[openssh-commits] [openssh] branch master updated (ec8a759b -> 101ebc3a)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jan 29 18:53:00 AEDT 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  ec8a759b  compat for missing IPTOS_DSCP_LE in system headers
       new  156bef36  upstream: disable UpdateHostKeys=ask when in quiet mode; "work for
       new  24c0f752  upstream: changes to support FIDO attestation
       new  101ebc3a  upstream: give more context to UpdateHostKeys messages, mentioning

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 101ebc3a8cfa78d2e615afffbef9861bbbabf1ff
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jan 29 07:51:30 2020 +0000

    upstream: give more context to UpdateHostKeys messages, mentioning
    
    that the changes are validated by the existing trusted host key. Prompted by
    espie@ feedback and ok markus@
    
    OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5

commit 24c0f752adf9021277a7b0a84931bb5fe48ea379
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jan 28 08:01:34 2020 +0000

    upstream: changes to support FIDO attestation
    
    Allow writing to disk the attestation certificate that is generated by
    the FIDO token at key enrollment time. These certificates may be used
    by an out-of-band workflow to prove that a particular key is held in
    trustworthy hardware.
    
    Allow passing in a challenge that will be sent to the card during
    key enrollment. These are needed to build an attestation workflow
    that resists replay attacks.
    
    ok markus@
    
    OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6

commit 156bef36f93a48212383235bb8e3d71eaf2b2777
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jan 28 07:24:15 2020 +0000

    upstream: disable UpdateHostKeys=ask when in quiet mode; "work for
    
    me" matthieu@
    
    OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7

Summary of changes:
 PROTOCOL.u2f | 21 ++++++++++++---------
 clientloop.c | 23 ++++++++++++++++++++---
 sk-usbhid.c  |  1 +
 ssh-keygen.1 | 16 ++++++++++++++--
 ssh-keygen.c | 36 +++++++++++++++++++++++++++++++++---
 ssh-sk.c     | 10 +++++-----
 ssh.c        |  5 ++++-
 7 files changed, 89 insertions(+), 23 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list