[openssh-commits] [openssh] annotated tag V_7_9_P1 created (now 3f73b0ea)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Oct 19 14:08:20 AEDT 2018


This is an automated email from the git hooks/post-receive script.

djm pushed a change to annotated tag V_7_9_P1
in repository openssh.

        at  3f73b0ea  (tag)
   tagging  aede1c34243a6f7feae2fb2cb686ade5f9be6f3d (commit)
  replaces  V_7_8_P1
 tagged by  Damien Miller
        on  Fri Oct 19 12:05:44 2018 +1100

- Log -----------------------------------------------------------------
openssh-7.9p1
-----BEGIN PGP SIGNATURE-----

iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlvJLfEACgkQ0+X1a22S
DTBT7wx/TPG941fX5MaLbYOZo2kStw9F32MuoClO/bKRNEizQ2Rn1B9bx5BAzQog
u35lh7QMsyFYLs4vFZec6ZjWfjXptM+R6eSn0gt8QWGGEVu0U8nsI2ebxy/PXLhH
takYhUu3uV9x++YDSzcJ7zVHeIOkc/2rzFR70twxmPUztypxgLS+r2Vm1dvYwg3i
EXGP5djeoK1CjrUf04m+cx5xwfz+qY7luzRHJK2sgJAD7tbjQk2O/mYpdjTyuPYF
5Lv078ScseoD4zfCV/5ko5U6yc9we4AlokFfbyI5nD5C/3w8bfmclnu6UyydAhew
FMC0ZREcK1fHIPxhKIOR1dRLNAIO2mEKENbj5Ow7yoET8OGEpE4B0w1xehy3DQ1F
YSBBe3LW/16pFRaNMPecXsA6dCfwBHJmzjuirEFRCoWaHjbsjGt7FKT0DS+CRTii
/rlcze4bd2klKBN75mpXnNH2PBS2JNMr/2fmehIhu5v9VHxl8nu01Gapdctdbz4/
MtKspcZF1BQk3vrSS15clIXMwZs2EA==
=xQbS
-----END PGP SIGNATURE-----

Damien Miller (23):
      document some more regress control env variables
      delete the correct thing; kexfuzz binary
      forgot to stage these test files in commit d70d061
      adapt -portable to OpenSSL 1.1x API
      add compat header
      allow SIGUSR1 as synonym for SIGINFO
      fuzzer harness for authorized_keys option parsing
      remove accidentally checked-in authopt_fuzz binary
      really add source for authopt_fuzz this time
      add futex(2) syscall to seccomp sandbox
      only support SIGINFO on systems with SIGINFO
      in pick_salt() avoid dereference of NULL passwords
      supply callback to PEM_read_bio_PrivateKey
      check for NULL return from shadow_pw()
      check pw_passwd != NULL here too
      fix duplicated algorithm specification lines
      some more duplicated key algorithm lines
      update depends
      update version numbers ahead of release
      remove stale link, tweak
      Avoid deprecated OPENSSL_config when using 1.1.x
      unbreak compilation with --with-ssl-engine
      Require OpenSSL 1.1.x series 1.1.0g or greater

Darren Tucker (9):
      Include stdlib.h.
      Initial len for the fmt=NULL case.
      Handle ngroups>_SC_NGROUPS_MAX.
      Fix openssl-1.1 fallout for --without-openssl.
      Import updated moduli.
      Remove unused variable in _ssh_compat_fflush.
      Check if snprintf understands %zu.
      Don't avoid our *sprintf replacements.
      Remove gcc spectre mitigation flags.

deraadt at openbsd.org (1):
      upstream: introducing openssh 7.9

djm at openbsd.org (40):
      upstream: ssh -MM requires confirmation for all operations that
      upstream: log certificate fingerprint in authentication
      upstream: allow key revocation by SHA256 hash and allow ssh-keygen
      upstream: Add "ssh -Q sig" to allow listing supported signature
      upstream: add cert->signature_type field and keep it in sync with
      upstream: add sshkey_check_cert_sigtype() that checks a
      upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of
      upstream: fix edit mistake; spotted by jmc@
      upstream: s/sshkey_demote/sshkey_from_private/g
      upstream: test revocation by explicit hash and by fingerprint
      upstream: Include certs with multiple RSA signature variants in
      upstream: hold our collective noses and use the openssl-1.1.x API in
      upstream: use only openssl-1.1.x API here too
      upstream: missed a bit of openssl-1.0.x API in this unittest
      upstream: Use consistent format in debug log for keys readied,
      upstream: garbage-collect moribund ssh_new_private() API.
      upstream: revert following; deals badly with agent keys
      upstream: second try, deals properly with missing and private-only
      upstream: Make "ssh-add -q" do what it says on the tin: silence
      upstream: Add sshd_config CASignatureAlgorithms option to allow
      upstream: add CASignatureAlgorithms option for the client, allowing
      upstream: fix "ssh -Q sig" to show correct signature algorithm list
      upstream: actually make CASignatureAlgorithms available as a config
      upstream: Treat connections with ProxyJump specified the same as ones
      upstream: In sshkey_in_file(), ignore keys that are considered for
      upstream: when compiled with GSSAPI support, cache supported method
      upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
      upstream: s/process_mux_master/mux_master_process/ in mux master
      upstream: Document mux proxy mode; added by Markus in openssh-7.4
      upstream: remove big ugly TODO comment from start of file. Some of
      upstream: Add server support for signalling sessions via the SSH
      upstream: mention INFO at openssh.com for sending SIGINFO
      upstream: Allow ssh_config IdentityAgent directive to accept
      upstream: explicit_bzero here to be consistent with other kex*.c;
      upstream: include a little more information about the status and
      upstream: factor out channel status formatting from
      upstream: when the peer sends a channel-close message, make sure we
      upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase
      upstream: typo in plain RSA algorithm counterpart names for
      upstream: don't send new-style rsa-sha2-*-cert-v01 at openssh.com names to

dtucker at openbsd.org (2):
      upstream: Add FALLTHROUGH comments where appropriate. Patch from
      upstream: Import updated moduli.

jmc at openbsd.org (1):
      upstream: reorder CASignatureAlgorithms, and add them to the

mestre at openbsd.org (2):
      upstream: fix build with DEBUG_PK enabled
      upstream: fix misplaced parenthesis inside if-clause. it's harmless

millert at openbsd.org (2):
      upstream: Fix warnings caused by user_from_uid() and group_from_gid()
      upstream: When choosing a prime from the moduli file, avoid

naddy at openbsd.org (1):
      upstream: Support using service names for port numbers.

-----------------------------------------------------------------------

No new revisions were added by this update.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list