Commit Graph

744 Commits

Author SHA1 Message Date
simon
efafc844b6 This commit was generated by cvs2svn to compensate for changes in r172767,
which included commits to RCS files with non-trunk default branches.
2007-10-18 20:19:33 +00:00
simon
8f21bfc175 Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
From the OpenSSL advisory:

	Andy Polyakov discovered a flaw in OpenSSL's DTLS
	implementation which could lead to the compromise of clients
	and servers with DTLS enabled.

	DTLS is a datagram variant of TLS specified in RFC 4347 first
	supported in OpenSSL version 0.9.8. Note that the
	vulnerabilities do not affect SSL and TLS so only clients and
	servers explicitly using DTLS are affected.

	We believe this flaw will permit remote code execution.

Security:	CVE-2007-4995
Security:	http://www.openssl.org/news/secadv_20071012.txt
2007-10-18 20:19:33 +00:00
peter
0dcad926c5 Remove _FREEFALL_CONFIG hacks. su+pam_ksu works well enough to use on
the freebsd.org cluster.
2007-10-18 19:36:31 +00:00
simon
6d467b2229 Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().
Security:	FreeBSD-SA-07:08.openssl
Approved by:	re (security blanket)
2007-10-03 21:38:57 +00:00
des
91a576f9b7 s/X11R6/local/g 2007-05-24 22:04:07 +00:00
simon
fbc9e81620 Fix runtime crash in OpenSSL with "Illegal instruction" by making some
casts a bit less evil.

This was e.g. seen when using portsnap as:

  Fetching snapshot tag from portsnap3.FreeBSD.org... Illegal instruction

Note the patch is slightly different from kan's original patch to
match style in the OpenSSL source files a bit better.

Submitted by:	kan
Tested by:	many
2007-05-22 20:28:19 +00:00
simon
9bb7d4296b - Bring upgrade produce up-to-date for OpenSSL 0.9.8e.
- Add reminder to bump version numer in Makefile.inc.
2007-03-15 21:06:48 +00:00
simon
8e9898839e Import fix from upstream OpenSSL_0_9_8-stable branch:
EVP_CIPHER_CTX_key_length() should return the set key length
	in the EVP_CIPHER_CTX structure which may not be the same as
	the underlying cipher key length for variable length ciphers.

This fixes problems in OpenSSH using some ciphers, and possibly other
applications.

See also:	http://bugzilla.mindrot.org/show_bug.cgi?id=1291
2007-03-15 20:26:26 +00:00
simon
86271f334e This commit was generated by cvs2svn to compensate for changes in r167617,
which included commits to RCS files with non-trunk default branches.
2007-03-15 20:26:26 +00:00
simon
394ba190a3 Resolve conflicts after import of OpenSSL 0.9.8e. 2007-03-15 20:07:27 +00:00
simon
ee48ceb6a8 Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
simon
699a8581f9 This commit was generated by cvs2svn to compensate for changes in r167612,
which included commits to RCS files with non-trunk default branches.
2007-03-15 20:03:30 +00:00
des
f486315183 Resolve conflicts. 2006-11-10 16:52:41 +00:00
des
11e3a8c8c1 This commit was generated by cvs2svn to compensate for changes in r164146,
which included commits to RCS files with non-trunk default branches.
2006-11-10 16:39:21 +00:00
des
f591b3e29c Vendor import of OpenSSH 4.5p1. 2006-11-10 16:39:21 +00:00
des
d75fd1fec6 Don't define XAUTH_PATH here, we either pass it in on the compiler command
line or rely on the built-in default.
2006-10-06 14:27:26 +00:00
des
91390ee9f2 Go figure how an extra $Id$ line crept in... 2006-10-04 10:21:00 +00:00
des
178eb45ceb Merge vendor patch. 2006-10-04 10:15:53 +00:00
des
e6cc400c8f Apply vendor patch to fix detection of tap / tun headers and ENGINE support. 2006-10-04 10:14:30 +00:00
des
351bcb5c21 Tweak ifdefs for backward compatibility. 2006-10-03 11:33:25 +00:00
des
24e2cf96ac Dead files. 2006-10-02 13:29:41 +00:00
des
a74a69e336 Regenerate; no effect on the code as it doesn't actually use the handful of
conditionals that changed in this revision.
2006-10-02 12:45:27 +00:00
des
14ad83d6bf Update configure options and add some missing steps.
The section about our local changes needs reviewing, and some of those
changes should probably be reconsidered (such as preferring DSA over RSA,
which made sense when RSA was encumbered but probably doesn't any more)
2006-10-02 12:39:28 +00:00
simon
25dab5b4c1 Import from upstream OpenSSL 0.9.8 branch:
Fix uninitialized free of ctx in compute_key() when the
OPENSSL_DH_MAX_MODULUS_BITS check is triggered.

This fixes the same issue as FreeBSD-SA-06:23.openssl v1.1.
2006-10-01 08:09:46 +00:00
simon
ac7fb23be5 This commit was generated by cvs2svn to compensate for changes in r162916,
which included commits to RCS files with non-trunk default branches.
2006-10-01 08:09:46 +00:00
simon
de193995a6 Resolve conflicts after import of OpenSSL 0.9.8d. 2006-10-01 07:46:16 +00:00
simon
387e65d767 Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
simon
b2881e9eb1 This commit was generated by cvs2svn to compensate for changes in r162911,
which included commits to RCS files with non-trunk default branches.
2006-10-01 07:38:44 +00:00
des
0824f0c0e7 Regenerate.
MFC after:	1 week
2006-09-30 13:40:56 +00:00
des
ac038c1070 #include <errno.h>; this has the unfortunate side effect of taking the file
off the vendor branch.

MFC after:	1 week
2006-09-30 13:40:35 +00:00
des
0f481d7c8c Removed from vendor branch.
MFC after:	1 week
2006-09-30 13:39:35 +00:00
des
e16bfbb7bc Bump version addendum.
MFC after:	1 week
2006-09-30 13:39:07 +00:00
des
4ff234ef46 Merge conflicts.
MFC after:	1 week
2006-09-30 13:38:06 +00:00
des
2f35ce4773 Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00
des
abd7c8704b This commit was generated by cvs2svn to compensate for changes in r162852,
which included commits to RCS files with non-trunk default branches.
2006-09-30 13:29:51 +00:00
des
97a1b8f884 Merge vendor patch for BSM problem in protocol version 1.
MFC after:	1 week
2006-09-16 15:12:58 +00:00
des
03ef9d989b Vendor patch for a problem that prevented using protocol version 1 when
BSM was enabled.
2006-09-16 15:10:13 +00:00
simon
22f3e61de2 Correct incorrect PKCS#1 v1.5 padding validation in crypto(3).
Obtained from:	OpenSSL project
Security:	FreeBSD-SA-06:19.openssl
2006-09-10 20:16:43 +00:00
simon
76f00e0285 Resolve conflicts after import of OpenSSL 0.9.8b.
This was missed the first time around since eng_padlock.c was not part
of OpenSSL 0.9.7e and therefor did not have the v0_9_7e CVS tag used
during original resolve of conflicts.

Noticed by:	Antoine Brodin <antoine.brodin@laposte.net>
2006-07-30 14:17:54 +00:00
simon
870bdce538 Sync FREEBSD-Xlist with what was actually excluded from OpenSSL 0.9.8b
import.
2006-07-29 22:40:45 +00:00
simon
00e07ea415 Add some rough notes on how to import a new OpenSSL version into the
FreeBSD base system.  Parts are inspired by the OpenSSH upgrade notes.
2006-07-29 22:01:26 +00:00
simon
e07cc0214a Resolve conflicts after import of OpenSSL 0.9.8b. 2006-07-29 19:14:51 +00:00
simon
fb3c70eda8 Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
simon
9159ca2b0e This commit was generated by cvs2svn to compensate for changes in r160814,
which included commits to RCS files with non-trunk default branches.
2006-07-29 19:10:21 +00:00
des
d9ba51b5fc Our glob(3) has all the required features.
Submitted by:	ache
2006-06-09 08:39:05 +00:00
des
a34ad0a5f7 Revert inadvertant commit of debugging code. 2006-06-09 07:23:14 +00:00
des
148092431d Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
2006-05-13 13:47:45 +00:00
des
9c68158992 Fix utmp. There is some clever logic in configure.ac which attempts to
determine whether struct utmp contains the ut_host and ut_time fields.
Unfortunately, it reports a false negative for both on FreeBSD, and I
didn't check the resulting config.h closely enough to catch the error.

Noticed by:	ache
2006-03-23 21:31:42 +00:00
des
eb091e1fc6 Regenerate. 2006-03-22 20:41:53 +00:00
des
7c07891caf Merge conflicts. 2006-03-22 20:41:37 +00:00