simon
efafc844b6
This commit was generated by cvs2svn to compensate for changes in r172767,
...
which included commits to RCS files with non-trunk default branches.
2007-10-18 20:19:33 +00:00
simon
8f21bfc175
Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
...
From the OpenSSL advisory:
Andy Polyakov discovered a flaw in OpenSSL's DTLS
implementation which could lead to the compromise of clients
and servers with DTLS enabled.
DTLS is a datagram variant of TLS specified in RFC 4347 first
supported in OpenSSL version 0.9.8. Note that the
vulnerabilities do not affect SSL and TLS so only clients and
servers explicitly using DTLS are affected.
We believe this flaw will permit remote code execution.
Security: CVE-2007-4995
Security: http://www.openssl.org/news/secadv_20071012.txt
2007-10-18 20:19:33 +00:00
peter
0dcad926c5
Remove _FREEFALL_CONFIG hacks. su+pam_ksu works well enough to use on
...
the freebsd.org cluster.
2007-10-18 19:36:31 +00:00
simon
6d467b2229
Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().
...
Security: FreeBSD-SA-07:08.openssl
Approved by: re (security blanket)
2007-10-03 21:38:57 +00:00
des
91a576f9b7
s/X11R6/local/g
2007-05-24 22:04:07 +00:00
simon
fbc9e81620
Fix runtime crash in OpenSSL with "Illegal instruction" by making some
...
casts a bit less evil.
This was e.g. seen when using portsnap as:
Fetching snapshot tag from portsnap3.FreeBSD.org... Illegal instruction
Note the patch is slightly different from kan's original patch to
match style in the OpenSSL source files a bit better.
Submitted by: kan
Tested by: many
2007-05-22 20:28:19 +00:00
simon
9bb7d4296b
- Bring upgrade produce up-to-date for OpenSSL 0.9.8e.
...
- Add reminder to bump version numer in Makefile.inc.
2007-03-15 21:06:48 +00:00
simon
8e9898839e
Import fix from upstream OpenSSL_0_9_8-stable branch:
...
EVP_CIPHER_CTX_key_length() should return the set key length
in the EVP_CIPHER_CTX structure which may not be the same as
the underlying cipher key length for variable length ciphers.
This fixes problems in OpenSSH using some ciphers, and possibly other
applications.
See also: http://bugzilla.mindrot.org/show_bug.cgi?id=1291
2007-03-15 20:26:26 +00:00
simon
86271f334e
This commit was generated by cvs2svn to compensate for changes in r167617,
...
which included commits to RCS files with non-trunk default branches.
2007-03-15 20:26:26 +00:00
simon
394ba190a3
Resolve conflicts after import of OpenSSL 0.9.8e.
2007-03-15 20:07:27 +00:00
simon
ee48ceb6a8
Vendor import of OpenSSL 0.9.8e.
2007-03-15 20:03:30 +00:00
simon
699a8581f9
This commit was generated by cvs2svn to compensate for changes in r167612,
...
which included commits to RCS files with non-trunk default branches.
2007-03-15 20:03:30 +00:00
des
f486315183
Resolve conflicts.
2006-11-10 16:52:41 +00:00
des
11e3a8c8c1
This commit was generated by cvs2svn to compensate for changes in r164146,
...
which included commits to RCS files with non-trunk default branches.
2006-11-10 16:39:21 +00:00
des
f591b3e29c
Vendor import of OpenSSH 4.5p1.
2006-11-10 16:39:21 +00:00
des
d75fd1fec6
Don't define XAUTH_PATH here, we either pass it in on the compiler command
...
line or rely on the built-in default.
2006-10-06 14:27:26 +00:00
des
91390ee9f2
Go figure how an extra $Id$ line crept in...
2006-10-04 10:21:00 +00:00
des
178eb45ceb
Merge vendor patch.
2006-10-04 10:15:53 +00:00
des
e6cc400c8f
Apply vendor patch to fix detection of tap / tun headers and ENGINE support.
2006-10-04 10:14:30 +00:00
des
351bcb5c21
Tweak ifdefs for backward compatibility.
2006-10-03 11:33:25 +00:00
des
24e2cf96ac
Dead files.
2006-10-02 13:29:41 +00:00
des
a74a69e336
Regenerate; no effect on the code as it doesn't actually use the handful of
...
conditionals that changed in this revision.
2006-10-02 12:45:27 +00:00
des
14ad83d6bf
Update configure options and add some missing steps.
...
The section about our local changes needs reviewing, and some of those
changes should probably be reconsidered (such as preferring DSA over RSA,
which made sense when RSA was encumbered but probably doesn't any more)
2006-10-02 12:39:28 +00:00
simon
25dab5b4c1
Import from upstream OpenSSL 0.9.8 branch:
...
Fix uninitialized free of ctx in compute_key() when the
OPENSSL_DH_MAX_MODULUS_BITS check is triggered.
This fixes the same issue as FreeBSD-SA-06:23.openssl v1.1.
2006-10-01 08:09:46 +00:00
simon
ac7fb23be5
This commit was generated by cvs2svn to compensate for changes in r162916,
...
which included commits to RCS files with non-trunk default branches.
2006-10-01 08:09:46 +00:00
simon
de193995a6
Resolve conflicts after import of OpenSSL 0.9.8d.
2006-10-01 07:46:16 +00:00
simon
387e65d767
Vendor import of OpenSSL 0.9.8d.
2006-10-01 07:38:44 +00:00
simon
b2881e9eb1
This commit was generated by cvs2svn to compensate for changes in r162911,
...
which included commits to RCS files with non-trunk default branches.
2006-10-01 07:38:44 +00:00
des
0824f0c0e7
Regenerate.
...
MFC after: 1 week
2006-09-30 13:40:56 +00:00
des
ac038c1070
#include <errno.h>; this has the unfortunate side effect of taking the file
...
off the vendor branch.
MFC after: 1 week
2006-09-30 13:40:35 +00:00
des
0f481d7c8c
Removed from vendor branch.
...
MFC after: 1 week
2006-09-30 13:39:35 +00:00
des
e16bfbb7bc
Bump version addendum.
...
MFC after: 1 week
2006-09-30 13:39:07 +00:00
des
4ff234ef46
Merge conflicts.
...
MFC after: 1 week
2006-09-30 13:38:06 +00:00
des
2f35ce4773
Vendor import of OpenSSH 4.4p1.
2006-09-30 13:29:51 +00:00
des
abd7c8704b
This commit was generated by cvs2svn to compensate for changes in r162852,
...
which included commits to RCS files with non-trunk default branches.
2006-09-30 13:29:51 +00:00
des
97a1b8f884
Merge vendor patch for BSM problem in protocol version 1.
...
MFC after: 1 week
2006-09-16 15:12:58 +00:00
des
03ef9d989b
Vendor patch for a problem that prevented using protocol version 1 when
...
BSM was enabled.
2006-09-16 15:10:13 +00:00
simon
22f3e61de2
Correct incorrect PKCS#1 v1.5 padding validation in crypto(3).
...
Obtained from: OpenSSL project
Security: FreeBSD-SA-06:19.openssl
2006-09-10 20:16:43 +00:00
simon
76f00e0285
Resolve conflicts after import of OpenSSL 0.9.8b.
...
This was missed the first time around since eng_padlock.c was not part
of OpenSSL 0.9.7e and therefor did not have the v0_9_7e CVS tag used
during original resolve of conflicts.
Noticed by: Antoine Brodin <antoine.brodin@laposte.net>
2006-07-30 14:17:54 +00:00
simon
870bdce538
Sync FREEBSD-Xlist with what was actually excluded from OpenSSL 0.9.8b
...
import.
2006-07-29 22:40:45 +00:00
simon
00e07ea415
Add some rough notes on how to import a new OpenSSL version into the
...
FreeBSD base system. Parts are inspired by the OpenSSH upgrade notes.
2006-07-29 22:01:26 +00:00
simon
e07cc0214a
Resolve conflicts after import of OpenSSL 0.9.8b.
2006-07-29 19:14:51 +00:00
simon
fb3c70eda8
Vendor import of OpenSSL 0.9.8b
2006-07-29 19:10:21 +00:00
simon
9159ca2b0e
This commit was generated by cvs2svn to compensate for changes in r160814,
...
which included commits to RCS files with non-trunk default branches.
2006-07-29 19:10:21 +00:00
des
d9ba51b5fc
Our glob(3) has all the required features.
...
Submitted by: ache
2006-06-09 08:39:05 +00:00
des
a34ad0a5f7
Revert inadvertant commit of debugging code.
2006-06-09 07:23:14 +00:00
des
148092431d
Introduce a namespace munging hack inspired by NetBSD to avoid polluting
...
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)
Suggested by: lukem@netbsd.org
MFC after: 6 weeks
2006-05-13 13:47:45 +00:00
des
9c68158992
Fix utmp. There is some clever logic in configure.ac which attempts to
...
determine whether struct utmp contains the ut_host and ut_time fields.
Unfortunately, it reports a false negative for both on FreeBSD, and I
didn't check the resulting config.h closely enough to catch the error.
Noticed by: ache
2006-03-23 21:31:42 +00:00
des
eb091e1fc6
Regenerate.
2006-03-22 20:41:53 +00:00
des
7c07891caf
Merge conflicts.
2006-03-22 20:41:37 +00:00