Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | MFC r308197: MFV r308196: | delphij | 2016-11-02 | 1 | -0/+1 |
| | | | | | | Fix OpenSSH remote Denial of Service vulnerability. Security: CVE-2016-8858 | ||||
* | MFC: r306342 | jkim | 2016-09-26 | 8 | -8/+26 |
| | | | | Merge OpenSSL 1.0.2j. | ||||
* | MFC: r306193 | jkim | 2016-09-22 | 222 | -1347/+3936 |
| | | | | Merge OpenSSL 1.0.2u. | ||||
* | MFC r305065: Add refactored blacklist support to sshd | lidl | 2016-09-06 | 12 | -1/+195 |
| | | | | | | | | | | | | | | | | | | Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file. Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init(). Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file. Approved by: des Sponsored by: The FreeBSD Foundation | ||||
* | MFC: r304636 | jkim | 2016-08-31 | 2 | -3/+3 |
| | | | | Build OpenSSL assembly sources for arm. | ||||
* | MFH (r303832): check whether each key file exists before adding it | des | 2016-08-11 | 1 | -10/+15 |
| | | | | | PR: 208254 Approved by: re (kib) | ||||
* | MFH (r303716, r303719): drop SSH1 support, disable DSA by default | des | 2016-08-05 | 7 | -40/+19 |
| | | | | | | PR: 208254 Approved by: re (gjb) Relnotes: yes | ||||
* | Revert r301551, which added blacklistd(8) to sshd(8). | gjb | 2016-06-24 | 8 | -145/+0 |
| | | | | | | | | | | This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation | ||||
* | Add blacklist support to sshd | lidl | 2016-06-07 | 8 | -0/+145 |
| | | | | | | | | Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915 | ||||
* | openssl: change SHLIB_VERSION_NUMBER to reflect the reality | avg | 2016-06-03 | 1 | -1/+1 |
| | | | | | | | | Some consumers actually use this definition. We probably need some procedure to ensure that SHLIB_VERSION_NUMBER is updated whenever we change the library version in secure/lib/libssl/Makefile. | ||||
* | libkrb5: Fix potential double-free | cem | 2016-05-11 | 1 | -0/+1 |
| | | | | | | | | | | | If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed memory and then be double-freed. After freeing it the first time, initialize it to NULL, which causes subsequent krb5_free_principal calls to do the right thing. Reported by: Coverity CID: 1273430 Sponsored by: EMC / Isilon Storage Division | ||||
* | Merge OpenSSL 1.0.2h. | jkim | 2016-05-03 | 67 | -263/+1117 |
|\ | | | | | | | Relnotes: yes | ||||
| * | Import OpenSSL 1.0.2h. | jkim | 2016-05-03 | 38 | -122/+334 |
| | | |||||
* | | Re-add AES-CBC ciphers to the default cipher list on the server. | des | 2016-03-11 | 3 | -4/+12 |
| | | | | | | | | PR: 207679 | ||||
* | | Upgrade to OpenSSH 7.2p2. | des | 2016-03-11 | 140 | -3291/+5765 |
|\ \ | |||||
* \ \ | Merge OpenSSL 1.0.2g. | jkim | 2016-03-01 | 83 | -1318/+2668 |
|\ \ \ | | |/ | |/| | | | | Relnotes: yes | ||||
| * | | Import OpenSSL 1.0.2g. | jkim | 2016-03-01 | 40 | -1046/+1741 |
| | | | |||||
* | | | Document our modified default value for PermitRootLogin. | des | 2016-02-02 | 2 | -2/+2 |
| | | | |||||
* | | | Merge OpenSSL 1.0.2f. | jkim | 2016-01-28 | 136 | -443/+844 |
|\ \ \ | |/ / | | | | | | | Relnotes: yes | ||||
| * | | Import OpenSSL 1.0.2f. | jkim | 2016-01-28 | 96 | -153/+370 |
| | | | |||||
* | | | Switch UseDNS back on | des | 2016-01-27 | 4 | -4/+7 |
| | | | |||||
* | | | r294563 was incomplete; re-add the client-side options as well. | des | 2016-01-22 | 1 | -0/+2 |
| | | | |||||
* | | | Instead of removing the NoneEnabled option, mark it as unsupported. | des | 2016-01-22 | 1 | -0/+1 |
| | | | | | | | | | | | | (should have done this in r291198, but didn't think of it until now) | ||||
* | | | Update the instructions and the list of major local modifications. | des | 2016-01-21 | 1 | -17/+47 |
| | | | |||||
* | | | Explain why we don't include VersionAddendum in the debug mode banner. | des | 2016-01-21 | 1 | -0/+1 |
| | | | |||||
* | | | Upgrade to OpenSSH 7.1p2. | des | 2016-01-21 | 28 | -1806/+301 |
| | | | |||||
* | | | Enable DSA keys by default. They were disabled in OpenSSH 6.9p1. | des | 2016-01-21 | 3 | -13/+28 |
| | | | | | | | | | | | | Noticed by: glebius | ||||
* | | | Take care not to pick up the wrong version of OpenSSL when running in an | des | 2016-01-21 | 1 | -0/+6 |
| | | | | | | | | | | | | environment that has OpenSSL from ports in addition to the base version. | ||||
* | | | Remove RCS tags from files in which we no longer have any local | des | 2016-01-20 | 14 | -12/+2 |
| | | | | | | | | | | | | modifications, and add them to two files in which we do. | ||||
* | | | Remove a number of generated files which are either out-of-date (because | des | 2016-01-20 | 16 | -27242/+0 |
| | | | | | | | | | | | | | | | they are never regenerated to reflect our changes) or in the way of freebsd-configure.sh. | ||||
* | | | Upgrade to OpenSSH 7.0p1. | des | 2016-01-20 | 158 | -1655/+2319 |
| | | | |||||
* | | | Upgrade to OpenSSH 6.9p1. | des | 2016-01-19 | 115 | -2304/+3871 |
|\ \ \ | | |/ | |/| | |||||
* | | | Re-add HPN configuration options as deprecated options to avoid breaking | des | 2016-01-19 | 2 | -0/+7 |
| | | | | | | | | | | | | | | | existing configurations that use them. Note that there is no functional difference between OpenSSH with HPN and OpenSSH without HPN. | ||||
* | | | Upgrade to OpenSSH 6.8p1. | des | 2016-01-19 | 330 | -14249/+30265 |
|\ \ \ | |/ / | |||||
* | | | Now that we have local modifications in configure.ac and configure, run | des | 2016-01-19 | 4 | -129/+155 |
| | | | | | | | | | | | | autoheader and autoconf to avoid having to patch configure manually. | ||||
* | | | Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed | des | 2016-01-19 | 286 | -6983/+17450 |
|\ \ \ | |/ / | | | | | | | | | | | | | upstream) and a number of security fixes which we had already backported. MFC after: 1 week | ||||
* | | | As previously threatened, remove the HPN patch from OpenSSH. | des | 2016-01-19 | 28 | -534/+154 |
| | | | |||||
* | | | Use 'svn list -R' instead of find, and recognize comments in shell scripts | des | 2016-01-19 | 1 | -2/+2 |
| | | | | | | | | | | | | and {ssh,sshd}_config. | ||||
* | | | Recognize *roff comments. | des | 2016-01-19 | 1 | -1/+1 |
| | | | |||||
* | | | Update the pre- and post-merge scripts to work correctly after the recent | des | 2016-01-19 | 2 | -15/+13 |
| | | | | | | | | | | | | | | | cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh) now results in an unchanged working copy. | ||||
* | | | Fix OpenSSH client information leak. | glebius | 2016-01-14 | 1 | -3/+2 |
| | | | | | | | | | | | | | | | Security: SA-16:07.openssh Security: CVE-2016-0777 | ||||
* | | | Incorrect length in calloc() call, already fixed upstream. | des | 2015-12-17 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | PR: 204769 Submitted by: David Binderman <dcb314@hotmail.com> MFC after: 1 week | ||||
* | | | Merge OpenSSL 1.0.2e. | jkim | 2015-12-03 | 204 | -2375/+2568 |
|\ \ \ | | |/ | |/| | |||||
| * | | Import OpenSSL 1.0.2e. | jkim | 2015-12-03 | 118 | -611/+1098 |
| | | | |||||
* | | | r291198 inadvertantly reverted a local patch for the default location | des | 2015-11-26 | 1 | -2/+3 |
| | | | | | | | | | | | | of ssh-askpass and xauth, breaking X11 forwarding. | ||||
* | | | Revert inadvertent commit of an incorrect patch | des | 2015-11-24 | 1 | -2/+1 |
| | | | |||||
* | | | Remove description of the now-defunct NoneEnabled option. | des | 2015-11-24 | 2 | -4/+2 |
| | | | |||||
* | | | Retire the NONE cipher option. | des | 2015-11-23 | 16 | -225/+4 |
| | | | |||||
* | | | Remove duplicate manual pages. | jkim | 2015-11-16 | 2 | -5/+3 |
| | | | | | | | | | | | | Reported by: brd | ||||
* | | | Remove dead code. | des | 2015-11-11 | 1 | -672/+0 |
| | | |