[openssh-commits] [openssh] branch master updated (d902d728 -> 97f9b6e6)
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Nov 19 08:13:05 AEDT 2021
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from d902d728 Correct calculation of tv_nsec in poll().
new c74aa0eb upstream: ssh-keygen -Y find-principals was verifying key validity
new 97f9b6e6 upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit 97f9b6e61316c97a32dad94b7a37daa9b5f6b836
Author: djm at openbsd.org <djm at openbsd.org>
Date: Thu Nov 18 21:11:01 2021 +0000
upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we
already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries
that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364
OpenBSD-Commit-ID: 054d4dc1d6a99a2e6f8eebc48207b534057c154d
commit c74aa0eb73bd1edf79947d92d9c618fc3424c4a6
Author: djm at openbsd.org <djm at openbsd.org>
Date: Thu Nov 18 03:50:41 2021 +0000
upstream: ssh-keygen -Y find-principals was verifying key validity
when using ca certs but not with simple key lifetimes within the allowed
signers file.
Since it returns the first keys principal it finds this could
result in a principal with an expired key even though a valid
one is just below.
patch from Fabian Stelzer; feedback/ok djm markus
OpenBSD-Commit-ID: b108ed0a76b813226baf683ab468dc1cc79e0905
Summary of changes:
ssh-pkcs11.c | 9 +++---
sshsig.c | 101 +++++++++++++++++++++--------------------------------------
2 files changed, 41 insertions(+), 69 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list