Sascha Wildner [Fri, 26 Apr 2019 12:03:09 +0000 (14:03 +0200)]
Remove two more files by 'make upgrade'.
zrj [Fri, 26 Apr 2019 11:07:58 +0000 (14:07 +0300)]
libssh: Do not create obj dir for Makefile.etc.
We only install raw moduli file here directly from contrib (TRUST).
Adjust etc/Makefile too.
Note: backup copy is also installed into /usr/share/examples/etc/ssh/
together with current base default sshd_config and ssh_config.
The ssh configs in /etc/ssh/ are left for system administrator to handle
and update when default options are removed or added.
Sascha Wildner [Fri, 26 Apr 2019 08:57:33 +0000 (10:57 +0200)]
nrelease: Reduce the size of /usr/local on the IMG/ISO considerably.
* Exchange git with git-lite which should have everything we need for
our purposes. This gets rid of perl and various p5-* packages.
* Build the bind-tools without option PYTHON. This gets rid of python
and various py27-* packages.
* While here, use <category>_<port>_{,UN}SET to handle options, instead
of rolling our own mechanism.
All in all, this commit cuts the number of installed packages from 40
to 22 and reduces /usr/local's size from 300M to 145M.
Thanks to zrj for help and advice.
Sascha Wildner [Thu, 25 Apr 2019 20:24:41 +0000 (22:24 +0200)]
bsd.libnames.mk: Adjust for recent libobjc removal.
François Tigeot [Thu, 25 Apr 2019 19:44:33 +0000 (21:44 +0200)]
drm: Replace linux/hashtable.h with NetBSD's version
Sascha Wildner [Thu, 25 Apr 2019 13:06:35 +0000 (15:06 +0200)]
nrelease: Install security/ca_root_nss explicitly (non-automatic).
This is to prevent it accidentally being removed by an autoremove
after deleting the package that brought it in as a dependency.
Reported-by: Frank Rehwinkel <frankrehwinkel@gmail.com>
Sascha Wildner [Thu, 25 Apr 2019 09:13:02 +0000 (11:13 +0200)]
kernel: Cleanup pccarddevs file a bit.
Sascha Wildner [Thu, 25 Apr 2019 08:46:08 +0000 (10:46 +0200)]
netgraph: Comment out unimplemented NGIOCSETNAME definition.
Sascha Wildner [Thu, 25 Apr 2019 08:43:27 +0000 (10:43 +0200)]
wi(4): Comment out unimplemented SIOC[GS]PRISM2DEBUG ioctl definitions.
Sascha Wildner [Thu, 25 Apr 2019 08:37:50 +0000 (10:37 +0200)]
cam: Comment out definition of SESIOC_GETTEXT ioctl (unimplemented).
Sascha Wildner [Thu, 25 Apr 2019 08:33:34 +0000 (10:33 +0200)]
devfsctl/mount_dirfs: Save some #include's by including <sys/param.h>.
Sascha Wildner [Thu, 25 Apr 2019 07:09:54 +0000 (09:09 +0200)]
Sync libfetch and fetch(1) with FreeBSD.
zrj [Wed, 24 Apr 2019 17:51:10 +0000 (20:51 +0300)]
Bump __DragonFly_version for recent updates.
Sascha Wildner [Wed, 24 Apr 2019 17:53:42 +0000 (19:53 +0200)]
openssl(1): Add missing manual pages.
Sascha Wildner [Wed, 24 Apr 2019 17:50:21 +0000 (19:50 +0200)]
Merge branch 'vendor/LIBRESSL'
Sascha Wildner [Wed, 24 Apr 2019 17:49:43 +0000 (19:49 +0200)]
Add a missing manual page to LIBRESSL's vendor branch.
zrj [Wed, 17 Apr 2019 04:09:33 +0000 (07:09 +0300)]
initrd: Adjust for dependencies removal.
The libmd no longer needed.
zrj [Wed, 17 Apr 2019 04:04:23 +0000 (07:04 +0300)]
tools/dumpvfscache: Remove not needed dependency on libmd.
Tool is not ported and does not build.
This is the last buildworld part where libmd is referenced.
zrj [Wed, 17 Apr 2019 04:01:20 +0000 (07:01 +0300)]
hammer(8): Convert to LibreSSL SHA2 hash API.
zrj [Wed, 17 Apr 2019 03:58:45 +0000 (06:58 +0300)]
md5(1): Convert to LibreSSL all hash API.
This includes MD5, RIPEMD160 and various SHA variants.
Prune no longer needed sources.
zrj [Wed, 17 Apr 2019 03:56:33 +0000 (06:56 +0300)]
dhcpcd(8): Convert to LibreSSL MD5 and SHA2 hash API.
zrj [Wed, 17 Apr 2019 03:55:49 +0000 (06:55 +0300)]
ping6(8): Convert to LibreSSL MD5 hash API.
zrj [Wed, 17 Apr 2019 03:54:31 +0000 (06:54 +0300)]
iscontrol(8): Convert to LibreSSL MD5 and SHA1 hash API.
zrj [Wed, 17 Apr 2019 03:53:32 +0000 (06:53 +0300)]
routed(8): Convert to LibreSSL MD5 hash API.
zrj [Wed, 17 Apr 2019 03:51:44 +0000 (06:51 +0300)]
sort(1): Convert to LibreSSL MD5 hash API.
Only used for "sort -R" random mode.
While there, simplify crunchgen rescue tools build.
zrj [Wed, 17 Apr 2019 03:50:23 +0000 (06:50 +0300)]
ppp(8): Convert to LibreSSL MD4 and MD5 hash API.
zrj [Wed, 17 Apr 2019 03:49:08 +0000 (06:49 +0300)]
pfctl(8): Convert to LibreSSL MD5 hash API.
zrj [Wed, 17 Apr 2019 03:43:57 +0000 (06:43 +0300)]
mtree(8): Convert to LibreSSL hash API.
Add new function dohash() that handles md5, rmd160 and all sha variants.
This change makes SHA384 available to use too. Utility is too complicated
and need to be split up.
While there, simplify crunchgen rescue build.
zrj [Wed, 17 Apr 2019 03:39:45 +0000 (06:39 +0300)]
chkdist(8): Convert to LibreSSL MD5 hash API.
zrj [Wed, 17 Apr 2019 03:38:07 +0000 (06:38 +0300)]
authpf(8): Remove not needed dependency on libmd.
zrj [Wed, 17 Apr 2019 03:35:08 +0000 (06:35 +0300)]
cpdup(1): Convert to LibreSSL MD5 hash API.
While there, simplify crunchgen by excluding md5 functionality in
rescue tools as in btools.
zrj [Wed, 17 Apr 2019 02:26:32 +0000 (05:26 +0300)]
pw(8): Conditionalize OPIE handling.
zrj [Wed, 17 Apr 2019 02:15:30 +0000 (05:15 +0300)]
telnet(1): Disable use of OPIE.
Move <sys/wait.h> it is needed for another call site.
zrj [Wed, 17 Apr 2019 02:11:48 +0000 (05:11 +0300)]
ftpd(8): Decouple from libmd.
Reimplement site command "md5" using LibreSSL MD5 API.
zrj [Wed, 17 Apr 2019 02:09:55 +0000 (05:09 +0300)]
ftpd(8): Add OPIE checks to conditionally disable it.
zrj [Wed, 17 Apr 2019 01:30:19 +0000 (04:30 +0300)]
libtacplus: Decouple from libmd.
Library is simple enough to not depend on librecrypto.
Use MD5 hash internally and remove inter-lib dep.
zrj [Wed, 17 Apr 2019 01:25:06 +0000 (04:25 +0300)]
libtacplus: Fix single -Wshadow warning.
zrj [Wed, 17 Apr 2019 01:11:02 +0000 (04:11 +0300)]
lib/libcrypt: Use md5 internally from omd.
The libcrypt can be converted to use LibreSSL MD5 API, but to ensure
compatibility between OpenSSL and LibreSSL for now use private md5.
Mark with WITH_OPENSSL that it is ready.
zrj [Wed, 17 Apr 2019 01:08:39 +0000 (04:08 +0300)]
lib/omd: Add very restrictive subset from libmd.
Certain places are not ready to be converted to use LibreSSL api.
For now this includes only md5 hashing functions.
Aim is to remove all use cases of libmd together with omd.
zrj [Wed, 17 Apr 2019 00:35:32 +0000 (03:35 +0300)]
lib/libcrypt: Add missing functions.
Taken-from: NetBSD
zrj [Wed, 17 Apr 2019 00:28:47 +0000 (03:28 +0300)]
lib/libcrypt: Minor WARNS cleanup.
Add missing prototypes, constify few things.
zrj [Wed, 17 Apr 2019 00:19:47 +0000 (03:19 +0300)]
Remove libcipher.
It has been moved out to dports security/libcipher3.
zrj [Fri, 19 Apr 2019 15:40:21 +0000 (18:40 +0300)]
share/examples: Install missing defaults for ssl and ssh.
This would help with config updates merging and local system recovery
when configs in /etc get accidentally deleted or broken beyond repair.
zrj [Fri, 19 Apr 2019 18:08:25 +0000 (21:08 +0300)]
libssh: Bump shlib version for api change.
The private libssh does not install any headers. Make it shpub.
There are few issues that need to be addressed later on.
For now just document its dependency on libutil, adjust order.
The libprivate_ssh.so must be built before libpam shared modules.
zrj [Fri, 19 Apr 2019 10:45:55 +0000 (13:45 +0300)]
OpenSSH: Document contrib local changes.
zrj [Fri, 19 Apr 2019 10:29:26 +0000 (13:29 +0300)]
ssh(1): Restore default behaviour.
This part in
ad5056c75c7ccd8379444d5b953c08015846e23c should be handled
ssh_config. There are no reasons to prevent base ssh(1) and sftp(1) to
fallback to password authentification (ssh_config is in user control).
zrj [Fri, 19 Apr 2019 10:21:18 +0000 (13:21 +0300)]
sshd(8): Add USE_PAM handling defaults.
By default allow to use pam if sshd(8) is compiled against libpam and
disable password authentification only then.
Note: base sshd_config has "PasswordAuthentication no" by default.
zrj [Fri, 19 Apr 2019 10:18:48 +0000 (13:18 +0300)]
sshd(8): Add back custom auth passwd routine.
The OpenSSH misdetects crypt() availability in libcrypt and uses
DES_crypt() that is not compatible.
zrj [Thu, 18 Apr 2019 11:45:20 +0000 (14:45 +0300)]
Inline Makefile.ssh.common
This fixes path, include and libraries order sequences and will be needed
for further PRIV changes.
Requested-by: swildner
zrj [Thu, 18 Apr 2019 09:42:36 +0000 (12:42 +0300)]
sshd(8): Remove not needed dependencies.
The tcp_wrappers support in OpenSSH was removed back in 2014.
The libopie is not needed, same for libpthread.
Tested-with: make buildworld -DNOSHARED -DREALLY_NOSHARED
zrj [Thu, 18 Apr 2019 09:35:16 +0000 (12:35 +0300)]
Adjust makefiles for OpenSSH 8.0p1 update.
Update pam_ssh module to use new sshkey api.
The pkcs11 support explicitly disabled to avoid use of dlopen().
If security token/card support is needed it can be enabled back.
This update brings several backwards compatibilty breakages.
More in official release notes.
zrj [Thu, 18 Apr 2019 08:42:42 +0000 (11:42 +0300)]
libssh: Add sanitized OpenBSD layer.
Only needed parts.
Derived-from: OpenBSD
zrj [Thu, 18 Apr 2019 05:22:02 +0000 (08:22 +0300)]
OpenSSH: Update READMEs.
zrj [Thu, 18 Apr 2019 05:17:03 +0000 (08:17 +0300)]
OpenSSH: Add local patches.
Add back previously reverted changes.
Dummify not implemented functions in platform.h, those functions
contain only "retq".
zrj [Wed, 24 Apr 2019 17:16:54 +0000 (20:16 +0300)]
Merge remote-tracking branch 'origin/vendor/OPENSSH'
zrj [Tue, 16 Apr 2019 08:15:32 +0000 (11:15 +0300)]
OpenSSH: Revert few local modifications.
Some are already in newer version. Others will be re-applied.
zrj [Mon, 15 Apr 2019 14:15:43 +0000 (17:15 +0300)]
ldns: Adjust makefiles for ldns-1.7.0 update.
Several changes:
* move ldns.h to contrib
* use single config.h
* convert ldns headers to private (ldns is a private base lib)
* bump soname for api changesmi, use shpub
* add missing deps on librecrypto.so
* update READMES
Currently only user of the libprivate_ldns is drill(1).
OpenSSH will be adjusted to use this lib next.
zrj [Wed, 24 Apr 2019 17:14:10 +0000 (20:14 +0300)]
Merge remote-tracking branch 'origin/vendor/LDNS'
zrj [Mon, 15 Apr 2019 08:29:10 +0000 (11:29 +0300)]
Revert "drill(1): Use strdup() for known strings."
This reverts commit
471272f59981f2dcc1aac28b61c0a06d49388615.
Already in a new version.
zrj [Sun, 14 Apr 2019 20:21:42 +0000 (23:21 +0300)]
unzip(1): Add missing dependencies.
Satisfies NOSHARED build after libarchive update.
zrj [Sun, 14 Apr 2019 19:53:17 +0000 (22:53 +0300)]
Makefile.inc1: Update library interdeps.
* libarchive no longer depends on libmd
* libarchive and liblzma no longer depends on libthread_xu
* libdevattr can be compiled in standard order
Adjust lib/Makefile to match output of tools/make_libdeps.sh.
zrj [Sun, 14 Apr 2019 16:22:06 +0000 (19:22 +0300)]
xz: Adjust makefiles for xz-5.2.4 update.
Disable multi-threading on liblizma by deafult to prevent libarchive
getting a hard dependency on pthreads. Move whole threading support
directly to usr.bin/xz. This solves static linking and simplifies the
lib/Makefile inter-libs dependencies. This also makes pkg(8) no longer
implicitly depend on pthreads. As bonus, allow crunchgen'ed xz(8)
without multi-threading support. Should be benefitial for initrd/rescue.
zrj [Wed, 24 Apr 2019 17:12:27 +0000 (20:12 +0300)]
Merge remote-tracking branch 'origin/vendor/XZ'
zrj [Sat, 13 Apr 2019 20:59:32 +0000 (23:59 +0300)]
Adjust files for libarchive-3.3.3 import.
This finally drops dependency on libmd. Also avoid pthreads from lzma.
Changes:
* Remove LIBMD
* Add README.DELETED
* Fix Symbol.map
* Adjust tools to take version from config.h
zrj [Wed, 24 Apr 2019 17:12:03 +0000 (20:12 +0300)]
Merge remote-tracking branch 'origin/vendor/LIBARCHIVE'
zrj [Sat, 13 Apr 2019 13:16:07 +0000 (16:16 +0300)]
libarchive: Revert manpage fixes.
zrj [Sat, 13 Apr 2019 13:11:39 +0000 (16:11 +0300)]
libarchive: Revert local changes.
Fixed in new version.
zrj [Sat, 13 Apr 2019 12:29:20 +0000 (15:29 +0300)]
Revert "libarchive: Use memcpy() when constructing buffers."
This reverts commit
be16867234e89aa9cc5f9a12e3836f84f5268b80.
Before libarchive update.
zrj [Fri, 12 Apr 2019 17:36:59 +0000 (20:36 +0300)]
Update LibreSSL makefiles.
Version 2.9.1, add local CRYPTO_free.c CRYPTO_malloc.c to avoid extra deps.
zrj [Fri, 12 Apr 2019 17:34:28 +0000 (20:34 +0300)]
libressl: Add missing timespecsub().
The <sys/time.h> needs update for 3 arg macros.
zrj [Fri, 12 Apr 2019 17:33:43 +0000 (20:33 +0300)]
Add local patches to LibreSSL.
Document local changes.
zrj [Wed, 24 Apr 2019 17:10:42 +0000 (20:10 +0300)]
Merge remote-tracking branch 'origin/vendor/LIBRESSL'
zrj [Tue, 9 Apr 2019 12:20:00 +0000 (15:20 +0300)]
Revert "libressl: Few local modifications for netcat."
This reverts commit
66ceb5e9b7ccc1005b0b710f32228c0b69070e98.
Before LibreSSL update.
zrj [Tue, 9 Apr 2019 10:34:41 +0000 (13:34 +0300)]
Revert "security/libressl: Fix ECDSA P-256 timing attack vulnerability"
This reverts commit
bd84e83893b298face58762e1fec24667126c8c7.
Before LibreSSL update.
zrj [Fri, 12 Apr 2019 18:05:47 +0000 (21:05 +0300)]
wpa_supplicant(8): Add LibreSSL v2.9.0 compat fixes.
The tls_connection_get_keyblock_size() seems to be unused.
The wpa_supplicant really needs a proper update.
zrj [Fri, 12 Apr 2019 17:24:53 +0000 (20:24 +0300)]
libssh: Disable use of openssl engine.
zrj [Fri, 12 Apr 2019 17:23:56 +0000 (20:23 +0300)]
ldns: Add OPENSSL_NO_ENGINE checks.
Functionality is unused.
zrj [Thu, 18 Apr 2019 05:07:17 +0000 (08:07 +0300)]
Import OpenSSH-8.0p1
zrj [Mon, 15 Apr 2019 14:01:32 +0000 (17:01 +0300)]
ldns: Update vendor branch from 1.6.16 to 1.7.0
zrj [Sun, 14 Apr 2019 15:58:31 +0000 (18:58 +0300)]
Upgrade xz from 5.2.2 to 5.2.4 on the vendor branch.
Remove not needed sources.
zrj [Sat, 13 Apr 2019 15:52:14 +0000 (18:52 +0300)]
Import libarchive-3.3.3
Remove README.DELETED, it will be recreated on master branch.
Maxim Ag [Sat, 20 Apr 2019 09:51:47 +0000 (12:51 +0300)]
Update LibreSSL from version 2.4.4 => 2.9.1
Submitted-by: Maxim + v2 update to 2.9.1 stable
François Tigeot [Wed, 24 Apr 2019 09:11:40 +0000 (11:11 +0200)]
drm/linux: Add trace/events/dma_fence.h
Sascha Wildner [Wed, 24 Apr 2019 08:51:49 +0000 (10:51 +0200)]
<unistd.h>: FWIW, set _XOPEN_ENH_I18N, per the standard.
We support all functions that it originally required, when it was
still optional. It won't have any impact on anything, as far as I
can see, so this commit is more cosmetic than anything else.
While here, improve some comments.
Sascha Wildner [Wed, 24 Apr 2019 07:10:38 +0000 (09:10 +0200)]
Sync indent(1) with FreeBSD.
A number of new options. Also -troff is gone.
Sascha Wildner [Wed, 24 Apr 2019 06:59:07 +0000 (08:59 +0200)]
<unistd.h>: Bump _POSIX_THREAD_SAFE_FUNCTIONS to 200112L.
It became non-optional anyway in 200809. We have all the functions
that 200112 required in the option, so I don't see why not.
Thanks to zrj for checking with a dports bulk build.
Sascha Wildner [Wed, 24 Apr 2019 05:30:33 +0000 (07:30 +0200)]
man(1): Adjust manual page search path a bit.
Our old one, basically.
Sascha Wildner [Tue, 23 Apr 2019 23:02:27 +0000 (01:02 +0200)]
makedb: Ignore makewhatis(8) errors.
Might occur with make distribution building a master IMG on release or
vice versa, due to the location change of makewhatis (its database
format has changed too).
François Tigeot [Tue, 23 Apr 2019 20:23:51 +0000 (22:23 +0200)]
drm/linux: Add config_enabled()
Sascha Wildner [Tue, 23 Apr 2019 19:51:08 +0000 (21:51 +0200)]
Link mandoc(1) as 'whatis' too.
Reported-by: zrj
zrj [Tue, 23 Apr 2019 16:26:55 +0000 (19:26 +0300)]
hammer2(8): Document dependency on thread library.
While there, start using PRIVATELIB_CFLAGS.
zrj [Tue, 23 Apr 2019 16:16:12 +0000 (19:16 +0300)]
libc: Move out locking from vsyslog() core.
For consistency with openlog() and closelog().
While there, use SOCK_CLOEXEC directly and do not attempt to closelog()
several times for badly written programs (LogFile is handled internally).
zrj [Tue, 23 Apr 2019 15:54:32 +0000 (18:54 +0300)]
libc: Fix few typos in vsyslog().
While there, move variable declarations to top and remove braces.
zrj [Tue, 23 Apr 2019 15:47:56 +0000 (18:47 +0300)]
gcc47: Disconnect objc components from world.
Sascha Wildner [Tue, 23 Apr 2019 17:45:56 +0000 (19:45 +0200)]
Remove groff from base.
There is a dports package available for people who need it. Also,
for some manual pages in dports, man(1) will report that mandoc(1)
cannot render them, and advise to install groff too, which man(1)
will then use.
Also remove vgrind(1) and the old base me(7) macros.
Disable the groff part of manlint for now, also mandiff. I will
decide later if it should be made to work with dports groff.
There are a number of related utilities, like colcrt, checknr etc.
that I have not touched yet. Their fate will be decided later.
There are also some references to these tools left in existing
manual pages.
Sascha Wildner [Mon, 22 Apr 2019 22:42:11 +0000 (00:42 +0200)]
Remove no longer needed catman periodic via 'make upgrade'.
François Tigeot [Mon, 22 Apr 2019 20:55:13 +0000 (22:55 +0200)]
drm/linux: Add list_for_each_entry_continue_reverse()
Obtained-from: OpenBSD
zrj [Mon, 22 Apr 2019 08:42:16 +0000 (11:42 +0300)]
Deprecate and remove OPIE from PAM.
This will require user intervention to manually disable OPIE usage or
cleanly reinstall pam.d/* (even better if no modifications were done).
Due to very strict used "requisite" requirements any pam_opie loading
error will result in unusable system except for singe user mode.
Add warning for the user. Sooner or later this will need to be done.
While there, disable installing /etc/pam.d/rsh script. It can be removed.
zrj [Fri, 19 Apr 2019 10:32:55 +0000 (13:32 +0300)]
kernel/tty: Use GID_TTY for non root users by default.
Previous behaviour defaulting to GID_WHEEL was confusing OpenSSH tests.
Sascha Wildner [Mon, 22 Apr 2019 15:27:08 +0000 (17:27 +0200)]
Remove the old GNU man, makewhatis and manpath.config.5 manual page.