This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from 383a33d1 upstream: Treat connections with ProxyJump specified the same as ones
new bbc8af72 upstream: In sshkey_in_file(), ignore keys that are considered for
new cb24d9fc upstream: when compiled with GSSAPI support, cache supported method
new b5e412a8 upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit b5e412a8993ad17b9e1141c78408df15d3d987e1
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Sep 21 12:46:22 2018 +0000
upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@
OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
commit cb24d9fcc901429d77211f274031653476864ec6
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Sep 21 12:23:17 2018 +0000
upstream: when compiled with GSSAPI support, cache supported method
OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether
GSSAPI authentication is enabled in the main config.
This avoids sandbox violations for configurations that enable GSSAPI
auth later, e.g.
Match user djm
GSSAPIAuthentication yes
bz#2107; ok dtucker@
OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
commit bbc8af72ba68da014d4de6e21a85eb5123384226
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Sep 21 12:20:12 2018 +0000
upstream: In sshkey_in_file(), ignore keys that are considered for
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
to be "in the file". This allows key revocation lists to contain short keys
without the entire revocation list being considered invalid.
bz#2897; ok dtucker
OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
Summary of changes:
authfile.c | 14 ++++++++++----
clientloop.c | 43 ++++++++++++++++++++++++++++---------------
ssh_config.5 | 6 +++++-
sshd.c | 5 ++---
4 files changed, 45 insertions(+), 23 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
djm pushed a change to branch master
in repository openssh.
from 383a33d1 upstream: Treat connections with ProxyJump specified the same as ones
new bbc8af72 upstream: In sshkey_in_file(), ignore keys that are considered for
new cb24d9fc upstream: when compiled with GSSAPI support, cache supported method
new b5e412a8 upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit b5e412a8993ad17b9e1141c78408df15d3d987e1
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Sep 21 12:46:22 2018 +0000
upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@
OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
commit cb24d9fcc901429d77211f274031653476864ec6
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Sep 21 12:23:17 2018 +0000
upstream: when compiled with GSSAPI support, cache supported method
OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether
GSSAPI authentication is enabled in the main config.
This avoids sandbox violations for configurations that enable GSSAPI
auth later, e.g.
Match user djm
GSSAPIAuthentication yes
bz#2107; ok dtucker@
OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
commit bbc8af72ba68da014d4de6e21a85eb5123384226
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Sep 21 12:20:12 2018 +0000
upstream: In sshkey_in_file(), ignore keys that are considered for
being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
to be "in the file". This allows key revocation lists to contain short keys
without the entire revocation list being considered invalid.
bz#2897; ok dtucker
OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
Summary of changes:
authfile.c | 14 ++++++++++----
clientloop.c | 43 ++++++++++++++++++++++++++++---------------
ssh_config.5 | 6 +++++-
sshd.c | 5 ++---
4 files changed, 45 insertions(+), 23 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits