FreeBSD source tree https://cgit-dev.freebsd.org/src-test/atom?h=main 2020-12-09T02:05:14Z 2020-12-09T02:05:14Z Jung-uk Kim jkim@FreeBSD.org 2020-12-09T02:05:14Z urn:sha1:c3c73b4f0a91d2806e1a632b75f769fb4fa89576 2020-12-08T18:10:16Z Jung-uk Kim jkim@FreeBSD.org 2020-12-08T18:10:16Z urn:sha1:970a464089066970886f0bce6d1c9dcfbcb2e8ea 2020-12-08T16:43:35Z Ed Maste emaste@FreeBSD.org 2020-12-08T16:43:35Z urn:sha1:2c9ac5855b2f45cf94ac1004b945c1d4aa77cc21 OpenSSL commit 3db2c9f3: Complain if we are attempting to encode with an invalid ASN.1 template OpenSSL commit 43a7033: Check that multi-strings/CHOICE types don't use implicit tagging OpenSSL commit f960d812: Correctly compare EdiPartyName in GENERAL_NAME_cmp() Obtained from: OpenSSL 3db2c9f3, 43a7033, f960d812 Security: CVE-2020-1971 2020-10-27T11:29:11Z Stefan Eßer se@FreeBSD.org 2020-10-27T11:29:11Z urn:sha1:1f474190fc280d4a4ef0c214e4d7fff0d1237e22 Literal references to /usr/local exist in a large number of files in the FreeBSD base system. Many are in contributed software, in configuration files, or in the documentation, but 19 uses have been identified in C source files or headers outside the contrib and sys/contrib directories. This commit makes it possible to set _PATH_LOCALBASE in paths.h to use a different prefix for locally installed software. In order to avoid changes to openssh source files, LOCALBASE is passed to the build via Makefiles under src/secure. While _PATH_LOCALBASE could have been used here, there is precedent in the construction of the path used to a xauth program which depends on the LOCALBASE value passed on the compiler command line to select a non-default directory. This could be changed in a later commit to make the openssh build consistently use _PATH_LOCALBASE. It is considered out-of-scope for this commit. Reviewed by: imp MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D26942 2020-09-22T16:18:31Z Jung-uk Kim jkim@FreeBSD.org 2020-09-22T16:18:31Z urn:sha1:58f351825a371d1a3dd693d6f64a1245ea851a51 2020-09-22T14:27:08Z Jung-uk Kim jkim@FreeBSD.org 2020-09-22T14:27:08Z urn:sha1:92f02b3b0f21350e7c92a16ca9b594ad7682c717 2020-08-26T16:55:28Z Jung-uk Kim jkim@FreeBSD.org 2020-08-26T16:55:28Z urn:sha1:63c1bb51629b1bdb150885c72bd297ff7d7f228a We prepend "FreeBSD" to Clang version string. This broke compiler test for AVX instruction support. Reported by: jhb 2020-07-29T00:34:24Z Ed Maste emaste@FreeBSD.org 2020-07-29T00:34:24Z urn:sha1:e426c74375ef7cb3afda3c8e3010a7ea2dbd69d0 blacklistd has been renamed to blocklistd upstream, and a future import into FreeBSD will follow that change. Support the new name as an alias in config files. Reviewed by: bz, delphij MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25865 2020-07-28T00:24:12Z Ed Maste emaste@FreeBSD.org 2020-07-28T00:24:12Z urn:sha1:952d18a214951dc47ba425047669fe64bfcd3454 A base system OpenSSH update in 2016 or so removed a number of ciphers from the default lists offered by the server/client, due to known weaknesses. This caused POLA issues for some users and prompted PR207679; the ciphers were restored to the default lists in r296634. When upstream removed these ciphers from the default server list, they moved them to the client-only default list. They were subsequently removed from the client default, in OpenSSH 7.9p1. The change has persisted long enough. Remove these extra ciphers from both the server and client default lists, in advance of FreeBSD 13. Reviewed by: markm, rgrimes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25833 2020-07-15T18:49:00Z Ed Maste emaste@FreeBSD.org 2020-07-15T18:49:00Z urn:sha1:ea64ebd08c80e4c0a7b8ed207caba45e9374908e This change was made upstream between 7.9p1 and 8.0p1. We've made local changes in the same places for handling the version_addendum; apply the SSLeay_version to OpenSSL_version change in advance of importing 8.0p1. This should have been part of r363225. Obtained from: OpenSSH-portable a65784c9f9c5 MFC with: r363225 Sponsored by: The FreeBSD Foundation