| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Because there was an extra declaration in the vendor version, we locally
removed the second one in r238405 with 1.0.1c. Later, upstream fixed it in
1.0.2d but they removed the first one. Therefore, both were removed in our
version unfortunately. Now we revert to the vendor one to re-add it.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D10525
Notes:
svn path=/head/; revision=328419
|
| |\
| |
| |
| | |
Notes:
svn path=/head/; revision=326662
|
| | |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=326660
svn path=/vendor-crypto/openssl/1.0.2n/; revision=326661; tag=vendor/openssl/1.0.2n
|
| |\|
| |
| |
| | |
Notes:
svn path=/head/; revision=325328
|
| | |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=325326
svn path=/vendor-crypto/openssl/1.0.2m/; revision=325327; tag=vendor/openssl/1.0.2m
|
| |\ \
| | |
| | |
| | | |
Notes:
svn path=/head/; revision=322052
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Submitted by: hrs
Obtained from: Heimdal
Security: FreeBSD-SA-17:05.heimdal
Security: CVE-2017-11103
Notes:
svn path=/head/; revision=320906
|
| |\ \ \ \
| | |_|/
| |/| |
| | | | |
Notes:
svn path=/head/; revision=318899
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=318897
svn path=/vendor-crypto/openssl/1.0.2l/; revision=318898; tag=vendor/openssl/1.0.2l
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adjust notification points slightly to catch all auth failures,
rather than just the ones caused by bad usernames.
Modify notification point for bad usernames to send new type of
BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.)
Add guards to allow library headers to expose the enum of action values.
Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=318242
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Linking with lld fails as it contains a relative address, however the data
this address is for may be relocated from the shared object to the main
executable.
Fix this by adding the hidden attribute. This stops moving this value to
the main executable. It seems this is implicit upstream as it uses a
version script.
Approved by: jkim
Sponsored by: DARPA, AFRL
Notes:
svn path=/head/; revision=316607
|
| |\ \ \ \
| | |_|/
| |/| |
| | | | |
Notes:
svn path=/head/; revision=314720
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
to 7.3p1. The other part (which adds -DLIBWRAP to sshd's CFLAGS) is
still in place.
Reported by: ngie
Notes:
svn path=/head/; revision=314601
|
| | | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=314576
|
| |\| | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=314527
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
Notes:
svn path=/head/; revision=314436
|
| | | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=314306
|
| | | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=314304
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Reported by: Rick Adams
Reviewed by: des
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=313965
|
| |\ \ \ \
| | |/ /
| |/| |
| | | | |
Notes:
svn path=/head/; revision=312825
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=312823
svn path=/vendor-crypto/openssl/1.0.2k/; revision=312824; tag=vendor/openssl/1.0.2k
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix multiple OpenSSH vulnerabilities.
Submitted by: des
Approved by: so
Notes:
svn path=/head/; revision=311914
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Only build libwrap support into sshd if MK_TCP_WRAPPERS != no
This will unbreak the build if libwrap has been removed from the system
MFC after: 2 weeks
PR: 210141
Submitted by: kpect@protonmail.com
Differential Revision: D9049
Notes:
svn path=/head/; revision=311585
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix OpenSSH remote Denial of Service vulnerability.
Security: CVE-2016-8858
Notes:
svn path=/head/; revision=308197
|
| | | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=307976
|
| |\ \ \ \
| | |/ /
| |/| |
| | | | |
Notes:
svn path=/head/; revision=306342
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=306340
svn path=/vendor-crypto/openssl/1.0.2j/; revision=306341; tag=vendor/openssl/1.0.2j
|
| |\| | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=306193
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=306189
svn path=/vendor-crypto/openssl/1.0.2i/; revision=306190; tag=vendor/openssl/1.0.2i
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.
Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.
Reviewed by: des
Approved by: des
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7051
Notes:
svn path=/head/; revision=305065
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
MFC after: 1 week
Notes:
svn path=/head/; revision=304636
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Upstream commit r21331 (7758a5d0) added semiprivate function
_hx509_request_to_pkcs10 twice. This change has been committed upstream
as 8ef0071d.
Notes:
svn path=/head/; revision=304624
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
if we didn't find any of them. This reduces log spam about key files for
deprecated algorithms, which we look for but don't generate.
PR: 208254
MFC after: 3 days
Notes:
svn path=/head/; revision=303832
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Upstream did this a long time ago, but we kept DSA and SSH1 in FreeBSD for
reasons which boil down to POLA. Now is a good time to catch up.
MFC after: 3 days
Relnotes: yes
Notes:
svn path=/head/; revision=303716
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Upstream commit r24759 (efed563) prefixed some symbols with rk_, but
introduced 6 duplicate symbols in the version script (because the
rk_-prefixed versions of the symbols were already present).
Notes:
svn path=/head/; revision=303156
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.
Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=302182
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915
Notes:
svn path=/head/; revision=301551
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some consumers actually use this definition.
We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
Notes:
svn path=/head/; revision=301271
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed
memory and then be double-freed. After freeing it the first time, initialize
it to NULL, which causes subsequent krb5_free_principal calls to do the right
thing.
Reported by: Coverity
CID: 1273430
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=299495
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Relnotes: yes
Notes:
svn path=/head/; revision=298998
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=298991
svn path=/vendor-crypto/openssl/1.0.2h/; revision=298992; tag=vendor/openssl/1.0.2h
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
PR: 207679
Notes:
svn path=/head/; revision=296634
|
| |\ \ \ \
| | |/ /
| |/| |
| | | | |
Notes:
svn path=/head/; revision=296633
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
Relnotes: yes
Notes:
svn path=/head/; revision=296279
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=296273
svn path=/vendor-crypto/openssl/1.0.2g/; revision=296274; tag=vendor/openssl/1.0.2g
|
| | | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=295139
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Relnotes: yes
Notes:
svn path=/head/; revision=295009
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=295001
svn path=/vendor-crypto/openssl/1.0.2f/; revision=295002; tag=vendor/openssl/1.0.2f
|
| | | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=294909
|
| | | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/head/; revision=294564
|
