summaryrefslogtreecommitdiffstats
path: root/secure
Commit message (Collapse)AuthorAgeFilesLines
* MFH (r261320): upgrade openssh to 6.5p1des2014-02-272-6/+10
| | | | MFH (r261340): enable sandboxing by default
* Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of ades2013-09-233-4/+12
| | | | | | | | | repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius)
* Replace claims that DES is a strong cryptosystem with a warning statingdes2013-09-211-28/+7
| | | | | | that it should no longer be considered secure. Approved by: re (gjb)
* Clean up the OpenSSH build. It is now possible to build most componentsdes2013-09-1012-46/+190
| | | | | | | | | | as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket)
* Make libldns and libssh private.des2013-09-0812-0/+12
| | | | Approved by: re (blanket)
* Remove references to MK_IDEA.ed2013-04-273-21/+1
| | | | | | As of r249959, we want to build with IDEA support enabled unconditionally. As this change removed the MK_IDEA flag, update these Makefiles accordingly.
* Upgrade to OpenSSH 6.2p1. The most important new features are supportdes2013-03-221-4/+4
| | | | for a key revocation list and more fine-grained authentication control.
* Retire the mislabeled ENABLE_SUID_SSH knob.des2013-03-221-3/+1
|
* Merge OpenSSL 1.0.1e.jkim2013-02-13336-731/+736
| | | | Approved by: secteam (simon), benl (silence)
* Add a src.conf(5) option to allow users to compile in the "NONE cipher",bz2013-01-173-0/+12
| | | | | | | | | which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
* Fix typo; s/ouput/outputkevlo2012-11-071-1/+1
|
* Upgrade OpenSSH to 6.1p1.des2012-09-031-2/+0
|
* Sort ASM definitions by crypto module for slightly easier maintenance.jkim2012-07-121-2/+4
| | | | Specifically, GHASH_ASM belongs to crypto/modes.
* Merge OpenSSL 1.0.1c.jkim2012-07-12394-13827/+67060
| | | | Approved by: benl (maintainer)
* Regen ca(1) for r237658. This re-applies r227458, i.e., add a missing "be".jkim2012-06-271-1/+1
|
* Merge OpenSSL 0.9.8x.jkim2012-06-27278-561/+567
| | | | | | Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
* Update the previous openssl fix. [12:01]bz2012-05-301-1/+1
| | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
* Restore the ability to use a non-standard LOCALBASE to sshdeadler2012-03-242-0/+8
| | | | | | | | | Add the ability to use a non-standard LOCALBASE to ssh Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136)
* X11BASE is not used any more and has been killed by the x11 team.eadler2012-03-192-26/+0
| | | | | | Reviewed by: ??? Approved by: ??? MFC after: 3 days
* Return NULL on error rather than ":", per the crypt(3) man page.kevlo2012-02-221-6/+5
| | | | Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
* Force linker error when created shared library contains a relocationkib2011-12-061-0/+1
| | | | | | | | | against text. Provide the override switch to turn off the strict behaviour. Apparently, openssl libcrypto needs it due to assembler code not being PIC. Discussed with: bf MFC after: 2 weeks
* - add a missing "be" and "in"eadler2011-11-111-1/+1
| | | | | | | | | | | - fix other errors introduced when committing r226436 - add 'function' to a sentence where it makes sense Submitted by: delphij Submitted by: dougb Submitted by: jhb Approved by: dougb Approved by: jhb
* - change "is is" to "is" or "it is"eadler2011-10-163-3/+3
| | | | | | | | - change "the the" to "the" Approved by: lstewart Approved by: sahil (mentor) MFC after: 3 days
* Upgrade to OpenSSH 5.9p1.des2011-10-051-1/+2
| | | | MFC after: 3 months
* Upgrade to OpenSSH 5.8p2.des2011-05-042-7/+9
|
* Fix some leftover binaries and shared libraries in the system that stilldim2011-02-151-0/+4
| | | | | | | | | | | | | | | have an executable stack, due to linking in hand-assembled .S or .s files, that have no .GNU-stack sections: RWX --- --- /lib/libcrypto.so.6 RWX --- --- /lib/libmd.so.5 RWX --- --- /lib/libz.so.6 RWX --- --- /lib/libzpool.so.2 RWX --- --- /usr/lib/liblzma.so.5 These were found using scanelf, from the sysutils/pax-utils port. Reviewed by: kib
* Regenerate manual pages for OpenSSL 0.9.8q.simon2010-12-03278-291/+280
|
* Regenerate manual pages for OpenSSL 0.9.8p.simon2010-11-22278-9639/+7617
|
* Revert changes of 'assure' to 'ensure' made in r211936.brucec2010-09-111-1/+1
| | | | Approved by: rrs (mentor)
* Fix incorrect usage of 'assure' and 'insure'.brucec2010-08-281-1/+1
| | | | Approved by: rrs (mentor)
* Repair some build breakage introduced in r211725 and garbage collect somenwhitehorn2010-08-283-220/+12
| | | | code made obsolete in the same commit.
* MFtbemd:imp2010-08-231-15/+15
| | | | | Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want to test of all the CPUs of a given family conform.
* Fix buildworld -DNO_CLEAN when using with Perforce, which marks files aswill2010-08-121-2/+2
| | | | | | | read-only by default, meaning files copied can't be overwritten next time. Reviewed by: imp Approved by: ken (mentor)
* Whitespace fix for last check-in, move empty line to below endif.jchandra2010-08-041-1/+1
|
* MIPS 64 bit support.jchandra2010-08-041-0/+14
| | | | | | | When compiled for MIPS n64 ABI - DES_LONG should be 'unsigned int' - BN_LLONG should be undefined - SIXTY_FOUR_BIT_LONG should be defined.
* OpenSSL configuration for powerpc64nwhitehorn2010-07-101-0/+217
| | | | Obtained from: projects/ppc64
* Regenerate manual pages for OpenSSL 0.9.8n.simon2010-04-01277-277/+277
|
* - Make it slightly simpler to update OpenSSL version informationsimon2010-04-011-1/+6
| | | | | | | | for regenerating OpenSSL manual pages. - Explicitly set the OpenSSL release date so manual pages contain the date OpenSSL was released and not just the date OpenSSL was imported into the FreeBSD base system. - Update for Makefile for OpenSSL 0.9.8n.
* Regenerate manual pages for OpenSSL 0.9.8m.simon2010-03-13280-331/+533
| | | | MFC after: 3 weeks
* Merge OpenSSL 0.9.8m into head.simon2010-03-131-1/+1
| | | | | | | | | | | This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support. MFC after: 3 weeks
* Revert r204939des2010-03-101-1/+1
|
* Forgot to svn add the Makefile.des2010-03-101-0/+16
|
* Fix the build. The ssh-pkcs11-helper directory is empty, which isdougb2010-03-101-1/+1
| | | | causing confusion.
* Upgrade to OpenSSH 5.4p1.des2010-03-094-5/+6
| | | | MFC after: 1 month
* (Almost) fixed static linkage. The remaining problem is withru2010-02-261-2/+2
| | | | | libgssapi.a and libgssapi_krb5.a libraries that define the same symbols.
* Fix 'make checkdpadd'des2010-02-251-1/+1
| | | | Submitted by: ru@
* Remove -static; it was a failed experiment that got committed by accident.des2010-02-251-1/+4
|
* Build lib/ with WARNS=6 by default.ed2010-01-021-0/+2
| | | | | | | | | Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and lower it when needed. I'm setting WARNS?=0 for secure/. It seems secure/ includes the Makefile.inc provided by lib/. I'm not going to touch that directory. Most of the code there is contributed anyway.
* Remove pppd, it's gone.trasz2009-12-291-2/+1
|
* Fix globbingdes2009-11-101-1/+1
| | | | | Noticed by: delphij, David Cornejo <dave@dogwood.com> Forgotten by: des
OpenPOWER on IntegriCloud