src/secure, branch release/10.3.0 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F10.3.0 2016-03-14T13:05:13Z MFS (r296781): 2016-03-14T13:05:13Z Dag-Erling Smørgrav des@FreeBSD.org 2016-03-14T13:05:13Z urn:sha1:2ef5a941ca44b7baf127b9877f7bde69488fa40f MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh PR: 207679 Security: CVE-2016-3115 Approved by: re (marius) Re-enable SSLv2 support to restore ABI. 2016-03-04T00:40:15Z Jung-uk Kim jkim@FreeBSD.org 2016-03-04T00:40:15Z urn:sha1:9e8336cc7205b3140d5ce887c5b4b754f03e66e4 Excerpt from CHANGES: Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client and server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. Approved by: re (marius, gjb), so (delphij) Merge OpenSSL 1.0.1s. This is a security update. 2016-03-02T15:43:01Z Xin LI delphij@FreeBSD.org 2016-03-02T15:43:01Z urn:sha1:2aab9f2e02bfc1930b0c9f7704bee21c4f910a4b Relnotes: yes Approved by: re (so@ implicit) MFH (r265214, r294333, r294407, r294467): misc prop fixes 2016-02-07T11:38:54Z Dag-Erling Smørgrav des@FreeBSD.org 2016-02-07T11:38:54Z urn:sha1:18f332e3cd2c94e60664a4940f7fd23c1ac7bc12 MFH (r285975, r287143): register mergeinfo for security fixes MFH (r294497, r294498, r295139): internal documentation MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap MFH (r294332): upgrade to openssh 6.8p1 MFH (r294367): update pam_ssh for api changes MFH (r294909): switch usedns back on MFH (r294336): upgrade to openssh 6.9p1 MFH (r294495): re-enable dsa keys MFH (r294464): upgrade to openssh 7.0p1 MFH (r294496): upgrade to openssh 7.1p2 Approved by: re (gjb) Relnotes: yes Merge OpenSSL 1.0.1r. 2016-01-28T21:42:10Z Jung-uk Kim jkim@FreeBSD.org 2016-01-28T21:42:10Z urn:sha1:be17a92a4c9367b4ab99a8434d6ea240c870bfe4 Relnotes: yes MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563) 2016-01-24T22:28:18Z Dag-Erling Smørgrav des@FreeBSD.org 2016-01-24T22:28:18Z urn:sha1:1c4a30b5fcee61a2418092b1cd900a26ed9a1681 Remove the HPN and None cipher patches. MFC r291941: 2016-01-07T23:26:16Z Bryan Drewery bdrewery@FreeBSD.org 2016-01-07T23:26:16Z urn:sha1:c7b0e8b2937de368c42f2b407d94ec00c170b652 Replace unneeded manual dependency on header by adding it to SRCS. MFC r289393: 2015-12-04T18:14:31Z Bryan Drewery bdrewery@FreeBSD.org 2015-12-04T18:14:31Z urn:sha1:677dfcac9f405eb023fb1a69ce77249e89210cf1 Add more SUBDIR_PARALLEL. MFC r289360,r289361,r289378,r289430,r289605,r289676: 2015-12-04T17:56:10Z Bryan Drewery bdrewery@FreeBSD.org 2015-12-04T17:56:10Z urn:sha1:842a101b8ead75432d119c285c5897d178c3c81d r289360: Add temporary workaround for .MAKE being applied to _worldtmp, since r251750. r289361: Consider top-level targets to be .PHONY as bmake won't build them otherwise if a file with the same name is found in the directory. r289378: Mark sub-make targets as .MAKE and .PHONY to handle -n and always-build properly. r289430: Remove .MAKE from targets that do more than just run sub-makes, such as calling rm or mtree. r289605: Add missing .PHONY for parallel subdir target. r289676: Add some missing '+', .MAKE, and .PHONY modifiers. Merge OpenSSL 1.0.1q. 2015-12-03T21:18:48Z Jung-uk Kim jkim@FreeBSD.org 2015-12-03T21:18:48Z urn:sha1:2825c9578714005bd79d04b563ba98c8ea637641