[openssh-commits] [openssh] branch master updated (b4ac435b -> c1c2ca13)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jun 21 15:14:04 AEST 2023 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  b4ac435b  upstream: reset comment=NULL for each key in do_fingerprint();
       new  8d33f2aa  upstream: prepare for support for connecting to unix domain sockets
       new  a69062f1  upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtucker
       new  4e73cd0f  upstream: make `ssh -Q CASignatureAlgorithms` only list signature
       new  c1c2ca13  upstream: better validate CASignatureAlgorithms in ssh_config and

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit c1c2ca1365b3f7b626683690bd2c68265f6d8ffd
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jun 21 05:10:26 2023 +0000

    upstream: better validate CASignatureAlgorithms in ssh_config and
    
    sshd_config.
    
    Previously this directive would accept certificate algorithm names, but
    these were unusable in practice as OpenSSH does not support CA chains.
    
    part of bz3577; ok dtucker@
    
    OpenBSD-Commit-ID: a992d410c8a78ec982701bc3f91043dbdb359912

commit 4e73cd0f4ab3e5b576c56cac9732da62c8fc0565
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jun 21 05:08:32 2023 +0000

    upstream: make `ssh -Q CASignatureAlgorithms` only list signature
    
    algorithms that are valid for CA signing. Previous behaviour was to list all
    signing algorithms, including certificate algorithms (OpenSSH certificates do
    not support CA chains). part of bz3577; ok dtucker@
    
    OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59

commit a69062f1695ac9c3c3dea29d3044c72aaa6af0ea
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jun 21 05:06:04 2023 +0000

    upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtucker
    
    bz3581
    
    OpenBSD-Commit-ID: 31cf59c041becc0e5ccb0a77106f812c4cd1cd74

commit 8d33f2aa6bb895a7f85a47189913639086347b75
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jun 20 23:59:33 2023 +0000

    upstream: prepare for support for connecting to unix domain sockets
    
    using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from
    the u32 that's passed over the multiplexing socket; previously code would
    just cast, which is UB.
    
    OpenBSD-Commit-ID: e5ac5f40d354096c51e8c118a5c1b2d2b7a31384

Summary of changes:
 mux.c         | 29 ++++++++++++++++++++++-------
 readconf.c    | 10 +++++++---
 servconf.c    | 10 ++++++++--
 ssh-keyscan.c | 14 ++++++++------
 ssh.1         |  6 ++++--
 ssh.c         |  6 ++++--
 sshkey.c      |  7 +++++--
 sshkey.h      |  4 ++--
 8 files changed, 60 insertions(+), 26 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list