des
c995370269
Upgrade to OpenSSH 7.4p1.
2017-03-06 01:37:05 +00:00
des
0f3c0d66a4
Forgot to bump the version addendum date.
2017-03-03 01:50:10 +00:00
des
dc519490bb
Upgrade to OpenSSH 7.3p1.
2017-03-02 00:11:32 +00:00
delphij
db4ad7afa3
MFV r311913:
...
Fix multiple OpenSSH vulnerabilities.
Submitted by: des
Approved by: so
2017-01-11 05:49:39 +00:00
lidl
7235884959
Add refactored blacklist support to sshd
...
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.
Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.
Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051
2016-08-30 14:09:24 +00:00
des
7b7845b35c
Remove DSA from default cipher list and disable SSH1.
...
Upstream did this a long time ago, but we kept DSA and SSH1 in FreeBSD for
reasons which boil down to POLA. Now is a good time to catch up.
MFC after: 3 days
Relnotes: yes
2016-08-03 16:08:21 +00:00
des
ba453f42f3
Re-add AES-CBC ciphers to the default cipher list on the server.
...
PR: 207679
2016-03-11 00:23:10 +00:00
des
bb6f58c772
Upgrade to OpenSSH 7.2p2.
2016-03-11 00:15:29 +00:00
des
d381a76dda
Document our modified default value for PermitRootLogin.
2016-02-02 10:02:38 +00:00
des
bf4d314681
Switch UseDNS back on
2016-01-27 13:40:44 +00:00
des
0c80faa259
Upgrade to OpenSSH 7.1p2.
2016-01-21 11:54:34 +00:00
des
65f3eb83cd
Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.
...
Noticed by: glebius
2016-01-21 11:10:14 +00:00
des
9b2207f860
Upgrade to OpenSSH 7.0p1.
2016-01-20 22:57:10 +00:00
des
b856a45731
Upgrade to OpenSSH 6.9p1.
2016-01-19 18:55:44 +00:00
des
7a7bc643b5
Upgrade to OpenSSH 6.8p1.
2016-01-19 18:28:23 +00:00
des
14172c52f8
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
...
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
2016-01-19 16:18:26 +00:00
des
43b4a69321
As previously threatened, remove the HPN patch from OpenSSH.
2016-01-19 14:38:20 +00:00
des
f4baee681e
Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
...
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
2015-11-11 13:23:07 +00:00
bdrewery
77d6bca5e0
Document "none" for VersionAddendum.
...
PR: 193127
MFC after: 2 weeks
2015-03-23 02:45:12 +00:00
des
e1e5f20b88
Apply upstream patch for EC calculation bug and bump version addendum.
2014-04-20 11:34:33 +00:00
des
ae82763de4
Upgrade to OpenSSH 6.6p1.
2014-03-25 11:05:34 +00:00
des
b1dd5bd906
Turn sandboxing on by default.
2014-02-01 00:07:16 +00:00
des
7573e91b12
Upgrade to OpenSSH 6.5p1.
2014-01-31 13:12:02 +00:00
delphij
454aa85277
MFV r257952:
...
Upgrade to OpenSSH 6.4p1.
Bump VersionAddendum.
Approved by: des
2013-11-11 09:19:58 +00:00
des
cda41f674d
Upgrade to 6.3p1.
...
Approved by: re (gjb)
2013-09-21 21:36:09 +00:00
des
5794e02a5a
r251088 reverted the default value for UsePrivilegeSeparation from
...
"sandbox" to "yes", but did not update the documentation to match.
2013-06-28 09:41:59 +00:00
des
06c773ee5d
Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
...
the issues that affected us.
2013-05-17 09:12:33 +00:00
des
b291eafe8d
Upgrade to OpenSSH 6.2p1. The most important new features are support
...
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
des
00f3582ac6
Upgrade OpenSSH to 6.1p1.
2012-09-03 16:51:41 +00:00
ed
b36b72f154
Polish diff against upstream.
...
- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
does the right thing.
- Fix indentation and whitespace of local changes.
Approved by: des
MFC after: 1 month
2012-02-13 11:59:59 +00:00
des
038442ad80
Upgrade to OpenSSH 5.9p1.
...
MFC after: 3 months
2011-10-05 22:08:17 +00:00
des
ee2afa8165
Upgrade to OpenSSH 5.8p2.
2011-05-04 07:34:44 +00:00
des
59d1af2322
Upgrade to OpenSSH 5.6p1.
2010-11-11 11:46:19 +00:00
des
28662c6994
Missing commas
2010-06-01 15:11:29 +00:00
des
fc607a2e80
Upgrade to OpenSSH 5.5p1.
2010-04-28 10:36:33 +00:00
des
c3510f9e73
Upgrade to OpenSSH 5.4p1.
...
MFC after: 1 month
2010-03-09 19:16:43 +00:00
des
c6a1085fef
Upgrade to OpenSSH 5.3p1.
2009-10-01 17:12:52 +00:00
des
8bf56a9772
Upgrade to OpenSSH 5.2p1.
...
MFC after: 3 months
2009-05-22 18:46:28 +00:00
des
a51772f108
Our groff doesn't understand $Mdocdate$, so replace them with bare dates.
...
MFC after: 3 days
2008-09-29 10:53:05 +00:00
des
b7aa600c41
Upgrade to OpenSSH 5.1p1.
...
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
2008-08-01 02:48:36 +00:00
des
f1596419c2
Properly flatten openssh/dist.
2008-07-22 19:01:18 +00:00
des
666aa9cc16
Revert part of 180714 - the intent was to flatten dist, not to nuke it.
2008-07-22 18:58:19 +00:00
des
624d93001f
Flatten the OpenSSH vendor tree for 3.x and newer.
2008-07-22 17:13:05 +00:00
des
91a576f9b7
s/X11R6/local/g
2007-05-24 22:04:07 +00:00
des
f486315183
Resolve conflicts.
2006-11-10 16:52:41 +00:00
des
e16bfbb7bc
Bump version addendum.
...
MFC after: 1 week
2006-09-30 13:39:07 +00:00
des
4ff234ef46
Merge conflicts.
...
MFC after: 1 week
2006-09-30 13:38:06 +00:00
des
2f35ce4773
Vendor import of OpenSSH 4.4p1.
2006-09-30 13:29:51 +00:00
des
7c07891caf
Merge conflicts.
2006-03-22 20:41:37 +00:00
des
448503722a
Vendor import of OpenSSH 4.3p1.
2006-03-22 19:46:12 +00:00