[openssh-commits] [openssh] annotated tag V_9_3_P1 created (now 0c3c43f1)

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Mar 16 08:36:50 AEDT 2023

This is an automated email from the git hooks/post-receive script.

djm pushed a change to annotated tag V_9_3_P1
in repository openssh.

        at  0c3c43f1  (tag)
   tagging  cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 (commit)
  replaces  V_9_2_P1
 tagged by  Damien Miller
        on  Thu Mar 16 08:29:49 2023 +1100

- Log -----------------------------------------------------------------

Damien Miller (7):
      harden Linux seccomp sandbox
      whitespace at EOL
      whitespace fixes
      avoid clash between for getopt's struct option
      bounds checking for getrrsetbyname() replacement;
      crank version

Darren Tucker (19):
      Replace 9.1 with 9.2 on CI status page.
      Add CentOS 7 test targets.
      Improve seccomp compat on older systems.
      Always use the openssl binary configure tells us.
      Wrap stdint.h inside ifdef.
      Also run unit tests on AIX VMs.
      Explicitly set permissions on user and host keys.
      Remove extended ACLs from working dirs.
      Revert explicit chmods on private keys.
      Do shadow expiry calcs using "long long".
      Cast time_t's in debug output to long long.
      Adjust test jobs for new log directory.
      Add Coverity badges.
      Add header changes missed in previous.
      Extra brackets to prevent warning.
      Limit the number of PAM environment variables.
      Limit the number of PAM environment variables.
      Wrap mkstemp calls with umask set/restore.
      Add prototypes for mkstemp replacements.

Mayank Sharma (1):
      Add includes to ptimeout test.

djm at openbsd.org (16):
      upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says
      upstream: add a `sshd -G` option that parses and prints the
      upstream: let ssh-keygen and ssh-keyscan accept
      upstream: test -Ohashalg=... and that the default output contains both
      upstream: fix progressmeter corruption on wide displays; bz3534
      upstream: actually print "channeltimeout none" in config dump mode;
      upstream: some options are not first-match-wins. Mention that there
      upstream: guard against getsockname(-1, ...) from Coverity CID
      upstream: correct size for array argument when changing
      upstream: fix memory leak in process_read() path; Spotted by James
      upstream: refactor to be more readable top to bottom. Prompted by
      upstream: use RSA/SHA256 when testing usability of private key;
      upstream: use RSA/SHA256 when testing usability of private key in
      upstream: include destination constraints for smartcard keys too.
      upstream: Like sshd_config, some ssh_config options are not
      upstream: openssh-9.3

dtucker at openbsd.org (39):
      upstream: Ensure that there is a terminating newline when adding a new
      upstream: ssh-agent doesn't actually take -v,
      upstream: Test adding terminating newline to known_hosts.
      upstream: Remove SSH_BUG_IGNOREMSG compat flag
      upstream: Remove SSH_BUG_PASSWORDPAD compat bit
      upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This
      upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code
      upstream: fseek to end of known_hosts before writing to it.
      upstream: Plug mem leak on globbed ls error path.
      upstream: Explicitly ignore return from fchmod
      upstream: fatal out if allocating banner string fails to avoid
      upstream: Rework logging for the regression tests.
      upstream: Remove old log symlinks
      upstream: Always call fclose on checkpoints.
      upstream: Quote grep and log message better.
      upstream: Fix breakage on dhgex test.
      upstream: Remove SUDO in proxy command wrapper. Anything that needs
      upstream: Check return value from fctnl and warn on failure.
      upstream: Use time_t for x11_refuse_time timeout. We need
      upstream: Check return values of dup2. Spotted by Coverity, ok djm@
      upstream: Check for non-NULL before string
      upstream: Ensure ms_remain is always initialized
      upstream: Use time_t for x11 timeout.
      upstream: Remove unused compat.h includes.
      upstream: Plug mem leak in moduli checkpoint option parsing.
      upstream: Fix mem and FILE leaks in moduli screening.
      upstream: Refactor creation of KEX proposal.
      upstream: Unit test for kex_proposal_populate_entries.
      upstream: Fix mem leak in environment setup.
      upstream: Plug mem leak. Coverity CID 405196, ok djm@
      upstream: Re-split the merge of the reorder-hostkeys test.
      upstream: Remove no-op (int) > INT_MAX checks
      upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since
      upstream: Plug mem leak on error path. Coverity CID 405026, ok djm at .
      upstream: Explicitly ignore return from fcntl
      upstream: calloc can return NULL but xcalloc can't.
      upstream: Limit number of entries in SSH2_MSG_EXT_INFO
      upstream: Check pointer for NULL before deref.
      upstream: Free KRL ptr in addition to its contents.

guenther at openbsd.org (1):
      upstream: Delete obsolete /* ARGSUSED */ lint comments.

jcs at openbsd.org (1):
      upstream: modify parentheses in conditionals to make it clearer what is

jmc at openbsd.org (3):
      upstream: sort SYNOPSIS;
      upstream: space between macro and punctuation;
      upstream: space between macro and punctuation; sort usage();

tb at openbsd.org (1):
      upstream: ssh-pkcs11: synchronize error messages with errors


No new revisions were added by this update.

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list