[openssh-commits] [openssh] annotated tag V_8_7_P1 created (now bc08f727)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Aug 20 14:47:40 AEST 2021

This is an automated email from the git hooks/post-receive script.

djm pushed a change to annotated tag V_8_7_P1
in repository openssh.

        at  bc08f727  (tag)
   tagging  e1a596186c81e65a34ce13076449712d3bf97eb4 (commit)
  replaces  V_8_6_P1
 tagged by  Damien Miller
        on  Fri Aug 20 14:06:15 2021 +1000

- Log -----------------------------------------------------------------


Damien Miller (5):
      Handle Android libc returning NULL pw->pw_passwd
      wrap get_random_bytes_prngd() in ifdef
      use openbsd-compat glob.h is required
      update version numbers

Darren Tucker (91):
      Add fbsd13 target.
      Add obsd51 target.
      Add nbsd8 test target.
      Add win10 test target.
      Remove now-unused 2nd arg to configs.
      Don't always set SUDO.
      Test krb5 on Solaris 11 too.
      Add openindiana test target.
      Re-add macos-11.0 test target.
      Add obsd67 test target.
      Remove dependency on bash.
      Add obsd68 test target.
      Add nbsd2 test target.
      Replace "==" (a bashism) with "=".
      Add OPENBSD ORIGINAL marker.
      Comment out nbsd2 test target for now.
      Add nbsd3, nbsd4 and nbsd9 test targets.
      Disable compiler hardening on nbsd4.
      Add fbsd10 test target.
      Support testing against arbitary libcrytpo vers.
      Interop test agains PuTTY.
      Ensure we can still build with C89.
      Add test against OpenSSL w/out ECC.
      Add c89 here too.
      Export CC and CFLAGS for c89 test.
      Fix custom OpenSSL tests.
      Always build OpenSSL shared.
      Use the default VM type for libcrypto ver tests.
      Test against OpenSSL 1.1.0h instead of 1.1.0g.
      Add test building upstream OpenBSD source.
      Add obsdsnap (OpenBSD snapshot) test target.
      Add status badges for Actions-based tests.
      Wrap sntrup761x25519 inside ifdef.
      Add obsd69 test target.
      Rename README.md to ci-status.md.
      Add minix3 test target.
      Include login_cap.h for login_getpwclass override.
      Put minix3 config in the host-specific block.
      Add dfly60 target.
      Check for $OPENSSL in md5 fallback too.
      Retire fbsd7 test target.
      Add pselect implementation for platforms without.
      Clear notify_pipe from readset if present.
      Add obsdsnap-i386 upstream test target.
      Save logs on failure for upstream test
      Handle GIDs > 2^31 in getgrouplist.
      Split EGD/PRNGD interface into its own file.
      Try EGD/PRNGD if random device fails.
      Put second -lssh in link line for sftp-server.
      Move closefrom() to before first malloc.
      Add rocky84 test target.
      Fix ifdefs around get_random_bytes_prngd.
      Remove now-unused SSHv1 enums.
      Disable rocky84 to figure out why agent test fails
      Sync remaining ChallengeResponse removal.
      Replace remaining references to ChallengeResponse.
      Remove some whitespace not in upstream.
      Remove duplicate error on error path.
      Remove old OpenBSD version marker.
      Move signal.h up include order to match upstream.
      Remove reference to ChallengeResponse.
      Update comments about EGD to include prngd.
      Add configure-time detection for SSH_TIME_T_MAX.
      Add ARM64 Linux self-hosted runner.
      Make whitespace consistent.
      Add sshfp-connect.sh file missed in previous.
      Test OpenBSD upstream with and without OpenSSL.
      Pass OPENSSL=no to make tests too.
      Set SUDO for tests and cleanup.
      Move SUDO to "make test" command line.
      lastenv is only used in setenv.
      Check for RLIMIT_NOFILE before trying to use it.
      Avoid lines >80 chars.  From jmc@
      Missing space between macro arg and punctuation.
      Include poll.h and friends for struct pollfd.
      Move portable specific settings down.
      Add includes.h to compat tests.
      Skip scp3 test on dragonfly 58 and 60.
      Test OpenSSH from OpenBSD head on 6.8 and 6.9.
      Skip scp3 tests on all dfly58 and 60 configs.
      Add hurd test target.
      Skip agent ptrace test on hurd.
      Remove deprecated ubuntu-16.04 test targets.
      Improve github test driver script.
      Put stdint.h inside HAVE_STDINT_H.
      Remove trailing backslash on regress-unit-binaries
      Check compiler for c99 declarations after code.
      Fix race in pselect replacement code.
      Prefix pselect functions to clarify debug messages
      Also check pid in pselect_notify_setup.

John Ericson (2):
      Support finding Kerberos via pkg-config
      Re-indent krb5 section after pkg-config addition.

Tim Rice (1):
      openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h

Vincent Brillault (1):
      auth_log: dont log partial successes as failures

anton at openbsd.org (1):
      upstream: Treat doas with arguments as a valid SUDO variable.

djm at openbsd.org (82):
      upstream: a little debugging in the main mux process for status
      upstream: more debugging for UpdateHostKeys signature failures
      upstream: correct mistake in spec - the private key blobs are encoded
      upstream: dump out a usable private key string too; inspired by Tyson
      upstream: don't sigdie() in signal handler in privsep child process;
      upstream: include pid in LogVerbose spam
      upstream: Fix ssh started with ControlPersist incorrectly executing a
      upstream: fix previous: test saved no_shell_flag, not the one that just
      upstream: fix breakage of -W forwaring introduced in 1.554; reported by
      upstream: restore blocking status on stdio fds before close
      upstream: fix SEGV in UpdateHostkeys debug() message, triggered
      upstream: Hash challenge supplied by client during FIDO key enrollment
      upstream: unit test for misc.c:strdelim() that mostly servces to
      upstream: also check contents of remaining string
      upstream: fix memleak in test
      upstream: correct extension name "no-presence-required" =>
      upstream: allow ssh_config SetEnv to override $TERM, which is otherwise
      upstream: adjust SetEnv description to clarify $TERM handling
      upstream: rework authorized_keys example section, removing irrelevant
      upstream: The RB_GENERATE_STATIC(3) macro expands to a series of
      upstream: the limits at openssh.com extension was incorrectly marked
      upstream: degrade gracefully if a sftp-server offers the
      upstream: Client-side workaround for a bug in OpenSSH 7.4: this release
      upstream: Match host certificates against host public keys, not private
      upstream: fix debug message when finding a private key to match a
      upstream: Allow argv_split() to optionally terminate tokenisation
      upstream: Switch ssh_config parsing to use argv_split()
      upstream: switch sshd_config parsing to argv_split()
      upstream: prepare for stricter sshd_config parsing that will refuse
      upstream: test AuthenticationMethods inside a Match block as well
      upstream: more descriptive failure message
      upstream: sprinkle some "# comment" at end of configuration lines
      upstream: test argv_split() optional termination on comments
      upstream: fix regression in r1.356: for ssh_config options that
      upstream: test that UserKnownHostsFile correctly accepts multiple
      upstream: fix decoding of X.509 subject name; from Leif Thuresson
      upstream: allow spaces to appear in usernames for local to remote,
      upstream: silence redundant error message; reported by Fabian Stelzer
      upstream: fix some broken tests; clean up output
      upstream: add a SessionType directive to ssh_config, allowing the
      upstream: Explicitly check for and start time-based rekeying in the
      upstream: fix sftp on ControlPersist connections, broken by recent
      upstream: wrap some long lines
      upstream: Let allowed signers files used by ssh-keygen(1)
      upstream: make authorized_keys environment="..." directives
      upstream: Add a StdinNull directive to ssh_config(5) that allows
      upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart
      upstream: note successful authentication method in final "Authenticated
      upstream: regression test for time-limited signature keys
      upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN)
      upstream: don't leak environment= variable when it is not the first
      upstream: test for first-match-wins in authorized_keys environment=
      upstream: support for using the SFTP protocol for file transfers in
      upstream: regression tests for scp SFTP protocol support; mostly by
      upstream: regression test for scp -3
      upstream: prepare for scp -3 implemented via sftp
      upstream: factor our SSH2_FXP_OPEN calls into their own function;
      upstream: support for "cross"-loading files/directories, i.e.
      upstream: use sftp_client crossloading to implement scp -3
      upstream: factor out a structure duplicated between downloading
      upstream: make scp(1) in SFTP mode output better match original
      upstream: a bit more debugging of file attributes being
      upstream: fix incorrect directory permissions on scp -3
      upstream: make scp(1) in SFTP mode follow symlinks like
      upstream: do_upload() used a near-identical structure for
      upstream: sftp-client.c needs poll.h
      upstream: on fatal errors, make scp wait for ssh connection before
      upstream: show only the final path component in the progress meter;
      upstream: rever r1.223 - I accidentally committed unrelated changes
      upstream: on fatal errors, make scp wait for ssh connection before
      upstream: when scp is in SFTP mode, try to deal better with ~
      upstream: SFTP protocol extension to allow the server to expand
      upstream: make scp in SFTP mode try to use relative paths as much
      upstream: make scp -3 the default for remote-to-remote copies. It
      upstream: Prepare for a future where scp(1) uses the SFTP protocol by
      upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too
      upstream: remove a bunch of %p in format strings; leftovers of
      upstream: oops, missed one more %p
      upstream: when verifying sshsig signatures, support an option
      upstream: test -Oprint-pubkey
      upstream: mention that CASignatureAlgorithms accepts +/- similarly to
      upstream: openssh-8.7

dtucker at openbsd.org (49):
      upstream: Remove now-unused skey function prototypes leftover from
      upstream: Don't pass NULL as a string in debugging as it does not work
      upstream: Increase ConnectionAttempts from 4 to 10 as the tests
      upstream: Clarify language about moduli. While both ends of the
      upstream: Regenerate moduli.
      upstream: Find openssl binary via environment variable. This
      upstream: Use a default value for $OPENSSL,
      upstream: Merge back shell portability changes
      upstream: Switch the listening select loop from select() to
      upstream: Check if IPQoS or TunnelDevice are already set before
      upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice
      upstream: Continue accept loop when pselect
      upstream: Add regress test for SIGHUP restart
      upstream: Set umask when creating hostkeys to prevent excessive
      upstream: Use $SUDO when reading sshd's pidfile in case it was
      upstream: Use $SUDO when reading sshd's pidfile here too.
      upstream: Replace SIGCHLD/notify_pipe kludge with pselect.
      upstream: Use better language to refer to the user. From l1ving
      upstream: Remove references to ChallengeResponseAuthentication in
      upstream: Remove obsolete comments about SSHv1 auth methods. ok
      upstream: Remove comment referencing now-removed
      upstream: Order includes as per style(9). Portable already has
      upstream: Fix a couple of whitespace things. Portable already has
      upstream: Use existing format_absolute_time() function when
      upstream: Make limit for time_t test unconditional in the
      upstream: Add test for ssh-keygen printing of SSHFP records.
      upstream: Group keygen tests together.
      upstream: Add ed25519 key and test SSHFP export of it. Only test
      upstream: Add test for host key verification via SSHFP records. This
      upstream: Id sync only, -portable already has this.
      upstream: Ensure that all returned SSHFP records for the specified host
      upstream: Increase time margin for rekey tests. Should help
      upstream: Use SUDO when setting up hostkey.
      upstream: Add test for exporting pubkey from a passphrase-protected
      upstream: Test conversion of ed25519 and ecdsa keys too.
      upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly.
      upstream: Exclude key conversion options from usage when built
      upstream: Don't omit ssh-keygen -y from usage when built without
      upstream: Skip RFC4716 format import and export tests when built
      upstream: Replace OPENSSL as the variable that points to the
      upstream: Skip unit and makefile-based key conversion tests when
      upstream: Allow for different (but POSIX compliant) behaviour of
      upstream: Document "ProxyJump none". bz#3334.
      upstream: Make diff invocation more portable.
      upstream: Fix prototype mismatch for do_cmd. ok djm@
      upstream: Drop -q in ssh-log-wrapper.sh to preserve logs.
      upstream: Move setting of USER further down the startup In portable
      upstream: Although it's POSIX, not all shells used in Portable support
      upstream: xstrdup environment variable used by ForwardAgent. bz#3328

jmc at openbsd.org (7):
      upstream: reorder SessionType; ok djm
      upstream: punctuation;
      upstream: standardise the grammar in the options list; issue
      upstream: word fix; reported by debian at helgefjell de
      upstream: no need to talk about version 2 with the -Q option, so
      upstream: fix a formatting error and mark up known_hosts
      upstream: fix a formatting error and add some Xr; from debian at

naddy at openbsd.org (4):
      upstream: ssh: The client configuration keyword is
      upstream: PROTOCOL.certkeys: update reference from IETF draft to
      upstream: scp: do not spawn ssh with two -s flags for
      upstream: scp: tweak man page and error message for -3 by default

schwarze at openbsd.org (1):
      upstream: In the editline(3) branch of the sftp(1) event loop,


No new revisions were added by this update.

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list