aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Fix OpenSSL NULL pointer de-reference.releng/12.2Gordon Tetlow2020-12-086-10/+89
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:33.openssl Security: CVE-2020-1971 Notes: svn path=/releng/12.2/; revision=368463
* MFS: r366176Jung-uk Kim2020-09-25250-3915/+2134
| | | | | | | | | Merge OpenSSL 1.1.1h. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366177
* MFC: r364822, r364823Jung-uk Kim2020-08-2922-22/+22
| | | | | | | Fix Clang version detection and regen X86 assembly files. Notes: svn path=/stable/12/; revision=364963
* MFC 362676:Mateusz Piotrowski2020-07-061-1/+1
| | | | | | | Fix trailing-comma-related typos in the tree when the Xr macro is used Notes: svn path=/stable/12/; revision=362955
* MFC r362642: Don't log normal login_getpwclass(3) result.Xin LI2020-07-031-2/+0
| | | | Notes: svn path=/stable/12/; revision=362907
* MFC r357926: Upgrade to OpenSSH 7.9p1.Ed Maste2020-04-2581-1756/+2557
| | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/stable/12/; revision=360313
* MFC: r360175Jung-uk Kim2020-04-2438-614/+1739
| | | | | | | Merge OpenSSL 1.1.1g. Notes: svn path=/stable/12/; revision=360278
* MFC: r360146Gordon Tetlow2020-04-211-1/+1
| | | | | | | | | | | | | Fix OpenSSL remote denial of service. See https://www.openssl.org/news/secadv/20200421.txt for details. Approved by: so Security: FreeBSD-SA-20:11.openssl Security: CVE-2020-1967 Notes: svn path=/stable/12/; revision=360147
* MFC -fno-common fixes: r359389, r359394, r359397-r359399, r359403-r359404,Kyle Evans2020-04-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r359406, r359413-r359416, r359424-r359425, r359427, r359432-r359433, r359443, r359675-r359678 Note: this is not necessarily a complete fix to get these programs to build with -fno-common applied; further work may be needed in this branch. r359389: config(8): fixes for -fno-common Move this handful of definitions into main.c, properly declare these as extern in config.h. This fixes the config(8) build with -fno-common. Unexplained in my previous commit to gas, -fno-common will become the default in GCC10 and LLVM11, so it's worth addressing these in advance. r359394: MFV r359393: tcsh: import 6974bc35a5cd This removes an extra variable definition that causes the -fno-common build to fail, which will be a new default in GCC10/LLVM11. r359397: zfs: fix -fno-common issues A similar (or identical?) fix has already landed in OpenZFS. -fno-common will become the default in GCC10/LLVM11. r359398: sh: remove duplicate el definition el is declared extern in myhistedit.h and defined in histedit.c. Remove the duplicate definition in input.c to appease the -fno-common build. -fno-common will become the default in GCC10/LLVM11. r359399: telnet: remove some duplicate definitions, mark terminaltype extern Most of these were already properly declared and defined elsewhere, this is effectively just a minor cleanup that fixes the -fno-common build. -fno-common will become the default in GCC10/LLVM11. r359403: Revert 359399: telnet -fno-common bits There was a large misfire from my local diff that I need to investigate, and this version committed did not build. r359404: Re-apply r359399: telnet -fno-common fix line and auth_level's redefinitions are just extraneous telnetd will #define extern and then include ext.h to allocate storage for all of these extern'd vars; however, two of them are actually defined in libtelnet instead. Instead of doing an #ifdef extern dance around those function pointers, just add an EXTERN macro to make it easier to differentiate by sight which ones will get allocated in globals.c and which ones are defined elsewhere. r359406: telnet: kill off remaining duplicate definition r359413: ipfilter: remove duplicate definition of 'thishost' thishost is already defined in lib/initparse.c; no need for this one. This fixes the ipfilter build with -fno-common. -fno-common will become the default in GCC10/LLVM11. r359414: iscontrol: move definition of vflag/iscsidev to iscontrol.c Mark the declaration extern as these are used elsewhere; this fixes the build with -fno-common. r359415: userboot: mark host_fsops as extern This is already defined elsewhere; mark this declaration extern to the fix the -fno-common build. r359416: systat: remove redundant definition of kd kd is already properly declared in extern.h and defined in main.c, rendering this definition useless. This fixes the -fno-common build. r359424: openssh: -fno-common fix from upstream f47d72ddad This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. r359425: locate: fix -fno-common build Just a single variable declaration to extern and define elsewhere here, myctype. -fno-common will become a default in GCC10/LLVM11. r359427: fsck_ffs/fsdb: fix -fno-common build This one is also a small list: - 3x duplicate definition (ufs2_zino, returntosingle, nflag) - 5x 'needs extern', 3/5 of which are referenced in fsdb -fno-common will become the default in GCC10/LLVM11. r359432: gdb: compile with -fcommon explicitly As described in the comment, gdb relies on some of the linker magic that happens with -fcommon. I suspect the life expectancy of gdb-in-base is low enough that this isn't worth spending much time addressing, especially given the vintage. Hit it with the -fcommon hammer so that it continues to just work. r359433: bmake: fix -fno-common build debug was declared extern, but debug_file was not; correct this and define debug_file in main.c (as debug is) to fix the -fno-common build. -fno-common will become the default with GCC10/LLVM11. r359443: MFV r359442: bmake: import -fno-common fix build back from upstream sjg@ committed the local patch previously committed upstream; pull it in to vendor/ to ease any potential stress of future imports. r359675: kqueue tests: fix -fno-common build vnode_fd and kqfd are both shared among multiple CU; define them exactly once. In the case of vnode_fd, it was simply the declaration that needed correction. -fno-common will become the default in GCC10/LLVM11. r359676: ntpd: fix build with -fno-common Only a small nit here: psl should be declared extern and defined exactly once. -fno-common will become the default in GCC10/LLVM11. r359677: yp*: fix -fno-common build This is mostly two problems spread out far and wide: - ypldap_process should be declared properly - debug is defined differently in many programs For the latter, just extern it and define it everywhere that actually needs it. This mostly works out nicely for ^/libexec/ypxfr, which can remove the assignment at the beginning of main in favor of defining it properly. -fno-common will become the default in GCC10/LLVM11. r359678: indent: fix the -fno-common build Spread the globals far and wide, hopefully to the files that make the most sense. -fno-common will become the default in GCC10/LLVM11. Notes: svn path=/stable/12/; revision=359753
* MFC: r359486Jung-uk Kim2020-04-0326-242/+267
| | | | | | | | | Merge OpenSSL 1.1.1f. PR: 245073 Notes: svn path=/stable/12/; revision=359607
* MFC: r359060, r359061, r359066Jung-uk Kim2020-03-20901-2971/+6878
| | | | | | | Merge OpenSSL 1.1.1e. Notes: svn path=/stable/12/; revision=359186
* MFC r345579 by des: Add workaround for a QoS-related bug in VMWare WorkstationEd Maste2020-03-081-0/+22
| | | | | | | Submitted by: yuripv Notes: svn path=/stable/12/; revision=358773
* MFC r354897: sshd: make getpwclass wrapper MON_ISAUTH not MON_AUTHEd Maste2019-11-281-1/+1
| | | | | | | | | | | | | | | | In r339216 a privsep wrapper was added for login_getpwclass to address PR 231172. Unfortunately the change used the MON_AUTH flag in the wrapper, and MON_AUTH includes MON_AUTHDECIDE which triggers an auth_log() on each invocation. getpwclass() does not participate in the authentication decision, so should be MON_ISAUTH instead. PR: 234793 Submitted by: Henry Hu Reviewed by: Yuichiro NAITO MFC after: 1 week Notes: svn path=/stable/12/; revision=355160
* MFC: r352191Jung-uk Kim2019-09-10269-10545/+2999
| | | | | | | Merge OpenSSL 1.1.1d. Notes: svn path=/stable/12/; revision=352192
* MFC: r348340Jung-uk Kim2019-05-28168-2108/+3528
| | | | | | | Merge OpenSSL 1.1.1c. Notes: svn path=/stable/12/; revision=348341
* MFC r345576: Merge r345574 from vendor-crypto:Ed Maste2019-05-071-12/+270
| | | | | | | | | | | | | | | | | | | upstream: when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}". "looks good to me" millert@ + in snaps for the last week courtesy deraadt@ OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e PR: 234965 Discussed with: des Obtained from: OpenSSH-portable 3d896c157c722bc47adca51a58dca859225b5874 Notes: svn path=/stable/12/; revision=347232
* MFC r344449: scp: validate filenames provided by server against wildcardEd Maste2019-03-072-11/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... in client OpenSSH-portable commits: check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user. This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules. For this reason, this also adds a new -T flag to disable the check. reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@ OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda Minor patch conflict (getopt) resolved. Obtained from: OpenSSH-portable 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc scp: add -T to usage(); OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899 Obtained from: OpenSSH-portable 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8 PR: 234965 Sponsored by: The FreeBSD Foundation Notes: svn path=/stable/12/; revision=344897
* MFC: r344602Jung-uk Kim2019-02-26301-3540/+5472
| | | | | | | Merge OpenSSL 1.1.1b. Notes: svn path=/stable/12/; revision=344603
* MFC r343043: scp: disallow empty or current directoryEd Maste2019-01-161-1/+2
| | | | | | | | | Obtained from: OpenBSD scp.c 1.198 Security: CVE-2018-20685 Sponsored by: The FreeBSD Foundation Notes: svn path=/stable/12/; revision=343096
* MFC: r340703Jung-uk Kim2018-11-20145-1026/+2062
| | | | | | | Merge OpenSSL 1.1.1a. Notes: svn path=/stable/12/; revision=340705
* MFC r339741:Glen Barber2018-10-251-1/+1
| | | | | | | | | | | Update SHLIB_VERSION_NUMBER following the OpenSSL shared library number bump. Approved by: re (bdrewery) Sponsored by: The FreeBSD Foundation Notes: svn path=/stable/12/; revision=339742
* Try harder to sanitize the environment before running configure.Dag-Erling Smørgrav2018-10-101-12/+11
| | | | | | | | | Remove a workaround for older Unbound versions that used sbrk. Approved by: re (gjb) Notes: svn path=/head/; revision=339294
* Merge the remainder of the projects/openssl111 branch to head.Glen Barber2018-10-092809-356114/+356456
|\ | | | | | | | | | | | | | | | | | | | | | | - Update OpenSSL to version 1.1.1. - Update Kerberos/Heimdal API for OpenSSL 1.1.1 compatibility. - Bump __FreeBSD_version. Approved by: re (kib) Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339270
| * Regenerate ssh_namespace.h for OpenSSL 1.1.1 updateEd Maste2018-10-091-29/+0
| | | | | | | | Notes: svn path=/projects/openssl111/; revision=339259
| * MFH r338661 through r339253.Glen Barber2018-10-091-5/+35
| |\ | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/openssl111/; revision=339255
| * | MFH r339206-r339212, r339215-r339239Glen Barber2018-10-089-34/+222
| |\| | | | | | | | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/openssl111/; revision=339240
| * | Update the existing heimdal implementation for OpenSSL 1.1.John Baldwin2018-10-0524-258/+557
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Existing work is underway to import a newer version of heimdal, but this patchset gets us to a fully working tree to enable more wide spread testing of OpenSSL 1.1 for now. I've also enabled WARNS=1 for kerberos (which is the reason for the change in libroken). Having -Werror enabled was useful during the 1.1 updates and we probably should have warnings enabled by default for kerberos anyway. This passes make tinderbox, and I have also done some very light runtime testing on amd64. Reviewed by: bjk, jkim, emaste Differential Revision: https://reviews.freebsd.org/D17276 Notes: svn path=/projects/openssl111/; revision=339198
| * | openssh: connect libressl-api-compat.c and regen config.hEd Maste2018-10-031-3/+99
| | | | | | | | | | | | | | | | | | | | | Differential Revision: https://reviews.freebsd.org/D17390 Notes: svn path=/projects/openssl111/; revision=339157
| * | openssh: add openbsd-compat/libressl-api-compat.cEd Maste2018-10-031-0/+636
| | | | | | | | | | | | | | | | | | | | | | | | | | | Missed in migrating changeset from git to svn for r338811 Reported by: jhb Notes: svn path=/projects/openssl111/; revision=339154
| * | Add a hack to build on ARMv4 and ARMv5.Jung-uk Kim2018-09-231-1/+2
| | | | | | | | | | | | Notes: svn path=/projects/openssl111/; revision=338896
| * | openssh: cherry-pick OpenSSL 1.1.1 compatibilityEd Maste2018-09-1930-526/+1010
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upstream commits: 482d23bcac upstream: hold our collective noses and use the openssl-1.1.x 48f54b9d12 adapt -portable to OpenSSL 1.1x API 86e0a9f3d2 upstream: use only openssl-1.1.x API here too a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl. Trivial conflicts in sshkey.c and test_sshkey.c were resolved. Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/openssl111/; revision=338811
| * | openssh: rename local macro to avoid OpenSSL 1.1.1 conflictEd Maste2018-09-193-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | Local changes introduced an OPENSSH_VERSION macro, but this conflicts with a macro of the same name introduced with OpenSSL 1.1.1. Notes: svn path=/projects/openssl111/; revision=338805
| * | Add generated header file for openssl(1).Jung-uk Kim2018-09-191-0/+508
| | | | | | | | | | | | Notes: svn path=/projects/openssl111/; revision=338767
| * | Add generated header files for FreeBSD.Jung-uk Kim2018-09-192-0/+55
| | | | | | | | | | | | Notes: svn path=/projects/openssl111/; revision=338765
| * | Update SHLIB_VERSION_NUMBER to 9.Jung-uk Kim2018-09-141-1/+1
| | | | | | | | | | | | | | | | | | | | | Prodded by: avg Notes: svn path=/projects/openssl111/; revision=338681
| * | Update OpenSSL to 1.1.1.Jung-uk Kim2018-09-132781-355967/+355475
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | Note it does not update build infrastructure. Notes: svn path=/projects/openssl111/; revision=338663
| | * | Import OpenSSL 1.1.1.vendor/openssl/1.1.1Jung-uk Kim2018-09-131373-174586/+165215
| | | | | | | | | | | | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist/; revision=338658 svn path=/vendor-crypto/openssl/1.1.1/; revision=338659; tag=vendor/openssl/1.1.1
* | | | Fix portability issues with the Capsicum patch committed in r339216:Dag-Erling Smørgrav2018-10-095-10/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Wrap access to pw_change and pw_expire in the appropriate #ifdefs. - Wrap calls to login_cap(3) API in appropriate #ifdefs. - Add wrapper for transferring time_t, which is still only 32 bits wide on FreeBSD i386. - Use a temporary variable to deserialize size_t. Approved by: re (gjb) Notes: svn path=/head/; revision=339263
* | | | openssh: regenerate ssh-namespace.h after r339213 and r339216Ed Maste2018-10-091-5/+35
| |_|/ |/| | | | | | | | | | | | | | | | | | | | Reported by: des Approved by: re (rgrimes) Notes: svn path=/head/; revision=339248
* | | sshd: address capsicum issuesEd Maste2018-10-069-34/+222
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in capability mode. * Cache timezone data via caph_cache_tzdata() as we cannot access the timezone file. * Reverse resolve hostname before entering capability mode. PR: 231172 Submitted by: naito.yuichiro@gmail.com Reviewed by: cem, des Approved by: re (rgrimes) MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D17128 Notes: svn path=/head/; revision=339216
* | | openssh: cherry-pick OpenSSL 1.1.1 compatibilityEd Maste2018-10-0632-526/+1742
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compatibility with existing OpenSSL versions is maintained. Upstream commits: 482d23bcac upstream: hold our collective noses and use the openssl-1.1.x 48f54b9d12 adapt -portable to OpenSSL 1.1x API 86e0a9f3d2 upstream: use only openssl-1.1.x API here too a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl. Trivial conflicts in sshkey.c and test_sshkey.c were resolved. Connect libressl-api-compat.c to the build, and regenerate config.h Reviewed by: des Approved by: re (rgrimes) MFC after: 2 seeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17444 Notes: svn path=/head/; revision=339213
* | | | openssh: rename local macro to avoid OpenSSL 1.1.1 conflictEd Maste2018-09-193-7/+7
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Local changes introduced an OPENSSH_VERSION macro, but this conflicts with a macro of the same name introduced with OepnsSL 1.1.1 Reviewed by: des Approved by: re (gjb) MFC after: 1 week Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=338810
* | | Upgrade to OpenSSH 7.8p1.Dag-Erling Smørgrav2018-09-10189-7129/+8030
|\| | | | | | | | | | | | | | | | | | | | Approved by: re (kib@) Notes: svn path=/head/; revision=338561
* | | Avoid printing extraneous function names when searching man pageCy Schubert2018-08-291-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | database (apropos, man -k). This commit Replaces .SS with .SH, similar to the man page provided by original heimdal (as in port). PR: 230573 Submitted by: yuripv@yuripv.net Approved by: re (rgrimes@) MFC after: 3 days Notes: svn path=/head/; revision=338367
* | | Update userland arc4random() with OpenBSD's Chacha20 based arc4random().Xin LI2018-08-192-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ObsoleteFiles.inc: Remove manual pages for arc4random_addrandom(3) and arc4random_stir(3). contrib/ntp/lib/isc/random.c: contrib/ntp/sntp/libevent/evutil_rand.c: Eliminate in-tree usage of arc4random_addrandom(). crypto/heimdal/lib/roken/rand.c: crypto/openssh/config.h: Eliminate in-tree usage of arc4random_stir(). include/stdlib.h: Remove arc4random_stir() and arc4random_addrandom() prototypes, provide temporary shims for transistion period. lib/libc/gen/Makefile.inc: Hook arc4random-compat.c to build, add hint for Chacha20 source for kernel, and remove arc4random_addrandom(3) and arc4random_stir(3) links. lib/libc/gen/arc4random.c: Adopt OpenBSD arc4random.c,v 1.54 with bare minimum changes, use the sys/crypto/chacha20 implementation of keystream. lib/libc/gen/Symbol.map: Remove arc4random_stir and arc4random_addrandom interfaces. lib/libc/gen/arc4random.h: Adopt OpenBSD arc4random.h,v 1.4 but provide _ARC4_LOCK of our own. lib/libc/gen/arc4random.3: Adopt OpenBSD arc4random.3,v 1.35 but keep FreeBSD r114444 and r118247. lib/libc/gen/arc4random-compat.c: Compatibility shims for arc4random_stir and arc4random_addrandom functions to preserve ABI. Log once when called but do nothing otherwise. lib/libc/gen/getentropy.c: lib/libc/include/libc_private.h: Fold __arc4_sysctl into getentropy.c (renamed to arnd_sysctl). Remove from libc_private.h as a result. sys/crypto/chacha20/chacha.c: sys/crypto/chacha20/chacha.h: Make it possible to use the kernel implementation in libc. PR: 182610 Reviewed by: cem, markm Obtained from: OpenBSD Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16760 Notes: svn path=/head/; revision=338059
* | | Merge OpenSSL 1.0.2p.Jung-uk Kim2018-08-14123-946/+1519
|\ \ \ | | | | | | | | | | | | Notes: svn path=/head/; revision=337791
| * | | Import OpenSSL 1.0.2p.vendor/openssl/1.0.2pJung-uk Kim2018-08-1474-620/+996
| | |/ | |/| | | | | | | | | | Notes: svn path=/vendor-crypto/openssl/dist-1.0.2/; revision=337764 svn path=/vendor-crypto/openssl/1.0.2p/; revision=337765; tag=vendor/openssl/1.0.2p
* | | Merge upstream patch to unbreak tunnel forwarding.Dag-Erling Smørgrav2018-05-161-2/+2
|\ \ \ | | |/ | |/| | | | | | | | | | | | | Reported by: cy@ Notes: svn path=/head/; revision=333677
* | | Upgrade to OpenSSH 7.7p1.Dag-Erling Smørgrav2018-05-11226-7611/+14138
|\| | | | | | | | | | | Notes: svn path=/head/; revision=333490
* | | Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.Dag-Erling Smørgrav2018-05-08226-14330/+10110
|\| | | | | | | | | | | | | | | | | | | | | | | | | | This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11. Notes: svn path=/head/; revision=333389