FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F10.1.0 2014-03-31T00:28:54Z 2014-03-31T00:28:54Z Glen Barber gjb@FreeBSD.org 2014-03-31T00:28:54Z urn:sha1:f3b203e6dfd042327c87917210761e61b6fcdf3e Dereference nonexistent md2(3) manual. Sponsored by: The FreeBSD Foundation 2012-04-28T02:48:51Z David E. O'Brien obrien@FreeBSD.org 2012-04-28T02:48:51Z urn:sha1:9b9c301802a0f643ec0b52cfc6479e44dec99b76 1. The licensing terms for the MD2 routines from RFC is not under a BSD-like license. Instead it is only granted for non-commercial Internet Privacy-Enhanced Mail. 2. MD2 is quite deprecated as it is no longer considered a cryptographically strong algorithm. Discussed with: so (cperciva), core 2011-06-27T02:10:10Z Colin Percival cperciva@FreeBSD.org 2011-06-27T02:10:10Z urn:sha1:02d98cd4da82a09c88230a56f14b8c46820b9595 code in 9.0; neither existed in FreeBSD 4.0. 2011-04-09T13:56:29Z Mark Murray markm@FreeBSD.org 2011-04-09T13:56:29Z urn:sha1:3b50f6bf8307efcd9d85203c3db0583673867f8c relevant constants changed). While I'm here clean up the tests and Makefile. PR: misc/124164 Submitted by: KIMURA Yasuhiro < yasu utahime org > MFC after: 1 month 2011-02-15T22:03:09Z Dimitry Andric dim@FreeBSD.org 2011-02-15T22:03:09Z urn:sha1:152e60f2fe72db456bfeff4780a7db291c58106d have an executable stack, due to linking in hand-assembled .S or .s files, that have no .GNU-stack sections: RWX --- --- /lib/libcrypto.so.6 RWX --- --- /lib/libmd.so.5 RWX --- --- /lib/libz.so.6 RWX --- --- /lib/libzpool.so.2 RWX --- --- /usr/lib/liblzma.so.5 These were found using scanelf, from the sysutils/pax-utils port. Reviewed by: kib 2010-01-02T09:58:07Z Ed Schouten ed@FreeBSD.org 2010-01-02T09:58:07Z urn:sha1:daaf5759104f210a9315f49f80f1e0f01a8b3bff Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and lower it when needed. I'm setting WARNS?=0 for secure/. It seems secure/ includes the Makefile.inc provided by lib/. I'm not going to touch that directory. Most of the code there is contributed anyway. 2009-01-09T11:45:13Z Poul-Henning Kamp phk@FreeBSD.org 2009-01-09T11:45:13Z urn:sha1:2eecaf226b558ca19501bb423b0ba7b5ce453c71 Spotted by: Bjoern Voigt <bjoern@cs.tu-berlin.de> 2008-12-02T19:49:41Z Poul-Henning Kamp phk@FreeBSD.org 2008-12-02T19:49:41Z urn:sha1:8372089626dc6aee37d4f3a66c0f1a030bec912a installed version of the md library. 2007-05-14T05:00:37Z Colin Percival cperciva@FreeBSD.org 2007-05-14T05:00:37Z urn:sha1:23f678429764a718cd42b3755d81739ca77a3cca RIPEMD160_Update were broken when all of the following conditions applied: (1) The platform is i386. (2) The program calling *_Update is statically linked to libmd. (3) The buffer provided to *_Update is aligned modulo 4 bytes. (4) The buffer extends beyond 2GB. Due to the design of this code, SHA1_Update and RIPEMD160_Update will still be broken if conditions (1)-(3) apply AND the buffer extends beyond 4GB (i.e., there is an integer overflow in computing "data + len"). Since this remaining bug simply replaces SIGSEGV with a bogus hash (and non-broken programs should never provide such operands) I don't consider it to be a serious problem. MFC After: 1 week PR: kern/102795 2006-01-17T15:35:57Z Poul-Henning Kamp phk@FreeBSD.org 2006-01-17T15:35:57Z urn:sha1:25a14196dd8e3f2483a0911237e5567986afae31 of unsigned char* argument.