| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| | |
Notes:
svn path=/head/; revision=360175
|
| |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=360173
svn path=/vendor-crypto/openssl/1.1.1g/; revision=360174; tag=vendor/openssl/1.1.1g
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See https://www.openssl.org/news/secadv/20200421.txt for details.
Approved by: so
Security: CVE-2020-1967
Notes:
svn path=/head/; revision=360146
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=359486
|
| |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=359482
svn path=/vendor-crypto/openssl/1.1.1f/; revision=359483; tag=vendor/openssl/1.1.1f
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is currently staged in vendor/ as part of the 8.0p1 import, which isn't
quite ready to land. Given that this is a simple one-line fix, apply it now
as the fallout will be pretty minimal.
-fno-common will become the default in GCC10/LLVM11.
MFC after: 3 days
Notes:
svn path=/head/; revision=359424
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=359060
|
| |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=359051
svn path=/vendor-crypto/openssl/1.1.1e/; revision=359052; tag=vendor/openssl/1.1.1e
|
| |
| |
| |
| | |
Notes:
svn path=/head/; revision=358323
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It appears that FREEBSD-vendor is an idea that never really took off
and we should probably just remove it, but until then we might as well
record the correct version.
Notes:
svn path=/head/; revision=357939
|
| |
| |
| |
| |
| |
| |
| | |
ftp://ftp.openbsd.org/ does not work.
Notes:
svn path=/head/; revision=357932
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=357926
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to add user-facing deprecation notices for TCP wrappers; start
with a note in the upgrade process docmentation.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=357925
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
LIBWRAP is defined by the Makefile based on MK_TCP_WRAPPERS and should
not be defined in config.h.
PR: 210141
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=357922
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In r339216 a privsep wrapper was added for login_getpwclass to address
PR 231172. Unfortunately the change used the MON_AUTH flag in the
wrapper, and MON_AUTH includes MON_AUTHDECIDE which triggers an
auth_log() on each invocation. getpwclass() does not participate in the
authentication decision, so should be MON_ISAUTH instead.
PR: 234793
Submitted by: Henry Hu
Reviewed by: Yuichiro NAITO
MFC after: 1 week
Notes:
svn path=/head/; revision=354897
|
|\ \ \
| | |/
| |/|
| | | |
Notes:
svn path=/head/; revision=352191
|
| | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=352163
svn path=/vendor-crypto/openssl/1.1.1d/; revision=352164; tag=vendor/openssl/1.1.1d
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
struct xucred. Do not bump XUCRED_VERSION as struct layout is not changed.
PR: 215202
Reviewed by: tijl
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20415
Notes:
svn path=/head/; revision=348419
|
|\| |
| | |
| | |
| | | |
Notes:
svn path=/head/; revision=348340
|
| | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=348333
svn path=/vendor-crypto/openssl/1.1.1c/; revision=348334; tag=vendor/openssl/1.1.1c
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Submitted by: yuripv
Differential Revision: https://reviews.freebsd.org/D18636
Notes:
svn path=/head/; revision=345579
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
upstream: when checking that filenames sent by the server side
match what the client requested, be prepared to handle shell-style brace
alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy
deraadt@
OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
Discussed with: des
Obtained from: OpenSSH-portable 3d896c157c722bc47adca51a58dca859225b5874
Notes:
svn path=/head/; revision=345576
|
|\ \ \
| | |/
| |/|
| | | |
Notes:
svn path=/head/; revision=344602
|
| | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=344595
svn path=/vendor-crypto/openssl/1.1.1b/; revision=344596; tag=vendor/openssl/1.1.1b
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSH-portable commits:
check in scp client that filenames sent during remote->local directory
copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@
OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
Minor patch conflict (getopt) resolved.
Obtained from: OpenSSH-portable 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
scp: add -T to usage();
OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899
Obtained from: OpenSSH-portable 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8
PR: 234965
Approved by: des
MFC after: 3 days
Obtained from: OpenSSH-portable 391ffc4b9d, 2c21b75a7b
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19076
Notes:
svn path=/head/; revision=344449
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Obtained from: OpenBSD scp.c 1.198
Security: CVE-2018-20685
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=343043
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reported by: delphij@
Notes:
svn path=/head/; revision=342871
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now the new devcrypto engine is enabled since r342009, many users started
seeing "Could not open /dev/crypto: No such file or directory". Disable
the annoying error message as it is not very useful anyway.
Note the patch was submitted upstream.
https://github.com/openssl/openssl/pull/7896
Notes:
svn path=/head/; revision=342057
|
|\ \ \
| | |/
| |/|
| | | |
Notes:
svn path=/head/; revision=340703
|
| | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=340690
svn path=/vendor-crypto/openssl/1.1.1a/; revision=340691; tag=vendor/openssl/1.1.1a
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
number bump.
Reported by: jkim
Discussed with: kib
MFC after: immediate
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339741
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove a workaround for older Unbound versions that used sbrk.
Approved by: re (gjb)
Notes:
svn path=/head/; revision=339294
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Update OpenSSL to version 1.1.1.
- Update Kerberos/Heimdal API for OpenSSL 1.1.1 compatibility.
- Bump __FreeBSD_version.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339270
|
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/projects/openssl111/; revision=339259
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/openssl111/; revision=339255
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/openssl111/; revision=339240
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Existing work is underway to import a newer version of heimdal, but
this patchset gets us to a fully working tree to enable more wide
spread testing of OpenSSL 1.1 for now.
I've also enabled WARNS=1 for kerberos (which is the reason for the
change in libroken). Having -Werror enabled was useful during the
1.1 updates and we probably should have warnings enabled by default
for kerberos anyway.
This passes make tinderbox, and I have also done some very light
runtime testing on amd64.
Reviewed by: bjk, jkim, emaste
Differential Revision: https://reviews.freebsd.org/D17276
Notes:
svn path=/projects/openssl111/; revision=339198
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Differential Revision: https://reviews.freebsd.org/D17390
Notes:
svn path=/projects/openssl111/; revision=339157
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Missed in migrating changeset from git to svn for r338811
Reported by: jhb
Notes:
svn path=/projects/openssl111/; revision=339154
|
| | | | |
| | | | |
| | | | |
| | | | | |
Notes:
svn path=/projects/openssl111/; revision=338896
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.
Trivial conflicts in sshkey.c and test_sshkey.c were resolved.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/openssl111/; revision=338811
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Local changes introduced an OPENSSH_VERSION macro, but this conflicts
with a macro of the same name introduced with OpenSSL 1.1.1.
Notes:
svn path=/projects/openssl111/; revision=338805
|
| | | | |
| | | | |
| | | | |
| | | | | |
Notes:
svn path=/projects/openssl111/; revision=338767
|
| | | | |
| | | | |
| | | | |
| | | | | |
Notes:
svn path=/projects/openssl111/; revision=338765
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Prodded by: avg
Notes:
svn path=/projects/openssl111/; revision=338681
|
| |\ \ \ \
| | | |/ /
| | |/| |
| | | | |
| | | | |
| | | | |
| | | | | |
Note it does not update build infrastructure.
Notes:
svn path=/projects/openssl111/; revision=338663
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=338658
svn path=/vendor-crypto/openssl/1.1.1/; revision=338659; tag=vendor/openssl/1.1.1
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
- Wrap calls to login_cap(3) API in appropriate #ifdefs.
- Add wrapper for transferring time_t, which is still only 32 bits wide
on FreeBSD i386.
- Use a temporary variable to deserialize size_t.
Approved by: re (gjb)
Notes:
svn path=/head/; revision=339263
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Reported by: des
Approved by: re (rgrimes)
Notes:
svn path=/head/; revision=339248
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.
PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128
Notes:
svn path=/head/; revision=339216
|