summaryrefslogtreecommitdiffstats
path: root/secure
Commit message (Collapse)AuthorAgeFilesLines
* Merge OpenSSL 1.0.1j.jkim2014-10-151-0/+199
| | | | Relnotes: yes
* Merge OpenSSL 1.0.1j.jkim2014-10-15336-437/+473
|
* Fix typo (LIBLDNSADD -> LIBLDNS) to fix "make checkdpadd"ngie2014-08-191-1/+1
| | | | | | X-MFC with: r269648 Phabric: D634 Approved by: jmmv (mentor)
* Merge OpenSSL 1.0.1i.jkim2014-08-07335-444/+1107
|
* Rework privatelib/internallibbapt2014-08-0612-15/+15
| | | | | | | | | | | | | | Make sure everything linking to a privatelib and/or an internallib does it directly from the OBJDIR rather than DESTDIR. Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing in final installation Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to internal/privatelib Directly link to the .so in case of private library to avoid having to complexify LDFLAGS. Phabric: https://phabric.freebsd.org/D553 Reviewed by: imp, emaste
* Replace all uses of libncurses and libtermcap with their wide characterbrooks2014-07-171-2/+2
| | | | | | | | | | variants. This allows usable file system images (i.e. those with both a shell and an editor) to be created with only one copy of the curses library. Exp-run: antoine PR: 189842 Discussed with: bapt Sponsored by: DARPA, AFRL
* Remove ia64.marcel2014-07-071-224/+0
| | | | | | | | | | | | | | | | | This includes: o All directories named *ia64* o All files named *ia64* o All ia64-specific code guarded by __ia64__ o All ia64-specific makefile logic o Mention of ia64 in comments and documentation This excludes: o Everything under contrib/ o Everything under crypto/ o sys/xen/interface o sys/sys/elf_common.h Discussed at: BSDcan
* Merge OpenSSL 1.0.1h.jkim2014-06-09333-352/+400
| | | | Approved by: so (delphij)
* Switch using the new $2b$ format by default, when bcrypt is used.delphij2014-05-141-1/+1
| | | | | MFC after: 2 weeks Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
* Use src.opts.mk in preference to bsd.own.mk except where we need stuffimp2014-05-0618-18/+18
| | | | from the latter.
* Fix order of libthr and libc in the global dso list for sshd, bykib2014-04-271-0/+10
| | | | | | | | | | | | | | | | | explicitely linking main binary with -lpthread. Before, libthr appeared in the list due to dependency of one of the kerberos libs. Due to the change in ld(1) behaviour of not copying NEEDED entries from direct dependencies into the link results, the order becomes reversed. The libthr must appear before libc to properly interpose libc symbols and provide working rtld locks implementation. The symptom was sshd hanging on rtld bind lock during nested symbol binding from a signal handler. Approved by: des (openssh maintainer) Sponsored by: The FreeBSD Foundation MFC after: 1 week
* Add placeholder Kyuafiles for various top-level hierarchies.jmmv2014-04-2110-1/+71
| | | | | | | | | | | | This change adds tests/ directories in the source tree to create various subdirectories in /usr/tests/ and to install placeholder Kyuafiles for them. the relevant hierarchies are: cddl, etc, games, gnu and secure. The reason for this is to simplify the addition of new test programs for utilities or libraries under any of these directories. Doing so on a case by case basis is unnecessary and is quite an obscure process.
* NO_MAN= has been deprecated in favor of MAN= for some time, go aheadimp2014-04-131-1/+1
| | | | | | and finish the job. ncurses is now the only Makefile in the tree that uses it since it wasn't a simple mechanical change, and will be addressed in a future commit.
* Merge OpenSSL 1.0.1g.jkim2014-04-08334-356/+376
| | | | Approved by: benl (maintainer)
* Use MK_CRYPT=no in preference to WITHOUT_CRYPT here.imp2014-04-051-5/+5
|
* Upgrade to OpenSSH 6.6p1.des2014-03-252-5/+5
|
* multiple: Remove 3rd clause from BSD license where approved by theeadler2014-03-141-5/+1
| | | | | | | | | regents and renumber. This patch skips files in contrib/ and crypto/ Acked by: imp Discussed with: emaste
* Refresh our implementation of OpenBSD's Blowfish password format.delphij2014-02-251-33/+52
| | | | | | | | | | | | | | | | | | Notable changes: - Support of $2b$ password format to address a problem where very long passwords (more than 256 characters, when an integer overflow would happen and cause the length to wrap at 256). - Updated pseudo code in comments to reflect the reality. - Removed our local shortcut of processing magic string and rely on the centralized and tigntened validation. - Diff reduction from upstream. For now we are still generating the older $02a$ format of password but we will migrate to the new format once the format is formally finalized. MFC after: 1 month
* Upgrade to OpenSSH 6.5p1.des2014-01-312-6/+10
|
* Merge OpenSSL 1.0.1f.jkim2014-01-22335-895/+796
| | | | Approved by: so (delphij), benl (silence)
* Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of ades2013-09-233-4/+12
| | | | | | | | | repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius)
* Replace claims that DES is a strong cryptosystem with a warning statingdes2013-09-211-28/+7
| | | | | | that it should no longer be considered secure. Approved by: re (gjb)
* Clean up the OpenSSH build. It is now possible to build most componentsdes2013-09-1012-46/+190
| | | | | | | | | | as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket)
* Make libldns and libssh private.des2013-09-0812-0/+12
| | | | Approved by: re (blanket)
* Remove references to MK_IDEA.ed2013-04-273-21/+1
| | | | | | As of r249959, we want to build with IDEA support enabled unconditionally. As this change removed the MK_IDEA flag, update these Makefiles accordingly.
* Upgrade to OpenSSH 6.2p1. The most important new features are supportdes2013-03-221-4/+4
| | | | for a key revocation list and more fine-grained authentication control.
* Retire the mislabeled ENABLE_SUID_SSH knob.des2013-03-221-3/+1
|
* Merge OpenSSL 1.0.1e.jkim2013-02-13336-731/+736
| | | | Approved by: secteam (simon), benl (silence)
* Add a src.conf(5) option to allow users to compile in the "NONE cipher",bz2013-01-173-0/+12
| | | | | | | | | which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
* Fix typo; s/ouput/outputkevlo2012-11-071-1/+1
|
* Upgrade OpenSSH to 6.1p1.des2012-09-031-2/+0
|
* Sort ASM definitions by crypto module for slightly easier maintenance.jkim2012-07-121-2/+4
| | | | Specifically, GHASH_ASM belongs to crypto/modes.
* Merge OpenSSL 1.0.1c.jkim2012-07-12394-13827/+67060
| | | | Approved by: benl (maintainer)
* Regen ca(1) for r237658. This re-applies r227458, i.e., add a missing "be".jkim2012-06-271-1/+1
|
* Merge OpenSSL 0.9.8x.jkim2012-06-27278-561/+567
| | | | | | Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
* Update the previous openssl fix. [12:01]bz2012-05-301-1/+1
| | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
* Restore the ability to use a non-standard LOCALBASE to sshdeadler2012-03-242-0/+8
| | | | | | | | | Add the ability to use a non-standard LOCALBASE to ssh Submitted by: jhb Reviewed by: des Approved by: cperciva MFC after: 0 days (with r233136)
* X11BASE is not used any more and has been killed by the x11 team.eadler2012-03-192-26/+0
| | | | | | Reviewed by: ??? Approved by: ??? MFC after: 3 days
* Return NULL on error rather than ":", per the crypt(3) man page.kevlo2012-02-221-6/+5
| | | | Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
* Force linker error when created shared library contains a relocationkib2011-12-061-0/+1
| | | | | | | | | against text. Provide the override switch to turn off the strict behaviour. Apparently, openssl libcrypto needs it due to assembler code not being PIC. Discussed with: bf MFC after: 2 weeks
* - add a missing "be" and "in"eadler2011-11-111-1/+1
| | | | | | | | | | | - fix other errors introduced when committing r226436 - add 'function' to a sentence where it makes sense Submitted by: delphij Submitted by: dougb Submitted by: jhb Approved by: dougb Approved by: jhb
* - change "is is" to "is" or "it is"eadler2011-10-163-3/+3
| | | | | | | | - change "the the" to "the" Approved by: lstewart Approved by: sahil (mentor) MFC after: 3 days
* Upgrade to OpenSSH 5.9p1.des2011-10-051-1/+2
| | | | MFC after: 3 months
* Upgrade to OpenSSH 5.8p2.des2011-05-042-7/+9
|
* Fix some leftover binaries and shared libraries in the system that stilldim2011-02-151-0/+4
| | | | | | | | | | | | | | | have an executable stack, due to linking in hand-assembled .S or .s files, that have no .GNU-stack sections: RWX --- --- /lib/libcrypto.so.6 RWX --- --- /lib/libmd.so.5 RWX --- --- /lib/libz.so.6 RWX --- --- /lib/libzpool.so.2 RWX --- --- /usr/lib/liblzma.so.5 These were found using scanelf, from the sysutils/pax-utils port. Reviewed by: kib
* Regenerate manual pages for OpenSSL 0.9.8q.simon2010-12-03278-291/+280
|
* Regenerate manual pages for OpenSSL 0.9.8p.simon2010-11-22278-9639/+7617
|
* Revert changes of 'assure' to 'ensure' made in r211936.brucec2010-09-111-1/+1
| | | | Approved by: rrs (mentor)
* Fix incorrect usage of 'assure' and 'insure'.brucec2010-08-281-1/+1
| | | | Approved by: rrs (mentor)
* Repair some build breakage introduced in r211725 and garbage collect somenwhitehorn2010-08-283-220/+12
| | | | code made obsolete in the same commit.
OpenPOWER on IntegriCloud