[openssh-commits] [openssh] branch master updated (d028d5d -> 1364079)

git+noreply at mindrot.org git+noreply at mindrot.org
Thu May 21 16:47:09 AEST 2015


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  d028d5d   upstream commit
       new  9173d0f   upstream commit
       new  7cc44ef   upstream commit
       new  d80fbe4   upstream commit
       new  24232a3   upstream commit
       new  bcc50d8   upstream commit
       new  84452c5   upstream commit
       new  1364079   upstream commit

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 13640798c7dd011ece0a7d02841fe48e94cfa0e0
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu May 21 06:44:25 2015 +0000

    upstream commit
    
    regress test for AuthorizedPrincipalsCommand
    
    Upstream-Regress-ID: c658fbf1ab6b6011dc83b73402322e396f1e1219

commit 84452c5d03c21f9bfb28c234e0dc1dc67dd817b1
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu May 21 06:40:02 2015 +0000

    upstream commit
    
    regress test for AuthorizedKeysCommand arguments
    
    Upstream-Regress-ID: bbd65c13c6b3be9a442ec115800bff9625898f12

commit bcc50d816187fa9a03907ac1f3a52f04a52e10d1
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu May 21 06:43:30 2015 +0000

    upstream commit
    
    add AuthorizedPrincipalsCommand that allows getting
     authorized_principals from a subprocess rather than a file, which is quite
     useful in deployments with large userbases
    
    feedback and ok markus@
    
    Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6

commit 24232a3e5ab467678a86aa67968bbb915caffed4
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu May 21 06:38:35 2015 +0000

    upstream commit
    
    support arguments to AuthorizedKeysCommand
    
    bz#2081 loosely based on patch by Sami Hartikainen
    feedback and ok markus@
    
    Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7

commit d80fbe41a57c72420c87a628444da16d09d66ca7
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu May 21 04:55:51 2015 +0000

    upstream commit
    
    refactor: split base64 encoding of pubkey into its own
     sshkey_to_base64() function and out of sshkey_write(); ok markus@
    
    Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a

commit 7cc44ef74133a473734bbcbd3484f24d6a7328c5
Author: deraadt at openbsd.org <deraadt at openbsd.org>
Date:   Mon May 18 15:06:05 2015 +0000

    upstream commit
    
    getentropy() and sendsyslog() have been around long
     enough. openssh-portable may want the #ifdef's but not base. discussed with
     djm few weeks back
    
    Upstream-ID: 0506a4334de108e3fb6c66f8d6e0f9c112866926

commit 9173d0fbe44de7ebcad8a15618e13a8b8d78902e
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Fri May 15 05:44:21 2015 +0000

    upstream commit
    
    Use a salted hash of the lock passphrase instead of plain
     text and do constant-time comparisons of it. Should prevent leaking any
     information about it via timing, pointed out by Ryan Castellucci.  Add a 0.1s
     incrementing delay for each failed unlock attempt up to 10s.  ok markus@
     (earlier version), djm@
    
    Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f

Summary of changes:
 auth2-pubkey.c                | 612 +++++++++++++++++++++++++++++++++---------
 regress/Makefile              |   5 +-
 regress/keys-command.sh       |  59 +++-
 regress/principals-command.sh | 139 ++++++++++
 sandbox-systrace.c            |  20 +-
 servconf.c                    |  37 ++-
 servconf.h                    |  10 +-
 ssh-agent.c                   |  53 +++-
 sshd.c                        |   7 +-
 sshd_config.5                 |  58 +++-
 sshkey.c                      | 174 ++++++------
 sshkey.h                      |   3 +-
 12 files changed, 929 insertions(+), 248 deletions(-)
 create mode 100644 regress/principals-command.sh

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list