[openssh-commits] [openssh] annotated tag V_8_3_P1 created (now 689eff3a)
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed May 27 21:55:25 AEST 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_8_3_P1
in repository openssh.
at 689eff3a (tag)
tagging 9ca7e9c861775dd6c6312bc8aaab687403d24676 (commit)
tagged by Damien Miller
on Wed May 27 13:05:48 2020 +1000
- Log -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Damien Miller (15):
another spelling error in comment
sync fnmatch.c with upstream to fix another typo
prefer libcrypto chacha20-poly1305 where possible
fix inverted test for LibreSSL version
sys/sysctl.h is only used on OpenBSD
wrap sha2.h inclusion in #ifdef HAVE_SHA2_H
fix reversed test
sync config.guess/config.sub with latest versions
prepare for 8.3 release
revert removal of .depend before makedepend
explicitly manage .depend and .depend.bak
prefer ln to cp for temporary copy of sshd
Darren Tucker (28):
Check if getpeereid is actually declared.
Prevent unused variable warning.
Check if TILDE is already defined and undef.
Remove unused variable warning.
Import regenerated moduli.
Include fido.h when checking for fido/credman.h.
Use /usr/bin/xp4g/id if necessary.
Include openssl-compat.h before checking ifdefs.
Add sys/syscall.h for syscall numbers.
Sync rev 1.49.
Remove unneeded env vars from t-exec invocation.
Pass configure's egrep through to test-exec.sh.
Put the values from env vars back.
Mailing list is now closed to non-subscribers.
Error out if given RDomain if unsupported.
Fix conditional for openssl-based chacha20.
Include sys/byteorder.h for htons and friends.
See if SA_RESTART signals will interrupt select().
Use LONG_LONG_MAX and friends if available.
Remove use of tail for 'make depend'.
Skip security key tests if ENABLE_SK not set.
Check if -D_REENTRANT is needed for localtime_r.
Ensure SA_SIGNAL test only signals itself.
Skip building sk-dummy library if no SK support.
Actually skip pty tests when needed.
HARUYAMA Seigo (1):
Fix typos in INSTALL: s/avilable/available/ s/suppports/supports/
Nico Kadel-Garcia (1):
Switch %define to %global for redhat/openssh.spec
djm at openbsd.org (49):
upstream: better error message when trying to use a FIDO key
upstream: no-touch-required certificate option should be an
upstream: when downloading FIDO2 resident keys from a token, don't
upstream: spelling errors in comments; no code change from
upstream: use sshpkt_fatal() for kex_exchange_identification()
upstream: improve error messages for some common PKCS#11 C_Login
upstream: some more speeling mistakes from
upstream: add allocating variant of the safe utf8 printer; ok
upstream: give ssh-keygen the ability to dump the contents of a
upstream: make failures when establishing "Tunnel" forwarding terminate
upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that I
upstream: fix debug statement
upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as
upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20
upstream: Add a flag to re-enable verbose output when in batch
upstream: fix format string (use %llu for uint64, not %lld). spotted by
upstream: this needs utf8.c too
upstream: avoid another compiler warning spotted in -portable
upstream: r1.522 deleted one too many lines; repair
upstream: refactor private key parsing a little
upstream: check that pubkey in private key envelope matches actual
upstream: check private key type against requested key type in
upstream: simplify sshkey_parse_private_fileblob_type()
upstream: add sshkey_parse_pubkey_from_private_fileblob_type()
upstream: simplify sshkey_try_load_public()
upstream: let sshkey_try_load_public() load public keys from the
upstream: Refactor private key parsing. Eliminates a fair bit of
upstream: allow the IgnoreRhosts directive to appear anywhere in a
upstream: make IgnoreRhosts a tri-state option: "yes" ignore
upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv are
upstream: fix reversed test that caused IdentitiesOnly=yes to not
upstream: auth2-pubkey r1.89 changed the order of operations to
upstream: refactor out some duplicate private key loading code;
upstream: repair private key fingerprint printing to also print
upstream: fix a bug I introduced in r1.406: when printing private key
upstream: regression test for printing of private key fingerprints and
upstream: when signing a challenge using a FIDO toke, perform the
upstream: adapt dummy FIDO middleware to API change; ok markus@
upstream: avoid NULL dereference when attempting to convert invalid
upstream: expose vasnmprintf(); ok (as part of other commit) markus
upstream: when receving a file in sink(), be careful to send at
upstream: we have a sshkey_save_public() function to save public keys;
upstream: remove obsolete RSA1 test keys; spotted by Michael Forney
upstream: portability fix for sed that always emil a newline even
upstream: make mktestdata.sh generate old/new format keys that we
upstream: sure enough, some of the test data that we though were in
upstream: another case where a utimes() failure could make scp send
upstream: openssh-8.3; ok deraadt@
upstream: avoid possible NULL deref; from Pedro Martelletto
dtucker at openbsd.org (27):
upstream: Detect and prevent simple configuration loops when using
upstream: Ensure that the key lifetime provided fits within the
upstream: Import regenerated moduli.
upstream: Update moduli generation script to new ssh-keygen
upstream: Fix some typos and an incorrect word in docs. Patch from
upstream: Fix typo. Patch from itoama at live.jp via github PR#173.
upstream: Remove obsolete XXX comment. ok deraadt@
upstream: Have sftp reject "-1" in the same way as ssh(1) and
upstream: Drop leading space from line count that was confusing
upstream: Don't clear alarm timers in listening sshd. Previously
upstream: Cast lifetime to u_long for comparison to prevent unsigned
upstream: Make with config keywords support which
upstream: Add regression test for percent expansions where possible.
upstream: %C expansion just added to Match Exec should include
upstream: Add percent_expand test for 'Match Exec'.
upstream: Temporarily remove tests for '%C' since the hash contains the
upstream: Compute hash locally and re-enable %C tests.
upstream: Some platforms don't have "hostname -s", so use cut to trim
upstream: Indicate if we're using a cached key in trace output.
upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward
upstream: Add utf8.c for asmprintf used by krl.c
upstream: Add tests for TOKEN expansion of LocalForward and
upstream: Backslash '$' at then end of string. Prevents warning on
upstream: Remove leave_non_blocking() which is now dead code
upstream: Fix incorrect error message for "too many known hosts files."
upstream: We've standardized on memset over bzero, replace a couple
upstream: Fix comment typo. Patch from mforney at mforney.org.
jmc at openbsd.org (5):
upstream: sort -N and add it to usage();
upstream: add space between macro arg and punctuation;
upstream: add space beteen macro arg and punctuation;
upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" and
upstream: tweak previous; ok markus
jsg at openbsd.org (1):
upstream: change explicit_bzero();free() to freezero()
markus at openbsd.org (24):
upstream: sshpkt_fatal() does not return; ok djm
upstream: vasnmprintf allocates str and returns -1; ok djm
upstream: sshsig: return correct error, fix null-deref; ok djm
upstream: pkcs11_register_provider: return < 0 on error; ok djm
upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djm
upstream: fix null-deref on calloc failure; ok djm
upstream: exit on parse failures in input_service_request; ok djm
upstream: fix uninitialized pointers for forward_cancel; ok djm
upstream: initialize cname in case ai_canonname is NULL or too
upstream: consistently check packet_timeout_ms against 0; ok djm
upstream: passphrase depends on kdfname, not ciphername (possible
upstream: sshkey_cert_check_authority requires reason to be set;
upstream: ssh_fetch_identitylist() returns the return value from
upstream: fix possible null-deref in check_key_not_revoked; ok
upstream: return correct error in sshsk_ed25519_sig; ok djm
upstream: remove unused variables in ssh-pkcs11-helper; ok djm
upstream: principalsp is optional, pubkey required; ok djm
upstream: correct return code; ok djm
upstream: initialize seconds for debug message; ok djm
upstream: do not leak oprincipals; ok djm
upstream: fix use-after-free in do_download_sk; ok djm
upstream: fix relative includes in sshd_config; ok djm
upstream: run the 2nd ssh with BatchMode for scp -3
upstream: bring back debug() removed in rev 1.74; noted by pradeep
fix some typos and sentence
naddy at openbsd.org (1):
upstream: document -F none; with jmc@
No new revisions were added by this update.
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits