[openssh-commits] [openssh] branch master updated (e04823010 -> 6ab8133c0)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon May 5 14:59:33 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from e04823010 upstream: make writing known_hosts lines more atomic, by writing
     new 566443b5f upstream: correct log messages; the reap function is used for more
     new 80162f9d7 upstream: Move agent listener sockets from /tmp to under
     new 12912429c upstream: missing file in previous commit
     new 6ab8133c0 depend

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 6ab8133c067a8e91ba69ce7ca04f95b50f2f2d7b
Author: Damien Miller <djm at mindrot.org>
Date:   Mon May 5 14:59:30 2025 +1000

    depend

commit 12912429cf39cfeca97dd18a8f875ad9824d1751
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon May 5 03:35:06 2025 +0000

    upstream: missing file in previous commit
    
    OpenBSD-Commit-ID: e526c97fcb2fd9f0b7b229720972426ab437d7eb

commit 80162f9d7e7eadca4ffd0bd1c015d38cb1821ab6
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon May 5 02:48:06 2025 +0000

    upstream: Move agent listener sockets from /tmp to under
    
    ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8).
    
    This ensures processes (such as Firefox) that have restricted
    filesystem access that includes /tmp (via unveil(3)) do not have the
    ability to use keys in an agent.
    
    Moving the default directory has the consequence that the OS will no
    longer clean up stale agent sockets, so ssh-agent now gains this
    ability.
    
    To support $HOME on NFS, the socket path includes a truncated hash of
    the hostname. ssh-agent will by default only clean up sockets from
    the same hostname.
    
    ssh-agent gains some new flags: -U suppresses the automatic cleanup
    of stale sockets when it starts. -u forces a cleanup without
    keeping a running agent, -uu forces a cleanup that ignores the
    hostname. -T makes ssh-agent put the socket back in /tmp.
    
    feedback deraadt@ naddy@, doitdoitdoit deraadt@
    
    OpenBSD-Commit-ID: 8383dabd98092fe5498d5f7f15c7d314b03a93e1

commit 566443b5f5d7bc4c5310313b4e46232760850c7a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon May 5 02:40:30 2025 +0000

    upstream: correct log messages; the reap function is used for more
    
    than just the preauth process now
    
    OpenBSD-Commit-ID: 768c5b674bd77802bb197c31dba78559f1174c02

Summary of changes:
 .depend        |   1 +
 Makefile.in    |   6 +-
 hostfile.c     |   2 +-
 misc-agent.c   | 329 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 misc.c         |  17 ++-
 misc.h         |   8 +-
 monitor_wrap.c |   8 +-
 pathnames.h    |   9 +-
 session.c      |  34 +-----
 ssh-agent.1    |  32 +++++-
 ssh-agent.c    |  85 ++++++++++++---
 11 files changed, 470 insertions(+), 61 deletions(-)
 create mode 100644 misc-agent.c

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list