[openssh-commits] [openssh] branch V_10_4 created (now e8dd75672)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Jul 6 19:03:45 AEST 2026


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch V_10_4
in repository openssh.

      at e8dd75672 autogenerated files for release

This branch includes the following new commits:

     new d43ba60c9 upstream: Fix cases in GSSAPI and keyboard-interactive
     new e8bdfb151 upstream: fix ownership and lifetime of several bits of client
     new 5d04ca6af upstream: Fix multiple RFC 4462 (GSSAPIAuthentication) compliance
     new 0210c7cc9 upstream: openssh-10.4
     new 0227fe460 crank version numbers
     new 449d25b4f depend
     new e8dd75672 autogenerated files for release

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit e8dd756725e8800fcd0b3fd71ee6b4382d1e8fab
Author: Damien Miller <djm at mindrot.org>
Date:   Mon Jul 6 17:57:12 2026 +1000

    autogenerated files for release

commit 449d25b4f8b8d3bb55a865ebcbec17b39b37c208
Author: Damien Miller <djm at mindrot.org>
Date:   Mon Jul 6 17:56:53 2026 +1000

    depend

commit 0227fe4606ebf86b3f6f9b80af12e171eaa58416
Author: Damien Miller <djm at mindrot.org>
Date:   Mon Jul 6 17:56:10 2026 +1000

    crank version numbers

commit 0210c7cc942ee54bd6a647d5732df9786c4b08d0
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jul 6 07:54:26 2026 +0000

    upstream: openssh-10.4
    
    OpenBSD-Commit-ID: ce7b0749e5139c70410ee92a13d368d7d34262b5

commit 5d04ca6af739b82fd30d84d2783ca802ebfa1192
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jul 6 07:53:30 2026 +0000

    upstream: Fix multiple RFC 4462 (GSSAPIAuthentication) compliance
    
    problems
    
    1) Remove an early failure return for GSSAPI authentication attempts
    made for invalid accounts that yielded different behaviour for
    valid vs invalid accounts.
    
    2) Fix a situation where some GSSAPI requestes were not correctly
    subjected to MaxAuthTries.
    
    3) Fix a moderate pre-authentication resource DoS related to #2.
    
    Add missing logging for error cases.
    
    Report and fixes from Manfred Kaiser, milCERT AT
    
    OpenBSD-Commit-ID: ca0acdd64eea435d6f89534538a9eb404a5629d3

commit d43ba60c91cb323ca921049b7d43b1908c318454
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jul 6 07:44:48 2026 +0000

    upstream: Fix cases in GSSAPI and keyboard-interactive
    
    authentication where the minimum per-attempt delay was not being enforced.
    
    Reported by Orange Cyberdefense Vulnerability Team
    
    OpenBSD-Commit-ID: c40bd35cc2428fcaccad7a141703c28baa6da01e

commit e8bdfb151a356d0171fea4194dd205fbb252be23
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jul 6 07:49:58 2026 +0000

    upstream: fix ownership and lifetime of several bits of client
    
    state that need to persist for the life of the connection, especially the
    cached hostkey that was being incorrectly freed early on some paths, possibly
    allowing its use after free.
    
    Reported by Zhenpeng (Leo) Lin from depthfirst.com
    
    OpenBSD-Commit-ID: faaa6ad72e7d69d41fa8b197b606265b7d9bc73f

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list