[openssh-commits] [openssh] annotated tag V_8_9_P1 created (now 0d5cde84)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Feb 23 22:32:35 AEDT 2022

This is an automated email from the git hooks/post-receive script.

djm pushed a change to annotated tag V_8_9_P1
in repository openssh.

        at  0d5cde84  (tag)
   tagging  166456cedad3962b83b848b1e9caf80794831f0f (commit)
  replaces  V_8_8_P1
 tagged by  Damien Miller
        on  Wed Feb 23 22:31:44 2022 +1100

- Log -----------------------------------------------------------------


Alex James (1):
      sandbox-seccomp-filter: allow gettid

Corinna Vinschen (1):
      Fix signedness bug in Cygwin code

Damien Miller (32):
      need stdlib.h for free(3)
      enable security key support for --without-openssl
      fix FIDO key support for !OPENSSL_HAS_ECC case
      make OPENSSL_HAS_ECC checks more thorough
      make sk-dummy.so work without libcrypto installed
      fix broken OPENSSL_HAS_ECC test
      clean regress/misc/sk-dummy in cleandir target
      remove built-in support for md5crypt()
      use -Wmisleading-indentation cflag if available
      unbreak fuzz harness for recent changes
      basic SECURITY.md (refers people to the website)
      compat for timespecsub() and friends
      update depends
      adjust seccomp filter for select->poll conversion
      sync bcrypt-related files with OpenBSD
      previous commit broke bcrypt_pbkdf()
      add agent-restrict.sh file, missed in last commit
      remove sys/param.h in -portable, after upstream
      OS X poll(2) is broken; use compat replacement
      fix edge case in poll(2) wrapper
      restore tty force-read hack
      portable-specific string array constification
      compat code for fido_assert_set_clientdata()
      update versions in preparation for 8.9 release
      find sk-dummy.so when build_dir != src_dir
      minix needs BROKEN_POLL too; chokes on /dev/null
      disable agent-restrict test on minix3

Darren Tucker (74):
      Add new compiler hardening flags.
      Test all available clang and gcc versions.
      Add make clean step to tests.
      Get BUILDDIR from autoconf.
      Replace `pwd` with make variable in regress cmd.
      Expand TEST_SHELL consistently with other vars.
      Split c89 test openssl setting out.
      Remove TEST_SSH_ECC.
      Build without OpenSSL on Mac OS.
      Skip file-based tests by default on Mac OS.
      Use backticks instead of $(..) for portability.
      Look for clang after cc and gcc.
      Include stdlib.h for arc4random_uniform prototype.
      Disable security key on NetBSD4 test.
      Define OPENSSL_NO_SHA including OpenSSL from test.
      Add USE_LIBC_SHA2 for (at least) NetBSD 9.
      Disable security key on minix3.
      Only enable sk-* key types if ENABLE_SK is defined
      Include relevant env vars on command line.
      Skip SK unit tests when built without security-key
      Add tcmalloc test target.
      Include error reason if trace disabling fails.
      Include string.h and stdio.h for strerror.
      Build with -Werror on most recent gcc and clang.
      Remove -Werror from compiler package to install.
      Don't use 'here string", it's not POSIX.
      Install libedit and pam based on config flags.
      Source configs script so setup_ci can use settings
      Test both MIT KRB5 and Heimdal.
      kitchensink test target now needs krb5.
      Use -Wbitwise-instead-of-logical if supported.
      Skip getline() on HP-UX 10.x.
      Don't trust closefrom() on Linux.
      Switch from LibreSSL 3.4.0 to 3.4.1.
      Put poll.h inside ifdef HAVE_POLL_H.
      Add compat implementation of ppoll using pselect.
      Correct calculation of tv_nsec in poll().
      Don't auto-enable Capsicum sandbox on FreeBSD 9/10.
      Allow for fd = -1 in compat ppoll overflow check.
      Correct ifdef to activate poll() only if needed.
      Fix typo in Neils' name.
      Add minix host tuple.
      Update the list of tests that don't work on Minix.
      Increase timeout for test step.
      Correct value for IPTOS_DSCP_LE.
      Use SHA.*_HMAC_BLOCK_SIZE if needed.
      Add OpenBSD 7.0 target.  Retire 6.8.
      Always save config.h as build artifact.
      Add wrapper for "sort" to set LC_ALL=C.
      libhardended_malloc.so moved into out dir.
      Add "rev" command replacement if needed.
      Stop on first test failure to minimize logs.
      Remove sort wrapper.
      Wrap OpenSSL includes in unit tests in ifdef.
      Remove line leftover from upstream sync.
      Invoke EXIT handler early when using Valgrind.
      Move more tests out of valgrind-1 runner.
      Improve compatibility of early exit trap handling.
      We now support POLLPRI so actually define it.
      Put poll.h inside ifdef.
      Fix helper include path and remove excess code.
      Stop testing OpenBSD HEAD on 6.9 and 7.0.
      Simplify handling of --with-ssl-dir.
      Move SSHD_ACQUIRES_CTTY workaround into compat.
      Add cygwin-release test config.
      Test if sshd accidentally acquires controlling tty
      Comment hurd test, the VM is currently broken.
      Add test configs for MUSL C library.
      Really move DSA to end of list.
      Skip agent-getpeereid when running as root.
      Only include sys/poll.h if we don't have poll.h.
      Include sys/param.h if present.
      Add Alpine Linux test VM.
      Extend select+rlimit sanbox test to include poll.

Tim Rice (1):
      Make USL compilers happy

anton at openbsd.org (1):
      upstream: Make use of ntests variable, pointed out by clang 13.

deraadt at openbsd.org (12):
      upstream: switch scp(1) back to sftp protocol.
      upstream: For open/openat, if the flags parameter does not contain
      upstream: Many downstreams expect ssh to compile as non-C99...
      upstream: Convert from select() to ppoll(). Along the way, I
      upstream: aggressively pre-fill the pollfd array with fd=-1
      upstream: It really looks like pledge "stdio dns" is possible
      upstream: replace select() with ppoll(), including converting
      upstream: convert select() to poll() ok djm
      upstream: match .events with .fd better
      upstream: use ppoll() instead of pselect() with djm
      upstream: sys/param.h cleanup, mostly using MINIMUM() and
      upstream: When poll(2) returns -1, for some error conditions

djm at openbsd.org (109):
      upstream: add some debug output showing how many key file/command lines
      upstream: Test certificate hostkeys held in ssh-agent too. Would have
      upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds;
      upstream: use libc SHA256 functions; make this work when compiled
      upstream: When downloading resident keys from a FIDO token, pass
      upstream: increment SSH_SK_VERSION_MAJOR to match last change
      upstream: ssh-keygen: make verify-time argument parsing optional
      upstream: avoid signedness warning; spotted in -portable
      upstream: sshsig: add tests for signing key validity and
      upstream: Better handle FIDO keys on tokens that provide user
      upstream: crank SSH_SK_VERSION_MAJOR to match recent change in
      upstream: move cert_filter_principals() to earlier in the file for
      upstream: improve error message when trying to expand a ~user path
      upstream: fix ssh-keysign for KEX algorithms that use SHA384/512
      upstream: add the sntrup761x25519-sha512 at openssh.com hybrid
      upstream: set num_listen_socks to 0 on close-all instead of -1,
      upstream: check for POLLHUP as well as POLLIN, handle transient IO
      upstream: check for POLLHUP as well as POLLIN in sshd listen loop;
      upstream: fd leak in sshd listen loop error path; from Gleb
      upstream: check for POLLHUP wherever we check for POLLIN
      upstream: ssh-keygen -Y find-principals was verifying key validity
      upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we
      upstream: less confusing debug message; bz#3365
      upstream: regression test for ssh-keygen -Y find-principals fix; from
      upstream: debug("func: ...") -> debug_f("...")
      upstream: Add ssh-keygen -Y match-principals operation to perform
      upstream: regression test for match-principals. Mostly by Fabian
      upstream: whitespac e
      upstream: missing initialisation for oerrno
      upstream: fix indenting in last commit
      upstream: ssh-keygen -Y match-principals doesn't accept any -O
      upstream: sshsig: return "key not found" when searching empty files
      upstream: don't put the tty into raw mode when SessionType=none, avoids
      upstream: move check_sk_options() up so we can use it earlier
      upstream: improve the testing of credentials against inserted FIDO
      upstream: hash full host:port when asked to hash output, fixes hashes
      upstream: better error message for FIDO keys when we can't match
      upstream: Record session ID, host key and sig at intital KEX
      upstream: ssh client side of binding
      upstream: ssh-agent side of binding
      upstream: ssh-add side of destination constraints
      upstream: ssh-add side of destination constraints
      upstream: ssh-agent side of destination constraints
      upstream: prepare for multiple names for authmethods
      upstream: sshd side of hostbound public key auth
      upstream: client side of host-bound pubkey authentication
      upstream: EXT_INFO negotiation of hostbound pubkey auth
      upstream: agent support for parsing hostkey-bound signatures
      upstream: Use hostkey parsed from hostbound userauth request
      upstream: document destination-constrained keys
      upstream: PubkeyAuthentication=yes|no|unbound|host-bound
      upstream: document agent protocol extensions
      upstream: document host-bound publickey authentication
      upstream: regression test for destination restrictions in ssh-agent
      upstream: split method list search functionality from
      upstream: fix memleak in process_extension(); oss-fuzz issue #42719
      upstream: unbreak test: was picking up system ssh-add instead of the
      upstream: NULL deref when using find-principals when matching an
      upstream: regression test for find-principals NULL deref; from Fabian
      upstream: move sig_process_opts() to before sig_sign(); no
      upstream: add missing -O option to usage() for ssh-keygen -Y sign;
      upstream: allow selection of hash at sshsig signing time; code
      upstream: regress test both sshsig message hash algorithms, possible
      upstream: select all RSA hostkey algorithms for UpdateHostkeys tests,
      upstream: fix cut-and-pasto in error message
      upstream: add a comment so I don't make this mistake again
      upstream: prepare for conversion of ssh, sshd mainloop from
      upstream: convert ssh, sshd mainloops from select() to poll();
      upstream: Fix signature algorithm selection logic for
      upstream: stricter UpdateHostkey signature verification logic on
      upstream: make ssh-keysign use the requested signature algorithm
      upstream: include rejected signature algorithm in error message
      upstream: piece of UpdateHostkeys client strictification: when
      upstream: log signature algorithm during verification by monitor;
      upstream: log some details on hostkeys that ssh loads for
      upstream: add a helper function to match a key type to a list of
      upstream: allow hostbased auth to select RSA keys when only
      upstream: refactor tilde_expand_filename() and make it handle ~user
      upstream: add a variant of send_status() that allows overriding the
      upstream: more idiomatic error messages; spotted by jsg & deraadt
      upstream: fix some corner-case bugs in scp sftp-mode handling of
      upstream: use status error message to communicate ~user expansion
      upstream: suppress "Connection to xxx closed" messages at LogLevel >=
      upstream: remove hardcoded domain and use window.location.host, so this
      upstream: use status error message to communicate ~user expansion
      upstream: sshsk_sign: trim call to sshkey_fingerprint()
      upstream: sshsk_load_resident: don't preallocate resp
      upstream: ssh-sk: free a resident key's user id
      upstream: allow pin-required FIDO keys to be added to ssh-agent(1).
      upstream: when transferring multiple files in SFTP mode, create the
      upstream: make most of the sftp errors more idiomatic, following
      upstream: when decompressing zlib compressed packets, use
      upstream: correct comment and use local variable instead of long
      upstream: add a helper for writing an error message to the
      upstream: Add a sshbuf_read() that attempts to read(2) directly in
      upstream: Use sshbuf_read() to read directly into the channel input
      upstream: add a ssh_packet_process_read() function that reads from
      upstream: better match legacy scp behaviour: show un-expanded paths
      upstream: mark const string array contents const too, i.e. static
      upstream: allow 'ssh-keygen -Y find-principals' to match wildcard
      upstream: test 'ssh-keygen -Y find-principals' with wildcard
      upstream: use libfido2 1.8.0+ fido_assert_set_clientdata() instead
      upstream: revert for imminent OpenSSH release, which wil ship with
      upstream: document the unbound/host-bound options to
      upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught
      upstream: openssh-8.9
      upstream: use asprintf to construct .rhosts paths
      upstream: randomise the password used in fakepw
      upstream: avoid integer overflow of auth attempts (harmless, caught

dtucker at openbsd.org (31):
      upstream: Import regenerated moduli.
      upstream: Make prototype for rijndaelEncrypt match function
      upstream: Use "skip" instead of "fatal"
      upstream: Remove references to privsep.
      upstream: Fix up whitespace left by previous
      upstream: Add test for ssh hashed known_hosts handling.
      upstream: Dynamically allocate encoded HashKnownHosts and free as
      upstream: Document that CASignatureAlgorithms, ExposeAuthInfo and
      upstream: Fix typos in comments.
      upstream: Remove unnecessary semicolons
      upstream: Plug mem addrinfo mem leaks.
      upstream: Plug a couple of minor mem leaks. From beldmit at
      upstream: ssh-rsa is no longer in the default for
      upstream: Log command invocation while debugging.
      upstream: Add test for hostbased auth. It requires some external
      upstream: Don't explicitly set HostbasedAuthentication in
      upstream: Enable all supported hostkey algorithms (but no others).
      upstream: Remove errant "set -x" left over from debugging.
      upstream: "void" functions should not return anything. From Tim Rice
      upstream: Don't log NULL hostname in restricted agent code,
      upstream: Use egrep when searching for an anchored string.
      upstream: Avoid %'s in commands (not used in OpenBSD, but used in
      upstream: Set LC_ALL in both local and remote shells so that sorted
      upstream: Remove explicit kill of privsep preauth child's PID in
      upstream: Enable all supported ciphers and macs in the server
      upstream: Since they are deprecated, move DSA to the end of the
      upstream: Switch hpdelim interface to accept only ":" as delimiter.
      upstream: Add unit tests for hpdelim.
      upstream: Add test for empty hostname with port.
      upstream: Always initialize delim before passing to hpdelim2 which
      upstream: Aproximate realpath on the expected output by deduping

guenther at openbsd.org (1):
      upstream: When it's the possessive of 'it', it's spelled "its",

jmc at openbsd.org (1):
      upstream: sort -H and -h in SYNOPSIS/usage(); tweak the -H text;

jsg at openbsd.org (4):
      upstream: fix unintended sizeof pointer in debug path ok markus@
      upstream: spelling ok dtucker@
      upstream: spelling
      upstream: remove please from manual pages ok jmc@ sthen@ millert@

naddy at openbsd.org (1):
      upstream: RSA/SHA-1 is not used by default anymore on the server

pedro martelletto (1):
      fix typos in previous


No new revisions were added by this update.

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list