hi, i'd like to kindly ask if the patches that are included in snapshots could somehow be provided to the people running the snapshots, in some way, like source-changes@?
one part of free and open source software is that i know which code i am running. and i am obviously totally fine with testing stuff, but... this is reeaally sensitive stuff that'd be nice to know about if i am running it on my system. thank you. On Sun, Oct 13, 2024 at 07:57:50PM -0600, Damien Miller wrote: > CVSROOT: /cvs > Module name: src > Changes by: d...@cvs.openbsd.org 2024/10/13 19:57:50 > > Modified files: > usr.bin/ssh : Makefile Makefile.inc log.c monitor.c monitor.h > monitor_wrap.c monitor_wrap.h pathnames.h > sandbox-pledge.c sandbox-rlimit.c servconf.c > servconf.h session.c ssh-sandbox.h > sshd-session.c sshd.c > usr.bin/ssh/sshd-session: Makefile > Added files: > usr.bin/ssh : sshd-auth.c > usr.bin/ssh/sshd-auth: Makefile > > Log message: > Split per-connection sshd-session binary > > This splits the user authentication code from the sshd-session > binary into a separate sshd-auth binary. This will be executed by > sshd-session to complete the user authentication phase of the > protocol only. > > Splitting this code into a separate binary ensures that the crucial > pre-authentication attack surface has an entirely disjoint address > space from the code used for the rest of the connection. It also > yields a small runtime memory saving as the authentication code will > be unloaded after thhe authentication phase completes. > > Joint work with markus@ feedback deraadt@ > > Tested in snaps since last week >
