src-test2/crypto, branch releng/7.3

src-test2/crypto, branch releng/7.3 FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=releng%2F7.3 2011-12-23T15:00:37Z Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06] 2011-12-23T15:00:37Z Colin Percival cperciva@FreeBSD.org 2011-12-23T15:00:37Z urn:sha1:d7071cce137418952864dba0c9c57ee4f858a5d0 Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam Fix a race condition exists in the OpenSSL TLS server extension code and 2010-11-29T20:43:06Z Simon L. B. Nielsen simon@FreeBSD.org 2010-11-29T20:43:06Z urn:sha1:cb122a13fc0100962e6408f199a57056593b91f9 a double free in the SSL client ECDH handling code. Approved by: so (simon) Security: CVE-2010-2939, CVE-2010-3864 Security: FreeBSD-SA-10:10.openssl Disable SSL renegotiation in order to protect against a serious 2009-12-03T09:18:40Z Colin Percival cperciva@FreeBSD.org 2009-12-03T09:18:40Z urn:sha1:ff76cd25e76134d4427ca45075cde251b405809b protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate Revert to using the userland closefrom() stub instead of the system call 2009-07-21T13:45:40Z John Baldwin jhb@FreeBSD.org 2009-07-21T13:45:40Z urn:sha1:94758382d15eccb1ced5ee7cc2634f618355a672 to give a longer grace time where newer ssh binaries work with older kernels. Requested by: obrien Approved by: des MFC: Use the closefrom(2) system call. 2009-07-14T20:46:19Z John Baldwin jhb@FreeBSD.org 2009-07-14T20:46:19Z urn:sha1:0732a27aec12484364ba3f7f453ab8ca9ac975a7 Don't leak information via uninitialized space in db(3) records. [09:07] 2009-04-22T14:07:14Z Colin Percival cperciva@FreeBSD.org 2009-04-22T14:07:14Z urn:sha1:52521a3ba52b62d40d99eb07f57afd3189f3d061 Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08] Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva) Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07T20:17:55Z Simon L. B. Nielsen simon@FreeBSD.org 2009-01-07T20:17:55Z urn:sha1:e33b799b23a06bf1d6cc3f4b9af88f10f3c8b754 long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon) MFC (r184122): fix UseDNS option. 2008-10-28T14:55:41Z Dag-Erling Smørgrav des@FreeBSD.org 2008-10-28T14:55:41Z urn:sha1:16ecbbb5eda3bd4a9479827aa35da6a955f3c485 Approved by: re (kib) MFH (r183458): replace $Mdocdate$ with bare dates. 2008-10-03T10:43:17Z Dag-Erling Smørgrav des@FreeBSD.org 2008-10-03T10:43:17Z urn:sha1:a50d5b3d383ce006ac885313a33682ac8a74ef38 Approved by: re (kib) MFH (r183336): "xmalloc: zero size" fix. 2008-10-03T10:40:26Z Dag-Erling Smørgrav des@FreeBSD.org 2008-10-03T10:40:26Z urn:sha1:e8567963f1c844385c5bb84df969d01a44f4b785 Approved by: re (kib)