MirBSD/cvs 10055EBsrc/kern/include mirhash.h

   oksh sync, simplify *all* if(x)free(x); constructs, simplify x_push() and sync 
boilerplate while here
VersionDeltaFile
1.5+2-2src/kern/include/mirhash.h
+2-21 files

MirBSD/cvs 10055CDsrc/gnu/usr.bin/lynx Makefile.bsd-wrapper, src/gnu/usr.bin/lynx/src LYCookie.c

   fix a crashing bug; disable lynx’ own crash handler preventing tracing
   them always (ipv just when DEBUGging); bump

MirBSD/cvs 10055ABports/net/openvpn Makefile, ports/net/openvpn/patches patch-configure_ac patch-src_openvpn_misc_c

   new OpenVPN; modulo HMAC errors thrown on server side…

MirBSD/cvs 10055ABsrc/lib/libc/crypt blowfish.c

   fix OpenSSL bug: *iv needs to be updated
   (also, bring more sense into the algorithms)
VersionDeltaFile
1.3+37-31src/lib/libc/crypt/blowfish.c
+37-311 files

MirBSD/cvs 10055ABsrc/lib/libssl/crypto rc4.h

   more of the same
VersionDeltaFile
1.3+13-13src/lib/libssl/crypto/rc4.h
+13-131 files

MirBSD/cvs 10055ABsrc/lib/libssl/src/crypto/bf blowfish.h

   let macros use non-conflicting names for local variables; fixes segfaults
VersionDeltaFile
1.4+29-29src/lib/libssl/src/crypto/bf/blowfish.h
+29-291 files

MirBSD/cvs 10055ABsrc/lib/libssl/src/crypto/aes aes_cfb.c, src/lib/libssl/src/crypto/evp evptests.txt e_aes.c

   remove all CFB1 ciphers: DES are even broken in contemporary OpenSSL,
   and AES ones seem to be broken here; former documented in, latter
   spotted by, OpenVPN testsuite

MirBSD/cvs 10055ABsrc/lib/libssl/src/crypto/evp digest.c evp.h

   EVP_Digest() takes const data

MirBSD/cvs 10055ABports/archivers/lzo distinfo Makefile, ports/archivers/lzo/patches patch-configure_ac

   update (regression tested)

MirBSD/cvs 10055ABports/infrastructure/mk gnu.port.mk

   disable long double, when tested for
VersionDeltaFile
1.60+5-1ports/infrastructure/mk/gnu.port.mk
+5-11 files

MirBSD/cvs 10055ABports/mailnews/pine Makefile, ports/mailnews/pine/patches patch-imap_src_osdep_unix_ssl_unix_c

   revert the now no longer needed patches from yesternight, MirSSL copes now

MirBSD/cvs 10055ABsrc/lib/libssl/src/doc/ssl SSL_library_init.pod

   take a page out of LibreSSL’s book and assume application writers are
   stupid… or “just” not interested in the innards of their SSL library:
   merge patch to load SHA2 by default, plus doc update, into MirSSL

MirBSD/cvs 10055ABsrc/gnu/usr.bin/lynx Makefile.bsd-wrapper

   bump patchlevel after the patch

MirBSD/cvs 10055ABsrc/distrib/lists/base/etc mi

   full sync
VersionDeltaFile
1.68+1-0src/distrib/lists/base/etc/mi
+1-01 files

MirBSD/cvs 10055AAsrc/sys/sys param.h

   bump; post-SSL-SHA; pre SSL-RNG, sendmail update, Unicode 8, mksh fixes, DH params, 
honour cipher order
VersionDeltaFile
1.102+3-3src/sys/sys/param.h
+3-31 files

MirBSD/cvs 10055AAsrc/usr.sbin/httpd/conf httpd.conf

   RC4 NOMORE
VersionDeltaFile
1.27+2-5src/usr.sbin/httpd/conf/httpd.conf
+2-51 files

MirBSD/cvs 10055AAports/infrastructure/mk bsd.port.mk

   implement SETENV_TO_KEEP
VersionDeltaFile
1.290+7-1ports/infrastructure/mk/bsd.port.mk
+7-11 files

MirBSD/cvs 10055AAports/mailnews/pine/patches patch-imap_src_ipopd_Makefile patch-pine_makefile_bso

   teach pine proper SSL plus honouring ${LDSTATIC}

MirBSD/cvs 10055AAsrc/lib/libssl/src/doc/crypto OpenSSL_add_all_algorithms.pod, src/lib/libssl/src/doc/ssl ssl.pod SSL_library_init.pod

   merge bugfix from sendmail (and add warnings to documentation):
           Properly initialize all OpenSSL algorithms for versions before
                   OpenSSL 0.9.8o. Without this SHA2 algorithms may not
                   work properly, causing for example failures for certs
                   that use sha256WithRSAEncryption as signature algorithm.
   additionally, remove redundant call (it’s an alias) from ftp(1)

MirBSD/cvs 10055AAsrc/lib/libssl/crypto Makefile, src/lib/libssl/ssl Makefile

   bump; this was enough to get SHA2 in openssltool(1) apparently

MirBSD/cvs 10055AAsrc/lib/libssl/src/crypto/hmac hmac.h

   SHA-512 is a pretty long hash

MirBSD/cvs 10055AAsrc/lib/libssl/src/crypto/evp m_sha1.c c_alld.c, src/lib/libssl/src/doc/apps openssl.pod dgst.pod

   EVP & Co. for SHA2

MirBSD/cvs 10055AAsrc/lib/libssl/crypto mbsd_sha1.c sha.h

   we appear to do need SHA224; plus some minor fixes

MirBSD/cvs 10055AAsrc/lib/libc/hash sha2.c sha2.3, src/lib/libssl/crypto mbsd_sha1.c sha.h

   SHA2 for OpenSSL, the easy part

MirBSD/cvs 10055AAsrc/lib/libssl/src/crypto/cast c_enc.c cast.h, src/lib/libssl/src/crypto/rand mbsdrand.c

   drop compat code for old MirBSD, we’re going to need more anyway

MirBSD/cvs 10055A0ports/shells/mksh distinfo Makefile

   R51

MirBSD/cvs 100559Csrc/sys/crypto randimpl.h randcore.c

   save 3 bytes

MirBSD/cvs 100559Csrc/lib/libc/stdlib malloc.3, src/share/dict words

   antecedere

MirBSD/cvs 100559Csrc/sys/dev/raidframe rf_dagdegwr.c

   fix spelling (precedessor → predecessor, but antecessor is better)

MirBSD/cvs 1005592src/share/zoneinfo/datfiles leapseconds

   fullmerge new tzdata

MirBSD/cvs 1005592src/share/zoneinfo/datfiles northamerica africa

   tzdata2015e

MirBSD/cvs 1005571src/usr.sbin/httpd/src/modules/ssl ssl_engine_dh.c

   make it compile, validate

MirBSD/cvs 1005571src/usr.sbin/httpd/src/modules/ssl ssl_engine_dh.c

   get ourselves a new 1024-bit DH parameter

MirBSD/cvs 1005571src/usr.sbin/httpd/src/modules/ssl ssl_engine_dh.c

   change embedded Perl script to only generate a 1024-bit embedded DH group
   (we’re safe from LogJam with that commit, but I’ll backport the stuff to
   load a DH group from file later)

MirBSD/cvs 1005571src/lib/libssl/src/crypto opensslv.h

   works, bump version

MirBSD/cvs 1005571src/lib/libssl/src/ssl s3_clnt.c

   try to adopt upstream’s commit, but use 1008 bit for non-EXP, like GnuTLS
VersionDeltaFile
1.18+8-15src/lib/libssl/src/ssl/s3_clnt.c
+8-151 files

MirBSD/cvs 1005571src/lib/libssl/src/ssl s3_clnt.c

   backport additional NULL check while here
VersionDeltaFile
1.17+3-2src/lib/libssl/src/ssl/s3_clnt.c
+3-21 files

MirBSD/cvs 100556Fsrc/usr.sbin/httpd/conf httpd.conf

   drop aDSS, both from EvolvisForge and by Apache httpd/mod_ssl suggestion;
   add comment about RC4 removal forcing PFS and, unless that’s the goal, it
   isn’t necessary for sendmail(8) – currently not 100% true, patches coming
VersionDeltaFile
1.26+4-2src/usr.sbin/httpd/conf/httpd.conf
+4-21 files

MirBSD/cvs 100556Asrc/kern/include mirhash.h

   add missing initialisation of stack memory to BAFHHostStr(); fix comments for BAFHror()
VersionDeltaFile
1.4+7-5src/kern/include/mirhash.h
+7-51 files

MirBSD/cvs 100556Asrc/usr.bin/wtf wtf.1 wtf

   time for another speed hack, making even more use of the sorting
VersionDeltaFile
1.16+4-0src/usr.bin/wtf/wtf.1
1.28+3-0src/usr.bin/wtf/wtf
+7-02 files

MirBSD/cvs 1005563src/lib/libssl Makefile dhparams.pem

   ship pregenerated dhparams; add code to update it

MirBSD/cvs 1005563src/lib/libssl/src/crypto opensslv.h

   bump

MirBSD/cvs 1005563src/lib/libssl/src/apps ocsp.c, src/lib/libssl/src/ssl ssl_lib.c

   use TLS_method() and TLS_client_method(), respectively, as version fallback

MirBSD/cvs 1005563src/lib/libssl/src/ssl t1_meth.c

   add back SSLv23_method
VersionDeltaFile
1.4+5-0src/lib/libssl/src/ssl/t1_meth.c
+5-01 files

MirBSD/cvs 1005563src/lib/libssl/src/ssl t1_meth.c s23_srvr.c

   add TLS_{,client_,server_}method()

MirBSD/cvs 1005563src/usr.sbin/httpd/conf httpd.conf

   add a few more !foo here, no change in current openssl but good practice
VersionDeltaFile
1.25+2-2src/usr.sbin/httpd/conf/httpd.conf
+2-21 files

MirBSD/cvs 1005563src/gnu/usr.sbin/sendmail/cf/m4 proto.m4

   add confCIPHER_LIST, no change to generated files yet

MirBSD/cvs 1005563src/lib/libssl/src/ssl s3_clnt.c

   …oops
VersionDeltaFile
1.16+1-2src/lib/libssl/src/ssl/s3_clnt.c
+1-21 files

MirBSD/cvs 1005563X11/xc/nls/Compose en_US.UTF-8

   update from both XFree86® and Debian® console-setup; bugfix, indent (some)
VersionDeltaFile
1.7+522-500X11/xc/nls/Compose/en_US.UTF-8
+522-5001 files

MirBSD/cvs 1005563X11/xc/nls/Compose en_US.UTF-8

   update to r1.14 from XFree86 CVS
VersionDeltaFile
1.1.103.2+11-1X11/xc/nls/Compose/en_US.UTF-8
+11-11 files