system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-09-20 16:54:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
208510 commits 77 branches 139 tags 3.4 GiB
Commit graph

966 commits

Author SHA1 Message Date
Dag-Erling Smørgrav b4245df0a8 Document our modified default value for PermitRootLogin. 2016-02-02 10:02:38 +00:00
Jung-uk Kim 8180e704ac Merge OpenSSL 1.0.2f. 
Relnotes:	yes
 2016-01-28 20:15:22 +00:00
Jung-uk Kim c188d4cade Import OpenSSL 1.0.2f. 2016-01-28 18:41:59 +00:00
Dag-Erling Smørgrav c4cd1fa410 Switch UseDNS back on 2016-01-27 13:40:44 +00:00
Dag-Erling Smørgrav 6362080245 r294563 was incomplete; re-add the client-side options as well. 2016-01-22 14:22:11 +00:00
Dag-Erling Smørgrav 6f3513465d Instead of removing the NoneEnabled option, mark it as unsupported. 
(should have done this in r291198, but didn't think of it until now)
 2016-01-22 13:13:46 +00:00
Dag-Erling Smørgrav 0591b689c2 Update the instructions and the list of major local modifications. 2016-01-21 12:42:31 +00:00
Dag-Erling Smørgrav a067b78c9c Explain why we don't include VersionAddendum in the debug mode banner. 2016-01-21 12:41:02 +00:00
Dag-Erling Smørgrav fc1ba28a5c Upgrade to OpenSSH 7.1p2. 2016-01-21 11:54:34 +00:00
Dag-Erling Smørgrav acf8e75eb0 Enable DSA keys by default. They were disabled in OpenSSH 6.9p1. 
Noticed by:	glebius
 2016-01-21 11:10:14 +00:00
Dag-Erling Smørgrav ca04c57ca9 Take care not to pick up the wrong version of OpenSSL when running in an 
environment that has OpenSSL from ports in addition to the base version.
 2016-01-21 10:57:45 +00:00
Dag-Erling Smørgrav 0b0dd5086b Remove RCS tags from files in which we no longer have any local 
modifications, and add them to two files in which we do.
 2016-01-20 23:23:08 +00:00
Dag-Erling Smørgrav 8688f98d23 Remove a number of generated files which are either out-of-date (because 
they are never regenerated to reflect our changes) or in the way of
freebsd-configure.sh.
 2016-01-20 23:08:57 +00:00
Dag-Erling Smørgrav eccfee6ebc Upgrade to OpenSSH 7.0p1. 2016-01-20 22:57:10 +00:00
Dag-Erling Smørgrav 557f75e54a Upgrade to OpenSSH 6.9p1. 2016-01-19 18:55:44 +00:00
Dag-Erling Smørgrav 9860d96e8f Re-add HPN configuration options as deprecated options to avoid breaking 
existing configurations that use them.  Note that there is no functional
difference between OpenSSH with HPN and OpenSSH without HPN.
 2016-01-19 18:38:17 +00:00
Dag-Erling Smørgrav bc5531debe Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
Dag-Erling Smørgrav 00912a2021 Now that we have local modifications in configure.ac and configure, run 
autoheader and autoconf to avoid having to patch configure manually.
 2016-01-19 17:20:07 +00:00
Dag-Erling Smørgrav a0ee8cc636 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed 
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
 2016-01-19 16:18:26 +00:00
Dag-Erling Smørgrav 60c59fad88 As previously threatened, remove the HPN patch from OpenSSH. 2016-01-19 14:38:20 +00:00
Dag-Erling Smørgrav 5ecdd3c4d3 Use 'svn list -R' instead of find, and recognize comments in shell scripts 
and {ssh,sshd}_config.
 2016-01-19 14:25:22 +00:00
Dag-Erling Smørgrav c1ea5e1a86 Recognize *roff comments. 2016-01-19 13:15:57 +00:00
Dag-Erling Smørgrav 50356f4843 Update the pre- and post-merge scripts to work correctly after the recent 
cleanup.  A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh)
now results in an unchanged working copy.
 2016-01-19 12:38:53 +00:00
Gleb Smirnoff 1026c03c28 Fix OpenSSH client information leak. 
Security:	SA-16:07.openssh
Security:	CVE-2016-0777
 2016-01-14 22:40:46 +00:00
Dag-Erling Smørgrav 22f393c35d Incorrect length in calloc() call, already fixed upstream. 
PR:		204769
Submitted by:	David Binderman <dcb314@hotmail.com>
MFC after:	1 week
 2015-12-17 19:36:25 +00:00
Jung-uk Kim 80815a778e Merge OpenSSL 1.0.2e. 2015-12-03 21:13:35 +00:00
Jung-uk Kim 737d7e8d39 Import OpenSSL 1.0.2e. 2015-12-03 17:22:58 +00:00
Dag-Erling Smørgrav 6dd7775dfd r291198 inadvertantly reverted a local patch for the default location 
of ssh-askpass and xauth, breaking X11 forwarding.
 2015-11-26 23:05:40 +00:00
Dag-Erling Smørgrav af12673615 Revert inadvertent commit of an incorrect patch 2015-11-24 16:07:03 +00:00
Dag-Erling Smørgrav db83e5424b Remove description of the now-defunct NoneEnabled option. 2015-11-24 16:06:15 +00:00
Dag-Erling Smørgrav 1765946ba9 Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
Jung-uk Kim 2409c5b0cc Remove duplicate manual pages. 
Reported by:	brd
 2015-11-16 21:36:15 +00:00
Dag-Erling Smørgrav f2e553364c Remove dead code. 2015-11-11 13:47:23 +00:00
Dag-Erling Smørgrav 845c9bd1d9 One more $Mdocdate$ 2015-11-11 13:27:58 +00:00
Dag-Erling Smørgrav 5bec830e40 Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). 2015-11-11 13:26:47 +00:00
Dag-Erling Smørgrav 5b71b2ebe0 Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately, 
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
 2015-11-11 13:23:07 +00:00
Jung-uk Kim 7bded2db17 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
Jung-uk Kim e9fcefce9b Import OpenSSL 1.0.2d. 2015-10-23 19:46:02 +00:00
Xin LI 1e415e2992 Fix OpenSSH multiple vulnerabilities by backporting three changes 
from OpenSSH-portable master.

Git revisions:	45b0eb752c94954a6de046bfaaf129e518ad4b5b
		5e75f5198769056089fb06c4d738ab0e5abc66f7
		d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by:	des
Security:	FreeBSD-SA-15:22.openssh
 2015-08-25 20:48:37 +00:00
Xin LI 3a0b9b7735 Fix multiple OpenSSH vulnerabilities. 
Security:	CVE-2014-2653
Security:	CVE-2015-5600
Security:	FreeBSD-SA-15:16.openssh
 2015-07-28 19:58:38 +00:00
Eric van Gyzen 3e74849a1e ssh: canonicize the host name before looking it up in the host file 
Re-apply r99054 by des in 2002.  This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).

This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c

PR:		198043
Differential Revision:	https://reviews.freebsd.org/D3103
Reviewed by:	des
Approved by:	kib (mentor)
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Dell Inc.
 2015-07-16 18:44:18 +00:00
Jung-uk Kim 45c1772ea0 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
Jung-uk Kim c07d7b3a38 Import OpenSSL 1.0.1p. 2015-07-09 16:41:34 +00:00
Jung-uk Kim d47910c6ed Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
Jung-uk Kim 15533bcc35 Import OpenSSL 1.0.1o. 2015-06-12 16:33:55 +00:00
Jung-uk Kim ed6b93be54 Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
Jung-uk Kim a9745f9a84 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
Dag-Erling Smørgrav 8a1ab32008 Import new moduli from OpenBSD. Although there is no reason to distrust 
the current set, it is good hygiene to change them once in a while.

MFC after:	1 week
 2015-05-26 19:46:41 +00:00
Bryan Drewery e3bd730f60 Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled. 
The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH
in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e:

  - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
    [clientloop.c]
    Use the correct packet maximum sizes for remote port and agent forwarding.
    Prevents the server from killing the connection if too much data is queued
    and an excessively large packet gets sent.  bz #1360, ok djm@.

The change was lost due to the the way the original upstream HPN patch
modified this code. It was re-adding the original OpenSSH code and never
was properly fixed to use the new value.

MFC after:	2 weeks
 2015-04-02 18:43:25 +00:00
Bryan Drewery 6e57108113 Document "none" for VersionAddendum. 
PR:		193127
MFC after:	2 weeks
 2015-03-23 02:45:12 +00:00