| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| | |
Notes:
svn path=/head/; revision=366004
|
| |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=365997
svn path=/vendor-crypto/openssl/1.1.1h/; revision=365998; tag=vendor/openssl/1.1.1h
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We prepend "FreeBSD" to Clang version string. This broke compiler test for
AVX instruction support.
Reported by: jhb
Notes:
svn path=/head/; revision=364822
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
blacklistd has been renamed to blocklistd upstream, and a future
import into FreeBSD will follow that change. Support the new name
as an alias in config files.
Reviewed by: bz, delphij
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25865
Notes:
svn path=/head/; revision=363657
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A base system OpenSSH update in 2016 or so removed a number of ciphers
from the default lists offered by the server/client, due to known
weaknesses. This caused POLA issues for some users and prompted
PR207679; the ciphers were restored to the default lists in r296634.
When upstream removed these ciphers from the default server list, they
moved them to the client-only default list. They were subsequently
removed from the client default, in OpenSSH 7.9p1.
The change has persisted long enough. Remove these extra ciphers from
both the server and client default lists, in advance of FreeBSD 13.
Reviewed by: markm, rgrimes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25833
Notes:
svn path=/head/; revision=363627
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change was made upstream between 7.9p1 and 8.0p1. We've made local
changes in the same places for handling the version_addendum; apply the
SSLeay_version to OpenSSL_version change in advance of importing 8.0p1.
This should have been part of r363225.
Obtained from: OpenSSH-portable a65784c9f9c5
MFC with: r363225
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=363235
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change was made upstream between 7.9p1 and 8.0p1. We've made local
changes in the same places for handling the version_addendum; apply the
SSLeay_version to OpenSSL_version change in advance of importing 8.0p1.
Obtained from: OpenSSH-portable a65784c9f9c5
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=363225
|
| |
| |
| |
| |
| |
| |
| | |
MFC after: 1 week
Notes:
svn path=/head/; revision=362676
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The logging was introduced in r314527 but doesn't appear to be useful
for regular operation, and as the result, for users with no class set
(very common) the administrator would see a message like this in their
auth.log:
sshd[44251]: user root login class [preauth]
(note that the class was "" because that's what's typically configured
for most users; we would get 'default' if lc->lc_class is chosen)
Remove this log as it can be annoying as the lookup happen before
authentication and repeats, and our code is not acting upon lc_class
or pw_class directly anyways.
Reviewed by: cem, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24997
Notes:
svn path=/head/; revision=362642
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=360175
|
| |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=360173
svn path=/vendor-crypto/openssl/1.1.1g/; revision=360174; tag=vendor/openssl/1.1.1g
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See https://www.openssl.org/news/secadv/20200421.txt for details.
Approved by: so
Security: CVE-2020-1967
Notes:
svn path=/head/; revision=360146
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=359486
|
| |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=359482
svn path=/vendor-crypto/openssl/1.1.1f/; revision=359483; tag=vendor/openssl/1.1.1f
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is currently staged in vendor/ as part of the 8.0p1 import, which isn't
quite ready to land. Given that this is a simple one-line fix, apply it now
as the fallout will be pretty minimal.
-fno-common will become the default in GCC10/LLVM11.
MFC after: 3 days
Notes:
svn path=/head/; revision=359424
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=359060
|
| |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=359051
svn path=/vendor-crypto/openssl/1.1.1e/; revision=359052; tag=vendor/openssl/1.1.1e
|
| |
| |
| |
| | |
Notes:
svn path=/head/; revision=358323
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It appears that FREEBSD-vendor is an idea that never really took off
and we should probably just remove it, but until then we might as well
record the correct version.
Notes:
svn path=/head/; revision=357939
|
| |
| |
| |
| |
| |
| |
| | |
ftp://ftp.openbsd.org/ does not work.
Notes:
svn path=/head/; revision=357932
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=357926
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to add user-facing deprecation notices for TCP wrappers; start
with a note in the upgrade process docmentation.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=357925
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
LIBWRAP is defined by the Makefile based on MK_TCP_WRAPPERS and should
not be defined in config.h.
PR: 210141
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=357922
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In r339216 a privsep wrapper was added for login_getpwclass to address
PR 231172. Unfortunately the change used the MON_AUTH flag in the
wrapper, and MON_AUTH includes MON_AUTHDECIDE which triggers an
auth_log() on each invocation. getpwclass() does not participate in the
authentication decision, so should be MON_ISAUTH instead.
PR: 234793
Submitted by: Henry Hu
Reviewed by: Yuichiro NAITO
MFC after: 1 week
Notes:
svn path=/head/; revision=354897
|
|\ \ \
| | |/
| |/|
| | | |
Notes:
svn path=/head/; revision=352191
|
| | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=352163
svn path=/vendor-crypto/openssl/1.1.1d/; revision=352164; tag=vendor/openssl/1.1.1d
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
struct xucred. Do not bump XUCRED_VERSION as struct layout is not changed.
PR: 215202
Reviewed by: tijl
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20415
Notes:
svn path=/head/; revision=348419
|
|\| |
| | |
| | |
| | | |
Notes:
svn path=/head/; revision=348340
|
| | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=348333
svn path=/vendor-crypto/openssl/1.1.1c/; revision=348334; tag=vendor/openssl/1.1.1c
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Submitted by: yuripv
Differential Revision: https://reviews.freebsd.org/D18636
Notes:
svn path=/head/; revision=345579
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
upstream: when checking that filenames sent by the server side
match what the client requested, be prepared to handle shell-style brace
alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy
deraadt@
OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
Discussed with: des
Obtained from: OpenSSH-portable 3d896c157c722bc47adca51a58dca859225b5874
Notes:
svn path=/head/; revision=345576
|
|\ \ \
| | |/
| |/|
| | | |
Notes:
svn path=/head/; revision=344602
|
| | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=344595
svn path=/vendor-crypto/openssl/1.1.1b/; revision=344596; tag=vendor/openssl/1.1.1b
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSH-portable commits:
check in scp client that filenames sent during remote->local directory
copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@
OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
Minor patch conflict (getopt) resolved.
Obtained from: OpenSSH-portable 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
scp: add -T to usage();
OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899
Obtained from: OpenSSH-portable 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8
PR: 234965
Approved by: des
MFC after: 3 days
Obtained from: OpenSSH-portable 391ffc4b9d, 2c21b75a7b
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19076
Notes:
svn path=/head/; revision=344449
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Obtained from: OpenBSD scp.c 1.198
Security: CVE-2018-20685
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=343043
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reported by: delphij@
Notes:
svn path=/head/; revision=342871
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now the new devcrypto engine is enabled since r342009, many users started
seeing "Could not open /dev/crypto: No such file or directory". Disable
the annoying error message as it is not very useful anyway.
Note the patch was submitted upstream.
https://github.com/openssl/openssl/pull/7896
Notes:
svn path=/head/; revision=342057
|
|\ \ \
| | |/
| |/|
| | | |
Notes:
svn path=/head/; revision=340703
|
| | |
| | |
| | |
| | |
| | | |
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=340690
svn path=/vendor-crypto/openssl/1.1.1a/; revision=340691; tag=vendor/openssl/1.1.1a
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
number bump.
Reported by: jkim
Discussed with: kib
MFC after: immediate
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339741
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove a workaround for older Unbound versions that used sbrk.
Approved by: re (gjb)
Notes:
svn path=/head/; revision=339294
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Update OpenSSL to version 1.1.1.
- Update Kerberos/Heimdal API for OpenSSL 1.1.1 compatibility.
- Bump __FreeBSD_version.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=339270
|
| | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/projects/openssl111/; revision=339259
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/openssl111/; revision=339255
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/openssl111/; revision=339240
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Existing work is underway to import a newer version of heimdal, but
this patchset gets us to a fully working tree to enable more wide
spread testing of OpenSSL 1.1 for now.
I've also enabled WARNS=1 for kerberos (which is the reason for the
change in libroken). Having -Werror enabled was useful during the
1.1 updates and we probably should have warnings enabled by default
for kerberos anyway.
This passes make tinderbox, and I have also done some very light
runtime testing on amd64.
Reviewed by: bjk, jkim, emaste
Differential Revision: https://reviews.freebsd.org/D17276
Notes:
svn path=/projects/openssl111/; revision=339198
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Differential Revision: https://reviews.freebsd.org/D17390
Notes:
svn path=/projects/openssl111/; revision=339157
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Missed in migrating changeset from git to svn for r338811
Reported by: jhb
Notes:
svn path=/projects/openssl111/; revision=339154
|
| | | | |
| | | | |
| | | | |
| | | | | |
Notes:
svn path=/projects/openssl111/; revision=338896
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.
Trivial conflicts in sshkey.c and test_sshkey.c were resolved.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/openssl111/; revision=338811
|