summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Fix OpenSSH Denial of Service vulnerability. [SA-17:06]releng/11.0delphij2017-08-101-0/+5
| | | | | | Fix VNET kernel panic with asynchronous I/O. [EN-17:07] Approved by: so
* Fix heimdal KDC-REP service name validation vulnerability [SA-17:05]delphij2017-07-121-2/+2
| | | | Approved by: so
* Fix multiple vulnerabilities of OpenSSL. [SA-17:02]delphij2017-02-23100-634/+836
| | | | | | | | | | | | | | Fix system hang when booting when PCI-express HotPlug is enabled. [EN-17:01] Fix NIS master updates are not pushed to NIS slave. [EN-17:02] Fix compatibility with Hyper-V/storage after KB3172614 or KB3179574. [EN-17:03] Make makewhatis output reproducible. [EN-17:04] Approved by: so
* Fix multiple vulnerabilities of OpenSSH.delphij2017-01-113-9/+49
| | | | | | | Security: FreeBSD-SA-17:01.openssh Security: CVE-2016-10009 Security: CVE-2016-10010 Approved by: so
* Fix Fix OpenSSH remote Denial of Service vulnerability.delphij2016-11-021-0/+1
| | | | | Security: FreeBSD-SA-16:33.openssh Approved by: so
* Merge r306343 by jkim:glebius2016-09-268-8/+26
| | | | | | | Merge OpenSSL 1.0.2j. Approved by: so Approved by: re (implicit)
* MFS: r306195jkim2016-09-22222-1347/+3936
| | | | | | Merge OpenSSL 1.0.2i. Approved by: re (gjb, implicit), so (delphij)
* MFH (r303832): check whether each key file exists before adding itdes2016-08-111-10/+15
| | | | | PR: 208254 Approved by: re (kib)
* MFH (r303716, r303719): drop SSH1 support, disable DSA by defaultdes2016-08-057-40/+19
| | | | | | PR: 208254 Approved by: re (gjb) Relnotes: yes
* Revert r301551, which added blacklistd(8) to sshd(8).gjb2016-06-248-145/+0
| | | | | | | | | | This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation
* Add blacklist support to sshdlidl2016-06-078-0/+145
| | | | | | | | Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915
* openssl: change SHLIB_VERSION_NUMBER to reflect the realityavg2016-06-031-1/+1
| | | | | | | | Some consumers actually use this definition. We probably need some procedure to ensure that SHLIB_VERSION_NUMBER is updated whenever we change the library version in secure/lib/libssl/Makefile.
* libkrb5: Fix potential double-freecem2016-05-111-0/+1
| | | | | | | | | | | If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed memory and then be double-freed. After freeing it the first time, initialize it to NULL, which causes subsequent krb5_free_principal calls to do the right thing. Reported by: Coverity CID: 1273430 Sponsored by: EMC / Isilon Storage Division
* Merge OpenSSL 1.0.2h.jkim2016-05-0367-263/+1117
|\ | | | | | | Relnotes: yes
| * Import OpenSSL 1.0.2h.jkim2016-05-0338-122/+334
| |
* | Re-add AES-CBC ciphers to the default cipher list on the server.des2016-03-113-4/+12
| | | | | | | | PR: 207679
* | Upgrade to OpenSSH 7.2p2.des2016-03-11140-3291/+5765
|\ \
* \ \ Merge OpenSSL 1.0.2g.jkim2016-03-0183-1318/+2668
|\ \ \ | | |/ | |/| | | | Relnotes: yes
| * | Import OpenSSL 1.0.2g.jkim2016-03-0140-1046/+1741
| | |
* | | Document our modified default value for PermitRootLogin.des2016-02-022-2/+2
| | |
* | | Merge OpenSSL 1.0.2f.jkim2016-01-28136-443/+844
|\ \ \ | |/ / | | | | | | Relnotes: yes
| * | Import OpenSSL 1.0.2f.jkim2016-01-2896-153/+370
| | |
* | | Switch UseDNS back ondes2016-01-274-4/+7
| | |
* | | r294563 was incomplete; re-add the client-side options as well.des2016-01-221-0/+2
| | |
* | | Instead of removing the NoneEnabled option, mark it as unsupported.des2016-01-221-0/+1
| | | | | | | | | | | | (should have done this in r291198, but didn't think of it until now)
* | | Update the instructions and the list of major local modifications.des2016-01-211-17/+47
| | |
* | | Explain why we don't include VersionAddendum in the debug mode banner.des2016-01-211-0/+1
| | |
* | | Upgrade to OpenSSH 7.1p2.des2016-01-2128-1806/+301
| | |
* | | Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.des2016-01-213-13/+28
| | | | | | | | | | | | Noticed by: glebius
* | | Take care not to pick up the wrong version of OpenSSL when running in andes2016-01-211-0/+6
| | | | | | | | | | | | environment that has OpenSSL from ports in addition to the base version.
* | | Remove RCS tags from files in which we no longer have any localdes2016-01-2014-12/+2
| | | | | | | | | | | | modifications, and add them to two files in which we do.
* | | Remove a number of generated files which are either out-of-date (becausedes2016-01-2016-27242/+0
| | | | | | | | | | | | | | | they are never regenerated to reflect our changes) or in the way of freebsd-configure.sh.
* | | Upgrade to OpenSSH 7.0p1.des2016-01-20158-1655/+2319
| | |
* | | Upgrade to OpenSSH 6.9p1.des2016-01-19115-2304/+3871
|\ \ \ | | |/ | |/|
* | | Re-add HPN configuration options as deprecated options to avoid breakingdes2016-01-192-0/+7
| | | | | | | | | | | | | | | existing configurations that use them. Note that there is no functional difference between OpenSSH with HPN and OpenSSH without HPN.
* | | Upgrade to OpenSSH 6.8p1.des2016-01-19330-14249/+30265
|\ \ \ | |/ /
* | | Now that we have local modifications in configure.ac and configure, rundes2016-01-194-129/+155
| | | | | | | | | | | | autoheader and autoconf to avoid having to patch configure manually.
* | | Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removeddes2016-01-19286-6983/+17450
|\ \ \ | |/ / | | | | | | | | | | | | upstream) and a number of security fixes which we had already backported. MFC after: 1 week
* | | As previously threatened, remove the HPN patch from OpenSSH.des2016-01-1928-534/+154
| | |
* | | Use 'svn list -R' instead of find, and recognize comments in shell scriptsdes2016-01-191-2/+2
| | | | | | | | | | | | and {ssh,sshd}_config.
* | | Recognize *roff comments.des2016-01-191-1/+1
| | |
* | | Update the pre- and post-merge scripts to work correctly after the recentdes2016-01-192-15/+13
| | | | | | | | | | | | | | | cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh) now results in an unchanged working copy.
* | | Fix OpenSSH client information leak.glebius2016-01-141-3/+2
| | | | | | | | | | | | | | | Security: SA-16:07.openssh Security: CVE-2016-0777
* | | Incorrect length in calloc() call, already fixed upstream.des2015-12-171-1/+1
| | | | | | | | | | | | | | | | | | PR: 204769 Submitted by: David Binderman <dcb314@hotmail.com> MFC after: 1 week
* | | Merge OpenSSL 1.0.2e.jkim2015-12-03204-2375/+2568
|\ \ \ | | |/ | |/|
| * | Import OpenSSL 1.0.2e.jkim2015-12-03118-611/+1098
| | |
* | | r291198 inadvertantly reverted a local patch for the default locationdes2015-11-261-2/+3
| | | | | | | | | | | | of ssh-askpass and xauth, breaking X11 forwarding.
* | | Revert inadvertent commit of an incorrect patchdes2015-11-241-2/+1
| | |
* | | Remove description of the now-defunct NoneEnabled option.des2015-11-242-4/+2
| | |
* | | Retire the NONE cipher option.des2015-11-2316-225/+4
| | |
OpenPOWER on IntegriCloud