[openssh-commits] [openssh] annotated tag V_9_3_P1 created (now 0c3c43f1)
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Mar 16 08:36:50 AEDT 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_9_3_P1
in repository openssh.
at 0c3c43f1 (tag)
tagging cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 (commit)
replaces V_9_2_P1
tagged by Damien Miller
on Thu Mar 16 08:29:49 2023 +1100
- Log -----------------------------------------------------------------
openssh-9.3p1
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
hhNTEyAAAAeQAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASgAA
ACEAmhNP413fZYPQNGPsykzldrmkmS+ssnllBNrq2m1DFvEAAAAhANFrw/CydS6KHgiiJV
utKLAKW5BbcNsuzzIoYTyrPfEwAAAAAms=
-----END SSH SIGNATURE-----
Damien Miller (7):
harden Linux seccomp sandbox
whitespace at EOL
whitespace fixes
avoid clash between for getopt's struct option
bounds checking for getrrsetbyname() replacement;
crank version
depend
Darren Tucker (19):
Replace 9.1 with 9.2 on CI status page.
Add CentOS 7 test targets.
Improve seccomp compat on older systems.
Always use the openssl binary configure tells us.
Wrap stdint.h inside ifdef.
Also run unit tests on AIX VMs.
Explicitly set permissions on user and host keys.
Remove extended ACLs from working dirs.
Revert explicit chmods on private keys.
Do shadow expiry calcs using "long long".
Cast time_t's in debug output to long long.
Adjust test jobs for new log directory.
Add Coverity badges.
Add header changes missed in previous.
Extra brackets to prevent warning.
Limit the number of PAM environment variables.
Limit the number of PAM environment variables.
Wrap mkstemp calls with umask set/restore.
Add prototypes for mkstemp replacements.
Mayank Sharma (1):
Add includes to ptimeout test.
djm at openbsd.org (16):
upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says
upstream: add a `sshd -G` option that parses and prints the
upstream: let ssh-keygen and ssh-keyscan accept
upstream: test -Ohashalg=... and that the default output contains both
upstream: fix progressmeter corruption on wide displays; bz3534
upstream: actually print "channeltimeout none" in config dump mode;
upstream: some options are not first-match-wins. Mention that there
upstream: guard against getsockname(-1, ...) from Coverity CID
upstream: correct size for array argument when changing
upstream: fix memory leak in process_read() path; Spotted by James
upstream: refactor to be more readable top to bottom. Prompted by
upstream: use RSA/SHA256 when testing usability of private key;
upstream: use RSA/SHA256 when testing usability of private key in
upstream: include destination constraints for smartcard keys too.
upstream: Like sshd_config, some ssh_config options are not
upstream: openssh-9.3
dtucker at openbsd.org (39):
upstream: Ensure that there is a terminating newline when adding a new
upstream: ssh-agent doesn't actually take -v,
upstream: Test adding terminating newline to known_hosts.
upstream: Remove SSH_BUG_IGNOREMSG compat flag
upstream: Remove SSH_BUG_PASSWORDPAD compat bit
upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This
upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code
upstream: fseek to end of known_hosts before writing to it.
upstream: Plug mem leak on globbed ls error path.
upstream: Explicitly ignore return from fchmod
upstream: fatal out if allocating banner string fails to avoid
upstream: Rework logging for the regression tests.
upstream: Remove old log symlinks
upstream: Always call fclose on checkpoints.
upstream: Quote grep and log message better.
upstream: Fix breakage on dhgex test.
upstream: Remove SUDO in proxy command wrapper. Anything that needs
upstream: Check return value from fctnl and warn on failure.
upstream: Use time_t for x11_refuse_time timeout. We need
upstream: Check return values of dup2. Spotted by Coverity, ok djm@
upstream: Check for non-NULL before string
upstream: Ensure ms_remain is always initialized
upstream: Use time_t for x11 timeout.
upstream: Remove unused compat.h includes.
upstream: Plug mem leak in moduli checkpoint option parsing.
upstream: Fix mem and FILE leaks in moduli screening.
upstream: Refactor creation of KEX proposal.
upstream: Unit test for kex_proposal_populate_entries.
upstream: Fix mem leak in environment setup.
upstream: Plug mem leak. Coverity CID 405196, ok djm@
upstream: Re-split the merge of the reorder-hostkeys test.
upstream: Remove no-op (int) > INT_MAX checks
upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since
upstream: Plug mem leak on error path. Coverity CID 405026, ok djm at .
upstream: Explicitly ignore return from fcntl
upstream: calloc can return NULL but xcalloc can't.
upstream: Limit number of entries in SSH2_MSG_EXT_INFO
upstream: Check pointer for NULL before deref.
upstream: Free KRL ptr in addition to its contents.
guenther at openbsd.org (1):
upstream: Delete obsolete /* ARGSUSED */ lint comments.
jcs at openbsd.org (1):
upstream: modify parentheses in conditionals to make it clearer what is
jmc at openbsd.org (3):
upstream: sort SYNOPSIS;
upstream: space between macro and punctuation;
upstream: space between macro and punctuation; sort usage();
tb at openbsd.org (1):
upstream: ssh-pkcs11: synchronize error messages with errors
-----------------------------------------------------------------------
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list