[openssh-commits] [openssh] branch master updated (e8f47455 -> 40f5f035)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Apr 6 14:20:40 AEST 2018 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  e8f47455  Expose SSH_AUTH_INFO_0 to PAM auth modules
       new  323f66ce  upstream: Add test for username options parsing order, prompted by
       new  424b544f  upstream: Import regenerated moduli file.
       new  5ee8448a  upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
       new  00c5222d  upstream: We don't offer CBC cipher by default any more. Spotted by
       new  8d6829be  upstream: ssh does not accept -oInclude=... on the commandline, the
       new  30fd7f9a  upstream: add a couple of missed options to the config dump; patch
       new  40f5f035  upstream: relax checking of authorized_keys environment="..."

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 40f5f03544a07ebd2003b443d42e85cb51d94d59
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Apr 6 04:15:45 2018 +0000

    upstream: relax checking of authorized_keys environment="..."
    
    options to allow underscores in variable names (regression introduced in
    7.7). bz2851, ok deraadt@
    
    OpenBSD-Commit-ID: 69690ffe0c97ff393f2c76d25b4b3d2ed4e4ac9c

commit 30fd7f9af0f553aaa2eeda5a1f53f26cfc222b5e
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Apr 6 03:51:27 2018 +0000

    upstream: add a couple of missed options to the config dump; patch
    
    from Jakub Jelen via bz2835
    
    OpenBSD-Commit-ID: 5970adadf6ef206bee0dddfc75d24c2019861446

commit 8d6829be324452d2acd282d5f8ceb0adaa89a4de
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Apr 6 03:34:27 2018 +0000

    upstream: ssh does not accept -oInclude=... on the commandline, the
    
    Include keyword is for configuration files only. bz#2840, patch from Jakub
    Jelen
    
    OpenBSD-Commit-ID: 32d052b4a7a7f22df35fe3f71c368c02b02cacb0

commit 00c5222ddc0c8edcaa4ea45ac03befdc8013d137
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Apr 5 22:54:28 2018 +0000

    upstream: We don't offer CBC cipher by default any more. Spotted by
    
    Renaud Allard (via otto@)
    
    OpenBSD-Commit-ID: a559b1eef741557dd959ae378b665a2977d92dca

commit 5ee8448ad7c306f05a9f56769f95336a8269f379
Author: job at openbsd.org <job at openbsd.org>
Date:   Wed Apr 4 15:12:17 2018 +0000

    upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
    
    interactive and CS1 for bulk
    
    AF21 was selected as this is the highest priority within the low-latency
    service class (and it is higher than what we have today). SSH is elastic
    and time-sensitive data, where a user is waiting for a response via the
    network in order to continue with a task at hand. As such, these flows
    should be considered foreground traffic, with delays or drops to such
    traffic directly impacting user-productivity.
    
    For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
    networks implementing a scavanger/lower-than-best effort class to
    discriminate scp(1) below normal activities, such as web surfing. In
    general this type of bulk SSH traffic is a background activity.
    
    An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
    is that they are recognisable values on all common platforms (IANA
    https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
    for AF21 specifically a definition of the intended behavior exists
    https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
    of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
    for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
    
    The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
    802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
    or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
    MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
    
    OK deraadt@, "no objection" djm@
    
    OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181

commit 424b544fbda963f973da80f884717c3e0a513288
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Apr 3 02:14:08 2018 +0000

    upstream: Import regenerated moduli file.
    
    OpenBSD-Commit-ID: 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e

commit 323f66ce934df2da551f256f37d69822428e1ca1
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Fri Apr 6 04:18:35 2018 +0000

    upstream: Add test for username options parsing order, prompted by
    
    bz#2849.
    
    OpenBSD-Regress-ID: 6985cd32f38596882a3ac172ff8c510693b65283

Summary of changes:
 .skipped-commit-ids    |  1 +
 auth-options.c         |  4 ++--
 readconf.c             | 14 +++++++++++---
 regress/sshcfgparse.sh | 13 ++++++++++++-
 servconf.c             |  6 +++---
 ssh.1                  |  5 ++---
 ssh_config.5           | 13 +++++++------
 sshd_config.5          | 10 ++++++----
 8 files changed, 44 insertions(+), 22 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list