[openssh-commits] [openssh] branch master updated (294c11b1 -> d9dbb5d9)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jan 7 09:21:47 AEDT 2022 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  294c11b1  upstream: select all RSA hostkey algorithms for UpdateHostkeys tests,
       new  73699004  upstream: fix cut-and-pasto in error message
       new  24c5187e  upstream: add a comment so I don't make this mistake again
       new  5c79952d  upstream: prepare for conversion of ssh, sshd mainloop from
       new  17877bc8  upstream: convert ssh, sshd mainloops from select() to poll();
       new  0fa33683  upstream: Fix signature algorithm selection logic for
       new  291721bc  upstream: stricter UpdateHostkey signature verification logic on
       new  7aa7b096  upstream: make ssh-keysign use the requested signature algorithm
       new  c2d9ced1  upstream: include rejected signature algorithm in error message
       new  8832402b  upstream: piece of UpdateHostkeys client strictification: when
       new  c6706f66  upstream: log signature algorithm during verification by monitor;
       new  11e8c430  upstream: log some details on hostkeys that ssh loads for
       new  fdb1d58d  upstream: add a helper function to match a key type to a list of
       new  d9dbb5d9  upstream: allow hostbased auth to select RSA keys when only

The 13 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit d9dbb5d9a0326e252d3c7bc13beb9c2434f59409
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 22:06:51 2022 +0000

    upstream: allow hostbased auth to select RSA keys when only
    
    RSA/SHA2 are configured (this is the default case); ok markus@
    
    OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827

commit fdb1d58d0d3888b042e5a500f6ce524486aaf782
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 22:05:42 2022 +0000

    upstream: add a helper function to match a key type to a list of
    
    signature algorithms. RSA keys can make signatures with multiple algorithms,
    so some special handling is required. ok markus@
    
    OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff

commit 11e8c4309a5086a45fbbbc87d0af5323c6152914
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 22:04:20 2022 +0000

    upstream: log some details on hostkeys that ssh loads for
    
    hostbased authn ok markus@
    
    OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38

commit c6706f661739514a34125aa3136532a958929510
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 22:03:59 2022 +0000

    upstream: log signature algorithm during verification by monitor;
    
    ok markus
    
    OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc

commit 8832402bd500d1661ccc80a476fd563335ef6cdc
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 22:02:52 2022 +0000

    upstream: piece of UpdateHostkeys client strictification: when
    
    updating known_hosts with new keys, ignore NULL keys (forgot to include in
    prior commit)
    
    OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08

commit c2d9ced1da0276961d86690b3bd7ebdaca7fdbf7
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 22:01:14 2022 +0000

    upstream: include rejected signature algorithm in error message
    
    and not the (useless) key type; ok markus
    
    OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023

commit 7aa7b096cf2bafe2777085abdeed5ce00581f641
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 22:00:18 2022 +0000

    upstream: make ssh-keysign use the requested signature algorithm
    
    and not the default for the keytype. Part of unbreaking hostbased auth for
    RSA/SHA2 keys. ok markus@
    
    OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc

commit 291721bc7c840d113a49518f3fca70e86248b8e8
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 21:57:28 2022 +0000

    upstream: stricter UpdateHostkey signature verification logic on
    
    the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when
    RSA/SHA1 was explicitly negotiated during initial KEX; bz3375
    
    ok markus@
    
    OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29

commit 0fa33683223c76289470a954404047bc762be84c
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 21:55:23 2022 +0000

    upstream: Fix signature algorithm selection logic for
    
    UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2
    for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2
    signatures for RSA keys if the client proposed these algorithms in initial
    KEX. bz3375
    
    Mostly by Dmitry Belyavskiy with some tweaks by me.
    
    ok markus@
    
    OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029

commit 17877bc81db3846e6e7d4cfb124d966bb9c9296b
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 21:48:38 2022 +0000

    upstream: convert ssh, sshd mainloops from select() to poll();
    
    feedback & ok deraadt@ and markus@ has been in snaps for a few months
    
    OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c

commit 5c79952dfe1aa36105c93b3f383ce9be04dee384
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 6 21:46:23 2022 +0000

    upstream: prepare for conversion of ssh, sshd mainloop from
    
    select() to poll() by moving FD_SET construction out of channel handlers into
    separate functions. ok markus
    
    OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027

commit 24c5187edfef4651a625b7d5d692c8c7e794f71f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jan 5 21:54:37 2022 +0000

    upstream: add a comment so I don't make this mistake again
    
    OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e

commit 7369900441929058263a17f56aa67e05ff7ec628
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jan 5 21:50:00 2022 +0000

    upstream: fix cut-and-pasto in error message
    
    OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198

Summary of changes:
 auth2-hostbased.c |   6 +-
 channels.c        | 497 +++++++++++++++++++++++++++++++++++++-----------------
 channels.h        |  28 ++-
 clientloop.c      | 215 ++++++++++++-----------
 hostfile.c        |   4 +-
 kex.c             |  24 ++-
 kex.h             |   4 +-
 monitor.c         |   5 +-
 serverloop.c      | 158 +++++++++--------
 ssh-keygen.c      |   6 +-
 ssh-keysign.c     |  29 +++-
 ssh.c             |   8 +-
 sshconnect2.c     |   9 +-
 sshkey.c          |  25 ++-
 sshkey.h          |   6 +-
 15 files changed, 668 insertions(+), 356 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list