997-10-05 09:40:24 +00:00
Peter Wemm a99f0e8211 Teach libdescrypt about elf builds. 1997-09-05 12:21:22 +00:00
Peter Wemm c0ec1f37ef Revert $FreeBSD$ to $Id$ 1997-02-22 14:40:44 +00:00
Jordan K. Hubbard 1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$ 
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
 1997-01-14 07:20:47 +00:00
Wolfram Schneider af20215665 Sort cross references. 1997-01-13 00:25:51 +00:00
Mark Murray 4ee026279c Secure telnet is now in eBones. 1996-11-07 14:42:57 +00:00
Mark Murray 846c5a6cb7 Remove references to TELNET*. 1996-11-07 14:41:20 +00:00
Peter Wemm 82c2534fd0 Fold sendmail-8.8.2 changes into files that have been touched. 
(^!&@$#&^! delete !!@^@^ trailing !@^&#$!& whitespace!!!)
 1996-10-24 05:07:25 +00:00
Peter Wemm e7d24931fe cmp -s || install -c --> install -C 1996-08-30 04:07:04 +00:00
Peter Wemm fb128913a9 Same as non-secure telnetd, add support for ``-P altlogin'' to specify 
an alternate /usr/bin/login type program to be run.
 1996-08-13 07:53:54 +00:00
Mark Murray 43e844cb02 Next version from the author - from SSLeay.0.6.3 1996-08-10 17:19:16 +00:00
Mark Murray 67d29e2c6c This commit was generated by cvs2svn to compensate for changes in r17497, 
which included commits to RCS files with non-trunk default branches.
 1996-08-10 17:19:16 +00:00
Mark Murray f3d1114f33 Some breakeages sneaked in. This fixes them. 
(this relates to a name change in a library that was not properly backed
up by the author)
Reported by: too mant :-(
 1996-07-30 21:09:48 +00:00
Mark Murray 43f15e7154 Merge, remove rubbish and bump the MAJOR.MINOR to 3.0 1996-07-29 18:01:42 +00:00
Mark Murray f2c335efd5 Rats. Just when a piece of code is nice and stable, the author has to 
release an upgrade.
 1996-07-29 17:54:40 +00:00
Mark Murray 1700adf407 This commit was generated by cvs2svn to compensate for changes in r17330, 
which included commits to RCS files with non-trunk default branches.
 1996-07-29 17:54:40 +00:00
Mark Murray 6c4a37eb3a Mrege conflicts etc. 1996-07-28 08:23:19 +00:00
Mark Murray de59bba0c5 Latest libdes from Eric Young. Mainly code beautification. 1996-07-28 08:18:06 +00:00
Mark Murray 9f2bc96e40 This commit was generated by cvs2svn to compensate for changes in r17315, 
which included commits to RCS files with non-trunk default branches.
 1996-07-28 08:18:06 +00:00
Jordan K. Hubbard 187eb1e177 Add necessary item to CLEANFILES 1996-07-27 22:16:19 +00:00
Jordan K. Hubbard cd9a2f5c28 Bring in my changes for removing the pestilent obj links (unless you 
really want them) from /usr/src.  This is the final version of the
patches, incorporating the feedback I've received from -current.
 1996-06-24 04:26:21 +00:00
Nate Williams c4a4597e90 Bring in a change that got lost when we spammed over the CVS repository 
to fix the mega-commits spamming.

pst         96/05/29 20:09:25

  Modified:    secure/usr.bin/telnet  Makefile main.c
  Log:
  Remove obsolete SOCKSv4 support

Submitted by:	pst
Obtained from:  A mirrored CVS repository that will disappear next SUP
 1996-06-05 22:48:04 +00:00
Andrey A. Chernov 45fa48fe14 Localize time 1996-05-07 19:05:10 +00:00
Mark Murray 87bd8ab856 Add extra targets a' la' eBones/Makefile for release/Makefile. 
(bootstrap etc)
 1996-05-04 08:32:07 +00:00
Mark Murray 42f2698195 Add randomness from /dev/random if it is available. 1996-05-04 07:25:54 +00:00
Paul Traina 33bb8564be Add support for socks 1996-04-23 05:18:43 +00:00
Paul Traina 4b2e1057cf typo shmrsh -> smrsh 1996-04-22 20:30:09 +00:00
Paul Traina 0abdd9956c Enable proper installation of sendmail restricted shell smrsh(8). 
This program is a wrapper for the prog mailer in sendmail.  It does shell
meta character masking and restricts the list of executables to those found
in /usr/libexec/sm.bin.

The default sendmail.cf file does not use this tool, however you can enable
it by either changing /bin/sh to /usr/libexec/smrsh or adding the line
FEATURE(smrsh) into your sendmail .mc file and rebuilding your .cf file.

For more info, RTFMP.
 1996-04-21 19:48:07 +00:00
Mark Murray c5cdf2c7f4 Split libcrypt and libcipher man pages. 1996-04-13 08:18:24 +00:00
Mark Murray bb230f68ca Split the libcrypt and libcipher man pages. 1996-04-13 08:03:24 +00:00
Mike Pritchard cad56be80a Install crypt.3 so that libcipher will install if /usr/share/man 
has been blown away.  Previously it depended on an existing
crypt.3 to be present for the man page links to install properly.
 1996-04-09 17:20:33 +00:00
Mark Murray 18992ffaea Comment out the NOPROFILE=yes to make this orthogonal with the rest of our 
libs.
 1996-03-17 15:43:32 +00:00
Mark Murray 6dd8a38202 Big clean-up job. Remove ancient and never-to-be used stuff. 
The look much more like BSD Makefiles now.
 1996-03-11 16:17:58 +00:00
Mark Murray 7c9dcdde00 Fix typo #ifdef -> .if defined(). 
Tidy uo this file a bit.
 1996-03-11 06:22:50 +00:00
Mark Murray d825f2fad0 Fix typo - -des -> -ldes 1996-03-10 21:15:00 +00:00
Andrey A. Chernov 0a2c4bde08 Sense MAKE_EBONES, DESTDIR 
SRCS, DPADD cleanup
 1996-03-09 13:39:00 +00:00
Andrey A. Chernov a0e2ca089a Sense MAKE_EBONES, DESTDIR 
SRCS cleanup
DPADD cleanup
 1996-03-09 13:36:34 +00:00
Andrey A. Chernov f6d9ce2bae Sense MAKE_EBONES, DESTDIR 
SRCS cleanup
DPADD cleanup
 1996-03-09 13:26:21 +00:00
Jordan K. Hubbard 1c934dae3e Add back missing crypt.3 man page. 1996-02-21 08:15:08 +00:00
Mike Pritchard bcff8e2ae4 Another round of man page cleanups. 
Down to only about 100 items left to cleanup! :-)
 1996-02-12 04:57:03 +00:00
Mark Murray 14a23345e6 Add the new libdes to the build 1996-02-11 08:46:59 +00:00
Mark Murray fffad2951a Rats. Forgot to `cvs add' this. 1996-02-10 23:49:27 +00:00
Mark Murray 537c20ded7 iImport a FreeBSD Makefile, BSD-ise the header and correct a typo. As the 
interface has changed a bit (there are more rentry points), the
shared library has been bumped to libdes.so.2.1.
 1996-02-10 15:54:48 +00:00
Mark Murray 3a8043c232 This is the long-awaited new DES library. Over the next couple of days 
will be properly built into the system.
 1996-02-10 15:32:26 +00:00
Mark Murray 568f3a3d5a This commit was generated by cvs2svn to compensate for changes in r14009, 
which included commits to RCS files with non-trunk default branches.
 1996-02-10 15:32:26 +00:00
Mike Pritchard 7c87ef470d Correct some manual page cross reference errors. E.g. su is a section 
one man page, not section eight.  This is the first round of such changes
and only fixes man pages in manual section one.
 1996-02-02 00:26:12 +00:00
Peter Wemm 6065a0be11 This commit was generated by cvs2svn to compensate for changes in r13122, 
which included commits to RCS files with non-trunk default branches.
 1995-12-30 19:02:48 +00:00
Peter Wemm a5b996a7ec recording cvs-1.6 file death 1995-12-30 19:02:48 +00:00
Andrey A. Chernov ab6b1a8ad5 Pick correct library dir whenever obj exists or not 1995-12-21 17:57:16 +00:00
Mark Murray 96e718fe29 Dual personality crypt(3). This crypt will choose its encryption algorithm 
(DES or MD5) based on the type of salt used. Salt beginning with "$1$"
indicates MD5.
 1995-12-16 09:14:12 +00:00
Peter Wemm 1cdee109d0 *GULP* cvs remove the uncomfortably large list of files that are no longer 
part of sendmail 8.7.2...
 1995-12-02 20:58:10 +00:00
Peter Wemm 03d7755c08 Re-disable the cf/cf SUBDIR - we were not building it before anyway. 
The Makefile down there does not handle the obj dir well..
 1995-12-02 18:36:12 +00:00
Peter Wemm 1f160589bb Import Sendmail-8.7.2 as discussed on -current. 
The conflict merge will happen shortly after.
 1995-12-02 17:30:23 +00:00
Andrey A. Chernov a18c0b455a Remove LD_NOSTD_PATH unsetenv, it isn't exist anymore 1995-10-24 06:52:36 +00:00
Andrey A. Chernov d549e5cc7f Fix original patch error with ! before strncmp 
Zap only needed LD_* variables
 1995-10-20 22:17:35 +00:00
Andrey A. Chernov b6369ff12e Don't allow LD_* env. variables to be tricked 
Submitted by: Sam Hartman <hartmans@mit.edu>
 1995-10-20 17:16:58 +00:00
Justin T. Gibbs 9d01cc32c6 Remove MAKE_EBONES conditionals. They were originally placed here because 
of missing functionality in our libkrb which is no longer a problem.
 1995-10-11 00:04:09 +00:00
Andrey A. Chernov d6cf037780 Remove duplicated targets which now build from main tree 
if available and allowed
 1995-09-29 20:23:09 +00:00
Justin T. Gibbs b7f41e3f67 Add TELNETOBJDIR and CRYPTOBJDIR for use in LDADD entries. This makes 
secure reference the libraries that were just build instead of in /usr/lib.
 1995-09-16 03:04:10 +00:00
Justin T. Gibbs 790136a438 Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES. 1995-09-14 21:29:21 +00:00
Justin T. Gibbs 9d6965ac06 Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES. 
Fix up some of the des calls to be compatible with eBones.
 1995-09-14 21:29:08 +00:00
David Greenman b834e407de sys_term.c: killed sleep(1) as this should no longer be a problem with 
the move of startslave().
telnetd.c: fix bug introduced with the move of startslave()...the number
of arguments was wrong and "level" and "user_name" had to be made globals.
 1995-09-11 21:02:02 +00:00
Paul Traina b74fc1026f Move erase cleanup outside linemode conditional 1995-09-06 02:03:36 +00:00
Paul Traina a06a8a9829 Avoid race condition with telnet options processing (login: prompt lost). 
Submitted by:	John Capo & Peter Wemm
 1995-09-05 19:31:06 +00:00
Paul Traina d0d1fb6198 Set erase character for login: prompt. 
Submitted by:	Peter Wemm & John Capo
 1995-09-05 19:30:05 +00:00
Paul Traina a4a142bd15 Do NOT compile with -DKLUDGELINEMODE...hoses many telnet clients 1995-08-28 17:55:08 +00:00
Peter Wemm 7791ac4067 Import Sendmail v8.6.12, onto the CSRG(!) branch. 
A seperate commit to fix the conflicts wil follow.
 1995-08-17 04:39:13 +00:00
Andrey A. Chernov 0a06628ab2 Comment out LDADD+=-ldescrypt, it is not yet active due to 
missng defines for krb4encpwd and rsaencpwd and missing rsa library too.
 1995-08-05 19:10:25 +00:00
Andrey A. Chernov ba60b431ca Change default banner to FreeBSD, properly ifdefed by __FreeBSD__ 
Reviewed by:
Submitted by:
Obtained from:
 1995-08-04 00:12:08 +00:00
Mark Murray d5fc4d2a65 After pst and ache fixed secure telnet, it was still not in the main 
makefiles. This puts it in.

PLEASE NOTE - YOU WILL NEED TO BUILD AND INSTALL THE libtelnet IN secure/
Reviewed by:
Submitted by:
Obtained from:
 1995-07-29 12:49:25 +00:00
Andrey A. Chernov 9ed77b336f Final cleanup pass through Makefiles, now this stuff 
autodetect kerberos/eBones and work even with eBones,
but with reduced functionality (don't pick up des/krb stuff
in this case)
 1995-07-24 22:55:59 +00:00
Andrey A. Chernov dbd07ffcc0 Add -ldescrypt, or wrong crypt version can be picked from libc 
Reviewed by:
Submitted by:
Obtained from:
 1995-07-24 22:01:01 +00:00
Andrey A. Chernov 6b370f4c7e Add LDADD+= -ldescrypt 
Reviewed by:
Submitted by:
Obtained from:
 1995-07-24 21:57:58 +00:00
Andrey A. Chernov b6c080f6bc Move -ldes under kerb stuff, my fault 
Reviewed by:
Submitted by:
Obtained from:
 1995-07-24 21:49:06 +00:00
Andrey A. Chernov e74d115547 Since this stuff not works with eBones, ifdef kerberos stuff 
with MAKE_KERBEROS to allow other things to live
Reviewed by:
Submitted by:
Obtained from:
 1995-07-24 21:47:30 +00:00
Andrey A. Chernov 3b901a0b79 Since this stuff not works with eBones, ifdef kerberos stuff 
with MAKE_KERBEROS to allow other things to live
Submitted by:
Obtained from:
 1995-07-24 21:38:32 +00:00
Andrey A. Chernov 4109d6bfef Add comment about new_rnd_key.c module needed from original 
libdes (and not present in eBones libdes)
 1995-07-24 21:12:57 +00:00
Andrey A. Chernov 7170827e21 Add comment about new_rbd_key.c module needed from 
original libdes
 1995-07-24 21:10:47 +00:00
Andrey A. Chernov f8e556c37d Fix dependances, typing errors, etc. 
Note: this thing need original libdes not Eric Young libdes from eBones
Submitted by:
Obtained from:
 1995-07-24 20:40:03 +00:00
Andrey A. Chernov 2c178baa51 Point to proper DESTDIR now 
Reviewed by:
Submitted by:
Obtained from:
 1995-07-24 20:31:07 +00:00
Andrey A. Chernov bfdd0041fc Fix many bogus things, typing error, dependance errors, etc., 
now it compiles.
Note: this stuff requires original libdes, not libdes from
Eric Yang which we have in eBones.
 1995-07-24 20:29:12 +00:00
Paul Traina 4a0834a5a2 When hostname len > 8, name replaced with dot notation when -u flag 
not specified (default case).
Use _PATH_* for utmp/wtmp.

Support for >32 PTYs.
>Submitted by:   Heikki Suonsivu <hsu@cs.hut.fi>

Plug already known security hole. (Brought over from 1.1.5):
Fixed security problem with telnetd, which allowed
   telnet -l -hcert.org localhost
to change the user's host in utmp.
Thanks to Matthew Green <mrgreen@@mame.mu.oz.au> for showing me this one.

>Reviewed by:    karl, guido
>Submitted by:   mrgreen@mame.mu.oz.au

Obtained from:	FreeBSD insecure telnetd
 1995-07-20 12:35:01 +00:00
Paul Traina 4fd39f708a The final negotiation of DO_BINARY in the LINEMODE portion of the telnetd code 
causes some clients that do not support linemode to mis-interpret the return
key (i.e. double returns).
The fix is to only do the state check for binary options if linemode will
be used.
Closes PR#505.

Submitted by:   Charles Henrich
Obtained from:	FreeBSD insecure telnetd
 1995-07-20 12:32:40 +00:00
Paul Traina 9809ff32f6 Update telnet to the 95.05.31 release. 
Obtained from:	Dave Borman <dab@cray.com>
 1995-07-20 11:40:06 +00:00
Rodney W. Grimes 5ebc7e6281 Remove trailing whitespace. 1995-05-30 06:12:45 +00:00
Jordan K. Hubbard 1b780c0e7f Argh! Another instance of DES rather than des that I forgot. Truly, 
this keyword is in too many places! :(
 1995-05-11 22:07:49 +00:00
Jordan K. Hubbard b5260d2051 Rename secure to DES. 1995-05-09 05:22:41 +00:00
Garrett Wollman c16b583c3c Mark Murray's authdes.c for xntpd 1995-03-23 19:09:24 +00:00
Dima Ruban 399e5b4411 Security fixes. 
CERT Advisory CA-95:03.telnet.encryption

Obtained from: CERT
 1995-02-17 03:57:00 +00:00
Jordan K. Hubbard 002feff1d6 Change name of secrdist to secure. 1995-01-14 11:32:41 +00:00
Poul-Henning Kamp 2ef260d35c Fix secrdist sharedlib bug. 1994-11-24 22:34:18 +00:00
Poul-Henning Kamp c3cd331e8e des DISTRIBUTION became secrdist. 1994-11-22 08:03:26 +00:00
Poul-Henning Kamp 7b0a9474f1 fix libdescrypt reference. 1994-11-21 02:58:43 +00:00
Poul-Henning Kamp f079582484 Make the "distribute" target build the "des" distribution. Make des'ed 
init and ed, by pointing to real sources.
 1994-11-14 20:45:35 +00:00
Paul Traina 448380bfbf !Just! fixing makefile, no code changes Geoff 1994-09-30 06:04:40 +00:00
Geoff Rehmet 49de41577e More elegant fix for short settings. 
(Our existing fixes already plugged the security holes involved.)
Submitted by:	Geoff Rehmet after consultation with David Burren
 1994-09-19 19:26:39 +00:00
Andrey A. Chernov 95fb75febe Add libcipher.a: libcrypt exports only crypt() but not des_setkey() 
which is in libcipher.a
 1994-09-12 17:27:55 +00:00
Rodney W. Grimes 6897a8a75d Change all references to LIBTERM and -ltermlib to LIBTERMCAP and -ltermcap 1994-09-11 21:53:28 +00:00
Geoff Rehmet 77b06a9b6c fix bogus .include 
Submitted by:	Geoff.
 1994-09-09 09:43:18 +00:00
Geoff Rehmet daf0f855ad add libcipher to Makefile 
Submitted by:	Geoff.
 1994-09-08 19:06:58 +00:00
Geoff Rehmet 37ea1bf4c9 - Remove crypt() - it's in libcrypt 
- remove ^L's - CTM will probably choke on them
- add PRECIOUSLIB to Makefile
- name changes libcrypt -> libcipher
Submitted by:	Geoff.
 1994-09-07 21:48:54 +00:00
Geoff Rehmet 8b2981f937 Bring in the 1.1.x international libcrypt, which 
will in due course become libcipher.
Based on David Burren's FreeSEC
Submitted by:	Geoff.
 1994-09-07 21:18:08 +00:00
Paul Traina bf8f9d53f6 Back out static hacks & build of usr.bin until Geoff informs the 
world of his master plan.

Submitted by:	pst
 1994-09-07 07:47:08 +00:00
Paul Traina 21b4fe120d Remove static in front of declarations for des_setkey and des_cipher 
so that linking against -lcrypt (-ldescrypt) will give us the good
versions instead of the stubs in libc.  (These changes need to be
made to the non-US version of libdescrypt too!)

Allow building and support for bdes program.
A bit more work still needs to be done on secure telnet.

Submitted by:	pst
 1994-09-07 07:16:52 +00:00