[openssh-commits] [openssh] branch master updated (54443b866 -> 607bd871e)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Mar 30 18:51:31 AEDT 2026 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from 54443b866 depend
     new b62a6cfbe upstream: switch from int to long long for bandwidth calculations;
     new 0a0ef4515 upstream: apply the same validity rules to usernames and hostnames
     new 5576e260a upstream: Add special handling of
     new 2ecfcc0aa upstream: Check if host keys exist before adding them, and expand
     new 445db5cb6 upstream: Ensure known_hosts file exists when setting up.
     new 55fc7bfd1 upstream: Use ~/.shosts for Hostbased test.
     new 607bd871e upstream: add a regression test for ProxyJump/-J; ok dtucker

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 607bd871ec029e9aa22e632a22547250f3cae223
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Mar 30 07:19:02 2026 +0000

    upstream: add a regression test for ProxyJump/-J; ok dtucker
    
    OpenBSD-Regress-ID: 400dc1b5fb7f2437d0dfbd2eb9a3583dafb412b3

commit 55fc7bfd1d3a46f4856fd68f09da60d901fac626
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Mar 24 12:31:35 2026 +0000

    upstream: Use ~/.shosts for Hostbased test.
    
    OpenBSD-Regress-ID: ab64fd0a86422df1eadacde56c0a2cff5d93425d

commit 445db5cb620d73c9af1f1791c523aaf3d2236854
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Mar 24 10:21:14 2026 +0000

    upstream: Ensure known_hosts file exists when setting up.
    
    OpenBSD-Regress-ID: 92721cad4c219fe62b7b795a73505c22e56f09e0

commit 2ecfcc0aae651621535e345a1c23ff6d2a9593c9
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Mon Mar 23 09:53:52 2026 +0000

    upstream: Check if host keys exist before adding them, and expand
    
    on the warning about modifying the system config.
    
    OpenBSD-Regress-ID: 68038da909f9c992375b7665dab0331d6af426b7

commit 5576e260a0f9836ca55c8279e342c63d1a0851d1
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Mon Mar 23 09:09:36 2026 +0000

    upstream: Add special handling of
    
    TEST_SSH_HOSTBASED_AUTH=setupandrun.
    
    This will MODIFY THE CONFIG OF THE SYSTEM IT IS RUNNING ON to enable
    hostbased authentication to/from itself and run the hostbased tests.  It
    won't undo these changes, so don't do this on a system where this matters.
    
    OpenBSD-Regress-ID: ae5a86db1791a2b8f999b07b5c8cc756d40bf645

commit 0a0ef4515361143cad21afa072319823854c1cf6
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Mar 30 07:18:24 2026 +0000

    upstream: apply the same validity rules to usernames and hostnames
    
    set for ProxyJump/-J on the commandline as we do for destination user/host
    names.
    
    Specifically, they are no longer allowed to contain most characters
    that have special meaning for common shells. Special characters are
    still allowed in ProxyJump commands that are specified in the config
    files.
    
    This _reduces_ the chance that shell characters from a hostile -J
    option from ending up in a shell execution context.
    
    Don't pass untrusted stuff to the ssh commandline, it's not intended
    to be a security boundary. We try to make it safe where we can, but
    we can't make guarantees, because we can't know the parsing rules
    and special characters for all the shells in the world, nor can we
    know what the user does with this data in their ssh_config wrt
    percent expansion, LocalCommand, match exec, etc.
    
    While I'm in there, make ProxyJump and ProxyCommand first-match-wins
    between each other.
    
    reported by rabbit; ok dtucker@
    
    OpenBSD-Commit-ID: f05ad8a1eb5f6735f9a935a71a90580226759263

commit b62a6cfbed3481dac8bff35fab22cf489bb0b77f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Mar 29 01:08:13 2026 +0000

    upstream: switch from int to long long for bandwidth calculations;
    
    fixes rate display when rate > 2GB/s; based on patch from Cyril Servant
    feedback/ok deraadt@
    
    OpenBSD-Commit-ID: 071eb48c4cba598d70ea3854bef7c49ddfabf8d3

Summary of changes:
 progressmeter.c      |   6 +--
 readconf.c           | 124 +++++++++++++++++++++++++++++++++++----------------
 readconf.h           |   6 ++-
 regress/Makefile     |   5 ++-
 regress/hostbased.sh |  27 ++++++++++-
 ssh.c                |  50 +++------------------
 6 files changed, 128 insertions(+), 90 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list