version 1.51, 2022/04/15 05:40:51 |
version 1.52, 2022/04/15 05:59:09 |
|
|
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some |
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some |
cases. This will use RSA/SHA2 signatures for RSA keys if the |
cases. This will use RSA/SHA2 signatures for RSA keys if the |
client proposed these algorithms in initial KEX. |
client proposed these algorithms in initial KEX. |
<li>All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2). |
<li>All: convert all uses of |
|
<a href=https://man.openbsd.org/select.2>select(2)</a>/ |
|
<a href=https://man.openbsd.org/pselect.2>pselect(2)</a> to |
|
<a href=https://man.openbsd.org/poll.2>poll(2)</a>/ |
|
<a href=https://man.openbsd.org/ppoll.2>ppoll(2)</a>. |
This includes the mainloops in |
This includes the mainloops in |
<a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
<a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>, |
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>, |
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a> |
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a> |
and <a href=https://man.openbsd.org/sftp-server.8>sftp-server(8)</a>, |
and <a href=https://man.openbsd.org/sftp-server.8>sftp-server(8)</a>, |
as well as the <a href=https://man.openbsd.org/sshd.8>sshd(8)</a> |
as well as the <a href=https://man.openbsd.org/sshd.8>sshd(8)</a> |
listen loop and all |
listen loop and all other FD read/writability checks. |
other FD read/writability checks. On platforms with missing or |
|
broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is |
|
available. |
|
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
the "-Y find-principals" command was verifying key |
the "-Y find-principals" command was verifying key |
validity when using ca certs but not with simple key lifetimes |
validity when using ca certs but not with simple key lifetimes |
|
|
<!-- OpenSSH 9.0 --> |
<!-- OpenSSH 9.0 --> |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
upstream: fix poll(2) spin when a channel's output |
fix |
fd closes without data in the channel buffer. |
<a href=https://man.openbsd.org/poll.2>poll(2)</a> spin when a |
|
channel's output fd closes without data in the channel buffer. |
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
pack pollfd array in server listen/accept loop. Could |
pack pollfd array in server listen/accept loop. Could |
cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE |
cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE |