MidnightBSD 1.1.1-RELEASE
Create stable branch for 1.1
add more man pages
add missing files
update build
update
update
update man pages
add y flag
update build
update makefiles
tag and update
use ldns
use ldns
use ldns
use ldns
use ldns
use ldns
ldns
use ldns
ldns
use ldns
add tests to makefile
add tests
add tests
fixup
add tests
regen man pages
tag
fixup
update to openssl 1.0.1u
update man pages
add tests
make in parallel
add tests
turn on idea header
remove idea
add tests
add tests
fix makefile
add a wait
remove idea flags
retire the mislabeled ENABLE_SUID_SSH knob.
update list
update list of src files for openssh 7.3p1
update build
Security patch OpenSSL for DROWN A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN. [CVE-2016-0800] A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. [CVE-2016-0705] The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. [CVE-2016-0798] In the BN_hex2bn function, the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL pointer dereference. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. [CVE-2016-0797] The internal |fmtstr| function used in processing a "%s" formatted string in the BIO_*printf functions could overflow while calculating the length of a string and cause an out-of-bounds read when printing very long strings. [CVE-2016-0799] A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. [CVE-2016-0702] s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. If clear-key bytes are present for these ciphers, they displace encrypted-key bytes. [CVE-2016-0703] s2_srvr.c overwrites the wrong bytes in the master key when applying Bleichenbacher protection for export cipher suites. [CVE-2016-0704] Obtained from: OpenSSL & FreeBSD
update for newer kerberos code
update for newer kerberos code
add man pages
Update OpenSSL to 1.0.1o. Use basic build setup from FreeBSD 10-stable.
remove example.c
update version
fix order that the threading library is included to stop a possible denial of service against sshd
tag
we dont do sparc anymore
regen man pages for openssl
audit linux
Upgrade to OpenSSH 6.6p1 in 0.6-CURRENT
remove cvs2svn prop
Upgrade OpenSSH to 6.4p1
reset props for svn keywords
Security update for OpenSSL to 0.98y
add pkcs11-helper
remove arc4ramdon compat layer
update depends
Remove pppd
Revert arc4random removal
modify build
openssl build
kerberos bump requires changes to openssh too
Update OpenSSL part 2 of 2
Update openssl part 1 of 2
Fix a problem with the DES algorithm when used with non 7 bit ascii characters.
Turn the version addendum back on.
OpenSSH 5.7p1 fix
enc_min.c is required.
add missing file.
Some fixes for openssl .98q
Update makefiles for openssh 5.7p1. ssh-vulnkey is no longer included. I would hope most debian keys have been replaced at this point.
Upgrade to OpenSSL v0.9.8q
fix globbing
alrightythen.. add it here too
Fix build with openssh
Get sshd working.
Add fixes for 5.3p1
proper fix
fix build with 5.3p1
fix build with 5.3p1
Connect netpgp to the build.
connect libnetpgp to build
libnetpgp
Add netpgp makefile. This is intentionally not connected to the build yet as there are a few outstanding issues. It does compile and run if libnetpgp is installed. (tested i386 current)
Start of netpgp library from NetBSD current. This is based on the openpgpsdk, but cleaned up a lot. We can verify and sign using a gpg compatible lib but with a bsd license
cleanup
Fix build of ssh, also some cleanup.
Non functional cleanup
re-add openssl compat
Bring back umac.c as seen on tinderbox
tag
bump shared library version for libssh
Merge changes.
Newe world order time
Switch to new world order.
Merge changes.
Merge changes
Add ssh-vulnkey.
Add sftp-server-main.c which includes the main function for the sftp-server in openssh 4.9p1
OpenSSH 4.9 introduced an inline sftp-server option in addition to forking a process to handle connections. We're going to need to link in some of that sftp code.
The clients are now working, but we've still got to get sshd up
Fix linking problem noted in comment.
Add new files included since 4.6
Unbreak world (i hope)
deal with xorg 7
Deal with Xorg 7
Add $MidnightBSD$ and the netbsd namespace hack.
namespace hack from netbsd
Fix static compiling.
netbsd namespace hack
namespace hack from netbsd
openssh 4.4p1 import fix
netbsd namespace hack
add additional files from the OpenSSH import
NetBSD namespace hack.
NetBSD hack for namespace pollution.
Minimize namespace pollution. NetBSD hack.
Upgrade to OpenSSH 4.3 through modified FreeBSD-current sources.
This commit was generated by cvs2svn to compensate for changes in r2, which included commits to RCS files with non-trunk default branches.