summaryrefslogtreecommitdiffstats
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
* MFC r308197: MFV r308196:delphij2016-11-021-0/+1
| | | | | | Fix OpenSSH remote Denial of Service vulnerability. Security: CVE-2016-8858
* MFC: r306342jkim2016-09-268-8/+26
| | | | Merge OpenSSL 1.0.2j.
* MFC: r306193jkim2016-09-22222-1347/+3936
| | | | Merge OpenSSL 1.0.2u.
* MFC r305065: Add refactored blacklist support to sshdlidl2016-09-0612-1/+195
| | | | | | | | | | | | | | | | | | Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file. Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init(). Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file. Approved by: des Sponsored by: The FreeBSD Foundation
* MFC: r304636jkim2016-08-312-3/+3
| | | | Build OpenSSL assembly sources for arm.
* MFH (r303832): check whether each key file exists before adding itdes2016-08-111-10/+15
| | | | | PR: 208254 Approved by: re (kib)
* MFH (r303716, r303719): drop SSH1 support, disable DSA by defaultdes2016-08-057-40/+19
| | | | | | PR: 208254 Approved by: re (gjb) Relnotes: yes
* Revert r301551, which added blacklistd(8) to sshd(8).gjb2016-06-248-145/+0
| | | | | | | | | | This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation
* Add blacklist support to sshdlidl2016-06-078-0/+145
| | | | | | | | Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915
* openssl: change SHLIB_VERSION_NUMBER to reflect the realityavg2016-06-031-1/+1
| | | | | | | | Some consumers actually use this definition. We probably need some procedure to ensure that SHLIB_VERSION_NUMBER is updated whenever we change the library version in secure/lib/libssl/Makefile.
* libkrb5: Fix potential double-freecem2016-05-111-0/+1
| | | | | | | | | | | If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed memory and then be double-freed. After freeing it the first time, initialize it to NULL, which causes subsequent krb5_free_principal calls to do the right thing. Reported by: Coverity CID: 1273430 Sponsored by: EMC / Isilon Storage Division
* Merge OpenSSL 1.0.2h.jkim2016-05-0367-263/+1117
|\ | | | | | | Relnotes: yes
| * Import OpenSSL 1.0.2h.jkim2016-05-0338-122/+334
| |
* | Re-add AES-CBC ciphers to the default cipher list on the server.des2016-03-113-4/+12
| | | | | | | | PR: 207679
* | Upgrade to OpenSSH 7.2p2.des2016-03-11140-3291/+5765
|\ \
* \ \ Merge OpenSSL 1.0.2g.jkim2016-03-0183-1318/+2668
|\ \ \ | | |/ | |/| | | | Relnotes: yes
| * | Import OpenSSL 1.0.2g.jkim2016-03-0140-1046/+1741
| | |
* | | Document our modified default value for PermitRootLogin.des2016-02-022-2/+2
| | |
* | | Merge OpenSSL 1.0.2f.jkim2016-01-28136-443/+844
|\ \ \ | |/ / | | | | | | Relnotes: yes
| * | Import OpenSSL 1.0.2f.jkim2016-01-2896-153/+370
| | |
* | | Switch UseDNS back ondes2016-01-274-4/+7
| | |
* | | r294563 was incomplete; re-add the client-side options as well.des2016-01-221-0/+2
| | |
* | | Instead of removing the NoneEnabled option, mark it as unsupported.des2016-01-221-0/+1
| | | | | | | | | | | | (should have done this in r291198, but didn't think of it until now)
* | | Update the instructions and the list of major local modifications.des2016-01-211-17/+47
| | |
* | | Explain why we don't include VersionAddendum in the debug mode banner.des2016-01-211-0/+1
| | |
* | | Upgrade to OpenSSH 7.1p2.des2016-01-2128-1806/+301
| | |
* | | Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.des2016-01-213-13/+28
| | | | | | | | | | | | Noticed by: glebius
* | | Take care not to pick up the wrong version of OpenSSL when running in andes2016-01-211-0/+6
| | | | | | | | | | | | environment that has OpenSSL from ports in addition to the base version.
* | | Remove RCS tags from files in which we no longer have any localdes2016-01-2014-12/+2
| | | | | | | | | | | | modifications, and add them to two files in which we do.
* | | Remove a number of generated files which are either out-of-date (becausedes2016-01-2016-27242/+0
| | | | | | | | | | | | | | | they are never regenerated to reflect our changes) or in the way of freebsd-configure.sh.
* | | Upgrade to OpenSSH 7.0p1.des2016-01-20158-1655/+2319
| | |
* | | Upgrade to OpenSSH 6.9p1.des2016-01-19115-2304/+3871
|\ \ \ | | |/ | |/|
* | | Re-add HPN configuration options as deprecated options to avoid breakingdes2016-01-192-0/+7
| | | | | | | | | | | | | | | existing configurations that use them. Note that there is no functional difference between OpenSSH with HPN and OpenSSH without HPN.
* | | Upgrade to OpenSSH 6.8p1.des2016-01-19330-14249/+30265
|\ \ \ | |/ /
* | | Now that we have local modifications in configure.ac and configure, rundes2016-01-194-129/+155
| | | | | | | | | | | | autoheader and autoconf to avoid having to patch configure manually.
* | | Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removeddes2016-01-19286-6983/+17450
|\ \ \ | |/ / | | | | | | | | | | | | upstream) and a number of security fixes which we had already backported. MFC after: 1 week
* | | As previously threatened, remove the HPN patch from OpenSSH.des2016-01-1928-534/+154
| | |
* | | Use 'svn list -R' instead of find, and recognize comments in shell scriptsdes2016-01-191-2/+2
| | | | | | | | | | | | and {ssh,sshd}_config.
* | | Recognize *roff comments.des2016-01-191-1/+1
| | |
* | | Update the pre- and post-merge scripts to work correctly after the recentdes2016-01-192-15/+13
| | | | | | | | | | | | | | | cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh) now results in an unchanged working copy.
* | | Fix OpenSSH client information leak.glebius2016-01-141-3/+2
| | | | | | | | | | | | | | | Security: SA-16:07.openssh Security: CVE-2016-0777
* | | Incorrect length in calloc() call, already fixed upstream.des2015-12-171-1/+1
| | | | | | | | | | | | | | | | | | PR: 204769 Submitted by: David Binderman <dcb314@hotmail.com> MFC after: 1 week
* | | Merge OpenSSL 1.0.2e.jkim2015-12-03204-2375/+2568
|\ \ \ | | |/ | |/|
| * | Import OpenSSL 1.0.2e.jkim2015-12-03118-611/+1098
| | |
* | | r291198 inadvertantly reverted a local patch for the default locationdes2015-11-261-2/+3
| | | | | | | | | | | | of ssh-askpass and xauth, breaking X11 forwarding.
* | | Revert inadvertent commit of an incorrect patchdes2015-11-241-2/+1
| | |
* | | Remove description of the now-defunct NoneEnabled option.des2015-11-242-4/+2
| | |
* | | Retire the NONE cipher option.des2015-11-2316-225/+4
| | |
* | | Remove duplicate manual pages.jkim2015-11-162-5/+3
| | | | | | | | | | | | Reported by: brd
* | | Remove dead code.des2015-11-111-672/+0
| | |
OpenPOWER on IntegriCloud