Commit Graph

943 Commits

Author SHA1 Message Date
Gleb Smirnoff
1026c03c28 Fix OpenSSH client information leak.
Security:	SA-16:07.openssh
Security:	CVE-2016-0777
2016-01-14 22:40:46 +00:00
Dag-Erling Smørgrav
22f393c35d Incorrect length in calloc() call, already fixed upstream.
PR:		204769
Submitted by:	David Binderman <dcb314@hotmail.com>
MFC after:	1 week
2015-12-17 19:36:25 +00:00
Jung-uk Kim
80815a778e Merge OpenSSL 1.0.2e. 2015-12-03 21:13:35 +00:00
Jung-uk Kim
737d7e8d39 Import OpenSSL 1.0.2e. 2015-12-03 17:22:58 +00:00
Dag-Erling Smørgrav
6dd7775dfd r291198 inadvertantly reverted a local patch for the default location
of ssh-askpass and xauth, breaking X11 forwarding.
2015-11-26 23:05:40 +00:00
Dag-Erling Smørgrav
af12673615 Revert inadvertent commit of an incorrect patch 2015-11-24 16:07:03 +00:00
Dag-Erling Smørgrav
db83e5424b Remove description of the now-defunct NoneEnabled option. 2015-11-24 16:06:15 +00:00
Dag-Erling Smørgrav
1765946ba9 Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
Jung-uk Kim
2409c5b0cc Remove duplicate manual pages.
Reported by:	brd
2015-11-16 21:36:15 +00:00
Dag-Erling Smørgrav
f2e553364c Remove dead code. 2015-11-11 13:47:23 +00:00
Dag-Erling Smørgrav
845c9bd1d9 One more $Mdocdate$ 2015-11-11 13:27:58 +00:00
Dag-Erling Smørgrav
5bec830e40 Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). 2015-11-11 13:26:47 +00:00
Dag-Erling Smørgrav
5b71b2ebe0 Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
2015-11-11 13:23:07 +00:00
Jung-uk Kim
7bded2db17 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
Jung-uk Kim
e9fcefce9b Import OpenSSL 1.0.2d. 2015-10-23 19:46:02 +00:00
Xin LI
1e415e2992 Fix OpenSSH multiple vulnerabilities by backporting three changes
from OpenSSH-portable master.

Git revisions:	45b0eb752c94954a6de046bfaaf129e518ad4b5b
		5e75f5198769056089fb06c4d738ab0e5abc66f7
		d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by:	des
Security:	FreeBSD-SA-15:22.openssh
2015-08-25 20:48:37 +00:00
Xin LI
3a0b9b7735 Fix multiple OpenSSH vulnerabilities.
Security:	CVE-2014-2653
Security:	CVE-2015-5600
Security:	FreeBSD-SA-15:16.openssh
2015-07-28 19:58:38 +00:00
Eric van Gyzen
3e74849a1e ssh: canonicize the host name before looking it up in the host file
Re-apply r99054 by des in 2002.  This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).

This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c

PR:		198043
Differential Revision:	https://reviews.freebsd.org/D3103
Reviewed by:	des
Approved by:	kib (mentor)
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Dell Inc.
2015-07-16 18:44:18 +00:00
Jung-uk Kim
45c1772ea0 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
Jung-uk Kim
c07d7b3a38 Import OpenSSL 1.0.1p. 2015-07-09 16:41:34 +00:00
Jung-uk Kim
d47910c6ed Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
Jung-uk Kim
15533bcc35 Import OpenSSL 1.0.1o. 2015-06-12 16:33:55 +00:00
Jung-uk Kim
ed6b93be54 Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
Jung-uk Kim
a9745f9a84 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
Dag-Erling Smørgrav
8a1ab32008 Import new moduli from OpenBSD. Although there is no reason to distrust
the current set, it is good hygiene to change them once in a while.

MFC after:	1 week
2015-05-26 19:46:41 +00:00
Bryan Drewery
e3bd730f60 Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.
The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH
in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e:

  - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
    [clientloop.c]
    Use the correct packet maximum sizes for remote port and agent forwarding.
    Prevents the server from killing the connection if too much data is queued
    and an excessively large packet gets sent.  bz #1360, ok djm@.

The change was lost due to the the way the original upstream HPN patch
modified this code. It was re-adding the original OpenSSH code and never
was properly fixed to use the new value.

MFC after:	2 weeks
2015-04-02 18:43:25 +00:00
Bryan Drewery
6e57108113 Document "none" for VersionAddendum.
PR:		193127
MFC after:	2 weeks
2015-03-23 02:45:12 +00:00
Jung-uk Kim
6f9291cea8 Merge OpenSSL 1.0.1m. 2015-03-20 19:16:18 +00:00
Jung-uk Kim
3d2030852d Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
Jung-uk Kim
dc2b908f54 Merge OpenSSL 1.0.1l.
MFC after:	1 week
Relnotes:	yes
2015-01-16 21:03:23 +00:00
Jung-uk Kim
8f5086671f Import OpenSSL 1.0.1l. 2015-01-16 19:52:36 +00:00
Jung-uk Kim
de496999fe MFV: r276862
Fix build.
2015-01-09 00:42:10 +00:00
Jung-uk Kim
973cfcbfe1 Fix build failure on Windows due to undefined cflags identifier.
5c5e7e1a7e
2015-01-09 00:12:20 +00:00
Jung-uk Kim
751d29910b Merge OpenSSL 1.0.1k. 2015-01-08 23:42:41 +00:00
Jung-uk Kim
c6485458b3 Import OpenSSL 1.0.1k. 2015-01-08 22:40:39 +00:00
Jung-uk Kim
fa5fddf171 Merge OpenSSL 1.0.1j. 2014-10-15 19:12:05 +00:00
Jung-uk Kim
58ab7656b2 Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
Glen Barber
28c80a7dd8 Include the gssapi_krb5 library in KRB5_LDFLAGS.
PR:		156245
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2014-09-08 19:00:13 +00:00
Jung-uk Kim
a93cbc2be8 Merge OpenSSL 1.0.1i. 2014-08-07 18:56:10 +00:00
Jung-uk Kim
cb6864802e Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
Jung-uk Kim
94ad176c68 Merge OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-09 05:50:57 +00:00
Jung-uk Kim
2e22f5e2e0 Import OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-06 20:59:29 +00:00
Xin LI
4a448cff07 Fix OpenSSL multiple vulnerabilities.
Security:	CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
		CVE-2014-3470
Security:	SA-14:14.openssl
Approved by:	so
2014-06-05 12:32:16 +00:00
Steven Hartland
4b0b2f2d1b Change comment about HPNDisabled to match the style of other options to
avoid confusion.

Sponsored by:	Multiplay
2014-05-20 10:28:19 +00:00
Xin LI
f5da602e47 Fix OpenSSL NULL pointer deference vulnerability.
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2014-0198
2014-05-13 23:17:24 +00:00
Xin LI
e38c714ed3 Fix OpenSSL use-after-free vulnerability.
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2010-5298
2014-04-30 04:02:36 +00:00
Dag-Erling Smørgrav
30a0343983 Apply upstream patch for EC calculation bug and bump version addendum. 2014-04-20 11:34:33 +00:00
Warner Losh
3bdf775801 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
Dag-Erling Smørgrav
b8f726b41c Restore the pX part to the version number printed in debugging mode. 2014-04-09 20:42:00 +00:00
Jung-uk Kim
560ede85d4 Merge OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 21:06:58 +00:00