Mailing List Archive

[openssh] annotated tag V_8_2_P1 created (now daeeac20)
This is an automated email from the git hooks/post-receive script.

djm pushed a change to annotated tag V_8_2_P1
in repository openssh.

at daeeac20 (tag)
tagging 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (commit)
replaces V_8_1_P1
tagged by Damien Miller
on Fri Feb 14 11:41:14 2020 +1100

- Log -----------------------------------------------------------------
openssh-8.2p1
-----BEGIN PGP SIGNATURE-----

iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAl5F7LAACgkQ0+X1a22S
DTCXqgx9EPInMe9OY6ZsZY8anWLhdeeyTjBB731sMejHZCMoZlIHVG5CILBoV1n8
6zqbv52J/QGRUWAth8eQwh9UkYxEM1la5vOq2kdlx4gX/Lnl5ZrMdbOUN43oN9vS
fZ0BIrvt0TwzZctBBgmYMtoltie40yJX0xEs91HKVvSnKPX9Q/tK6aU3aqK6oFnK
OFKNNMxK8jBXOWlFITJzl8yRCUIMuhbRGFeEdQJYf58OIvKmXKNfTGBDEjrz+Hvz
iJ1LgJysvuQygINAmqpihxkF+Q8l2sPmLe3BUes7t9eu0E19LRNUi7LDrOmJ42KN
NPlQ95bWnUyP0opVD1Q6t2CBcoGy9B2rIDIjQfUBKkv4/CsrpHYiOmHQnQQ314Wb
weAQnZeWKq4DEKsd6VuIXqWwp0O51gZXtfpKiDAtDSjEH8L3AAU2gUk0svT9u379
Bs8obNickSi9AXpuGxwoiEO1OZ42ca92++WsSYE6oEr7DmY+wH2gXa0vTwU7qsqf
PZ+dZ72ap7N2IlkebK6xegw0ipt3qg==
=1ynk
-----END PGP SIGNATURE-----

Abhishek Arya (1):
Update README.md

Damien Miller (51):
add a fuzzer for private key parsing
Missing unit test files
depend
autoconf pieces for U2F support
conditionalise SK sign/verify on ENABLE_SK
ignore ssh-sk-helper
correct object dependency
don't fatal if libfido2 not found
upstream commit
upstream commit
upstream commit
upstream commit
upstream commit
upstream commit
upstream commit
upstream commit
upstream commit
configure flag to built-in security key support
Teach the GTK2/3 ssh-askpass the new prompt hints
filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms
remove all EC algs from proposals, no just sk ones
unbreak fuzzers for recent security key changes
wire sk-dummy.so into test suite
(hopefully) fix out of tree builds of sk-dummy.so
missing .SUFFIXES line makes make sad
$< doesn't work as` I thought; explicily list objs
another attempt at sk-dummy.so working x-platform
needs includes.h for WITH_OPENSSL
(yet) another x-platform fix for sk-dummy.so
includes.h for sk-dummy.c, dummy
compile sk-dummy.so with no-PIE version of LDFLAGS
fixup
adapt Makefile to ssh-sk-client everywhere
only link ssh-sk-helper against libfido2
ssh-sk-client.c needs includes.h
remove a bunch of ENABLE_SK #ifdefs
refresh depend
add dummy ssh-sk API for linking with fuzzers
ssh-sk-null.cc needs extern "C" {}
depend
Wrap copy_environment_blacklist() in #ifdef
remove accidental change in f8c11461
unbreak fuzzer support for recent ssh-sk.h changes
include tunnel device path in error message
depend
compat for missing IPTOS_DSCP_LE in system headers
add clock_gettime64(2) to sandbox allowed syscalls
mention libfido2 in dependencies section
depend
typo; reported by Phil Pennock
crank version numbers

Darren Tucker (75):
Fix ifdef typo for declaration of memmem.
Re-add SA_RESTART to mysignal.
Import regenerated moduli file.
Add a function call stackprotector tests.
Wrap poll.h includes in HAVE_POLL_H.
Wrap OpenSSL bits in WITH_OPENSSL.
Move utimensat definition into timespec section.
Define UINT32_MAX if needed.
Make sure we have struct statfs before using.
Only use RLIMIT_NOFILE if it's defined.
Fix ifdefs to not mask needed bits.
Add implementation of localtime_r.
Check if IP_TOS is defined before using.
Add prototype for localtime_r if needed.
Configure flags for haiku from haikuports.
Use sftp_realpath if no native realpath.
Import fnmatch.c from OpenBSD.
Add missing bracket in realpath macro.
Hook up fnmatch for platforms that don't have it.
Add flags needed to build and work on Ultrix.
Only enable U2F if OpenSSL supports ECC.
Define __BSD_VISIBLE in fnmatch.h.
Rebuild .depend.
Put stdint.h inside ifdef HAVE_STDINT_H.
statfs might be defined in sys/mount.h.
Put sftp-realpath in libssh.a
Remove leftover if statement from sync.
Fix comment in match_usergroup_pattern_list.
Put headers inside ifdef _AIX.
Include stdarg.h for va_list in xmalloc.h.
seccomp: Allow clock_nanosleep() in sandbox.
Remove duplicate __NR_clock_nanosleep
Put sshsk_sign call inside ifdef ENABLE_SK.
libcrypto is now optional.
Add libfido2 to INSTALL.
Remove ultrix realpath hack.
Add SSIZE_MAX when we define ssize_t.
Add wrappers for other ultrix headers.
Enable -Wimplicit-fallthrough if supported
Move ifdef OPENSSL_HAS_ECC.
Include openssl compat header.
Wrap sha2.h include in ifdef.
Wrap ECC specific bits in ifdef.
Recommend running LibreSSL or OpenSSL self-tests.
Describe how to build libcrypto as PIC.
Update depend to include sk files.
Sort .depend when rebuilding.
Sort depends.
Check if memmem is declared in system headers.
Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC.
Allow clock_nanosleep_time64 in seccomp sandbox.
OpenSSL is now optional.
Show portable tarball pattern in example.
Mac OS X has PAM too.
Remove auth-skey.c.
Fix typo: 'you' -> 'your'.
Remove configure test & compat code for ripemd160.
Update depend to remove rmd160.h.
Improve search for 'struct timespec'.
Include compat header for definitions.
Wrap stdint.h inside HAVE_STDINT_H.
Wrap stdint.h in ifdef HAVE_STDINT_H.
Remove mysignal wrapper.
Fix a couple of mysig_t leftovers.
Plumb WITH_ZLIB into configure.
zlib is now optional.
Put EC key export inside OPENSSL_HAS_ECC.
Wrap stdint.h in tests inside HAVE_STDINT_H.
Include signal.h to prevent redefintion of _NSIG.
Move definition of UINT32_MAX.
Look in inttypes.h for UINT32_MAX.
Use sys-queue.h from compat library.
Don't look for UINT32_MAX in inttypes.h
Check if UINT32_MAX is defined before redefining.
Minor documentation update:

Jeremy Drake (1):
Deny (non-fatal) ipc in preauth privsep child.

Khem Raj (1):
seccomp: Allow clock_gettime64() in sandbox.

Michael Forney (1):
Fix sha2 MAKE_CLONE no-op definition

Ruben Kerkhof (8):
Fix typo in README.md, s/crytpo/crypto/
Add config.log to .gitignore
Fix building without openssl.
Fix a few warnings when on Mac OS X.
sandbox-darwin.c: fix missing prototypes.
Make sshpam_password_change_required static.
configure.ac: fix ldns test
Fix missing prototype warning for copy_environment

beck@openbsd.org (1):
upstream: fix CanonicalizeHostname, broken by rev 1.507

claudio@openbsd.org (1):
upstream: For ssh-keygen -lF only add a space after key fingerprint

deraadt@openbsd.org (5):
upstream: skip demanding -fstack-protector-all on hppa. we never
upstream: stdarg.h required more broadly; ok djm
upstream: remove size_t gl_pathc < 0 test, it is invalid. the
upstream: only clang understands those new -W options
upstream: rewrite c99-ism

djm@openbsd.org (177):
upstream: memleak in error path; spotted by oss-fuzz, ok markus@
upstream: free buf before return; reported by krishnaiah bommu
upstream: potential NULL dereference for revoked hostkeys; reported
upstream: Protocol documentation for U2F/FIDO keys in OpenSSH
upstream: Initial infrastructure for U2F/FIDO support
upstream: U2F/FIDO middleware interface
upstream: ssh-keygen support for generating U2F/FIDO keys
upstream: Separate myproposal.h userauth pubkey types
upstream: ssh client support for U2F/FIDO keys
upstream: add new agent key constraint for U2F/FIDO provider
upstream: ssh-add support for U2F/FIDO keys
upstream: ssh AddKeysToAgent support for U2F/FIDO keys
upstream: ssh-agent support for U2F/FIDO keys
upstream: Refactor signing - use sshkey_sign for everything,
upstream: fix -Wshadow warning
upstream: undo debugging bits that shouldn't have been committed
upstream: skip security-key key types for tests until we have a
upstream: adapt to extra sshkey_sign() argument and additional
upstream: additional source files here too
upstream: additional source files here too
upstream: more additional source files
upstream: remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL path
upstream: fix a race condition in the SIGCHILD handler that could turn
upstream: duplicate 'x' character in getopt(3) optstring
upstream: add xvasprintf()
upstream: dd API for performing one-shot notifications via tty or
upstream: pass SSH_ASKPASS_PROMPT hint to y/n key confirm too
upstream: security keys typically need to be tapped/touched in
upstream: allow an empty attestation certificate returned by a
upstream: directly support U2F/FIDO2 security keys in OpenSSH by
upstream: remove debugging goop that snuck in to last commit
upstream: follow existing askpass logic for security key notifier:
upstream: correct function name in debug message
upstream: close the "touch your security key" notifier on the error
upstream: show the "please touch your security key" notifier when
upstream: U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when
upstream: don't consult dlopen whitelist for internal security key
upstream: unshield security key privkey before attempting signature
upstream: remove most uses of BN_CTX
upstream: always use ssh-sk-helper, even for the internal USB HID
upstream: a little debug() in the security key interface
upstream: tweak debug message
upstream: missing break in getopt switch; spotted by Sebastian Kinne
upstream: correct description of fields in pub/private keys (was
upstream: correct order or ecdsa-sk private key fields
upstream: document ed25519-sk pubkey, private key and certificate
upstream: mention ed25519-sk in places where it is accepted;
upstream: mention ed25519-sk key/cert types here too; prompted by
upstream: allow *-sk key types to be turned into certificates
upstream: fix bug that prevented certification of ed25519-sk keys
upstream: Fix incorrect error message when key certification fails
upstream: fix a bug that prevented serialisation of ed25519-sk keys
upstream: a little more information from the monitor when signature
upstream: adjust on-wire signature encoding for ecdsa-sk keys to
upstream: memleak in error path
upstream: Add new structure for signature options
upstream: Add a sshd_config PubkeyAuthOptions directive
upstream: add a "no-touch-required" option for authorized_keys and
upstream: allow "ssh-keygen -x no-touch-required" when generating a
upstream: Print a key touch reminder when generating a security
upstream: document the "no-touch-required" certificate extension;
upstream: redundant test
upstream: unbreak after security key support landed
upstream: unbreak tests for recent security key changes
upstream: more debugging; behind DEBUG_SK
upstream: add dummy security key middleware based on work by
upstream: test FIDO2/U2F key types; ok markus@
upstream: use error()+_exit() instead of fatal() to avoid running
upstream: remove stray semicolon after closing brace of function;
upstream: tweak wording
upstream: perform hashing directly in crypto_hash_sha512() using
upstream: lots of dependencies go away here with ed25519 no longer
upstream: bring the __func__
upstream: fix setting of $SSH_ASKPASS_PROMPT - it shouldn't be set
upstream: chop some unnecessary and confusing verbiage from the
upstream: when acting as a CA and using a security key as the CA
upstream: add security key types to list of keys allowed to act as
upstream: loading security keys into ssh-agent used the extension
upstream: some more corrections for documentation problems spotted
upstream: add a note about the 'extensions' field in the signed
upstream: use ssh-sk-helper for all security key signing operations
upstream: allow sshbuf_put_stringb(buf, NULL); ok markus@
upstream: perform security key enrollment via ssh-sk-helper too.
upstream: actually commit the ssh-sk-helper client code; ok markus
upstream: allow security keys to act as host keys as well as user
upstream: allow ssh-keyscan to find security key hostkeys
upstream: do not attempt to find an absolute path for sshd_config
upstream: don't treat HostKeyAgent=none as a path either; avoids
upstream: it's no longer possible to disable privilege separation
upstream: adapt to ssh-sk-client change
upstream: sort sk-* methods behind their plain key methods cousins
upstream: Allow forwarding a different agent socket to the path
upstream: test security key host keys in addition to user keys
upstream: unit tests for ForwardAgent=/path; from Eric Chiang
upstream: prepare for use of ssh-keygen -O flag beyond certs
upstream: remove single-letter flags for moduli options
upstream: basic support for generating FIDO2 resident keys
upstream: Factor out parsing of struct sk_enroll_response
upstream: resident keys support in SK API
upstream: implement loading of resident keys in ssh-sk-helper
upstream: implement loading resident keys in ssh-add
upstream: SK API and sk-helper error/PIN passing
upstream: improve some error messages; ok markus@
upstream: translate and return error codes; retry on bad PIN
upstream: document SK API changes in PROTOCOL.u2f
upstream: Remove the -x option currently used for
upstream: add sshkey_save_public(), to save a public key; ok
upstream: ability to download FIDO2 resident keys from a token via
upstream: implement recent SK API change to support resident keys
upstream: what bozo decided to use 2020 as a future date in a regress
upstream: Extends the SK API to accept a set of key/value options
upstream: adapt sk-dummy to SK API changes
upstream: fix error message
upstream: missing else in check_enroll_options()
upstream: fix reversed arguments on expand_proxy_command(); spotted
upstream: pass the log-on-stderr flag and log level through to
upstream: a little more verbosity in sign_and_send_pubkey() debug
upstream: fix ssh-keygen not displaying authenticator touch
upstream: check access(ssh-sk-helper, X_OK) to provide friendly
upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it getting
upstream: don't #ifdef out the KRL code when compiling without
upstream: expose the number of currently-authenticating connections
upstream: factor out parsing of allowed-signers lines
upstream: some __func__ and strerror(errno) here; no functional
upstream: add a new signature operations "find-principal" to look
upstream: missing header change from previous; spotted by dtucker@
upstream: remove trailing period characters from pub/priv key
upstream: ssh-keygen -Y find-principals fixes based on feedback
upstream: allow PEM export of DSA and ECDSA keys; bz3091, patch
upstream: when signing a certificate with an RSA key, default to
upstream: remove ssh-rsa (SHA1) from the list of allowed CA
upstream: minor tweaks to ssh-keygen -Y find-principals:
upstream: add xextendf() to extend a string with a format
upstream: tweak proctitle to include sshd arguments, as these are
upstream: expose PKCS#11 key labels/X.509 subjects as comments
upstream: process security key provider via realpath() in agent,
upstream: allow UpdateKnownHosts=yes to function when multiple
upstream: set UpdateKnownHosts=ask by default; bz#2894; ok
upstream: unrevert this:
upstream: mention that permitopen=/PermitOpen do no name to address
upstream: the GatewayPorts vs -R listen address selection logic is
upstream: weaken the language for what HashKnownHosts provides with
upstream: reword HashKnownHosts description a little more; some
upstream: when AddKeysToAgent=yes is set and the key contains no
upstream: clarify order of AllowUsers/DenyUsers vs
upstream: make sshd_config:ClientAliveCountMax=0 disable the
upstream: add a comment describing the ranges of channel IDs that
upstream: factor out reading/writing sshbufs to dedicated
upstream: improve the error message for u2f enrollment errors by
upstream: tidy headers; some junk snuck into sshbuf-misc.c and
upstream: clarify that BatchMode applies to all interactive prompts
upstream: downgrade error() for missing subsequent known_hosts
upstream: for UpdateHostKeys, don't report errors for unsupported
upstream: unbreak unittests for recent API / source file changes
upstream: unbreak unittests for recent API / source file changes
upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986,
upstream: disable UpdateHostKeys=ask when in quiet mode; "work for
upstream: changes to support FIDO attestation
upstream: give more context to UpdateHostKeys messages, mentioning
upstream: markus suggests a simplification to previous
upstream: have sshpkt_fatal() save/restore errno before we
upstream: check the return value of ssh_packet_write_poll() and
upstream: use sshpkt_fatal() instead of plain fatal() for
upstream: enable UpdateKnownHosts=yes if the configuration
upstream: document changed default for UpdateHostKeys
upstream: Add a sshd_config "Include" directive to allow inclusion
upstream: mistake in previous: filling the incorrect buffer
upstream: force early logging to stderr if debug_flag (-d) is set;
upstream: whitespace
upstream: regress test for sshd_config Include directive; from Jakub
upstream: revert enabling UpdateHostKeys by default - there are still
upstream: require FIDO application strings to start with "ssh:"; ok
upstream: expand HostkeyAlgorithms prior to config dump, matching
upstream: When using HostkeyAlgorithms to merely append or remove
upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more
upstream: sync the description of the $SSH_SK_PROVIDER environment
upstream: openssh-8.2

dtucker@openbsd.org (31):
upstream: Import regenerated moduli file.
upstream: Signal handler cleanup: remove leftover support for
upstream: When clients get denied by MaxStartups, send a
upstream: LibreSSL change the format for openssl rsa -text output from
upstream: Wait for FD to be readable or writeable during a nonblocking
upstream: Make channel_id u_int32_t and remove unnecessary check
upstream: Revert previous commit. The channels code still uses int
upstream: "Forward security" -> "Forward secrecy" since that's the
upstream: Remove now-obsolete config options from example in
upstream: Remove obsolete opcodes from the configuation enum.
upstream: Move always unsupported keywords to be grouped with the other
upstream: Update keygen moduli screen test to match recent command
upstream: Document sntrup4591761x25519-sha512@tinyssh.org. Patch
upstream: Increase keyscan timeout from default. On slow hosts 3
upstream: Ignore whitespace when checking explict fingerprint.
upstream: Remove unsupported algorithms from list of defaults at run
upstream: Also test PuTTY ecdh kex methods.
upstream: Also test PuTTY chacha20.
upstream: Check for and warn about StrictModes permission problems. ok tb@
upstream: Replace all calls to signal(2) with a wrapper around
upstream: Make zlib optional. This adds a "ZLIB" build time option
upstream: When checking for unsafe directories, ignore non-directories
upstream: Fix typo in comment.
upstream: Handle zlib compression being disabled now that it's
upstream: Do not warn about permissions on symlinks.
upstream: Add a connection test for proxycommand. This would have
upstream: Wait a bit longer for the multiplex master to become ready
upstream: Move setting $NC into test-exec since it's now used by
upstream: Prevent possible null pointer deref of ip_str in debug.
upstream: Output (none) in debug in the case in the CheckHostIP=no case
upstream: Add ssh -Q key-sig for all key and signature types.

jmc@openbsd.org (19):
upstream: fixes from lucas;
upstream: sort;
upstream: double word;
upstream: -c and -s do not make sense with -k; reshuffle -k into
upstream: revert previous: naddy pointed out what's meant to
upstream: tweak previous;
upstream: reshuffle the text to read better; input from naddy,
upstream: improve the text for -A a little; input from naddy and
upstream: tweak the Nd lines for a bit of consistency; ok markus
upstream: in the options list, sort -Y and -y;
upstream: sort -Y internally in the options list, as is already
upstream: simplify the list for moduli options - no need for
upstream: the download resident keys option is -K (upper) not -k
upstream: put the fido options in a list, and tidy up the text a
upstream: new sentence, new line;
upstream: spelling fix;
upstream: tweak previous;
upstream: shuffle the challenge keyword to keep the -O list sorted;
upstream: use better markup for challenge and write-attestation, and

markus@openbsd.org (15):
upstream: implement ssh-ed25519-sk verification; ok djm@
upstream: factor out sshsk_ecdsa_assemble(); ok djm@
upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@
upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm
upstream: implement sshsk_ed25519_inner_sig(); ok djm
upstream: implement sshsk_ed25519_assemble(); ok djm
upstream: update sk-api to version 2 for ed25519 support; ok djm
upstream: enable ed25519 support; ok djm
upstream: check sig_r and sig_s for ssh-sk keys; ok djm
upstream: remove extra layer for ed25519 signature; ok djm@
upstream: fix shield/unshield for xmss keys: - in ssh-agent we need
upstream: fix check for sig_s; noted by qsa at qualys.com
upstream: in order to be able to figure out the number of
upstream: fix typos in sk_enroll
upstream: disable UpdateHostKeys=ask if command is specified; ok

naddy@openbsd.org (18):
upstream: fix miscellaneous text problems; ok djm@
upstream: Fill in missing man page bits for U2F security key support:
upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK
upstream: additional missing stdarg.h includes when built without
upstream: more missing mentions of ed25519-sk; ok djm@
upstream: document '$' environment variable expansion for
upstream: cut obsolete lists of crypto algorithms from outline of
upstream: Document that security key-hosted keys can act as host
upstream: SSH U2F keys can now be used as host keys. Fix a garden
upstream: Replace the term "security key" with "(FIDO)
upstream: revise the fix for reversed arguments on
upstream: sync ssh-keygen.1 and ssh-keygen's usage() with each
upstream: Document loading of resident keys from a FIDO
upstream: undo merge error and replace the term "security key"
upstream: one more replacement "(security) key" -> "(FIDO)
upstream: document the default value of the ControlPersist option;
upstream: Replace "security key" with "authenticator" in program
upstream: Add Include to the list of permitted keywords after a

tb@openbsd.org (1):
upstream: Remove workaround for broken 'openssl rsa -text' output

tedu@openbsd.org (2):
upstream: remove diffie-hellman-group14-sha1 from default kex to
upstream: group14-sha1 is no longer a default algorithm

tobhe@openbsd.org (1):
upstream: strdup may return NULL if memory allocation fails. Use

-----------------------------------------------------------------------

No new revisions were added by this update.

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits