[openssh-commits] [openssh] branch V_10_4 created (now e8dd75672)
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Jul 6 19:03:45 AEST 2026
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch V_10_4
in repository openssh.
at e8dd75672 autogenerated files for release
This branch includes the following new commits:
new d43ba60c9 upstream: Fix cases in GSSAPI and keyboard-interactive
new e8bdfb151 upstream: fix ownership and lifetime of several bits of client
new 5d04ca6af upstream: Fix multiple RFC 4462 (GSSAPIAuthentication) compliance
new 0210c7cc9 upstream: openssh-10.4
new 0227fe460 crank version numbers
new 449d25b4f depend
new e8dd75672 autogenerated files for release
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit e8dd756725e8800fcd0b3fd71ee6b4382d1e8fab
Author: Damien Miller <djm at mindrot.org>
Date: Mon Jul 6 17:57:12 2026 +1000
autogenerated files for release
commit 449d25b4f8b8d3bb55a865ebcbec17b39b37c208
Author: Damien Miller <djm at mindrot.org>
Date: Mon Jul 6 17:56:53 2026 +1000
depend
commit 0227fe4606ebf86b3f6f9b80af12e171eaa58416
Author: Damien Miller <djm at mindrot.org>
Date: Mon Jul 6 17:56:10 2026 +1000
crank version numbers
commit 0210c7cc942ee54bd6a647d5732df9786c4b08d0
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Jul 6 07:54:26 2026 +0000
upstream: openssh-10.4
OpenBSD-Commit-ID: ce7b0749e5139c70410ee92a13d368d7d34262b5
commit 5d04ca6af739b82fd30d84d2783ca802ebfa1192
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Jul 6 07:53:30 2026 +0000
upstream: Fix multiple RFC 4462 (GSSAPIAuthentication) compliance
problems
1) Remove an early failure return for GSSAPI authentication attempts
made for invalid accounts that yielded different behaviour for
valid vs invalid accounts.
2) Fix a situation where some GSSAPI requestes were not correctly
subjected to MaxAuthTries.
3) Fix a moderate pre-authentication resource DoS related to #2.
Add missing logging for error cases.
Report and fixes from Manfred Kaiser, milCERT AT
OpenBSD-Commit-ID: ca0acdd64eea435d6f89534538a9eb404a5629d3
commit d43ba60c91cb323ca921049b7d43b1908c318454
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Jul 6 07:44:48 2026 +0000
upstream: Fix cases in GSSAPI and keyboard-interactive
authentication where the minimum per-attempt delay was not being enforced.
Reported by Orange Cyberdefense Vulnerability Team
OpenBSD-Commit-ID: c40bd35cc2428fcaccad7a141703c28baa6da01e
commit e8bdfb151a356d0171fea4194dd205fbb252be23
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Jul 6 07:49:58 2026 +0000
upstream: fix ownership and lifetime of several bits of client
state that need to persist for the life of the connection, especially the
cached hostkey that was being incorrectly freed early on some paths, possibly
allowing its use after free.
Reported by Zhenpeng (Leo) Lin from depthfirst.com
OpenBSD-Commit-ID: faaa6ad72e7d69d41fa8b197b606265b7d9bc73f
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list