Commit Graph

724 Commits

Author SHA1 Message Date
Ed Maste
50b5c1f0e6 Make libcrypto position independent on i386
Prior to this change libcrypto ended up with a .text relocation.

Submitted by:	Rafael Espíndola (earlier version)
Reviewed by:	kib
Approved by:	so (glebius)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6164
2016-05-05 21:25:41 +00:00
Enji Cooper
430f7286a5 Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed
after r298107

Summary of changes:

- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
  namespacing is kept with FILES appropriately, and that this shouldn't need
  to be repeated if the namespace changes -- only the definition of PACKAGE
  needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
  `tests`. In the event we get to the point where things can be split up
  enough in the base system, it would make more sense to group the tests
  with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
  previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
  bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
  ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
  and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)

Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.

MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
2016-05-04 23:20:53 +00:00
Jung-uk Kim
b8721c1643 Merge OpenSSL 1.0.2h.
Relnotes:	yes
2016-05-03 18:50:10 +00:00
Glen Barber
49dae58b28 Fix including Kyuafile in packaged base system.
Fix a related typo while here.

Note, this change results in the Kyuafile inclusion in the runtime
package, which needs to be fixed, however addresses the PR as far
as I can tell in my tests.

PR:		209114
Submitted by:	ngie
Sponsored by:	The FreeBSD Foundation
2016-04-29 05:28:40 +00:00
Glen Barber
d60840138f MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
Bryan Drewery
497e80911e Remove the old depend (mkdep) code and make FAST_DEPEND the one true way.
Reviewed by:	emaste, hselasky (partial), brooks (brief)
Discussed on:	arch@
Sponsored by:	EMC / Isilon Storage Division
Differential Revision:	https://reviews.freebsd.org/D5742
2016-03-30 23:50:23 +00:00
Glen Barber
538354481e MFH
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:54:29 +00:00
Dag-Erling Smørgrav
acc1a9ef83 Upgrade to OpenSSH 7.2p2. 2016-03-11 00:15:29 +00:00
Glen Barber
7d536dc855 MFH
Sponsored by:	The FreeBSD Foundation
2016-03-10 21:16:01 +00:00
Bryan Drewery
15c433351f DIRDEPS_BUILD: Connect MK_TESTS.
Sponsored by:	EMC / Isilon Storage Division
2016-03-09 22:46:01 +00:00
Glen Barber
52259a98ad MFH
Sponsored by:	The FreeBSD Foundation
2016-03-02 16:14:46 +00:00
Jung-uk Kim
4c6a0400b9 Merge OpenSSL 1.0.2g.
Relnotes:	yes
2016-03-01 22:08:28 +00:00
Bryan Drewery
bd18fd57db DIRDEPS_BUILD: Regenerate without local dependencies.
These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.

Sponsored by:	EMC / Isilon Storage Division
2016-02-24 17:20:11 +00:00
Glen Barber
72c3aa02dc MFH
Sponsored by:	The FreeBSD Foundation
2016-02-18 00:37:58 +00:00
Bryan Drewery
9d8a81b4e4 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-02-16 02:14:30 +00:00
Glen Barber
1f4bcc459a More 'tests' packaging fixes.
Sponsored by:	The FreeBSD Foundation
2016-02-03 19:08:45 +00:00
Glen Barber
43faedc133 First pass to fix the 'tests' packages.
Sponsored by:	The FreeBSD Foundation
2016-02-02 22:26:49 +00:00
Glen Barber
c8296cbb96 MFH
Sponsored by:	The FreeBSD Foundation
2016-01-29 14:52:54 +00:00
Jung-uk Kim
8180e704ac Merge OpenSSL 1.0.2f.
Relnotes:	yes
2016-01-28 20:15:22 +00:00
Glen Barber
0e186c0aab MFH
Sponsored by:	The FreeBSD Foundation
2016-01-27 14:16:13 +00:00
Ruslan Bukin
390566702b Add the openssl header for RISC-V.
Copied from aarch64 as we can't generate it yet.
2016-01-26 14:17:39 +00:00
Glen Barber
f9421853ad MFH
Sponsored by:	The FreeBSD Foundation
2016-01-25 14:13:28 +00:00
Dag-Erling Smørgrav
eccfee6ebc Upgrade to OpenSSH 7.0p1. 2016-01-20 22:57:10 +00:00
Glen Barber
59d43d11fe MFH
Sponsored by:	The FreeBSD Foundation
2016-01-20 09:50:54 +00:00
John Baldwin
ba681bc934 List source files (foo.c) instead of object files in SRCS.
Reviewed by:	bdrewery
2016-01-20 00:03:28 +00:00
Dag-Erling Smørgrav
bc5531debe Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
Dag-Erling Smørgrav
a0ee8cc636 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
2016-01-19 16:18:26 +00:00
Glen Barber
b626f5a73a MFH r289384-r293170
Sponsored by:	The FreeBSD Foundation
2016-01-04 19:19:48 +00:00
Bryan Drewery
c7006ec555 Build engines in parallel.
Sponsored by:	EMC / Isilon Storage Division
2015-12-15 19:57:56 +00:00
Bryan Drewery
e42070a701 Replace unneeded manual dependency on header by adding it to SRCS.
bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if
there is not yet a depend file.  The headers in SRCS are never built or
installed.  After 'make depend' the header was already added as a proper
dependency on the objects where needed.

MFC after:	2 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-12-07 16:08:09 +00:00
Jung-uk Kim
80815a778e Merge OpenSSL 1.0.2e. 2015-12-03 21:13:35 +00:00
Bryan Drewery
b1f92fa229 META MODE: Update dependencies with 'the-lot' and add missing directories.
This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so.  A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR.  These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package.  The current implementation of targets/ is
very unmaintainable.

Currently rescue/rescue and sys/modules are still not connected.

Sponsored by:	EMC / Isilon Storage Division
2015-12-01 05:23:19 +00:00
Bryan Drewery
7b3ea376a2 META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host.
This both avoids some dependencies on xinstall.host and allows
bootstrapping on older releases to work due to lack of at least 'install -l'
support.

Sponsored by:	EMC / Isilon Storage Division
2015-11-25 19:10:28 +00:00
Dag-Erling Smørgrav
1765946ba9 Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
Jung-uk Kim
fa4593b5c7 Simplify man-makefile-update target. 2015-11-17 20:47:16 +00:00
Jung-uk Kim
2409c5b0cc Remove duplicate manual pages.
Reported by:	brd
2015-11-16 21:36:15 +00:00
Jung-uk Kim
352dda694d Fix a typo. I did not mean it, really. 2015-11-06 18:24:49 +00:00
Jung-uk Kim
d7c49e6c15 Clean up OpenSSL makefiles. 2015-11-06 17:39:17 +00:00
Jung-uk Kim
7bded2db17 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
Enji Cooper
62d8190926 Fix GOST engine cipher linkage by adding e_gost_err.c to SRCS so it
picks up undefined symbols, like "ERR_load_GOST_strings"

MFC after: 3 days
PR: 184805
Submitted by: Ivan IvanZhdanov <ivan.zhdanov@gmail.com>
Sponsored by: EMC / Isilon Storage Division
2015-10-30 05:33:38 +00:00
Jung-uk Kim
9351ee8ccb Define endianness for non-x86 platforms.
MFC after:	3 days
2015-10-28 22:49:37 +00:00
Bryan Drewery
aa92269e46 Add more SUBDIR_PARALLEL.
MFC after:	3 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-10-15 22:55:08 +00:00
Glen Barber
bc7f5841b3 MFH r289372-r289382
Sponsored by:	The FreeBSD Foundation
2015-10-15 19:57:13 +00:00
Bryan Drewery
60e03c60c0 Mark sub-make targets as .MAKE and .PHONY to handle -n and always-build properly.
MFC after:	1 week
Sponsored by:	EMC / Isilon Storage Division
2015-10-15 19:13:53 +00:00
Glen Barber
324fd1ce05 MFH to r289370
Sponsored by:	The FreeBSD Foundation
2015-10-15 17:36:56 +00:00
Enji Cooper
b2d48be1bc Refactor the test/ Makefiles after recent changes to bsd.test.mk (r289158) and
netbsd-tests.test.mk (r289151)

- Eliminate explicit OBJTOP/SRCTOP setting
- Convert all ad hoc NetBSD test integration over to netbsd-tests.test.mk
- Remove unnecessary TESTSDIR setting
- Use SRCTOP where possible for clarity

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Divison
2015-10-12 08:16:03 +00:00
Baptiste Daroussin
5a2b666ce5 Merge from head 2015-10-01 09:36:43 +00:00
Bryan Drewery
55e031ccad Replace afterinstall: hack from r111083 with 'make delete-old' functionality.
Sponsored by:	EMC / Isilon Storage Division
2015-09-19 03:46:10 +00:00
Baptiste Daroussin
f94594b37a Finish merging from head, messed up in previous attempt 2015-09-12 12:03:02 +00:00
Baptiste Daroussin
b5ff185e19 Merge from head 2015-09-12 11:41:31 +00:00
Baptiste Daroussin
bfa800d311 Remove remnant from USEPRIVATELIB removal
Sponsored by:	gandi.net
2015-09-04 16:13:25 +00:00
Jung-uk Kim
45c1772ea0 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
Baptiste Daroussin
2fbd60ec47 Merge from head @274131 2015-06-20 00:58:46 +00:00
Allan Jude
a3b20e50a9 Add compatibility with $2y$ bcrypt hashes
crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent.

http://www.openwall.com/lists/announce/2011/07/17/1

This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes

Reviewed by:	eadler
Approved by:	delphij
MFC after:	1 week
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D2742
2015-06-16 23:57:29 +00:00
Simon J. Gerraty
2ef6d5a7b9 new depends 2015-06-16 23:37:19 +00:00
Baptiste Daroussin
18b2ee82db Revert r284417 it is not necessary anymore 2015-06-15 19:28:07 +00:00
Baptiste Daroussin
4232f82668 Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by:	many
2015-06-15 15:34:20 +00:00
Baptiste Daroussin
dad2fb7ece Merge from head 2015-06-15 10:56:01 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Jung-uk Kim
d47910c6ed Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
Jung-uk Kim
ed6b93be54 Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Baptiste Daroussin
4bf53d0b46 Merge from HEAD 2015-04-03 23:23:09 +00:00
Andrew Turner
840f7c2dc1 Add the openssl header for arm64. As it is based on MACHINE_CPUARCH it
is named opensslconf-aarch64.h.

Sponsored by:	The FreeBSD Foundation
2015-03-24 14:16:14 +00:00
Jung-uk Kim
3fde12b6f8 Disable insecure SSLv2 support from the base OpenSSL.
Differential Revision:	https://reviews.freebsd.org/D1304
2015-03-20 23:48:11 +00:00
Jung-uk Kim
6f9291cea8 Merge OpenSSL 1.0.1m. 2015-03-20 19:16:18 +00:00
Baptiste Daroussin
0bd7d22e03 Move ssh into a dedicated package
Flag config files as "to be merged on upgrade"
2015-03-05 20:25:09 +00:00
Jung-uk Kim
325180bf29 Update buildinf.h to make SSLeay_version(3) little bit more useful.
MFC after:	1 week
2015-01-16 22:11:02 +00:00
Will Andrews
7a37b5fc17 Add a ${CP} alias for copying files in the build.
Some users build FreeBSD as non-root in Perforce workspaces.  By default,
Perforce sets files read-only unless they're explicitly being edited.
As a result, the -f argument must be used to cp in order to override the
read-only flag when copying source files to object directories.  Bare use of
'cp' should be avoided in the future.

Update all current users of 'cp' in the src tree.

Reviewed by:	emaste
MFC after:	1 week
Sponsored by:	Spectra Logic
2015-01-16 21:39:08 +00:00
Jung-uk Kim
dc2b908f54 Merge OpenSSL 1.0.1l.
MFC after:	1 week
Relnotes:	yes
2015-01-16 21:03:23 +00:00
Jung-uk Kim
751d29910b Merge OpenSSL 1.0.1k. 2015-01-08 23:42:41 +00:00
Baptiste Daroussin
ff75e00737 Reduce overlinking
The framework now ensure by itself that pthread is added to the link chain
as the last component if linked to kerberos hence avoid with out any explicit
addition prevent issue like CVE-2014-8475
2014-11-25 22:25:13 +00:00
Baptiste Daroussin
ee5a34ecba Convert to LIBADD
Reduce overlinking
2014-11-25 21:18:18 +00:00
Simon J. Gerraty
9268022b74 Merge from head@274682 2014-11-19 01:07:58 +00:00
Jung-uk Kim
711b48fe17 Merge OpenSSL 1.0.1j.
Relnotes:	yes
2014-10-15 19:29:22 +00:00
Jung-uk Kim
fa5fddf171 Merge OpenSSL 1.0.1j. 2014-10-15 19:12:05 +00:00
Enji Cooper
d052a806a0 Fix typo (LIBLDNSADD -> LIBLDNS) to fix "make checkdpadd"
X-MFC with: r269648
Phabric: D634
Approved by: jmmv (mentor)
2014-08-19 18:27:43 +00:00
Simon J. Gerraty
ee7b0571c2 Merge head from 7/28 2014-08-19 06:50:54 +00:00
Jung-uk Kim
a93cbc2be8 Merge OpenSSL 1.0.1i. 2014-08-07 18:56:10 +00:00
Baptiste Daroussin
d029c3aa25 Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
Brooks Davis
80189b3b09 Replace all uses of libncurses and libtermcap with their wide character
variants.  This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run:	antoine
PR:		189842
Discussed with:	bapt
Sponsored by:	DARPA, AFRL
2014-07-17 18:24:34 +00:00
Marcel Moolenaar
e7d939bda2 Remove ia64.
This includes:
o   All directories named *ia64*
o   All files named *ia64*
o   All ia64-specific code guarded by __ia64__
o   All ia64-specific makefile logic
o   Mention of ia64 in comments and documentation

This excludes:
o   Everything under contrib/
o   Everything under crypto/
o   sys/xen/interface
o   sys/sys/elf_common.h

Discussed at: BSDcan
2014-07-07 00:27:09 +00:00
Jung-uk Kim
94ad176c68 Merge OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-09 05:50:57 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Xin LI
185e05ee1a Switch using the new $2b$ format by default, when bcrypt is used.
MFC after:	2 weeks
Relnotes:	default Blowfish crypt(3) format have been changed to $2b$.
2014-05-14 00:50:31 +00:00
Simon J. Gerraty
cc3f4b9965 Merge from head 2014-05-08 23:54:15 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Simon J. Gerraty
3b8f084595 Merge head 2014-04-28 07:50:45 +00:00
Konstantin Belousov
a9e285b047 Fix order of libthr and libc in the global dso list for sshd, by
explicitely linking main binary with -lpthread.  Before, libthr
appeared in the list due to dependency of one of the kerberos libs.
Due to the change in ld(1) behaviour of not copying NEEDED entries
from direct dependencies into the link results, the order becomes
reversed.

The libthr must appear before libc to properly interpose libc symbols
and provide working rtld locks implementation.  The symptom was sshd
hanging on rtld bind lock during nested symbol binding from a signal
handler.

Approved by:	des (openssh maintainer)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2014-04-27 05:28:14 +00:00
Julio Merino
38f0b757fd Add placeholder Kyuafiles for various top-level hierarchies.
This change adds tests/ directories in the source tree to create various
subdirectories in /usr/tests/ and to install placeholder Kyuafiles for
them.

the relevant hierarchies are: cddl, etc, games, gnu and secure.

The reason for this is to simplify the addition of new test programs for
utilities or libraries under any of these directories.  Doing so on a
case by case basis is unnecessary and is quite an obscure process.
2014-04-21 21:39:25 +00:00
Warner Losh
3bdf775801 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
Jung-uk Kim
560ede85d4 Merge OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 21:06:58 +00:00
Warner Losh
040c0dc77f Use MK_CRYPT=no in preference to WITHOUT_CRYPT here. 2014-04-05 17:54:55 +00:00
Dag-Erling Smørgrav
b83788ff87 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
Eitan Adler
dda5b39711 multiple: Remove 3rd clause from BSD license where approved by the
regents and renumber.

This patch skips files in contrib/ and crypto/

Acked by:	imp
Discussed with:	emaste
2014-03-14 03:07:51 +00:00
Xin LI
43e3038611 Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:

 - Support of $2b$ password format to address a problem where very
   long passwords (more than 256 characters, when an integer
   overflow would happen and cause the length to wrap at 256).
 - Updated pseudo code in comments to reflect the reality.
 - Removed our local shortcut of processing magic string and rely
   on the centralized and tigntened validation.
 - Diff reduction from upstream.

For now we are still generating the older $02a$ format of password
but we will migrate to the new format once the format is formally
finalized.

MFC after:	1 month
2014-02-25 23:03:48 +00:00
Dag-Erling Smørgrav
f7167e0ea0 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
Jung-uk Kim
de78d5d8fd Merge OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:57:11 +00:00
Simon J. Gerraty
3caf0790a8 Merge head@256284 2013-10-13 02:35:19 +00:00
Simon J. Gerraty
34b33809b7 Updated dependencies 2013-10-13 00:24:00 +00:00
Dag-Erling Smørgrav
0085282b6a Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by:	re (marius)
2013-09-23 20:35:54 +00:00
Dag-Erling Smørgrav
2859ca23da Replace claims that DES is a strong cryptosystem with a warning stating
that it should no longer be considered secure.

Approved by:	re (gjb)
2013-09-21 11:10:09 +00:00
Simon J. Gerraty
d466a5b069 Merge head 2013-09-11 18:16:18 +00:00
Dag-Erling Smørgrav
9cfa8b3fee Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired.  The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available.  This allows it to verify signed
SSHFP records.

Approved by:	re (blanket)
2013-09-10 22:26:11 +00:00
Dag-Erling Smørgrav
0b2766bd4e Make libldns and libssh private.
Approved by:	re (blanket)
2013-09-08 10:04:26 +00:00
Simon J. Gerraty
d1d0158641 Merge from head 2013-09-05 20:18:59 +00:00
Ed Schouten
2bc87cacee Remove references to MK_IDEA.
As of r249959, we want to build with IDEA support enabled
unconditionally. As this change removed the MK_IDEA flag, update these
Makefiles accordingly.
2013-04-27 05:44:39 +00:00
Simon J. Gerraty
69e6d7b75e sync from head 2013-04-12 20:48:55 +00:00
Dag-Erling Smørgrav
6888a9be56 Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
Dag-Erling Smørgrav
0041e47595 Retire the mislabeled ENABLE_SUID_SSH knob. 2013-03-22 14:10:15 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Jung-uk Kim
09286989d3 Merge OpenSSL 1.0.1e.
Approved by:	secteam (simon), benl (silence)
2013-02-13 23:07:20 +00:00
David E. O'Brien
d9a447559b Sync with HEAD. 2013-02-08 16:10:16 +00:00
Bjoern A. Zeeb
e6a64a84ea Add a src.conf(5) option to allow users to compile in the "NONE cipher",
which, only after authentication, disables crypto, and only for sessions
without a terminal.

Submitted by:	Jeremy Chadwick (freebsd jdc.parodius.com)
PR:		bin/163095
MFC after:	10 days
2013-01-17 01:51:04 +00:00
Simon J. Gerraty
7cd2dcf076 Updated/new Makefile.depend 2012-11-08 21:24:17 +00:00
Kevin Lo
0f5e7edc14 Fix typo; s/ouput/output 2012-11-07 07:00:59 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Dag-Erling Smørgrav
462c32cb8d Upgrade OpenSSH to 6.1p1. 2012-09-03 16:51:41 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Jung-uk Kim
80e5822c0e Sort ASM definitions by crypto module for slightly easier maintenance.
Specifically, GHASH_ASM belongs to crypto/modes.
2012-07-12 21:31:53 +00:00
Jung-uk Kim
1f13597d10 Merge OpenSSL 1.0.1c.
Approved by:	benl (maintainer)
2012-07-12 19:30:53 +00:00
Jung-uk Kim
49ce68b369 Regen ca(1) for r237658. This re-applies r227458, i.e., add a missing "be". 2012-06-27 21:35:45 +00:00
Jung-uk Kim
12de4ed299 Merge OpenSSL 0.9.8x.
Reviewed by:	stas
Approved by:	benl (maintainer)
MFC after:	3 days
2012-06-27 18:44:36 +00:00
Bjoern A. Zeeb
071183ef48 Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security:	FreeBSD-SA-12:01.openssl (revised)
Security:	FreeBSD-SA-12:02.crypt
Approved by:	so (bz, simon)
2012-05-30 12:01:28 +00:00
Eitan Adler
2774871bdf Restore the ability to use a non-standard LOCALBASE to sshd
Add the ability to use a non-standard LOCALBASE to ssh

Submitted by:	jhb
Reviewed by:	des
Approved by:	cperciva
MFC after:	0 days (with r233136)
2012-03-24 19:41:43 +00:00
Eitan Adler
57f8914dfa X11BASE is not used any more and has been killed by the x11 team.
Reviewed by:	???
Approved by:	???
MFC after:	3 days
2012-03-19 00:41:40 +00:00
Kevin Lo
19ab58bfe3 Return NULL on error rather than ":", per the crypt(3) man page.
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
2012-02-22 01:23:14 +00:00
Konstantin Belousov
bd4632e6ca Force linker error when created shared library contains a relocation
against text. Provide the override switch to turn off the strict
behaviour. Apparently, openssl libcrypto needs it due to assembler
code not being PIC.

Discussed with:	bf
MFC after:	2 weeks
2011-12-06 11:28:17 +00:00
Eitan Adler
14517324d0 - add a missing "be" and "in"
- fix other errors introduced when committing r226436
- add 'function' to a sentence where it makes sense

Submitted by:	delphij
Submitted by:	dougb
Submitted by:	jhb
Approved by:	dougb
Approved by:	jhb
2011-11-11 22:27:09 +00:00
Eitan Adler
36daf0495a - change "is is" to "is" or "it is"
- change "the the" to "the"

Approved by:	lstewart
Approved by:	sahil (mentor)
MFC after:	3 days
2011-10-16 14:30:28 +00:00
Dag-Erling Smørgrav
e146993e33 Upgrade to OpenSSH 5.9p1.
MFC after:	3 months
2011-10-05 22:08:17 +00:00
Dag-Erling Smørgrav
4a421b6336 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
Dimitry Andric
152e60f2fe Fix some leftover binaries and shared libraries in the system that still
have an executable stack, due to linking in hand-assembled .S or .s
files, that have no .GNU-stack sections:

RWX --- ---  /lib/libcrypto.so.6
RWX --- ---  /lib/libmd.so.5
RWX --- ---  /lib/libz.so.6
RWX --- ---  /lib/libzpool.so.2
RWX --- ---  /usr/lib/liblzma.so.5

These were found using scanelf, from the sysutils/pax-utils port.

Reviewed by:	kib
2011-02-15 22:03:09 +00:00
Simon L. B. Nielsen
c1ecc6cd22 Regenerate manual pages for OpenSSL 0.9.8q. 2010-12-03 23:07:45 +00:00
Simon L. B. Nielsen
b2846bd65d Regenerate manual pages for OpenSSL 0.9.8p. 2010-11-22 18:29:00 +00:00
Rebecca Cran
5512804bb8 Revert changes of 'assure' to 'ensure' made in r211936.
Approved by: rrs (mentor)
2010-09-11 10:49:56 +00:00
Rebecca Cran
e7f8dd75b3 Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
2010-08-28 16:32:01 +00:00
Nathan Whitehorn
b12277d1d4 Repair some build breakage introduced in r211725 and garbage collect some
code made obsolete in the same commit.
2010-08-28 15:03:11 +00:00
Warner Losh
25faff346c MFtbemd:
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.
2010-08-23 22:24:11 +00:00
Will Andrews
4be3feb212 Fix buildworld -DNO_CLEAN when using with Perforce, which marks files as
read-only by default, meaning files copied can't be overwritten next time.

Reviewed by:	imp
Approved by:	ken (mentor)
2010-08-12 20:46:49 +00:00
Jayachandran C.
4ed16d3dff Whitespace fix for last check-in, move empty line to below endif. 2010-08-04 10:46:17 +00:00
Jayachandran C.
a6af87a526 MIPS 64 bit support.
When compiled for MIPS n64 ABI
- DES_LONG should be 'unsigned int'
- BN_LLONG should be undefined
- SIXTY_FOUR_BIT_LONG should be defined.
2010-08-04 10:42:06 +00:00
Nathan Whitehorn
5e1bcd019c OpenSSL configuration for powerpc64
Obtained from:	projects/ppc64
2010-07-10 22:07:48 +00:00
Simon L. B. Nielsen
5f143fdbaf Regenerate manual pages for OpenSSL 0.9.8n. 2010-04-01 15:37:38 +00:00
Simon L. B. Nielsen
3df672379c - Make it slightly simpler to update OpenSSL version information
for regenerating OpenSSL manual pages.
- Explicitly set the OpenSSL release date so manual pages contain
  the date OpenSSL was released and not just the date OpenSSL was
  imported into the FreeBSD base system.
- Update for Makefile for OpenSSL 0.9.8n.
2010-04-01 15:35:29 +00:00
Simon L. B. Nielsen
10deaff4ee Regenerate manual pages for OpenSSL 0.9.8m.
MFC after:	3 weeks
2010-03-13 19:30:29 +00:00
Simon L. B. Nielsen
6a599222bb Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL.  The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after:	3 weeks
2010-03-13 19:22:41 +00:00
Dag-Erling Smørgrav
b911c45c24 Revert r204939 2010-03-10 11:33:15 +00:00