[openssh-commits] [openssh] branch master updated (5af6fd54 -> 1a7217ac)
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Dec 16 14:20:42 AEDT 2019
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from 5af6fd54 Allow clock_nanosleep_time64 in seccomp sandbox.
new 56584cce upstream: allow security keys to act as host keys as well as user
new 9b6e30b9 upstream: allow ssh-keyscan to find security key hostkeys
new 747e2519 upstream: do not attempt to find an absolute path for sshd_config
new 3145d38e upstream: don't treat HostKeyAgent=none as a path either; avoids
new a7fc1df2 upstream: it's no longer possible to disable privilege separation
new 1a7217ac upstream: adapt to ssh-sk-client change
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit 1a7217ac063e48cf0082895aeee81ed2b8a57191
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Dec 15 18:58:33 2019 +0000
upstream: adapt to ssh-sk-client change
OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea
commit a7fc1df246e80bfdabd09b069b91c72f9c578ca8
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Dec 11 18:47:14 2019 +0000
upstream: it's no longer possible to disable privilege separation
in sshd, so don't double the tests' work by trying both off/on
OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
commit 3145d38ea06820a66c0f5e068f49af14fd2b7ac1
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Dec 15 20:59:23 2019 +0000
upstream: don't treat HostKeyAgent=none as a path either; avoids
spurious warnings from the cfgparse regress test
OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54
commit 747e25192f436e71dd39e15d65aa32bca967533a
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Dec 15 20:57:15 2019 +0000
upstream: do not attempt to find an absolute path for sshd_config
SecurityKeyProvider=internal - unbreaks cfgparse regress test
OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641
commit 9b6e30b96b094ad787511a5b989253e3b8fe1789
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Dec 15 19:47:10 2019 +0000
upstream: allow ssh-keyscan to find security key hostkeys
OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
commit 56584cce75f3d20aaa30befc7cbd331d922927f3
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Dec 15 18:57:30 2019 +0000
upstream: allow security keys to act as host keys as well as user
keys.
Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.
ok markus@
OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
Summary of changes:
monitor.c | 4 ++--
monitor_wrap.c | 4 +---
myproposal.h | 40 +++++++++++-----------------------------
readconf.c | 4 ++--
regress/cert-hostkey.sh | 6 +++---
regress/cert-userkey.sh | 6 +++---
regress/hostkey-agent.sh | 4 ++--
regress/misc/kexfuzz/Makefile | 4 ++--
regress/multipubkey.sh | 4 ++--
regress/principals-command.sh | 4 ++--
servconf.c | 30 ++++++++++++++++++++++++++----
servconf.h | 3 ++-
ssh-keyscan.c | 24 +++++++++++++++++++++---
sshd.c | 42 +++++++++++++++++++++++++++++++++++-------
14 files changed, 114 insertions(+), 65 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list