| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1m.
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
| |
Security: FreeBSD-SA-15:06.openssl
Security: CVE-2015-0209
Security: CVE-2015-0286
Security: CVE-2015-0287
Security: CVE-2015-0288
Security: CVE-2015-0289
Security: CVE-2015-0293
|
| |
|
|
| |
Update buildinf.h to make SSLeay_version(3) little bit more useful.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1l.
Relnotes: yes
|
| |
|
|
| |
Merge OpenSSL 1.0.1k.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
r264400:
NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
r265836:
Remove last two NO_MAN= in the tree. In both of these cases, MAN= is
what is needed.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1j.
Relnotes: yes
|
| |
|
|
| |
Merge OpenSSL 1.0.1i.
|
| |
|
|
|
|
| |
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
| |
|
|
|
|
| |
Switch using the new $2b$ format by default, when bcrypt is used.
Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
|
| |
|
|
| |
Fix order of libthr and libc in the global dso list for sshd.
|
| |
|
|
| |
This is "make tinderbox" clean.
|
| |
|
|
| |
MFH (r264308): restore p level in debugging output
|
| |
|
|
| |
Merge OpenSSL 1.0.1f and 1.0.1g.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:
- Support of $2b$ password format to address a problem where very
long passwords (more than 256 characters, when an integer
overflow would happen and cause the length to wrap at 256).
- Updated pseudo code in comments to reflect the reality.
- Removed our local shortcut of processing magic string and rely
on the centralized and tigntened validation.
- Diff reduction from upstream.
For now we are still generating the older $2a$ format of password
but we will migrate to the new format once the format is formally
finalized.
|
| |
|
|
| |
MFH (r261340): enable sandboxing by default
|
| |
|
|
|
|
|
|
|
| |
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.
Approved by: re (marius)
|
| |
|
|
|
|
| |
that it should no longer be considered secure.
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
| |
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.
Approved by: re (blanket)
|
| |
|
|
| |
Approved by: re (blanket)
|
| |
|
|
|
|
| |
As of r249959, we want to build with IDEA support enabled
unconditionally. As this change removed the MK_IDEA flag, update these
Makefiles accordingly.
|
| |
|
|
| |
for a key revocation list and more fine-grained authentication control.
|
| | |
|
| |
|
|
| |
Approved by: secteam (simon), benl (silence)
|
| |
|
|
|
|
|
|
|
| |
which, only after authentication, disables crypto, and only for sessions
without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com)
PR: bin/163095
MFC after: 10 days
|
| | |
|
| | |
|
| |
|
|
| |
Specifically, GHASH_ASM belongs to crypto/modes.
|
| |
|
|
| |
Approved by: benl (maintainer)
|
| | |
|
| |
|
|
|
|
| |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)
|
| |
|
|
|
|
|
|
|
| |
Add the ability to use a non-standard LOCALBASE to ssh
Submitted by: jhb
Reviewed by: des
Approved by: cperciva
MFC after: 0 days (with r233136)
|
| |
|
|
|
|
| |
Reviewed by: ???
Approved by: ???
MFC after: 3 days
|
| |
|
|
| |
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
|
| |
|
|
|
|
|
|
|
| |
against text. Provide the override switch to turn off the strict
behaviour. Apparently, openssl libcrypto needs it due to assembler
code not being PIC.
Discussed with: bf
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
| |
- fix other errors introduced when committing r226436
- add 'function' to a sentence where it makes sense
Submitted by: delphij
Submitted by: dougb
Submitted by: jhb
Approved by: dougb
Approved by: jhb
|
| |
|
|
|
|
|
|
| |
- change "the the" to "the"
Approved by: lstewart
Approved by: sahil (mentor)
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 months
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have an executable stack, due to linking in hand-assembled .S or .s
files, that have no .GNU-stack sections:
RWX --- --- /lib/libcrypto.so.6
RWX --- --- /lib/libmd.so.5
RWX --- --- /lib/libz.so.6
RWX --- --- /lib/libzpool.so.2
RWX --- --- /usr/lib/liblzma.so.5
These were found using scanelf, from the sysutils/pax-utils port.
Reviewed by: kib
|
| | |
|
| | |
|
| |
|
|
| |
Approved by: rrs (mentor)
|
| |
|
|
| |
Approved by: rrs (mentor)
|
| |
|
|
| |
code made obsolete in the same commit.
|
| |
|
|
|
| |
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.
|
| |
|
|
|
|
|
| |
read-only by default, meaning files copied can't be overwritten next time.
Reviewed by: imp
Approved by: ken (mentor)
|
| | |
|
| |
|
|
|
|
|
| |
When compiled for MIPS n64 ABI
- DES_LONG should be 'unsigned int'
- BN_LLONG should be undefined
- SIXTY_FOUR_BIT_LONG should be defined.
|
