[openssh-commits] [openssh] annotated tag V_8_3_P1 created (now 689eff3a)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed May 27 21:55:25 AEST 2020

This is an automated email from the git hooks/post-receive script.

djm pushed a change to annotated tag V_8_3_P1
in repository openssh.

        at  689eff3a  (tag)
   tagging  9ca7e9c861775dd6c6312bc8aaab687403d24676 (commit)
  replaces  V_8_2_P1
 tagged by  Damien Miller
        on  Wed May 27 13:05:48 2020 +1000

- Log -----------------------------------------------------------------


Damien Miller (15):
      spelling mistakes
      another spelling error in comment
      sync fnmatch.c with upstream to fix another typo
      prefer libcrypto chacha20-poly1305 where possible
      fix inverted test for LibreSSL version
      sys/sysctl.h is only used on OpenBSD
      wrap sha2.h inclusion in #ifdef HAVE_SHA2_H
      fix reversed test
      sync config.guess/config.sub with latest versions
      prepare for 8.3 release
      revert removal of .depend before makedepend
      make depend
      explicitly manage .depend and .depend.bak
      prefer ln to cp for temporary copy of sshd

Darren Tucker (28):
      Check if getpeereid is actually declared.
      Prevent unused variable warning.
      Check if TILDE is already defined and undef.
      Constify aix_krb5_get_principal_name.
      Remove unused variable warning.
      Import regenerated moduli.
      Include fido.h when checking for fido/credman.h.
      Use /usr/bin/xp4g/id if necessary.
      Include openssl-compat.h before checking ifdefs.
      Add sys/syscall.h for syscall numbers.
      Sync rev 1.49.
      Remove unneeded env vars from t-exec invocation.
      Pass configure's egrep through to test-exec.sh.
      Put the values from env vars back.
      Mailing list is now closed to non-subscribers.
      Update .depend.
      Error out if given RDomain if unsupported.
      Fix conditional for openssl-based chacha20.
      Include sys/byteorder.h for htons and friends.
      See if SA_RESTART signals will interrupt select().
      Use LONG_LONG_MAX and friends if available.
      Remove use of tail for 'make depend'.
      Update .depend.
      Skip security key tests if ENABLE_SK not set.
      Check if -D_REENTRANT is needed for localtime_r.
      Ensure SA_SIGNAL test only signals itself.
      Skip building sk-dummy library if no SK support.
      Actually skip pty tests when needed.

HARUYAMA Seigo (1):
      Fix typos in INSTALL: s/avilable/available/ s/suppports/supports/

Nico Kadel-Garcia (1):
      Switch %define to %global for redhat/openssh.spec

djm at openbsd.org (49):
      upstream: better error message when trying to use a FIDO key
      upstream: no-touch-required certificate option should be an
      upstream: when downloading FIDO2 resident keys from a token, don't
      upstream: spelling errors in comments; no code change from
      upstream: use sshpkt_fatal() for kex_exchange_identification()
      upstream: improve error messages for some common PKCS#11 C_Login
      upstream: some more speeling mistakes from
      upstream: add allocating variant of the safe utf8 printer; ok
      upstream: give ssh-keygen the ability to dump the contents of a
      upstream: make failures when establishing "Tunnel" forwarding terminate
      upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that I
      upstream: fix debug statement
      upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as
      upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20
      upstream: Add a flag to re-enable verbose output when in batch
      upstream: fix format string (use %llu for uint64, not %lld). spotted by
      upstream: this needs utf8.c too
      upstream: avoid another compiler warning spotted in -portable
      upstream: r1.522 deleted one too many lines; repair
      upstream: refactor private key parsing a little
      upstream: check that pubkey in private key envelope matches actual
      upstream: check private key type against requested key type in
      upstream: simplify sshkey_parse_private_fileblob_type()
      upstream: add sshkey_parse_pubkey_from_private_fileblob_type()
      upstream: simplify sshkey_try_load_public()
      upstream: let sshkey_try_load_public() load public keys from the
      upstream: Refactor private key parsing. Eliminates a fair bit of
      upstream: allow the IgnoreRhosts directive to appear anywhere in a
      upstream: make IgnoreRhosts a tri-state option: "yes" ignore
      upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv are
      upstream: fix reversed test that caused IdentitiesOnly=yes to not
      upstream: auth2-pubkey r1.89 changed the order of operations to
      upstream: refactor out some duplicate private key loading code;
      upstream: repair private key fingerprint printing to also print
      upstream: fix a bug I introduced in r1.406: when printing private key
      upstream: regression test for printing of private key fingerprints and
      upstream: when signing a challenge using a FIDO toke, perform the
      upstream: adapt dummy FIDO middleware to API change; ok markus@
      upstream: avoid NULL dereference when attempting to convert invalid
      upstream: expose vasnmprintf(); ok (as part of other commit) markus
      upstream: when receving a file in sink(), be careful to send at
      upstream: we have a sshkey_save_public() function to save public keys;
      upstream: remove obsolete RSA1 test keys; spotted by Michael Forney
      upstream: portability fix for sed that always emil a newline even
      upstream: make mktestdata.sh generate old/new format keys that we
      upstream: sure enough, some of the test data that we though were in
      upstream: another case where a utimes() failure could make scp send
      upstream: openssh-8.3; ok deraadt@
      upstream: avoid possible NULL deref; from Pedro Martelletto

dtucker at openbsd.org (27):
      upstream: Detect and prevent simple configuration loops when using
      upstream: Ensure that the key lifetime provided fits within the
      upstream: Import regenerated moduli.
      upstream: Update moduli generation script to new ssh-keygen
      upstream: Fix some typos and an incorrect word in docs. Patch from
      upstream: Fix typo. Patch from itoama at live.jp via github PR#173.
      upstream: Remove obsolete XXX comment. ok deraadt@
      upstream: Have sftp reject "-1" in the same way as ssh(1) and
      upstream: Drop leading space from line count that was confusing
      upstream: Don't clear alarm timers in listening sshd. Previously
      upstream: Cast lifetime to u_long for comparison to prevent unsigned
      upstream: Make with config keywords support which
      upstream: Add regression test for percent expansions where possible.
      upstream: %C expansion just added to Match Exec should include
      upstream: Add percent_expand test for 'Match Exec'.
      upstream: Temporarily remove tests for '%C' since the hash contains the
      upstream: Compute hash locally and re-enable %C tests.
      upstream: Some platforms don't have "hostname -s", so use cut to trim
      upstream: Indicate if we're using a cached key in trace output.
      upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward
      upstream: Add utf8.c for asmprintf used by krl.c
      upstream: Add tests for TOKEN expansion of LocalForward and
      upstream: Backslash '$' at then end of string. Prevents warning on
      upstream: Remove leave_non_blocking() which is now dead code
      upstream: Fix incorrect error message for "too many known hosts files."
      upstream: We've standardized on memset over bzero, replace a couple
      upstream: Fix comment typo. Patch from mforney at mforney.org.

jmc at openbsd.org (5):
      upstream: sort -N and add it to usage();
      upstream: add space between macro arg and punctuation;
      upstream: add space beteen macro arg and punctuation;
      upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" and
      upstream: tweak previous; ok markus

jsg at openbsd.org (1):
      upstream: change explicit_bzero();free() to freezero()

markus at openbsd.org (24):
      upstream: sshpkt_fatal() does not return; ok djm
      upstream: vasnmprintf allocates str and returns -1; ok djm
      upstream: sshsig: return correct error, fix null-deref; ok djm
      upstream: pkcs11_register_provider: return < 0 on error; ok djm
      upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djm
      upstream: fix null-deref on calloc failure; ok djm
      upstream: exit on parse failures in input_service_request; ok djm
      upstream: fix uninitialized pointers for forward_cancel; ok djm
      upstream: initialize cname in case ai_canonname is NULL or too
      upstream: consistently check packet_timeout_ms against 0; ok djm
      upstream: passphrase depends on kdfname, not ciphername (possible
      upstream: sshkey_cert_check_authority requires reason to be set;
      upstream: ssh_fetch_identitylist() returns the return value from
      upstream: fix possible null-deref in check_key_not_revoked; ok
      upstream: return correct error in sshsk_ed25519_sig; ok djm
      upstream: remove unused variables in ssh-pkcs11-helper; ok djm
      upstream: principalsp is optional, pubkey required; ok djm
      upstream: correct return code; ok djm
      upstream: initialize seconds for debug message; ok djm
      upstream: do not leak oprincipals; ok djm
      upstream: fix use-after-free in do_download_sk; ok djm
      upstream: fix relative includes in sshd_config; ok djm
      upstream: run the 2nd ssh with BatchMode for scp -3
      upstream: bring back debug() removed in rev 1.74; noted by pradeep

mkontani (1):
      fix some typos and sentence

naddy at openbsd.org (1):
      upstream: document -F none; with jmc@


No new revisions were added by this update.

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list