[openssh-commits] [openssh] branch master updated (cf6c0b3b9 -> a5a1b7e75)

git+noreply at mindrot.org git+noreply at mindrot.org
Thu May 21 14:06:47 AEST 2026 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from cf6c0b3b9 upstream: fix hard-to-reach NULL deref during pubkey auth
     new 33392024f upstream: avoid validating bad cipher or mac lists in config files
     new 62fce7613 upstream: chacha: avoid -Wunterminated-string-initialization
     new e5c9cf9ac upstream: mention usefulness of request type allow/denylisting for
     new a5a1b7e75 upstream: mention that compression could potentially leak

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit a5a1b7e75389231bf817433d93f15732ba13c0ad
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu May 21 04:04:57 2026 +0000

    upstream: mention that compression could potentially leak
    
    information about session contents (cf. the CRIME attack on TLS) if a
    connection allows attacker- controlled traffic over it alongside trused
    traffic. This might occur in some forwarding scenarios.
    
    with deraadt@
    
    OpenBSD-Commit-ID: 03d145cdbf3a8713e8309724b5c9a9b76c317749

commit e5c9cf9ac7543a5e59dabf11f993a9c032b9b71f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu May 21 02:50:59 2026 +0000

    upstream: mention usefulness of request type allow/denylisting for
    
    servers accepting untrusted clients
    
    OpenBSD-Commit-ID: 8b991bd263b46374a8e73f02d05cdccca73ae520

commit 62fce76130485773c635da8adaeb7de78382a5f0
Author: tb at openbsd.org <tb at openbsd.org>
Date:   Mon May 18 04:14:57 2026 +0000

    upstream: chacha: avoid -Wunterminated-string-initialization
    
    warning
    
    The sizes of sigma[] and tau[] aren't used, so include a trailing NUL and
    thereby avoid upsetting modern compilers about use of dangerous, valid C.
    
    ok deraadt djm
    
    OpenBSD-Commit-ID: 030a71ff16bb1e6135170c6507bc558eabe7345c

commit 33392024f46e7aabaeaf947cc3b110d60a9fd9e3
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed May 13 05:58:58 2026 +0000

    upstream: avoid validating bad cipher or mac lists in config files
    
    / commandline arguments as valid.
    
    Identified by SUSE and reported by Camila Camargo de Matos
    
    ok deraadt@ tb@
    
    OpenBSD-Commit-ID: 45d51154f2418549e08b80fa33df6c6532046054

Summary of changes:
 chacha.c      |  6 +++---
 cipher.c      |  8 +++++---
 mac.c         |  8 +++++---
 sftp-server.8 | 15 +++++++++++++--
 ssh_config.5  | 11 +++++++++--
 sshd_config.5 | 11 +++++++++--
 6 files changed, 44 insertions(+), 15 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list