| #
296853 |
|
14-Mar-2016 |
des |
MFS (r296781):
MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug)
MFH (r296634): re-add aes-cbc to server-side default cipher list
MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679
Security: CVE-2016-3115
Approved by: re (marius)
|
| #
296853 |
|
14-Mar-2016 |
des |
MFS (r296781):
MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug)
MFH (r296634): re-add aes-cbc to server-side default cipher list
MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679
Security: CVE-2016-3115
Approved by: re (marius) |
| #
296373 |
|
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1
builds.
- Update newvers.sh to reflect RC1.
- Update __FreeBSD_version to reflect 10.3.
- Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
| #
295367 |
|
07-Feb-2016 |
des |
MFH (r265214, r294333, r294407, r294467): misc prop fixes
MFH (r285975, r287143): register mergeinfo for security fixes
MFH (r294497, r294498, r295139): internal documentation
MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap
MFH (r294332): upgrade to openssh 6.8p1
MFH (r294367): update pam_ssh for api changes
MFH (r294909): switch usedns back on
MFH (r294336): upgrade to openssh 6.9p1
MFH (r294495): re-enable dsa keys
MFH (r294464): upgrade to openssh 7.0p1
MFH (r294496): upgrade to openssh 7.1p2
Approved by: re (gjb)
Relnotes: yes
|
| #
294693 |
|
24-Jan-2016 |
des |
MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563)
Remove the HPN and None cipher patches.
|
| #
294666 |
|
24-Jan-2016 |
des |
MFH (r263234, r263691, r266465, r290671, r290672, r290673, r290674,
r294320, r294322, r294324, r294330, r294469, r294494, r294466)
Reduce diffs to head in preparation for removing HPN and None.
|
| #
287144 |
|
25-Aug-2015 |
delphij |
MFC: Fix OpenSSH multiple vulnerabilities.
Security: FreeBSD-SA-15:22.openssh
|
| #
264377 |
|
12-Apr-2014 |
des |
MFH (r263712): upgrade openssh to 6.6p1
MFH (r264308): restore p level in debugging output
|
| #
262566 |
|
27-Feb-2014 |
des |
MFH (r261320): upgrade openssh to 6.5p1
MFH (r261340): enable sandboxing by default
|
| #
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| #
255767 |
|
21-Sep-2013 |
des |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
| #
248619 |
|
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
|
| #
240075 |
|
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
| #
226046 |
|
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
| #
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
| #
215116 |
|
11-Nov-2010 |
des |
Upgrade to OpenSSH 5.6p1.
|
| #
204917 |
|
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
| #
197679 |
|
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
| #
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
| #
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
|
| #
181110 |
|
01-Aug-2008 |
des |
Remove svn:keywords except on files that need it. This makes diffs
against the vendor branch much more readable.
|
| #
181097 |
|
01-Aug-2008 |
des |
Consistently set svn:eol-style.
|
| #
181090 |
|
01-Aug-2008 |
des |
Revert an old hack I put in to replace S/Key with OPIE. We haven't used
that code in ages - we use pam_opie(8) instead - so this is a NOP.
|
| #
164149 |
|
10-Nov-2006 |
des |
Resolve conflicts.
|
| #
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
| #
162360 |
|
16-Sep-2006 |
des |
Merge vendor patch for BSM problem in protocol version 1.
MFC after: 1 week
|
| #
157019 |
|
22-Mar-2006 |
des |
Merge conflicts.
|
| #
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
| #
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
| #
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
| #
128460 |
|
20-Apr-2004 |
des |
Resolve conflicts.
|
| #
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
| #
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
| #
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
| #
110138 |
|
31-Jan-2003 |
des |
Fix keyboard-interactive authentication for ssh1. The problem was twofold:
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
|
| #
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
| #
103134 |
|
09-Sep-2002 |
ume |
sshd didn't handle actual size of struct sockaddr correctly,
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.
Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days
|
| #
99747 |
|
10-Jul-2002 |
des |
Don't forget to clear the buffer before reusing it.
|
| #
99258 |
|
02-Jul-2002 |
des |
Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if
PAM authentication failed due to an incorrect response.
|
| #
99063 |
|
29-Jun-2002 |
des |
Resolve conflicts.
Sponsored by: DARPA, NAI Labs
|
| #
99052 |
|
29-Jun-2002 |
des |
PAM support, the FreeBSD way.
Sponsored by: DARPA, NAI Labs
|
| #
99046 |
|
29-Jun-2002 |
des |
Support OPIE as an alternative to S/Key.
Sponsored by: DARPA, NAI Labs
|
| #
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
| #
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
| #
98676 |
|
23-Jun-2002 |
des |
This commit was generated by cvs2svn to compensate for changes in r98675,
which included commits to RCS files with non-trunk default branches.
|
| #
98675 |
|
23-Jun-2002 |
des |
Vendor import of OpenSSH 3.3.
|