[openssh-commits] [openssh] branch master updated (713d9cb5 -> de1920d7)

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Mar 3 14:39:53 AEDT 2018 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  713d9cb5  upstream: Allow escaped quotes \" and \' in ssh_config and
       new  f493d2b0  upstream: apply a lick of paint; tweaks/ok dtucker
       new  26074380  upstream: warn when the agent returns a signature type that was
       new  90c4bec8  upstream: Introduce a new API for handling authorized_keys options.
       new  7c856857  upstream: switch over to the new authorized_keys options API and
       new  3d1edd1e  upstream: better testing for port-forwarding and restrict flags in
       new  dc3e92df  upstream: fix testing of pty option, include positive test and
       new  de1920d7  upstream: unit tests for new authorized_keys options API

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit de1920d743d295f50e6905e5957c4172c038e8eb
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sat Mar 3 03:16:17 2018 +0000

    upstream: unit tests for new authorized_keys options API
    
    OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1

commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Mar 2 02:53:27 2018 +0000

    upstream: fix testing of pty option, include positive test and
    
    testing of restrict keyword
    
    OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d

commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Mar 2 02:51:55 2018 +0000

    upstream: better testing for port-forwarding and restrict flags in
    
    authorized_keys
    
    OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa

commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sat Mar 3 03:15:51 2018 +0000

    upstream: switch over to the new authorized_keys options API and
    
    remove the legacy one.
    
    Includes a fairly big refactor of auth2-pubkey.c to retain less state
    between key file lines.
    
    feedback and ok markus@
    
    OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df

commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sat Mar 3 03:06:02 2018 +0000

    upstream: Introduce a new API for handling authorized_keys options.
    
    This API parses options to a dedicated structure rather than the old API's
    approach of setting global state. It also includes support for merging
    options, e.g. from authorized_keys, authorized_principals and/or
    certificates.
    
    feedback and ok markus@
    
    OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2

commit 26074380767e639ef89321610e146ae11016b385
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sat Mar 3 03:01:50 2018 +0000

    upstream: warn when the agent returns a signature type that was
    
    different to what was requested. This might happen when an old/non-OpenSSH
    agent is asked to make a rsa-sha2-256/512 signature but only supports
    ssh-rsa. bz#2799 feedback and ok markus@
    
    OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce

commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc
Author: jmc at openbsd.org <jmc at openbsd.org>
Date:   Fri Mar 2 21:40:15 2018 +0000

    upstream: apply a lick of paint; tweaks/ok dtucker
    
    OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703

Summary of changes:
 .depend                                            |    7 +-
 auth-options.c                                     | 1173 +++++++++++---------
 auth-options.h                                     |  104 +-
 auth-pam.c                                         |    4 +-
 auth-pam.h                                         |    4 +-
 auth-passwd.c                                      |   30 +-
 auth.c                                             |  180 ++-
 auth.h                                             |   28 +-
 auth2-none.c                                       |    4 +-
 auth2-passwd.c                                     |    4 +-
 auth2-pubkey.c                                     |  532 ++++++---
 auth2.c                                            |    4 +-
 misc.c                                             |    3 +-
 monitor.c                                          |   70 +-
 monitor_wrap.c                                     |   44 +-
 monitor_wrap.h                                     |   11 +-
 regress/forward-control.sh                         |   29 +-
 regress/key-options.sh                             |   43 +-
 regress/unittests/Makefile                         |    3 +-
 regress/unittests/authopt/testdata/all_permit.cert |    1 +
 .../unittests/authopt/testdata/bad_sourceaddr.cert |    1 +
 .../unittests/authopt/testdata/force_command.cert  |    1 +
 regress/unittests/authopt/testdata/host.cert       |    1 +
 regress/unittests/authopt/testdata/mktestdata.sh   |   48 +
 .../unittests/authopt/testdata/no_agentfwd.cert    |    1 +
 regress/unittests/authopt/testdata/no_permit.cert  |    1 +
 regress/unittests/authopt/testdata/no_portfwd.cert |    1 +
 regress/unittests/authopt/testdata/no_pty.cert     |    1 +
 regress/unittests/authopt/testdata/no_user_rc.cert |    1 +
 regress/unittests/authopt/testdata/no_x11fwd.cert  |    1 +
 .../unittests/authopt/testdata/only_agentfwd.cert  |    1 +
 .../unittests/authopt/testdata/only_portfwd.cert   |    1 +
 regress/unittests/authopt/testdata/only_pty.cert   |    1 +
 .../unittests/authopt/testdata/only_user_rc.cert   |    1 +
 .../unittests/authopt/testdata/only_x11fwd.cert    |    1 +
 regress/unittests/authopt/testdata/sourceaddr.cert |    1 +
 .../authopt/testdata/unknown_critical.cert         |    1 +
 regress/unittests/authopt/tests.c                  |  573 ++++++++++
 serverloop.c                                       |   33 +-
 session.c                                          |   85 +-
 ssh-keyscan.1                                      |  102 +-
 ssh-keyscan.c                                      |    4 +-
 sshconnect2.c                                      |   41 +-
 sshd.c                                             |   12 +-
 44 files changed, 2291 insertions(+), 901 deletions(-)
 create mode 100644 regress/unittests/authopt/testdata/all_permit.cert
 create mode 100644 regress/unittests/authopt/testdata/bad_sourceaddr.cert
 create mode 100644 regress/unittests/authopt/testdata/force_command.cert
 create mode 100644 regress/unittests/authopt/testdata/host.cert
 create mode 100644 regress/unittests/authopt/testdata/mktestdata.sh
 create mode 100644 regress/unittests/authopt/testdata/no_agentfwd.cert
 create mode 100644 regress/unittests/authopt/testdata/no_permit.cert
 create mode 100644 regress/unittests/authopt/testdata/no_portfwd.cert
 create mode 100644 regress/unittests/authopt/testdata/no_pty.cert
 create mode 100644 regress/unittests/authopt/testdata/no_user_rc.cert
 create mode 100644 regress/unittests/authopt/testdata/no_x11fwd.cert
 create mode 100644 regress/unittests/authopt/testdata/only_agentfwd.cert
 create mode 100644 regress/unittests/authopt/testdata/only_portfwd.cert
 create mode 100644 regress/unittests/authopt/testdata/only_pty.cert
 create mode 100644 regress/unittests/authopt/testdata/only_user_rc.cert
 create mode 100644 regress/unittests/authopt/testdata/only_x11fwd.cert
 create mode 100644 regress/unittests/authopt/testdata/sourceaddr.cert
 create mode 100644 regress/unittests/authopt/testdata/unknown_critical.cert
 create mode 100644 regress/unittests/authopt/tests.c

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list