summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* libkrb5: Fix potential double-freecem2016-05-111-0/+1
| | | | | | | | | | | If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed memory and then be double-freed. After freeing it the first time, initialize it to NULL, which causes subsequent krb5_free_principal calls to do the right thing. Reported by: Coverity CID: 1273430 Sponsored by: EMC / Isilon Storage Division
* Merge OpenSSL 1.0.2h.jkim2016-05-0367-263/+1117
|\ | | | | | | Relnotes: yes
| * Import OpenSSL 1.0.2h.jkim2016-05-0338-122/+334
| |
* | Re-add AES-CBC ciphers to the default cipher list on the server.des2016-03-113-4/+12
| | | | | | | | PR: 207679
* | Upgrade to OpenSSH 7.2p2.des2016-03-11140-3291/+5765
|\ \
* \ \ Merge OpenSSL 1.0.2g.jkim2016-03-0183-1318/+2668
|\ \ \ | | |/ | |/| | | | Relnotes: yes
| * | Import OpenSSL 1.0.2g.jkim2016-03-0140-1046/+1741
| | |
* | | Document our modified default value for PermitRootLogin.des2016-02-022-2/+2
| | |
* | | Merge OpenSSL 1.0.2f.jkim2016-01-28136-443/+844
|\ \ \ | |/ / | | | | | | Relnotes: yes
| * | Import OpenSSL 1.0.2f.jkim2016-01-2896-153/+370
| | |
* | | Switch UseDNS back ondes2016-01-274-4/+7
| | |
* | | r294563 was incomplete; re-add the client-side options as well.des2016-01-221-0/+2
| | |
* | | Instead of removing the NoneEnabled option, mark it as unsupported.des2016-01-221-0/+1
| | | | | | | | | | | | (should have done this in r291198, but didn't think of it until now)
* | | Update the instructions and the list of major local modifications.des2016-01-211-17/+47
| | |
* | | Explain why we don't include VersionAddendum in the debug mode banner.des2016-01-211-0/+1
| | |
* | | Upgrade to OpenSSH 7.1p2.des2016-01-2128-1806/+301
| | |
* | | Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.des2016-01-213-13/+28
| | | | | | | | | | | | Noticed by: glebius
* | | Take care not to pick up the wrong version of OpenSSL when running in andes2016-01-211-0/+6
| | | | | | | | | | | | environment that has OpenSSL from ports in addition to the base version.
* | | Remove RCS tags from files in which we no longer have any localdes2016-01-2014-12/+2
| | | | | | | | | | | | modifications, and add them to two files in which we do.
* | | Remove a number of generated files which are either out-of-date (becausedes2016-01-2016-27242/+0
| | | | | | | | | | | | | | | they are never regenerated to reflect our changes) or in the way of freebsd-configure.sh.
* | | Upgrade to OpenSSH 7.0p1.des2016-01-20158-1655/+2319
| | |
* | | Upgrade to OpenSSH 6.9p1.des2016-01-19115-2304/+3871
|\ \ \ | | |/ | |/|
* | | Re-add HPN configuration options as deprecated options to avoid breakingdes2016-01-192-0/+7
| | | | | | | | | | | | | | | existing configurations that use them. Note that there is no functional difference between OpenSSH with HPN and OpenSSH without HPN.
* | | Upgrade to OpenSSH 6.8p1.des2016-01-19330-14249/+30265
|\ \ \ | |/ /
* | | Now that we have local modifications in configure.ac and configure, rundes2016-01-194-129/+155
| | | | | | | | | | | | autoheader and autoconf to avoid having to patch configure manually.
* | | Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removeddes2016-01-19286-6983/+17450
|\ \ \ | |/ / | | | | | | | | | | | | upstream) and a number of security fixes which we had already backported. MFC after: 1 week
* | | As previously threatened, remove the HPN patch from OpenSSH.des2016-01-1928-534/+154
| | |
* | | Use 'svn list -R' instead of find, and recognize comments in shell scriptsdes2016-01-191-2/+2
| | | | | | | | | | | | and {ssh,sshd}_config.
* | | Recognize *roff comments.des2016-01-191-1/+1
| | |
* | | Update the pre- and post-merge scripts to work correctly after the recentdes2016-01-192-15/+13
| | | | | | | | | | | | | | | cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh) now results in an unchanged working copy.
* | | Fix OpenSSH client information leak.glebius2016-01-141-3/+2
| | | | | | | | | | | | | | | Security: SA-16:07.openssh Security: CVE-2016-0777
* | | Incorrect length in calloc() call, already fixed upstream.des2015-12-171-1/+1
| | | | | | | | | | | | | | | | | | PR: 204769 Submitted by: David Binderman <dcb314@hotmail.com> MFC after: 1 week
* | | Merge OpenSSL 1.0.2e.jkim2015-12-03204-2375/+2568
|\ \ \ | | |/ | |/|
| * | Import OpenSSL 1.0.2e.jkim2015-12-03118-611/+1098
| | |
* | | r291198 inadvertantly reverted a local patch for the default locationdes2015-11-261-2/+3
| | | | | | | | | | | | of ssh-askpass and xauth, breaking X11 forwarding.
* | | Revert inadvertent commit of an incorrect patchdes2015-11-241-2/+1
| | |
* | | Remove description of the now-defunct NoneEnabled option.des2015-11-242-4/+2
| | |
* | | Retire the NONE cipher option.des2015-11-2316-225/+4
| | |
* | | Remove duplicate manual pages.jkim2015-11-162-5/+3
| | | | | | | | | | | | Reported by: brd
* | | Remove dead code.des2015-11-111-672/+0
| | |
* | | One more $Mdocdate$des2015-11-111-1/+1
| | |
* | | Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").des2015-11-1125-25/+0
| | |
* | | Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,des2015-11-1113-22/+13
| | | | | | | | | | | | | | | there is (currently) no way to make Subversion generate correct $Mdocdate$ tags, but perhas we can teach mandoc to read Subversion's %d format.
* | | Merge OpenSSL 1.0.2d.jkim2015-10-30488-13176/+94364
|\ \ \ | |/ /
| * | Import OpenSSL 1.0.2d.jkim2015-10-23299-8500/+77947
| | |
* | | Fix OpenSSH multiple vulnerabilities by backporting three changesdelphij2015-08-253-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from OpenSSH-portable master. Git revisions: 45b0eb752c94954a6de046bfaaf129e518ad4b5b 5e75f5198769056089fb06c4d738ab0e5abc66f7 d4697fe9a28dab7255c60433e4dd23cf7fce8a8b Reviewed by: des Security: FreeBSD-SA-15:22.openssh
* | | Fix multiple OpenSSH vulnerabilities.delphij2015-07-282-18/+33
| | | | | | | | | | | | | | | | | | Security: CVE-2014-2653 Security: CVE-2015-5600 Security: FreeBSD-SA-15:16.openssh
* | | ssh: canonicize the host name before looking it up in the host filevangyzen2015-07-161-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Re-apply r99054 by des in 2002. This was accidentally dropped by the update to OpenSSH 6.5p1 (r261320). This change is actually taken from r387082 of ports/security/openssh-portable/files/patch-ssh.c PR: 198043 Differential Revision: https://reviews.freebsd.org/D3103 Reviewed by: des Approved by: kib (mentor) MFC after: 3 days Relnotes: yes Sponsored by: Dell Inc.
* | | Merge OpenSSL 1.0.1p.jkim2015-07-0921-233/+475
|\ \ \ | |/ /
| * | Import OpenSSL 1.0.1p.jkim2015-07-0911-201/+420
| | |
OpenPOWER on IntegriCloud