summaryrefslogtreecommitdiffstats
path: root/crypto/openssh
Commit message (Collapse)AuthorAgeFilesLines
* Fix OpenSSH Denial of Service vulnerability. [SA-17:06]releng/11.0delphij2017-08-101-0/+5
| | | | | | Fix VNET kernel panic with asynchronous I/O. [EN-17:07] Approved by: so
* Fix multiple vulnerabilities of OpenSSH.delphij2017-01-113-9/+49
| | | | | | | Security: FreeBSD-SA-17:01.openssh Security: CVE-2016-10009 Security: CVE-2016-10010 Approved by: so
* Fix Fix OpenSSH remote Denial of Service vulnerability.delphij2016-11-021-0/+1
| | | | | Security: FreeBSD-SA-16:33.openssh Approved by: so
* MFH (r303832): check whether each key file exists before adding itdes2016-08-111-10/+15
| | | | | PR: 208254 Approved by: re (kib)
* MFH (r303716, r303719): drop SSH1 support, disable DSA by defaultdes2016-08-057-40/+19
| | | | | | PR: 208254 Approved by: re (gjb) Relnotes: yes
* Revert r301551, which added blacklistd(8) to sshd(8).gjb2016-06-248-145/+0
| | | | | | | | | | This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation
* Add blacklist support to sshdlidl2016-06-078-0/+145
| | | | | | | | Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915
* Re-add AES-CBC ciphers to the default cipher list on the server.des2016-03-113-4/+12
| | | | PR: 207679
* Upgrade to OpenSSH 7.2p2.des2016-03-11140-3291/+5765
|\
* | Document our modified default value for PermitRootLogin.des2016-02-022-2/+2
| |
* | Switch UseDNS back ondes2016-01-274-4/+7
| |
* | r294563 was incomplete; re-add the client-side options as well.des2016-01-221-0/+2
| |
* | Instead of removing the NoneEnabled option, mark it as unsupported.des2016-01-221-0/+1
| | | | | | | | (should have done this in r291198, but didn't think of it until now)
* | Update the instructions and the list of major local modifications.des2016-01-211-17/+47
| |
* | Explain why we don't include VersionAddendum in the debug mode banner.des2016-01-211-0/+1
| |
* | Upgrade to OpenSSH 7.1p2.des2016-01-2128-1806/+301
| |
* | Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.des2016-01-213-13/+28
| | | | | | | | Noticed by: glebius
* | Take care not to pick up the wrong version of OpenSSL when running in andes2016-01-211-0/+6
| | | | | | | | environment that has OpenSSL from ports in addition to the base version.
* | Remove RCS tags from files in which we no longer have any localdes2016-01-2014-12/+2
| | | | | | | | modifications, and add them to two files in which we do.
* | Remove a number of generated files which are either out-of-date (becausedes2016-01-2016-27242/+0
| | | | | | | | | | they are never regenerated to reflect our changes) or in the way of freebsd-configure.sh.
* | Upgrade to OpenSSH 7.0p1.des2016-01-20158-1655/+2319
| |
* | Upgrade to OpenSSH 6.9p1.des2016-01-19115-2304/+3871
|\ \ | |/
* | Re-add HPN configuration options as deprecated options to avoid breakingdes2016-01-192-0/+7
| | | | | | | | | | existing configurations that use them. Note that there is no functional difference between OpenSSH with HPN and OpenSSH without HPN.
* | Upgrade to OpenSSH 6.8p1.des2016-01-19330-14249/+30265
|\ \ | |/
* | Now that we have local modifications in configure.ac and configure, rundes2016-01-194-129/+155
| | | | | | | | autoheader and autoconf to avoid having to patch configure manually.
* | Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removeddes2016-01-19286-6983/+17450
|\ \ | |/ | | | | | | | | upstream) and a number of security fixes which we had already backported. MFC after: 1 week
* | As previously threatened, remove the HPN patch from OpenSSH.des2016-01-1928-534/+154
| |
* | Use 'svn list -R' instead of find, and recognize comments in shell scriptsdes2016-01-191-2/+2
| | | | | | | | and {ssh,sshd}_config.
* | Recognize *roff comments.des2016-01-191-1/+1
| |
* | Update the pre- and post-merge scripts to work correctly after the recentdes2016-01-192-15/+13
| | | | | | | | | | cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh) now results in an unchanged working copy.
* | Fix OpenSSH client information leak.glebius2016-01-141-3/+2
| | | | | | | | | | Security: SA-16:07.openssh Security: CVE-2016-0777
* | Incorrect length in calloc() call, already fixed upstream.des2015-12-171-1/+1
| | | | | | | | | | | | PR: 204769 Submitted by: David Binderman <dcb314@hotmail.com> MFC after: 1 week
* | r291198 inadvertantly reverted a local patch for the default locationdes2015-11-261-2/+3
| | | | | | | | of ssh-askpass and xauth, breaking X11 forwarding.
* | Revert inadvertent commit of an incorrect patchdes2015-11-241-2/+1
| |
* | Remove description of the now-defunct NoneEnabled option.des2015-11-242-4/+2
| |
* | Retire the NONE cipher option.des2015-11-2316-225/+4
| |
* | Remove dead code.des2015-11-111-672/+0
| |
* | One more $Mdocdate$des2015-11-111-1/+1
| |
* | Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").des2015-11-1125-25/+0
| |
* | Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,des2015-11-1113-22/+13
| | | | | | | | | | there is (currently) no way to make Subversion generate correct $Mdocdate$ tags, but perhas we can teach mandoc to read Subversion's %d format.
* | Fix OpenSSH multiple vulnerabilities by backporting three changesdelphij2015-08-253-6/+7
| | | | | | | | | | | | | | | | | | | | from OpenSSH-portable master. Git revisions: 45b0eb752c94954a6de046bfaaf129e518ad4b5b 5e75f5198769056089fb06c4d738ab0e5abc66f7 d4697fe9a28dab7255c60433e4dd23cf7fce8a8b Reviewed by: des Security: FreeBSD-SA-15:22.openssh
* | Fix multiple OpenSSH vulnerabilities.delphij2015-07-282-18/+33
| | | | | | | | | | | | Security: CVE-2014-2653 Security: CVE-2015-5600 Security: FreeBSD-SA-15:16.openssh
* | ssh: canonicize the host name before looking it up in the host filevangyzen2015-07-161-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Re-apply r99054 by des in 2002. This was accidentally dropped by the update to OpenSSH 6.5p1 (r261320). This change is actually taken from r387082 of ports/security/openssh-portable/files/patch-ssh.c PR: 198043 Differential Revision: https://reviews.freebsd.org/D3103 Reviewed by: des Approved by: kib (mentor) MFC after: 3 days Relnotes: yes Sponsored by: Dell Inc.
* | Import new moduli from OpenBSD. Although there is no reason to distrustdes2015-05-261-261/+275
| | | | | | | | | | | | the current set, it is good hygiene to change them once in a while. MFC after: 1 week
* | Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.bdrewery2015-04-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e: - dtucker@cvs.openbsd.org 2007/12/28 22:34:47 [clientloop.c] Use the correct packet maximum sizes for remote port and agent forwarding. Prevents the server from killing the connection if too much data is queued and an excessively large packet gets sent. bz #1360, ok djm@. The change was lost due to the the way the original upstream HPN patch modified this code. It was re-adding the original OpenSSH code and never was properly fixed to use the new value. MFC after: 2 weeks
* | Document "none" for VersionAddendum.bdrewery2015-03-232-2/+8
| | | | | | | | | | PR: 193127 MFC after: 2 weeks
* | Change comment about HPNDisabled to match the style of other options tosmh2014-05-201-1/+1
| | | | | | | | | | | | avoid confusion. Sponsored by: Multiplay
* | Apply upstream patch for EC calculation bug and bump version addendum.des2014-04-2010-9/+35
| |
* | Restore the pX part to the version number printed in debugging mode.des2014-04-091-1/+1
| |
* | Upgrade to OpenSSH 6.6p1.des2014-03-25123-2462/+1520
|\ \ | |/
OpenPOWER on IntegriCloud