d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
238,828 Commits 4 Branches 49 Tags
Commit Graph

68 Commits

Author SHA1 Message Date
delphij
db4ad7afa3 MFV r311913: 
Fix multiple OpenSSH vulnerabilities.

Submitted by:	des
Approved by:	so
 2017-01-11 05:49:39 +00:00
des
7b7845b35c Remove DSA from default cipher list and disable SSH1. 
Upstream did this a long time ago, but we kept DSA and SSH1 in FreeBSD for
reasons which boil down to POLA.  Now is a good time to catch up.

MFC after:	3 days
Relnotes:	yes
 2016-08-03 16:08:21 +00:00
des
bb6f58c772 Upgrade to OpenSSH 7.2p2. 2016-03-11 00:15:29 +00:00
des
0c80faa259 Upgrade to OpenSSH 7.1p2. 2016-01-21 11:54:34 +00:00
des
65f3eb83cd Enable DSA keys by default. They were disabled in OpenSSH 6.9p1. 
Noticed by:	glebius
 2016-01-21 11:10:14 +00:00
des
9b2207f860 Upgrade to OpenSSH 7.0p1. 2016-01-20 22:57:10 +00:00
des
b856a45731 Upgrade to OpenSSH 6.9p1. 2016-01-19 18:55:44 +00:00
des
7a7bc643b5 Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
des
14172c52f8 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed 
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
 2016-01-19 16:18:26 +00:00
des
43b4a69321 As previously threatened, remove the HPN patch from OpenSSH. 2016-01-19 14:38:20 +00:00
des
f4baee681e Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately, 
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
 2015-11-11 13:23:07 +00:00
bdrewery
77d6bca5e0 Document "none" for VersionAddendum. 
PR:		193127
MFC after:	2 weeks
 2015-03-23 02:45:12 +00:00
des
e1e5f20b88 Apply upstream patch for EC calculation bug and bump version addendum. 2014-04-20 11:34:33 +00:00
des
ae82763de4 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
des
7573e91b12 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
delphij
454aa85277 MFV r257952: 
Upgrade to OpenSSH 6.4p1.

Bump VersionAddendum.

Approved by:	des
 2013-11-11 09:19:58 +00:00
des
cda41f674d Upgrade to 6.3p1. 
Approved by:	re (gjb)
 2013-09-21 21:36:09 +00:00
des
c960286445 Change the default value of VerifyHostKeyDNS to "yes" if compiled with 
LDNS.  With that setting, OpenSSH will silently accept host keys that
match verified SSHFP records.  If an SSHFP record exists but could not
be verified, OpenSSH will print a message and prompt the user as usual.

Approved by:	re (blanket)
 2013-09-10 22:30:22 +00:00
des
06c773ee5d Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched 
the issues that affected us.
 2013-05-17 09:12:33 +00:00
des
b291eafe8d Upgrade to OpenSSH 6.2p1. The most important new features are support 
for a key revocation list and more fine-grained authentication control.
 2013-03-22 17:55:38 +00:00
des
00f3582ac6 Upgrade OpenSSH to 6.1p1. 2012-09-03 16:51:41 +00:00
des
038442ad80 Upgrade to OpenSSH 5.9p1. 
MFC after:	3 months
 2011-10-05 22:08:17 +00:00
des
ee2afa8165 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
des
59d1af2322 Upgrade to OpenSSH 5.6p1. 2010-11-11 11:46:19 +00:00
des
28662c6994 Missing commas 2010-06-01 15:11:29 +00:00
des
fc607a2e80 Upgrade to OpenSSH 5.5p1. 2010-04-28 10:36:33 +00:00
des
c3510f9e73 Upgrade to OpenSSH 5.4p1. 
MFC after:	1 month
 2010-03-09 19:16:43 +00:00
des
c6a1085fef Upgrade to OpenSSH 5.3p1. 2009-10-01 17:12:52 +00:00
des
8bf56a9772 Upgrade to OpenSSH 5.2p1. 
MFC after:	3 months
 2009-05-22 18:46:28 +00:00
des
a51772f108 Our groff doesn't understand $Mdocdate$, so replace them with bare dates. 
MFC after:	3 days
 2008-09-29 10:53:05 +00:00
des
b7aa600c41 Upgrade to OpenSSH 5.1p1. 
I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
 2008-08-01 02:48:36 +00:00
des
f1596419c2 Properly flatten openssh/dist. 2008-07-22 19:01:18 +00:00
des
666aa9cc16 Revert part of 180714 - the intent was to flatten dist, not to nuke it. 2008-07-22 18:58:19 +00:00
des
624d93001f Flatten the OpenSSH vendor tree for 3.x and newer. 2008-07-22 17:13:05 +00:00
des
91a576f9b7 s/X11R6/local/g 2007-05-24 22:04:07 +00:00
des
f486315183 Resolve conflicts. 2006-11-10 16:52:41 +00:00
des
e16bfbb7bc Bump version addendum. 
MFC after:	1 week
 2006-09-30 13:39:07 +00:00
des
4ff234ef46 Merge conflicts. 
MFC after:	1 week
 2006-09-30 13:38:06 +00:00
des
2f35ce4773 Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00
des
7c07891caf Merge conflicts. 2006-03-22 20:41:37 +00:00
des
448503722a Vendor import of OpenSSH 4.3p1. 2006-03-22 19:46:12 +00:00
des
88c7c9558b Resolve conflicts. 2005-09-03 07:04:25 +00:00
des
755a16fa86 Vendor import of OpenSSH 4.2p1. 2005-09-03 06:59:33 +00:00
des
983ad11a1c Resolve conflicts. 2005-06-05 15:46:09 +00:00
des
c4dfc1ed3b Vendor import of OpenSSH 4.1p1. 2005-06-05 15:41:57 +00:00
des
11a09ab416 Vendor import of OpenSSH 4.0p1. 2005-06-05 15:40:50 +00:00
des
a744ec13ad Resolve conflicts 2004-10-28 16:11:31 +00:00
des
d5d493f03a Vendor import of OpenSSH 3.9p1. 2004-10-28 16:03:53 +00:00
des
e5d801b2d6 Resolve conflicts. 2004-04-20 09:46:41 +00:00
des
efa3572464 Adjust version number and addendum. 2004-04-20 09:37:29 +00:00