search for: ghpr

...make DSA key support compile-time optional, defaulting to on. Bugfixes -------- * sshd(8): don't append an unnecessary space to the end of subsystem arguments (bz3667) * ssh(1): fix the multiplexing "channel proxy" mode, broken when keystroke timing obfuscation was added. (GHPR#463) * ssh(1), sshd(8): fix spurious configuration parsing errors when options that accept array arguments are overridden (bz3657). * Many fixes to manual pages and other documentation, including GHPR#462, GHPR#454, GHPR#442 and GHPR#441. * Greatly improve interop testing against PuTTY....

...make DSA key support compile-time optional, defaulting to on. Bugfixes -------- * sshd(8): don't append an unnecessary space to the end of subsystem arguments (bz3667) * ssh(1): fix the multiplexing "channel proxy" mode, broken when keystroke timing obfuscation was added. (GHPR#463) * ssh(1), sshd(8): fix spurious configuration parsing errors when options that accept array arguments are overridden (bz3657). * ssh-agent(1): fix potential spin in signal handler (bz3670) * Many fixes to manual pages and other documentation, including GHPR#462, GHPR#454, GHPR#442...

...make DSA key support compile-time optional, defaulting to on. Bugfixes -------- * sshd(8): don't append an unnecessary space to the end of subsystem arguments (bz3667) * ssh(1): fix the multiplexing "channel proxy" mode, broken when keystroke timing obfuscation was added. (GHPR#463) * ssh(1), sshd(8): fix spurious configuration parsing errors when options that accept array arguments are overridden (bz3657). * ssh-agent(1): fix potential spin in signal handler (bz3670) * Many fixes to manual pages and other documentation, including GHPR#462, GHPR#454, GHPR#442...

...defaulting to on. > > Bugfixes > -------- > > * sshd(8): don't append an unnecessary space to the end of subsystem > arguments (bz3667) > > * ssh(1): fix the multiplexing "channel proxy" mode, broken when > keystroke timing obfuscation was added. (GHPR#463) > > * ssh(1), sshd(8): fix spurious configuration parsing errors when > options that accept array arguments are overridden (bz3657). > > * Many fixes to manual pages and other documentation, including > GHPR#462, GHPR#454, GHPR#442 and GHPR#441. > > * Greatl...

...ulting to on. > > Bugfixes > -------- > > * sshd(8): don't append an unnecessary space to the end of subsystem > arguments (bz3667) > > * ssh(1): fix the multiplexing "channel proxy" mode, broken when > keystroke timing obfuscation was added. (GHPR#463) > > * ssh(1), sshd(8): fix spurious configuration parsing errors when > options that accept array arguments are overridden (bz3657). > > * Many fixes to manual pages and other documentation, including > GHPR#462, GHPR#454, GHPR#442 and GHPR#441. > > * G...

...es the partially-implemented code to verify KRLs. All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in KRL files. * All: fix a number of memory leaks and unreachable/harmless integer overflows. * ssh-agent(1), ssh(1): don't truncate strings logged from PKCS#11 modules; GHPR406 * sshd(8), ssh(1): better validate CASignatureAlgorithms in ssh_config and sshd_config. Previously this directive would accept certificate algorithm names, but these were unusable in practice as OpenSSH does not support CA chains. bz3577 * ssh(1): make `ssh -Q CASignatureAlgorithms`...

...es the partially-implemented code to verify KRLs. All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in KRL files. * All: fix a number of memory leaks and unreachable/harmless integer overflows. * ssh-agent(1), ssh(1): don't truncate strings logged from PKCS#11 modules; GHPR406 * sshd(8), ssh(1): better validate CASignatureAlgorithms in ssh_config and sshd_config. Previously this directive would accept certificate algorithm names, but these were unusable in practice as OpenSSH does not support CA chains. bz3577 * ssh(1): make `ssh -Q CASignatureAlgorithms`...

...KRLs. > All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in > KRL files. > > * All: fix a number of memory leaks and unreachable/harmless integer > overflows. > > * ssh-agent(1), ssh(1): don't truncate strings logged from PKCS#11 > modules; GHPR406 > > * sshd(8), ssh(1): better validate CASignatureAlgorithms in > ssh_config and sshd_config. Previously this directive would accept > certificate algorithm names, but these were unusable in practice as > OpenSSH does not support CA chains. bz3577 > > * ssh(1...

.... > > * Portable OpenSSH, ssh-agent(1): support systemd-style socket > activation in ssh-agent using the LISTEN_PID/LISTEN_FDS > mechanism. Activated when these environment variables are set, > the agent is started with the -d or -D option and no socket path > is set. GHPR502 > > * ssh-keygen(1): support FIDO tokens that return no attestation > data, e.g. recent WinHello. GHPR542 > > * ssh-agent(1): add a "-Owebsafe-allow=..." option to allow the > default FIDO application ID allow-list to be overridden. > > * Add a work-in-...

...ving access to $SSH_AUTH_SOCK. * Portable OpenSSH, ssh-agent(1): support systemd-style socket activation in ssh-agent using the LISTEN_PID/LISTEN_FDS mechanism. Activated when these environment variables are set, the agent is started with the -d or -D option and no socket path is set. GHPR502 * ssh-keygen(1): support FIDO tokens that return no attestation data, e.g. recent WinHello. GHPR542 * ssh-agent(1): add a "-Owebsafe-allow=..." option to allow the default FIDO application ID allow-list to be overridden. * Add a work-in-progress tool to verify FIDO attestat...