[openssh-commits] [openssh] branch master updated (6ebd472c3 -> 2ebc63842)

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Aug 7 09:47:20 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from 6ebd472c3 upstream: a bunch of the protocol extensions we support now have RFCs
     new 2a31009c3 upstream: Use the operating system default DSCP marking for
     new 9ffa98111 upstream: when refusing a certificate for user authentication, log
     new 60b909fb1 upstream: Improve sentence. ok djm@
     new 2ebc63842 upstream: all state related to the ssh connection should live in

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 2ebc6384258b58ace0ad2adb2593744f62749235
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Aug 6 23:44:09 2025 +0000

    upstream: all state related to the ssh connection should live in
    
    struct ssh or struct packet_state; one static int escaped this rule, so move
    it to struct packet_state now.
    
    ok millert tb
    
    OpenBSD-Commit-ID: bd6737168bf61a836ffbdc99ee4803468db90a53

commit 60b909fb110f77c1ffd15cceb5d09b8e3f79b27e
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Wed Aug 6 11:22:53 2025 +0000

    upstream: Improve sentence. ok djm@
    
    OpenBSD-Commit-ID: 9c481ddd6bad110af7e530ba90db41f6d5fe2273

commit 9ffa98111dbe53bf86d07da8e01ded8c5c25456b
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Aug 6 04:53:04 2025 +0000

    upstream: when refusing a certificate for user authentication, log
    
    enough information to identify the certificate in addition to the reason why
    it was being denied. Makes debugging certificate authz problems a bit easier.
    
    ok dlg@
    
    OpenBSD-Commit-ID: 4c4621b2e70412754b3fe7540af8f4bf02b722b1

commit 2a31009c36eb2da412c2784fe131fcb6ba800978
Author: job at openbsd.org <job at openbsd.org>
Date:   Tue Aug 5 09:08:16 2025 +0000

    upstream: Use the operating system default DSCP marking for
    
    non-interactive traffic
    
    It seems the CS1 traffic class mark is considered ambiguous and therefore
    somewhat unhelpful (see RFC 8622 for more considerations). But, the new
    'LE' scavenger class (also proposed in RFC 8622) offers high probability
    of excessive delays & high packet loss, which would be inappropriate
    for use with, for example, X11 forwardings. In fact, it is not known to
    SSH what's appropriate because SSH is not aware of the content of what
    passing through session forwardings. Therefore, no marking is appropriate.
    Non-interactive traffic simply is best effort.
    
    OK djm@ deraadt@
    
    OpenBSD-Commit-ID: db1da1a432ecd53fc28feb84287aedb6bec80b01

Summary of changes:
 PROTOCOL           |  6 +++---
 auth2-hostbased.c  | 14 +++++++++++---
 auth2-pubkey.c     | 12 +++++++++---
 auth2-pubkeyfile.c | 23 ++++++++++++++++-------
 packet.c           | 14 ++++++++++----
 readconf.c         |  4 ++--
 servconf.c         |  4 ++--
 ssh_config.5       |  8 ++++----
 sshd_config.5      |  8 ++++----
 9 files changed, 61 insertions(+), 32 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list