[openssh-commits] [openssh] branch master updated (46ecd19 -> 18813a3)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jul 8 13:51:42 AEST 2016


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  46ecd19   upstream commit
       new  772e6ce   upstream commit
       new  e683fc6   upstream commit
       new  71f5598   upstream commit
       new  6d31193   upstream commit
       new  18813a3   upstream commit

The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 18813a32b6fd964037e0f5e1893cb4468ac6a758
Author: guenther at openbsd.org <guenther at openbsd.org>
Date:   Mon Jul 4 18:01:44 2016 +0000

    upstream commit
    
    DEBUGLIBS has been broken since the gcc4 switch, so delete
    it.  CFLAGS contains -g by default anyway
    
    problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
    ok millert@ kettenis@ deraadt@
    
    Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542

commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Jul 8 03:44:42 2016 +0000

    upstream commit
    
    Improve crypto ordering for Encrypt-then-MAC (EtM) mode
    MAC algorithms.
    
    Previously we were computing the MAC, decrypting the packet and then
    checking the MAC. This gave rise to the possibility of creating a
    side-channel oracle in the decryption step, though no such oracle has
    been identified.
    
    This adds a mac_check() function that computes and checks the MAC in
    one pass, and uses it to advance MAC checking for EtM algorithms to
    before payload decryption.
    
    Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
    Martin Albrecht. feedback and ok markus@
    
    Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b

commit 71f5598f06941f645a451948c4a5125c83828e1c
Author: guenther at openbsd.org <guenther at openbsd.org>
Date:   Mon Jul 4 18:01:44 2016 +0000

    upstream commit
    
    DEBUGLIBS has been broken since the gcc4 switch, so
    delete it.  CFLAGS contains -g by default anyway
    
    problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
    ok millert@ kettenis@ deraadt@
    
    Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603

commit e683fc6f1c8c7295648dbda679df8307786ec1ce
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Thu Jun 30 05:17:05 2016 +0000

    upstream commit
    
    Explicitly check for 100% completion to avoid potential
    floating point rounding error, which could cause progressmeter to report 99%
    on completion. While there invert the test so the 100% case is clearer.  with
    & ok djm@
    
    Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d

commit 772e6cec0ed740fc7db618dc30b4134f5a358b43
Author: jmc at openbsd.org <jmc at openbsd.org>
Date:   Wed Jun 29 17:14:28 2016 +0000

    upstream commit
    
    sort the -o list;
    
    Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac

Summary of changes:
 .skipped-commit-ids                    |  1 +
 mac.c                                  | 23 ++++++++++++++++++++--
 mac.h                                  |  4 +++-
 packet.c                               | 35 +++++++++++++++++-----------------
 progressmeter.c                        |  8 ++++----
 regress/unittests/test_helper/Makefile |  3 +--
 scp.1                                  |  6 +++---
 sftp.1                                 |  6 +++---
 ssh.1                                  |  6 +++---
 9 files changed, 56 insertions(+), 36 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list