[openssh-commits] [openssh] branch master updated (396d32f3 -> 4aa2717d)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Oct 7 13:34:16 AEDT 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  396d32f3  upstream: There are lots of place where we want to redirect stdin,
       new  2d39fc9f  upstream: Allow full range of UIDs and GIDs for sftp chown and
       new  af889a40  upstream: when ordering host key algorithms in the client, consider
       new  3d4c2016  upstream: Agent protocol draft is now at rev 4. ok djm@
       new  e79957e8  upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is
       new  f4f14e02  upstream: simply disable UpdateHostkeys when a certificate
       new  aa623142  upstream: revert kex->flags cert hostkey downgrade back to a plain
       new  b70e3371  upstream: don't UpdateHostkeys when the hostkey is verified by the
       new  04c06d04  upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug
       new  4aa2717d  upstream: Disable UpdateHostkeys when hostkey checking fails

The 9 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 4aa2717d7517cff4bc423a6cfba3a2defb055aea
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Oct 7 02:26:28 2020 +0000

    upstream: Disable UpdateHostkeys when hostkey checking fails
    
    If host key checking fails (i.e. a wrong host key is recorded for the
    server) and the user elects to continue (via StrictHostKeyChecking=no),
    then disable UpdateHostkeys for the session.
    
    reminded by Mark D. Baushke; ok markus@
    
    OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a

commit 04c06d04475f1f673e9d9743710d194453fe3888
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Oct 7 02:25:43 2020 +0000

    upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug
    
    When all of UpdateHostkeys, HashKnownHosts and ChechHostIP
    were enabled and new host keys were learned, known_hosts IP
    entries were not being recorded for new host keys.
    
    reported by matthieu@ ok markus@
    
    OpenBSD-Commit-ID: a654a8290bd1c930aac509e8158cf85e42e49cb7

commit b70e33711291f3081702133175a41cccafc0212a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Oct 7 02:24:51 2020 +0000

    upstream: don't UpdateHostkeys when the hostkey is verified by the
    
    GlobalKnownHostsFile file, support only UserKnownHostsFile matches
    
    suggested by Mark D. Baushke; feedback and ok markus@
    
    OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9

commit aa623142e426ca1ab9db77b06dcc9b1b70bd102b
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Oct 7 02:22:23 2020 +0000

    upstream: revert kex->flags cert hostkey downgrade back to a plain
    
    key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
    plumbing.
    
    ok markus@
    
    OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed

commit f4f14e023cafee1cd9ebe4bb0db4029e6e1fafac
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Oct 7 02:20:35 2020 +0000

    upstream: simply disable UpdateHostkeys when a certificate
    
    successfully authenticated the host; simpler than the complicated plumbing
    via kex->flags we have now.
    
    ok markus@
    
    OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c

commit e79957e877db42c4c68fabcf6ecff2268e53acb5
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Oct 7 02:18:45 2020 +0000

    upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is
    
    enabled; suggested by Mark D. Baushke
    
    OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf

commit 3d4c2016bae1a6f14b48c1150a4c79ca4c9968bd
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Oct 6 07:12:04 2020 +0000

    upstream: Agent protocol draft is now at rev 4. ok djm@
    
    OpenBSD-Commit-ID: 8c01ea3aae48aab45e01b7421b0fca2dad5e7837

commit af889a40ffc113af9105c03d7b32131eb4372d50
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Oct 4 09:45:01 2020 +0000

    upstream: when ordering host key algorithms in the client, consider
    
    the ECDSA key subtype; ok markus@
    
    OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece

commit 2d39fc9f7e039351daa3d6aead1538ac29258add
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Sun Oct 4 03:04:02 2020 +0000

    upstream: Allow full range of UIDs and GIDs for sftp chown and
    
    chgrp on 32bit platforms instead of being limited by LONG_MAX.  bz#3206,
    found by booking00 at sina.cn, ok markus@
    
    OpenBSD-Commit-ID: 373b7bbf1f15ae482d39567ce30d18b51c9229b5

Summary of changes:
 PROTOCOL.agent |   8 ++---
 clientloop.c   |   8 +----
 hostfile.c     |  17 +++++++---
 hostfile.h     |   4 +--
 kex.h          |   8 ++---
 readconf.c     |   7 ++--
 sftp.c         |  12 +++----
 ssh_config.5   |   8 +++--
 sshconnect.c   | 100 ++++++++++++++++++++++++++++++---------------------------
 sshconnect.h   |   4 +--
 sshconnect2.c  |  15 ++++-----
 11 files changed, 96 insertions(+), 95 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list