#
294050 |
|
14-Jan-2016 |
glebius |
Fix OpenSSH client information leak.
Security: SA-16:07.openssh Security: CVE-2016-0777 Approved by: so
|
#
294050 |
|
14-Jan-2016 |
glebius |
Fix OpenSSH client information leak.
Security: SA-16:07.openssh Security: CVE-2016-0777 Approved by: so |
#
285830 |
|
23-Jul-2015 |
gjb |
- Copy stable/10@285827 to releng/10.2 in preparation for 10.2-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.2. - Update default pkg(8) configuration to use the quarterly branch.[1]
Discussed with: re, portmgr [1] Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
264377 |
|
12-Apr-2014 |
des |
MFH (r263712): upgrade openssh to 6.6p1 MFH (r264308): restore p level in debugging output
|
#
262566 |
|
27-Feb-2014 |
des |
MFH (r261320): upgrade openssh to 6.5p1 MFH (r261340): enable sandboxing by default
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
255767 |
|
21-Sep-2013 |
des |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
#
255461 |
|
10-Sep-2013 |
des |
Change the default value of VerifyHostKeyDNS to "yes" if compiled with LDNS. With that setting, OpenSSH will silently accept host keys that match verified SSHFP records. If an SSHFP record exists but could not be verified, OpenSSH will print a message and prompt the user as usual.
Approved by: re (blanket)
|
#
249839 |
|
24-Apr-2013 |
des |
Merge updated "no such identity file" patch.
PR: bin/178060
|
#
249016 |
|
02-Apr-2013 |
des |
Merge upstream patch to silence spurious "no such identity file" warnings.
|
#
240075 |
|
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
#
231584 |
|
13-Feb-2012 |
ed |
Polish diff against upstream.
- Revert unneeded whitespace changes. - Revert modifications to loginrec.c, as the upstream version already does the right thing. - Fix indentation and whitespace of local changes.
Approved by: des MFC after: 1 month
|
#
226046 |
|
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
#
224638 |
|
03-Aug-2011 |
brooks |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported.
Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf.
This code is a style(9) compliant version of these features extracted from the patches published at:
http://www.psc.edu/networking/projects/hpn-ssh/
Merging this patch has been a collaboration between me and Bjoern.
Reviewed by: bz Approved by: re (kib), des (maintainer)
|
#
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
#
215116 |
|
11-Nov-2010 |
des |
Upgrade to OpenSSH 5.6p1.
|
#
204917 |
|
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
#
197679 |
|
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
#
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
#
181918 |
|
20-Aug-2008 |
des |
Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED. Submitted upstream, no reaction.
Submitted by: delphij@ MFC after: 2 weeks
|
#
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
#
181097 |
|
01-Aug-2008 |
des |
Consistently set svn:eol-style.
|
#
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
#
157019 |
|
22-Mar-2006 |
des |
Merge conflicts.
|
#
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
#
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
#
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
#
128461 |
|
20-Apr-2004 |
des |
One more conflict.
|
#
128460 |
|
20-Apr-2004 |
des |
Resolve conflicts.
|
#
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
#
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
#
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
#
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
#
99048 |
|
29-Jun-2002 |
des |
Apply FreeBSD's configuration defaults.
Sponsored by: DARPA, NAI Labs
|
#
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
#
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
#
93698 |
|
02-Apr-2002 |
des |
Make the various ssh clients understand the VersionAddendum option.
Submitted by: pb
|
#
92559 |
|
18-Mar-2002 |
des |
Fix conflicts.
|
#
76262 |
|
04-May-2001 |
green |
Fix conflicts for OpenSSH 2.9.
|
#
73400 |
|
04-Mar-2001 |
assar |
Add code for being compatible with ssh.com's krb5 authentication. It is done by using the same ssh messages for v4 and v5 authentication (since the ssh.com does not now anything about v4) and looking at the contents after unpacking it to see if it is v4 or v5. Based on code from Björn Grönvall <bg@sics.se>
PR: misc/20504
|
#
69591 |
|
05-Dec-2000 |
green |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website.
Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too.
This requires at least the following in pam.conf:
sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so
Parts by: Eivind Eklend <eivind@FreeBSD.org>
|
#
65674 |
|
10-Sep-2000 |
kris |
Resolve conflicts and update for OpenSSH 2.2.0
Reviewed by: gshapiro, peter, green
|
#
62940 |
|
11-Jul-2000 |
peter |
Make FallBackToRsh off by default. Falling back to rsh by default is silly in this day and age.
Approved by: kris
|
#
61203 |
|
03-Jun-2000 |
kris |
Bring vendor patches onto the main branch, and resolve conflicts.
|
#
60576 |
|
15-May-2000 |
kris |
Resolve conflicts and update for FreeBSD.
|
#
57708 |
|
03-Mar-2000 |
green |
Turn off X11 forwarding in the client. X11 forwarding in the server by default should probably also get turned on, now.
Requested by: kris Obtained from: OpenBSD
|
#
57565 |
|
28-Feb-2000 |
markm |
1) Add kerberos5 functionality. by Daniel Kouril <kouril@informatics.muni.cz> 2) Add full LOGIN_CAP capability by Andrey Chernov
|
#
57465 |
|
25-Feb-2000 |
green |
Make "CheckHostIP" default to off. This was proposed on -security and earlier IRC, but despite my inital feeling against it, this seems the more proper thing to do.
Proposed by: rwatson
|
#
57430 |
|
24-Feb-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r57429, which included commits to RCS files with non-trunk default branches.
|
#
57429 |
|
24-Feb-2000 |
markm |
Vendor import of OpenSSH.
|