src/crypto, branch releng/7.0

src/crypto, branch releng/7.0 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F7.0 2009-04-22T14:07:14Z Don't leak information via uninitialized space in db(3) records. [09:07] 2009-04-22T14:07:14Z Colin Percival cperciva@FreeBSD.org 2009-04-22T14:07:14Z urn:sha1:57895cdc764809ad29336431ee6b43c68fe15f15 Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08] Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva) Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07T20:17:55Z Simon L. B. Nielsen simon@FreeBSD.org 2009-01-07T20:17:55Z urn:sha1:636b4dcc16aaafd36ca1dec5ff590cd41b16adcf long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon) Fix logic error in sshd(8) concerning the handling of failed 2008-04-17T00:00:54Z Colin Percival cperciva@FreeBSD.org 2008-04-17T00:00:54Z urn:sha1:526c7ad3a7206ddbf8060e0ca0373eee49c8275a attempts to bind ports for X11 forwarding. Security: FreeBSD-SA-08:05.openssh Approved by: so (cperciva) MFC 1.2: 2008-02-05T21:02:04Z Simon L. B. Nielsen simon@FreeBSD.org 2008-02-05T21:02:04Z urn:sha1:ac9f2799f0b21bd2ffd366bbd467bf9639e78e0a Unbreak detection of cryptodev support for FreeBSD which was broken with OpenSSL 0.9.8 import. Note that this does not enable cryptodev by default, as it was the case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it possible to enable cryptodev at all. Approved by: re (kensmith) MFC: remove some _FREEFALL_CONFIG hacks. We don't use ksu on the 2007-10-29T21:39:03Z Peter Wemm peter@FreeBSD.org 2007-10-29T21:39:03Z urn:sha1:14aa857adf47ab7364e1c4eda9e0b4d00306f800 freebsd.org cluster any more. Approved by: re (kensmith) MFC: Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. 2007-10-18T22:20:04Z Simon L. B. Nielsen simon@FreeBSD.org 2007-10-18T22:20:04Z urn:sha1:c4d356d3b5c3e04758514a5276a1ee560c4f8ad7 Security: CVE-2007-4995 Security: http://www.openssl.org/news/secadv_20071012.txt Approved by: re (kensmith) Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers(). 2007-10-03T21:38:57Z Simon L. B. Nielsen simon@FreeBSD.org 2007-10-03T21:38:57Z urn:sha1:ec4b528c4ab13ecbe7c160533e7ffc81bc5b75c6 Security: FreeBSD-SA-07:08.openssl Approved by: re (security blanket) s/X11R6/local/g 2007-05-24T22:04:07Z Dag-Erling Smørgrav des@FreeBSD.org 2007-05-24T22:04:07Z urn:sha1:ffea3f5a05a0d8cf12aeb894e0c4240d9928d159 Fix runtime crash in OpenSSL with "Illegal instruction" by making some 2007-05-22T20:28:19Z Simon L. B. Nielsen simon@FreeBSD.org 2007-05-22T20:28:19Z urn:sha1:1a15cc9f5ce180eabdfe44fc47cbc8f52a8be758 casts a bit less evil. This was e.g. seen when using portsnap as: Fetching snapshot tag from portsnap3.FreeBSD.org... Illegal instruction Note the patch is slightly different from kan's original patch to match style in the OpenSSL source files a bit better. Submitted by: kan Tested by: many - Bring upgrade produce up-to-date for OpenSSL 0.9.8e. 2007-03-15T21:06:48Z Simon L. B. Nielsen simon@FreeBSD.org 2007-03-15T21:06:48Z urn:sha1:e9c804063f2ea9df6c74a3a596df9237872df173 - Add reminder to bump version numer in Makefile.inc.