[openssh-commits] [openssh] branch master updated (07889c7 -> 383f10f)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Nov 16 11:31:49 AEDT 2015 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  07889c7   read back from libcrypto RAND when privdropping
       new  7d4c751   upstream commit
       new  a7994b3   upstream commit
       new  b6b9108   upstream commit
       new  94bc0b7   upstream commit
       new  9fd0468   upstream commit
       new  d87063d   upstream commit
       new  f361df4   upstream commit
       new  1a11670   upstream commit
       new  e41a071   upstream commit
       new  383f10f   upstream commit

The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Nov 16 00:30:02 2015 +0000

    upstream commit
    
    Add a new authorized_keys option "restrict" that
     includes all current and future key restrictions (no-*-forwarding, etc). Also
     add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty".
     This simplifies the task of setting up restricted keys and ensures they are
     maximally-restricted, regardless of any permissions we might implement in the
     future.
    
    Example:
    
    restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...
    
    Idea from Jann Horn; ok markus@
    
    Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0

commit e41a071f7bda6af1fb3f081bed0151235fa61f15
Author: jmc at openbsd.org <jmc at openbsd.org>
Date:   Sun Nov 15 23:58:04 2015 +0000

    upstream commit
    
    correct section number for ssh-agent;
    
    Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6

commit 1a11670286acddcc19f5eff0966c380831fc4638
Author: jmc at openbsd.org <jmc at openbsd.org>
Date:   Sun Nov 15 23:54:15 2015 +0000

    upstream commit
    
    do not confuse mandoc by presenting "Dd";
    
    Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65

commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b
Author: jcs at openbsd.org <jcs at openbsd.org>
Date:   Sun Nov 15 22:26:49 2015 +0000

    upstream commit
    
    Add an AddKeysToAgent client option which can be set to
     'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When enabled, a
     private key that is used during authentication will be added to ssh-agent if
     it is running (with confirmation enabled if set to 'confirm').
    
    Initial version from Joachim Schipper many years ago.
    
    ok markus@
    
    Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4

commit d87063d9baf5479b6e813d47dfb694a97df6f6f5
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Nov 13 04:39:35 2015 +0000

    upstream commit
    
    send SSH2_MSG_UNIMPLEMENTED replies to unexpected
     messages during KEX; bz#2949, ok dtucker@
    
    Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786

commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Nov 13 04:38:06 2015 +0000

    upstream commit
    
    Support "none" as an argument for sshd_config
     ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
     global default. bz#2486 ok dtucker@
    
    Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5

commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Nov 13 04:34:15 2015 +0000

    upstream commit
    
    support multiple certificates (one per line) and
     reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
    
    Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db

commit b6b9108f5b561c83612cb97ece4134eb59fde071
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Nov 13 02:57:46 2015 +0000

    upstream commit
    
    list a couple more options usable in Match blocks;
     bz#2489
    
    Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879

commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Nov 11 04:56:39 2015 +0000

    upstream commit
    
    improve PEEK/POKE macros: better casts, don't multiply
     evaluate arguments; ok deraadt@
    
    Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e

commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Nov 11 01:48:01 2015 +0000

    upstream commit
    
    remove prototypes for long-gone s/key support; ok
     dtucker@
    
    Upstream-ID: db5bed3c57118af986490ab23d399df807359a79

Summary of changes:
 auth-options.c | 87 ++++++++++++++++++++++++++++++++++++++--------------------
 auth.h         |  4 +--
 kex.c          | 11 ++++++--
 monitor_wrap.h |  6 +---
 readconf.c     | 22 +++++++++++++--
 readconf.h     |  4 ++-
 servconf.c     | 13 ++++++++-
 ssh-agent.1    | 13 +++++++--
 ssh-keygen.1   |  6 ++--
 ssh-keygen.c   | 73 ++++++++++++++++++++++++++++++++++++------------
 ssh.1          |  9 ++++--
 ssh_config.5   | 37 +++++++++++++++++++++++--
 sshbuf.h       | 61 ++++++++++++++++++++--------------------
 sshconnect.c   | 30 +++++++++++++++++++-
 sshconnect.h   |  4 ++-
 sshconnect1.c  | 15 +++++++---
 sshconnect2.c  | 35 +++++++++++++----------
 sshd.8         | 36 ++++++++++++++++++++++--
 sshd_config.5  | 12 ++++++--
 19 files changed, 352 insertions(+), 126 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list