[openssh-commits] [openssh] branch master updated (b06a150bc -> fda31e1e5)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Sep 29 13:25:08 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from b06a150bc Stop testing OpenBSD ubsan until fixed upstream.
     new b1c4bf5c2 upstream: avoid use-after-free in update_krl_from_file() found with
     new bcd88ded2 upstream: kbd-interactive device names should be matched against
     new fda31e1e5 upstream: avoid spurious error message when loading certificates

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit fda31e1e5179b4e70c27094ebb303ee47c11a5a7
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Sep 29 03:17:54 2025 +0000

    upstream: avoid spurious error message when loading certificates
    
    only bz3869
    
    OpenBSD-Commit-ID: e7848fec50d15cc142fed946aa8f79abef3c5be7

commit bcd88ded2fff97652d4236405a3354ca66f90f7e
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Sep 29 02:32:15 2025 +0000

    upstream: kbd-interactive device names should be matched against
    
    the full device name, not a prefix. Doesn't matter in practice as there is
    only one kbd-int device supported (PAM xor BSD auth), and an attacker would
    still need to successfully authenticate against an incorrectly-selected
    device.
    
    reported by ashamedbit, NobleMathews; ok deraadt@
    
    OpenBSD-Commit-ID: cf75d4f99405fbb41354c4ae724a3b39a3b58f82

commit b1c4bf5c2f1c2b30698dbaadc5d823862213f1fc
Author: jsg at openbsd.org <jsg at openbsd.org>
Date:   Thu Sep 25 12:52:21 2025 +0000

    upstream: avoid use-after-free in update_krl_from_file() found with
    
    clang scan-build, ok dtucker@
    
    OpenBSD-Commit-ID: 8ec86eca573740c94d5bc7e252959174555f4eb8

Summary of changes:
 auth2-chall.c |  9 ++++++---
 ssh-add.c     | 39 ++++++++++++++++++++-------------------
 ssh-keygen.c  |  4 +++-
 3 files changed, 29 insertions(+), 23 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list