[openssh-commits] [openssh] branch master updated (dd9d9b33 -> 22376d27)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Sep 4 09:39:01 AEST 2017 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  dd9d9b33  Switch Capsicum header to sys/capsicum.h.
       new  a54eb27d  upstream commit
       new  530591a5  upstream commit
       new  6227fe5b  upstream commit
       new  71e5a536  upstream commit
       new  8042bad9  upstream commit
       new  b828605d  upstream commit
       new  ff3c4238  upstream commit
       new  22376d27  upstream commit

The 8 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Sep 3 23:33:13 2017 +0000

    upstream commit
    
    Expand ssh_config's StrictModes option with two new
    settings:
    
    StrictModes=accept-new will automatically accept hitherto-unseen keys
    but will refuse connections for changed or invalid hostkeys.
    
    StrictModes=off is the same as StrictModes=no
    
    Motivation:
    
    StrictModes=no combines two behaviours for host key processing:
    automatically learning new hostkeys and continuing to connect to hosts
    with invalid/changed hostkeys. The latter behaviour is quite dangerous
    since it removes most of the protections the SSH protocol is supposed to
    provide.
    
    Quite a few users want to automatically learn hostkeys however, so
    this makes that feature available with less danger.
    
    At some point in the future, StrictModes=no will change to be a synonym
    for accept-new, with its current behaviour remaining available via
    StrictModes=off.
    
    bz#2400, suggested by Michael Samuel; ok markus
    
    Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64

commit ff3c42384033514e248ba5d7376aa033f4a2b99a
Author: jmc at openbsd.org <jmc at openbsd.org>
Date:   Fri Sep 1 15:41:26 2017 +0000

    upstream commit
    
    remove blank line;
    
    Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423

commit b828605d51f57851316d7ba402b4ae06cf37c55d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Sep 1 05:53:56 2017 +0000

    upstream commit
    
    identify the case where SSHFP records are missing but
    other DNS RR types are present and display a more useful error message for
    this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
    
    Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244

commit 8042bad97e2789a50e8f742c3bcd665ebf0add32
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Sep 1 05:50:48 2017 +0000

    upstream commit
    
    document available AuthenticationMethods; bz#2453 ok
    dtucker@
    
    Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0

commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Aug 30 03:59:08 2017 +0000

    upstream commit
    
    pass packet state down to some of the channels function
    (more to come...); ok markus@
    
    Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b

commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5
Author: jmc at openbsd.org <jmc at openbsd.org>
Date:   Tue Aug 29 13:05:58 2017 +0000

    upstream commit
    
    sort options;
    
    Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c

commit 530591a5795a02d01c78877d58604723918aac87
Author: dlg at openbsd.org <dlg at openbsd.org>
Date:   Tue Aug 29 09:42:29 2017 +0000

    upstream commit
    
    add a -q option to ssh-add to make it quiet on success.
    
    if you want to silence ssh-add without this you generally redirect
    the output to /dev/null, but that can hide error output which you
    should see.
    
    ok djm@
    
    Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c

commit a54eb27dd64b5eca3ba94e15cec3535124bd5029
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Sun Aug 27 00:38:41 2017 +0000

    upstream commit
    
    Increase the buffer sizes for user prompts to ensure that
    they won't be truncated by snprintf.  Based on patch from cjwatson at
    debian.org via bz#2768, ok djm@
    
    Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e

Summary of changes:
 channels.c    | 18 +++++++-------
 channels.h    |  8 +++----
 clientloop.c  |  8 +++----
 dns.c         | 14 ++++++-----
 dns.h         |  3 ++-
 readconf.c    | 19 +++++++++++----
 readconf.h    |  7 +++++-
 serverloop.c  |  8 +++----
 ssh-add.1     |  8 ++++---
 ssh-add.c     | 36 ++++++++++++++++++----------
 ssh_config.5  | 18 ++++++++++----
 sshconnect.c  | 77 ++++++++++++++++++++++++++++++++++++++++++++++-------------
 sshconnect2.c |  6 ++---
 sshd_config.5 | 16 +++++++++++--
 14 files changed, 170 insertions(+), 76 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list