| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is the last version of OpenSSH which does not break compatibility
more than we can live with in a stable branch. Further commits will
follow to backport some bug fixes from newer versions.
The sshd breakage in the previous attempt was due to an upstream bug
(a 0 was changed to a 1 while refactoring send_rexec_state() in sshd.c)
which only manifested itself when sshd was built with SSH 1 support.
Approved by: re@
|
| |
|
|
| |
Approved by: re@
|
| |
|
|
|
|
|
|
| |
This is the last version of OpenSSH which does not break compatibility
more than we can live with in a stable branch. Further commits will
follow to backport some bug fixes from newer versions.
Approved by: re@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and
MK_KERBEROS_SUPPORT != no
This fixes the odd case where someone specified MK_GSSAPI=no and
MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense,
but the build system doesn't prevent this case today, and it didn't when
I filed the bug back in 2011 either).
PR: 159745
|
| |
|
|
|
|
|
|
| |
MFH (r296634): re-add aes-cbc to server-side default cipher list
MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679
Security: CVE-2016-3115
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFH (r285975, r287143): register mergeinfo for security fixes
MFH (r294497, r294498, r295139): internal documentation
MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap
MFH (r294332): upgrade to openssh 6.8p1
MFH (r294367): update pam_ssh for api changes
MFH (r294909): switch usedns back on
MFH (r294336): upgrade to openssh 6.9p1
MFH (r294495): re-enable dsa keys
MFH (r294464): upgrade to openssh 7.0p1
MFH (r294496): upgrade to openssh 7.1p2
Approved by: re (gjb)
Relnotes: yes
|
| |
|
|
| |
Remove the HPN and None cipher patches.
|
| |
|
|
| |
Replace unneeded manual dependency on header by adding it to SRCS.
|
| |
|
|
| |
MFH (r264308): restore p level in debugging output
|
| |
|
|
| |
MFH (r261340): enable sandboxing by default
|
| |
|
|
|
|
|
|
|
| |
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.
Approved by: re (marius)
|
| |
|
|
|
|
|
|
|
|
| |
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.
Approved by: re (blanket)
|
| |
|
|
| |
Approved by: re (blanket)
|
| |
|
|
| |
for a key revocation list and more fine-grained authentication control.
|
| |
|
|
|
|
|
|
|
| |
which, only after authentication, disables crypto, and only for sessions
without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com)
PR: bin/163095
MFC after: 10 days
|
| | |
|
| | |
|
| |
|
|
| |
MFC after: 1 month
|
| |
|
|
|
| |
Noticed by: delphij, David Cornejo <dave@dogwood.com>
Forgotten by: des
|
| |
|
|
|
|
|
|
| |
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib
Approved by: re (rwatson)
|
| |
|
|
| |
Reviewed by: des
|
| |
|
|
| |
MFC after: 3 months
|
| |
|
|
|
|
|
|
|
|
| |
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
| |
|
|
| |
all non-style changes made by heimdal to our own libgssapi.
|
| |
|
|
|
|
| |
Reported by: jhb
Discussed with: deischen, des, doubg, harti
Approved by: re (kensmith)
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
| |
Discussed with: ru
|
| |
|
|
|
|
|
|
| |
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)
Suggested by: lukem@netbsd.org
MFC after: 6 weeks
|
| | |
|
| |
|
|
|
|
|
|
| |
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
| |
|
|
|
|
|
|
|
| |
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
|
| | |
|
| |
|
|
|
|
|
| |
been bumped since RELENG_5.
Reviewed by: ru
Approved by: re (not needed for commit check but in principle...)
|
| |
|
|
|
|
| |
trouble, especially on amd64.
Requested by: ru
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
|
| | |
|
| |
|
|
| |
any fake value.
|
| | |
|
| |
|
|
| |
Reviewed by: des
|
| | |
|
| |
|
|
|
|
| |
Also remove some duplicates from ssh's SRCS.
Submitted by: [1] Björn Grönvall <bg@sics.se>
|
| | |
|
| | |
|
| |
|
|
|
| |
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Its Just Too Noisy.
|
