summaryrefslogtreecommitdiffstats
path: root/secure
Commit message (Collapse)AuthorAgeFilesLines
* Add compatibility with $2y$ bcrypt hashesallanjude2015-06-161-0/+3
| | | | | | | | | | | | | | | crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent. http://www.openwall.com/lists/announce/2011/07/17/1 This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes Reviewed by: eadler Approved by: delphij MFC after: 1 week Relnotes: yes Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D2742
* new dependssjg2015-06-163-0/+3
|
* Revert r284417 it is not necessary anymorebapt2015-06-151-1/+1
|
* Enforce overwritting SHLIBDIRbapt2015-06-151-1/+1
| | | | | | | | | Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere. This makes /lib being populated again. Reported by: many
* Add META_MODE support.sjg2015-06-1325-0/+588
|\ | | | | | | | | | | | | | | | | | | | | Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp
| * dirdeps.mk now sets DEP_RELDIRsjg2015-06-0825-50/+0
| |
| * Merge sync of headsjg2015-05-27374-4575/+8433
| |\
| * \ Merge from head@274682sjg2014-11-19350-561/+1459
| |\ \
| * \ \ Merge head from 7/28sjg2014-08-19347-599/+404
| |\ \ \
| * | | | Updated dependenciessjg2014-05-1625-0/+29
| | | | |
| * | | | Merge from headsjg2014-05-0818-18/+18
| |\ \ \ \
| * \ \ \ \ Merge headsjg2014-04-28351-970/+990
| |\ \ \ \ \
| * \ \ \ \ \ Merge head@256284sjg2013-10-134-32/+19
| |\ \ \ \ \ \
| * | | | | | | Updated dependenciessjg2013-10-1312-0/+128
| | | | | | | |
| * | | | | | | Merge headsjg2013-09-1112-46/+202
| |\ \ \ \ \ \ \
| * \ \ \ \ \ \ \ Merge from headsjg2013-09-053-21/+1
| |\ \ \ \ \ \ \ \
| * \ \ \ \ \ \ \ \ sync from headsjg2013-04-12338-738/+741
| |\ \ \ \ \ \ \ \ \
| * | | | | | | | | | Updated dependenciessjg2013-03-1125-0/+25
| | | | | | | | | | |
| * | | | | | | | | | Updated dependenciessjg2013-02-1625-50/+0
| | | | | | | | | | |
| * | | | | | | | | | Sync with HEAD.obrien2013-02-084-1/+13
| |\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | Updated/new Makefile.dependsjg2012-11-0812-1/+69
| | | | | | | | | | | |
| | | | | | | | | | | |
| | \ \ \ \ \ \ \ \ \ \
| | \ \ \ \ \ \ \ \ \ \
| | \ \ \ \ \ \ \ \ \ \
| *---. \ \ \ \ \ \ \ \ \ \ Sync from headsjg2012-11-04395-14111/+67350
| |\ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | Sync FreeBSD's bmake branch with Juniper's internal bmake branch.marcel2012-08-2224-0/+531
| | |_|/ / / / / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Requested by: Simon Gerraty <sjg@juniper.net>
* | | | | | | | | | | | | | Merge OpenSSL 1.0.1o.jkim2015-06-12338-339/+339
| | | | | | | | | | | | | |
* | | | | | | | | | | | | | Merge OpenSSL 1.0.1n.jkim2015-06-11338-759/+807
| |_|_|_|_|_|_|_|_|_|_|_|/ |/| | | | | | | | | | | |
* | | | | | | | | | | | | Add the openssl header for arm64. As it is based on MACHINE_CPUARCH itandrew2015-03-241-0/+242
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | is named opensslconf-aarch64.h. Sponsored by: The FreeBSD Foundation
* | | | | | | | | | | | | Disable insecure SSLv2 support from the base OpenSSL.jkim2015-03-206-5/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Differential Revision: https://reviews.freebsd.org/D1304
* | | | | | | | | | | | | Merge OpenSSL 1.0.1m.jkim2015-03-20345-709/+1440
| | | | | | | | | | | | |
* | | | | | | | | | | | | Update buildinf.h to make SSLeay_version(3) little bit more useful.jkim2015-01-161-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MFC after: 1 week
* | | | | | | | | | | | | Add a ${CP} alias for copying files in the build.will2015-01-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some users build FreeBSD as non-root in Perforce workspaces. By default, Perforce sets files read-only unless they're explicitly being edited. As a result, the -f argument must be used to cp in order to override the read-only flag when copying source files to object directories. Bare use of 'cp' should be avoided in the future. Update all current users of 'cp' in the src tree. Reviewed by: emaste MFC after: 1 week Sponsored by: Spectra Logic
* | | | | | | | | | | | | Merge OpenSSL 1.0.1l.jkim2015-01-16335-336/+336
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MFC after: 1 week Relnotes: yes
* | | | | | | | | | | | | Merge OpenSSL 1.0.1k.jkim2015-01-08335-4325/+7347
| | | | | | | | | | | | |
* | | | | | | | | | | | | Reduce overlinkingbapt2014-11-2512-33/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The framework now ensure by itself that pthread is added to the link chain as the last component if linked to kerberos hence avoid with out any explicit addition prevent issue like CVE-2014-8475
* | | | | | | | | | | | | Convert to LIBADDbapt2014-11-2515-84/+36
| |_|_|_|_|_|_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce overlinking
* | | | | | | | | | | | Merge OpenSSL 1.0.1j.jkim2014-10-151-0/+199
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relnotes: yes
* | | | | | | | | | | | Merge OpenSSL 1.0.1j.jkim2014-10-15336-437/+473
| | | | | | | | | | | |
* | | | | | | | | | | | Fix typo (LIBLDNSADD -> LIBLDNS) to fix "make checkdpadd"ngie2014-08-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X-MFC with: r269648 Phabric: D634 Approved by: jmmv (mentor)
* | | | | | | | | | | | Merge OpenSSL 1.0.1i.jkim2014-08-07335-444/+1107
| | | | | | | | | | | |
* | | | | | | | | | | | Rework privatelib/internallibbapt2014-08-0612-15/+15
| |_|_|_|_|_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste
* | | | | | | | | | | Replace all uses of libncurses and libtermcap with their wide characterbrooks2014-07-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | variants. This allows usable file system images (i.e. those with both a shell and an editor) to be created with only one copy of the curses library. Exp-run: antoine PR: 189842 Discussed with: bapt Sponsored by: DARPA, AFRL
* | | | | | | | | | | Remove ia64.marcel2014-07-071-224/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This includes: o All directories named *ia64* o All files named *ia64* o All ia64-specific code guarded by __ia64__ o All ia64-specific makefile logic o Mention of ia64 in comments and documentation This excludes: o Everything under contrib/ o Everything under crypto/ o sys/xen/interface o sys/sys/elf_common.h Discussed at: BSDcan
* | | | | | | | | | | Merge OpenSSL 1.0.1h.jkim2014-06-09333-352/+400
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Approved by: so (delphij)
* | | | | | | | | | | Switch using the new $2b$ format by default, when bcrypt is used.delphij2014-05-141-1/+1
| |_|_|_|_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MFC after: 2 weeks Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
* | | | | | | | | | Use src.opts.mk in preference to bsd.own.mk except where we need stuffimp2014-05-0618-18/+18
| |_|_|_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | from the latter.
* | | | | | | | | Fix order of libthr and libc in the global dso list for sshd, bykib2014-04-271-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | explicitely linking main binary with -lpthread. Before, libthr appeared in the list due to dependency of one of the kerberos libs. Due to the change in ld(1) behaviour of not copying NEEDED entries from direct dependencies into the link results, the order becomes reversed. The libthr must appear before libc to properly interpose libc symbols and provide working rtld locks implementation. The symptom was sshd hanging on rtld bind lock during nested symbol binding from a signal handler. Approved by: des (openssh maintainer) Sponsored by: The FreeBSD Foundation MFC after: 1 week
* | | | | | | | | Add placeholder Kyuafiles for various top-level hierarchies.jmmv2014-04-2110-1/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds tests/ directories in the source tree to create various subdirectories in /usr/tests/ and to install placeholder Kyuafiles for them. the relevant hierarchies are: cddl, etc, games, gnu and secure. The reason for this is to simplify the addition of new test programs for utilities or libraries under any of these directories. Doing so on a case by case basis is unnecessary and is quite an obscure process.
* | | | | | | | | NO_MAN= has been deprecated in favor of MAN= for some time, go aheadimp2014-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and finish the job. ncurses is now the only Makefile in the tree that uses it since it wasn't a simple mechanical change, and will be addressed in a future commit.
* | | | | | | | | Merge OpenSSL 1.0.1g.jkim2014-04-08334-356/+376
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Approved by: benl (maintainer)
* | | | | | | | | Use MK_CRYPT=no in preference to WITHOUT_CRYPT here.imp2014-04-051-5/+5
| | | | | | | | |
* | | | | | | | | Upgrade to OpenSSH 6.6p1.des2014-03-252-5/+5
| | | | | | | | |
OpenPOWER on IntegriCloud