summaryrefslogtreecommitdiffstats
path: root/crypto/openssh
Commit message (Collapse)AuthorAgeFilesLines
* As previously threatened, remove the HPN patch from OpenSSH.des2016-01-1928-534/+154
|
* Use 'svn list -R' instead of find, and recognize comments in shell scriptsdes2016-01-191-2/+2
| | | | and {ssh,sshd}_config.
* Recognize *roff comments.des2016-01-191-1/+1
|
* Update the pre- and post-merge scripts to work correctly after the recentdes2016-01-192-15/+13
| | | | | cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh) now results in an unchanged working copy.
* Fix OpenSSH client information leak.glebius2016-01-141-3/+2
| | | | | Security: SA-16:07.openssh Security: CVE-2016-0777
* Incorrect length in calloc() call, already fixed upstream.des2015-12-171-1/+1
| | | | | | PR: 204769 Submitted by: David Binderman <dcb314@hotmail.com> MFC after: 1 week
* r291198 inadvertantly reverted a local patch for the default locationdes2015-11-261-2/+3
| | | | of ssh-askpass and xauth, breaking X11 forwarding.
* Revert inadvertent commit of an incorrect patchdes2015-11-241-2/+1
|
* Remove description of the now-defunct NoneEnabled option.des2015-11-242-4/+2
|
* Retire the NONE cipher option.des2015-11-2316-225/+4
|
* Remove dead code.des2015-11-111-672/+0
|
* One more $Mdocdate$des2015-11-111-1/+1
|
* Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").des2015-11-1125-25/+0
|
* Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,des2015-11-1113-22/+13
| | | | | there is (currently) no way to make Subversion generate correct $Mdocdate$ tags, but perhas we can teach mandoc to read Subversion's %d format.
* Fix OpenSSH multiple vulnerabilities by backporting three changesdelphij2015-08-253-6/+7
| | | | | | | | | | from OpenSSH-portable master. Git revisions: 45b0eb752c94954a6de046bfaaf129e518ad4b5b 5e75f5198769056089fb06c4d738ab0e5abc66f7 d4697fe9a28dab7255c60433e4dd23cf7fce8a8b Reviewed by: des Security: FreeBSD-SA-15:22.openssh
* Fix multiple OpenSSH vulnerabilities.delphij2015-07-282-18/+33
| | | | | | Security: CVE-2014-2653 Security: CVE-2015-5600 Security: FreeBSD-SA-15:16.openssh
* ssh: canonicize the host name before looking it up in the host filevangyzen2015-07-161-0/+17
| | | | | | | | | | | | | | | | Re-apply r99054 by des in 2002. This was accidentally dropped by the update to OpenSSH 6.5p1 (r261320). This change is actually taken from r387082 of ports/security/openssh-portable/files/patch-ssh.c PR: 198043 Differential Revision: https://reviews.freebsd.org/D3103 Reviewed by: des Approved by: kib (mentor) MFC after: 3 days Relnotes: yes Sponsored by: Dell Inc.
* Import new moduli from OpenBSD. Although there is no reason to distrustdes2015-05-261-261/+275
| | | | | | the current set, it is good hygiene to change them once in a while. MFC after: 1 week
* Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.bdrewery2015-04-021-1/+1
| | | | | | | | | | | | | | | | | The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e: - dtucker@cvs.openbsd.org 2007/12/28 22:34:47 [clientloop.c] Use the correct packet maximum sizes for remote port and agent forwarding. Prevents the server from killing the connection if too much data is queued and an excessively large packet gets sent. bz #1360, ok djm@. The change was lost due to the the way the original upstream HPN patch modified this code. It was re-adding the original OpenSSH code and never was properly fixed to use the new value. MFC after: 2 weeks
* Document "none" for VersionAddendum.bdrewery2015-03-232-2/+8
| | | | | PR: 193127 MFC after: 2 weeks
* Change comment about HPNDisabled to match the style of other options tosmh2014-05-201-1/+1
| | | | | | avoid confusion. Sponsored by: Multiplay
* Apply upstream patch for EC calculation bug and bump version addendum.des2014-04-2010-9/+35
|
* Restore the pX part to the version number printed in debugging mode.des2014-04-091-1/+1
|
* Upgrade to OpenSSH 6.6p1.des2014-03-25123-2462/+1520
|\
* | Add a pre-merge script which reverts mechanical changes such as addeddes2014-03-2433-63/+132
| | | | | | | | | | | | | | | | | | | | | | | | $FreeBSD$ tags and man page dates. Add a post-merge script which reapplies these changes. Run both scripts to normalize the existing code base. As a result, many files which should have had $FreeBSD$ tags but didn't now have them. Partly rewrite the upgrade instructions and remove the now outdated list of tricks.
* | Update most userspace consumers of capability.h to use capsicum.h instead.rwatson2014-03-161-1/+1
| | | | | | | | | | | | | | auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two. MFC after: 3 weeks
* | Fix installations that use kernels without CAPABILITIES support.pjd2014-02-041-2/+4
| | | | | | | | Approved by: des
* | Turn sandboxing on by default.des2014-02-013-3/+3
| |
* | Upgrade to OpenSSH 6.5p1.des2014-01-31204-4432/+13542
|\ \ | |/
* | MFV r257952:delphij2013-11-1126-54/+70
| | | | | | | | | | | | | | | | Upgrade to OpenSSH 6.4p1. Bump VersionAddendum. Approved by: des
* | Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of ades2013-09-236-17/+64
| | | | | | | | | | | | | | | | | | repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius)
* | Pull in all the OpenSSH bits that we'd previously left out because wedes2013-09-21146-0/+43001
|\ \ | |/ | | | | | | | | | | didn't use them. This will make future merges from the vendor tree much easier. Approved by: re (gjb)
* | Upgrade to 6.3p1.des2013-09-21154-2393/+4264
|\ \ | |/ | | | | Approved by: re (gjb)
* | Change the default value of VerifyHostKeyDNS to "yes" if compiled withdes2013-09-103-1/+11
| | | | | | | | | | | | | | | | LDNS. With that setting, OpenSSH will silently accept host keys that match verified SSHFP records. If an SSHFP record exists but could not be verified, OpenSSH will print a message and prompt the user as usual. Approved by: re (blanket)
* | These three files appeared in 6.0p1, which was imported into the vendordes2013-09-093-0/+558
|\ \ | |/ | | | | | | | | | | | | | | branch but never merged to head. They were inadvertantly left out when 6.1p1 was merged to head. It didn't make any difference at the time, because they were unused, but one of them is required for DNS-based host key verification. Approved by: re (blanket)
* | Apply upstream revision 1.151 (fix relative symlinks)des2013-08-131-1/+2
| | | | | | | | MFC after: 3 days
* | r251088 reverted the default value for UsePrivilegeSeparation fromdes2013-06-282-2/+2
| | | | | | | | "sandbox" to "yes", but did not update the documentation to match.
* | Revert a local change that sets the default for UsePrivilegeSeparation todes2013-05-291-1/+1
| | | | | | | | | | | | "sandbox" instead of "yes". In sandbox mode, the privsep child is unable to load additional libraries and will therefore crash when trying to take advantage of crypto offloading on CPUs that support it.
* | Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patcheddes2013-05-1712-30/+65
| | | | | | | | the issues that affected us.
* | The HPN patch added a new BUG bit for SSH_BUG_LARGEWINDOWbdrewery2013-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | and the update to 6.1 added SSH_BUG_DYNAMIC_RPORT with the same value. Fix the HPN SSH_BUG_LARGEWINDOW bit so it is unique. Approved by: des MFC after: 2 weeks
* | Merge updated "no such identity file" patch.des2013-04-243-34/+29
| | | | | | | | PR: bin/178060
* | Silence "received disconnect" in the common case.des2013-04-141-2/+6
| |
* | Merge upstream patch to silence spurious "no such identity file" warnings.des2013-04-024-14/+29
| |
* | Silence printf format warnings.des2013-04-021-5/+10
| |
* | Silence warnings about redefined macros.des2013-04-011-0/+4
| |
* | Revert r247892 now that this has been fixed upstream.des2013-03-231-1/+0
| |
* | Upgrade to OpenSSH 6.2p1. The most important new features are supportdes2013-03-2294-1239/+4986
|\ \ | |/ | | | | for a key revocation list and more fine-grained authentication control.
* | Keep the default AuthorizedKeysFile setting. Although authorized_keys2des2013-03-181-2/+1
| | | | | | | | | | | | | | | | | | | | | | has been deprecated for a while, some people still use it and were unpleasantly surprised by this change. I may revert this commit at a later date if I can come up with a way to give users who still have authorized_keys2 files sufficient advance warning. MFC after: ASAP
* | Unlike OpenBSD's, our setusercontext() will intentionally ignore the user'sdes2013-03-131-0/+6
| | | | | | | | | | | | | | | | | | own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week
* | Partially revert r247892 and r247904 since our strnvis() does notdes2013-03-072-2/+5
| | | | | | | | behave the way OpenSSH expects.
OpenPOWER on IntegriCloud