[openssh-commits] [openssh] branch master updated (383a33d1 -> b5e412a8)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Sep 21 22:49:35 AEST 2018


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  383a33d1  upstream: Treat connections with ProxyJump specified the same as ones
       new  bbc8af72  upstream: In sshkey_in_file(), ignore keys that are considered for
       new  cb24d9fc  upstream: when compiled with GSSAPI support, cache supported method
       new  b5e412a8  upstream: Allow ssh_config ForwardX11Timeout=0 to disable the

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit b5e412a8993ad17b9e1141c78408df15d3d987e1
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Sep 21 12:46:22 2018 +0000

    upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
    
    timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@
    
    OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69

commit cb24d9fcc901429d77211f274031653476864ec6
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Sep 21 12:23:17 2018 +0000

    upstream: when compiled with GSSAPI support, cache supported method
    
    OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether
    GSSAPI authentication is enabled in the main config.
    
    This avoids sandbox violations for configurations that enable GSSAPI
    auth later, e.g.
    
    Match user djm
            GSSAPIAuthentication yes
    
    bz#2107; ok dtucker@
    
    OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d

commit bbc8af72ba68da014d4de6e21a85eb5123384226
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Sep 21 12:20:12 2018 +0000

    upstream: In sshkey_in_file(), ignore keys that are considered for
    
    being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
    to be "in the file". This allows key revocation lists to contain short keys
    without the entire revocation list being considered invalid.
    
    bz#2897; ok dtucker
    
    OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b

Summary of changes:
 authfile.c   | 14 ++++++++++----
 clientloop.c | 43 ++++++++++++++++++++++++++++---------------
 ssh_config.5 |  6 +++++-
 sshd.c       |  5 ++---
 4 files changed, 45 insertions(+), 23 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list