[openssh-commits] [openssh] branch master updated (1d6424a -> d411d39)

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Jan 27 00:33:56 EST 2015


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  1d6424a   upstream commit
       new  57e783c   upstream commit
       new  087266e   upstream commit
       new  dcff581   upstream commit
       new  a5a3e33   upstream commit
       new  60b1825   upstream commit
       new  8d4f872   upstream commit
       new  5104db7   upstream commit
       new  1d1092b   upstream commit
       new  2b3b1c1   upstream commit
       new  0dad3b8   upstream commit
       new  7dd355f   upstream commit
       new  fe8a3a5   upstream commit
       new  d411d39   upstream commit

The 13 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit d411d395556b73ba1b9e451516a0bd6697c4b03d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jan 26 06:12:18 2015 +0000

    upstream commit
    
    regression test for host key rotation

commit fe8a3a51699afbc6407a8fae59b73349d01e49f8
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jan 26 06:11:28 2015 +0000

    upstream commit
    
    adapt to sshkey API tweaks

commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434
Author: miod at openbsd.org <miod at openbsd.org>
Date:   Sat Jan 24 10:39:21 2015 +0000

    upstream commit
    
    Move -lz late in the linker commandline for things to
     build on static arches.

commit 0dad3b806fddb93c475b30853b9be1a25d673a33
Author: miod at openbsd.org <miod at openbsd.org>
Date:   Fri Jan 23 21:21:23 2015 +0000

    upstream commit
    
    -Wpointer-sign is supported by gcc 4 only.

commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jan 20 22:58:57 2015 +0000

    upstream commit
    
    use SUBDIR to recuse into unit tests; makes "make obj"
     actually work

commit 1d1092bff8db27080155541212b420703f8b9c92
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jan 26 12:16:36 2015 +0000

    upstream commit
    
    correct description of UpdateHostKeys in ssh_config.5 and
     add it to -o lists for ssh, scp and sftp; pointed out by jmc@

commit 5104db7cbd6cdd9c5971f4358e74414862fc1022
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jan 26 06:10:03 2015 +0000

    upstream commit
    
    correctly match ECDSA subtype (== curve) for
     offered/recevied host keys. Fixes connection-killing host key mismatches when
     a server offers multiple ECDSA keys with different curve type (an extremely
     unlikely configuration).
    
    ok markus, "looks mechanical" deraadt@

commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jan 26 03:04:45 2015 +0000

    upstream commit
    
    Host key rotation support.
    
    Add a hostkeys at openssh.com protocol extension (global request) for
    a server to inform a client of all its available host key after
    authentication has completed. The client may record the keys in
    known_hosts, allowing it to upgrade to better host key algorithms
    and a server to gracefully rotate its keys.
    
    The client side of this is controlled by a UpdateHostkeys config
    option (default on).
    
    ok markus@

commit 60b1825262b1f1e24fc72050b907189c92daf18e
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jan 26 02:59:11 2015 +0000

    upstream commit
    
    small refactor and add some convenience functions; ok
     markus

commit a5a3e3328ddce91e76f71ff479022d53e35c60c9
Author: jmc at openbsd.org <jmc at openbsd.org>
Date:   Thu Jan 22 21:00:42 2015 +0000

    upstream commit
    
    heirarchy -> hierarchy;

commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11
Author: deraadt at openbsd.org <deraadt at openbsd.org>
Date:   Thu Jan 22 20:24:41 2015 +0000

    upstream commit
    
    Provide a warning about chroot misuses (which sadly, seem
     to have become quite popular because shiny).  sshd cannot detect/manage/do
     anything about these cases, best we can do is warn in the right spot in the
     man page. ok markus

commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076
Author: deraadt at openbsd.org <deraadt at openbsd.org>
Date:   Tue Jan 20 23:14:00 2015 +0000

    upstream commit
    
    Reduce use of <sys/param.h> and transition to <limits.h>
     throughout. ok djm markus

commit 57e783c8ba2c0797f93977e83b2a8644a03065d8
Author: markus at openbsd.org <markus at openbsd.org>
Date:   Tue Jan 20 20:16:21 2015 +0000

    upstream commit
    
    kex_setup errors are fatal()

Summary of changes:
 PROTOCOL                               |  24 +++-
 auth.c                                 |   8 +-
 auth.h                                 |   6 +-
 authfile.c                             |   6 +-
 channels.c                             |   5 +-
 clientloop.c                           | 105 +++++++++++++++--
 deattack.c                             |   3 +-
 dh.c                                   |   5 +-
 groupaccess.c                          |   4 +-
 gss-genr.c                             |   3 +-
 gss-serv.c                             |   3 +-
 hostfile.c                             | 206 ++++++++++++++++++++++++++++++---
 hostfile.h                             |   5 +-
 kex.c                                  |   5 +-
 kex.h                                  |   7 +-
 kexc25519c.c                           |   6 +-
 kexc25519s.c                           |   8 +-
 kexdhc.c                               |   6 +-
 kexdhs.c                               |   8 +-
 kexecdhc.c                             |   6 +-
 kexecdhs.c                             |   8 +-
 kexgexc.c                              |   8 +-
 kexgexs.c                              |  10 +-
 key.c                                  |   4 +-
 krl.c                                  |  19 +--
 moduli.c                               |   9 +-
 monitor.c                              |   4 +-
 monitor_mm.c                           |   4 +-
 mux.c                                  |   3 +-
 packet.c                               |   5 +-
 readconf.c                             |  13 ++-
 readconf.h                             |   6 +-
 regress/Makefile                       |   7 +-
 regress/hostkey-rotate.sh              | 129 +++++++++++++++++++++
 regress/unittests/Makefile.inc         |   4 +-
 regress/unittests/kex/Makefile         |   5 +-
 regress/unittests/sshkey/test_fuzz.c   |   4 +-
 regress/unittests/sshkey/test_sshkey.c |   8 +-
 regress/unittests/test_helper/Makefile |   5 +-
 sandbox-systrace.c                     |   4 +-
 scp.1                                  |   5 +-
 serverloop.c                           |   4 +-
 sftp-client.c                          |   4 +-
 sftp-common.c                          |   4 +-
 sftp-server.c                          |  10 +-
 sftp.1                                 |   5 +-
 sftp.c                                 |   6 +-
 ssh-keyscan.c                          |   3 +-
 ssh-pkcs11-helper.c                    |   3 +-
 ssh.1                                  |   5 +-
 ssh.c                                  |   8 +-
 ssh_api.c                              |  16 +--
 ssh_config.5                           |  26 ++++-
 sshbuf.c                               |   4 +-
 sshconnect.c                           |  16 ++-
 sshconnect2.c                          |   6 +-
 sshd.c                                 |  69 +++++++++--
 sshd_config.5                          |  17 ++-
 sshkey.c                               | 110 ++++++++++++------
 sshkey.h                               |   9 +-
 sshlogin.c                             |   6 +-
 61 files changed, 807 insertions(+), 217 deletions(-)
 create mode 100644 regress/hostkey-rotate.sh

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list