[openssh-commits] [openssh] annotated tag V_8_5_P1 created (now f16efd9d)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Mar 3 11:55:27 AEDT 2021

This is an automated email from the git hooks/post-receive script.

djm pushed a change to annotated tag V_8_5_P1
in repository openssh.

        at  f16efd9d  (tag)
   tagging  d2afd717e62d76bb41ab5f3ab4ce6f885c8edc98 (commit)
  replaces  V_8_4_P1
 tagged by  Damien Miller
        on  Tue Mar 2 23:04:19 2021 +1100

- Log -----------------------------------------------------------------


Damien Miller (34):
      add some openbsd-compat licenses we missed
      use relative rather than system include here
      fix netcat build problem
      adapt sk-dummy's fatal implementation to changes
      logging is now macros, remove function pointers
      check for and require a C99 capable compiler
      sync regress/misc/sk-dummy/fatal.c
      missing header
      Remove checks for strict POSIX mkdtemp()
      SELinux has deprecated security_context_t
      Revert "detect Linux/X32 systems"
      use options that work with recent clang
      basic KEX fuzzer; adapted from Markus' unittest
      ensure $LOGNAME is set in tests
      whitespace at EOL
      whitespace at EOL
      adapt KEX fuzzer to PQ kex change
      fix: missing pieces of previous commit
      correct kex name in disabled code
      support for running kex fuzzer with null cipher
      fuzz diffie-hellman-group-exchange-sha1 kex too
      some fixed test data (mostly keys) for fuzzing
      move keys out of kex_fuzz.cc into separate header
      ssh-agent fuzzer
      expect fuzz cases to have length prefix
      allow a fuzz case to contain more than one request
      don't free string returned by login_getcapstr(3)
      prefer login_getpwclass() to login_getclass()
      support OpenSSL 3.x cipher IV API change
      detech BSD libc hash functions in libbsd / libmd
      Revert "ssh: optional bind interface if bind address specified."
      update RPM spec version numbers
      update relnotes URL
      update depend

Darren Tucker (61):
      Use fatal_fr not fatal_r when passing r.
      AC_CHECK_HEADER() is obsoleted in autoconf 2.70.
      Move AC_PROG_CC_C99 to immediately afer AC_PROG_CC.
      Replace AC_TRY_COMPILE obsoleted in autoconf 2.70.
      Remove AC_PROC_CC_C99 obsoleted in autoconf 2.70.
      Fix function body for variadic macro test.
      Remove preprocessor directive from log macro calls.
      Prevent excessively long username going to PAM.
      Remove obsolete AC_HEADER_TIME macro.
      Remove use of TIME_WITH_SYS_TIME.
      Add new pselect6_time64 syscall on ARM.
      Restore correct flags during localtime_r check.
      Use "=" not "==" in string test.
      Pull in missing rev 1.2.
      Include stdio.h for FILE in misc.h.
      Improve AIX text.
      Undef int32 after sort routines.
      Add Ubuntu 16.04 and 20.04 test targets.
      Run tests with sudo for better coverage.
      Add test against Graphene hardened malloc.
      Add Mac OS X test targets.
      Merge Mac OS X targets into a single config.
      ifdef new instance of sin6_scope_id
      Disable sntrup761 if compiler doesn't support VLAs.
      Run one test with -Werror to catch warnings.
      Install moduli file before tests.
      Remove whitespace.
      Add test against openssl head and libressl head.
      make with -j2 to use available CPUs.
      Add a hostname function for systems that don't have it.
      Add __NR_futex_time64 to seccomp sandbox.
      Add self-hosted runners for VMs of other platforms.
      Only run selfhosted tests from selfhosted repo.
      Convert most github hosted tests to new config structure.
      Merge macos and ubuntu tests.
      Skip unit tests on hosted VMs to speed things up.
      More compact representation of config matrix.
      Fix labels on targets (dots vs underscores).
      Quote SSHD_CONFOPTS in case it contains spaces.
      Always intall moduli.
      Remove SKIP_UNIT as it needs to be a make arg.
      Skip unit tests on sol11 to speed things up.
      Install moduli on target not host.
      Fixing quoting for installing moduli on target guest.
      Add bbone test target (arm32).
      Add DEBUG_SK to kitchensink builds.
      Remove unused arg.
      Add fbsd12 test target.
      Add test against Valgrind.
      Actually run Valgrind tests.
      Comment out Solaris 64bit PAM build...
      Upload regress failure logs in c-cpp too.
      Rename "vm" to "os" in selfhosted to match c-cpp.
      Upload valgrind logs on failure.
      Disable rlimit sandbox, doesn't work with valgrind
      Valgrind test: split and move up list.
      Add a couple more test VMs.
      Remove macos-11.0 from the test target list.
      Remove macos-11.00 PAM test target too.
      zlib is now optional.
      Only upload config logs if configure fails.

David Carlier (1):
      Using explicit_memset for the explicit_bzero compatibility layer.

Dmitrii Turlupov (1):
      ssh: optional bind interface if bind address specified.

Duncan Eastoe (1):
      session.c: use "denylist" terminology

HARUYAMA Seigo (1):
      Restore first section title of INSTALL

Jakub Jelen (2):
      restorecon the correct directory
      if unable to add a missing newline, fail

Jeffrey H. Johnson (1):
      Fix punctuatio and typo in README.md.

Luca Weiss (1):
      Deny (non-fatal) statx in preauth privsep child.

Oleg (1):
      Fix `EOF: command not found` error in ssh-copy-id

Philip Hands (9):
      ksh doesn't grok 'local'
      un-nest $() to make ksh cheerful
      add -s flag: to install keys via SFTP
      tidy up test of $SCRATCH_DIR creation
      shellcheck tidyage
      combine if/elif to avoid duplication of the action
      shift contents of long $() into filter_ids()
      use $AUTH_KEY_DIR, now that we have it
      tidy the $INSTALLKEY_SH code layout a little

anatasluo (1):
      Remove duplicated declaration in fatal.c .

claudio at openbsd.org (1):
      upstream: Free the previously allocated msg buffer after writing it

deraadt at openbsd.org (1):
      upstream: split introductory paragraph, and insert ominous words about

djm at openbsd.org (105):
      upstream: want time.h here too
      upstream: prefer ed25519 signature algorithm variants to ECDSA; ok
      upstream: record when the host key checking code downgrades a
      upstream: disable UpdateHostkeys when a wildcard hostname pattern
      upstream: enable UpdateHostkeys by default when the configuration
      upstream: There are lots of place where we want to redirect stdin,
      upstream: when ordering host key algorithms in the client, consider
      upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is
      upstream: simply disable UpdateHostkeys when a certificate
      upstream: revert kex->flags cert hostkey downgrade back to a plain
      upstream: don't UpdateHostkeys when the hostkey is verified by the
      upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug
      upstream: Disable UpdateHostkeys when hostkey checking fails
      upstream: remove GlobalKnownHostsFile for this test after
      upstream: clarify conditions for UpdateHostkeys
      upstream: don't misdetect comma-separated hostkey names as wildcards;
      upstream: UpdateHostkeys: better detect manual host entries
      upstream: UpdateHostkeys: better CheckHostIP handling
      upstream: UpdateHostkeys: check for keys under other names
      upstream: make UpdateHostkeys still more conservative: refuse to
      upstream: use do_log2 instead of function pointers to different log
      upstream: revised log infrastructure for OpenSSH
      upstream: LogVerbose keyword for ssh and sshd
      upstream: make the log functions that exit (sshlogdie(),
      upstream: add some variant log.h calls that prepend the calling
      upstream: remove a level of macro indirection; ok markus@
      upstream: variants of the log methods that append a ssherr.h string
      upstream: use the new variant log macros instead of prepending
      upstream: fix SEGV on fatal() errors spotted by dtucker@
      upstream: UpdateHostkeys: fixed/better detection of host keys that
      upstream: whitespace; no code change
      upstream: fix type of nid in type_bits_valid(); github PR#202 from
      upstream: fix sshd_config SetEnv directive inside Match blocks; part of
      upstream: print reason in fatal error message when
      upstream: fold consecutive '*' wildcards to mitigate combinatorial
      upstream: when requesting a security key touch on stderr, inform the
      upstream: unbreak; missing NULL check
      upstream: fix logic error that broke URI parsing in ProxyJump
      upstream: when prompting the user to accept a new hostkey, display
      upstream: prefix keyboard interactive prompts with (user at host) to
      upstream: scrub keyboard-interactive authentication prompts coming
      upstream: revert r1.341; it breaks ProxyJump; reported by sthen@
      upstream: when mentioning that the host key has changed, don't
      upstream: when loading PKCS#11 keys, include the key fingerprints
      upstream: clean up passing of struct passwd from monitor to preauth
      upstream: Set the specified TOS/DSCP for interactive use prior to
      upstream: check result of strchr() against NULL rather than
      upstream: make program name be const
      upstream: typos: s/hex/kex/ in error messages
      upstream: fix minor memleak of kex->hostkey_alg on rekex
      upstream: memleak of DH public bignum; found with libfuzzer
      upstream: make ssh_free(NULL) a no-op
      upstream: shuffle a few utility functions into sftp-client.c; from
      upstream: use _PATH_SSH_USER_DIR instead of hardcoded .ssh in path
      upstream: prepare readconf.c for fuzzing; remove fatal calls and
      upstream: refactor client percent_expand() argument passing;
      upstream: fix possible error("%s", NULL) on error paths
      upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
      upstream: allow UserKnownHostsFile=none; feedback and ok markus@
      upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok
      upstream: few more things needs match.c and addrmatch.c now that
      upstream: adapt to API change in hostkeys_foreach()/load_hostkeys()
      upstream: properly fix ProxyJump parsing; Thanks to tb@ for
      upstream: move subprocess() from auth.c to misc.c
      upstream: add a ssh_config KnownHostsCommand that allows the client
      upstream: regress test for KnownHostsCommand
      upstream: more detail for failing tests
      upstream: Update/replace the experimental post-quantim hybrid key
      upstream: Adapt to replacement of
      upstream: mention that DisableForwarding is valid in a sshd_config
      upstream: don't try to use timespeccmp(3) directly as a qsort(3)
      upstream: If a signature operation on a FIDO key fails with a
      upstream: make CheckHostIP default to 'no'. It doesn't provide any
      upstream: make ssh hostbased authentication send the signature
      upstream: factor out common code in the agent client
      upstream: use recallocarray to allocate the agent sockets table;
      upstream: move check_host_cert() from sshconnect,c to sshkey.c and
      upstream: make struct hostkeys public; I have no idea why I made it
      upstream: more ssh-agent refactoring
      upstream: refactor key constraint parsing in ssh-agent
      upstream: remove global variable used to stash compat flags and use the
      upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
      upstream: this needs kex.h now
      upstream: fix leak: was double allocating kex->session_id buffer
      upstream: give typedef'd struct a struct name; makes the fuzzer I'm
      upstream: fix the values of enum sock_type
      upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy
      upstream: more strictly enforce KEX state-machine by banning packet
      upstream: memleak on error path; ok markus@
      upstream: fix memleaks in private key deserialisation; enforce more
      upstream: whitespace
      upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own
      upstream: sftp: add missing lsetstat at openssh.com documentation
      upstream: sftp-server: implement limits at openssh.com extension
      upstream: unbreak SK_DEBUG builds
      upstream: make names in function prototypes match those in
      upstream: Fix the hostkeys rotation extension documentation
      upstream: warn when the user specifies a ForwardAgent path that does
      upstream: Correct reference to signature algorithms as keys; from
      upstream: lots more s/key types/signature algorithms/ mostly in
      upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/
      upstream: a bit more debugging behind #ifdef DEBUG_SK
      upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
      upstream: fix alphabetic ordering of options; spotted by Iain Morgan
      upstream: openssh-8.5

dlg at openbsd.org (1):
      upstream: ProxyJump takes "none" to disable processing like

dtucker at openbsd.org (44):
      upstream: Regen moduli.
      upstream: Allow full range of UIDs and GIDs for sftp chown and
      upstream: Agent protocol draft is now at rev 4. ok djm@
      upstream: Adapt XMSS to new logging infrastructure. With markus@, ok
      upstream: Minor man page fixes (capitalization, commas) identified by
      upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro.
      upstream: Add a comment documenting the source of the moduli group
      upstream: Prevent integer overflow when ridiculously large
      upstream: Specify that the KDF function is bcrypt. Based on github
      upstream: draft-ietf-secsh-architecture is now RFC4251.
      upstream: Explicitly initialize all members of the
      upstream: When doing an sftp recursive upload or download of a
      upstream: Document ssh-keygen -Z, sanity check its argument earlier and
      upstream: Include cipher.h for declaration of cipher_by_name.
      upstream: Ignore comments at the end of config lines in ssh_config,
      upstream: Remove the pre-standardization cipher
      upstream: Remove explicit rijndael-cbc at lysator.liu.se test since the
      upstream: estructure sntrup761.sh to process all files in a single
      upstream: Update the sntrup761 creation script and generated code:
      upstream: Move address handling functions out into their own file
      upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize
      upstream: Change convtime() from returning long to returning int.
      upstream: Update unittests for addr.c/addrmatch.c split.
      upstream: Adjust kexfuzz to addr.c/addrmatch.c split.
      upstream: Correct spelling of persourcenetblocksize in config-dump
      upstream: In waitfd(), when poll returns early we are subtracting
      upstream: Change types in convtime() unit test to int to match
      upstream: Make output buffer larger to prevent potential truncation
      upstream: Change types in convtime() unit test to int to match change
      upstream: Rename PubkeyAcceptedKeyTypes keyword to
      upstream: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms
      upstream: Fix long->int for convtime tests here too. Spotted by
      upstream: Rename HostbasedKeyTypes (ssh) and
      upstream: Remove unused variables leftover from refactoring. ok
      upstream: Logical not bitwise or. ok djm@
      upstream: Set linesize returned by getline to zero when freeing and
      upstream: Remove debug message from sigchld handler. While this
      upstream: hostname is not specified by POSIX but uname -n is, so use
      upstream: Roll back the hostname->uname change in rev 1.10. It turns
      upstream: Make sure puttygen is new enough to successfully run the
      upstream: Put obsolete aliases for hostbasedalgorithms and
      upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in
      upstream: Do not try to reset signal handler for signal 0 in
      upstream: Add %k to list of keywords. From

jmc at openbsd.org (3):
      upstream: add space between macro arg and punctuation;
      upstream: tweak the description of KnownHostsCommand in ssh_conf.5,
      upstream: add a comma to previous;

kn at openbsd.org (1):
      upstream: Zap unused family parameter from ssh_connect_direct()

markus at openbsd.org (2):
      upstream: factor out opt_array_append; ok djm@
      upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding

naddy at openbsd.org (1):
      upstream: move HostbasedAcceptedAlgorithms to the right place in

rob at openbsd.org (1):
      upstream: Minor grammatical correction.

tb at openbsd.org (1):
      upstream: Remove lines accidentally left behind in the ProxyJump

tobhe at openbsd.org (3):
      upstream: Print client kem key with correct length.
      upstream: Use int64_t for intermediate values in int32_MINMAX to
      upstream: Prevent redefinition of `crypto_int32' error with gcc3.

wangxp006 (1):


No new revisions were added by this update.

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list