[openssh-commits] [openssh] branch master updated (d902d728 -> 97f9b6e6)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Nov 19 08:13:05 AEDT 2021


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  d902d728  Correct calculation of tv_nsec in poll().
       new  c74aa0eb  upstream: ssh-keygen -Y find-principals was verifying key validity
       new  97f9b6e6  upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 97f9b6e61316c97a32dad94b7a37daa9b5f6b836
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Nov 18 21:11:01 2021 +0000

    upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we
    
    already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries
    that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364
    
    OpenBSD-Commit-ID: 054d4dc1d6a99a2e6f8eebc48207b534057c154d

commit c74aa0eb73bd1edf79947d92d9c618fc3424c4a6
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Nov 18 03:50:41 2021 +0000

    upstream: ssh-keygen -Y find-principals was verifying key validity
    
    when using ca certs but not with simple key lifetimes within the allowed
    signers file.
    
    Since it returns the first keys principal it finds this could
    result in a principal with an expired key even though a valid
    one is just below.
    
    patch from Fabian Stelzer; feedback/ok djm markus
    
    OpenBSD-Commit-ID: b108ed0a76b813226baf683ab468dc1cc79e0905

Summary of changes:
 ssh-pkcs11.c |   9 +++---
 sshsig.c     | 101 +++++++++++++++++++++--------------------------------------
 2 files changed, 41 insertions(+), 69 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list