[openssh-commits] [openssh] branch master updated (1e0b248d -> 6bff9521)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Nov 15 09:57:35 AEDT 2019 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  1e0b248d  Put sshsk_sign call inside ifdef ENABLE_SK.
       new  72687c8e  upstream: stdarg.h required more broadly; ok djm
       new  40598b85  upstream: remove size_t gl_pathc < 0 test, it is invalid. the
       new  bf219920  upstream: fix shield/unshield for xmss keys: - in ssh-agent we need
       new  fc173aeb  upstream: When clients get denied by MaxStartups, send a
       new  dffd02e2  upstream: fix check for sig_s; noted by qsa at qualys.com
       new  4f5e331c  upstream: in order to be able to figure out the number of
       new  6bff9521  upstream: directly support U2F/FIDO2 security keys in OpenSSH by

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 6bff9521ab9a9f7396d635755c342b72373bb4f9
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Nov 14 21:27:29 2019 +0000

    upstream: directly support U2F/FIDO2 security keys in OpenSSH by
    
    linking against the (previously external) USB HID middleware. The dlopen()
    capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
    and test/debugging.
    
    OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069

commit 4f5e331cb8e11face3025aa6578662dde489c3ad
Author: markus at openbsd.org <markus at openbsd.org>
Date:   Wed Nov 13 22:00:21 2019 +0000

    upstream: in order to be able to figure out the number of
    
    signatures left on a shielded key, we need to transfer the number of
    signatures left from the private to the public key. ok djm@
    
    OpenBSD-Commit-ID: 8a5d0d260aeace47d372695fdae383ce9b962574

commit dffd02e297e6c2a4e86775f293eb1b0ff01fb3df
Author: markus at openbsd.org <markus at openbsd.org>
Date:   Wed Nov 13 20:25:45 2019 +0000

    upstream: fix check for sig_s; noted by qsa at qualys.com
    
    OpenBSD-Commit-ID: 34198084e4afb424a859f52c04bb2c9668a52867

commit fc173aeb1526d4268db89ec5dfebaf8750dd26cd
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Wed Nov 13 11:25:11 2019 +0000

    upstream: When clients get denied by MaxStartups, send a
    
    noification prior to the SSH2 protocol banner according to RFC4253 section
    4.2.  ok djm@ deraadt@ markus@
    
    OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63

commit bf219920b70cafbf29ebc9890ef67d0efa54e738
Author: markus at openbsd.org <markus at openbsd.org>
Date:   Wed Nov 13 07:53:10 2019 +0000

    upstream: fix shield/unshield for xmss keys: - in ssh-agent we need
    
    to delay the call to shield   until we have received key specific options. -
    when serializing xmss keys for shield we need to deal with   all optional
    components (e.g. state might not be loaded). ok djm@
    
    OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f

commit 40598b85d72a509566b7b2a6d57676c7231fed34
Author: deraadt at openbsd.org <deraadt at openbsd.org>
Date:   Wed Nov 13 05:42:26 2019 +0000

    upstream: remove size_t gl_pathc < 0 test, it is invalid. the
    
    return value from glob() is sufficient. discussed with djm
    
    OpenBSD-Commit-ID: c91203322db9caaf7efaf5ae90c794a91070be3c

commit 72687c8e7c38736e3e64e833ee7aa8f9cd9efed1
Author: deraadt at openbsd.org <deraadt at openbsd.org>
Date:   Wed Nov 13 04:47:52 2019 +0000

    upstream: stdarg.h required more broadly; ok djm
    
    OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513

Summary of changes:
 .depend        |  88 ++++----
 Makefile.in    |   5 +-
 auth2-chall.c  |   4 +-
 auth2-kbdint.c |   5 +-
 authfd.c       |   4 +-
 clientloop.c   |   4 +-
 configure.ac   |  33 +++
 match.c        |   4 +-
 readconf.c     |  13 +-
 session.c      |   4 +-
 sftp-glob.c    |   4 +-
 sk-usbhid.c    | 697 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 ssh-add.1      |   7 +-
 ssh-add.c      |   7 +-
 ssh-agent.c    |  17 +-
 ssh-keygen.1   |   9 +-
 ssh-keygen.c   |   7 +-
 ssh-sk.c       |  23 +-
 ssh.1          |  10 +-
 ssh_config.5   |   9 +-
 sshconnect.c   |   4 +-
 sshconnect2.c  |   4 +-
 sshd.c         |   5 +-
 sshkey-xmss.c  |  56 ++++-
 sshkey.c       |   9 +-
 sshkey.h       |   9 +-
 umac.c         |   2 +-
 27 files changed, 932 insertions(+), 111 deletions(-)
 create mode 100644 sk-usbhid.c

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list