[openssh-commits] [openssh] branch master updated (07889c7 -> 383f10f)
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Nov 16 11:31:49 AEDT 2015
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from 07889c7 read back from libcrypto RAND when privdropping
new 7d4c751 upstream commit
new a7994b3 upstream commit
new b6b9108 upstream commit
new 94bc0b7 upstream commit
new 9fd0468 upstream commit
new d87063d upstream commit
new f361df4 upstream commit
new 1a11670 upstream commit
new e41a071 upstream commit
new 383f10f upstream commit
The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Nov 16 00:30:02 2015 +0000
upstream commit
Add a new authorized_keys option "restrict" that
includes all current and future key restrictions (no-*-forwarding, etc). Also
add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty".
This simplifies the task of setting up restricted keys and ensures they are
maximally-restricted, regardless of any permissions we might implement in the
future.
Example:
restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...
Idea from Jann Horn; ok markus@
Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0
commit e41a071f7bda6af1fb3f081bed0151235fa61f15
Author: jmc at openbsd.org <jmc at openbsd.org>
Date: Sun Nov 15 23:58:04 2015 +0000
upstream commit
correct section number for ssh-agent;
Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6
commit 1a11670286acddcc19f5eff0966c380831fc4638
Author: jmc at openbsd.org <jmc at openbsd.org>
Date: Sun Nov 15 23:54:15 2015 +0000
upstream commit
do not confuse mandoc by presenting "Dd";
Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b
Author: jcs at openbsd.org <jcs at openbsd.org>
Date: Sun Nov 15 22:26:49 2015 +0000
upstream commit
Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during authentication will be added to ssh-agent if
it is running (with confirmation enabled if set to 'confirm').
Initial version from Joachim Schipper many years ago.
ok markus@
Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
commit d87063d9baf5479b6e813d47dfb694a97df6f6f5
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Nov 13 04:39:35 2015 +0000
upstream commit
send SSH2_MSG_UNIMPLEMENTED replies to unexpected
messages during KEX; bz#2949, ok dtucker@
Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786
commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Nov 13 04:38:06 2015 +0000
upstream commit
Support "none" as an argument for sshd_config
ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
global default. bz#2486 ok dtucker@
Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Nov 13 04:34:15 2015 +0000
upstream commit
support multiple certificates (one per line) and
reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
commit b6b9108f5b561c83612cb97ece4134eb59fde071
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Nov 13 02:57:46 2015 +0000
upstream commit
list a couple more options usable in Match blocks;
bz#2489
Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879
commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Nov 11 04:56:39 2015 +0000
upstream commit
improve PEEK/POKE macros: better casts, don't multiply
evaluate arguments; ok deraadt@
Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e
commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Nov 11 01:48:01 2015 +0000
upstream commit
remove prototypes for long-gone s/key support; ok
dtucker@
Upstream-ID: db5bed3c57118af986490ab23d399df807359a79
Summary of changes:
auth-options.c | 87 ++++++++++++++++++++++++++++++++++++++--------------------
auth.h | 4 +--
kex.c | 11 ++++++--
monitor_wrap.h | 6 +---
readconf.c | 22 +++++++++++++--
readconf.h | 4 ++-
servconf.c | 13 ++++++++-
ssh-agent.1 | 13 +++++++--
ssh-keygen.1 | 6 ++--
ssh-keygen.c | 73 ++++++++++++++++++++++++++++++++++++------------
ssh.1 | 9 ++++--
ssh_config.5 | 37 +++++++++++++++++++++++--
sshbuf.h | 61 ++++++++++++++++++++--------------------
sshconnect.c | 30 +++++++++++++++++++-
sshconnect.h | 4 ++-
sshconnect1.c | 15 +++++++---
sshconnect2.c | 35 +++++++++++++----------
sshd.8 | 36 ++++++++++++++++++++++--
sshd_config.5 | 12 ++++++--
19 files changed, 352 insertions(+), 126 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list