[openssh-commits] [openssh] branch master updated (32deb00b3 -> dc5147028)
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Aug 18 13:56:46 AEST 2025
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from 32deb00b3 upstream: Cast serial no for %lld to prevent compiler warnings on some
new a00f5b02e handle futex_time64 properly in seccomp sandbox
new 3a039108b allow some socket syscalls in seccomp sandbox
new 80b5ffd22 upstream: make -E a no-op in sshd-auth. Redirecting logging to a
new 9b61679d7 upstream: add channel_report_open() to report (to logs) open
new f807a598c upstream: SIGINFO handler for ssh(1) to dump active
new dc5147028 upstream: SIGINFO handler for sshd(8) to dump active
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit dc5147028ff19213a32281dad07bba02e58da3fa
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Aug 18 03:29:11 2025 +0000
upstream: SIGINFO handler for sshd(8) to dump active
channels/sessions ok deraadt@
OpenBSD-Commit-ID: 9955cb6d157c6d7aa23a819e8ef61b1edabc8b7d
commit f807a598c96be683d97810481e954ec9db6b0027
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Aug 18 03:28:36 2025 +0000
upstream: SIGINFO handler for ssh(1) to dump active
channels/sessions ok deraadt@
OpenBSD-Commit-ID: 12f88a5044bca40ef5f41ff61b1755d0e25df901
commit 9b61679d73a8a001c25ab308db8a3162456010cf
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Aug 18 03:28:02 2025 +0000
upstream: add channel_report_open() to report (to logs) open
channels; ok deraadt@ (as part of bigger diff)
OpenBSD-Commit-ID: 7f691e25366c5621d7ed6f7f9018d868f7511c0d
commit 80b5ffd22abd4093201939e31d1ea6dc8cc7913a
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Aug 18 01:59:53 2025 +0000
upstream: make -E a no-op in sshd-auth. Redirecting logging to a
file doesn't work in this program as logging already goes via the parent
sshd-session process. ok dtucker@
OpenBSD-Commit-ID: 73325b9e69364117c18305f896c620a3abcf4f87
commit 3a039108bd25ff10047d7fa64750ed7df10c717c
Author: Damien Miller <djm at mindrot.org>
Date: Mon Aug 18 13:46:37 2025 +1000
allow some socket syscalls in seccomp sandbox
Allow getsockname(2), getpeername(2) and getsockopt(2).
Also allow setsockopt(2) but only IP_TOS and IPV6_TCLASS.
Note that systems that use the older socketcall(2) mux syscall will
not have IP_TOS and IPV6_TCLASS allowlisted. On these platforms,
these calls will be soft-blocked (i.e. will fail rather than
terminate the whole process with a sandbox violation).
Needed for upcoming IPQoS change; ok dtucker@
commit a00f5b02e171bc6d6fb130050afb7a08f5ece1d8
Author: Damien Miller <djm at mindrot.org>
Date: Mon Aug 18 13:44:53 2025 +1000
handle futex_time64 properly in seccomp sandbox
Previously we only allowed __NR_futex, but some 32-bit systems
apparently support __NR_futex_time64. We had support for this
in the sandbox, but because of a macro error only __NR_futex was
allowlisted.
ok dtucker@
Summary of changes:
channels.c | 17 ++++++++++++++-
channels.h | 3 ++-
clientloop.c | 20 ++++++++++++++---
sandbox-seccomp-filter.c | 56 ++++++++++++++++++++++++++++++++++++++++++------
serverloop.c | 20 ++++++++++++++---
sshd-auth.c | 21 ++----------------
6 files changed, 104 insertions(+), 33 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list