Commit Graph

1192 Commits

Author SHA1 Message Date
Glen Barber
1da7787f71 Merge the remainder of the projects/openssl111 branch to head.
- Update OpenSSL to version 1.1.1.
- Update Kerberos/Heimdal API for OpenSSL 1.1.1 compatibility.
- Bump __FreeBSD_version.

Approved by:	re (kib)
Sponsored by:	The FreeBSD Foundation
2018-10-09 21:28:26 +00:00
Dag-Erling Smørgrav
bd393de91c Fix portability issues with the Capsicum patch committed in r339216:
- Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
- Wrap calls to login_cap(3) API in appropriate #ifdefs.
- Add wrapper for transferring time_t, which is still only 32 bits wide
  on FreeBSD i386.
- Use a temporary variable to deserialize size_t.

Approved by:	re (gjb)
2018-10-09 19:27:42 +00:00
Ed Maste
4660a83eac Regenerate ssh_namespace.h for OpenSSL 1.1.1 update 2018-10-09 17:29:31 +00:00
Glen Barber
7c32835287 MFH r338661 through r339253.
Sponsored by:	The FreeBSD Foundation
2018-10-09 14:27:55 +00:00
Ed Maste
c0a542de36 openssh: regenerate ssh-namespace.h after r339213 and r339216
Reported by:	des
Approved by:	re (rgrimes)
2018-10-09 03:11:59 +00:00
Glen Barber
fc3f42d80f MFH r339206-r339212, r339215-r339239
Sponsored by:	The FreeBSD Foundation
2018-10-08 18:06:40 +00:00
Ed Maste
fc3c19a9fc sshd: address capsicum issues
* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
  capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
  timezone file.
* Reverse resolve hostname before entering capability mode.

PR:		231172
Submitted by:	naito.yuichiro@gmail.com
Reviewed by:	cem, des
Approved by:	re (rgrimes)
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D17128
2018-10-06 21:32:55 +00:00
Ed Maste
2a01feabb3 openssh: cherry-pick OpenSSL 1.1.1 compatibility
Compatibility with existing OpenSSL versions is maintained.

Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Connect libressl-api-compat.c to the build, and regenerate config.h

Reviewed by:	des
Approved by:	re (rgrimes)
MFC after:	2 seeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17444
2018-10-06 14:38:34 +00:00
John Baldwin
e4456411a8 Update the existing heimdal implementation for OpenSSL 1.1.
Existing work is underway to import a newer version of heimdal, but
this patchset gets us to a fully working tree to enable more wide
spread testing of OpenSSL 1.1 for now.

I've also enabled WARNS=1 for kerberos (which is the reason for the
change in libroken).  Having -Werror enabled was useful during the
1.1 updates and we probably should have warnings enabled by default
for kerberos anyway.

This passes make tinderbox, and I have also done some very light
runtime testing on amd64.

Reviewed by:	bjk, jkim, emaste
Differential Revision:	https://reviews.freebsd.org/D17276
2018-10-05 16:35:24 +00:00
Ed Maste
4b6d416b32 openssh: connect libressl-api-compat.c and regen config.h
Differential Revision:	https://reviews.freebsd.org/D17390
2018-10-03 16:38:36 +00:00
Ed Maste
9e15a1058d openssh: add openbsd-compat/libressl-api-compat.c
Missed in migrating changeset from git to svn for r338811

Reported by:	jhb
2018-10-03 16:06:17 +00:00
Jung-uk Kim
9887b02239 Add a hack to build on ARMv4 and ARMv5. 2018-09-23 02:51:54 +00:00
Ed Maste
3e058dbd7b openssh: cherry-pick OpenSSL 1.1.1 compatibility
Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.

Trivial conflicts in sshkey.c and test_sshkey.c were resolved.

Sponsored by:	The FreeBSD Foundation
2018-09-19 21:18:44 +00:00
Ed Maste
c6de6086cf openssh: rename local macro to avoid OpenSSL 1.1.1 conflict
Local changes introduced an OPENSSH_VERSION macro, but this conflicts
with a macro of the same name introduced with OepnsSL 1.1.1

Reviewed by:	des
Approved by:	re (gjb)
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2018-09-19 20:52:47 +00:00
Ed Maste
5d5f8b31cb openssh: rename local macro to avoid OpenSSL 1.1.1 conflict
Local changes introduced an OPENSSH_VERSION macro, but this conflicts
with a macro of the same name introduced with OpenSSL 1.1.1.
2018-09-19 19:13:29 +00:00
Jung-uk Kim
548ad621b5 Add generated header file for openssl(1). 2018-09-19 00:32:48 +00:00
Jung-uk Kim
e78c4f2d77 Add generated header files for FreeBSD. 2018-09-19 00:08:27 +00:00
Jung-uk Kim
eabbf3ff4b Update SHLIB_VERSION_NUMBER to 9.
Prodded by:	avg
2018-09-14 14:40:09 +00:00
Jung-uk Kim
e71b70530d Update OpenSSL to 1.1.1.
Note it does not update build infrastructure.
2018-09-13 20:40:51 +00:00
Jung-uk Kim
a43ce912fc Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00
Dag-Erling Smørgrav
190cef3d52 Upgrade to OpenSSH 7.8p1.
Approved by:	re (kib@)
2018-09-10 16:20:12 +00:00
Cy Schubert
76f6651cf0 Avoid printing extraneous function names when searching man page
database (apropos, man -k). This commit Replaces .SS with .SH,
similar to the man page provided by original heimdal (as in port).

PR:		230573
Submitted by:	yuripv@yuripv.net
Approved by:	re (rgrimes@)
MFC after:	3 days
2018-08-29 06:04:54 +00:00
Xin LI
c1e80940f3 Update userland arc4random() with OpenBSD's Chacha20 based arc4random().
ObsoleteFiles.inc:

    Remove manual pages for arc4random_addrandom(3) and
    arc4random_stir(3).

  contrib/ntp/lib/isc/random.c:
  contrib/ntp/sntp/libevent/evutil_rand.c:

    Eliminate in-tree usage of arc4random_addrandom().

  crypto/heimdal/lib/roken/rand.c:
  crypto/openssh/config.h:

    Eliminate in-tree usage of arc4random_stir().

  include/stdlib.h:

    Remove arc4random_stir() and arc4random_addrandom() prototypes,
    provide temporary shims for transistion period.

  lib/libc/gen/Makefile.inc:

    Hook arc4random-compat.c to build, add hint for Chacha20 source for
    kernel, and remove arc4random_addrandom(3) and arc4random_stir(3)
    links.

  lib/libc/gen/arc4random.c:

    Adopt OpenBSD arc4random.c,v 1.54 with bare minimum changes, use the
    sys/crypto/chacha20 implementation of keystream.

  lib/libc/gen/Symbol.map:

    Remove arc4random_stir and arc4random_addrandom interfaces.

  lib/libc/gen/arc4random.h:

    Adopt OpenBSD arc4random.h,v 1.4 but provide _ARC4_LOCK of our own.

  lib/libc/gen/arc4random.3:

    Adopt OpenBSD arc4random.3,v 1.35 but keep FreeBSD r114444 and
    r118247.

  lib/libc/gen/arc4random-compat.c:

    Compatibility shims for arc4random_stir and arc4random_addrandom
    functions to preserve ABI.  Log once when called but do nothing
    otherwise.

  lib/libc/gen/getentropy.c:
  lib/libc/include/libc_private.h:

    Fold __arc4_sysctl into getentropy.c (renamed to arnd_sysctl).
    Remove from libc_private.h as a result.

  sys/crypto/chacha20/chacha.c:
  sys/crypto/chacha20/chacha.h:

    Make it possible to use the kernel implementation in libc.

PR:		182610
Reviewed by:	cem, markm
Obtained from:	OpenBSD
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16760
2018-08-19 17:40:50 +00:00
Jung-uk Kim
dea77ea6fc Merge OpenSSL 1.0.2p. 2018-08-14 17:48:02 +00:00
Jung-uk Kim
43a67e02da Import OpenSSL 1.0.2p. 2018-08-14 16:18:14 +00:00
Dag-Erling Smørgrav
f2a2dfa729 Merge upstream patch to unbreak tunnel forwarding.
Reported by:	cy@
2018-05-16 14:04:39 +00:00
Dag-Erling Smørgrav
47dd1d1b61 Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
Dag-Erling Smørgrav
4f52dfbb8d Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11.  For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
2018-05-08 23:13:11 +00:00
Dag-Erling Smørgrav
b23ddc5855 Update the repository URLs. 2018-05-06 13:21:44 +00:00
Jung-uk Kim
dee36b4f92 Merge OpenSSL 1.0.2o. 2018-03-27 17:17:58 +00:00
Jung-uk Kim
02be298e50 Import OpenSSL 1.0.2o. 2018-03-27 17:03:01 +00:00
Jung-uk Kim
0c731de94c Add declaration of SSL_get_selected_srtp_profile() for OpenSSL.
Because there was an extra declaration in the vendor version, we locally
removed the second one in r238405 with 1.0.1c.  Later, upstream fixed it in
1.0.2d but they removed the first one.  Therefore, both were removed in our
version unfortunately.  Now we revert to the vendor one to re-add it.

MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D10525
2018-01-25 23:38:05 +00:00
Jung-uk Kim
c4ad4dffb3 Merge OpenSSL 1.0.2n. 2017-12-07 18:02:57 +00:00
Jung-uk Kim
4f94f84d84 Import OpenSSL 1.0.2n. 2017-12-07 17:37:15 +00:00
Jung-uk Kim
47902a71f3 Merge OpenSSL 1.0.2m. 2017-11-02 18:04:29 +00:00
Jung-uk Kim
b6a9311a3e Import OpenSSL 1.0.2m. 2017-11-02 17:35:19 +00:00
Dag-Erling Smørgrav
d93a896ef9 Upgrade to OpenSSH 7.5p1. 2017-08-04 12:57:24 +00:00
Xin LI
49426905b3 MFV r320905: Import upstream fix for CVE-2017-11103.
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Submitted by:	hrs
Obtained from:	Heimdal
Security:	FreeBSD-SA-17:05.heimdal
Security:	CVE-2017-11103
2017-07-12 07:19:06 +00:00
Jung-uk Kim
ed7112f094 Merge OpenSSL 1.0.2l. 2017-05-25 20:52:16 +00:00
Jung-uk Kim
12df5ad9af Import OpenSSL 1.0.2l. 2017-05-25 19:38:38 +00:00
Kurt Lidl
342b8b88ba Refine and update blacklist support in sshd
Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.

Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.

Reviewed by:	des
Approved by:	des
Sponsored by:	The FreeBSD Foundation
2017-05-12 15:20:12 +00:00
Andrew Turner
e7fca4bb42 Fix linking with lld by marking OPENSSL_armcap_P as hidden.
Linking with lld fails as it contains a relative address, however the data
this address is for may be relocated from the shared object to the main
executable.

Fix this by adding the hidden attribute. This stops moving this value to
the main executable. It seems this is implicit upstream as it uses a
version script.

Approved by:	jkim
Sponsored by:	DARPA, AFRL
2017-04-07 12:41:57 +00:00
Dag-Erling Smørgrav
ca86bcf253 Upgrade to OpenSSH 7.4p1. 2017-03-06 01:37:05 +00:00
Dag-Erling Smørgrav
0999bc4881 Re-apply part of r311585 which was inadvertantly reverted in the upgrade
to 7.3p1.  The other part (which adds -DLIBWRAP to sshd's CFLAGS) is
still in place.

Reported by:	ngie
2017-03-03 14:25:55 +00:00
Dag-Erling Smørgrav
6d6e8a4a09 Forgot to bump the version addendum date. 2017-03-03 01:50:10 +00:00
Dag-Erling Smørgrav
076ad2f836 Upgrade to OpenSSH 7.3p1. 2017-03-02 00:11:32 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Dag-Erling Smørgrav
4fcbf74fb1 Avoid picking up MIT Kerberos from ports (if installed). 2017-02-26 19:00:55 +00:00
Dag-Erling Smørgrav
8f7bfc76bd Fix amusingly harmless mis-merge. 2017-02-26 16:34:58 +00:00
Kurt Lidl
5057f65606 Only notify blacklistd for successful logins in auth.c
Reported by:	Rick Adams
Reviewed by:	des
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2017-02-19 20:35:39 +00:00
Jung-uk Kim
6cf8931a2f Merge OpenSSL 1.0.2k. 2017-01-26 19:10:29 +00:00
Jung-uk Kim
5315173646 Import OpenSSL 1.0.2k. 2017-01-26 18:32:12 +00:00
Xin LI
9ea45e75fa MFV r311913:
Fix multiple OpenSSH vulnerabilities.

Submitted by:	des
Approved by:	so
2017-01-11 05:49:39 +00:00
Enji Cooper
233932cc2a Conditionalize building libwrap support into sshd
Only build libwrap support into sshd if MK_TCP_WRAPPERS != no

This will unbreak the build if libwrap has been removed from the system

MFC after:	2 weeks
PR:		210141
Submitted by:	kpect@protonmail.com
Differential Revision:	D9049
2017-01-07 08:08:35 +00:00
Xin LI
56e6c4251c MFV r308196:
Fix OpenSSH remote Denial of Service vulnerability.

Security:	CVE-2016-8858
2016-11-02 06:49:25 +00:00
Jung-uk Kim
7518a9bd2b Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew. 2016-10-26 20:02:22 +00:00
Jung-uk Kim
f1fe58d376 Merge OpenSSL 1.0.2j. 2016-09-26 14:22:17 +00:00
Jung-uk Kim
e656c34a18 Import OpenSSL 1.0.2j. 2016-09-26 14:13:11 +00:00
Jung-uk Kim
aeb5019c48 Merge OpenSSL 1.0.2i. 2016-09-22 13:27:44 +00:00
Jung-uk Kim
e1b483878d Import OpenSSL 1.0.2i. 2016-09-22 13:04:03 +00:00
Kurt Lidl
b2af61ec69 Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file.  This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by:	des
Approved by:	des
MFC after:		1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D7051
2016-08-30 14:09:24 +00:00
Jung-uk Kim
43e4bca77d Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B.
MFC after:	1 week
2016-08-22 20:59:34 +00:00
Ed Maste
4620ba2e32 Remove duplicate symbol from libhx509 version-script.map
Upstream commit r21331 (7758a5d0) added semiprivate function
_hx509_request_to_pkcs10 twice. This change has been committed upstream
as 8ef0071d.
2016-08-22 18:50:57 +00:00
Dag-Erling Smørgrav
144a80bd9a Try to check whether each key file exists before adding it, and bail out
if we didn't find any of them.  This reduces log spam about key files for
deprecated algorithms, which we look for but don't generate.

PR:		208254
MFC after:	3 days
2016-08-08 10:46:18 +00:00
Dag-Erling Smørgrav
9ded33068e Remove DSA from default cipher list and disable SSH1.
Upstream did this a long time ago, but we kept DSA and SSH1 in FreeBSD for
reasons which boil down to POLA.  Now is a good time to catch up.

MFC after:	3 days
Relnotes:	yes
2016-08-03 16:08:21 +00:00
Ed Maste
bb04182c90 Remove duplicate symbols from libroken version-script.map
Upstream commit r24759 (efed563) prefixed some symbols with rk_, but
introduced 6 duplicate symbols in the version script (because the
rk_-prefixed versions of the symbols were already present).
2016-07-21 18:12:39 +00:00
Glen Barber
faebc97a1c Revert r301551, which added blacklistd(8) to sshd(8).
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by:	des
PR:		210479 (related)
Approved by:	re (marius)
Sponsored by:	The FreeBSD Foundation
2016-06-24 23:22:42 +00:00
Kurt Lidl
c0cc364181 Add blacklist support to sshd
Reviewed by:	rpaulo
Approved by:	rpaulo (earlier version of changes)
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5915
2016-06-07 16:18:09 +00:00
Andriy Gapon
056f620e09 openssl: change SHLIB_VERSION_NUMBER to reflect the reality
Some consumers actually use this definition.

We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
2016-06-03 14:09:38 +00:00
Conrad Meyer
f74fc68670 libkrb5: Fix potential double-free
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed
memory and then be double-freed.  After freeing it the first time, initialize
it to NULL, which causes subsequent krb5_free_principal calls to do the right
thing.

Reported by:	Coverity
CID:		1273430
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 23:25:59 +00:00
Jung-uk Kim
b8721c1643 Merge OpenSSL 1.0.2h.
Relnotes:	yes
2016-05-03 18:50:10 +00:00
Jung-uk Kim
57f1256b1a Import OpenSSL 1.0.2h. 2016-05-03 18:00:27 +00:00
Dag-Erling Smørgrav
c3c6c935fc Re-add AES-CBC ciphers to the default cipher list on the server.
PR:		207679
2016-03-11 00:23:10 +00:00
Dag-Erling Smørgrav
acc1a9ef83 Upgrade to OpenSSH 7.2p2. 2016-03-11 00:15:29 +00:00
Jung-uk Kim
4c6a0400b9 Merge OpenSSL 1.0.2g.
Relnotes:	yes
2016-03-01 22:08:28 +00:00
Jung-uk Kim
9aeed18ad7 Import OpenSSL 1.0.2g. 2016-03-01 17:57:01 +00:00
Dag-Erling Smørgrav
b4245df0a8 Document our modified default value for PermitRootLogin. 2016-02-02 10:02:38 +00:00
Jung-uk Kim
8180e704ac Merge OpenSSL 1.0.2f.
Relnotes:	yes
2016-01-28 20:15:22 +00:00
Jung-uk Kim
c188d4cade Import OpenSSL 1.0.2f. 2016-01-28 18:41:59 +00:00
Dag-Erling Smørgrav
c4cd1fa410 Switch UseDNS back on 2016-01-27 13:40:44 +00:00
Dag-Erling Smørgrav
6362080245 r294563 was incomplete; re-add the client-side options as well. 2016-01-22 14:22:11 +00:00
Dag-Erling Smørgrav
6f3513465d Instead of removing the NoneEnabled option, mark it as unsupported.
(should have done this in r291198, but didn't think of it until now)
2016-01-22 13:13:46 +00:00
Dag-Erling Smørgrav
0591b689c2 Update the instructions and the list of major local modifications. 2016-01-21 12:42:31 +00:00
Dag-Erling Smørgrav
a067b78c9c Explain why we don't include VersionAddendum in the debug mode banner. 2016-01-21 12:41:02 +00:00
Dag-Erling Smørgrav
fc1ba28a5c Upgrade to OpenSSH 7.1p2. 2016-01-21 11:54:34 +00:00
Dag-Erling Smørgrav
acf8e75eb0 Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.
Noticed by:	glebius
2016-01-21 11:10:14 +00:00
Dag-Erling Smørgrav
ca04c57ca9 Take care not to pick up the wrong version of OpenSSL when running in an
environment that has OpenSSL from ports in addition to the base version.
2016-01-21 10:57:45 +00:00
Dag-Erling Smørgrav
0b0dd5086b Remove RCS tags from files in which we no longer have any local
modifications, and add them to two files in which we do.
2016-01-20 23:23:08 +00:00
Dag-Erling Smørgrav
8688f98d23 Remove a number of generated files which are either out-of-date (because
they are never regenerated to reflect our changes) or in the way of
freebsd-configure.sh.
2016-01-20 23:08:57 +00:00
Dag-Erling Smørgrav
eccfee6ebc Upgrade to OpenSSH 7.0p1. 2016-01-20 22:57:10 +00:00
Dag-Erling Smørgrav
557f75e54a Upgrade to OpenSSH 6.9p1. 2016-01-19 18:55:44 +00:00
Dag-Erling Smørgrav
9860d96e8f Re-add HPN configuration options as deprecated options to avoid breaking
existing configurations that use them.  Note that there is no functional
difference between OpenSSH with HPN and OpenSSH without HPN.
2016-01-19 18:38:17 +00:00
Dag-Erling Smørgrav
bc5531debe Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
Dag-Erling Smørgrav
00912a2021 Now that we have local modifications in configure.ac and configure, run
autoheader and autoconf to avoid having to patch configure manually.
2016-01-19 17:20:07 +00:00
Dag-Erling Smørgrav
a0ee8cc636 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
2016-01-19 16:18:26 +00:00
Dag-Erling Smørgrav
60c59fad88 As previously threatened, remove the HPN patch from OpenSSH. 2016-01-19 14:38:20 +00:00
Dag-Erling Smørgrav
5ecdd3c4d3 Use 'svn list -R' instead of find, and recognize comments in shell scripts
and {ssh,sshd}_config.
2016-01-19 14:25:22 +00:00
Dag-Erling Smørgrav
c1ea5e1a86 Recognize *roff comments. 2016-01-19 13:15:57 +00:00
Dag-Erling Smørgrav
50356f4843 Update the pre- and post-merge scripts to work correctly after the recent
cleanup.  A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh)
now results in an unchanged working copy.
2016-01-19 12:38:53 +00:00
Gleb Smirnoff
1026c03c28 Fix OpenSSH client information leak.
Security:	SA-16:07.openssh
Security:	CVE-2016-0777
2016-01-14 22:40:46 +00:00
Dag-Erling Smørgrav
22f393c35d Incorrect length in calloc() call, already fixed upstream.
PR:		204769
Submitted by:	David Binderman <dcb314@hotmail.com>
MFC after:	1 week
2015-12-17 19:36:25 +00:00
Jung-uk Kim
80815a778e Merge OpenSSL 1.0.2e. 2015-12-03 21:13:35 +00:00
Jung-uk Kim
737d7e8d39 Import OpenSSL 1.0.2e. 2015-12-03 17:22:58 +00:00
Dag-Erling Smørgrav
6dd7775dfd r291198 inadvertantly reverted a local patch for the default location
of ssh-askpass and xauth, breaking X11 forwarding.
2015-11-26 23:05:40 +00:00
Dag-Erling Smørgrav
af12673615 Revert inadvertent commit of an incorrect patch 2015-11-24 16:07:03 +00:00
Dag-Erling Smørgrav
db83e5424b Remove description of the now-defunct NoneEnabled option. 2015-11-24 16:06:15 +00:00
Dag-Erling Smørgrav
1765946ba9 Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
Jung-uk Kim
2409c5b0cc Remove duplicate manual pages.
Reported by:	brd
2015-11-16 21:36:15 +00:00
Dag-Erling Smørgrav
f2e553364c Remove dead code. 2015-11-11 13:47:23 +00:00
Dag-Erling Smørgrav
845c9bd1d9 One more $Mdocdate$ 2015-11-11 13:27:58 +00:00
Dag-Erling Smørgrav
5bec830e40 Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). 2015-11-11 13:26:47 +00:00
Dag-Erling Smørgrav
5b71b2ebe0 Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
2015-11-11 13:23:07 +00:00
Jung-uk Kim
7bded2db17 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
Jung-uk Kim
e9fcefce9b Import OpenSSL 1.0.2d. 2015-10-23 19:46:02 +00:00
Xin LI
1e415e2992 Fix OpenSSH multiple vulnerabilities by backporting three changes
from OpenSSH-portable master.

Git revisions:	45b0eb752c94954a6de046bfaaf129e518ad4b5b
		5e75f5198769056089fb06c4d738ab0e5abc66f7
		d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by:	des
Security:	FreeBSD-SA-15:22.openssh
2015-08-25 20:48:37 +00:00
Xin LI
3a0b9b7735 Fix multiple OpenSSH vulnerabilities.
Security:	CVE-2014-2653
Security:	CVE-2015-5600
Security:	FreeBSD-SA-15:16.openssh
2015-07-28 19:58:38 +00:00
Eric van Gyzen
3e74849a1e ssh: canonicize the host name before looking it up in the host file
Re-apply r99054 by des in 2002.  This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).

This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c

PR:		198043
Differential Revision:	https://reviews.freebsd.org/D3103
Reviewed by:	des
Approved by:	kib (mentor)
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Dell Inc.
2015-07-16 18:44:18 +00:00
Jung-uk Kim
45c1772ea0 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
Jung-uk Kim
c07d7b3a38 Import OpenSSL 1.0.1p. 2015-07-09 16:41:34 +00:00
Jung-uk Kim
d47910c6ed Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
Jung-uk Kim
15533bcc35 Import OpenSSL 1.0.1o. 2015-06-12 16:33:55 +00:00
Jung-uk Kim
ed6b93be54 Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
Jung-uk Kim
a9745f9a84 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
Dag-Erling Smørgrav
8a1ab32008 Import new moduli from OpenBSD. Although there is no reason to distrust
the current set, it is good hygiene to change them once in a while.

MFC after:	1 week
2015-05-26 19:46:41 +00:00
Bryan Drewery
e3bd730f60 Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.
The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH
in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e:

  - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
    [clientloop.c]
    Use the correct packet maximum sizes for remote port and agent forwarding.
    Prevents the server from killing the connection if too much data is queued
    and an excessively large packet gets sent.  bz #1360, ok djm@.

The change was lost due to the the way the original upstream HPN patch
modified this code. It was re-adding the original OpenSSH code and never
was properly fixed to use the new value.

MFC after:	2 weeks
2015-04-02 18:43:25 +00:00
Bryan Drewery
6e57108113 Document "none" for VersionAddendum.
PR:		193127
MFC after:	2 weeks
2015-03-23 02:45:12 +00:00
Jung-uk Kim
6f9291cea8 Merge OpenSSL 1.0.1m. 2015-03-20 19:16:18 +00:00
Jung-uk Kim
3d2030852d Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
Jung-uk Kim
dc2b908f54 Merge OpenSSL 1.0.1l.
MFC after:	1 week
Relnotes:	yes
2015-01-16 21:03:23 +00:00
Jung-uk Kim
8f5086671f Import OpenSSL 1.0.1l. 2015-01-16 19:52:36 +00:00
Jung-uk Kim
de496999fe MFV: r276862
Fix build.
2015-01-09 00:42:10 +00:00
Jung-uk Kim
973cfcbfe1 Fix build failure on Windows due to undefined cflags identifier.
5c5e7e1a7e
2015-01-09 00:12:20 +00:00
Jung-uk Kim
751d29910b Merge OpenSSL 1.0.1k. 2015-01-08 23:42:41 +00:00
Jung-uk Kim
c6485458b3 Import OpenSSL 1.0.1k. 2015-01-08 22:40:39 +00:00
Jung-uk Kim
fa5fddf171 Merge OpenSSL 1.0.1j. 2014-10-15 19:12:05 +00:00
Jung-uk Kim
58ab7656b2 Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
Glen Barber
28c80a7dd8 Include the gssapi_krb5 library in KRB5_LDFLAGS.
PR:		156245
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2014-09-08 19:00:13 +00:00
Jung-uk Kim
a93cbc2be8 Merge OpenSSL 1.0.1i. 2014-08-07 18:56:10 +00:00
Jung-uk Kim
cb6864802e Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
Jung-uk Kim
94ad176c68 Merge OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-09 05:50:57 +00:00
Jung-uk Kim
2e22f5e2e0 Import OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-06 20:59:29 +00:00
Xin LI
4a448cff07 Fix OpenSSL multiple vulnerabilities.
Security:	CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
		CVE-2014-3470
Security:	SA-14:14.openssl
Approved by:	so
2014-06-05 12:32:16 +00:00
Steven Hartland
4b0b2f2d1b Change comment about HPNDisabled to match the style of other options to
avoid confusion.

Sponsored by:	Multiplay
2014-05-20 10:28:19 +00:00
Xin LI
f5da602e47 Fix OpenSSL NULL pointer deference vulnerability.
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2014-0198
2014-05-13 23:17:24 +00:00
Xin LI
e38c714ed3 Fix OpenSSL use-after-free vulnerability.
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2010-5298
2014-04-30 04:02:36 +00:00
Dag-Erling Smørgrav
30a0343983 Apply upstream patch for EC calculation bug and bump version addendum. 2014-04-20 11:34:33 +00:00
Warner Losh
3bdf775801 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
Dag-Erling Smørgrav
b8f726b41c Restore the pX part to the version number printed in debugging mode. 2014-04-09 20:42:00 +00:00
Jung-uk Kim
560ede85d4 Merge OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 21:06:58 +00:00
Jung-uk Kim
06369e3974 Import OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 20:15:18 +00:00
Xin LI
25bfde79d6 Fix NFS deadlock vulnerability. [SA-14:05]
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]
2014-04-08 18:27:32 +00:00
Dag-Erling Smørgrav
b83788ff87 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
Dag-Erling Smørgrav
cf783db152 Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base.  As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
2014-03-24 19:15:13 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
Pawel Jakub Dawidek
d62289d013 Fix installations that use kernels without CAPABILITIES support.
Approved by:	des
2014-02-04 21:48:09 +00:00
Dag-Erling Smørgrav
2b1970f362 Turn sandboxing on by default. 2014-02-01 00:07:16 +00:00
Dag-Erling Smørgrav
f7167e0ea0 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
Jung-uk Kim
de78d5d8fd Merge OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:57:11 +00:00
Jung-uk Kim
2dc7f78169 Import OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:27:13 +00:00
Xin LI
246aa294d7 MFV r260399:
Apply vendor commits:

197e0ea	Fix for TLS record tampering bug.  (CVE-2013-4353).
3462896	For DTLS we might need to retransmit messages from the
	previous session so keep a copy of write context in DTLS
	retransmission buffers instead of replacing it after
	sending CCS.  (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
	algorithms use the version number in the corresponding
	SSL_METHOD structure instead of the SSL structure.  The
	SSL structure version is sometimes inaccurate.
	Note: OpenSSL 1.0.2 and later effectively do this already.
	(CVE-2013-6449).

Security:	CVE-2013-4353
Security:	CVE-2013-6449
Security:	CVE-2013-6450
2014-01-07 19:58:45 +00:00
Benjamin Kaduk
0782240958 Apply patch from upstream Heimdal for encoding fix
RFC 4402 specifies the implementation of the gss_pseudo_random()
function for the krb5 mechanism (and the C bindings therein).
The implementation uses a PRF+ function that concatenates the output
of individual krb5 pseudo-random operations produced with a counter
and seed.  The original implementation of this function in Heimdal
incorrectly encoded the counter as a little-endian integer, but the
RFC specifies the counter encoding as big-endian.  The implementation
initializes the counter to zero, so the first block of output (16 octets,
for the modern AES enctypes 17 and 18) is unchanged.  (RFC 4402 specifies
that the counter should begin at 1, but both existing implementations
begin with zero and it looks like the standard will be re-issued, with
test vectors, to begin at zero.)

This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6,
from 13 October, 2013:
% Fix krb5's gss_pseudo_random() (n is big-endian)
%
% The first enctype RFC3961 prf output length's bytes are correct because
% the little- and big-endian representations of unsigned zero are the
% same.  The second block of output was wrong because the counter was not
% being encoded as big-endian.
%
% This change could break applications.  But those applications would not
% have been interoperating with other implementations anyways (in
% particular: MIT's).

Approved by:	hrs (mentor, src committer)
MFC after:	3 days
2013-12-13 03:09:29 +00:00
Xin LI
0a37d4a300 MFV r257952:
Upgrade to OpenSSH 6.4p1.

Bump VersionAddendum.

Approved by:	des
2013-11-11 09:19:58 +00:00
Dag-Erling Smørgrav
0085282b6a Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by:	re (marius)
2013-09-23 20:35:54 +00:00
Dag-Erling Smørgrav
ce3adf4362 Pull in all the OpenSSH bits that we'd previously left out because we
didn't use them.  This will make future merges from the vendor tree much
easier.

Approved by:	re (gjb)
2013-09-21 22:24:10 +00:00
Dag-Erling Smørgrav
e4a9863fb7 Upgrade to 6.3p1.
Approved by:	re (gjb)
2013-09-21 21:36:09 +00:00
Dag-Erling Smørgrav
83c6a5242c Change the default value of VerifyHostKeyDNS to "yes" if compiled with
LDNS.  With that setting, OpenSSH will silently accept host keys that
match verified SSHFP records.  If an SSHFP record exists but could not
be verified, OpenSSH will print a message and prompt the user as usual.

Approved by:	re (blanket)
2013-09-10 22:30:22 +00:00
Dag-Erling Smørgrav
58d839214e These three files appeared in 6.0p1, which was imported into the vendor
branch but never merged to head.  They were inadvertantly left out when
6.1p1 was merged to head.  It didn't make any difference at the time,
because they were unused, but one of them is required for DNS-based host
key verification.

Approved by:	re (blanket)
2013-09-09 13:56:58 +00:00
Dag-Erling Smørgrav
fb0edcbb74 Apply upstream revision 1.151 (fix relative symlinks)
MFC after:	3 days
2013-08-13 09:06:18 +00:00
Xin LI
14bf23ce31 MFV r254106 (OpenSSL bugfix for RT #2984):
Check DTLS_BAD_VER for version number.

The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

Requested by:	zi
Approved by:	benl
2013-08-08 22:29:35 +00:00
Hiroki Sato
3fbceebb4a Fix gssapi/gssapi_krb5.h after Heimdal 1.5.1 import.
Reviewed by:	dfr
2013-06-30 07:46:22 +00:00
Dag-Erling Smørgrav
aa0dd44b14 r251088 reverted the default value for UsePrivilegeSeparation from
"sandbox" to "yes", but did not update the documentation to match.
2013-06-28 09:41:59 +00:00
Dag-Erling Smørgrav
c89ea4d72b Revert a local change that sets the default for UsePrivilegeSeparation to
"sandbox" instead of "yes".  In sandbox mode, the privsep child is unable
to load additional libraries and will therefore crash when trying to take
advantage of crypto offloading on CPUs that support it.
2013-05-29 00:19:58 +00:00
Bjoern A. Zeeb
9c91c227c7 Have the ipropd-master listen on an IPv6 socket in addition to an IPv4
socket to allow propagation of changes to a Heimdal Kerberos database
from the KDC master to the slave(s) work on IPv6 as well.

Update the stats logging to also handle IPv6 addresses.

Reported by:		peter (found on FreeBSD cluster)
X-to-be-tested-by:	peter
MFC after:		3 weeks
2013-05-18 18:01:21 +00:00
Dag-Erling Smørgrav
420bce642c Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.
2013-05-17 09:12:33 +00:00
Bryan Drewery
f13e3f2087 The HPN patch added a new BUG bit for SSH_BUG_LARGEWINDOW
and the update to 6.1 added SSH_BUG_DYNAMIC_RPORT with the
same value.

Fix the HPN SSH_BUG_LARGEWINDOW bit so it is unique.

Approved by:	des
MFC after:	2 weeks
2013-05-13 11:32:20 +00:00
Dag-Erling Smørgrav
733706130a Merge updated "no such identity file" patch.
PR:		bin/178060
2013-04-24 12:36:37 +00:00
Dag-Erling Smørgrav
f29b8a64d0 Silence "received disconnect" in the common case. 2013-04-14 13:06:07 +00:00
Dag-Erling Smørgrav
fa67e83c67 Merge upstream patch to silence spurious "no such identity file" warnings. 2013-04-02 11:44:55 +00:00
Dag-Erling Smørgrav
5992891888 Silence printf format warnings. 2013-04-02 11:42:39 +00:00
Dag-Erling Smørgrav
ee8c73cd06 Silence warnings about redefined macros. 2013-04-01 13:48:30 +00:00
Dag-Erling Smørgrav
009fd5a774 Revert r247892 now that this has been fixed upstream. 2013-03-23 14:52:31 +00:00
Dag-Erling Smørgrav
6888a9be56 Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
Dag-Erling Smørgrav
c5c0dc9146 Keep the default AuthorizedKeysFile setting. Although authorized_keys2
has been deprecated for a while, some people still use it and were
unpleasantly surprised by this change.

I may revert this commit at a later date if I can come up with a way
to give users who still have authorized_keys2 files sufficient advance
warning.

MFC after:	ASAP
2013-03-18 10:50:50 +00:00
Dag-Erling Smørgrav
2ec88e9d1b Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's
own umask setting (from ~/.login.conf) unless running with the user's UID.
Therefore, we need to call it again with LOGIN_SETUMASK after changing UID.

PR:		bin/176740
Submitted by:	John Marshall <john.marshall@riverwillow.com.au>
MFC after:	1 week
2013-03-13 09:41:55 +00:00
Dag-Erling Smørgrav
29911fcacc Partially revert r247892 and r247904 since our strnvis() does not
behave the way OpenSSH expects.
2013-03-07 14:38:43 +00:00
Dag-Erling Smørgrav
e9a6213037 Remove strnvis(), strvis(), strvisx(). 2013-03-06 23:22:40 +00:00
Dag-Erling Smørgrav
d9bb67e8ce Explicitly disable lastlog, utmp and wtmp. 2013-03-06 13:46:20 +00:00
Dimitry Andric
d2a99d8189 Import change 6d783560e4aad1e680097d11e89755647a5aba87 from upstream
heimdal:

  fix sizeof(uuid)

Found by:	clang ToT
Reviewed by:	stas
2013-02-19 17:38:18 +00:00
Jung-uk Kim
09286989d3 Merge OpenSSL 1.0.1e.
Approved by:	secteam (simon), benl (silence)
2013-02-13 23:07:20 +00:00
Jung-uk Kim
b39da7f721 Change "the the" to "the". It is a continuation of r226436 and missed in
r237658.

Approved by:	benl (maintainer, implicit)
2013-02-13 22:38:20 +00:00
Jung-uk Kim
f3b8b34a88 Import OpenSSL 1.0.1e.
Approved by:	secteam (delphij, simon), benl (silence)
2013-02-13 22:15:56 +00:00
Pedro F. Giffuni
646a7fea0c Clean some 'svn:executable' properties in the tree.
Submitted by:	Christoph Mallon
MFC after:	3 days
2013-01-26 22:08:21 +00:00
Xin LI
7acf1c9d2e Indicate that we are using OpenSSL with some local modifications.
X-MFC after:	with r244974
2013-01-02 21:00:00 +00:00
Xin LI
2079cf0127 MFV r244973:
Integrate OpenSSL changeset 22950 (appro):

        bn_word.c: fix overflow bug in BN_add_word.

MFC after:	2 weeks
2013-01-02 20:58:46 +00:00
Xin LI
451758c611 Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
2013-01-02 20:56:53 +00:00
Eitan Adler
37a6031461 Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in
share/mk/sys.mk instead.

This is part of a medium term project to permit deterministic builds of
FreeBSD.

Submitted by:	Erik Cederstrand <erik@cederstrand.dk>
Reviewed by:	imp, toolchain@
Approved by:	cperciva
MFC after:	2 weeks
2012-12-06 01:31:25 +00:00
Pawel Jakub Dawidek
c71baf2689 Allow OpenSSL to use arc4random(3) on FreeBSD. arc4random(3) was modified
some time ago to use sysctl instead of /dev/random to get random data,
so is now much better choice, especially for sandboxed processes that have
no direct access to /dev/random.

Approved by:	benl
MFC after:	2 weeks
2012-11-30 22:23:23 +00:00
Dimitry Andric
ea74d89cf2 In crypto/heimdal/lib/sl/slc-lex.l, don't define YY_NO_INPUT, since
%option nounput is already specified.

MFC after:	3 days
2012-11-14 18:49:03 +00:00
Andriy Gapon
ff065ad3b5 openssl: change SHLIB_VERSION_NUMBER to reflect the reality
Note: I timed out waiting for an exp-run for this change but I survived
having it locally for quite a long time.

MFC after:	1 month
X-MFC note:	SHLIB_MAJOR is 6 in stable/8 and stable/9
2012-09-11 06:10:49 +00:00
Dag-Erling Smørgrav
462c32cb8d Upgrade OpenSSH to 6.1p1. 2012-09-03 16:51:41 +00:00