[openssh-commits] [openssh] branch master updated (6247812c -> f9242497)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Oct 12 11:23:01 AEDT 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  6247812c  upstream: don't misdetect comma-separated hostkey names as wildcards;
       new  af5941ae  upstream: UpdateHostkeys: better detect manual host entries
       new  d98f14b5  upstream: UpdateHostkeys: better CheckHostIP handling
       new  f9242497  upstream: UpdateHostkeys: check for keys under other names

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit f92424970c02b78852ff149378c7f2616ada4ccf
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Oct 11 22:14:38 2020 +0000

    upstream: UpdateHostkeys: check for keys under other names
    
    Stop UpdateHostkeys from automatically removing deprecated keys from
    known_hosts files if the same keys exist under a different name or
    address to the host that is being connected to.
    
    This avoids UpdateHostkeys from making known_hosts inconsistent in
    some cases. For example, multiple host aliases sharing address-based
    known_hosts on different lines, or hosts that resolves to multiple
    addresses.
    
    ok markus@
    
    OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1

commit d98f14b5328922ae3085e07007d820c4f655b57a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Oct 11 22:13:37 2020 +0000

    upstream: UpdateHostkeys: better CheckHostIP handling
    
    When preparing to update the known_hosts file, fully check both
    entries for both the host and the address (if CheckHostIP enabled)
    and ensure that, at the end of the operation, entries for both are
    recorded.
    
    Make sure this works with HashKnownHosts too, which requires maintaining
    a list of entry-types seen across the whole file for each key.
    
    ok markus@
    
    OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd

commit af5941ae9b013aac12585e84c4cf494f3728982f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Oct 11 22:12:44 2020 +0000

    upstream: UpdateHostkeys: better detect manual host entries
    
    Disable UpdateHostkeys if the known_hosts line has more than two
    entries in the pattern-list. ssh(1) only writes "host" or "host,ip"
    lines so anything else was added by a different tool or by a human.
    
    ok markus@
    
    OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820

Summary of changes:
 clientloop.c | 196 +++++++++++++++++++++++++++++++++++++++++++++++------------
 hostfile.c   |  77 ++++++++++++++---------
 2 files changed, 205 insertions(+), 68 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list