summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Upgrade to OpenSSH 5.3p1.des2009-10-0173-1077/+1931
|\
* | Merge DTLS fixes from vendor-crypto/openssl/dist:simon2009-08-234-17/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fix memory consumption bug with "future epoch" DTLS records. - Fix fragment handling memory leak. - Do not access freed data structure. - Fix DTLS fragment bug - out-of-sequence message handling which could result in NULL pointer dereference in dtls1_process_out_of_seq_message(). Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL. MFC after: 1 week Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
* | Update and remove CVS-specific itemsdes2009-08-131-3/+1
| | | | | | | | Approved by: re (kib)
* | Remove symlinks in OpenSSL's testing framework. These are not requiredsimon2009-08-1243-43/+0
| | | | | | | | | | | | | | | | | | for normal build, and doesn't export well to CVS. If they are needed later a script will be added to recreate the symlinks when needed at build time. Approved by: re (rwatson)
* | Use the closefrom(2) system call.jhb2009-06-162-2/+1
| | | | | | | | Reviewed by: des
* | Merge OpenSSL 0.9.8k into head.simon2009-06-14795-14045/+76865
|\ \ | | | | | | | | | Approved by: re
| * | Import OpenSSL 0.9.8k.simon2009-06-07361-3926/+24367
| | |
| * | Vendor import of OpenSSL 0.9.8i.simon2008-09-21212-6663/+19478
| | |
| * | Remove files from vendor tree which were not part of OpenSSL 0.9.8esimon2008-09-2165-21917/+0
| | | | | | | | | | | | | | | | | | | | | (last vendor import). The file were removed in different earlier releases, but were not removed from the CVS vendor branch at the time.
| * | Flatten OpenSSL vendor tree.simon2008-08-231806-183756/+0
| | |
* | | Upgrade to OpenSSH 5.2p1.des2009-05-2276-4439/+3910
|\ \ \ | | |/ | |/| | | | MFC after: 3 months
* | | Don't leak information via uninitialized space in db(3) records. [09:07]cperciva2009-04-223-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08] Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva)
* | | Prevent cross-site forgery attacks on lukemftpd(8) due to splittingsimon2009-01-079-13/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon)
* | | At some point, construct_utmp() was changed to use realhostname() to filldes2008-10-212-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in the struct utmp due to concerns about the length of the hostname buffer. However, this breaks the UseDNS option. There is a simpler and better solution: initialize utmp_len to the correct value (UT_HOSTSIZE instead of MAXHOSTNAMELEN) and let get_remote_name_or_ip() worry about the size of the buffer. PR: bin/97499 Submitted by: Bruce Cran <bruce@cran.org.uk> MFC after: 1 week
* | | Our groff doesn't understand $Mdocdate$, so replace them with bare dates.des2008-09-2913-13/+13
| | | | | | | | | | | | MFC after: 3 days
* | | MFV "xmalloc: zero size" fix.des2008-09-241-1/+2
| | | | | | | | | | | | MFC after: 1 week
* | | The vendor area is the proper home for these files now.simon2008-09-212-93/+0
| | |
* | | Remove some unused files.des2008-09-012-1251/+0
| | |
* | | Set SIZEOF_LONG_INT and SIZEOF_LONG_LONG_INT to plausible values. Theydes2008-09-011-2/+2
| | | | | | | | | | | | aren't used for anything, but that's no excuse for being silly.
* | | Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED.des2008-08-201-1/+14
| | | | | | | | | | | | | | | | | | | | | Submitted upstream, no reaction. Submitted by: delphij@ MFC after: 2 weeks
* | | Upgrade to OpenSSH 5.1p1.des2008-08-01171-4658/+13145
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
| * | Properly flatten openssh/dist.des2008-07-22407-109174/+0
| | |
| * | Revert part of 180714 - the intent was to flatten dist, not to nuke it.des2008-07-22407-0/+109174
| | |
| * | Flatten the OpenSSH vendor tree for 3.x and newer.des2008-07-22407-109174/+0
| | |
* | | Another file with no local changes.des2008-08-011-1/+0
| | | | | | | | | | | | "This time for sure!"
* | | Another file with no local changes.des2008-08-011-1/+0
| | |
* | | Another four files without local changes. This is driving me nuts -des2008-08-014-4/+0
| | | | | | | | | | | | every time I think I got them all, another one pops up.
* | | Yet another file with no local changes.des2008-08-011-1/+0
| | |
* | | Accidentally mangled this one in the previous commit.des2008-08-011-1/+1
| | |
* | | More files which no longer have any local changes.des2008-08-018-8/+0
| | |
* | | These two files have no local patches except to prevent expansion of thedes2008-08-012-4/+2
| | | | | | | | | | | | | | | original $FreeBSD$ keywords. Revert those changes, and simply disable keyword expansion.
* | | Last remains of old OPIE patchdes2008-08-011-8/+0
| | |
* | | We no longer have any local changes here.des2008-08-011-1/+0
| | |
* | | Tag expansion is no longer needed (svn handles them correctly).des2008-08-011-8/+2
| | | | | | | | | | | | Add svn command to diff against vendor branch.
* | | This is no longer needed.des2008-08-011-9/+0
| | |
* | | Cleanup.des2008-08-012-27/+26
| | |
* | | Ugh. Set svn:mergeinfo correctly.des2008-08-011-0/+1
| | |
* | | Catch up with reality.des2008-08-011-8/+1
| | |
* | | Revert an old hack I put in to replace S/Key with OPIE. We haven't useddes2008-08-013-21/+0
| | | | | | | | | | | | that code in ages - we use pam_opie(8) instead - so this is a NOP.
* | | Add missing #include for strlen()des2008-07-311-0/+3
| | |
* | | Fix alignment of the cmsg buffer by placing it in a union with a structdes2008-07-301-6/+12
| | | | | | | | | | | | | | | | | | | | | cmsghdr. Derived from upstream patch. Submitted by: cognet MFC after: 2 weeks
* | | Remove a bunch of files we don't need to build OpenSSH. They are stilldes2008-07-2380-11367/+0
| | | | | | | | | | | | available in base/vendor-crypto/openssh/dist/.
* | | Fix conflicts after heimdal-1.1 import and add build infrastructure. Importdfr2008-05-0782-13786/+1343
| | | | | | | | | | | | all non-style changes made by heimdal to our own libgssapi.
* | | This commit was generated by cvs2svn to compensate for changes in r178825,dfr2008-05-071483-48403/+252590
|\ \ \ | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches.
| * | | Vendor import of Heimdal 1.1dfr2008-05-071493-49127/+253906
| | | |
* | | | Fix the Xlist so it actually works with 'tar -X', and update the upgradedes2008-02-062-11/+10
| | | | | | | | | | | | | | | | instructions accordingly.
* | | | As per discussion, commit experimental metadata for my contrib packages.des2008-02-061-0/+8
| | | | | | | | | | | | | | | | | | | | The idea is to have a FREEBSD-vendor file for every third-party package in the tree.
* | | | Unbreak detection of cryptodev support for FreeBSD which was brokensimon2008-01-131-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with OpenSSL 0.9.8 import. Note that this does not enable cryptodev by default, as it was the case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it possible to enable cryptodev at all. This has been submitted upstream as: http://rt.openssl.org/Ticket/Display.html?id=1624 Submitted by: nork
* | | | This commit was generated by cvs2svn to compensate for changes in r172767,simon2007-10-184-615/+544
|\ \ \ \ | | |_|/ | |/| | | | | | which included commits to RCS files with non-trunk default branches.
| * | | Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.simon2007-10-184-615/+544
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From the OpenSSL advisory: Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected. We believe this flaw will permit remote code execution. Security: CVE-2007-4995 Security: http://www.openssl.org/news/secadv_20071012.txt
OpenPOWER on IntegriCloud