d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
215,344 Commits 4 Branches 49 Tags 2 GiB
c372459ab7
Commit Graph

939 Commits

Author SHA1 Message Date
jkim
4a83aa80d5 Remove duplicate manual pages. 
Reported by:	brd
 2015-11-16 21:36:15 +00:00
des
83b666668a Remove dead code. 2015-11-11 13:47:23 +00:00
des
9be32654da One more $Mdocdate$ 2015-11-11 13:27:58 +00:00
des
72179a6f4b Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). 2015-11-11 13:26:47 +00:00
des
f4baee681e Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately, 
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
 2015-11-11 13:23:07 +00:00
jkim
6b741bee15 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
jkim
64cb0c902e Import OpenSSL 1.0.2d. 2015-10-23 19:46:02 +00:00
delphij
991c19271a Fix OpenSSH multiple vulnerabilities by backporting three changes 
from OpenSSH-portable master.

Git revisions:	45b0eb752c94954a6de046bfaaf129e518ad4b5b
		5e75f5198769056089fb06c4d738ab0e5abc66f7
		d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by:	des
Security:	FreeBSD-SA-15:22.openssh
 2015-08-25 20:48:37 +00:00
delphij
e4eb287ad0 Fix multiple OpenSSH vulnerabilities. 
Security:	CVE-2014-2653
Security:	CVE-2015-5600
Security:	FreeBSD-SA-15:16.openssh
 2015-07-28 19:58:38 +00:00
vangyzen
2eb95738be ssh: canonicize the host name before looking it up in the host file 
Re-apply r99054 by des in 2002.  This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).

This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c

PR:		198043
Differential Revision:	https://reviews.freebsd.org/D3103
Reviewed by:	des
Approved by:	kib (mentor)
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Dell Inc.
 2015-07-16 18:44:18 +00:00
jkim
ce8a666092 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
jkim
e5911a7a89 Import OpenSSL 1.0.1p. 2015-07-09 16:41:34 +00:00
jkim
810d2d455b Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
jkim
d552dfce13 Import OpenSSL 1.0.1o. 2015-06-12 16:33:55 +00:00
jkim
d675e841ef Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
jkim
e35879fa69 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
des
c32ee7f1c5 Import new moduli from OpenBSD. Although there is no reason to distrust 
the current set, it is good hygiene to change them once in a while.

MFC after:	1 week
 2015-05-26 19:46:41 +00:00
bdrewery
a636f8f94f Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled. 
The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH
in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e:

  - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
    [clientloop.c]
    Use the correct packet maximum sizes for remote port and agent forwarding.
    Prevents the server from killing the connection if too much data is queued
    and an excessively large packet gets sent.  bz #1360, ok djm@.

The change was lost due to the the way the original upstream HPN patch
modified this code. It was re-adding the original OpenSSH code and never
was properly fixed to use the new value.

MFC after:	2 weeks
 2015-04-02 18:43:25 +00:00
bdrewery
77d6bca5e0 Document "none" for VersionAddendum. 
PR:		193127
MFC after:	2 weeks
 2015-03-23 02:45:12 +00:00
jkim
d962da16eb Merge OpenSSL 1.0.1m. 2015-03-20 19:16:18 +00:00
jkim
038f65e5fb Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
jkim
3c988e56ae Merge OpenSSL 1.0.1l. 
MFC after:	1 week
Relnotes:	yes
 2015-01-16 21:03:23 +00:00
jkim
63414ee1a3 Import OpenSSL 1.0.1l. 2015-01-16 19:52:36 +00:00
jkim
73cdd9409f MFV: r276862 
Fix build.
 2015-01-09 00:42:10 +00:00
jkim
6c57594b36 Fix build failure on Windows due to undefined cflags identifier. 
5c5e7e1a7e
 2015-01-09 00:12:20 +00:00
jkim
4f9b1cef1a Merge OpenSSL 1.0.1k. 2015-01-08 23:42:41 +00:00
jkim
a350427e88 Import OpenSSL 1.0.1k. 2015-01-08 22:40:39 +00:00
jkim
411d431d45 Merge OpenSSL 1.0.1j. 2014-10-15 19:12:05 +00:00
jkim
9a02b27a6e Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
gjb
01f4e5a3e8 Include the gssapi_krb5 library in KRB5_LDFLAGS. 
PR:		156245
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
 2014-09-08 19:00:13 +00:00
jkim
3299c3be1a Merge OpenSSL 1.0.1i. 2014-08-07 18:56:10 +00:00
jkim
8bd1d6691f Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
jkim
68fed3306b Merge OpenSSL 1.0.1h. 
Approved by:	so (delphij)
 2014-06-09 05:50:57 +00:00
jkim
d4a5f67323 Import OpenSSL 1.0.1h. 
Approved by:	so (delphij)
 2014-06-06 20:59:29 +00:00
delphij
aa92285a00 Fix OpenSSL multiple vulnerabilities. 
Security:	CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
		CVE-2014-3470
Security:	SA-14:14.openssl
Approved by:	so
 2014-06-05 12:32:16 +00:00
smh
d4e781f644 Change comment about HPNDisabled to match the style of other options to 
avoid confusion.

Sponsored by:	Multiplay
 2014-05-20 10:28:19 +00:00
delphij
43c7f4a7f1 Fix OpenSSL NULL pointer deference vulnerability. 
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2014-0198
 2014-05-13 23:17:24 +00:00
delphij
7e64659205 Fix OpenSSL use-after-free vulnerability. 
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2010-5298
 2014-04-30 04:02:36 +00:00
des
e1e5f20b88 Apply upstream patch for EC calculation bug and bump version addendum. 2014-04-20 11:34:33 +00:00
imp
c39e6fc2c9 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead 
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
 2014-04-13 05:21:56 +00:00
des
38c767afbd Restore the pX part to the version number printed in debugging mode. 2014-04-09 20:42:00 +00:00
jkim
89b378c4b3 Merge OpenSSL 1.0.1g. 
Approved by:	benl (maintainer)
 2014-04-08 21:06:58 +00:00
jkim
c16e01227f Import OpenSSL 1.0.1g. 
Approved by:	benl (maintainer)
 2014-04-08 20:15:18 +00:00
delphij
26c4b55c2e Fix NFS deadlock vulnerability. [SA-14:05] 
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]
 2014-04-08 18:27:32 +00:00
des
ae82763de4 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
des
fc833dce1b Add a pre-merge script which reverts mechanical changes such as added 
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base.  As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
 2014-03-24 19:15:13 +00:00
rwatson
a400e9c007 Update most userspace consumers of capability.h to use capsicum.h instead. 
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
 2014-03-16 11:04:44 +00:00
pjd
ed07d3e6e2 Fix installations that use kernels without CAPABILITIES support. 
Approved by:	des
 2014-02-04 21:48:09 +00:00
des
b1dd5bd906 Turn sandboxing on by default. 2014-02-01 00:07:16 +00:00
des
7573e91b12 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00