5 files changed, 56 insertions, 4 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 78ca32622..0acd19a85 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-e18d2ba71e6bf009c53e65509da84b712c300471
+78800aa252da1ebbfb55f7e593f43c337e694cc3
-e18d2ba71e6bf009c53e65509da84b712c300471
+78800aa252da1ebbfb55f7e593f43c337e694cc3
 971a7653746a6972b907dfe0ce139c06e4a6f482
 971a7653746a6972b907dfe0ce139c06e4a6f482
 openssh_7.4p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 1ae2afd0a..0920286dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:7.4p1-8) UNRELEASED; urgency=medium
+  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
+    already-hashed entries (closes: #851734, LP: #1668093).
+ -- Colin Watson <cjwatson@debian.org>  Thu, 09 Mar 2017 11:25:55 +0000
 openssh (1:7.4p1-7) unstable; urgency=medium
  * Don't set "PermitRootLogin yes" on fresh installations (regression
diff --git a/debian/patches/series b/debian/patches/series
index 6f0004748..7ddc4a772 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -30,3 +30,4 @@ regress-mktemp.patch
 sandbox-x32-workaround.patch
 no-dsa-host-key-by-default.patch
 restore-authorized_keys2.patch
+ssh-keygen-hash-corruption.patch
diff --git a/debian/patches/ssh-keygen-hash-corruption.patch b/debian/patches/ssh-keygen-hash-corruption.patch
new file mode 100644
index 000000000..7ef3c637c
--- /dev/null
+++ b/debian/patches/ssh-keygen-hash-corruption.patch
@@ -0,0 +1,44 @@
+From 78800aa252da1ebbfb55f7e593f43c337e694cc3 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 3 Mar 2017 06:13:11 +0000
+Subject: upstream commit
+fix ssh-keygen -H accidentally corrupting known_hosts that
+contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
+hostkeys_foreach() when hostname matching is in use, so we need to look for
+the hash marker explicitly.
+Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
+Origin: https://anongit.mindrot.org/openssh.git/commit/?id=12d3767ba4c84c32150cbe6ff6494498780f12c9
+Bug-Debian: https://bugs.debian.org/851734
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1668093
+Last-Update: 2017-03-09
+Patch-Name: ssh-keygen-hash-corruption.patch
+---
+ ssh-keygen.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 2a7939bf..0833ee61 100644
+--- a/ssh-keygen.c
+++ b/ssh-keygen.c
+@@ -1082,6 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
+        struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
+        char *hashed, *cp, *hosts, *ohosts;
+        int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
+       int was_hashed = l->hosts[0] == HASH_DELIM;
+ 
+        switch (l->status) {
+        case HKF_STATUS_OK:
+@@ -1090,8 +1091,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
+                 * Don't hash hosts already already hashed, with wildcard
+                 * characters or a CA/revocation marker.
+                 */
+-               if ((l->match & HKF_MATCH_HOST_HASHED) != 0 ||
+-                   has_wild || l->marker != MRK_NONE) {
+               if (was_hashed || has_wild || l->marker != MRK_NONE) {
+                        fprintf(ctx->out, "%s\n", l->line);
+                        if (has_wild && !find_host) {
+                                logit("%s:%ld: ignoring host name "
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2a7939bfc..0833ee61d 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1082,6 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
        struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
        char *hashed, *cp, *hosts, *ohosts;
        int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
+        int was_hashed = l->hosts[0] == HASH_DELIM;
        switch (l->status) {
        case HKF_STATUS_OK:
@@ -1090,8 +1091,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
                 * Don't hash hosts already already hashed, with wildcard
                 * characters or a CA/revocation marker.
                 */
-                if ((l->match & HKF_MATCH_HOST_HASHED) != 0 ||
+                if (was_hashed || has_wild || l->marker != MRK_NONE) {
-                    has_wild || l->marker != MRK_NONE) {
                        fprintf(ctx->out, "%s\n", l->line);
                        if (has_wild && !find_host) {
                                logit("%s:%ld: ignoring host name "

diff --git a/debian/.git-dpm b/debian/.git-dpm index 78ca32622..0acd19a85 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
1	# see git-dpm(1) from git-dpm package	1	# see git-dpm(1) from git-dpm package
2	e18d2ba71e6bf009c53e65509da84b712c300471	2	78800aa252da1ebbfb55f7e593f43c337e694cc3
3	e18d2ba71e6bf009c53e65509da84b712c300471	3	78800aa252da1ebbfb55f7e593f43c337e694cc3
4	971a7653746a6972b907dfe0ce139c06e4a6f482	4	971a7653746a6972b907dfe0ce139c06e4a6f482
5	971a7653746a6972b907dfe0ce139c06e4a6f482	5	971a7653746a6972b907dfe0ce139c06e4a6f482
6	openssh_7.4p1.orig.tar.gz	6	openssh_7.4p1.orig.tar.gz


diff --git a/debian/changelog b/debian/changelog index 1ae2afd0a..0920286dd 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,3 +1,10 @@
		1	openssh (1:7.4p1-8) UNRELEASED; urgency=medium
		2
		3	* Fix ssh-keygen -H accidentally corrupting known_hosts that contained
		4	already-hashed entries (closes: #851734, LP: #1668093).
		5
		6	-- Colin Watson <cjwatson@debian.org> Thu, 09 Mar 2017 11:25:55 +0000
		7
1	openssh (1:7.4p1-7) unstable; urgency=medium	8	openssh (1:7.4p1-7) unstable; urgency=medium
2		9
3	* Don't set "PermitRootLogin yes" on fresh installations (regression	10	* Don't set "PermitRootLogin yes" on fresh installations (regression


diff --git a/debian/patches/series b/debian/patches/series index 6f0004748..7ddc4a772 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -30,3 +30,4 @@ regress-mktemp.patch
30	sandbox-x32-workaround.patch	30	sandbox-x32-workaround.patch
31	no-dsa-host-key-by-default.patch	31	no-dsa-host-key-by-default.patch
32	restore-authorized_keys2.patch	32	restore-authorized_keys2.patch
		33	ssh-keygen-hash-corruption.patch


diff --git a/debian/patches/ssh-keygen-hash-corruption.patch b/debian/patches/ssh-keygen-hash-corruption.patch new file mode 100644 index 000000000..7ef3c637c --- /dev/null +++ b/debian/patches/ssh-keygen-hash-corruption.patch
@@ -0,0 +1,44 @@
		1	From 78800aa252da1ebbfb55f7e593f43c337e694cc3 Mon Sep 17 00:00:00 2001
		2	From: "djm@openbsd.org" <djm@openbsd.org>
		3	Date: Fri, 3 Mar 2017 06:13:11 +0000
		4	Subject: upstream commit
		5
		6	fix ssh-keygen -H accidentally corrupting known_hosts that
		7	contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
		8	hostkeys_foreach() when hostname matching is in use, so we need to look for
		9	the hash marker explicitly.
		10
		11	Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
		12
		13	Origin: https://anongit.mindrot.org/openssh.git/commit/?id=12d3767ba4c84c32150cbe6ff6494498780f12c9
		14	Bug-Debian: https://bugs.debian.org/851734
		15	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1668093
		16	Last-Update: 2017-03-09
		17
		18	Patch-Name: ssh-keygen-hash-corruption.patch
		19	---
		20	ssh-keygen.c \| 4 ++--
		21	1 file changed, 2 insertions(+), 2 deletions(-)
		22
		23	diff --git a/ssh-keygen.c b/ssh-keygen.c
		24	index 2a7939bf..0833ee61 100644
		25	--- a/ssh-keygen.c
		26	+++ b/ssh-keygen.c
		27	@@ -1082,6 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line l, void _ctx)
		28	struct known_hosts_ctx ctx = (struct known_hosts_ctx )_ctx;
		29	char hashed, cp, hosts, ohosts;
		30	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
		31	+ int was_hashed = l->hosts[0] == HASH_DELIM;
		32
		33	switch (l->status) {
		34	case HKF_STATUS_OK:
		35	@@ -1090,8 +1091,7 @@ known_hosts_hash(struct hostkey_foreach_line l, void _ctx)
		36	* Don't hash hosts already already hashed, with wildcard
		37	* characters or a CA/revocation marker.
		38	*/
		39	- if ((l->match & HKF_MATCH_HOST_HASHED) != 0 \|\|
		40	- has_wild \|\| l->marker != MRK_NONE) {
		41	+ if (was_hashed \|\| has_wild \|\| l->marker != MRK_NONE) {
		42	fprintf(ctx->out, "%s\n", l->line);
		43	if (has_wild && !find_host) {
		44	logit("%s:%ld: ignoring host name "


diff --git a/ssh-keygen.c b/ssh-keygen.c index 2a7939bfc..0833ee61d 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1082,6 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line l, void _ctx)
1082	struct known_hosts_ctx ctx = (struct known_hosts_ctx )_ctx;	1082	struct known_hosts_ctx ctx = (struct known_hosts_ctx )_ctx;
1083	char hashed, cp, hosts, ohosts;	1083	char hashed, cp, hosts, ohosts;
1084	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);	1084	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
		1085	int was_hashed = l->hosts[0] == HASH_DELIM;
1085		1086
1086	switch (l->status) {	1087	switch (l->status) {
1087	case HKF_STATUS_OK:	1088	case HKF_STATUS_OK:
@@ -1090,8 +1091,7 @@ known_hosts_hash(struct hostkey_foreach_line l, void _ctx)
1090	* Don't hash hosts already already hashed, with wildcard	1091	* Don't hash hosts already already hashed, with wildcard
1091	* characters or a CA/revocation marker.	1092	* characters or a CA/revocation marker.
1092	*/	1093	*/
1093	if ((l->match & HKF_MATCH_HOST_HASHED) != 0 \|\|	1094	if (was_hashed \|\| has_wild \|\| l->marker != MRK_NONE) {
1094	has_wild \|\| l->marker != MRK_NONE) {
1095	fprintf(ctx->out, "%s\n", l->line);	1095	fprintf(ctx->out, "%s\n", l->line);
1096	if (has_wild && !find_host) {	1096	if (has_wild && !find_host) {
1097	logit("%s:%ld: ignoring host name "	1097	logit("%s:%ld: ignoring host name "