system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 10:19:04 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
freebsd-src/crypto/openssh/openbsd-compat/Makefile.in
Ed Maste 38a52bd3b5 ssh: update to OpenSSH 9.1p1 
Release notes are available at https://www.openssh.com/txt/release-9.1

9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base
system.

Some highlights copied from the release notes:

Potentially-incompatible changes
--------------------------------

 * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
   are now first-match-wins to match other directives. Previously
   if an environment variable was multiply specified the last set
   value would have been used. bz3438

 * ssh-keygen(8): ssh-keygen -A (generate all default host key types)
   will no longer generate DSA keys, as these are insecure and have
   not been used by default for some years.

New features
------------

 * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
   RSA key length. Keys below this length will be ignored for user
   authentication and for host authentication in sshd(8).

 * sftp-server(8): add a "users-groups-by-id@openssh.com" extension
   request that allows the client to obtain user/group names that
   correspond to a set of uids/gids.

 * sftp(1): use "users-groups-by-id@openssh.com" sftp-server
   extension (when available) to fill in user/group names for
   directory listings.

 * sftp-server(8): support the "home-directory" extension request
   defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
   a bit with the existing "expand-path@openssh.com", but some other
   clients support it.

 * ssh-keygen(1), sshd(8): allow certificate validity intervals,
   sshsig verification times and authorized_keys expiry-time options
   to accept dates in the UTC time zone in addition to the default
   of interpreting them in the system time zone. YYYYMMDD and
   YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
   with a 'Z' character.

   Also allow certificate validity intervals to be specified in raw
   seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
   is intended for use by regress tests and other tools that call
   ssh-keygen as part of a CA workflow. bz3468

 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
   "/usr/libexec/sftp-server -el debug3"

 * ssh-keygen(1): allow the existing -U (use agent) flag to work
   with "-Y sign" operations, where it will be interpreted to require
   that the private keys is hosted in an agent; bz3429

MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2022-10-19 10:27:11 -04:00

123 lines
2 KiB
Makefile
Raw Blame History

sysconfdir=@sysconfdir@
piddir=@piddir@
srcdir=@srcdir@
top_srcdir=@top_srcdir@
VPATH=@srcdir@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
CFLAGS_NOPIE=@CFLAGS_NOPIE@
CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
PICFLAG=@PICFLAG@
LIBS=@LIBS@
AR=@AR@
RANLIB=@RANLIB@
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDFLAGS_NOPIE@
OPENBSD=arc4random.o \
arc4random_uniform.o \
base64.o \
basename.o \
bcrypt_pbkdf.o \
bindresvport.o \
blowfish.o \
daemon.o \
dirname.o \
explicit_bzero.o \
fmt_scaled.o \
freezero.o \
fnmatch.o \
getcwd.o \
getgrouplist.o \
getopt_long.o \
getrrsetbyname.o \
glob.o \
inet_aton.o \
inet_ntoa.o \
inet_ntop.o \
md5.o \
memmem.o \
mktemp.o \
pwcache.o \
readpassphrase.o \
reallocarray.o \
recallocarray.o \
rresvport.o \
setenv.o \
setproctitle.o \
sha1.o \
sha2.o \
sigact.o \
strcasestr.o \
strlcat.o \
strlcpy.o \
strmode.o \
strndup.o \
strnlen.o \
strptime.o \
strsep.o \
strtoll.o \
strtonum.o \
strtoull.o \
strtoul.o \
timingsafe_bcmp.o \
vis.o
COMPAT= bsd-asprintf.o \
bsd-closefrom.o \
bsd-cygwin_util.o \
bsd-err.o \
bsd-flock.o \
bsd-getentropy.o \
bsd-getline.o \
bsd-getpagesize.o \
bsd-getpeereid.o \
bsd-malloc.o \
bsd-misc.o \
bsd-nextstep.o \
bsd-openpty.o \
bsd-poll.o \
bsd-pselect.o \
bsd-setres_id.o \
bsd-signal.o \
bsd-snprintf.o \
bsd-statvfs.o \
bsd-timegm.o \
bsd-waitpid.o \
fake-rfc2553.o \
getrrsetbyname-ldns.o \
kludge-fd_set.o \
openssl-compat.o \
libressl-api-compat.o \
xcrypt.o
PORTS= port-aix.o \
port-irix.o \
port-linux.o \
port-prngd.o \
port-solaris.o \
port-net.o \
port-uw.o
.c.o:
$(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $<
all: libopenbsd-compat.a
$(COMPAT): ../config.h
$(OPENBSD): ../config.h
$(PORTS): ../config.h
libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS)
$(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS)
$(RANLIB) $@
clean:
rm -f *.o *.a core
distclean: clean
rm -f Makefile *~
Reference in a new issue View git blame Copy permalink