Commit Graph

578 Commits

Author SHA1 Message Date
jkim
ce8a666092 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
allanjude
f2228a0dd9 Add compatibility with $2y$ bcrypt hashes
crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent.

http://www.openwall.com/lists/announce/2011/07/17/1

This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes

Reviewed by:	eadler
Approved by:	delphij
MFC after:	1 week
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D2742
2015-06-16 23:57:29 +00:00
sjg
852129abd1 new depends 2015-06-16 23:37:19 +00:00
bapt
594e07bd1b Revert r284417 it is not necessary anymore 2015-06-15 19:28:07 +00:00
bapt
9fb85ece8b Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by:	many
2015-06-15 15:34:20 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
jkim
810d2d455b Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
jkim
d675e841ef Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
sjg
65145fa4c8 Merge sync of head 2015-05-27 01:19:58 +00:00
andrew
c07f1674cd Add the openssl header for arm64. As it is based on MACHINE_CPUARCH it
is named opensslconf-aarch64.h.

Sponsored by:	The FreeBSD Foundation
2015-03-24 14:16:14 +00:00
jkim
12306eec45 Disable insecure SSLv2 support from the base OpenSSL.
Differential Revision:	https://reviews.freebsd.org/D1304
2015-03-20 23:48:11 +00:00
jkim
d962da16eb Merge OpenSSL 1.0.1m. 2015-03-20 19:16:18 +00:00
jkim
0095753663 Update buildinf.h to make SSLeay_version(3) little bit more useful.
MFC after:	1 week
2015-01-16 22:11:02 +00:00
will
afad9375d8 Add a ${CP} alias for copying files in the build.
Some users build FreeBSD as non-root in Perforce workspaces.  By default,
Perforce sets files read-only unless they're explicitly being edited.
As a result, the -f argument must be used to cp in order to override the
read-only flag when copying source files to object directories.  Bare use of
'cp' should be avoided in the future.

Update all current users of 'cp' in the src tree.

Reviewed by:	emaste
MFC after:	1 week
Sponsored by:	Spectra Logic
2015-01-16 21:39:08 +00:00
jkim
3c988e56ae Merge OpenSSL 1.0.1l.
MFC after:	1 week
Relnotes:	yes
2015-01-16 21:03:23 +00:00
jkim
4f9b1cef1a Merge OpenSSL 1.0.1k. 2015-01-08 23:42:41 +00:00
bapt
66a6b324d0 Reduce overlinking
The framework now ensure by itself that pthread is added to the link chain
as the last component if linked to kerberos hence avoid with out any explicit
addition prevent issue like CVE-2014-8475
2014-11-25 22:25:13 +00:00
bapt
1f18779318 Convert to LIBADD
Reduce overlinking
2014-11-25 21:18:18 +00:00
sjg
b137080f19 Merge from head@274682 2014-11-19 01:07:58 +00:00
jkim
c8c9924fc1 Merge OpenSSL 1.0.1j.
Relnotes:	yes
2014-10-15 19:29:22 +00:00
jkim
411d431d45 Merge OpenSSL 1.0.1j. 2014-10-15 19:12:05 +00:00
ngie
746b14e50e Fix typo (LIBLDNSADD -> LIBLDNS) to fix "make checkdpadd"
X-MFC with: r269648
Phabric: D634
Approved by: jmmv (mentor)
2014-08-19 18:27:43 +00:00
sjg
d7cd1d425c Merge head from 7/28 2014-08-19 06:50:54 +00:00
jkim
3299c3be1a Merge OpenSSL 1.0.1i. 2014-08-07 18:56:10 +00:00
bapt
8a9380f42c Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
brooks
ea5a037d1f Replace all uses of libncurses and libtermcap with their wide character
variants.  This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run:	antoine
PR:		189842
Discussed with:	bapt
Sponsored by:	DARPA, AFRL
2014-07-17 18:24:34 +00:00
marcel
9f28abd980 Remove ia64.
This includes:
o   All directories named *ia64*
o   All files named *ia64*
o   All ia64-specific code guarded by __ia64__
o   All ia64-specific makefile logic
o   Mention of ia64 in comments and documentation

This excludes:
o   Everything under contrib/
o   Everything under crypto/
o   sys/xen/interface
o   sys/sys/elf_common.h

Discussed at: BSDcan
2014-07-07 00:27:09 +00:00
jkim
68fed3306b Merge OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-09 05:50:57 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
delphij
26ec1c7bf1 Switch using the new $2b$ format by default, when bcrypt is used.
MFC after:	2 weeks
Relnotes:	default Blowfish crypt(3) format have been changed to $2b$.
2014-05-14 00:50:31 +00:00
sjg
ed3fc70bf5 Merge from head 2014-05-08 23:54:15 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
sjg
5e568154a0 Merge head 2014-04-28 07:50:45 +00:00
kib
3ae13c8b20 Fix order of libthr and libc in the global dso list for sshd, by
explicitely linking main binary with -lpthread.  Before, libthr
appeared in the list due to dependency of one of the kerberos libs.
Due to the change in ld(1) behaviour of not copying NEEDED entries
from direct dependencies into the link results, the order becomes
reversed.

The libthr must appear before libc to properly interpose libc symbols
and provide working rtld locks implementation.  The symptom was sshd
hanging on rtld bind lock during nested symbol binding from a signal
handler.

Approved by:	des (openssh maintainer)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2014-04-27 05:28:14 +00:00
jmmv
64b466d8f8 Add placeholder Kyuafiles for various top-level hierarchies.
This change adds tests/ directories in the source tree to create various
subdirectories in /usr/tests/ and to install placeholder Kyuafiles for
them.

the relevant hierarchies are: cddl, etc, games, gnu and secure.

The reason for this is to simplify the addition of new test programs for
utilities or libraries under any of these directories.  Doing so on a
case by case basis is unnecessary and is quite an obscure process.
2014-04-21 21:39:25 +00:00
imp
c39e6fc2c9 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
jkim
89b378c4b3 Merge OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 21:06:58 +00:00
imp
1bfc6325f7 Use MK_CRYPT=no in preference to WITHOUT_CRYPT here. 2014-04-05 17:54:55 +00:00
des
ae82763de4 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
eadler
118094e60b multiple: Remove 3rd clause from BSD license where approved by the
regents and renumber.

This patch skips files in contrib/ and crypto/

Acked by:	imp
Discussed with:	emaste
2014-03-14 03:07:51 +00:00
delphij
ff5454ff0d Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:

 - Support of $2b$ password format to address a problem where very
   long passwords (more than 256 characters, when an integer
   overflow would happen and cause the length to wrap at 256).
 - Updated pseudo code in comments to reflect the reality.
 - Removed our local shortcut of processing magic string and rely
   on the centralized and tigntened validation.
 - Diff reduction from upstream.

For now we are still generating the older $02a$ format of password
but we will migrate to the new format once the format is formally
finalized.

MFC after:	1 month
2014-02-25 23:03:48 +00:00
des
7573e91b12 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
jkim
a8c44ea5cf Merge OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:57:11 +00:00
sjg
7fcd33c1fa Merge head@256284 2013-10-13 02:35:19 +00:00
sjg
292ec5d301 Updated dependencies 2013-10-13 00:24:00 +00:00
des
476b7e3d43 Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by:	re (marius)
2013-09-23 20:35:54 +00:00
des
0889f75af2 Replace claims that DES is a strong cryptosystem with a warning stating
that it should no longer be considered secure.

Approved by:	re (gjb)
2013-09-21 11:10:09 +00:00
sjg
ff87b5d147 Merge head 2013-09-11 18:16:18 +00:00
des
2a9ec0fc3e Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired.  The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available.  This allows it to verify signed
SSHFP records.

Approved by:	re (blanket)
2013-09-10 22:26:11 +00:00