[openssh-commits] [openssh] annotated tag V_9_2_P1 created (now 180f2628)

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Feb 2 23:37:42 AEDT 2023


This is an automated email from the git hooks/post-receive script.

djm pushed a change to annotated tag V_9_2_P1
in repository openssh.

        at  180f2628  (tag)
   tagging  6dfb65de949cdd0a5d198edee9a118f265924f33 (commit)
  replaces  V_9_1_P1
 tagged by  Damien Miller
        on  Thu Feb 2 23:22:10 2023 +1100

- Log -----------------------------------------------------------------
openssh-9.2p1
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
hhNTEyAAAAdwAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASAAA
ACB+lbv/qZe1Qfk2p4xdQjw9Om7ddHDcpgKyogn/i+AFVgAAACBqhPzYCNNfwuN0/kGkfn
KGXgbmn/6zqleKoknaHwoeKAAAAAIR
-----END SSH SIGNATURE-----

Damien Miller (18):
      remove mention of --with-security-key-builtin
      mention libfido2 autodetection
      whitespace at EOL
      skip bsd-poll.h if poll.h found; ok dtucker
      undef _get{short,long} before redefining
      revert c64b62338b4 and guard POLL* defines instead
      fix merge botch
      disable SANDBOX_SECCOMP_FILTER_DEBUG
      use calloc for allocating arc4random structs
      unbreak scp on NetBSD 4.x
      don't test IPv6 addresses if platform lacks support
      try to improve logging for dynamic-forward test
      add back use of pipes in scp.c under USE_PIPES
      remove buffer len workaround for NetBSD 4.x
      fix libfido2 detection without pkg-config
      adapt compat_kex_proposal() test to portable
      update version in README
      crank versions in RPM specs

Darren Tucker (70):
      Test commits to all branches of portable.
      Add 9.1 branch to CI status page.
      Add LibreSSL 3.6.0 to test suite.
      OpenSSL dev branch now identifies as 3.2.0.
      OpenSSL dev branch is 302 not 320.
      Check for sockaddr_in.sin_len.
      Always use compat getentropy.
      Include time.h when defining timegm.
      Compat tests need libcrypto.
      Run compat regress tests too.
      Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
      Only run opensslver tests if built with OpenSSL.
      Increase selfhosted job timeout.
      Fix compat regress to work with non-GNU make.
      Link libssh into compat tests.
      Rerun tests on changes to Makefile.in in any dir.
      Don't run openbsd-compat tests on Cygwin.
      Fix setres*id checks to work with clang-16.
      Fix tracing disable on FreeBSD.
      Use "prohibit-password" in -portable comments.
      Link to branch-specific queries for V_9_1 status.
      Run cifuzz workflow on the actions as regular CI.
      Whitespace change to trigger CIFuzz workflow.
      Do not run CIFuzz on selfhosted tree.
      Add CIFuzz status badge.
      Branch-specific links for master status badges.
      Fix merge conflict.
      Split out rekey test since it runs the longest.
      Update checkout and upload actions.
      Add valrind-5 test here too.
      Run vm startup and shutdown from runner temp dir.
      Shutdown any VM before trying to check out repo.
      Fix comment text.  From emaste at freebsd.org.
      Defer seed_rng until after closefrom call.
      Skip reexec test on OpenSSL 1.1.1 specifically.
      Remove seed passing over reexec.
      Add dfly62 test target.
      If we haven't found it yet, recheck for sys/stat.h.
      Add fallback for old platforms w/out MAP_ANON.
      Remove explicit "default" test config argument.
      Remove unused self-hosted test targets.
      Rename "os" in matrix to "target".
      Add "libvirt" label to dfly30.
      Make "config" in matrix singular and pass in env.
      Run vmstartup from temp dir.
      Rework how selfhosted tests interact with runners.
      Skip unit tests on slow riscv64 hardware.
      Use -fzero-call-used-regs=used on clang 15.
      Restore ssh-agent permissions on exit.
      Fix typo in comment.  Spotted by tim@
      Add SANDBOX_DEBUG to the kitchensink test build.
      Move obsdsnap test VMs to ephemeral runners.
      Run upstream obsdsnap tests on ephemeral runners.
      obsdsnap test VMs runs-on libvirt too.
      Fetch regress logs from obj dir.
      Set group perms on regress dir.
      Use sudo when resetting perms on directories.
      Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
      Simply handling of SSH_CONNECTION PAM env var.
      Set OPENSSL_BIN from OpenSSL directory.
      Check openssl_bin path is executable before using.
      Use autoconf to find openssl binary.
      Use our own netcat for dynamic-forward test.
      Skip dynamic-forward test on minix3.
      Remove skipping test when scp not in path.
      Retry package installation 3 times.
      Allow writev is seccomp sandbox.
      Skip connection-timeout when missing FD passing.
      Skip connection-timeout test under Valgrind.
      Skip connection-timeout test on minix3.

David Korczynski (1):
      Add CIFuzz integration

Harmen Stoppels (1):
      Fix snprintf configure test for clang 15

Pierre Ossman (1):
      Avoid assuming layout of fd_set

Rochdi Nassah (1):
      Fix broken zlib link.

Rose (1):
      Update autotools

Sam James (2):
      configure.ac: Add <pty.h> include for openpty
      configure.ac: Fix -Wstrict-prototypes

cheloha at openbsd.org (1):
      upstream: remove '?' from getopt(3) loops

deraadt at openbsd.org (3):
      upstream: The idiomatic way of coping with signed char vs unsigned
      upstream: Create and install sshd random relink kit.
      upstream: delete useless dependency

djm at openbsd.org (55):
      upstream: honour user's umask if it is more restrictive then the ssh
      upstream: document "-O no-restrict-websafe"; spotted by Ross L
      upstream: when scp(1) is using the SFTP protocol for transport (the
      upstream: regress test for unmatched glob characters; fails before
      upstream: Be more paranoid with host/domain names coming from the
      upstream: begin big refactor of sshkey
      upstream: factor out sshkey_equal_public()
      upstream: factor out public key serialization
      upstream: refactor and simplify sshkey_read()
      upstream: factor out key generation
      upstream: refactor sshkey_from_private()
      upstream: refactor sshkey_from_blob_internal()
      upstream: refactor sshkey_sign() and sshkey_verify()
      upstream: refactor certify
      upstream: refactor sshkey_private_serialize_opt()
      upstream: refactor sshkey_private_deserialize
      upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
      upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
      upstream: replace recently-added valid_domain() check for hostnames
      upstream: fix parsing of hex cert expiry time; was checking whether the
      upstream: typo in comment
      upstream: rename client_global_hostkeys_private_confirm() to
      upstream: New EnableEscapeCommandline ssh_config(5) option
      upstream: tighten pledge(2) after session establishment
      upstream: make struct sshbuf private
      upstream: add a -X option to both scp(1) and sftp(1) to allow
      upstream: Clear signal mask early in main(); sshd may have been
      upstream: Mention that scp uses the SFTP protocol and remove
      upstream: fix bug in PermitRemoteOpen which caused it to ignore its
      upstream: regression test for PermitRemoteOpen
      upstream: suppress "Connection closed" message when in quiet mode
      upstream: add ptimeout API for keeping track of poll/ppoll
      upstream: replace manual poll/ppoll timeout math with ptimeout API
      upstream: Add channel_force_close()
      upstream: tweak channel ctype names
      upstream: Add channel_set_xtype()
      upstream: Implement channel inactivity timeouts
      upstream: unit tests for misc.c:ptimeout_* API
      upstream: fix typo in verbose logging
      upstream: regression test for ChannelTimeout
      upstream: rewrite this test to use a multiplexed ssh session so we can
      upstream: remove whitespace at EOL from code extracted from SUPERCOP
      upstream: ignore bogus upload/download buffer lengths in the limits
      upstream: clamp the minimum buffer lengths and number of inflight
      upstream: avoid printf("%s", NULL) if using ssh
      upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
      upstream: adapt to ed25519 changes in src/usr.bin/ssh
      upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
      upstream: unbreak test: cannot access shell positional parameters
      upstream: regression test for UnusedConnectionTimeout
      upstream: also check that an active session inhibits
      upstream: when restoring non-blocking mode to stdio fds, restore
      upstream: fix double-free caused by compat_kex_proposal(); bz3522
      upstream: openssh-9.2
      upstream: test compat_kex_proposal(); by dtucker@

dtucker at openbsd.org (25):
      upstream: Use variable for diff options
      upstream: Fix typo. From pablomh via -portable github PR#344.
      upstream: Import regenerated moduli.
      upstream: Check for and disallow MaxStartups values less than or
      upstream: Remove some set but otherwise unused variables, spotted
      upstream: The IdentityFile option in ssh_config can also be used to
      upstream: Remove errant colon and simplify format
      upstream: Fix typo in fatal error message.
      upstream: Handle dynamic remote port forwarding in escape commandline's
      upstream: Add void to client_repledge args to fix compiler warning. ok djm@
      upstream: Log output of ssh-agent and ssh-add
      upstream: Clean up ssh-add and ssh-agent logs.
      upstream: Remove duplicate includes.
      upstream: Fix comment typo.
      upstream: Add server debugging for hostbased auth.
      upstream: Warn if no host keys for hostbased auth can be loaded.
      upstream: Save debug logs from ssh for debugging purposes.
      upstream: When OpenSSL is not available, skip parts of percent test
      upstream: Add a "Host" line to the output of ssh -G showing the
      upstream: Add scp's path to test sshd's PATH.
      upstream: Move scp path setting to a helper function. The previous
      upstream: Document "UserKnownHostsFile none". ok djm@
      upstream: Instead of skipping the all-tokens test if we don't have
      upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
      upstream: Check if we can copy sshd or need to use sudo to do so

jmc at openbsd.org (6):
      upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
      upstream: add -X to usage();
      upstream: spelling fixes; from paul tagliamonte amendments to his
      upstream: tweak previous; ok djm
      upstream: fix double phrase in previous;
      upstream: tweak previous; ok djm

jsg at openbsd.org (1):
      upstream: use correct type with sizeof ok djm@

mbuhl at openbsd.org (1):
      upstream: In channel_request_remote_forwarding the parameters for

millert at openbsd.org (3):
      upstream: Switch scp from using pipes to a socketpair for
      upstream: For "ssh -V" always exit 0, there is no need to check opt
      upstream: Add a -V (version) option to sshd like the ssh client

tb at openbsd.org (1):
      upstream: Copy bytes from the_banana[] rather than banana()

-----------------------------------------------------------------------

No new revisions were added by this update.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list