src/crypto, branch release/9.0.0

src/crypto, branch release/9.0.0 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F9.0.0 2011-12-23T15:00:37Z Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06] 2011-12-23T15:00:37Z Colin Percival cperciva@FreeBSD.org 2011-12-23T15:00:37Z urn:sha1:7501ca43959525c0fffc939d2f3daf2fdf69e553 Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam MFH r225852: regenerate after hpn patch 2011-10-04T15:06:11Z Dag-Erling Smørgrav des@FreeBSD.org 2011-10-04T15:06:11Z urn:sha1:395604bd930a3656c7c965160c83c938701233a5 Approved by: re (kib) Remove the svn:keywords property and restore the historical $FreeBSD$ tag. 2011-09-16T11:14:10Z Dag-Erling Smørgrav des@FreeBSD.org 2011-09-16T11:14:10Z urn:sha1:45f3db2122c56592609e50e37e76144ff467db2e Approved by: re (kib) MFC after: 3 weeks Fix SSL memory handlig for (EC)DH cipher suites, in particular for 2011-09-08T09:33:49Z Xin LI delphij@FreeBSD.org 2011-09-08T09:33:49Z urn:sha1:dfdd3320563293af72effba0ea2826a1a934106e multi-threaded use of ECDH. Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib) Fix two more $FreeBSD$ keywords. 2011-08-03T20:21:52Z Brooks Davis brooks@FreeBSD.org 2011-08-03T20:21:52Z urn:sha1:8eb43d357c6e72a7fc89933059fdbfaf7829197c Reported by: pluknet Approved by: re (implicit) Add support for dynamically adjusted buffers to allow the full use of 2011-08-03T19:14:22Z Brooks Davis brooks@FreeBSD.org 2011-08-03T19:14:22Z urn:sha1:8998619212f3a1c489079256ef1f6a26a7d7612c the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) Fix clang warning (why is there nowhere yyparse() is declared?). 2011-05-18T20:57:23Z Ben Laurie benl@FreeBSD.org 2011-05-18T20:57:23Z urn:sha1:198a158f99bb44be9ac17615a61542b41836e63e Approved by: philip (mentor) Merge two upstream patches from vendor branch. No functional changes. 2011-05-05T08:08:18Z Dag-Erling Smørgrav des@FreeBSD.org 2011-05-05T08:08:18Z urn:sha1:faa715d30ccfad973b8266301775d79df14a83b3 Upgrade to OpenSSH 5.8p2. 2011-05-04T07:34:44Z Dag-Erling Smørgrav des@FreeBSD.org 2011-05-04T07:34:44Z urn:sha1:4a421b6336e5e0c2ff27024c30fe32c6f71dcf3d Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could 2011-02-12T21:30:46Z Simon L. B. Nielsen simon@FreeBSD.org 2011-02-12T21:30:46Z urn:sha1:0a70456882e4b46d78218f9c484dc739e6f272b5 cause OpenSSL to parse past the end of the message. Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On". Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014 Obtained from: OpenSSL CVS