Dag-Erling Smørgrav
b4245df0a8
Document our modified default value for PermitRootLogin.
2016-02-02 10:02:38 +00:00
Jung-uk Kim
8180e704ac
Merge OpenSSL 1.0.2f.
...
Relnotes: yes
2016-01-28 20:15:22 +00:00
Jung-uk Kim
c188d4cade
Import OpenSSL 1.0.2f.
2016-01-28 18:41:59 +00:00
Dag-Erling Smørgrav
c4cd1fa410
Switch UseDNS back on
2016-01-27 13:40:44 +00:00
Dag-Erling Smørgrav
6362080245
r294563 was incomplete; re-add the client-side options as well.
2016-01-22 14:22:11 +00:00
Dag-Erling Smørgrav
6f3513465d
Instead of removing the NoneEnabled option, mark it as unsupported.
...
(should have done this in r291198, but didn't think of it until now)
2016-01-22 13:13:46 +00:00
Dag-Erling Smørgrav
0591b689c2
Update the instructions and the list of major local modifications.
2016-01-21 12:42:31 +00:00
Dag-Erling Smørgrav
a067b78c9c
Explain why we don't include VersionAddendum in the debug mode banner.
2016-01-21 12:41:02 +00:00
Dag-Erling Smørgrav
fc1ba28a5c
Upgrade to OpenSSH 7.1p2.
2016-01-21 11:54:34 +00:00
Dag-Erling Smørgrav
acf8e75eb0
Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.
...
Noticed by: glebius
2016-01-21 11:10:14 +00:00
Dag-Erling Smørgrav
ca04c57ca9
Take care not to pick up the wrong version of OpenSSL when running in an
...
environment that has OpenSSL from ports in addition to the base version.
2016-01-21 10:57:45 +00:00
Dag-Erling Smørgrav
0b0dd5086b
Remove RCS tags from files in which we no longer have any local
...
modifications, and add them to two files in which we do.
2016-01-20 23:23:08 +00:00
Dag-Erling Smørgrav
8688f98d23
Remove a number of generated files which are either out-of-date (because
...
they are never regenerated to reflect our changes) or in the way of
freebsd-configure.sh.
2016-01-20 23:08:57 +00:00
Dag-Erling Smørgrav
eccfee6ebc
Upgrade to OpenSSH 7.0p1.
2016-01-20 22:57:10 +00:00
Dag-Erling Smørgrav
557f75e54a
Upgrade to OpenSSH 6.9p1.
2016-01-19 18:55:44 +00:00
Dag-Erling Smørgrav
9860d96e8f
Re-add HPN configuration options as deprecated options to avoid breaking
...
existing configurations that use them. Note that there is no functional
difference between OpenSSH with HPN and OpenSSH without HPN.
2016-01-19 18:38:17 +00:00
Dag-Erling Smørgrav
bc5531debe
Upgrade to OpenSSH 6.8p1.
2016-01-19 18:28:23 +00:00
Dag-Erling Smørgrav
00912a2021
Now that we have local modifications in configure.ac and configure, run
...
autoheader and autoconf to avoid having to patch configure manually.
2016-01-19 17:20:07 +00:00
Dag-Erling Smørgrav
a0ee8cc636
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
...
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
2016-01-19 16:18:26 +00:00
Dag-Erling Smørgrav
60c59fad88
As previously threatened, remove the HPN patch from OpenSSH.
2016-01-19 14:38:20 +00:00
Dag-Erling Smørgrav
5ecdd3c4d3
Use 'svn list -R' instead of find, and recognize comments in shell scripts
...
and {ssh,sshd}_config.
2016-01-19 14:25:22 +00:00
Dag-Erling Smørgrav
c1ea5e1a86
Recognize *roff comments.
2016-01-19 13:15:57 +00:00
Dag-Erling Smørgrav
50356f4843
Update the pre- and post-merge scripts to work correctly after the recent
...
cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh)
now results in an unchanged working copy.
2016-01-19 12:38:53 +00:00
Gleb Smirnoff
1026c03c28
Fix OpenSSH client information leak.
...
Security: SA-16:07.openssh
Security: CVE-2016-0777
2016-01-14 22:40:46 +00:00
Dag-Erling Smørgrav
22f393c35d
Incorrect length in calloc() call, already fixed upstream.
...
PR: 204769
Submitted by: David Binderman <dcb314@hotmail.com>
MFC after: 1 week
2015-12-17 19:36:25 +00:00
Jung-uk Kim
80815a778e
Merge OpenSSL 1.0.2e.
2015-12-03 21:13:35 +00:00
Jung-uk Kim
737d7e8d39
Import OpenSSL 1.0.2e.
2015-12-03 17:22:58 +00:00
Dag-Erling Smørgrav
6dd7775dfd
r291198 inadvertantly reverted a local patch for the default location
...
of ssh-askpass and xauth, breaking X11 forwarding.
2015-11-26 23:05:40 +00:00
Dag-Erling Smørgrav
af12673615
Revert inadvertent commit of an incorrect patch
2015-11-24 16:07:03 +00:00
Dag-Erling Smørgrav
db83e5424b
Remove description of the now-defunct NoneEnabled option.
2015-11-24 16:06:15 +00:00
Dag-Erling Smørgrav
1765946ba9
Retire the NONE cipher option.
2015-11-23 12:48:13 +00:00
Jung-uk Kim
2409c5b0cc
Remove duplicate manual pages.
...
Reported by: brd
2015-11-16 21:36:15 +00:00
Dag-Erling Smørgrav
f2e553364c
Remove dead code.
2015-11-11 13:47:23 +00:00
Dag-Erling Smørgrav
845c9bd1d9
One more $Mdocdate$
2015-11-11 13:27:58 +00:00
Dag-Erling Smørgrav
5bec830e40
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").
2015-11-11 13:26:47 +00:00
Dag-Erling Smørgrav
5b71b2ebe0
Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
...
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
2015-11-11 13:23:07 +00:00
Jung-uk Kim
7bded2db17
Merge OpenSSL 1.0.2d.
2015-10-30 20:51:33 +00:00
Jung-uk Kim
e9fcefce9b
Import OpenSSL 1.0.2d.
2015-10-23 19:46:02 +00:00
Xin LI
1e415e2992
Fix OpenSSH multiple vulnerabilities by backporting three changes
...
from OpenSSH-portable master.
Git revisions: 45b0eb752c94954a6de046bfaaf129e518ad4b5b
5e75f5198769056089fb06c4d738ab0e5abc66f7
d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by: des
Security: FreeBSD-SA-15:22.openssh
2015-08-25 20:48:37 +00:00
Xin LI
3a0b9b7735
Fix multiple OpenSSH vulnerabilities.
...
Security: CVE-2014-2653
Security: CVE-2015-5600
Security: FreeBSD-SA-15:16.openssh
2015-07-28 19:58:38 +00:00
Eric van Gyzen
3e74849a1e
ssh: canonicize the host name before looking it up in the host file
...
Re-apply r99054 by des in 2002. This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).
This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c
PR: 198043
Differential Revision: https://reviews.freebsd.org/D3103
Reviewed by: des
Approved by: kib (mentor)
MFC after: 3 days
Relnotes: yes
Sponsored by: Dell Inc.
2015-07-16 18:44:18 +00:00
Jung-uk Kim
45c1772ea0
Merge OpenSSL 1.0.1p.
2015-07-09 17:07:45 +00:00
Jung-uk Kim
c07d7b3a38
Import OpenSSL 1.0.1p.
2015-07-09 16:41:34 +00:00
Jung-uk Kim
d47910c6ed
Merge OpenSSL 1.0.1o.
2015-06-12 16:48:26 +00:00
Jung-uk Kim
15533bcc35
Import OpenSSL 1.0.1o.
2015-06-12 16:33:55 +00:00
Jung-uk Kim
ed6b93be54
Merge OpenSSL 1.0.1n.
2015-06-11 19:00:55 +00:00
Jung-uk Kim
a9745f9a84
Import OpenSSL 1.0.1n.
2015-06-11 17:56:16 +00:00
Dag-Erling Smørgrav
8a1ab32008
Import new moduli from OpenBSD. Although there is no reason to distrust
...
the current set, it is good hygiene to change them once in a while.
MFC after: 1 week
2015-05-26 19:46:41 +00:00
Bryan Drewery
e3bd730f60
Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.
...
The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH
in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e:
- dtucker@cvs.openbsd.org 2007/12/28 22:34:47
[clientloop.c]
Use the correct packet maximum sizes for remote port and agent forwarding.
Prevents the server from killing the connection if too much data is queued
and an excessively large packet gets sent. bz #1360 , ok djm@.
The change was lost due to the the way the original upstream HPN patch
modified this code. It was re-adding the original OpenSSH code and never
was properly fixed to use the new value.
MFC after: 2 weeks
2015-04-02 18:43:25 +00:00
Bryan Drewery
6e57108113
Document "none" for VersionAddendum.
...
PR: 193127
MFC after: 2 weeks
2015-03-23 02:45:12 +00:00