Commit Graph

535 Commits

Author SHA1 Message Date
delphij
26ec1c7bf1 Switch using the new $2b$ format by default, when bcrypt is used.
MFC after:	2 weeks
Relnotes:	default Blowfish crypt(3) format have been changed to $2b$.
2014-05-14 00:50:31 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
kib
3ae13c8b20 Fix order of libthr and libc in the global dso list for sshd, by
explicitely linking main binary with -lpthread.  Before, libthr
appeared in the list due to dependency of one of the kerberos libs.
Due to the change in ld(1) behaviour of not copying NEEDED entries
from direct dependencies into the link results, the order becomes
reversed.

The libthr must appear before libc to properly interpose libc symbols
and provide working rtld locks implementation.  The symptom was sshd
hanging on rtld bind lock during nested symbol binding from a signal
handler.

Approved by:	des (openssh maintainer)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2014-04-27 05:28:14 +00:00
jmmv
64b466d8f8 Add placeholder Kyuafiles for various top-level hierarchies.
This change adds tests/ directories in the source tree to create various
subdirectories in /usr/tests/ and to install placeholder Kyuafiles for
them.

the relevant hierarchies are: cddl, etc, games, gnu and secure.

The reason for this is to simplify the addition of new test programs for
utilities or libraries under any of these directories.  Doing so on a
case by case basis is unnecessary and is quite an obscure process.
2014-04-21 21:39:25 +00:00
imp
c39e6fc2c9 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
jkim
89b378c4b3 Merge OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 21:06:58 +00:00
imp
1bfc6325f7 Use MK_CRYPT=no in preference to WITHOUT_CRYPT here. 2014-04-05 17:54:55 +00:00
des
ae82763de4 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
eadler
118094e60b multiple: Remove 3rd clause from BSD license where approved by the
regents and renumber.

This patch skips files in contrib/ and crypto/

Acked by:	imp
Discussed with:	emaste
2014-03-14 03:07:51 +00:00
delphij
ff5454ff0d Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:

 - Support of $2b$ password format to address a problem where very
   long passwords (more than 256 characters, when an integer
   overflow would happen and cause the length to wrap at 256).
 - Updated pseudo code in comments to reflect the reality.
 - Removed our local shortcut of processing magic string and rely
   on the centralized and tigntened validation.
 - Diff reduction from upstream.

For now we are still generating the older $02a$ format of password
but we will migrate to the new format once the format is formally
finalized.

MFC after:	1 month
2014-02-25 23:03:48 +00:00
des
7573e91b12 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
jkim
a8c44ea5cf Merge OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:57:11 +00:00
des
476b7e3d43 Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by:	re (marius)
2013-09-23 20:35:54 +00:00
des
0889f75af2 Replace claims that DES is a strong cryptosystem with a warning stating
that it should no longer be considered secure.

Approved by:	re (gjb)
2013-09-21 11:10:09 +00:00
des
2a9ec0fc3e Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired.  The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available.  This allows it to verify signed
SSHFP records.

Approved by:	re (blanket)
2013-09-10 22:26:11 +00:00
des
aba57138f9 Make libldns and libssh private.
Approved by:	re (blanket)
2013-09-08 10:04:26 +00:00
ed
8ac6e32cdd Remove references to MK_IDEA.
As of r249959, we want to build with IDEA support enabled
unconditionally. As this change removed the MK_IDEA flag, update these
Makefiles accordingly.
2013-04-27 05:44:39 +00:00
des
b291eafe8d Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
des
19db167f41 Retire the mislabeled ENABLE_SUID_SSH knob. 2013-03-22 14:10:15 +00:00
jkim
754bee5776 Merge OpenSSL 1.0.1e.
Approved by:	secteam (simon), benl (silence)
2013-02-13 23:07:20 +00:00
bz
a3df209122 Add a src.conf(5) option to allow users to compile in the "NONE cipher",
which, only after authentication, disables crypto, and only for sessions
without a terminal.

Submitted by:	Jeremy Chadwick (freebsd jdc.parodius.com)
PR:		bin/163095
MFC after:	10 days
2013-01-17 01:51:04 +00:00
kevlo
25611f9cf9 Fix typo; s/ouput/output 2012-11-07 07:00:59 +00:00
des
00f3582ac6 Upgrade OpenSSH to 6.1p1. 2012-09-03 16:51:41 +00:00
jkim
d3ee564849 Sort ASM definitions by crypto module for slightly easier maintenance.
Specifically, GHASH_ASM belongs to crypto/modes.
2012-07-12 21:31:53 +00:00
jkim
e393e47b1e Merge OpenSSL 1.0.1c.
Approved by:	benl (maintainer)
2012-07-12 19:30:53 +00:00
jkim
1b7001386c Regen ca(1) for r237658. This re-applies r227458, i.e., add a missing "be". 2012-06-27 21:35:45 +00:00
jkim
299ab12592 Merge OpenSSL 0.9.8x.
Reviewed by:	stas
Approved by:	benl (maintainer)
MFC after:	3 days
2012-06-27 18:44:36 +00:00
bz
d2e144fbe8 Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security:	FreeBSD-SA-12:01.openssl (revised)
Security:	FreeBSD-SA-12:02.crypt
Approved by:	so (bz, simon)
2012-05-30 12:01:28 +00:00
eadler
a3eef43dfb Restore the ability to use a non-standard LOCALBASE to sshd
Add the ability to use a non-standard LOCALBASE to ssh

Submitted by:	jhb
Reviewed by:	des
Approved by:	cperciva
MFC after:	0 days (with r233136)
2012-03-24 19:41:43 +00:00
eadler
dda1767423 X11BASE is not used any more and has been killed by the x11 team.
Reviewed by:	???
Approved by:	???
MFC after:	3 days
2012-03-19 00:41:40 +00:00
kevlo
cf70964fbe Return NULL on error rather than ":", per the crypt(3) man page.
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
2012-02-22 01:23:14 +00:00
kib
a56c72dcf2 Force linker error when created shared library contains a relocation
against text. Provide the override switch to turn off the strict
behaviour. Apparently, openssl libcrypto needs it due to assembler
code not being PIC.

Discussed with:	bf
MFC after:	2 weeks
2011-12-06 11:28:17 +00:00
eadler
8710aaed7e - add a missing "be" and "in"
- fix other errors introduced when committing r226436
- add 'function' to a sentence where it makes sense

Submitted by:	delphij
Submitted by:	dougb
Submitted by:	jhb
Approved by:	dougb
Approved by:	jhb
2011-11-11 22:27:09 +00:00
eadler
9d7884364e - change "is is" to "is" or "it is"
- change "the the" to "the"

Approved by:	lstewart
Approved by:	sahil (mentor)
MFC after:	3 days
2011-10-16 14:30:28 +00:00
des
038442ad80 Upgrade to OpenSSH 5.9p1.
MFC after:	3 months
2011-10-05 22:08:17 +00:00
des
ee2afa8165 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
dim
f58eeaae2e Fix some leftover binaries and shared libraries in the system that still
have an executable stack, due to linking in hand-assembled .S or .s
files, that have no .GNU-stack sections:

RWX --- ---  /lib/libcrypto.so.6
RWX --- ---  /lib/libmd.so.5
RWX --- ---  /lib/libz.so.6
RWX --- ---  /lib/libzpool.so.2
RWX --- ---  /usr/lib/liblzma.so.5

These were found using scanelf, from the sysutils/pax-utils port.

Reviewed by:	kib
2011-02-15 22:03:09 +00:00
simon
9fbb25bbe9 Regenerate manual pages for OpenSSL 0.9.8q. 2010-12-03 23:07:45 +00:00
simon
baef745205 Regenerate manual pages for OpenSSL 0.9.8p. 2010-11-22 18:29:00 +00:00
brucec
7adc5f91cf Revert changes of 'assure' to 'ensure' made in r211936.
Approved by: rrs (mentor)
2010-09-11 10:49:56 +00:00
brucec
76d7244728 Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
2010-08-28 16:32:01 +00:00
nwhitehorn
02bb2a078e Repair some build breakage introduced in r211725 and garbage collect some
code made obsolete in the same commit.
2010-08-28 15:03:11 +00:00
imp
c3a399c4ba MFtbemd:
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.
2010-08-23 22:24:11 +00:00
will
10d63a94a9 Fix buildworld -DNO_CLEAN when using with Perforce, which marks files as
read-only by default, meaning files copied can't be overwritten next time.

Reviewed by:	imp
Approved by:	ken (mentor)
2010-08-12 20:46:49 +00:00
jchandra
01b896d030 Whitespace fix for last check-in, move empty line to below endif. 2010-08-04 10:46:17 +00:00
jchandra
c9129e2aad MIPS 64 bit support.
When compiled for MIPS n64 ABI
- DES_LONG should be 'unsigned int'
- BN_LLONG should be undefined
- SIXTY_FOUR_BIT_LONG should be defined.
2010-08-04 10:42:06 +00:00
nwhitehorn
20410e1e6b OpenSSL configuration for powerpc64
Obtained from:	projects/ppc64
2010-07-10 22:07:48 +00:00
simon
71c5308c9f Regenerate manual pages for OpenSSL 0.9.8n. 2010-04-01 15:37:38 +00:00
simon
610601c2d2 - Make it slightly simpler to update OpenSSL version information
for regenerating OpenSSL manual pages.
- Explicitly set the OpenSSL release date so manual pages contain
  the date OpenSSL was released and not just the date OpenSSL was
  imported into the FreeBSD base system.
- Update for Makefile for OpenSSL 0.9.8n.
2010-04-01 15:35:29 +00:00
simon
497b0c9195 Regenerate manual pages for OpenSSL 0.9.8m.
MFC after:	3 weeks
2010-03-13 19:30:29 +00:00