summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Document our modified default value for PermitRootLogin.des2016-02-022-2/+2
|
* Merge OpenSSL 1.0.2f.jkim2016-01-28136-443/+844
|\ | | | | | | Relnotes: yes
| * Import OpenSSL 1.0.2f.jkim2016-01-2896-153/+370
| |
* | Switch UseDNS back ondes2016-01-274-4/+7
| |
* | r294563 was incomplete; re-add the client-side options as well.des2016-01-221-0/+2
| |
* | Instead of removing the NoneEnabled option, mark it as unsupported.des2016-01-221-0/+1
| | | | | | | | (should have done this in r291198, but didn't think of it until now)
* | Update the instructions and the list of major local modifications.des2016-01-211-17/+47
| |
* | Explain why we don't include VersionAddendum in the debug mode banner.des2016-01-211-0/+1
| |
* | Upgrade to OpenSSH 7.1p2.des2016-01-2128-1806/+301
| |
* | Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.des2016-01-213-13/+28
| | | | | | | | Noticed by: glebius
* | Take care not to pick up the wrong version of OpenSSL when running in andes2016-01-211-0/+6
| | | | | | | | environment that has OpenSSL from ports in addition to the base version.
* | Remove RCS tags from files in which we no longer have any localdes2016-01-2014-12/+2
| | | | | | | | modifications, and add them to two files in which we do.
* | Remove a number of generated files which are either out-of-date (becausedes2016-01-2016-27242/+0
| | | | | | | | | | they are never regenerated to reflect our changes) or in the way of freebsd-configure.sh.
* | Upgrade to OpenSSH 7.0p1.des2016-01-20158-1655/+2319
| |
* | Upgrade to OpenSSH 6.9p1.des2016-01-19115-2304/+3871
|\ \
* | | Re-add HPN configuration options as deprecated options to avoid breakingdes2016-01-192-0/+7
| | | | | | | | | | | | | | | existing configurations that use them. Note that there is no functional difference between OpenSSH with HPN and OpenSSH without HPN.
* | | Upgrade to OpenSSH 6.8p1.des2016-01-19330-14249/+30265
|\ \ \ | |/ /
* | | Now that we have local modifications in configure.ac and configure, rundes2016-01-194-129/+155
| | | | | | | | | | | | autoheader and autoconf to avoid having to patch configure manually.
* | | Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removeddes2016-01-19286-6983/+17450
|\ \ \ | |/ / | | | | | | | | | | | | upstream) and a number of security fixes which we had already backported. MFC after: 1 week
* | | As previously threatened, remove the HPN patch from OpenSSH.des2016-01-1928-534/+154
| | |
* | | Use 'svn list -R' instead of find, and recognize comments in shell scriptsdes2016-01-191-2/+2
| | | | | | | | | | | | and {ssh,sshd}_config.
* | | Recognize *roff comments.des2016-01-191-1/+1
| | |
* | | Update the pre- and post-merge scripts to work correctly after the recentdes2016-01-192-15/+13
| | | | | | | | | | | | | | | cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh) now results in an unchanged working copy.
* | | Fix OpenSSH client information leak.glebius2016-01-141-3/+2
| | | | | | | | | | | | | | | Security: SA-16:07.openssh Security: CVE-2016-0777
* | | Incorrect length in calloc() call, already fixed upstream.des2015-12-171-1/+1
| | | | | | | | | | | | | | | | | | PR: 204769 Submitted by: David Binderman <dcb314@hotmail.com> MFC after: 1 week
* | | Merge OpenSSL 1.0.2e.jkim2015-12-03204-2375/+2568
|\ \ \ | | |/ | |/|
| * | Import OpenSSL 1.0.2e.jkim2015-12-03118-611/+1098
| | |
* | | r291198 inadvertantly reverted a local patch for the default locationdes2015-11-261-2/+3
| | | | | | | | | | | | of ssh-askpass and xauth, breaking X11 forwarding.
* | | Revert inadvertent commit of an incorrect patchdes2015-11-241-2/+1
| | |
* | | Remove description of the now-defunct NoneEnabled option.des2015-11-242-4/+2
| | |
* | | Retire the NONE cipher option.des2015-11-2316-225/+4
| | |
* | | Remove duplicate manual pages.jkim2015-11-162-5/+3
| | | | | | | | | | | | Reported by: brd
* | | Remove dead code.des2015-11-111-672/+0
| | |
* | | One more $Mdocdate$des2015-11-111-1/+1
| | |
* | | Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").des2015-11-1125-25/+0
| | |
* | | Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,des2015-11-1113-22/+13
| | | | | | | | | | | | | | | there is (currently) no way to make Subversion generate correct $Mdocdate$ tags, but perhas we can teach mandoc to read Subversion's %d format.
* | | Merge OpenSSL 1.0.2d.jkim2015-10-30488-13176/+94364
|\ \ \ | |/ /
| * | Import OpenSSL 1.0.2d.jkim2015-10-23299-8500/+77947
| | |
* | | Fix OpenSSH multiple vulnerabilities by backporting three changesdelphij2015-08-253-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from OpenSSH-portable master. Git revisions: 45b0eb752c94954a6de046bfaaf129e518ad4b5b 5e75f5198769056089fb06c4d738ab0e5abc66f7 d4697fe9a28dab7255c60433e4dd23cf7fce8a8b Reviewed by: des Security: FreeBSD-SA-15:22.openssh
* | | Fix multiple OpenSSH vulnerabilities.delphij2015-07-282-18/+33
| | | | | | | | | | | | | | | | | | Security: CVE-2014-2653 Security: CVE-2015-5600 Security: FreeBSD-SA-15:16.openssh
* | | ssh: canonicize the host name before looking it up in the host filevangyzen2015-07-161-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Re-apply r99054 by des in 2002. This was accidentally dropped by the update to OpenSSH 6.5p1 (r261320). This change is actually taken from r387082 of ports/security/openssh-portable/files/patch-ssh.c PR: 198043 Differential Revision: https://reviews.freebsd.org/D3103 Reviewed by: des Approved by: kib (mentor) MFC after: 3 days Relnotes: yes Sponsored by: Dell Inc.
* | | Merge OpenSSL 1.0.1p.jkim2015-07-0921-233/+475
|\ \ \ | |/ /
| * | Import OpenSSL 1.0.1p.jkim2015-07-0911-201/+420
| | |
| * | Import OpenSSL 1.0.1o.jkim2015-06-124-17/+16
| | |
| * | Import OpenSSL 1.0.1n.jkim2015-06-11131-268/+797
| | |
* | | Merge OpenSSL 1.0.1o.jkim2015-06-129-25/+34
| | |
* | | Merge OpenSSL 1.0.1n.jkim2015-06-11204-903/+2348
| | |
* | | Import new moduli from OpenBSD. Although there is no reason to distrustdes2015-05-261-261/+275
| | | | | | | | | | | | | | | | | | the current set, it is good hygiene to change them once in a while. MFC after: 1 week
* | | Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.bdrewery2015-04-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e: - dtucker@cvs.openbsd.org 2007/12/28 22:34:47 [clientloop.c] Use the correct packet maximum sizes for remote port and agent forwarding. Prevents the server from killing the connection if too much data is queued and an excessively large packet gets sent. bz #1360, ok djm@. The change was lost due to the the way the original upstream HPN patch modified this code. It was re-adding the original OpenSSH code and never was properly fixed to use the new value. MFC after: 2 weeks
* | | Document "none" for VersionAddendum.bdrewery2015-03-232-2/+8
| | | | | | | | | | | | | | | PR: 193127 MFC after: 2 weeks
OpenPOWER on IntegriCloud