[openssh-commits] [openssh] annotated tag V_9_4_P1 created (now 8125afa5)
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Aug 10 20:16:00 AEST 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_9_4_P1
in repository openssh.
at 8125afa5 (tag)
tagging daa5b2d869ee5a16f3ef9035aa0ad3c70cf4028e (commit)
replaces V_9_3_P1
tagged by Damien Miller
on Thu Aug 10 11:11:00 2023 +1000
- Log -----------------------------------------------------------------
openssh-9.4
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
hhNTEyAAAAeAAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASQAA
ACA7Xa6lzKnpKsOQQdmYMus+JIAun23A8AzlhpdMqQo2TwAAACEAyv4lcRkAJzLWNfcHss
wbYQu99ItWBHsZ91T3SDHNStkAAAADjQ==
-----END SSH SIGNATURE-----
Carlos Rodríguez Gili (1):
Fix test error for /bin/sh on Solaris 10 and older
Damien Miller (23):
remove support for old libcrypto
put back SSLeay_version compat in configure test
Allow building with BoringSSL
don't use obsolete ERR_load_CRYPTO_strings()
another ERR_load_CRYPTO_strings() vestige
BoringSSL doesn't support EC_POINT_point2bn()
Github testing support for BoringSSL
don't call connect() on negative socket
need va_end() after va_copy(); ok dtucker
remove unused upper-case const strings in fmtfp
handle sysconf(SC_OPEN_MAX) returning > INT_MAX;
replace deprecate selinux matchpathcon function
portable-specific int overflow defence-in-depth
avoid AF_LINK on platforms that don't define it
conditionalise match localnetwork on ifaddrs.h
conditionalise stdint.h inclusion on HAVE_STDINT_H
agent_fuzz doesn't want stdint.h conditionalised
Bring back OPENSSL_HAS_ECC to ssh-pkcs11-client
depend
wrap poll.h include in HAVE_POLL_H
update version in README
update versions in RPM specs
depend
Darren Tucker (32):
Show 9.3 branch instead of 9.2.
Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7.
Find suitable OpenSSL version.
Specify test target if we build without OpenSSL.
Split libcrypto and other config flags.
Explicitly disable security key test on aix51 VM.
Also look for gdb error message from OpenIndiana.
Explicitly disable OpenSSL on AIX test VM.
Pass rpath when building 64bit Solaris.
Configure with --target instead of deprecated form.
Replace OPENSSL_NO_SHA with HEADER_SHA_H.
Remove HEADER_SHA_H from previous...
Prevent conflicts between Solaris SHA2 and OpenSSL.
child_set_eng: verify both env pointer and count.
Test against LibreSSL 3.7.2.
Add macos-13 test target.
Handle OpenSSL >=3 ABI compatibility.
Include config.guess in debug output.
Skip agent-peereid test on macos13.
Add macos13 PAM test target.
Update OpenSSL compat test for 3.x.
Suppress warning for snprintf truncation test.
Remove warning pragma since clang doesn't like it.
main(void) to prevent unused variable warning.
Special case OpenWrt instead of Dropbear.
Make ssh-copy-id(1) consistent with OpenSSH.
Update runner OS version for hardenedmalloc test.
Fix typo in declaration of nmesg.
Handle a couple more OpenSSL no-ecc cases.
Retire dfly58 test VM. Add dfly64.
Prefer OpenSSL's SHA256 in sk-dummy.so
Fix RNG seeding for OpenSSL w/out self seeding.
David Seifert (1):
gss-serv.c: `MAXHOSTNAMELEN` -> `HOST_NAME_MAX`
Jakub Jelen (1):
Remove outdated comment
Philip Hands (7):
update copyright notices
ssh-copy-id: add -x option (for debugging)
add -t option to specify the target path
make -x also apply to the target script
drop whitespace
if -s & -p specified, mention 'sftp -P' on success
fixup! if -s & -p specified, mention 'sftp -P' on
djm at openbsd.org (46):
upstream: scp: when copying local->remote, check that source file
upstream: fix test: getnameinfo returns a non-zero value on error, not
upstream: fix memory leak; Coverity CID 291848
upstream: return SSH_ERR_KEY_NOT_FOUND if the allowed_signers file
upstream: remove unused variable; prompted by Coverity CID 291879
upstream: don't attempt to decode a ridiculous number of
upstream: remove redundant test
upstream: don't print key if printing hostname failed; with/ok
upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker
upstream: don't leak arg2 on parse_pubkey_algos error path; ok
upstream: don't care about glob() return value here.
upstream: match_user() shouldn't be called with user==NULL unless
upstream: remove redundant ssh!=NULL check; we'd already
upstream: simplify sshsig_find_principals() similar to what happened to
upstream: Check for ProxyJump=none in CanonicalizeHostname logic.
upstream: adjust ftruncate() logic to handle servers that reorder
upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand
upstream: reset comment=NULL for each key in do_fingerprint();
upstream: prepare for support for connecting to unix domain sockets
upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtucker
upstream: make `ssh -Q CASignatureAlgorithms` only list signature
upstream: better validate CASignatureAlgorithms in ssh_config and
upstream: misplaced debug message
upstream: add defence-in-depth checks for some unreachable integer
upstream: Support for KRL extensions.
upstream: remove vestigal support for KRL signatures
upstream: add a "match localnetwork" predicate.
upstream: Add support for configuration tags to ssh(1).
upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a
upstream: Move RCSID to before license block and away from #includes,
upstream: move other RCSIDs to before their respective license blocks
upstream: missing match localnetwork negation check
upstream: terminate process if requested to load a PKCS#11 provider
upstream: Disallow remote addition of FIDO/PKCS11 provider
upstream: Ensure FIDO/PKCS11 libraries contain expected symbols
upstream: Separate ssh-pkcs11-helpers for each p11 module
upstream: make ssh -f (fork after authentication) work properly in
upstream: increase default KDF work-factor for OpenSSH format
upstream: make sshd_config AuthorizedPrincipalsCommand and
upstream: don't incorrectly truncate logged strings retrieved from
upstream: better error messages
upstream: test ChrootDirectory in Match block
upstream: add LTESTS_FROM variable to allow skipping of tests up to
upstream: don't need to start a command here; use ssh -N instead.
upstream: CheckHostIP has defaulted to 'no' for a while; make the
upstream: openssh-9.4
dlg at openbsd.org (1):
upstream: add support for unix domain sockets to ssh -W
dtucker at openbsd.org (20):
upstream: Add tilde and environment variable expansion to
upstream: Add RevokedHostKeys to percent expansion test.
upstream: Remove compat code for OpenSSL 1.0.*
upstream: Remove compat code for OpenSSL < 1.1.*
upstream: Plug more mem leaks in sftp by making
upstream: Plug potential mem leak in process_put.
upstream: Ignore return from sshpkt_disconnect
upstream: Remove dead code from inside if block.
upstream: Ignore return value from muxclient(). It normally loops
upstream: Check fd against >=0 instead of >0 in error path. The
upstream: Return immediately from get_sock_port
upstream: Explictly ignore return codes
upstream: Explicitly ignore return from waitpid here too.
upstream: Move up null check and simplify process_escapes.
upstream: Import regenerated moduli.
upstream: Remove unused prototypes for ssh1 RSA functions.
upstream: minleft and maxsign are u_int so cast appropriately. Prompted
upstream: Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build.
upstream: remove unnecessary if statement.
upstream: Apply ConnectTimeout to multiplexing local socket
jmc at openbsd.org (4):
upstream: -P before -p in SYNOPSIS;
upstream: - add -P to usage() - sync the arg name to -J in usage()
upstream: tweak the allow-remote-pkcs11 text;
upstream: %C is a callable macro in mdoc(7)
jsg at openbsd.org (3):
upstream: fix double words ok dtucker@
upstream: remove duplicate signal.h include
upstream: configuation -> configuration
millert at openbsd.org (1):
upstream: Store timeouts as int, not u_int as they are limited to
naddy at openbsd.org (1):
upstream: man page typos; ok jmc@
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new e797e5ff upstream: openssh-9.4
new e598b92b update version in README
new 41bfb63f update versions in RPM specs
new daa5b2d8 depend
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit daa5b2d869ee5a16f3ef9035aa0ad3c70cf4028e
Author: Damien Miller <djm at mindrot.org>
Date: Thu Aug 10 11:10:22 2023 +1000
depend
commit 41bfb63f5101fbacde9d8d2ada863f9ee16df194
Author: Damien Miller <djm at mindrot.org>
Date: Thu Aug 10 11:05:42 2023 +1000
update versions in RPM specs
commit e598b92b1eecedac21667edf1fe92078eaf8f2b1
Author: Damien Miller <djm at mindrot.org>
Date: Thu Aug 10 11:05:14 2023 +1000
update version in README
commit e797e5ffa74377c8696e3b0559a258d836479239
Author: djm at openbsd.org <djm at openbsd.org>
Date: Thu Aug 10 01:01:07 2023 +0000
upstream: openssh-9.4
OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list