| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
I was requested to add this string to any file that was modified by my
commit, which I forgot to do so.
Requested by: des
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Partially revert r184122 (sshd.c). Our ut_host is now big enough to
fit proper hostnames.
- Change config.h to match reality.
- defines.h requires UTMPX_FILE to be set by <utmpx.h> before it allows
the utmpx code to work. This makes no sense to me. I've already
mentioned this upstream.
- Add our own platform-specific handling of lastlog. The version I will
send to the OpenSSH folks will use proper autoconf generated
definitions instead of `#if 1'.
|
| |
|
|
|
|
| |
NGROUPS.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
environments.
Please note that this can't be done while such processes run in jails.
Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.
Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month
|
| |
|
|
|
| |
Noticed by: delphij, David Cornejo <dave@dogwood.com>
Forgotten by: des
|
| | |
|
| |
|
|
|
|
|
| |
- initialized and uninitialized data
- symbols from roaming_dummy.c which end up in pam_ssh
Update the command line used to generate the #defines.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Fix memory consumption bug with "future epoch" DTLS records.
- Fix fragment handling memory leak.
- Do not access freed data structure.
- Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
MFC after: 1 week
Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
|
| | |
| |
| |
| | |
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
for normal build, and doesn't export well to CVS.
If they are needed later a script will be added to recreate the symlinks
when needed at build time.
Approved by: re (rwatson)
|
| | |
| |
| |
| | |
Reviewed by: des
|
| |\ \
| | |
| | |
| | | |
Approved by: re
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
(last vendor import).
The file were removed in different earlier releases, but were not
removed from the CVS vendor branch at the time.
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | | |
MFC after: 3 months
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Sanity-check string lengths in order to stop OpenSSL crashing
when printing corrupt BMPString or UniversalString objects. [09:08]
Security: FreeBSD-SA-09:07.libc
Security: FreeBSD-SA-09:08.openssl
Security: CVE-2009-0590
Approved by: re (kensmith)
Approved by: so (cperciva)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd
Security: FreeBSD-SA-09:02.openssl
Obtained from: NetBSD [SA-09:01]
Obtained from: OpenSSL Project [SA-09:02]
Approved by: so (simon)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
in the struct utmp due to concerns about the length of the hostname buffer.
However, this breaks the UseDNS option. There is a simpler and better
solution: initialize utmp_len to the correct value (UT_HOSTSIZE instead of
MAXHOSTNAMELEN) and let get_remote_name_or_ip() worry about the size of the
buffer.
PR: bin/97499
Submitted by: Bruce Cran <bruce@cran.org.uk>
MFC after: 1 week
|
| | | |
| | |
| | |
| | | |
MFC after: 3 days
|
| | | |
| | |
| | |
| | | |
MFC after: 1 week
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
aren't used for anything, but that's no excuse for being silly.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Submitted upstream, no reaction.
Submitted by: delphij@
MFC after: 2 weeks
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
"This time for sure!"
|
| | | | |
|
| | | |
| | |
| | |
| | | |
every time I think I got them all, another one pops up.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
original $FreeBSD$ keywords. Revert those changes, and simply disable
keyword expansion.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Add svn command to diff against vendor branch.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
that code in ages - we use pam_opie(8) instead - so this is a NOP.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
cmsghdr. Derived from upstream patch.
Submitted by: cognet
MFC after: 2 weeks
|
| | | |
| | |
| | |
| | | |
available in base/vendor-crypto/openssh/dist/.
|
