gjb
7095173950
Revert r301551, which added blacklistd(8) to sshd(8).
...
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.
Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
2016-06-24 23:22:42 +00:00
lidl
9b5f176b51
Add blacklist support to sshd
...
Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915
2016-06-07 16:18:09 +00:00
avg
1926b48f81
openssl: change SHLIB_VERSION_NUMBER to reflect the reality
...
Some consumers actually use this definition.
We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
2016-06-03 14:09:38 +00:00
cem
2bcae162c5
libkrb5: Fix potential double-free
...
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed
memory and then be double-freed. After freeing it the first time, initialize
it to NULL, which causes subsequent krb5_free_principal calls to do the right
thing.
Reported by: Coverity
CID: 1273430
Sponsored by: EMC / Isilon Storage Division
2016-05-11 23:25:59 +00:00
jkim
00a878d06e
Merge OpenSSL 1.0.2h.
...
Relnotes: yes
2016-05-03 18:50:10 +00:00
jkim
acb827e308
Import OpenSSL 1.0.2h.
2016-05-03 18:00:27 +00:00
des
ba453f42f3
Re-add AES-CBC ciphers to the default cipher list on the server.
...
PR: 207679
2016-03-11 00:23:10 +00:00
des
bb6f58c772
Upgrade to OpenSSH 7.2p2.
2016-03-11 00:15:29 +00:00
jkim
de2249f81c
Merge OpenSSL 1.0.2g.
...
Relnotes: yes
2016-03-01 22:08:28 +00:00
jkim
72d32bf80d
Import OpenSSL 1.0.2g.
2016-03-01 17:57:01 +00:00
des
d381a76dda
Document our modified default value for PermitRootLogin.
2016-02-02 10:02:38 +00:00
jkim
f91c9c2798
Merge OpenSSL 1.0.2f.
...
Relnotes: yes
2016-01-28 20:15:22 +00:00
jkim
71cece53f2
Import OpenSSL 1.0.2f.
2016-01-28 18:41:59 +00:00
des
bf4d314681
Switch UseDNS back on
2016-01-27 13:40:44 +00:00
des
84fe0a03f6
r294563 was incomplete; re-add the client-side options as well.
2016-01-22 14:22:11 +00:00
des
150b570cfa
Instead of removing the NoneEnabled option, mark it as unsupported.
...
(should have done this in r291198, but didn't think of it until now)
2016-01-22 13:13:46 +00:00
des
316c45f5be
Update the instructions and the list of major local modifications.
2016-01-21 12:42:31 +00:00
des
e5b44dd19f
Explain why we don't include VersionAddendum in the debug mode banner.
2016-01-21 12:41:02 +00:00
des
0c80faa259
Upgrade to OpenSSH 7.1p2.
2016-01-21 11:54:34 +00:00
des
65f3eb83cd
Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.
...
Noticed by: glebius
2016-01-21 11:10:14 +00:00
des
d53b167ff8
Take care not to pick up the wrong version of OpenSSL when running in an
...
environment that has OpenSSL from ports in addition to the base version.
2016-01-21 10:57:45 +00:00
des
75cd33d704
Remove RCS tags from files in which we no longer have any local
...
modifications, and add them to two files in which we do.
2016-01-20 23:23:08 +00:00
des
dfe3d69533
Remove a number of generated files which are either out-of-date (because
...
they are never regenerated to reflect our changes) or in the way of
freebsd-configure.sh.
2016-01-20 23:08:57 +00:00
des
9b2207f860
Upgrade to OpenSSH 7.0p1.
2016-01-20 22:57:10 +00:00
des
b856a45731
Upgrade to OpenSSH 6.9p1.
2016-01-19 18:55:44 +00:00
des
76107b0880
Re-add HPN configuration options as deprecated options to avoid breaking
...
existing configurations that use them. Note that there is no functional
difference between OpenSSH with HPN and OpenSSH without HPN.
2016-01-19 18:38:17 +00:00
des
7a7bc643b5
Upgrade to OpenSSH 6.8p1.
2016-01-19 18:28:23 +00:00
des
0a44f26c1c
Now that we have local modifications in configure.ac and configure, run
...
autoheader and autoconf to avoid having to patch configure manually.
2016-01-19 17:20:07 +00:00
des
14172c52f8
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
...
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
2016-01-19 16:18:26 +00:00
des
43b4a69321
As previously threatened, remove the HPN patch from OpenSSH.
2016-01-19 14:38:20 +00:00
des
23cbd2460d
Use 'svn list -R' instead of find, and recognize comments in shell scripts
...
and {ssh,sshd}_config.
2016-01-19 14:25:22 +00:00
des
1fb8b3ddb1
Recognize *roff comments.
2016-01-19 13:15:57 +00:00
des
a5f4b9478d
Update the pre- and post-merge scripts to work correctly after the recent
...
cleanup. A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh)
now results in an unchanged working copy.
2016-01-19 12:38:53 +00:00
glebius
6185680860
Fix OpenSSH client information leak.
...
Security: SA-16:07.openssh
Security: CVE-2016-0777
2016-01-14 22:40:46 +00:00
des
0a0682484a
Incorrect length in calloc() call, already fixed upstream.
...
PR: 204769
Submitted by: David Binderman <dcb314@hotmail.com>
MFC after: 1 week
2015-12-17 19:36:25 +00:00
jkim
8d77ecefb7
Merge OpenSSL 1.0.2e.
2015-12-03 21:13:35 +00:00
jkim
afd52a5fc9
Import OpenSSL 1.0.2e.
2015-12-03 17:22:58 +00:00
des
954c038d83
r291198 inadvertantly reverted a local patch for the default location
...
of ssh-askpass and xauth, breaking X11 forwarding.
2015-11-26 23:05:40 +00:00
des
a02e9843fe
Revert inadvertent commit of an incorrect patch
2015-11-24 16:07:03 +00:00
des
70c2c51da2
Remove description of the now-defunct NoneEnabled option.
2015-11-24 16:06:15 +00:00
des
24641fd80b
Retire the NONE cipher option.
2015-11-23 12:48:13 +00:00
jkim
4a83aa80d5
Remove duplicate manual pages.
...
Reported by: brd
2015-11-16 21:36:15 +00:00
des
83b666668a
Remove dead code.
2015-11-11 13:47:23 +00:00
des
9be32654da
One more $Mdocdate$
2015-11-11 13:27:58 +00:00
des
72179a6f4b
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").
2015-11-11 13:26:47 +00:00
des
f4baee681e
Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
...
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
2015-11-11 13:23:07 +00:00
jkim
6b741bee15
Merge OpenSSL 1.0.2d.
2015-10-30 20:51:33 +00:00
jkim
64cb0c902e
Import OpenSSL 1.0.2d.
2015-10-23 19:46:02 +00:00
delphij
991c19271a
Fix OpenSSH multiple vulnerabilities by backporting three changes
...
from OpenSSH-portable master.
Git revisions: 45b0eb752c94954a6de046bfaaf129e518ad4b5b
5e75f5198769056089fb06c4d738ab0e5abc66f7
d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by: des
Security: FreeBSD-SA-15:22.openssh
2015-08-25 20:48:37 +00:00
delphij
e4eb287ad0
Fix multiple OpenSSH vulnerabilities.
...
Security: CVE-2014-2653
Security: CVE-2015-5600
Security: FreeBSD-SA-15:16.openssh
2015-07-28 19:58:38 +00:00