[openssh-commits] [openssh] branch master updated (f44f124a2 -> 7ab700f17)
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat May 30 23:30:26 AEST 2026
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from f44f124a2 upstream: Test all mutually supported algorithms,
new 7fbe3e440 upstream: add a -V flag to print the version, but mostly as a way
new 3a05a07e7 upstream: use "ssh-agent -V" to test the binary is functional after
new 26a8c13e6 upstream: ssh-agent: add -V to usage()
new 3bee4a1a2 upstream: ssh: use sentinel idiom for timegm(3) and mktime(3)
new 169082213 upstream: Use the new RELINK feature in bsd.prog.mk to build the
new 4f4aeee6e sandbox-seccomp-filter: remove duplicate SC_ALLOW(__NR_clock_gettime64)
new 7ab700f17 Make failure to set SECCOMP or NO_NEW_PRIVS fatal
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit 7ab700f1706b154d4bc5cf66e19c05be6d9b1fc1
Author: Damien Miller <djm at mindrot.org>
Date: Sat May 30 23:24:01 2026 +1000
Make failure to set SECCOMP or NO_NEW_PRIVS fatal
If your Linux system lacks support for these then please don't
enable the seccomp sandbox.
Prompted by manfred.kaiser at ssh-mitm.at
commit 4f4aeee6edaa248f1e7ce22ee3f35ce183eabf38
Author: Manfred Kaiser <manfred.kaiser at ssh-mitm.at>
Date: Sun May 24 09:53:42 2026 +0200
sandbox-seccomp-filter: remove duplicate SC_ALLOW(__NR_clock_gettime64)
The syscall is already permitted at line 297 in its own ifdef guard.
No functional change.
commit 16908221360a01b1801c6ca70c26b73c83509ea3
Author: deraadt at openbsd.org <deraadt at openbsd.org>
Date: Wed May 27 13:57:26 2026 +0000
upstream: Use the new RELINK feature in bsd.prog.mk to build the
relink kits.
OpenBSD-Commit-ID: df5c950444e208b320265fa8a1afd676e2edfa6e
commit 3bee4a1a260809992a0877d7ef202c4ff3e0be24
Author: tb at openbsd.org <tb at openbsd.org>
Date: Wed May 27 13:54:15 2026 +0000
upstream: ssh: use sentinel idiom for timegm(3) and mktime(3)
There is nothing wrong with times before the epoch, even -1, so use the
idiom recently added to the CAVEATS section to figure out whether there
was an error in the timegm() or mktime() calls.
We should sweep the tree for this. If anyone is bored, feel free to beat
me to it...
ok deraadt djm
OpenBSD-Commit-ID: e2b1721966dc782e776db5d6cfb18958534f9d4b
commit 26a8c13e6154a905b4eaf48798b134372747e86f
Author: tb at openbsd.org <tb at openbsd.org>
Date: Wed May 27 03:28:07 2026 +0000
upstream: ssh-agent: add -V to usage()
ok djm
OpenBSD-Commit-ID: ea9bc250ce34c4c8317896673ca37f3ee17223c7
commit 3a05a07e78f7b88ba70fa7f96808bcb86a55cbe8
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed May 27 03:05:21 2026 +0000
upstream: use "ssh-agent -V" to test the binary is functional after
relinking requested deraadt@
OpenBSD-Commit-ID: eb4169949bf61188fb7336b11b73833019d10d7b
commit 7fbe3e440eae0cd2315545ce5abd89e936b3a92f
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed May 27 03:04:30 2026 +0000
upstream: add a -V flag to print the version, but mostly as a way
to check the binary is functional; ok deraadt@
OpenBSD-Commit-ID: 0cc5cb22cbfe09ac4c316dd5da0af7a4193a42af
Summary of changes:
.skipped-commit-ids | 2 ++
misc.c | 8 +++++---
sandbox-seccomp-filter.c | 17 +++--------------
ssh-agent.1 | 8 ++++++--
ssh-agent.c | 12 +++++++++---
5 files changed, 25 insertions(+), 22 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list