[openssh-commits] [openssh] annotated tag V_8_7_P1 created (now bc08f727)
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Aug 20 14:47:40 AEST 2021
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_8_7_P1
in repository openssh.
at bc08f727 (tag)
tagging e1a596186c81e65a34ce13076449712d3bf97eb4 (commit)
replaces V_8_6_P1
tagged by Damien Miller
on Fri Aug 20 14:06:15 2021 +1000
- Log -----------------------------------------------------------------
openssh-8.7p1
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmEfKj0ACgkQKj9BTnNg
YLq7kA//ZlpkBR76fdJMTVcbCtA0HU/8xIC0rlA4kcEOG7e6u1bBkCmTnDbQve1y
mKukbXHt5fSGZ3TC9R86fgxe0Il/wqEAP0bH2SRmo7x5wCZIcEPUrH1y5t06o/as
F03lism7MFYC4DmUS16YROmYlV7AaQaAwEp8QwB6NppLacupj3JJkUtDMUsyBwsL
VHZG96UCyoqFTfCcXtSNZ61pvmi8V23JTZJrvm+o+XM4A6OTNDoYU1vEH2mWHjJC
N0mcWruagyZHZAoAdTsyuvMX1skcDnh0i9fGMQifdUMiO8U/2oN94kA7C/ERg6+W
zh4plikUyFKRzBGTdtWSMynpsr8iUTJSXcW7pLLCYWCQzxzj2CPdYbsvnHqhgAVv
6axOBx1dR5FIUyHddXi3puLWSURuSNVEHkveUG7qOp27X2sbvtDCZXKRHrpTxAum
LhSOmApscAfyttS+SMiHXXw29qikhZY0ko/oln2RZGhcQywHX5Uu0Stjk84R+3d8
FwvOrYPa5TjOVyOp9qihZBDZ+BPu8134Ai+cXAKENTVn6bf+N+e+HWmcNrAayKlP
ONCnKS3G1NkAnjd1/bT6UbsmanERTCTc4nHYZyPVmv2thM3JTprn1jek5dsU6tTK
DzHwCUWs1lPfFg2xt9tJIVAxs8jWJb7c7Y7UZejRU1bwZ9gfpZY=
=bKfD
-----END PGP SIGNATURE-----
Damien Miller (5):
Handle Android libc returning NULL pw->pw_passwd
wrap get_random_bytes_prngd() in ifdef
use openbsd-compat glob.h is required
update version numbers
depend
Darren Tucker (91):
Add fbsd13 target.
Add obsd51 target.
Add nbsd8 test target.
Add win10 test target.
Remove now-unused 2nd arg to configs.
Don't always set SUDO.
Test krb5 on Solaris 11 too.
Add openindiana test target.
Re-add macos-11.0 test target.
Add obsd67 test target.
Remove dependency on bash.
Add obsd68 test target.
Add nbsd2 test target.
Replace "==" (a bashism) with "=".
Add OPENBSD ORIGINAL marker.
Comment out nbsd2 test target for now.
Add nbsd3, nbsd4 and nbsd9 test targets.
Disable compiler hardening on nbsd4.
Add fbsd10 test target.
Support testing against arbitary libcrytpo vers.
Interop test agains PuTTY.
Ensure we can still build with C89.
Add test against OpenSSL w/out ECC.
Add c89 here too.
Export CC and CFLAGS for c89 test.
Fix custom OpenSSL tests.
Always build OpenSSL shared.
Use the default VM type for libcrypto ver tests.
Test against OpenSSL 1.1.0h instead of 1.1.0g.
Add test building upstream OpenBSD source.
Add obsdsnap (OpenBSD snapshot) test target.
Add status badges for Actions-based tests.
Wrap sntrup761x25519 inside ifdef.
Add obsd69 test target.
Rename README.md to ci-status.md.
Add minix3 test target.
Include login_cap.h for login_getpwclass override.
Put minix3 config in the host-specific block.
Add dfly60 target.
Check for $OPENSSL in md5 fallback too.
Retire fbsd7 test target.
Add pselect implementation for platforms without.
space->tabs.
Clear notify_pipe from readset if present.
Add obsdsnap-i386 upstream test target.
Save logs on failure for upstream test
Handle GIDs > 2^31 in getgrouplist.
Split EGD/PRNGD interface into its own file.
Try EGD/PRNGD if random device fails.
Put second -lssh in link line for sftp-server.
Move closefrom() to before first malloc.
Add rocky84 test target.
Fix ifdefs around get_random_bytes_prngd.
Remove now-unused SSHv1 enums.
Disable rocky84 to figure out why agent test fails
Sync remaining ChallengeResponse removal.
Replace remaining references to ChallengeResponse.
Remove some whitespace not in upstream.
Remove duplicate error on error path.
Remove old OpenBSD version marker.
Move signal.h up include order to match upstream.
Remove reference to ChallengeResponse.
Update comments about EGD to include prngd.
Add configure-time detection for SSH_TIME_T_MAX.
Add ARM64 Linux self-hosted runner.
Make whitespace consistent.
Add sshfp-connect.sh file missed in previous.
Test OpenBSD upstream with and without OpenSSL.
Pass OPENSSL=no to make tests too.
Set SUDO for tests and cleanup.
Move SUDO to "make test" command line.
lastenv is only used in setenv.
Check for RLIMIT_NOFILE before trying to use it.
Avoid lines >80 chars. From jmc@
Missing space between macro arg and punctuation.
Include poll.h and friends for struct pollfd.
Move portable specific settings down.
Add includes.h to compat tests.
Skip scp3 test on dragonfly 58 and 60.
Test OpenSSH from OpenBSD head on 6.8 and 6.9.
Skip scp3 tests on all dfly58 and 60 configs.
Add hurd test target.
Skip agent ptrace test on hurd.
Remove deprecated ubuntu-16.04 test targets.
Improve github test driver script.
Put stdint.h inside HAVE_STDINT_H.
Remove trailing backslash on regress-unit-binaries
Check compiler for c99 declarations after code.
Fix race in pselect replacement code.
Prefix pselect functions to clarify debug messages
Also check pid in pselect_notify_setup.
John Ericson (2):
Support finding Kerberos via pkg-config
Re-indent krb5 section after pkg-config addition.
Tim Rice (1):
openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h
Vincent Brillault (1):
auth_log: dont log partial successes as failures
anton at openbsd.org (1):
upstream: Treat doas with arguments as a valid SUDO variable.
djm at openbsd.org (82):
upstream: a little debugging in the main mux process for status
upstream: more debugging for UpdateHostKeys signature failures
upstream: correct mistake in spec - the private key blobs are encoded
upstream: dump out a usable private key string too; inspired by Tyson
upstream: don't sigdie() in signal handler in privsep child process;
upstream: include pid in LogVerbose spam
upstream: Fix ssh started with ControlPersist incorrectly executing a
upstream: fix previous: test saved no_shell_flag, not the one that just
upstream: fix breakage of -W forwaring introduced in 1.554; reported by
upstream: restore blocking status on stdio fds before close
upstream: fix SEGV in UpdateHostkeys debug() message, triggered
upstream: Hash challenge supplied by client during FIDO key enrollment
upstream: unit test for misc.c:strdelim() that mostly servces to
upstream: also check contents of remaining string
upstream: fix memleak in test
upstream: correct extension name "no-presence-required" =>
upstream: allow ssh_config SetEnv to override $TERM, which is otherwise
upstream: adjust SetEnv description to clarify $TERM handling
upstream: rework authorized_keys example section, removing irrelevant
upstream: The RB_GENERATE_STATIC(3) macro expands to a series of
upstream: the limits at openssh.com extension was incorrectly marked
upstream: degrade gracefully if a sftp-server offers the
upstream: Client-side workaround for a bug in OpenSSH 7.4: this release
upstream: Match host certificates against host public keys, not private
upstream: fix debug message when finding a private key to match a
upstream: Allow argv_split() to optionally terminate tokenisation
upstream: Switch ssh_config parsing to use argv_split()
upstream: switch sshd_config parsing to argv_split()
upstream: prepare for stricter sshd_config parsing that will refuse
upstream: test AuthenticationMethods inside a Match block as well
upstream: more descriptive failure message
upstream: sprinkle some "# comment" at end of configuration lines
upstream: test argv_split() optional termination on comments
upstream: fix regression in r1.356: for ssh_config options that
upstream: test that UserKnownHostsFile correctly accepts multiple
upstream: fix decoding of X.509 subject name; from Leif Thuresson
upstream: allow spaces to appear in usernames for local to remote,
upstream: silence redundant error message; reported by Fabian Stelzer
upstream: fix some broken tests; clean up output
upstream: add a SessionType directive to ssh_config, allowing the
upstream: Explicitly check for and start time-based rekeying in the
upstream: fix sftp on ControlPersist connections, broken by recent
upstream: wrap some long lines
upstream: Let allowed signers files used by ssh-keygen(1)
upstream: make authorized_keys environment="..." directives
upstream: Add a StdinNull directive to ssh_config(5) that allows
upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart
upstream: note successful authentication method in final "Authenticated
upstream: regression test for time-limited signature keys
upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN)
upstream: don't leak environment= variable when it is not the first
upstream: test for first-match-wins in authorized_keys environment=
upstream: support for using the SFTP protocol for file transfers in
upstream: regression tests for scp SFTP protocol support; mostly by
upstream: regression test for scp -3
upstream: prepare for scp -3 implemented via sftp
upstream: factor our SSH2_FXP_OPEN calls into their own function;
upstream: support for "cross"-loading files/directories, i.e.
upstream: use sftp_client crossloading to implement scp -3
upstream: factor out a structure duplicated between downloading
upstream: make scp(1) in SFTP mode output better match original
upstream: a bit more debugging of file attributes being
upstream: fix incorrect directory permissions on scp -3
upstream: make scp(1) in SFTP mode follow symlinks like
upstream: do_upload() used a near-identical structure for
upstream: sftp-client.c needs poll.h
upstream: on fatal errors, make scp wait for ssh connection before
upstream: show only the final path component in the progress meter;
upstream: rever r1.223 - I accidentally committed unrelated changes
upstream: on fatal errors, make scp wait for ssh connection before
upstream: when scp is in SFTP mode, try to deal better with ~
upstream: SFTP protocol extension to allow the server to expand
upstream: make scp in SFTP mode try to use relative paths as much
upstream: make scp -3 the default for remote-to-remote copies. It
upstream: Prepare for a future where scp(1) uses the SFTP protocol by
upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too
upstream: remove a bunch of %p in format strings; leftovers of
upstream: oops, missed one more %p
upstream: when verifying sshsig signatures, support an option
upstream: test -Oprint-pubkey
upstream: mention that CASignatureAlgorithms accepts +/- similarly to
upstream: openssh-8.7
dtucker at openbsd.org (49):
upstream: Remove now-unused skey function prototypes leftover from
upstream: Don't pass NULL as a string in debugging as it does not work
upstream: Increase ConnectionAttempts from 4 to 10 as the tests
upstream: Clarify language about moduli. While both ends of the
upstream: Regenerate moduli.
upstream: Find openssl binary via environment variable. This
upstream: Use a default value for $OPENSSL,
upstream: Merge back shell portability changes
upstream: Switch the listening select loop from select() to
upstream: Check if IPQoS or TunnelDevice are already set before
upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice
upstream: Continue accept loop when pselect
upstream: Add regress test for SIGHUP restart
upstream: Set umask when creating hostkeys to prevent excessive
upstream: Use $SUDO when reading sshd's pidfile in case it was
upstream: Use $SUDO when reading sshd's pidfile here too.
upstream: Replace SIGCHLD/notify_pipe kludge with pselect.
upstream: Use better language to refer to the user. From l1ving
upstream: Remove references to ChallengeResponseAuthentication in
upstream: Remove obsolete comments about SSHv1 auth methods. ok
upstream: Remove comment referencing now-removed
upstream: Order includes as per style(9). Portable already has
upstream: Fix a couple of whitespace things. Portable already has
upstream: Use existing format_absolute_time() function when
upstream: Make limit for time_t test unconditional in the
upstream: Add test for ssh-keygen printing of SSHFP records.
upstream: Group keygen tests together.
upstream: Add ed25519 key and test SSHFP export of it. Only test
upstream: Add test for host key verification via SSHFP records. This
upstream: Id sync only, -portable already has this.
upstream: Ensure that all returned SSHFP records for the specified host
upstream: Increase time margin for rekey tests. Should help
upstream: Use SUDO when setting up hostkey.
upstream: Add test for exporting pubkey from a passphrase-protected
upstream: Test conversion of ed25519 and ecdsa keys too.
upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly.
upstream: Exclude key conversion options from usage when built
upstream: Don't omit ssh-keygen -y from usage when built without
upstream: Skip RFC4716 format import and export tests when built
upstream: Replace OPENSSL as the variable that points to the
upstream: Skip unit and makefile-based key conversion tests when
upstream: Allow for different (but POSIX compliant) behaviour of
upstream: Document "ProxyJump none". bz#3334.
upstream: Make diff invocation more portable.
upstream: Fix prototype mismatch for do_cmd. ok djm@
upstream: Drop -q in ssh-log-wrapper.sh to preserve logs.
upstream: Move setting of USER further down the startup In portable
upstream: Although it's POSIX, not all shells used in Portable support
upstream: xstrdup environment variable used by ForwardAgent. bz#3328
jmc at openbsd.org (7):
upstream: reorder SessionType; ok djm
upstream: punctuation;
upstream: standardise the grammar in the options list; issue
upstream: word fix; reported by debian at helgefjell de
upstream: no need to talk about version 2 with the -Q option, so
upstream: fix a formatting error and mark up known_hosts
upstream: fix a formatting error and add some Xr; from debian at
naddy at openbsd.org (4):
upstream: ssh: The client configuration keyword is
upstream: PROTOCOL.certkeys: update reference from IETF draft to
upstream: scp: do not spawn ssh with two -s flags for
upstream: scp: tweak man page and error message for -3 by default
schwarze at openbsd.org (1):
upstream: In the editline(3) branch of the sftp(1) event loop,
-----------------------------------------------------------------------
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list