svn commit: r245527 - in head: secure/lib/libssh secure/usr.bin/ssh secure/usr.sbin/sshd share/mk tools/build/options
Bjoern A. Zeeb
bz at FreeBSD.org
Thu Jan 17 01:51:05 UTC 2013
Author: bz
Date: Thu Jan 17 01:51:04 2013
New Revision: 245527
URL: http://svnweb.freebsd.org/changeset/base/245527
Log:
Add a src.conf(5) option to allow users to compile in the "NONE cipher",
which, only after authentication, disables crypto, and only for sessions
without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com)
PR: bin/163095
MFC after: 10 days
Added:
head/tools/build/options/WITH_OPENSSH_NONE_CIPHER (contents, props changed)
Modified:
head/secure/lib/libssh/Makefile
head/secure/usr.bin/ssh/Makefile
head/secure/usr.sbin/sshd/Makefile
head/share/mk/bsd.own.mk
Modified: head/secure/lib/libssh/Makefile
==============================================================================
--- head/secure/lib/libssh/Makefile Thu Jan 17 01:28:55 2013 (r245526)
+++ head/secure/lib/libssh/Makefile Thu Jan 17 01:51:04 2013 (r245527)
@@ -38,6 +38,10 @@ DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX5
LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken
.endif
+.if ${MK_OPENSSH_NONE_CIPHER} != "no"
+CFLAGS+= -DNONE_CIPHER_ENABLED
+.endif
+
NO_LINT=
DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
Modified: head/secure/usr.bin/ssh/Makefile
==============================================================================
--- head/secure/usr.bin/ssh/Makefile Thu Jan 17 01:28:55 2013 (r245526)
+++ head/secure/usr.bin/ssh/Makefile Thu Jan 17 01:51:04 2013 (r245527)
@@ -25,6 +25,10 @@ DPADD+= ${LIBGSSAPI}
LDADD+= -lgssapi
.endif
+.if ${MK_OPENSSH_NONE_CIPHER} != "no"
+CFLAGS+= -DNONE_CIPHER_ENABLED
+.endif
+
DPADD+= ${LIBCRYPT} ${LIBCRYPTO}
LDADD+= -lcrypt -lcrypto
Modified: head/secure/usr.sbin/sshd/Makefile
==============================================================================
--- head/secure/usr.sbin/sshd/Makefile Thu Jan 17 01:28:55 2013 (r245526)
+++ head/secure/usr.sbin/sshd/Makefile Thu Jan 17 01:51:04 2013 (r245527)
@@ -40,6 +40,10 @@ DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI}
LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1
.endif
+.if ${MK_OPENSSH_NONE_CIPHER} != "no"
+CFLAGS+= -DNONE_CIPHER_ENABLED
+.endif
+
DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
LDADD+= -lcrypto -lcrypt
Modified: head/share/mk/bsd.own.mk
==============================================================================
--- head/share/mk/bsd.own.mk Thu Jan 17 01:28:55 2013 (r245526)
+++ head/share/mk/bsd.own.mk Thu Jan 17 01:51:04 2013 (r245527)
@@ -360,6 +360,7 @@ __DEFAULT_NO_OPTIONS = \
NMTREE \
NAND \
OFED \
+ OPENSSH_NONE_CIPHER \
SHARED_TOOLCHAIN
#
Added: head/tools/build/options/WITH_OPENSSH_NONE_CIPHER
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tools/build/options/WITH_OPENSSH_NONE_CIPHER Thu Jan 17 01:51:04 2013 (r245527)
@@ -0,0 +1,9 @@
+.\" $FreeBSD$
+Set to include the "None" cipher support in OpenSSH and its libraries.
+Additional adjustments may need to be done to system configuration
+files, such as
+.Xr sshd_config 5 ,
+to enable this cipher.
+Please see
+.Pa /usr/src/crypto/openssh/README.hpn
+for full details.
More information about the svn-src-head
mailing list