summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Add a missing $FreeBSD$ string.ed2010-01-131-0/+1
| | | | | | | I was requested to add this string to any file that was modified by my commit, which I forgot to do so. Requested by: des
* Make OpenSSH work with utmpx.ed2010-01-134-27/+56
| | | | | | | | | | | | | | | - Partially revert r184122 (sshd.c). Our ut_host is now big enough to fit proper hostnames. - Change config.h to match reality. - defines.h requires UTMPX_FILE to be set by <utmpx.h> before it allows the utmpx code to work. This makes no sense to me. I've already mentioned this upstream. - Add our own platform-specific handling of lastlog. The version I will send to the OpenSSH folks will use proper autoconf generated definitions instead of `#if 1'.
* The size of credential messages is limited by CMGROUP_MAX rather thanbrooks2010-01-031-1/+1
| | | | | | NGROUPS. MFC after: 1 week
* Disable SSL renegotiation in order to protect against a seriouscperciva2009-12-033-5/+12
| | | | | | | | | | | | | | | protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate
* Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swapattilio2009-11-251-0/+5
| | | | | | | | | | | | | | environments. Please note that this can't be done while such processes run in jails. Note: in future it would be interesting to find a way to do that selectively for any desired proccess (choosen by user himself), probabilly via a ptrace interface or whatever. Obtained from: Sandvine Incorporated Reviewed by: emaste, arch@ Sponsored by: Sandvine Incorporated MFC: 1 month
* Fix globbingdes2009-11-101-0/+2
| | | | | Noticed by: delphij, David Cornejo <dave@dogwood.com> Forgotten by: des
* Remove dupe.des2009-10-111-1/+0
|
* Add more symbols that need to be masked:des2009-10-051-1/+19
| | | | | | | - initialized and uninitialized data - symbols from roaming_dummy.c which end up in pam_ssh Update the command line used to generate the #defines.
* Upgrade to OpenSSH 5.3p1.des2009-10-0173-1077/+1931
|\
* | Merge DTLS fixes from vendor-crypto/openssl/dist:simon2009-08-234-17/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fix memory consumption bug with "future epoch" DTLS records. - Fix fragment handling memory leak. - Do not access freed data structure. - Fix DTLS fragment bug - out-of-sequence message handling which could result in NULL pointer dereference in dtls1_process_out_of_seq_message(). Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL. MFC after: 1 week Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
* | Update and remove CVS-specific itemsdes2009-08-131-3/+1
| | | | | | | | Approved by: re (kib)
* | Remove symlinks in OpenSSL's testing framework. These are not requiredsimon2009-08-1243-43/+0
| | | | | | | | | | | | | | | | | | for normal build, and doesn't export well to CVS. If they are needed later a script will be added to recreate the symlinks when needed at build time. Approved by: re (rwatson)
* | Use the closefrom(2) system call.jhb2009-06-162-2/+1
| | | | | | | | Reviewed by: des
* | Merge OpenSSL 0.9.8k into head.simon2009-06-14795-14045/+76865
|\ \ | | | | | | | | | Approved by: re
| * | Import OpenSSL 0.9.8k.simon2009-06-07361-3926/+24367
| | |
| * | Vendor import of OpenSSL 0.9.8i.simon2008-09-21212-6663/+19478
| | |
| * | Remove files from vendor tree which were not part of OpenSSL 0.9.8esimon2008-09-2165-21917/+0
| | | | | | | | | | | | | | | | | | | | | (last vendor import). The file were removed in different earlier releases, but were not removed from the CVS vendor branch at the time.
| * | Flatten OpenSSL vendor tree.simon2008-08-231806-183756/+0
| | |
* | | Upgrade to OpenSSH 5.2p1.des2009-05-2276-4439/+3910
|\ \ \ | | |/ | |/| | | | MFC after: 3 months
* | | Don't leak information via uninitialized space in db(3) records. [09:07]cperciva2009-04-223-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08] Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva)
* | | Prevent cross-site forgery attacks on lukemftpd(8) due to splittingsimon2009-01-079-13/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon)
* | | At some point, construct_utmp() was changed to use realhostname() to filldes2008-10-212-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in the struct utmp due to concerns about the length of the hostname buffer. However, this breaks the UseDNS option. There is a simpler and better solution: initialize utmp_len to the correct value (UT_HOSTSIZE instead of MAXHOSTNAMELEN) and let get_remote_name_or_ip() worry about the size of the buffer. PR: bin/97499 Submitted by: Bruce Cran <bruce@cran.org.uk> MFC after: 1 week
* | | Our groff doesn't understand $Mdocdate$, so replace them with bare dates.des2008-09-2913-13/+13
| | | | | | | | | | | | MFC after: 3 days
* | | MFV "xmalloc: zero size" fix.des2008-09-241-1/+2
| | | | | | | | | | | | MFC after: 1 week
* | | The vendor area is the proper home for these files now.simon2008-09-212-93/+0
| | |
* | | Remove some unused files.des2008-09-012-1251/+0
| | |
* | | Set SIZEOF_LONG_INT and SIZEOF_LONG_LONG_INT to plausible values. Theydes2008-09-011-2/+2
| | | | | | | | | | | | aren't used for anything, but that's no excuse for being silly.
* | | Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED.des2008-08-201-1/+14
| | | | | | | | | | | | | | | | | | | | | Submitted upstream, no reaction. Submitted by: delphij@ MFC after: 2 weeks
* | | Upgrade to OpenSSH 5.1p1.des2008-08-01171-4658/+13145
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
| * | Properly flatten openssh/dist.des2008-07-22407-109174/+0
| | |
| * | Revert part of 180714 - the intent was to flatten dist, not to nuke it.des2008-07-22407-0/+109174
| | |
| * | Flatten the OpenSSH vendor tree for 3.x and newer.des2008-07-22407-109174/+0
| | |
* | | Another file with no local changes.des2008-08-011-1/+0
| | | | | | | | | | | | "This time for sure!"
* | | Another file with no local changes.des2008-08-011-1/+0
| | |
* | | Another four files without local changes. This is driving me nuts -des2008-08-014-4/+0
| | | | | | | | | | | | every time I think I got them all, another one pops up.
* | | Yet another file with no local changes.des2008-08-011-1/+0
| | |
* | | Accidentally mangled this one in the previous commit.des2008-08-011-1/+1
| | |
* | | More files which no longer have any local changes.des2008-08-018-8/+0
| | |
* | | These two files have no local patches except to prevent expansion of thedes2008-08-012-4/+2
| | | | | | | | | | | | | | | original $FreeBSD$ keywords. Revert those changes, and simply disable keyword expansion.
* | | Last remains of old OPIE patchdes2008-08-011-8/+0
| | |
* | | We no longer have any local changes here.des2008-08-011-1/+0
| | |
* | | Tag expansion is no longer needed (svn handles them correctly).des2008-08-011-8/+2
| | | | | | | | | | | | Add svn command to diff against vendor branch.
* | | This is no longer needed.des2008-08-011-9/+0
| | |
* | | Cleanup.des2008-08-012-27/+26
| | |
* | | Ugh. Set svn:mergeinfo correctly.des2008-08-011-0/+1
| | |
* | | Catch up with reality.des2008-08-011-8/+1
| | |
* | | Revert an old hack I put in to replace S/Key with OPIE. We haven't useddes2008-08-013-21/+0
| | | | | | | | | | | | that code in ages - we use pam_opie(8) instead - so this is a NOP.
* | | Add missing #include for strlen()des2008-07-311-0/+3
| | |
* | | Fix alignment of the cmsg buffer by placing it in a union with a structdes2008-07-301-6/+12
| | | | | | | | | | | | | | | | | | | | | cmsghdr. Derived from upstream patch. Submitted by: cognet MFC after: 2 weeks
* | | Remove a bunch of files we don't need to build OpenSSH. They are stilldes2008-07-2380-11367/+0
| | | | | | | | | | | | available in base/vendor-crypto/openssh/dist/.
OpenPOWER on IntegriCloud