[openssh-commits] [openssh] annotated tag V_8_9_P1 created (now 0d5cde84)
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Feb 23 22:32:35 AEDT 2022
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_8_9_P1
in repository openssh.
at 0d5cde84 (tag)
tagging 166456cedad3962b83b848b1e9caf80794831f0f (commit)
tagged by Damien Miller
on Wed Feb 23 22:31:44 2022 +1100
- Log -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Alex James (1):
sandbox-seccomp-filter: allow gettid
Corinna Vinschen (1):
Fix signedness bug in Cygwin code
Damien Miller (32):
need stdlib.h for free(3)
enable security key support for --without-openssl
fix FIDO key support for !OPENSSL_HAS_ECC case
make OPENSSL_HAS_ECC checks more thorough
make sk-dummy.so work without libcrypto installed
fix broken OPENSSL_HAS_ECC test
clean regress/misc/sk-dummy in cleandir target
remove built-in support for md5crypt()
use -Wmisleading-indentation cflag if available
unbreak fuzz harness for recent changes
basic SECURITY.md (refers people to the website)
compat for timespecsub() and friends
adjust seccomp filter for select->poll conversion
sync bcrypt-related files with OpenBSD
previous commit broke bcrypt_pbkdf()
add agent-restrict.sh file, missed in last commit
remove sys/param.h in -portable, after upstream
OS X poll(2) is broken; use compat replacement
fix edge case in poll(2) wrapper
restore tty force-read hack
portable-specific string array constification
compat code for fido_assert_set_clientdata()
update versions in preparation for 8.9 release
find sk-dummy.so when build_dir != src_dir
minix needs BROKEN_POLL too; chokes on /dev/null
disable agent-restrict test on minix3
Darren Tucker (74):
Add new compiler hardening flags.
Test all available clang and gcc versions.
Add make clean step to tests.
Get BUILDDIR from autoconf.
Replace `pwd` with make variable in regress cmd.
Expand TEST_SHELL consistently with other vars.
Split c89 test openssl setting out.
Build without OpenSSL on Mac OS.
Skip file-based tests by default on Mac OS.
Use backticks instead of $(..) for portability.
Look for clang after cc and gcc.
Include stdlib.h for arc4random_uniform prototype.
Disable security key on NetBSD4 test.
Define OPENSSL_NO_SHA including OpenSSL from test.
Add USE_LIBC_SHA2 for (at least) NetBSD 9.
Disable security key on minix3.
Only enable sk-* key types if ENABLE_SK is defined
Include relevant env vars on command line.
Skip SK unit tests when built without security-key
Add tcmalloc test target.
Include error reason if trace disabling fails.
Include string.h and stdio.h for strerror.
Build with -Werror on most recent gcc and clang.
Remove -Werror from compiler package to install.
Don't use 'here string", it's not POSIX.
Install libedit and pam based on config flags.
Source configs script so setup_ci can use settings
Test both MIT KRB5 and Heimdal.
kitchensink test target now needs krb5.
Use -Wbitwise-instead-of-logical if supported.
Skip getline() on HP-UX 10.x.
Don't trust closefrom() on Linux.
Switch from LibreSSL 3.4.0 to 3.4.1.
Put poll.h inside ifdef HAVE_POLL_H.
Add compat implementation of ppoll using pselect.
Correct calculation of tv_nsec in poll().
Don't auto-enable Capsicum sandbox on FreeBSD 9/10.
Allow for fd = -1 in compat ppoll overflow check.
Correct ifdef to activate poll() only if needed.
Fix typo in Neils' name.
Add minix host tuple.
Update the list of tests that don't work on Minix.
Increase timeout for test step.
Correct value for IPTOS_DSCP_LE.
Use SHA.*_HMAC_BLOCK_SIZE if needed.
Add OpenBSD 7.0 target. Retire 6.8.
Always save config.h as build artifact.
Add wrapper for "sort" to set LC_ALL=C.
libhardended_malloc.so moved into out dir.
Add "rev" command replacement if needed.
Stop on first test failure to minimize logs.
Remove sort wrapper.
Wrap OpenSSL includes in unit tests in ifdef.
Remove line leftover from upstream sync.
Invoke EXIT handler early when using Valgrind.
Move more tests out of valgrind-1 runner.
Improve compatibility of early exit trap handling.
We now support POLLPRI so actually define it.
Put poll.h inside ifdef.
Fix helper include path and remove excess code.
Stop testing OpenBSD HEAD on 6.9 and 7.0.
Simplify handling of --with-ssl-dir.
Move SSHD_ACQUIRES_CTTY workaround into compat.
Add cygwin-release test config.
Test if sshd accidentally acquires controlling tty
Comment hurd test, the VM is currently broken.
Add test configs for MUSL C library.
Really move DSA to end of list.
Skip agent-getpeereid when running as root.
Only include sys/poll.h if we don't have poll.h.
Include sys/param.h if present.
Add Alpine Linux test VM.
Extend select+rlimit sanbox test to include poll.
Tim Rice (1):
Make USL compilers happy
anton at openbsd.org (1):
upstream: Make use of ntests variable, pointed out by clang 13.
deraadt at openbsd.org (12):
upstream: switch scp(1) back to sftp protocol.
upstream: For open/openat, if the flags parameter does not contain
upstream: Many downstreams expect ssh to compile as non-C99...
upstream: Convert from select() to ppoll(). Along the way, I
upstream: aggressively pre-fill the pollfd array with fd=-1
upstream: It really looks like pledge "stdio dns" is possible
upstream: replace select() with ppoll(), including converting
upstream: convert select() to poll() ok djm
upstream: match .events with .fd better
upstream: use ppoll() instead of pselect() with djm
upstream: sys/param.h cleanup, mostly using MINIMUM() and
upstream: When poll(2) returns -1, for some error conditions
djm at openbsd.org (109):
upstream: add some debug output showing how many key file/command lines
upstream: Test certificate hostkeys held in ssh-agent too. Would have
upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds;
upstream: use libc SHA256 functions; make this work when compiled
upstream: When downloading resident keys from a FIDO token, pass
upstream: increment SSH_SK_VERSION_MAJOR to match last change
upstream: ssh-keygen: make verify-time argument parsing optional
upstream: avoid signedness warning; spotted in -portable
upstream: sshsig: add tests for signing key validity and
upstream: Better handle FIDO keys on tokens that provide user
upstream: crank SSH_SK_VERSION_MAJOR to match recent change in
upstream: move cert_filter_principals() to earlier in the file for
upstream: improve error message when trying to expand a ~user path
upstream: fix ssh-keysign for KEX algorithms that use SHA384/512
upstream: add the sntrup761x25519-sha512 at openssh.com hybrid
upstream: set num_listen_socks to 0 on close-all instead of -1,
upstream: check for POLLHUP as well as POLLIN, handle transient IO
upstream: check for POLLHUP as well as POLLIN in sshd listen loop;
upstream: fd leak in sshd listen loop error path; from Gleb
upstream: check for POLLHUP wherever we check for POLLIN
upstream: ssh-keygen -Y find-principals was verifying key validity
upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we
upstream: less confusing debug message; bz#3365
upstream: regression test for ssh-keygen -Y find-principals fix; from
upstream: debug("func: ...") -> debug_f("...")
upstream: Add ssh-keygen -Y match-principals operation to perform
upstream: regression test for match-principals. Mostly by Fabian
upstream: whitespac e
upstream: missing initialisation for oerrno
upstream: fix indenting in last commit
upstream: ssh-keygen -Y match-principals doesn't accept any -O
upstream: sshsig: return "key not found" when searching empty files
upstream: don't put the tty into raw mode when SessionType=none, avoids
upstream: move check_sk_options() up so we can use it earlier
upstream: improve the testing of credentials against inserted FIDO
upstream: hash full host:port when asked to hash output, fixes hashes
upstream: better error message for FIDO keys when we can't match
upstream: Record session ID, host key and sig at intital KEX
upstream: ssh client side of binding
upstream: ssh-agent side of binding
upstream: ssh-add side of destination constraints
upstream: ssh-add side of destination constraints
upstream: ssh-agent side of destination constraints
upstream: prepare for multiple names for authmethods
upstream: sshd side of hostbound public key auth
upstream: client side of host-bound pubkey authentication
upstream: EXT_INFO negotiation of hostbound pubkey auth
upstream: agent support for parsing hostkey-bound signatures
upstream: Use hostkey parsed from hostbound userauth request
upstream: document destination-constrained keys
upstream: document agent protocol extensions
upstream: document host-bound publickey authentication
upstream: regression test for destination restrictions in ssh-agent
upstream: split method list search functionality from
upstream: fix memleak in process_extension(); oss-fuzz issue #42719
upstream: unbreak test: was picking up system ssh-add instead of the
upstream: NULL deref when using find-principals when matching an
upstream: regression test for find-principals NULL deref; from Fabian
upstream: move sig_process_opts() to before sig_sign(); no
upstream: add missing -O option to usage() for ssh-keygen -Y sign;
upstream: allow selection of hash at sshsig signing time; code
upstream: regress test both sshsig message hash algorithms, possible
upstream: select all RSA hostkey algorithms for UpdateHostkeys tests,
upstream: fix cut-and-pasto in error message
upstream: add a comment so I don't make this mistake again
upstream: prepare for conversion of ssh, sshd mainloop from
upstream: convert ssh, sshd mainloops from select() to poll();
upstream: Fix signature algorithm selection logic for
upstream: stricter UpdateHostkey signature verification logic on
upstream: make ssh-keysign use the requested signature algorithm
upstream: include rejected signature algorithm in error message
upstream: piece of UpdateHostkeys client strictification: when
upstream: log signature algorithm during verification by monitor;
upstream: log some details on hostkeys that ssh loads for
upstream: add a helper function to match a key type to a list of
upstream: allow hostbased auth to select RSA keys when only
upstream: refactor tilde_expand_filename() and make it handle ~user
upstream: add a variant of send_status() that allows overriding the
upstream: more idiomatic error messages; spotted by jsg & deraadt
upstream: fix some corner-case bugs in scp sftp-mode handling of
upstream: use status error message to communicate ~user expansion
upstream: suppress "Connection to xxx closed" messages at LogLevel >=
upstream: remove hardcoded domain and use window.location.host, so this
upstream: use status error message to communicate ~user expansion
upstream: sshsk_sign: trim call to sshkey_fingerprint()
upstream: sshsk_load_resident: don't preallocate resp
upstream: ssh-sk: free a resident key's user id
upstream: allow pin-required FIDO keys to be added to ssh-agent(1).
upstream: when transferring multiple files in SFTP mode, create the
upstream: make most of the sftp errors more idiomatic, following
upstream: when decompressing zlib compressed packets, use
upstream: correct comment and use local variable instead of long
upstream: add a helper for writing an error message to the
upstream: Add a sshbuf_read() that attempts to read(2) directly in
upstream: Use sshbuf_read() to read directly into the channel input
upstream: add a ssh_packet_process_read() function that reads from
upstream: better match legacy scp behaviour: show un-expanded paths
upstream: mark const string array contents const too, i.e. static
upstream: allow 'ssh-keygen -Y find-principals' to match wildcard
upstream: test 'ssh-keygen -Y find-principals' with wildcard
upstream: use libfido2 1.8.0+ fido_assert_set_clientdata() instead
upstream: revert for imminent OpenSSH release, which wil ship with
upstream: document the unbound/host-bound options to
upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught
upstream: use asprintf to construct .rhosts paths
upstream: randomise the password used in fakepw
upstream: avoid integer overflow of auth attempts (harmless, caught
dtucker at openbsd.org (31):
upstream: Import regenerated moduli.
upstream: Make prototype for rijndaelEncrypt match function
upstream: Use "skip" instead of "fatal"
upstream: Remove references to privsep.
upstream: Fix up whitespace left by previous
upstream: Add test for ssh hashed known_hosts handling.
upstream: Dynamically allocate encoded HashKnownHosts and free as
upstream: Document that CASignatureAlgorithms, ExposeAuthInfo and
upstream: Fix typos in comments.
upstream: Remove unnecessary semicolons
upstream: Plug mem addrinfo mem leaks.
upstream: Plug a couple of minor mem leaks. From beldmit at
upstream: ssh-rsa is no longer in the default for
upstream: Log command invocation while debugging.
upstream: Add test for hostbased auth. It requires some external
upstream: Don't explicitly set HostbasedAuthentication in
upstream: Enable all supported hostkey algorithms (but no others).
upstream: Remove errant "set -x" left over from debugging.
upstream: "void" functions should not return anything. From Tim Rice
upstream: Don't log NULL hostname in restricted agent code,
upstream: Use egrep when searching for an anchored string.
upstream: Avoid %'s in commands (not used in OpenBSD, but used in
upstream: Set LC_ALL in both local and remote shells so that sorted
upstream: Remove explicit kill of privsep preauth child's PID in
upstream: Enable all supported ciphers and macs in the server
upstream: Since they are deprecated, move DSA to the end of the
upstream: Switch hpdelim interface to accept only ":" as delimiter.
upstream: Add unit tests for hpdelim.
upstream: Add test for empty hostname with port.
upstream: Always initialize delim before passing to hpdelim2 which
upstream: Aproximate realpath on the expected output by deduping
guenther at openbsd.org (1):
upstream: When it's the possessive of 'it', it's spelled "its",
jmc at openbsd.org (1):
upstream: sort -H and -h in SYNOPSIS/usage(); tweak the -H text;
jsg at openbsd.org (4):
upstream: fix unintended sizeof pointer in debug path ok markus@
upstream: spelling ok dtucker@
upstream: remove please from manual pages ok jmc@ sthen@ millert@
naddy at openbsd.org (1):
upstream: RSA/SHA-1 is not used by default anymore on the server
pedro martelletto (1):
fix typos in previous
No new revisions were added by this update.
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits