| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Relnotes: yes
Approved by: re (so@ implicit)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFH (r285975, r287143): register mergeinfo for security fixes
MFH (r294497, r294498, r295139): internal documentation
MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap
MFH (r294332): upgrade to openssh 6.8p1
MFH (r294367): update pam_ssh for api changes
MFH (r294909): switch usedns back on
MFH (r294336): upgrade to openssh 6.9p1
MFH (r294495): re-enable dsa keys
MFH (r294464): upgrade to openssh 7.0p1
MFH (r294496): upgrade to openssh 7.1p2
Approved by: re (gjb)
Relnotes: yes
|
| |
|
|
| |
Relnotes: yes
|
| |
|
|
| |
Remove the HPN and None cipher patches.
|
| |
|
|
| |
Replace unneeded manual dependency on header by adding it to SRCS.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Fix GOST engine cipher linkage by adding e_gost_err.c to SRCS so it
picks up undefined symbols, like "ERR_load_GOST_strings"
PR: 184805
Submitted by: Ivan IvanZhdanov <ivan.zhdanov@gmail.com>
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
| |
Define endianness for non-x86 platforms.
|
| |
|
|
| |
Replace afterinstall: hack from r111083 with 'make delete-old' functionality.
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.1p.
Approved by: re (gjb)
Relnotes: yes
|
| |
|
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.1o.
Note it is instantly merged because it restores ABI compatibility broken by
the previous OpenSSL 1.0.1n.
Relnotes: yes
|
| |
|
|
| |
Merge OpenSSL 1.0.1n.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
| |
Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
|
| |
|
|
| |
Update buildinf.h to make SSLeay_version(3) little bit more useful.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1l.
Relnotes: yes
|
| |
|
|
| |
Merge OpenSSL 1.0.1k.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
r264400:
NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
r265836:
Remove last two NO_MAN= in the tree. In both of these cases, MAN= is
what is needed.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1j.
Relnotes: yes
|
| |
|
|
| |
Merge OpenSSL 1.0.1i.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
| |
|
|
|
|
| |
Switch using the new $2b$ format by default, when bcrypt is used.
Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
|
| |
|
|
| |
This is "make tinderbox" clean.
|
| |
|
|
| |
MFH (r264308): restore p level in debugging output
|
| |
|
|
| |
Merge OpenSSL 1.0.1f and 1.0.1g.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:
- Support of $2b$ password format to address a problem where very
long passwords (more than 256 characters, when an integer
overflow would happen and cause the length to wrap at 256).
- Updated pseudo code in comments to reflect the reality.
- Removed our local shortcut of processing magic string and rely
on the centralized and tigntened validation.
- Diff reduction from upstream.
For now we are still generating the older $2a$ format of password
but we will migrate to the new format once the format is formally
finalized.
|
| |
|
|
| |
MFH (r261340): enable sandboxing by default
|
| |
|
|
|
|
|
|
|
| |
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.
Approved by: re (marius)
|
| |
|
|
|
|
|
|
|
|
| |
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.
Approved by: re (blanket)
|
| |
|
|
| |
Approved by: re (blanket)
|
| |
|
|
|
|
| |
As of r249959, we want to build with IDEA support enabled
unconditionally. As this change removed the MK_IDEA flag, update these
Makefiles accordingly.
|
| |
|
|
| |
for a key revocation list and more fine-grained authentication control.
|
| |
|
|
| |
Approved by: secteam (simon), benl (silence)
|
| |
|
|
|
|
|
|
|
| |
which, only after authentication, disables crypto, and only for sessions
without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com)
PR: bin/163095
MFC after: 10 days
|
| | |
|
| |
|
|
| |
Specifically, GHASH_ASM belongs to crypto/modes.
|
| |
|
|
| |
Approved by: benl (maintainer)
|
| |
|
|
|
|
| |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)
|
| |
|
|
| |
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
|
| |
|
|
|
|
|
|
|
| |
against text. Provide the override switch to turn off the strict
behaviour. Apparently, openssl libcrypto needs it due to assembler
code not being PIC.
Discussed with: bf
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
| |
- change "the the" to "the"
Approved by: lstewart
Approved by: sahil (mentor)
MFC after: 3 days
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have an executable stack, due to linking in hand-assembled .S or .s
files, that have no .GNU-stack sections:
RWX --- --- /lib/libcrypto.so.6
RWX --- --- /lib/libmd.so.5
RWX --- --- /lib/libz.so.6
RWX --- --- /lib/libzpool.so.2
RWX --- --- /usr/lib/liblzma.so.5
These were found using scanelf, from the sysutils/pax-utils port.
Reviewed by: kib
|
| | |
|
| | |
|
| |
|
|
| |
Approved by: rrs (mentor)
|
| |
|
|
| |
Approved by: rrs (mentor)
|
| |
|
|
| |
code made obsolete in the same commit.
|
| |
|
|
|
| |
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.
|
