This is an automated email from the git hooks/post-receive script.
djm pushed a change to annotated tag V_9_6_P1
in repository openssh.
at b24f772e (tag)
tagging 8241b9c0529228b4b86d88b1a6076fb9f97e4a99 (commit)
replaces V_9_5_P1
tagged by Damien Miller
on Tue Dec 19 02:00:29 2023 +1100
- Log -----------------------------------------------------------------
openssh-9.6p1
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
hhNTEyAAAAeAAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASQAA
ACEAzg4eAQKB6nsxiFSRFgMMAas6jqjSVa2fjgmvytbFa0oAAAAgSyE7+TK5aJA6nIV05+
w0HCaZQw7+xpX2JnbEFajtY0QAAAAEnQ==
-----END SSH SIGNATURE-----
Damien Miller (5):
Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT
run t-extra regress tests
better detection of broken -fzero-call-used-regs
depend
crank versions
Darren Tucker (22):
Correct arg order for ED255519 AC_LINK_IFELSE test.
Don't use make -j2.
Have configure find PuTTY and Conch binaries.
Resync PuTTY and Conch path handling with upstream.
Install Dropbear for interop testing.
Don't exit early when setting up on Mac OS X.
Restore nopasswd sudo rule on Mac OS X.
Add OpenSSL 3.3.0 as a known dev version.
Add obsd74 test VM and retire obsd69 and obsd70.
Put long-running test targets on hipri runners.
Test current releases of LibreSSL and OpenSSL.
Allow for vendor prefix on clang version numbers.
Stop using -fzero-call-used-regs=all
Expand -fzero-call-used-regs test to cover gcc 11.
Add fbsd14 VM to test pool.
Factor out compiler test program into a macro.
Run compiler test program when compiling natively.
Check return value from write to prevent warning.
Add gcc-12 -Werror test on Ubuntu 22.04.
Add an Ubuntu 22.04 test VM.
Use non-zero arg in compiler test program.
Add tests for OpenSSL 3.2.0 and 3.2 stable branch.
Fabio Pedretti (2):
Remove reference of dropped sshd.pam.old file
Update openssl-devel dependency in RPM spec.
anton@openbsd.org (3):
upstream: Use private key that is allowed by sshd defaults in conch
upstream: ssh conch interop tests requires a controlling terminal;
upstream: make use of bsd.regress.mk in extra and interop targets; ok
claudio@openbsd.org (1):
upstream: REGRESS_FAIL_EARLY defaults to yes now. So no need to
djm@openbsd.org (35):
upstream: Perform the softhsm2 setup as discrete steps rather than
upstream: typo in error message
upstream: Reserve a range of "local extension" message numbers that
upstream: s/%.100s/%s/ in SSH- banner construction as there's no
upstream: in olde rcp/scp protocol mode, when rejecting a path from the
upstream: mention "none" is a valid argument to IdentityFile; bz3080
upstream: add support for reading ED25519 private keys in PEM PKCS8
upstream: add ChannelTimeout support to the client, mirroring the
upstream: ssh -Q does not make sense with other command-line options,
upstream: sync usage() with ssh.1; spotted by kn@
upstream: mask SIGINT/TERM/QUIT/HUP before checking quit_pending
upstream: release GSS OIDs only at end of authentication; bz2982,
upstream: add %j token that expands to the configured ProxyJump
upstream: don't dereference NULL pointer when hashing jumphost
upstream: 64 %-expansion keys ought to be enough for anybody; ok
upstream: ensure logs are owned by correct user; feedback/ok
upstream: typos and extra debug trace calls
upstream: tidy and refactor PKCS#11 setup code
upstream: move PKCS#11 setup code to test-exec.sh so it can be reused
upstream: add some tests of forced commands overriding Subsystem
upstream: when deciding whether to enable keystroke timing
upstream: when connecting via socket (the default case), filter
upstream: set errno=EAFNOSUPPORT when filtering addresses that don't
upstream: short circuit debug log processing early if we're not going
upstream: when invoking KnownHostsCommand to determine the order of
upstream: implement "strict key exchange" in ssh and sshd
upstream: add "ext-info-in-auth@openssh.com" extension
upstream: apply destination constraints to all p11 keys
upstream: Make it possible to load certs from PKCS#11 tokens
upstream: stricter handling of channel window limits
upstream: ban user/hostnames with most shell metacharacters
upstream: ssh-agent: record failed session-bind attempts
upstream: openssh-9.6
upstream: regress test for constrained PKCS#11 keys
upstream: regress test for agent PKCS#11-backed certificates
dtucker@openbsd.org (11):
upstream: Move declaration of "len" into the block where it's used.
upstream: Add interop test with Dropbear.
upstream: Allow overriding the locations of the Dropbear binaries
upstream: Import regenerated moduli.
upstream: Skip conch interop tests when not enabled instead of fatal.
upstream: Only try to chown logfiles that exist to prevent spurious
upstream: Only try to chmod logfile if we have sudo. If we don't have
upstream: Don't try to use sudo inside sshd log wrapper.
upstream: Specify ssh binary to use
upstream: Include existing mux path in debug message.
upstream: Plug mem leak of msg when processing a quit message.
jmc@openbsd.org (1):
upstream: spelling fix;
markus@openbsd.org (1):
upstream: prevent leak in sshsig_match_principals; ok djm@
tb@openbsd.org (1):
upstream: Garbage collect cipher_get_keyiv_len()
tobhe@openbsd.org (1):
upstream: Make sure sftp_get_limits() only returns 0 if 'limits'
-----------------------------------------------------------------------
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
djm pushed a change to annotated tag V_9_6_P1
in repository openssh.
at b24f772e (tag)
tagging 8241b9c0529228b4b86d88b1a6076fb9f97e4a99 (commit)
replaces V_9_5_P1
tagged by Damien Miller
on Tue Dec 19 02:00:29 2023 +1100
- Log -----------------------------------------------------------------
openssh-9.6p1
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
hhNTEyAAAAeAAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASQAA
ACEAzg4eAQKB6nsxiFSRFgMMAas6jqjSVa2fjgmvytbFa0oAAAAgSyE7+TK5aJA6nIV05+
w0HCaZQw7+xpX2JnbEFajtY0QAAAAEnQ==
-----END SSH SIGNATURE-----
Damien Miller (5):
Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT
run t-extra regress tests
better detection of broken -fzero-call-used-regs
depend
crank versions
Darren Tucker (22):
Correct arg order for ED255519 AC_LINK_IFELSE test.
Don't use make -j2.
Have configure find PuTTY and Conch binaries.
Resync PuTTY and Conch path handling with upstream.
Install Dropbear for interop testing.
Don't exit early when setting up on Mac OS X.
Restore nopasswd sudo rule on Mac OS X.
Add OpenSSL 3.3.0 as a known dev version.
Add obsd74 test VM and retire obsd69 and obsd70.
Put long-running test targets on hipri runners.
Test current releases of LibreSSL and OpenSSL.
Allow for vendor prefix on clang version numbers.
Stop using -fzero-call-used-regs=all
Expand -fzero-call-used-regs test to cover gcc 11.
Add fbsd14 VM to test pool.
Factor out compiler test program into a macro.
Run compiler test program when compiling natively.
Check return value from write to prevent warning.
Add gcc-12 -Werror test on Ubuntu 22.04.
Add an Ubuntu 22.04 test VM.
Use non-zero arg in compiler test program.
Add tests for OpenSSL 3.2.0 and 3.2 stable branch.
Fabio Pedretti (2):
Remove reference of dropped sshd.pam.old file
Update openssl-devel dependency in RPM spec.
anton@openbsd.org (3):
upstream: Use private key that is allowed by sshd defaults in conch
upstream: ssh conch interop tests requires a controlling terminal;
upstream: make use of bsd.regress.mk in extra and interop targets; ok
claudio@openbsd.org (1):
upstream: REGRESS_FAIL_EARLY defaults to yes now. So no need to
djm@openbsd.org (35):
upstream: Perform the softhsm2 setup as discrete steps rather than
upstream: typo in error message
upstream: Reserve a range of "local extension" message numbers that
upstream: s/%.100s/%s/ in SSH- banner construction as there's no
upstream: in olde rcp/scp protocol mode, when rejecting a path from the
upstream: mention "none" is a valid argument to IdentityFile; bz3080
upstream: add support for reading ED25519 private keys in PEM PKCS8
upstream: add ChannelTimeout support to the client, mirroring the
upstream: ssh -Q does not make sense with other command-line options,
upstream: sync usage() with ssh.1; spotted by kn@
upstream: mask SIGINT/TERM/QUIT/HUP before checking quit_pending
upstream: release GSS OIDs only at end of authentication; bz2982,
upstream: add %j token that expands to the configured ProxyJump
upstream: don't dereference NULL pointer when hashing jumphost
upstream: 64 %-expansion keys ought to be enough for anybody; ok
upstream: ensure logs are owned by correct user; feedback/ok
upstream: typos and extra debug trace calls
upstream: tidy and refactor PKCS#11 setup code
upstream: move PKCS#11 setup code to test-exec.sh so it can be reused
upstream: add some tests of forced commands overriding Subsystem
upstream: when deciding whether to enable keystroke timing
upstream: when connecting via socket (the default case), filter
upstream: set errno=EAFNOSUPPORT when filtering addresses that don't
upstream: short circuit debug log processing early if we're not going
upstream: when invoking KnownHostsCommand to determine the order of
upstream: implement "strict key exchange" in ssh and sshd
upstream: add "ext-info-in-auth@openssh.com" extension
upstream: apply destination constraints to all p11 keys
upstream: Make it possible to load certs from PKCS#11 tokens
upstream: stricter handling of channel window limits
upstream: ban user/hostnames with most shell metacharacters
upstream: ssh-agent: record failed session-bind attempts
upstream: openssh-9.6
upstream: regress test for constrained PKCS#11 keys
upstream: regress test for agent PKCS#11-backed certificates
dtucker@openbsd.org (11):
upstream: Move declaration of "len" into the block where it's used.
upstream: Add interop test with Dropbear.
upstream: Allow overriding the locations of the Dropbear binaries
upstream: Import regenerated moduli.
upstream: Skip conch interop tests when not enabled instead of fatal.
upstream: Only try to chown logfiles that exist to prevent spurious
upstream: Only try to chmod logfile if we have sudo. If we don't have
upstream: Don't try to use sudo inside sshd log wrapper.
upstream: Specify ssh binary to use
upstream: Include existing mux path in debug message.
upstream: Plug mem leak of msg when processing a quit message.
jmc@openbsd.org (1):
upstream: spelling fix;
markus@openbsd.org (1):
upstream: prevent leak in sshsig_match_principals; ok djm@
tb@openbsd.org (1):
upstream: Garbage collect cipher_get_keyiv_len()
tobhe@openbsd.org (1):
upstream: Make sure sftp_get_limits() only returns 0 if 'limits'
-----------------------------------------------------------------------
No new revisions were added by this update.
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits