[openssh-commits] [openssh] annotated tag V_8_5_P1 created (now f16efd9d)
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Mar 3 11:55:27 AEDT 2021
This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_8_5_P1
in repository openssh.
at f16efd9d (tag)
tagging d2afd717e62d76bb41ab5f3ab4ce6f885c8edc98 (commit)
tagged by Damien Miller
on Tue Mar 2 23:04:19 2021 +1100
- Log -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Damien Miller (34):
add some openbsd-compat licenses we missed
use relative rather than system include here
fix netcat build problem
adapt sk-dummy's fatal implementation to changes
logging is now macros, remove function pointers
check for and require a C99 capable compiler
Remove checks for strict POSIX mkdtemp()
SELinux has deprecated security_context_t
Revert "detect Linux/X32 systems"
use options that work with recent clang
basic KEX fuzzer; adapted from Markus' unittest
ensure $LOGNAME is set in tests
whitespace at EOL
whitespace at EOL
adapt KEX fuzzer to PQ kex change
fix: missing pieces of previous commit
correct kex name in disabled code
support for running kex fuzzer with null cipher
fuzz diffie-hellman-group-exchange-sha1 kex too
some fixed test data (mostly keys) for fuzzing
move keys out of kex_fuzz.cc into separate header
expect fuzz cases to have length prefix
allow a fuzz case to contain more than one request
don't free string returned by login_getcapstr(3)
prefer login_getpwclass() to login_getclass()
support OpenSSL 3.x cipher IV API change
detech BSD libc hash functions in libbsd / libmd
Revert "ssh: optional bind interface if bind address specified."
update RPM spec version numbers
update relnotes URL
Darren Tucker (61):
Use fatal_fr not fatal_r when passing r.
AC_CHECK_HEADER() is obsoleted in autoconf 2.70.
Move AC_PROG_CC_C99 to immediately afer AC_PROG_CC.
Replace AC_TRY_COMPILE obsoleted in autoconf 2.70.
Remove AC_PROC_CC_C99 obsoleted in autoconf 2.70.
Fix function body for variadic macro test.
Remove preprocessor directive from log macro calls.
Prevent excessively long username going to PAM.
Remove obsolete AC_HEADER_TIME macro.
Remove use of TIME_WITH_SYS_TIME.
Add new pselect6_time64 syscall on ARM.
Restore correct flags during localtime_r check.
Use "=" not "==" in string test.
Pull in missing rev 1.2.
Include stdio.h for FILE in misc.h.
Improve AIX text.
Undef int32 after sort routines.
Add Ubuntu 16.04 and 20.04 test targets.
Run tests with sudo for better coverage.
Add test against Graphene hardened malloc.
Add Mac OS X test targets.
Merge Mac OS X targets into a single config.
ifdef new instance of sin6_scope_id
Disable sntrup761 if compiler doesn't support VLAs.
Run one test with -Werror to catch warnings.
Install moduli file before tests.
Add test against openssl head and libressl head.
make with -j2 to use available CPUs.
Add a hostname function for systems that don't have it.
Add __NR_futex_time64 to seccomp sandbox.
Add self-hosted runners for VMs of other platforms.
Only run selfhosted tests from selfhosted repo.
Convert most github hosted tests to new config structure.
Merge macos and ubuntu tests.
Skip unit tests on hosted VMs to speed things up.
More compact representation of config matrix.
Fix labels on targets (dots vs underscores).
Quote SSHD_CONFOPTS in case it contains spaces.
Always intall moduli.
Remove SKIP_UNIT as it needs to be a make arg.
Skip unit tests on sol11 to speed things up.
Install moduli on target not host.
Fixing quoting for installing moduli on target guest.
Add bbone test target (arm32).
Add DEBUG_SK to kitchensink builds.
Remove unused arg.
Add fbsd12 test target.
Add test against Valgrind.
Actually run Valgrind tests.
Comment out Solaris 64bit PAM build...
Upload regress failure logs in c-cpp too.
Rename "vm" to "os" in selfhosted to match c-cpp.
Upload valgrind logs on failure.
Disable rlimit sandbox, doesn't work with valgrind
Valgrind test: split and move up list.
Add a couple more test VMs.
Remove macos-11.0 from the test target list.
Remove macos-11.00 PAM test target too.
zlib is now optional.
Only upload config logs if configure fails.
David Carlier (1):
Using explicit_memset for the explicit_bzero compatibility layer.
Dmitrii Turlupov (1):
ssh: optional bind interface if bind address specified.
Duncan Eastoe (1):
session.c: use "denylist" terminology
HARUYAMA Seigo (1):
Restore first section title of INSTALL
Jakub Jelen (2):
restorecon the correct directory
if unable to add a missing newline, fail
Jeffrey H. Johnson (1):
Fix punctuatio and typo in README.md.
Luca Weiss (1):
Deny (non-fatal) statx in preauth privsep child.
Fix `EOF: command not found` error in ssh-copy-id
Philip Hands (9):
ksh doesn't grok 'local'
un-nest $() to make ksh cheerful
add -s flag: to install keys via SFTP
tidy up test of $SCRATCH_DIR creation
combine if/elif to avoid duplication of the action
shift contents of long $() into filter_ids()
use $AUTH_KEY_DIR, now that we have it
tidy the $INSTALLKEY_SH code layout a little
Remove duplicated declaration in fatal.c .
claudio at openbsd.org (1):
upstream: Free the previously allocated msg buffer after writing it
deraadt at openbsd.org (1):
upstream: split introductory paragraph, and insert ominous words about
djm at openbsd.org (105):
upstream: want time.h here too
upstream: prefer ed25519 signature algorithm variants to ECDSA; ok
upstream: record when the host key checking code downgrades a
upstream: disable UpdateHostkeys when a wildcard hostname pattern
upstream: enable UpdateHostkeys by default when the configuration
upstream: There are lots of place where we want to redirect stdin,
upstream: when ordering host key algorithms in the client, consider
upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is
upstream: simply disable UpdateHostkeys when a certificate
upstream: revert kex->flags cert hostkey downgrade back to a plain
upstream: don't UpdateHostkeys when the hostkey is verified by the
upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug
upstream: Disable UpdateHostkeys when hostkey checking fails
upstream: remove GlobalKnownHostsFile for this test after
upstream: clarify conditions for UpdateHostkeys
upstream: don't misdetect comma-separated hostkey names as wildcards;
upstream: UpdateHostkeys: better detect manual host entries
upstream: UpdateHostkeys: better CheckHostIP handling
upstream: UpdateHostkeys: check for keys under other names
upstream: make UpdateHostkeys still more conservative: refuse to
upstream: use do_log2 instead of function pointers to different log
upstream: revised log infrastructure for OpenSSH
upstream: LogVerbose keyword for ssh and sshd
upstream: make the log functions that exit (sshlogdie(),
upstream: add some variant log.h calls that prepend the calling
upstream: remove a level of macro indirection; ok markus@
upstream: variants of the log methods that append a ssherr.h string
upstream: use the new variant log macros instead of prepending
upstream: fix SEGV on fatal() errors spotted by dtucker@
upstream: UpdateHostkeys: fixed/better detection of host keys that
upstream: whitespace; no code change
upstream: fix type of nid in type_bits_valid(); github PR#202 from
upstream: fix sshd_config SetEnv directive inside Match blocks; part of
upstream: print reason in fatal error message when
upstream: fold consecutive '*' wildcards to mitigate combinatorial
upstream: when requesting a security key touch on stderr, inform the
upstream: unbreak; missing NULL check
upstream: fix logic error that broke URI parsing in ProxyJump
upstream: when prompting the user to accept a new hostkey, display
upstream: prefix keyboard interactive prompts with (user at host) to
upstream: scrub keyboard-interactive authentication prompts coming
upstream: revert r1.341; it breaks ProxyJump; reported by sthen@
upstream: when mentioning that the host key has changed, don't
upstream: when loading PKCS#11 keys, include the key fingerprints
upstream: clean up passing of struct passwd from monitor to preauth
upstream: Set the specified TOS/DSCP for interactive use prior to
upstream: check result of strchr() against NULL rather than
upstream: make program name be const
upstream: typos: s/hex/kex/ in error messages
upstream: fix minor memleak of kex->hostkey_alg on rekex
upstream: memleak of DH public bignum; found with libfuzzer
upstream: make ssh_free(NULL) a no-op
upstream: shuffle a few utility functions into sftp-client.c; from
upstream: use _PATH_SSH_USER_DIR instead of hardcoded .ssh in path
upstream: prepare readconf.c for fuzzing; remove fatal calls and
upstream: refactor client percent_expand() argument passing;
upstream: fix possible error("%s", NULL) on error paths
upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
upstream: allow UserKnownHostsFile=none; feedback and ok markus@
upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok
upstream: few more things needs match.c and addrmatch.c now that
upstream: adapt to API change in hostkeys_foreach()/load_hostkeys()
upstream: properly fix ProxyJump parsing; Thanks to tb@ for
upstream: move subprocess() from auth.c to misc.c
upstream: add a ssh_config KnownHostsCommand that allows the client
upstream: regress test for KnownHostsCommand
upstream: more detail for failing tests
upstream: Update/replace the experimental post-quantim hybrid key
upstream: Adapt to replacement of
upstream: mention that DisableForwarding is valid in a sshd_config
upstream: don't try to use timespeccmp(3) directly as a qsort(3)
upstream: If a signature operation on a FIDO key fails with a
upstream: make CheckHostIP default to 'no'. It doesn't provide any
upstream: make ssh hostbased authentication send the signature
upstream: factor out common code in the agent client
upstream: use recallocarray to allocate the agent sockets table;
upstream: move check_host_cert() from sshconnect,c to sshkey.c and
upstream: make struct hostkeys public; I have no idea why I made it
upstream: more ssh-agent refactoring
upstream: refactor key constraint parsing in ssh-agent
upstream: remove global variable used to stash compat flags and use the
upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
upstream: this needs kex.h now
upstream: fix leak: was double allocating kex->session_id buffer
upstream: give typedef'd struct a struct name; makes the fuzzer I'm
upstream: fix the values of enum sock_type
upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy
upstream: more strictly enforce KEX state-machine by banning packet
upstream: memleak on error path; ok markus@
upstream: fix memleaks in private key deserialisation; enforce more
upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own
upstream: sftp: add missing lsetstat at openssh.com documentation
upstream: sftp-server: implement limits at openssh.com extension
upstream: unbreak SK_DEBUG builds
upstream: make names in function prototypes match those in
upstream: Fix the hostkeys rotation extension documentation
upstream: warn when the user specifies a ForwardAgent path that does
upstream: Correct reference to signature algorithms as keys; from
upstream: lots more s/key types/signature algorithms/ mostly in
upstream: a bit more debugging behind #ifdef DEBUG_SK
upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
upstream: fix alphabetic ordering of options; spotted by Iain Morgan
dlg at openbsd.org (1):
upstream: ProxyJump takes "none" to disable processing like
dtucker at openbsd.org (44):
upstream: Regen moduli.
upstream: Allow full range of UIDs and GIDs for sftp chown and
upstream: Agent protocol draft is now at rev 4. ok djm@
upstream: Adapt XMSS to new logging infrastructure. With markus@, ok
upstream: Minor man page fixes (capitalization, commas) identified by
upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro.
upstream: Add a comment documenting the source of the moduli group
upstream: Prevent integer overflow when ridiculously large
upstream: Specify that the KDF function is bcrypt. Based on github
upstream: draft-ietf-secsh-architecture is now RFC4251.
upstream: Explicitly initialize all members of the
upstream: When doing an sftp recursive upload or download of a
upstream: Document ssh-keygen -Z, sanity check its argument earlier and
upstream: Include cipher.h for declaration of cipher_by_name.
upstream: Ignore comments at the end of config lines in ssh_config,
upstream: Remove the pre-standardization cipher
upstream: Remove explicit rijndael-cbc at lysator.liu.se test since the
upstream: estructure sntrup761.sh to process all files in a single
upstream: Update the sntrup761 creation script and generated code:
upstream: Move address handling functions out into their own file
upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize
upstream: Change convtime() from returning long to returning int.
upstream: Update unittests for addr.c/addrmatch.c split.
upstream: Adjust kexfuzz to addr.c/addrmatch.c split.
upstream: Correct spelling of persourcenetblocksize in config-dump
upstream: In waitfd(), when poll returns early we are subtracting
upstream: Change types in convtime() unit test to int to match
upstream: Make output buffer larger to prevent potential truncation
upstream: Change types in convtime() unit test to int to match change
upstream: Rename PubkeyAcceptedKeyTypes keyword to
upstream: Fix long->int for convtime tests here too. Spotted by
upstream: Rename HostbasedKeyTypes (ssh) and
upstream: Remove unused variables leftover from refactoring. ok
upstream: Logical not bitwise or. ok djm@
upstream: Set linesize returned by getline to zero when freeing and
upstream: Remove debug message from sigchld handler. While this
upstream: hostname is not specified by POSIX but uname -n is, so use
upstream: Roll back the hostname->uname change in rev 1.10. It turns
upstream: Make sure puttygen is new enough to successfully run the
upstream: Put obsolete aliases for hostbasedalgorithms and
upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in
upstream: Do not try to reset signal handler for signal 0 in
upstream: Add %k to list of keywords. From
jmc at openbsd.org (3):
upstream: add space between macro arg and punctuation;
upstream: tweak the description of KnownHostsCommand in ssh_conf.5,
upstream: add a comma to previous;
kn at openbsd.org (1):
upstream: Zap unused family parameter from ssh_connect_direct()
markus at openbsd.org (2):
upstream: factor out opt_array_append; ok djm@
upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding
naddy at openbsd.org (1):
upstream: move HostbasedAcceptedAlgorithms to the right place in
rob at openbsd.org (1):
upstream: Minor grammatical correction.
tb at openbsd.org (1):
upstream: Remove lines accidentally left behind in the ProxyJump
tobhe at openbsd.org (3):
upstream: Print client kem key with correct length.
upstream: Use int64_t for intermediate values in int32_MINMAX to
upstream: Prevent redefinition of `crypto_int32' error with gcc3.
fix TEST_MALLOC_OPTIONS var
No new revisions were added by this update.
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits