[openssh-commits] [openssh] annotated tag V_9_2_P1 created (now 180f2628)
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Feb 2 23:37:42 AEDT 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_9_2_P1
in repository openssh.
at 180f2628 (tag)
tagging 6dfb65de949cdd0a5d198edee9a118f265924f33 (commit)
replaces V_9_1_P1
tagged by Damien Miller
on Thu Feb 2 23:22:10 2023 +1100
- Log -----------------------------------------------------------------
openssh-9.2p1
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
hhNTEyAAAAdwAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASAAA
ACB+lbv/qZe1Qfk2p4xdQjw9Om7ddHDcpgKyogn/i+AFVgAAACBqhPzYCNNfwuN0/kGkfn
KGXgbmn/6zqleKoknaHwoeKAAAAAIR
-----END SSH SIGNATURE-----
Damien Miller (18):
remove mention of --with-security-key-builtin
mention libfido2 autodetection
whitespace at EOL
skip bsd-poll.h if poll.h found; ok dtucker
undef _get{short,long} before redefining
revert c64b62338b4 and guard POLL* defines instead
fix merge botch
disable SANDBOX_SECCOMP_FILTER_DEBUG
use calloc for allocating arc4random structs
unbreak scp on NetBSD 4.x
don't test IPv6 addresses if platform lacks support
try to improve logging for dynamic-forward test
add back use of pipes in scp.c under USE_PIPES
remove buffer len workaround for NetBSD 4.x
fix libfido2 detection without pkg-config
adapt compat_kex_proposal() test to portable
update version in README
crank versions in RPM specs
Darren Tucker (70):
Test commits to all branches of portable.
Add 9.1 branch to CI status page.
Add LibreSSL 3.6.0 to test suite.
OpenSSL dev branch now identifies as 3.2.0.
OpenSSL dev branch is 302 not 320.
Check for sockaddr_in.sin_len.
Always use compat getentropy.
Include time.h when defining timegm.
Compat tests need libcrypto.
Run compat regress tests too.
Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
Only run opensslver tests if built with OpenSSL.
Increase selfhosted job timeout.
Fix compat regress to work with non-GNU make.
Link libssh into compat tests.
Rerun tests on changes to Makefile.in in any dir.
Don't run openbsd-compat tests on Cygwin.
Fix setres*id checks to work with clang-16.
Fix tracing disable on FreeBSD.
Use "prohibit-password" in -portable comments.
Link to branch-specific queries for V_9_1 status.
Run cifuzz workflow on the actions as regular CI.
Whitespace change to trigger CIFuzz workflow.
Do not run CIFuzz on selfhosted tree.
Add CIFuzz status badge.
Branch-specific links for master status badges.
Fix merge conflict.
Split out rekey test since it runs the longest.
Update checkout and upload actions.
Add valrind-5 test here too.
Run vm startup and shutdown from runner temp dir.
Shutdown any VM before trying to check out repo.
Fix comment text. From emaste at freebsd.org.
Defer seed_rng until after closefrom call.
Skip reexec test on OpenSSL 1.1.1 specifically.
Remove seed passing over reexec.
Add dfly62 test target.
If we haven't found it yet, recheck for sys/stat.h.
Add fallback for old platforms w/out MAP_ANON.
Remove explicit "default" test config argument.
Remove unused self-hosted test targets.
Rename "os" in matrix to "target".
Add "libvirt" label to dfly30.
Make "config" in matrix singular and pass in env.
Run vmstartup from temp dir.
Rework how selfhosted tests interact with runners.
Skip unit tests on slow riscv64 hardware.
Use -fzero-call-used-regs=used on clang 15.
Restore ssh-agent permissions on exit.
Fix typo in comment. Spotted by tim@
Add SANDBOX_DEBUG to the kitchensink test build.
Move obsdsnap test VMs to ephemeral runners.
Run upstream obsdsnap tests on ephemeral runners.
obsdsnap test VMs runs-on libvirt too.
Fetch regress logs from obj dir.
Set group perms on regress dir.
Use sudo when resetting perms on directories.
Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
Simply handling of SSH_CONNECTION PAM env var.
Set OPENSSL_BIN from OpenSSL directory.
Check openssl_bin path is executable before using.
Use autoconf to find openssl binary.
Use our own netcat for dynamic-forward test.
Skip dynamic-forward test on minix3.
Remove skipping test when scp not in path.
Retry package installation 3 times.
Allow writev is seccomp sandbox.
Skip connection-timeout when missing FD passing.
Skip connection-timeout test under Valgrind.
Skip connection-timeout test on minix3.
David Korczynski (1):
Add CIFuzz integration
Harmen Stoppels (1):
Fix snprintf configure test for clang 15
Pierre Ossman (1):
Avoid assuming layout of fd_set
Rochdi Nassah (1):
Fix broken zlib link.
Rose (1):
Update autotools
Sam James (2):
configure.ac: Add <pty.h> include for openpty
configure.ac: Fix -Wstrict-prototypes
cheloha at openbsd.org (1):
upstream: remove '?' from getopt(3) loops
deraadt at openbsd.org (3):
upstream: The idiomatic way of coping with signed char vs unsigned
upstream: Create and install sshd random relink kit.
upstream: delete useless dependency
djm at openbsd.org (55):
upstream: honour user's umask if it is more restrictive then the ssh
upstream: document "-O no-restrict-websafe"; spotted by Ross L
upstream: when scp(1) is using the SFTP protocol for transport (the
upstream: regress test for unmatched glob characters; fails before
upstream: Be more paranoid with host/domain names coming from the
upstream: begin big refactor of sshkey
upstream: factor out sshkey_equal_public()
upstream: factor out public key serialization
upstream: refactor and simplify sshkey_read()
upstream: factor out key generation
upstream: refactor sshkey_from_private()
upstream: refactor sshkey_from_blob_internal()
upstream: refactor sshkey_sign() and sshkey_verify()
upstream: refactor certify
upstream: refactor sshkey_private_serialize_opt()
upstream: refactor sshkey_private_deserialize
upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
upstream: replace recently-added valid_domain() check for hostnames
upstream: fix parsing of hex cert expiry time; was checking whether the
upstream: typo in comment
upstream: rename client_global_hostkeys_private_confirm() to
upstream: New EnableEscapeCommandline ssh_config(5) option
upstream: tighten pledge(2) after session establishment
upstream: make struct sshbuf private
upstream: add a -X option to both scp(1) and sftp(1) to allow
upstream: Clear signal mask early in main(); sshd may have been
upstream: Mention that scp uses the SFTP protocol and remove
upstream: fix bug in PermitRemoteOpen which caused it to ignore its
upstream: regression test for PermitRemoteOpen
upstream: suppress "Connection closed" message when in quiet mode
upstream: add ptimeout API for keeping track of poll/ppoll
upstream: replace manual poll/ppoll timeout math with ptimeout API
upstream: Add channel_force_close()
upstream: tweak channel ctype names
upstream: Add channel_set_xtype()
upstream: Implement channel inactivity timeouts
upstream: unit tests for misc.c:ptimeout_* API
upstream: fix typo in verbose logging
upstream: regression test for ChannelTimeout
upstream: rewrite this test to use a multiplexed ssh session so we can
upstream: remove whitespace at EOL from code extracted from SUPERCOP
upstream: ignore bogus upload/download buffer lengths in the limits
upstream: clamp the minimum buffer lengths and number of inflight
upstream: avoid printf("%s", NULL) if using ssh
upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
upstream: adapt to ed25519 changes in src/usr.bin/ssh
upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
upstream: unbreak test: cannot access shell positional parameters
upstream: regression test for UnusedConnectionTimeout
upstream: also check that an active session inhibits
upstream: when restoring non-blocking mode to stdio fds, restore
upstream: fix double-free caused by compat_kex_proposal(); bz3522
upstream: openssh-9.2
upstream: test compat_kex_proposal(); by dtucker@
dtucker at openbsd.org (25):
upstream: Use variable for diff options
upstream: Fix typo. From pablomh via -portable github PR#344.
upstream: Import regenerated moduli.
upstream: Check for and disallow MaxStartups values less than or
upstream: Remove some set but otherwise unused variables, spotted
upstream: The IdentityFile option in ssh_config can also be used to
upstream: Remove errant colon and simplify format
upstream: Fix typo in fatal error message.
upstream: Handle dynamic remote port forwarding in escape commandline's
upstream: Add void to client_repledge args to fix compiler warning. ok djm@
upstream: Log output of ssh-agent and ssh-add
upstream: Clean up ssh-add and ssh-agent logs.
upstream: Remove duplicate includes.
upstream: Fix comment typo.
upstream: Add server debugging for hostbased auth.
upstream: Warn if no host keys for hostbased auth can be loaded.
upstream: Save debug logs from ssh for debugging purposes.
upstream: When OpenSSL is not available, skip parts of percent test
upstream: Add a "Host" line to the output of ssh -G showing the
upstream: Add scp's path to test sshd's PATH.
upstream: Move scp path setting to a helper function. The previous
upstream: Document "UserKnownHostsFile none". ok djm@
upstream: Instead of skipping the all-tokens test if we don't have
upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
upstream: Check if we can copy sshd or need to use sudo to do so
jmc at openbsd.org (6):
upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
upstream: add -X to usage();
upstream: spelling fixes; from paul tagliamonte amendments to his
upstream: tweak previous; ok djm
upstream: fix double phrase in previous;
upstream: tweak previous; ok djm
jsg at openbsd.org (1):
upstream: use correct type with sizeof ok djm@
mbuhl at openbsd.org (1):
upstream: In channel_request_remote_forwarding the parameters for
millert at openbsd.org (3):
upstream: Switch scp from using pipes to a socketpair for
upstream: For "ssh -V" always exit 0, there is no need to check opt
upstream: Add a -V (version) option to sshd like the ssh client
tb at openbsd.org (1):
upstream: Copy bytes from the_banana[] rather than banana()
-----------------------------------------------------------------------
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list