[openssh-commits] [openssh] annotated tag V_7_9_P1 created (now 3f73b0ea)
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Oct 19 14:08:20 AEDT 2018
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_7_9_P1
in repository openssh.
at 3f73b0ea (tag)
tagging aede1c34243a6f7feae2fb2cb686ade5f9be6f3d (commit)
replaces V_7_8_P1
tagged by Damien Miller
on Fri Oct 19 12:05:44 2018 +1100
- Log -----------------------------------------------------------------
openssh-7.9p1
-----BEGIN PGP SIGNATURE-----
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlvJLfEACgkQ0+X1a22S
DTBT7wx/TPG941fX5MaLbYOZo2kStw9F32MuoClO/bKRNEizQ2Rn1B9bx5BAzQog
u35lh7QMsyFYLs4vFZec6ZjWfjXptM+R6eSn0gt8QWGGEVu0U8nsI2ebxy/PXLhH
takYhUu3uV9x++YDSzcJ7zVHeIOkc/2rzFR70twxmPUztypxgLS+r2Vm1dvYwg3i
EXGP5djeoK1CjrUf04m+cx5xwfz+qY7luzRHJK2sgJAD7tbjQk2O/mYpdjTyuPYF
5Lv078ScseoD4zfCV/5ko5U6yc9we4AlokFfbyI5nD5C/3w8bfmclnu6UyydAhew
FMC0ZREcK1fHIPxhKIOR1dRLNAIO2mEKENbj5Ow7yoET8OGEpE4B0w1xehy3DQ1F
YSBBe3LW/16pFRaNMPecXsA6dCfwBHJmzjuirEFRCoWaHjbsjGt7FKT0DS+CRTii
/rlcze4bd2klKBN75mpXnNH2PBS2JNMr/2fmehIhu5v9VHxl8nu01Gapdctdbz4/
MtKspcZF1BQk3vrSS15clIXMwZs2EA==
=xQbS
-----END PGP SIGNATURE-----
Damien Miller (23):
document some more regress control env variables
delete the correct thing; kexfuzz binary
forgot to stage these test files in commit d70d061
adapt -portable to OpenSSL 1.1x API
add compat header
allow SIGUSR1 as synonym for SIGINFO
fuzzer harness for authorized_keys option parsing
remove accidentally checked-in authopt_fuzz binary
really add source for authopt_fuzz this time
add futex(2) syscall to seccomp sandbox
only support SIGINFO on systems with SIGINFO
in pick_salt() avoid dereference of NULL passwords
supply callback to PEM_read_bio_PrivateKey
check for NULL return from shadow_pw()
check pw_passwd != NULL here too
fix duplicated algorithm specification lines
some more duplicated key algorithm lines
update depends
update version numbers ahead of release
remove stale link, tweak
Avoid deprecated OPENSSL_config when using 1.1.x
unbreak compilation with --with-ssl-engine
Require OpenSSL 1.1.x series 1.1.0g or greater
Darren Tucker (9):
Include stdlib.h.
Initial len for the fmt=NULL case.
Handle ngroups>_SC_NGROUPS_MAX.
Fix openssl-1.1 fallout for --without-openssl.
Import updated moduli.
Remove unused variable in _ssh_compat_fflush.
Check if snprintf understands %zu.
Don't avoid our *sprintf replacements.
Remove gcc spectre mitigation flags.
deraadt at openbsd.org (1):
upstream: introducing openssh 7.9
djm at openbsd.org (40):
upstream: ssh -MM requires confirmation for all operations that
upstream: log certificate fingerprint in authentication
upstream: allow key revocation by SHA256 hash and allow ssh-keygen
upstream: Add "ssh -Q sig" to allow listing supported signature
upstream: add cert->signature_type field and keep it in sync with
upstream: add sshkey_check_cert_sigtype() that checks a
upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of
upstream: fix edit mistake; spotted by jmc@
upstream: s/sshkey_demote/sshkey_from_private/g
upstream: test revocation by explicit hash and by fingerprint
upstream: Include certs with multiple RSA signature variants in
upstream: hold our collective noses and use the openssl-1.1.x API in
upstream: use only openssl-1.1.x API here too
upstream: missed a bit of openssl-1.0.x API in this unittest
upstream: Use consistent format in debug log for keys readied,
upstream: garbage-collect moribund ssh_new_private() API.
upstream: revert following; deals badly with agent keys
upstream: second try, deals properly with missing and private-only
upstream: Make "ssh-add -q" do what it says on the tin: silence
upstream: Add sshd_config CASignatureAlgorithms option to allow
upstream: add CASignatureAlgorithms option for the client, allowing
upstream: fix "ssh -Q sig" to show correct signature algorithm list
upstream: actually make CASignatureAlgorithms available as a config
upstream: Treat connections with ProxyJump specified the same as ones
upstream: In sshkey_in_file(), ignore keys that are considered for
upstream: when compiled with GSSAPI support, cache supported method
upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
upstream: s/process_mux_master/mux_master_process/ in mux master
upstream: Document mux proxy mode; added by Markus in openssh-7.4
upstream: remove big ugly TODO comment from start of file. Some of
upstream: Add server support for signalling sessions via the SSH
upstream: mention INFO at openssh.com for sending SIGINFO
upstream: Allow ssh_config IdentityAgent directive to accept
upstream: explicit_bzero here to be consistent with other kex*.c;
upstream: include a little more information about the status and
upstream: factor out channel status formatting from
upstream: when the peer sends a channel-close message, make sure we
upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase
upstream: typo in plain RSA algorithm counterpart names for
upstream: don't send new-style rsa-sha2-*-cert-v01 at openssh.com names to
dtucker at openbsd.org (2):
upstream: Add FALLTHROUGH comments where appropriate. Patch from
upstream: Import updated moduli.
jmc at openbsd.org (1):
upstream: reorder CASignatureAlgorithms, and add them to the
mestre at openbsd.org (2):
upstream: fix build with DEBUG_PK enabled
upstream: fix misplaced parenthesis inside if-clause. it's harmless
millert at openbsd.org (2):
upstream: Fix warnings caused by user_from_uid() and group_from_gid()
upstream: When choosing a prime from the moduli file, avoid
naddy at openbsd.org (1):
upstream: Support using service names for port numbers.
-----------------------------------------------------------------------
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list