![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_7_2
Revision 1.55.6.1 / (download) - annotate - [select for diffs], Wed Jul 19 14:08:59 2023 UTC (10 months, 2 weeks ago) by bluhm
Branch: OPENBSD_7_2
Changes since 1.55: +3 -5 lines
Diff to previous 1.55 (colored) next main 1.56 (colored)
Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. from djm@; ok markus@ terminate process if requested to load a PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@ from djm@ this is errata/7.2/032_ssh_agent.patch.sig
Revision 1.55 / (download) - annotate - [select for diffs], Thu Nov 18 21:11:01 2021 UTC (2 years, 6 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Branch point for: OPENBSD_7_2
Changes since 1.54: +5 -4 lines
Diff to previous 1.54 (colored)
avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364