summaryrefslogtreecommitdiffstats
path: root/crypto/openssh
Commit message (Collapse)AuthorAgeFilesLines
* MFC r280999:bdrewery2015-04-231-1/+1
| | | | Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.
* MFC r280360:bdrewery2015-04-072-2/+8
| | | | Document "none" for VersionAddendum.
* Merge an applicable subset of r263234 from HEAD to stable/10:rwatson2015-03-191-1/+1
| | | | | | | | | | | | | Update most userspace consumers of capability.h to use capsicum.h instead. auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two. Note that a significant fraction does not apply, as FreeBSD 10 doesn't contain a Capsicumised ping, casperd, libcasper, etc. When these features are merged, the capsicum.h change will need to be merged with them. Sponsored by: Google, Inc.
* MFH (r264691): merge upstream patch for EC calculation bugdes2014-04-2010-9/+35
|
* MFH (r263712): upgrade openssh to 6.6p1des2014-04-12123-2462/+1522
| | | | MFH (r264308): restore p level in debugging output
* MFC r261499 (pjd):delphij2014-03-031-2/+4
| | | | Fix installations that use kernels without CAPABILITIES support.
* MFH (r261320): upgrade openssh to 6.5p1des2014-02-27204-4435/+13545
| | | | MFH (r261340): enable sandboxing by default
* MFH (r257954): upgrade to OpenSSH 6.4p1des2013-11-1926-53/+69
| | | | Approved by: re (kib)
* Pre-zero the MAC context.des2013-11-191-1/+1
| | | | | | Security: CVE-2013-4548 Security: FreeBSD-SA-13:14.openssh Approved by: re (implicit)
* Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of ades2013-09-236-17/+64
| | | | | | | | | repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius)
* Pull in all the OpenSSH bits that we'd previously left out because wedes2013-09-21146-0/+43001
|\ | | | | | | | | | | | | didn't use them. This will make future merges from the vendor tree much easier. Approved by: re (gjb)
* \ Upgrade to 6.3p1.des2013-09-21154-2393/+4264
|\ \ | |/ | | | | Approved by: re (gjb)
* | Change the default value of VerifyHostKeyDNS to "yes" if compiled withdes2013-09-103-1/+11
| | | | | | | | | | | | | | | | LDNS. With that setting, OpenSSH will silently accept host keys that match verified SSHFP records. If an SSHFP record exists but could not be verified, OpenSSH will print a message and prompt the user as usual. Approved by: re (blanket)
* | These three files appeared in 6.0p1, which was imported into the vendordes2013-09-093-0/+558
|\ \ | |/ | | | | | | | | | | | | | | branch but never merged to head. They were inadvertantly left out when 6.1p1 was merged to head. It didn't make any difference at the time, because they were unused, but one of them is required for DNS-based host key verification. Approved by: re (blanket)
* | Apply upstream revision 1.151 (fix relative symlinks)des2013-08-131-1/+2
| | | | | | | | MFC after: 3 days
* | r251088 reverted the default value for UsePrivilegeSeparation fromdes2013-06-282-2/+2
| | | | | | | | "sandbox" to "yes", but did not update the documentation to match.
* | Revert a local change that sets the default for UsePrivilegeSeparation todes2013-05-291-1/+1
| | | | | | | | | | | | "sandbox" instead of "yes". In sandbox mode, the privsep child is unable to load additional libraries and will therefore crash when trying to take advantage of crypto offloading on CPUs that support it.
* | Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patcheddes2013-05-1712-30/+65
| | | | | | | | the issues that affected us.
* | The HPN patch added a new BUG bit for SSH_BUG_LARGEWINDOWbdrewery2013-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | and the update to 6.1 added SSH_BUG_DYNAMIC_RPORT with the same value. Fix the HPN SSH_BUG_LARGEWINDOW bit so it is unique. Approved by: des MFC after: 2 weeks
* | Merge updated "no such identity file" patch.des2013-04-243-34/+29
| | | | | | | | PR: bin/178060
* | Silence "received disconnect" in the common case.des2013-04-141-2/+6
| |
* | Merge upstream patch to silence spurious "no such identity file" warnings.des2013-04-024-14/+29
| |
* | Silence printf format warnings.des2013-04-021-5/+10
| |
* | Silence warnings about redefined macros.des2013-04-011-0/+4
| |
* | Revert r247892 now that this has been fixed upstream.des2013-03-231-1/+0
| |
* | Upgrade to OpenSSH 6.2p1. The most important new features are supportdes2013-03-2294-1239/+4986
|\ \ | |/ | | | | for a key revocation list and more fine-grained authentication control.
* | Keep the default AuthorizedKeysFile setting. Although authorized_keys2des2013-03-181-2/+1
| | | | | | | | | | | | | | | | | | | | | | has been deprecated for a while, some people still use it and were unpleasantly surprised by this change. I may revert this commit at a later date if I can come up with a way to give users who still have authorized_keys2 files sufficient advance warning. MFC after: ASAP
* | Unlike OpenBSD's, our setusercontext() will intentionally ignore the user'sdes2013-03-131-0/+6
| | | | | | | | | | | | | | | | | | own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week
* | Partially revert r247892 and r247904 since our strnvis() does notdes2013-03-072-2/+5
| | | | | | | | behave the way OpenSSH expects.
* | Remove strnvis(), strvis(), strvisx().des2013-03-061-3/+0
| |
* | Explicitly disable lastlog, utmp and wtmp.des2013-03-062-8/+44
| |
* | Upgrade OpenSSH to 6.1p1.des2012-09-0395-1090/+2649
| |
* | MFV (r237567):delphij2012-06-252-6/+9
| | | | | | | | | | | | | | | | Fetch both ECDSA and RSA keys by default in ssh-keyscan(1). Approved by: des Obtained from: OpenSSH portable MFC after: 1 week
* | OpenSSH: allow VersionAddendum to be used againrea2012-05-275-28/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this, setting VersionAddendum will be a no-op: one will always have BASE_VERSION + " " + VERSION_HPN for VersionAddendum set in the config and a bare BASE_VERSION + VERSION_HPN when there is no VersionAddendum is set. HPN patch requires both parties to have the "hpn" inside their advertized versions, so we add VERSION_HPN to the VERSION_BASE if HPN is enabled and omitting it if HPN is disabled. VersionAddendum now uses the following logics: * unset (default value): append " " and VERSION_ADDENDUM; * VersionAddendum is set and isn't empty: append " " and VersionAddendum; * VersionAddendum is set and empty: don't append anything. Approved by: des Reviewed by: bz MFC after: 3 days
* | Polish diff against upstream.ed2012-02-1313-54/+50
| | | | | | | | | | | | | | | | | | | | - Revert unneeded whitespace changes. - Revert modifications to loginrec.c, as the upstream version already does the right thing. - Fix indentation and whitespace of local changes. Approved by: des MFC after: 1 month
* | Add a -x option that causes ssh-agent(1) to exit when all clients havedes2011-10-072-4/+32
| | | | | | | | | | | | disconnected. MFC after: 1 week
* | Upgrade to OpenSSH 5.9p1.des2011-10-0586-1997/+2772
|\ \ | |/ | | | | MFC after: 3 months
* | Belatedly regenerate after application of the HPN patch.des2011-09-281-1/+4
| |
* | Remove the svn:keywords property and restore the historical $FreeBSD$ tag.des2011-09-161-1/+1
| | | | | | | | | | Approved by: re (kib) MFC after: 3 weeks
* | Fix two more $FreeBSD$ keywords.brooks2011-08-032-2/+2
| | | | | | | | | | Reported by: pluknet Approved by: re (implicit)
* | Add support for dynamically adjusted buffers to allow the full use ofbrooks2011-08-0331-43/+747
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer)
* | Merge two upstream patches from vendor branch. No functional changes.des2011-05-052-2/+3
| |
* | Upgrade to OpenSSH 5.8p2.des2011-05-04126-4246/+5749
|\ \ | |/
* | Upgrade to OpenSSH 5.6p1.des2010-11-1168-979/+3236
|\ \ | |/
* | Forgot to svn rm this when I imported 5.4p1.des2010-11-101-25/+0
| |
* | Remove copyright strings printed at login time via login(1) or sshd(8).emaste2010-09-281-18/+0
| | | | | | | | | | | | | | | | | | | | It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh)
* | More commasdes2010-06-012-2/+2
| |
* | Missing commasdes2010-06-0111-11/+11
| |
* | Fix .Dd line: FreeBSD's mdoc code doesn't understand OpenBSD's $Mdocdate$.cperciva2010-05-281-1/+1
| | | | | | | | MFC after: 3 days
* | Upgrade to OpenSSH 5.5p1.des2010-04-2825-88/+254
| |
OpenPOWER on IntegriCloud