| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Approved by: so
Security: FreeBSD-SA-20:33.openssl
Security: CVE-2020-1971
Notes:
svn path=/releng/11.4/; revision=368643
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r349720,356228:
r333552 (des):
Upgrade Unbound to 1.6.0. More to follow.
r333558 (des):
Upgrade Unbound to 1.6.1. More to follow.
r333559 (des):
Upgrade Unbound to 1.6.2. More to follow.
r333560 (des):
Upgrade Unbound to 1.6.3. More to follow.
r333561 (des):
Upgrade Unbound to 1.6.4. More to follow.
r333562 (des):
Upgrade Unbound to 1.6.5. More to follow.
r333563 (des):
Upgrade Unbound to 1.6.6. More to follow.
r333564 (des):
Upgrade Unbound to 1.6.7. More to follow.
r333565 (des):
No reason to keep this around.
r333566 (des):
Upgrade Unbound to 1.6.8. More to follow.
r333567 (des):
Upgrade Unbound to 1.7.0. More to follow.
r333568 (des):
Upgrade Unbound to 1.7.1.
r333573 (des):
Rename all Unbound binaries and man pages from unbound* to local-unbound*.
PR: 222902
r338568 (des):
Upgrade Unbound to 1.7.2. More to follow.
r338569 (des):
Upgrade Unbound to 1.7.3. More to follow.
r339275 (des):
Upgrade Unbound to 1.8.0. More to follow.
r339278 (des):
Upgrade to 1.8.1.
r339294 (des):
Try harder to sanitize the environment before running configure.
Remove a workaround for older Unbound versions that used sbrk.
r340037 (des):
Merge upstream r4932: turn so-reuseport option off by default.
r349720 (des):
Upgrade Unbound to 1.9.2.
MFC r356228 (cy):
MFV r356143:
Update unbound 1.9.2 --> 1.9.6.
Security: CVE-2017-15105 (fixed by 1.6.7)
CVE-2019-18934 (fixed by 1.9.5)
Notes:
svn path=/stable/11/; revision=356345
|
| |
|
|
| |
Notes:
svn path=/stable/11/; revision=356290
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Direct commit to stable/11; already fixed in newer OpenSSH in 12 and
later.
PR: 233801
Reported by: Dani
Obtained from: OpenBSD 1.111
Security: CVE-2017-15906
Notes:
svn path=/stable/11/; revision=355731
|
| |
|
|
| |
Notes:
svn path=/stable/11/; revision=352193
|
| |
|
|
|
|
|
| |
Approved by: re (kib)
Notes:
svn path=/stable/11/; revision=348343
|
| |
|
|
| |
Notes:
svn path=/stable/11/; revision=344604
|
| |
|
|
|
|
|
|
|
| |
Obtained from: OpenBSD scp.c 1.198
Security: CVE-2018-20685
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/stable/11/; revision=343097
|
| |
|
|
| |
Notes:
svn path=/stable/11/; revision=340704
|
| |
|
|
|
|
|
|
|
|
| |
Local changes introduced an OPENSSH_VERSION macro, but this conflicts
with a macro of the same name introduced with OepnsSL 1.1.1
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/stable/11/; revision=339285
|
| |
|
|
|
|
|
|
|
|
|
| |
database (apropos, man -k). This commit Replaces .SS with .SH,
similar to the man page provided by original heimdal (as in port).
PR: 230573
Submitted by: yuripv@yuripv.net
Notes:
svn path=/stable/11/; revision=338464
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.2p.
Notes:
svn path=/stable/11/; revision=337982
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.2o.
Notes:
svn path=/stable/11/; revision=331638
|
| |
|
|
|
|
|
|
|
| |
Add declaration of SSL_get_selected_srtp_profile() for OpenSSL.
Differential Revision: https://reviews.freebsd.org/D10525
Notes:
svn path=/stable/11/; revision=328556
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.2n.
Notes:
svn path=/stable/11/; revision=326663
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.2m.
Notes:
svn path=/stable/11/; revision=325337
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.2l.
Notes:
svn path=/stable/11/; revision=325335
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix linking with lld by marking OPENSSL_armcap_P as hidden.
Linking with lld fails as it contains a relative address, however the data
this address is for may be relocated from the shared object to the main
executable.
Fix this by adding the hidden attribute. This stops moving this value to
the main executable. It seems this is implicit upstream as it uses a
version script.
Notes:
svn path=/stable/11/; revision=325334
|
| |
|
|
|
|
|
| |
Build OpenSSL assembly sources for aarch64.
Notes:
svn path=/stable/11/; revision=325333
|
| |
|
|
| |
Notes:
svn path=/stable/11/; revision=323136
|
| |
|
|
| |
Notes:
svn path=/stable/11/; revision=323134
|
| |
|
|
| |
Notes:
svn path=/stable/11/; revision=323129
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Skip passwords longer than 1k in length so clients can't
easily DoS sshd by sending very long passwords, causing it to spend CPU
hashing them. feedback djm@, ok markus@.
Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org
Security: CVE-2016-6515
Security: FreeBSD-SA-17:06.openssh
Notes:
svn path=/stable/11/; revision=322341
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Submitted by: hrs
Obtained from: Heimdal
Security: FreeBSD-SA-17:05.heimdal
Security: CVE-2017-11103
Notes:
svn path=/stable/11/; revision=320907
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust notification points slightly to catch all auth failures, rather
than just the ones caused by bad usernames. Modify notification point
for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in
libblacklist will be forthcoming soon.) Add guards to allow library
headers to expose the enum of action values.
Reviewed by: des
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/stable/11/; revision=318402
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream commit r21331 (7758a5d0) added semiprivate function
_hx509_request_to_pkcs10 twice. This change has been committed upstream
as 8ef0071d.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/stable/11/; revision=316465
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream commit r24759 (efed563) prefixed some symbols with rk_, but
introduced 6 duplicate symbols in the version script (because the
rk_-prefixed versions of the symbols were already present).
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/stable/11/; revision=316463
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only notify blacklistd for successful logins in auth.c
Before this change, every pass through auth.c resulted in a
call to blacklist_notify().
In a normal remote login, there would be a failed login flagged for
the printing of the "xxx login:" prompt, before the remote user
could enter a password.
If the user successfully entered a good password, then a good login
would be flagged, and everything would be OK.
If the user entered an incorrect password, there would be another
failed login flagged in auth1.c (or auth2.c) for the actual bad
password attempt. Finally, when sshd got around to issuing the
second "xxx login:" prompt, there would be yet another failed login
notice sent to blacklistd.
So, if there was a 3 bad logins limit set (the default), the system
would actually block the address after the first bad password attempt.
Reported by: Rick Adams
Reviewed by: des
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/stable/11/; revision=314072
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Conditionalize building libwrap support into sshd
Only build libwrap support into sshd if MK_TCP_WRAPPERS != no
This will unbreak the build if libwrap has been removed from the system
PR: 210141
Notes:
svn path=/stable/11/; revision=313243
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.2k.
Notes:
svn path=/stable/11/; revision=312826
|
| |
|
|
|
|
|
|
|
|
| |
Fix multiple OpenSSH vulnerabilities.
Submitted by: des
Approved by: so
Notes:
svn path=/stable/11/; revision=311915
|
| |
|
|
|
|
|
|
|
| |
Fix OpenSSH remote Denial of Service vulnerability.
Security: CVE-2016-8858
Notes:
svn path=/stable/11/; revision=308198
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.2j.
Notes:
svn path=/stable/11/; revision=306343
|
| |
|
|
|
|
|
| |
Merge OpenSSL 1.0.2u.
Notes:
svn path=/stable/11/; revision=306195
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.
Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.
Approved by: des
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/stable/11/; revision=305476
|
| |
|
|
|
|
|
| |
Build OpenSSL assembly sources for arm.
Notes:
svn path=/stable/11/; revision=305152
|
| |
|
|
|
|
|
|
| |
PR: 208254
Approved by: re (kib)
Notes:
svn path=/stable/11/; revision=303952
|
| |
|
|
|
|
|
|
|
| |
PR: 208254
Approved by: re (gjb)
Relnotes: yes
Notes:
svn path=/stable/11/; revision=303770
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.
Requested by: des
PR: 210479 (related)
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=302182
|
| |
|
|
|
|
|
|
|
|
|
| |
Reviewed by: rpaulo
Approved by: rpaulo (earlier version of changes)
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5915
Notes:
svn path=/head/; revision=301551
|
| |
|
|
|
|
|
|
|
|
|
| |
Some consumers actually use this definition.
We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
Notes:
svn path=/head/; revision=301271
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed
memory and then be double-freed. After freeing it the first time, initialize
it to NULL, which causes subsequent krb5_free_principal calls to do the right
thing.
Reported by: Coverity
CID: 1273430
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=299495
|
| |\
| |
| |
| |
| |
| |
| | |
Relnotes: yes
Notes:
svn path=/head/; revision=298998
|
| | |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=298991
svn path=/vendor-crypto/openssl/1.0.2h/; revision=298992; tag=vendor/openssl/1.0.2h
|
| | |
| |
| |
| |
| |
| |
| | |
PR: 207679
Notes:
svn path=/head/; revision=296634
|
| |\ \
| | |
| | |
| | | |
Notes:
svn path=/head/; revision=296633
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | | |
Relnotes: yes
Notes:
svn path=/head/; revision=296279
|
| | | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=296273
svn path=/vendor-crypto/openssl/1.0.2g/; revision=296274; tag=vendor/openssl/1.0.2g
|
| | | |
| | |
| | |
| | | |
Notes:
svn path=/head/; revision=295139
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | | |
Relnotes: yes
Notes:
svn path=/head/; revision=295009
|
