#
296853 |
|
14-Mar-2016 |
des |
MFS (r296781): MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679 Security: CVE-2016-3115 Approved by: re (marius)
|
#
296853 |
|
14-Mar-2016 |
des |
MFS (r296781): MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679 Security: CVE-2016-3115 Approved by: re (marius) |
#
296373 |
|
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
#
295367 |
|
07-Feb-2016 |
des |
MFH (r265214, r294333, r294407, r294467): misc prop fixes MFH (r285975, r287143): register mergeinfo for security fixes MFH (r294497, r294498, r295139): internal documentation MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap MFH (r294332): upgrade to openssh 6.8p1 MFH (r294367): update pam_ssh for api changes MFH (r294909): switch usedns back on MFH (r294336): upgrade to openssh 6.9p1 MFH (r294495): re-enable dsa keys MFH (r294464): upgrade to openssh 7.0p1 MFH (r294496): upgrade to openssh 7.1p2
Approved by: re (gjb) Relnotes: yes
|
#
294693 |
|
24-Jan-2016 |
des |
MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563)
Remove the HPN and None cipher patches.
|
#
294666 |
|
24-Jan-2016 |
des |
MFH (r263234, r263691, r266465, r290671, r290672, r290673, r290674, r294320, r294322, r294324, r294330, r294469, r294494, r294466)
Reduce diffs to head in preparation for removing HPN and None.
|
#
287144 |
|
25-Aug-2015 |
delphij |
MFC: Fix OpenSSH multiple vulnerabilities.
Security: FreeBSD-SA-15:22.openssh
|
#
264377 |
|
12-Apr-2014 |
des |
MFH (r263712): upgrade openssh to 6.6p1 MFH (r264308): restore p level in debugging output
|
#
262566 |
|
27-Feb-2014 |
des |
MFH (r261320): upgrade openssh to 6.5p1 MFH (r261340): enable sandboxing by default
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
255767 |
|
21-Sep-2013 |
des |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
#
248619 |
|
22-Mar-2013 |
des |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
240075 |
|
03-Sep-2012 |
des |
Upgrade OpenSSH to 6.1p1.
|
#
226046 |
|
05-Oct-2011 |
des |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
#
221420 |
|
04-May-2011 |
des |
Upgrade to OpenSSH 5.8p2.
|
#
215116 |
|
11-Nov-2010 |
des |
Upgrade to OpenSSH 5.6p1.
|
#
204917 |
|
09-Mar-2010 |
des |
Upgrade to OpenSSH 5.4p1.
MFC after: 1 month
|
#
197679 |
|
01-Oct-2009 |
des |
Upgrade to OpenSSH 5.3p1.
|
#
192595 |
|
22-May-2009 |
des |
Upgrade to OpenSSH 5.2p1.
MFC after: 3 months
|
#
181111 |
|
01-Aug-2008 |
des |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed.
MFC after: 6 weeks
|
#
181110 |
|
01-Aug-2008 |
des |
Remove svn:keywords except on files that need it. This makes diffs against the vendor branch much more readable.
|
#
181097 |
|
01-Aug-2008 |
des |
Consistently set svn:eol-style.
|
#
181090 |
|
01-Aug-2008 |
des |
Revert an old hack I put in to replace S/Key with OPIE. We haven't used that code in ages - we use pam_opie(8) instead - so this is a NOP.
|
#
164149 |
|
10-Nov-2006 |
des |
Resolve conflicts.
|
#
162856 |
|
30-Sep-2006 |
des |
Merge conflicts.
MFC after: 1 week
|
#
162360 |
|
16-Sep-2006 |
des |
Merge vendor patch for BSM problem in protocol version 1.
MFC after: 1 week
|
#
157019 |
|
22-Mar-2006 |
des |
Merge conflicts.
|
#
149753 |
|
03-Sep-2005 |
des |
Resolve conflicts.
|
#
147005 |
|
05-Jun-2005 |
des |
Resolve conflicts.
|
#
137019 |
|
28-Oct-2004 |
des |
Resolve conflicts
|
#
128460 |
|
20-Apr-2004 |
des |
Resolve conflicts.
|
#
126277 |
|
26-Feb-2004 |
des |
Resolve conflicts.
|
#
124211 |
|
07-Jan-2004 |
des |
Resolve conflicts and remove obsolete files.
Sponsored by: registrar.no
|
#
113911 |
|
23-Apr-2003 |
des |
Resolve conflicts.
|
#
110138 |
|
31-Jan-2003 |
des |
Fix keyboard-interactive authentication for ssh1. The problem was twofold:
- The PAM kbdint device sometimes doesn't know authentication succeeded until you re-query it. The ssh1 kbdint code would never re-query the device, so authentication would always fail. This patch has been submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that authentication had succeeded. This caused the monitor to veto the privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
|
#
106130 |
|
29-Oct-2002 |
des |
Resolve conflicts.
|
#
103134 |
|
09-Sep-2002 |
ume |
sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix.
Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days
|
#
99747 |
|
10-Jul-2002 |
des |
Don't forget to clear the buffer before reusing it.
|
#
99258 |
|
02-Jul-2002 |
des |
Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if PAM authentication failed due to an incorrect response.
|
#
99063 |
|
29-Jun-2002 |
des |
Resolve conflicts.
Sponsored by: DARPA, NAI Labs
|
#
99052 |
|
29-Jun-2002 |
des |
PAM support, the FreeBSD way.
Sponsored by: DARPA, NAI Labs
|
#
99046 |
|
29-Jun-2002 |
des |
Support OPIE as an alternative to S/Key.
Sponsored by: DARPA, NAI Labs
|
#
98941 |
|
27-Jun-2002 |
des |
Forcibly revert to mainline.
|
#
98684 |
|
23-Jun-2002 |
des |
Resolve conflicts. Known issues:
- sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated
I will have these issues resolved, and privilege separation turned on by default, in time for DP2.
Sponsored by: DARPA, NAI Labs
|
#
98676 |
|
23-Jun-2002 |
des |
This commit was generated by cvs2svn to compensate for changes in r98675, which included commits to RCS files with non-trunk default branches.
|
#
98675 |
|
23-Jun-2002 |
des |
Vendor import of OpenSSH 3.3.
|