[openssh-commits] [openssh] annotated tag V_10_0_P1 created (now d14e182eb)
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Apr 9 17:50:54 AEST 2025
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_10_0_P1
in repository openssh.
at d14e182eb (tag)
tagging 2593769fb291fe6c542173927698c69e9f9a08b9 (commit)
replaces V_9_7_P1
by Damien Miller
on Wed Apr 9 17:02:49 2025 +1000
- Log -----------------------------------------------------------------
openssh-10.0p1
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
hhNTEyAAAAeAAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASQAA
ACEAvgL0J5nb9hd/qSjPyyFq7saZW7cRUx3+YgvlePbUDzIAAAAgcNAcM4e1utUQ6DUqDx
DGvj/L7ISZosCC24rXyQNBufwAAAAKfQ==
-----END SSH SIGNATURE-----
90 (1):
Fix missing header for systemd notification
Alexander Kanavin (1):
Skip 2038 key expiry test on 64 bit time_t systems.
Alkaid (1):
Fix OpenSSL ED25519 support detection
Antonio Larrosa (1):
Don't skip audit before exitting cleanup_exit
Arnout Engelen (1):
mdoc2man: balance nested square brackets
Christoph Ostarek (1):
fix utmpx ifdef
Collin Funk (1):
Include fcntl.h so AT_FDCWD does not get redefined.
Damien Miller (77):
add new token-based signing key for dtucker@
notify systemd on listen and reload
depend
sync getrrsetbyname.c with recent upstream changes
Makefile support for sshd-session
attempt at updating RPM specs for sshd-session
remove remaining use_privsep mention
rename need_privsep to need_chroot
depend
remove PRIVSEP macros for osx
whitespace
missing file for PerSourcePenalties regress test
delay lookup of privsep user until config loaded
fix PTY allocation on Cygwin, broken by sshd split
typo in comment
prepare for checking in autogenerated files
sshd: don't use argv[0] as PAM service name
add a sshd_config PamServiceName option
skip penalty-expire test in valgrind test env
minix doesn't have loopback, so skip penalty tests
propagate PAM crashes to PerSourcePenalties
DSA support is disabled, so remove from fuzzers
missed a bit of DSA in the fuzzer
PAMServiceName may appear in a Match block
version numbers
remove gratuitious difference from OpenBSD
sync TEST_MALLOC_OPTIONS for OpenBSD
retire testing aginst older LibreSSL versions
missed OPENSSL_HAS_ECC case
fix merge botch that broke !OPENSSL_HAS_ECC
more OPENSSL_HAS_ECC
private key coredump protection for Linux/FreeBSD
simplify sshkey_prekey_alloc(); always use mmap
fix incorrect default for PasswordAuthentication
add basic fuzzers for our import of sntrup761
test for compiler feature needed for ML-KEM
fix previous; check for C99 compound literals
declare defeat trying to detect C89 compilers
stubs for ML-KEM KEX functions
use construct_utmp to construct btmp records
avoid gcc warning in fuzz test
fix bug in recently-added sntrup761 fuzzer
conditionally include mman.h in arc4random code
include openbsd-compat/base64.c license in LICENSE
update version numbers
build construct_utmp() when USE_BTMP is set
gss-serv.c needs sys/param.h
depend
there's only one sandbox, move to a static global
put back some portable bits for sshd-auth.c
fix capsicum sandbox
fix breakage; missing saved_argc symbol
Fix lookup path for sshd-auth; bz3745
htole64() etc for systems without endian.h
fix uint64_t types; reported by Tom G. Christensen
Add git signing key for Tim Rice
Support systemd-style socket activation in agent
don't ignore changes in regress Makefiles
add a Makefile target for ssh-verify-attestation
typo
add support for AWS-LC (AWS libcrypto)
depend
depend
openssh-9.9p2
remove ubuntu-20.04 Github action runners
Add ubuntu-*-arm test runners
adjust workflows for ubuntu version transition
Update AWS-LC version number
prune gcc/clang versions to be tested
cleanup last mention of ubuntu-20.04
Try to fix github tcmalloc target failure
include __builtin_popcount replacement function
rebuild .depend
remove all instances of -pie from LDFLAGS
initialise websafe_allowlist in agent fuzzer
update version numbers
autogenerated files for release
Daniil Tatianin (2):
platform: introduce a way to hook new session start
Add support for locking memory on Linux
Darren Tucker (71):
Improve detection of -fzero-call-used-regs=used.
Update branches shown on ci-status to 9.7 and 9.6.
Move xpg4 'id' handling into test-exec.sh.
Add Mac OS X 14 test targets.
If we're using xpg4's id, remember to pass args.
Add short names for test jobs on github CI.
Be more specific about when to rerun workflows.
Ensure /usr/local/etc exists before using in tests.
Better short name for OpenBSD upstream CI jobs too.
Really mkdir /usr/local/etc in CI tests.
Resync with upstream: ${} around DATAFILE.
Fix name of OpenBSD upstream CI jobs.
Rearrange selfhosted VM scheduling.
Check if OpenSSL implementation supports DSA.
Port changes from selfhosted to upstream tests.
Update LibreSSL and OpenSSL versions tested.
Remove 9.6 branch from status page.
Merge flags for OpenSSL 3.x versions.
Remove macos-11 runner.
Restart sshd after installing it for testing.
Need to supply "-f" to restart sshd.
Move -f to the place needed to restart sshd.
Rerun upstream tests on .sh file changes too.
Add 9.8 branch to ci-status page.
Cast to sockaddr * in systemd interface.
Check for SA_RESTART before using it.
Explicitly install libssl-devel cygwin.
Add compat functions for EVP_Digest{Sign,Verify}.
Move rekey test into valgrind-2.
Also test PAM on dfly64.
Wrap stdint.h in ifdef.
Add omnios test target.
Spell omnios test host correctly.
Add 9.9 branch to CI status console.
Test the flags from OpenWRT's package.
MacOS 12 runners are deprecated, replace with 15.
Seed RNG when starting up sshd-auth.
Remove references to systrace and pledge sandboxes.
Resync cvsid missed in commit 6072e4c9.
Simplify pselect shim and remove side effects.
Retire the minix3 test config.
Add nbsd10 default test config.
Test new OpenSSL and LibreSSL releases.`
Correct path to c-cpp.yml file in workflow config.
Allow overridding TEST_SSH_SSHD.
Test bigendian interop.
Ignore chown failure, eg due to dangling symlinks.
Add keytype to bigendian interop test.
Reshuffle OpenWRT test configs.
Disable security key for bigendian interop.
Update readme files to better reflect reality.
Skip 64bit expiry time test on 32bit time_t.
Change text from "login to" to "log in to".
Add new hardware-backed signing key for myself.
Check for le32toh, le64toh, htole64 individually.
Rebuild config files if Makefile changes.
Lazily unmount github workspace at end of workflow.
Add OpenBSD upstream test on obsdsnap-arm64.
Make sure upstream tests run on correct hardware.
Also lazily unmount workspace in case of straggers.
Fix debug log path.
Identify each logfile while printing them.
Fix syntax error in workflow.
Fix another typo in workflow.
Differentiate logfiles better.
Fix workflow syntax again.
Test with-linux-memlock-onfault in kitchensink.
Include TCMALLOC_STACKTRACE_METHOD in output.
Add PuTTY 0.81, 0.82 and 0.83 to tests.
Add tcmalloc flags to TEST_SSH_SSHD_ENV.
Be explicit about environment variables for tests.
Eero Häkkinen (1):
Expose SSH_AUTH_INFO_0 always to PAM auth modules.
Fabio Pedretti (1):
Remove ancient RHL 6.x config in RPM spec.
Jeremy Stott (1):
Add make target for standalone sk-libfido2
Jonas 'Sortie' Termansen (3):
Define u_short and u_long if needed.
Inherit DESTDIR from the environment.
Fix configure implicit declaration and format warnings.
Pavel Miadzvedzeu (1):
Fix "undeclared 'ut'" error by replacing it with 'utx'
Philip Hands (11):
put the -i before -[pP] (matching man pages)
avoid extra space when no arg given to -i option
ensure ERROR output goes to STDERR
quote to avoid potential for word splitting
assert that SCRATCH_DIR is a writable directory
add $HOME to ERROR if one cannot write to ~/.ssh
ensure that we're always told the source of keys
avoid exploring .ssh/id*.pub subdirectories
restore optionality of -i's argument
update copyright notices
make sure that usage & man page match
Preetish Amballi (1):
Updated gitignore to ignore sshd-session and sshd-auth targets
Samuel Thibault (1):
Fix detection of setres*id on GNU/Hurd
Shiva Kaul (1):
Fix compilation with DEBUG_SK enabled
Shreyas Mahangade (2):
Show identity file in 'ssh' command
Minor space issue fixed
Thorsten Kukuk (1):
Add wtmpdb support as Y2038 safe wtmp replacement
Tim Rice (1):
fix old typo (s/SYSVINITSTOPT/SYSVINITSTOP/)
Wu Weixin (1):
Fix without_openssl always being set to 1
Xavier Hsinyuan (2):
Fix configure message typo in sk-libfido2 standalone.
Add $(srcdir) for standalone sk-libfido2 make target.
Yuichiro Naito (1):
Class-imposed login restrictions
anton at openbsd.org (3):
upstream: Since ssh-agent(1) is only readable by root by now, use
upstream: Add missing kex-names.c source file required since the
upstream: Stop using DSA in dropbear interop tests.
claudio at openbsd.org (1):
upstream: Remove unused ptr[3] char array in pkcs11_decode_hex.
deraadt at openbsd.org (16):
upstream: new-style relink kit for sshd. The old scheme created
upstream: also create a relink kit for ssh-agent, since it is a
upstream: Use strtonum() instead of severely non-idomatic
upstream: Replace non-idiomatic strtoul(, 16) to parse a region
upstream: rewrite convtime() to use a isdigit-scanner and
upstream: can shortcut by returning strtonum() value directly; ok
upstream: for parse_ipqos(), use strtonum() instead of mostly
upstream: Oops, incorrect hex conversion spotted by claudio.
upstream: construct and install a relink-kit for sshd-session ok
upstream: -Werror was turned on (probably just for development),
upstream: enable -fret-clean on amd64, for libc libcrypto ld.so
upstream: avoid shadowing issues which some compilers won't accept
upstream: save_errno wrappers inside two small signal handlers that
upstream: Instead of using possibly complex ssh_signal(), write all
upstream: As defined in the RFC, the SSH protocol has negotiable
upstream: Also prohibit , (comma) in hostnames, proposed by David
djm at openbsd.org (164):
upstream: optional debugging
upstream: allow WAYLAND_DISPLAY to enable SSH_ASKPASS
upstream: in OpenSSH private key format, correct type for subsequent
upstream: add explict check for server hostkey type against
upstream: correctly restore sigprocmask around ppoll() reported
upstream: add missing reserved fields to key constraint protocol
upstream: stricter validation of messaging socket fd number; disallow
upstream: flush stdout after writing "sftp>" prompt when not using
upstream: fix home-directory extension implementation, it always
upstream: simplify exit message handling, which was more complicated
upstream: Start the process of splitting sshd into separate
upstream: missing files from previous
upstream: fix incorrect debug option name introduce in previous
upstream: allow overriding the sshd-session binary path
upstream: g/c unused variable
upstream: this test has been broken since 2014, and has been
upstream: don't need sys/queue.h here
upstream: typos
upstream: warn when -r (deprecated option to disable re-exec) is
upstream: be really strict with fds reserved for communication with the
upstream: Add a facility to sshd(8) to penalise particular
upstream: disable stderr redirection before closing fds
upstream: prepare for PerSourcePenalties being enabled by default
upstream: simplify
upstream: make sure logs are saved from sshd run via start_sshd
upstream: regress test for PerSourcePenalties
upstream: mention that PerSourcePenalties don't affect concurrent
upstream: enable PerSourcePenalties by default.
upstream: correct error message
upstream: log waitpid() status for abnormal exits
upstream: reap the [net] child if it hangs up while writing privsep
upstream: update to mention that PerSourcePenalties default to
upstream: move tree init before possible early return
upstream: fix off-by-one comparison for PerSourcePenalty
upstream: a little more RB_TREE paranoia
upstream: reap the pre-auth [net] child if it hangs up during privsep
upstream: fix PIDFILE handling, broken for SUDO=doas in last commit
upstream: reap preauth net child if it hangs up during privsep message
upstream: split PerSourcePenalties address tracking. Previously it
upstream: specify an algorithm for ssh-keyscan, otherwise it will make
upstream: make host/banner comments go to stderr instead of stdout,
upstream: don't redirect stderr for ssh-keyscan we expect to succeed
upstream: split the PerSourcePenalties test in two: one tests penalty
upstream: ssh-keyscan -q man bits
upstream: clarify KEXAlgorithms supported vs available. Inspired by
upstream: crank up penalty timeouts so this should work on even the
upstream: penalty test is still a bit racy
upstream: same treatment for this test
upstream: promote connection-closed messages from verbose to info
upstream: disable the DSA signature algorithm by default; ok
upstream: put back reaping of preauth child process when writes
upstream: stricter check for overfull tables in penalty record path
upstream: mention SshdSessionPath option
upstream: move child process waitpid() loop out of SIGCHLD handler;
upstream: retire unused API
upstream: delete obsolete comment
upstream: use "lcd" to change directory before "lls" rather then "cd",
upstream: when sending ObscureKeystrokeTiming chaff packets, we
upstream: openssh-9.8
upstream: fix grammar: "a pattern lists" -> "one or more pattern
upstream: don't need return at end of void function
upstream: correct keyword; from Yatao Su via GHPR509
upstream: mention mux proxy mode
upstream: Fix proxy multiplexing (-O proxy) bug
upstream: reduce logingrace penalty.
upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API.
upstream: test transfers in mux proxy mode too
upstream: adapt to EVP_PKEY conversion
upstream: fix swapping of source and destination addresses in some sshd
upstream: fix minor memory leak in Subsystem option parsing; from
upstream: mention that ed25519 is the default key type generated and
upstream: place shielded keys (i.e. keys at rest in RAM) into memory
upstream: actually use the length parameter that was passed in rather
upstream: sntrup761x25519-sha512 now has an IANA codepoint assigned, so
upstream: fix test: -F is the argument to specify a non-default
upstream: Add experimental support for hybrid post-quantum key exchange
upstream: missing ifdef
upstream: allow the "Include" directive to expand the same set of
upstream: regression test for Include variable expansion
upstream: fix RCSID in output
upstream: be more strict in parsing key type names. Only allow
upstream: make parsing user at host consistently look for the last '@' in
upstream: pull post-quantum ML-KEM/x25519 key exchange out from
upstream: test mlkem768x25519-sha256
upstream: Relax absolute path requirement back to what it was prior to
upstream: Do not apply authorized_keys options when signature
upstream: include pathname in some of the ssh-keygen passphrase
upstream: switch "Match" directive processing over to the argv
upstream: switch sshd_config Match processing to the argv tokeniser
upstream: Add a sshd_config "RefuseConnection" option
upstream: Add a "refuseconnection" penalty class to sshd_config
upstream: add a "Match invalid-user" predicate to sshd_config Match
upstream: document Match invalid-user
upstream: update the Streamlined NTRU Prime code from the "ref"
upstream: bad whitespace in config dump output
upstream: use 64 bit math to avoid signed underflow. upstream code
upstream: openssh-9.9
upstream: some extra paranoia, reminded by jsg@
upstream: fix regression introduced when I switched the "Match"
upstream: fix previous change to ssh_config Match, which broken on
upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
upstream: don't start the ObscureKeystrokeTiming mitigations if
upstream: Split per-connection sshd-session binary
upstream: test some more Match syntax, including criteria=arg and
upstream: regress support for split sshd-auth binary
upstream: s/Sx/Cm/ for external references; from Domen Puncer
upstream: unreachable POLLERR case; from ya0guang via GHPR485
upstream: remove addr.[ch] functions that are unused and
upstream: require control-escape character sequences passed via the '-e
upstream: in _ssh_order_hostkeyalgs() consider ECDSA curve type when
upstream: ssh-keyscan doesn't need it's own sshfatal() definition, it
upstream: allow "-" as output file for moduli screening
upstream: remove duplicate check; GHPR392 from Pedro Martelletto
upstream: mention that LocalForward and RemoteForward can accept Unix
upstream: relax valid_domain() checks to allow an underscore as the
upstream: amake ssh-agent drop all keys when it receives SIGUSR1;
upstream: test SIGUSR1 dropping all keys from ssh-agent
upstream: promote mlkem768x25519-sha256 to be the default key exchange;
upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by
upstream: explicitly include endian.h
upstream: ssh-agent implemented an all-or-nothing allow-list of
upstream: turn off CDIAGFLAGS and turn back on INSTALL_STRIP
upstream: when using RSA keys to sign messages, select the
upstream: Explicitly specify the signature algorithm when signing
upstream: regression test for UpdateHostkeys with multiple keys backed
upstream: g/c outdated XXX comments
upstream: mention that biometrics may be used for FIDO key user
upstream: new name/link for agent I-D
upstream: fix argument of "Compression" directive in ssh -G config
upstream: prefer AES-GCM to AES-CTR; ok deraadt markus
upstream: unbreak
upstream: support FIDO tokens that return no attestation data, e.g.
upstream: don't screw up ssh-keygen -l output when the file
upstream: sync the list of options accepted by -o with ssh_config.5
upstream: add a work-in-progress tool to verify FIDO attestation
upstream: sync -o option lists with ssh.1; requested jmc@
upstream: ignore SIGPIPE here; some downstreams have had this for
upstream: clarify encoding of options/extensions; bz2389
upstream: support VersionAddendum in the client, mirroring the
upstream: allow glob(3) patterns for sshd_config AuthorizedKeysFile
upstream: add infrastructure for ratelimited logging; feedback/ok
upstream: replace bespoke logging of MaxSessions enforcement with
upstream: fix "Match invalid-user" from incorrectly being activated
upstream: include line number in Match debug messages, makes it a
upstream: include arguments the command was invoked with, and
upstream: "Match command ..." support for ssh_config to allow
upstream: Add support for "Match sessiontype" to ssh_config. Allows
upstream: add "Match version" support to ssh_config. Allows
upstream: Don't reply to PING in preauth phase or during KEX
upstream: Fix cases where error codes were not correctly set
upstream: ressurect fix for "match invalid-user" that got clobbered
upstream: whitespace
upstream: fix PerSourcePenalty incorrectly using "crash" penalty when
upstream: implement attestation verification for ED25519 keys
upstream: use glob(3) wildcards in AuthorizedKeys/PrincipalsFile
upstream: remove assumption that the sshd_config and any configs
upstream: fix NULL dereference for Match conditions missing
upstream: remove ability to enable DSA support. Actual code will be
upstream: typo
upstream: typo
upstream: typo
upstream: oops, I accidentally backed out the typo fix
upstream: Fix logic error in DisableForwarding option. This option
upstream: openssh-10.0
dlg at openbsd.org (1):
upstream: add a random amount of time (up to 4 seconds) to the
dtucker at openbsd.org (61):
upstream: Import regenerated moduli.
upstream: In PuTTY interop test, don't assume the PuTTY major
upstream: Increase timeout. Resyncs with portable where some of
upstream: Save error code from SSH for use inside case statement,
upstream: Improve shell portability: grep -q is not portable so
upstream: Verify string returned from local shell command.
upstream: test -h is the POSIXly way of testing for a symlink. Reduces
upstream: Use egrep instead of grep -E.
upstream: Re-enable ssh-dss tests
upstream: Rework dropbear key setup
upstream: Use ed25519 keys for kex tests
upstream: Provide defaults for ciphers and macs
upstream: Remove dropbear key types not supported
upstream: Work around dbclient cipher/mac query bug.
upstream: Unnest rekey param parsing test and use ssh not sshd.
upstream: Remove duplicate curve25519-sha256 kex.
upstream: Add Compression=no to default ssh_config.
upstream: Set a default RekeyLimit of 256k.
upstream: Merge AEAD test into main test loop.
upstream: Send only as much data as needed to trigger rekeying. Speeds
upstream: Use curve25519-sha256 kex where possible.
upstream: Import regenerated moduli.
upstream: Some awks won't match on the \r so delete it instead. Fixes
upstream: Use aes128-ctr for MAC tests since default has implicit MAC.
upstream: Make debug call printf("%s", NULL) safe.
upstream: Add a sshd debug wrapper
upstream: Remove sshd logfile in start_sshd
upstream: Import regenerated moduli.
upstream: Improve description of KbdInteractiveAuthentication.
upstream: Remove fallback to compiled-in gropup for dhgex when the
upstream: Don't assume existence of SK provider in test. Patch from
upstream: Prevent integer overflow in x11 port handling. These are
upstream: De-magic the x11 base port number into a define. ok djm@
upstream: Add key expiry test in the 64bit time_t range for additional
upstream: Change "login again" to "log in again"
upstream: Expand $SSH to absolute path if it's not already.
upstream: Plug leak on error path, spotted by Coverity. ok djm@
upstream: Use strprefix helper when processing sshd -C test args
upstream: Call log_init in sshd-auth and sshd-session immediately
upstream: Fix debug logging of user specific delay. Patch from
upstream: Allow %-token and environment variable expansion in User,
upstream: Make a copy of the user when handling ssh -l, so that
upstream: Add %-token and environment variable expansion to SetEnv.
upstream: Tests for User expansion of %-tokens and environment
upstream: Also test User expansions when supplied via -l option and
upstream: Test for %-token and env var expansion in SetEnv.
upstream: Set highwater when resuming a "put". Prevents bogus "server
upstream: Check if dbclient supports SHA1 before trying SHA1-based
upstream: Use $DBCLIENT to access dbclient for consistency.
upstream: Set up dbclient's known_hosts as it expects.
upstream: Use ssh binary instead of the (smaller) script when
upstream: Add regress test for sftp resume.
upstream: Some dd's don't understand "1m", so handle seperately.
upstream: Prime caches for DNS names needed for tests.
upstream: Prevent theoretical NULL deref in throughlocal_sftp.
upstream: chown log directory in addition to log files.
upstream: Add TEST_SSH_SSHD_ENV variable which is added to sshd's
upstream: Set sshd environment variables during sshd test run too.
upstream: Pass "ControlMaster no" to ssh when invoked by scp & sftp.
upstream: Add TEST_SSH_SSHD_ENV to sshd lines here too.
upstream: Include time.h for time().
jca at openbsd.org (1):
upstream: Ignore extra groups that don't fit in the buffer passed
jmc at openbsd.org (9):
upstream: escape the final dot at eol in "e.g." to avoid double
upstream: do not mark up "(default: 20ms)";
upstream: sort -q in the options list;
upstream: - uppercase start of sentence - correct sentence grammar
upstream: ssl(8) no longer contains a HISTORY section;
upstream: envrionment -> environment;
upstream: minor grammar/sort fixes for refuseconnection; ok djm
upstream: remove some unneeded Xo/Xc calls; from evan silberman the
upstream: - use \& when contructs like "e.g." end a line, to avoid
job at openbsd.org (1):
upstream: Clarify how literal IPv6 addresses can be used in -J mode
jsg at openbsd.org (11):
upstream: correct indentation; no functional change ok tb@
upstream: spelling; ok djm@
upstream: remove externs for removed vars; ok djm@
upstream: remove prototypes with no matching function; ok djm@
upstream: remove unused struct fwd_perm_list, no decl with complete
upstream: fix double word; ok dtucker@
upstream: remove unneeded semicolons; checked by millert@
upstream: remove some unused defines; ok djm@
upstream: remove some unused defines; ok djm@
upstream: remove duplicate misc.h include ok dtucker@
upstream: spelling; ok djm@
miod at openbsd.org (1):
upstream: Do not pass -Werror if building with gcc 3, for asn1.h
naddy at openbsd.org (10):
upstream: remove duplicate copy of relink kit for sshd-session
upstream: Do not pass -Werror twice when building with clang.
upstream: remove references to SSH1 and DSA server keys
upstream: separate keywords with comma
upstream: remove one more mention of DSA
upstream: document the reduced logingrace penalty
upstream: document the mlkem768x25519-sha256 key exchange algorithm
upstream: mention SshdAuthPath option; ok djm@
upstream: mlkem768x25519-sha256 has been promoted to default key
upstream: catch up documentation: AES-GCM is preferred to AES-CTR
renmingshuai (1):
Shell syntax fix (leftover from a sync).
schwarze at openbsd.org (1):
upstream: In a section 1 manual, use the plain English words
semarie at openbsd.org (1):
upstream: set right mode on ssh-agent at boot-time
tb at openbsd.org (3):
upstream: Remove redundant field of definition check
upstream: Fix EVP_CIPHER_CTX_ctrl() return checks
upstream: Wrap #include <openssl/dsa.h> in #ifdef WITH_DSA
tobias at openbsd.org (6):
upstream: never close stdin
upstream: remove SSH1 leftovers
upstream: Fix typo in comment
upstream: Use freezero for better readability
upstream: Extend sshbuf validation
upstream: Reorder calloc arguments
-----------------------------------------------------------------------
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list