Date: Tue, 14 Feb 2023 22:34:06 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: fad31dffb405 - releng/13.2 - ssh: update to OpenSSH 9.2p1 Message-ID: <202302142234.31EMY6Ru046604@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch releng/13.2 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=fad31dffb4057cc606fe59a7ba2e09ca9a8a147c commit fad31dffb4057cc606fe59a7ba2e09ca9a8a147c Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-02-06 21:54:56 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-02-14 22:33:56 +0000 ssh: update to OpenSSH 9.2p1 Release notes are available at https://www.openssh.com/txt/release-9.2 OpenSSH 9.2 contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable. These fixes have already been committed to OpenSSH 9.1 in FreeBSD. Some other notable items from the release notes: * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client has. * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. * ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 * ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. bz#3499 Approved by: re (cperciva) Sponsored by: The FreeBSD Foundation (cherry picked from commit f374ba41f55c1a127303d92d830dd58eef2f5243) (cherry picked from commit 2f43f145825d0d8468f583b1686262b0f40c1fe5) --- crypto/openssh/.depend | 8 +- crypto/openssh/.github/ci-status.md | 12 +- crypto/openssh/.github/configs | 43 +- crypto/openssh/.github/setup_ci.sh | 19 +- crypto/openssh/.github/workflows/c-cpp.yml | 155 +- crypto/openssh/.github/workflows/cifuzz.yml | 32 + crypto/openssh/.github/workflows/selfhosted.yml | 94 +- crypto/openssh/.github/workflows/upstream.yml | 29 +- crypto/openssh/.skipped-commit-ids | 2 + crypto/openssh/ChangeLog | 15052 +++++++++---------- crypto/openssh/INSTALL | 2 +- crypto/openssh/Makefile.in | 9 +- crypto/openssh/PROTOCOL | 4 +- crypto/openssh/README | 2 +- crypto/openssh/README.md | 3 +- crypto/openssh/aclocal.m4 | 4 +- crypto/openssh/addr.c | 73 +- crypto/openssh/addr.h | 4 + crypto/openssh/auth-pam.c | 16 +- crypto/openssh/auth-rhosts.c | 4 +- crypto/openssh/auth.c | 11 +- crypto/openssh/channels.c | 246 +- crypto/openssh/channels.h | 24 +- crypto/openssh/clientloop.c | 171 +- crypto/openssh/config.guess | 1206 +- crypto/openssh/config.h | 3 + crypto/openssh/config.sub | 674 +- crypto/openssh/configure.ac | 84 +- crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/crypto_api.h | 4 +- crypto/openssh/ed25519.c | 2048 ++- crypto/openssh/ed25519.sh | 119 + crypto/openssh/entropy.c | 34 - crypto/openssh/fe25519.c | 337 - crypto/openssh/fe25519.h | 70 - crypto/openssh/ge25519.c | 321 - crypto/openssh/ge25519.h | 43 - crypto/openssh/ge25519_base.data | 858 -- crypto/openssh/install-sh | 422 +- crypto/openssh/kex.c | 6 +- crypto/openssh/misc.c | 97 +- crypto/openssh/misc.h | 11 +- crypto/openssh/moduli | 843 +- crypto/openssh/monitor_wrap.c | 3 +- crypto/openssh/mux.c | 6 +- crypto/openssh/openbsd-compat/arc4random.c | 12 +- crypto/openssh/openbsd-compat/arc4random.h | 10 + crypto/openssh/openbsd-compat/bsd-getentropy.c | 7 +- crypto/openssh/openbsd-compat/bsd-poll.c | 38 +- crypto/openssh/openbsd-compat/bsd-poll.h | 25 +- crypto/openssh/openbsd-compat/bsd-timegm.c | 52 +- crypto/openssh/openbsd-compat/getrrsetbyname.c | 12 +- crypto/openssh/openbsd-compat/openbsd-compat.h | 5 +- crypto/openssh/openbsd-compat/regress/Makefile.in | 7 +- .../openbsd-compat/regress/opensslvertest.c | 2 + crypto/openssh/readconf.c | 14 +- crypto/openssh/readconf.h | 4 +- crypto/openssh/regress/Makefile | 7 +- crypto/openssh/regress/agent-getpeereid.sh | 11 +- crypto/openssh/regress/agent-ptrace.sh | 1 + crypto/openssh/regress/channel-timeout.sh | 91 + crypto/openssh/regress/connection-timeout.sh | 87 + crypto/openssh/regress/dynamic-forward.sh | 127 +- crypto/openssh/regress/hostbased.sh | 4 +- crypto/openssh/regress/krl.sh | 6 +- crypto/openssh/regress/multiplex.sh | 3 +- crypto/openssh/regress/percent.sh | 20 +- crypto/openssh/regress/reexec.sh | 4 +- crypto/openssh/regress/scp-uri.sh | 4 +- crypto/openssh/regress/scp.sh | 51 +- crypto/openssh/regress/scp3.sh | 10 +- crypto/openssh/regress/test-exec.sh | 14 +- crypto/openssh/regress/unittests/hostkeys/Makefile | 4 +- crypto/openssh/regress/unittests/kex/Makefile | 6 +- .../openssh/regress/unittests/kex/test_proposal.c | 83 + crypto/openssh/regress/unittests/kex/tests.c | 4 +- .../openssh/regress/unittests/misc/test_ptimeout.c | 85 + crypto/openssh/regress/unittests/misc/tests.c | 4 +- crypto/openssh/regress/unittests/sshkey/Makefile | 4 +- .../openssh/regress/unittests/sshkey/test_sshkey.c | 4 +- crypto/openssh/regress/unittests/sshsig/Makefile | 4 +- crypto/openssh/regress/yes-head.sh | 4 +- crypto/openssh/sandbox-seccomp-filter.c | 5 +- crypto/openssh/sc25519.c | 308 - crypto/openssh/sc25519.h | 80 - crypto/openssh/scp.1 | 29 +- crypto/openssh/scp.c | 163 +- crypto/openssh/servconf.c | 138 +- crypto/openssh/servconf.h | 10 +- crypto/openssh/serverloop.c | 98 +- crypto/openssh/session.c | 27 +- crypto/openssh/session.h | 4 +- crypto/openssh/sftp-client.c | 25 +- crypto/openssh/sftp-glob.c | 34 +- crypto/openssh/sftp-server.c | 4 +- crypto/openssh/sftp.1 | 18 +- crypto/openssh/sftp.c | 36 +- crypto/openssh/sntrup761.c | 44 +- crypto/openssh/sntrup761.sh | 5 +- crypto/openssh/ssh-agent.1 | 27 +- crypto/openssh/ssh-agent.c | 9 +- crypto/openssh/ssh-dss.c | 284 +- crypto/openssh/ssh-ecdsa-sk.c | 170 +- crypto/openssh/ssh-ecdsa.c | 318 +- crypto/openssh/ssh-ed25519-sk.c | 139 +- crypto/openssh/ssh-ed25519.c | 181 +- crypto/openssh/ssh-keygen.c | 3 +- crypto/openssh/ssh-keyscan.1 | 24 +- crypto/openssh/ssh-keyscan.c | 46 +- crypto/openssh/ssh-rsa.c | 352 +- crypto/openssh/ssh-sk-helper.c | 3 +- crypto/openssh/ssh-xmss.c | 228 +- crypto/openssh/ssh.1 | 5 +- crypto/openssh/ssh.c | 42 +- crypto/openssh/ssh_config.5 | 19 +- crypto/openssh/ssh_namespace.h | 111 +- crypto/openssh/sshbuf.c | 27 +- crypto/openssh/sshbuf.h | 26 +- crypto/openssh/sshconnect.c | 9 +- crypto/openssh/sshd.8 | 8 +- crypto/openssh/sshd.c | 30 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 104 +- crypto/openssh/sshkey-xmss.c | 4 +- crypto/openssh/sshkey-xmss.h | 4 +- crypto/openssh/sshkey.c | 1993 +-- crypto/openssh/sshkey.h | 82 +- crypto/openssh/verify.c | 49 - crypto/openssh/version.h | 6 +- secure/lib/libssh/Makefile | 2 +- 131 files changed, 15622 insertions(+), 13755 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index fca83a67c970..5226523aa2ad 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -50,11 +50,9 @@ digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-c digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h -ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h +ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h -fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h -ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h ssherr.h gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -108,7 +106,6 @@ sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbs sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp.h sftp-common.h sftp-client.h servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey .h servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h @@ -137,7 +134,7 @@ ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-c ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log .h -ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h +ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h addr.h ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h @@ -174,7 +171,6 @@ uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compa umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h -verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index 0ad8bf5aaf44..d13bbfa8c038 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -1,4 +1,10 @@ -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml) -[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml) +master : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:master) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:master) +[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master) +[![CIFuzz](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) + +9.1 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_1) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_1) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 6bf1ab27f0ca..bdd5ddbdfaf0 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -9,10 +9,13 @@ # LTESTS config=$1 +if [ "$config" = "" ]; then + config="default" +fi unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO -TEST_TARGET="tests" +TEST_TARGET="tests compat-tests" LTESTS="" SKIP_LTESTS="" SUDO=sudo # run with sudo by default @@ -108,7 +111,7 @@ case "$config" in kitchensink) CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam" CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux" - CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG" + CFLAGS="-DSK_DEBUG -DSANDBOX_SECCOMP_FILTER_DEBUG" ;; hardenedmalloc) CONFIGFLAGS="--with-ldflags=-lhardened_malloc" @@ -141,6 +144,11 @@ case "$config" in ;; openssl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath," + # OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec + # fallback. See https://bugzilla.mindrot.org/show_bug.cgi?id=3483 + if [ "$config" = "openssl-1.1.1" ]; then + SKIP_LTESTS="reexec" + fi ;; selinux) CONFIGFLAGS="--with-selinux" @@ -152,7 +160,7 @@ case "$config" in LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec ;; - valgrind-[1-4]|valgrind-unit) + valgrind-[1-5]|valgrind-unit) # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. CONFIGFLAGS="--without-sandbox --without-hardening" CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" @@ -161,16 +169,19 @@ case "$config" in export TEST_SSH_ELAPSED_TIMES # Valgrind slows things down enough that the agent timeout test # won't reliably pass, and the unit tests run longer than allowed - # by github so split into three separate tests. - tests2="rekey integrity try-ciphers" + # by github so split into separate tests. + tests2="integrity try-ciphers" tests3="krl forward-control sshsig agent-restrict kextype sftp" tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" + tests5="rekey" case "$config" in valgrind-1) - # All tests except agent-timeout (which is flaky under valgrind) + # All tests except agent-timeout (which is flaky under valgrind), + # connection-timeout (which doesn't work since it's so slow) # and hostbased (since valgrind won't let ssh exec keysign). # Slow ones are run separately to increase parallelism. - SKIP_LTESTS="agent-timeout hostbased ${tests2} ${tests3} ${tests4}" + SKIP_LTESTS="agent-timeout connection-timeout hostbased" + SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}" ;; valgrind-2) LTESTS="${tests2}" @@ -181,6 +192,9 @@ case "$config" in valgrind-4) LTESTS="${tests4}" ;; + valgrind-5) + LTESTS="${tests5}" + ;; valgrind-unit) TEST_TARGET="unit USE_VALGRIND=1" ;; @@ -210,6 +224,10 @@ case "${TARGET_HOST}" in TEST_TARGET="t-exec TEST_SHELL=bash" SKIP_LTESTS="rekey sftp" ;; + debian-riscv64) + # This machine is fairly slow, so skip the unit tests. + TEST_TARGET="t-exec" + ;; dfly58*|dfly60*) # scp 3-way connection hangs on these so skip until sorted. SKIP_LTESTS=scp3 @@ -227,12 +245,15 @@ case "${TARGET_HOST}" in # test that relies on one. # Also, Minix seems to be very limited in the number of select() # calls that can be operating concurrently, so prune additional tests for that. - T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse connect - connect-uri exit-status forward-control forwarding hostkey-agent - key-options keyscan knownhosts-command login-timeout multiplex + T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse + connect connect-uri exit-status forwarding hostkey-agent + key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data transfer" + # Unix domain sockets don't work quite like we expect, so also skip any tests + # that use multiplexing. + T="$T connection-timeout dynamic-forward forward-control multiplex" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" @@ -260,6 +281,8 @@ esac case "`./config.guess`" in *cygwin) SUDO="" + # Don't run compat tests on cygwin as they don't currently compile. + TEST_TARGET="tests" ;; *-darwin*) # Unless specified otherwise, build without OpenSSL on Mac OS since diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index 044c4d1292b1..e4480e614f31 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -139,16 +139,29 @@ if [ "yes" = "$INSTALL_FIDO_PPA" ]; then sudo apt-add-repository -y ppa:yubico/stable fi -if [ "x" != "x$PACKAGES" ]; then +tries=3 +while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do case "$PACKAGER" in apt) sudo apt update -qq - sudo apt install -qy $PACKAGES + if sudo apt install -qy $PACKAGES; then + PACKAGES="" + fi ;; setup) - /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,` + if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then + PACKAGES="" + fi ;; esac + if [ ! -z "$PACKAGES" ]; then + sleep 90 + fi + tries=$(($tries - 1)) +done +if [ ! -z "$PACKAGES" ]; then + echo "Package installation failed." + exit 1 fi if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 3cd1188fc572..e6ea49550f71 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -2,11 +2,9 @@ name: C/C++ CI on: push: - branches: [ master, ci, V_9_0 ] - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', 'Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] pull_request: - branches: [ master ] - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', 'Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] jobs: ci: @@ -15,104 +13,109 @@ jobs: fail-fast: false matrix: # First we test all OSes in the default configuration. - os: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022] - configs: [default] + target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022] + config: [default] # Then we include any extra configs we want to test for specific VMs. # Valgrind slows things down quite a bit, so start them first. include: - - { os: windows-2019, configs: cygwin-release } - - { os: windows-2022, configs: cygwin-release } - - { os: ubuntu-20.04, configs: valgrind-1 } - - { os: ubuntu-20.04, configs: valgrind-2 } - - { os: ubuntu-20.04, configs: valgrind-3 } - - { os: ubuntu-20.04, configs: valgrind-4 } - - { os: ubuntu-20.04, configs: valgrind-unit } - - { os: ubuntu-20.04, configs: c89 } - - { os: ubuntu-20.04, configs: clang-6.0 } - - { os: ubuntu-20.04, configs: clang-8 } - - { os: ubuntu-20.04, configs: clang-9 } - - { os: ubuntu-20.04, configs: clang-10 } - - { os: ubuntu-20.04, configs: clang-11 } - - { os: ubuntu-20.04, configs: clang-12-Werror } - - { os: ubuntu-20.04, configs: clang-sanitize-address } - - { os: ubuntu-20.04, configs: clang-sanitize-undefined } - - { os: ubuntu-20.04, configs: gcc-sanitize-address } - - { os: ubuntu-20.04, configs: gcc-sanitize-undefined } - - { os: ubuntu-20.04, configs: gcc-7 } - - { os: ubuntu-20.04, configs: gcc-8 } - - { os: ubuntu-20.04, configs: gcc-10 } - - { os: ubuntu-20.04, configs: gcc-11-Werror } - - { os: ubuntu-20.04, configs: pam } - - { os: ubuntu-20.04, configs: kitchensink } - - { os: ubuntu-20.04, configs: hardenedmalloc } - - { os: ubuntu-20.04, configs: tcmalloc } - - { os: ubuntu-20.04, configs: musl } - - { os: ubuntu-latest, configs: libressl-master } - - { os: ubuntu-latest, configs: libressl-2.2.9 } - - { os: ubuntu-latest, configs: libressl-2.8.3 } - - { os: ubuntu-latest, configs: libressl-3.0.2 } - - { os: ubuntu-latest, configs: libressl-3.2.6 } - - { os: ubuntu-latest, configs: libressl-3.3.6 } - - { os: ubuntu-latest, configs: libressl-3.4.3 } - - { os: ubuntu-latest, configs: libressl-3.5.3 } - - { os: ubuntu-latest, configs: openssl-master } - - { os: ubuntu-latest, configs: openssl-noec } - - { os: ubuntu-latest, configs: openssl-1.0.1 } - - { os: ubuntu-latest, configs: openssl-1.0.1u } - - { os: ubuntu-latest, configs: openssl-1.0.2u } - - { os: ubuntu-latest, configs: openssl-1.1.0h } - - { os: ubuntu-latest, configs: openssl-1.1.1 } - - { os: ubuntu-latest, configs: openssl-1.1.1k } - - { os: ubuntu-latest, configs: openssl-1.1.1n } - - { os: ubuntu-latest, configs: openssl-1.1.1p } - - { os: ubuntu-latest, configs: openssl-3.0.0 } - - { os: ubuntu-latest, configs: openssl-3.0.5 } - - { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch - - { os: ubuntu-latest, configs: openssl-3.0 } # stable branch - - { os: ubuntu-22.04, configs: pam } - - { os: ubuntu-22.04, configs: krb5 } - - { os: ubuntu-22.04, configs: heimdal } - - { os: ubuntu-22.04, configs: libedit } - - { os: ubuntu-22.04, configs: sk } - - { os: ubuntu-22.04, configs: selinux } - - { os: ubuntu-22.04, configs: kitchensink } - - { os: ubuntu-22.04, configs: without-openssl } - - { os: macos-11, configs: pam } - - { os: macos-12, configs: pam } - runs-on: ${{ matrix.os }} + - { target: windows-2019, config: cygwin-release } + - { target: windows-2022, config: cygwin-release } + - { target: ubuntu-20.04, config: valgrind-1 } + - { target: ubuntu-20.04, config: valgrind-2 } + - { target: ubuntu-20.04, config: valgrind-3 } + - { target: ubuntu-20.04, config: valgrind-4 } + - { target: ubuntu-20.04, config: valgrind-5 } + - { target: ubuntu-20.04, config: valgrind-unit } + - { target: ubuntu-20.04, config: c89 } + - { target: ubuntu-20.04, config: clang-6.0 } + - { target: ubuntu-20.04, config: clang-8 } + - { target: ubuntu-20.04, config: clang-9 } + - { target: ubuntu-20.04, config: clang-10 } + - { target: ubuntu-20.04, config: clang-11 } + - { target: ubuntu-20.04, config: clang-12-Werror } + - { target: ubuntu-20.04, config: clang-sanitize-address } + - { target: ubuntu-20.04, config: clang-sanitize-undefined } + - { target: ubuntu-20.04, config: gcc-sanitize-address } + - { target: ubuntu-20.04, config: gcc-sanitize-undefined } + - { target: ubuntu-20.04, config: gcc-7 } + - { target: ubuntu-20.04, config: gcc-8 } + - { target: ubuntu-20.04, config: gcc-10 } + - { target: ubuntu-20.04, config: gcc-11-Werror } + - { target: ubuntu-20.04, config: pam } + - { target: ubuntu-20.04, config: kitchensink } + - { target: ubuntu-20.04, config: hardenedmalloc } + - { target: ubuntu-20.04, config: tcmalloc } + - { target: ubuntu-20.04, config: musl } + - { target: ubuntu-latest, config: libressl-master } + - { target: ubuntu-latest, config: libressl-2.2.9 } + - { target: ubuntu-latest, config: libressl-2.8.3 } + - { target: ubuntu-latest, config: libressl-3.0.2 } + - { target: ubuntu-latest, config: libressl-3.2.6 } + - { target: ubuntu-latest, config: libressl-3.3.6 } + - { target: ubuntu-latest, config: libressl-3.4.3 } + - { target: ubuntu-latest, config: libressl-3.5.3 } + - { target: ubuntu-latest, config: libressl-3.6.1 } + - { target: ubuntu-latest, config: libressl-3.7.0 } + - { target: ubuntu-latest, config: openssl-master } + - { target: ubuntu-latest, config: openssl-noec } + - { target: ubuntu-latest, config: openssl-1.0.1 } + - { target: ubuntu-latest, config: openssl-1.0.1u } + - { target: ubuntu-latest, config: openssl-1.0.2u } + - { target: ubuntu-latest, config: openssl-1.1.0h } + - { target: ubuntu-latest, config: openssl-1.1.1 } + - { target: ubuntu-latest, config: openssl-1.1.1k } + - { target: ubuntu-latest, config: openssl-1.1.1n } + - { target: ubuntu-latest, config: openssl-1.1.1q } + - { target: ubuntu-latest, config: openssl-1.1.1s } + - { target: ubuntu-latest, config: openssl-3.0.0 } + - { target: ubuntu-latest, config: openssl-3.0.5 } + - { target: ubuntu-latest, config: openssl-3.0.7 } + - { target: ubuntu-latest, config: openssl-1.1.1_stable } + - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-22.04, config: pam } + - { target: ubuntu-22.04, config: krb5 } + - { target: ubuntu-22.04, config: heimdal } + - { target: ubuntu-22.04, config: libedit } + - { target: ubuntu-22.04, config: sk } + - { target: ubuntu-22.04, config: selinux } + - { target: ubuntu-22.04, config: kitchensink } + - { target: ubuntu-22.04, config: without-openssl } + - { target: macos-11, config: pam } + - { target: macos-12, config: pam } + runs-on: ${{ matrix.target }} steps: - name: set cygwin git params - if: ${{ startsWith(matrix.os, 'windows') }} + if: ${{ startsWith(matrix.target, 'windows') }} run: git config --global core.autocrlf input - name: install cygwin - if: ${{ startsWith(matrix.os, 'windows') }} + if: ${{ startsWith(matrix.target, 'windows') }} uses: cygwin/cygwin-install-action@master - - uses: actions/checkout@v2 + - uses: actions/checkout@main - name: setup CI system - run: sh ./.github/setup_ci.sh ${{ matrix.configs }} + run: sh ./.github/setup_ci.sh ${{ matrix.config }} - name: autoreconf run: sh -c autoreconf - name: configure - run: sh ./.github/configure.sh ${{ matrix.configs }} + run: sh ./.github/configure.sh ${{ matrix.config }} - name: save config - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-config + name: ${{ matrix.target }}-${{ matrix.config }}-config path: config.h - name: make clean run: make clean - name: make run: make -j2 - name: make tests - run: sh ./.github/run_test.sh ${{ matrix.configs }} + run: sh ./.github/run_test.sh ${{ matrix.config }} env: TEST_SSH_UNSAFE_PERMISSIONS: 1 TEST_SSH_HOSTBASED_AUTH: yes - name: save logs if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | config.h config.log diff --git a/crypto/openssh/.github/workflows/cifuzz.yml b/crypto/openssh/.github/workflows/cifuzz.yml new file mode 100644 index 000000000000..7ca8c4719b61 --- /dev/null +++ b/crypto/openssh/.github/workflows/cifuzz.yml @@ -0,0 +1,32 @@ +name: CIFuzz +on: + push: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + pull_request: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + +jobs: + Fuzzing: + if: github.repository != 'openssh/openssh-portable-selfhosted' + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'openssh' + dry-run: false + language: c++ + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'openssh' + fuzz-seconds: 600 + dry-run: false + language: c++ + - name: Upload Crash + uses: actions/upload-artifact@main + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index c4bd1d9b24f7..50bc9fffb723 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -2,37 +2,35 @@ name: C/C++ CI self-hosted on: push: - branches: [ master, ci, V_9_0 ] - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', 'Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] jobs: selfhosted: if: github.repository == 'openssh/openssh-portable-selfhosted' - runs-on: ${{ matrix.os }} + runs-on: ${{ matrix.host }} + timeout-minutes: 600 env: - TARGET_HOST: ${{ matrix.os }} + HOST: ${{ matrix.host }} + TARGET_HOST: ${{ matrix.target }} + TARGET_CONFIG: ${{ matrix.config }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the - # default config. "os" corresponds to a label associated with the worker. + # default config. "target" corresponds to a label associated with the + # worker. The default is an ephemeral VM running under libvirt. matrix: - os: - - aix51 - - ARM - - ARM64 + target: - alpine - debian-i386 - - debian-riscv64 - dfly30 - dfly48 - dfly58 - dfly60 + - dfly62 - fbsd10 - fbsd12 - fbsd13 - # - hurd - minix3 - # - nbsd2 - nbsd3 - nbsd4 - nbsd8 @@ -42,62 +40,71 @@ jobs: - obsd69 - obsd70 - obsdsnap + - obsdsnap-i386 - openindiana - - openwrt-mips - - openwrt-mipsel - # - rocky84 - sol10 - sol11 - - win10 - configs: + config: - default - # Then we include any extra configs we want to test for specific VMs. + host: + - libvirt include: - - { os: ARM64, configs: pam } - - { os: debian-i386, configs: pam } - - { os: dfly30, configs: without-openssl} - - { os: dfly48, configs: pam } - - { os: dfly58, configs: pam } - - { os: dfly60, configs: pam } - - { os: fbsd10, configs: pam } - - { os: fbsd12, configs: pam } - - { os: fbsd13, configs: pam } - - { os: nbsd8, configs: pam } - - { os: nbsd9, configs: pam } - - { os: openindiana, configs: pam } - # - { os: rocky84, configs: pam } - - { os: sol10, configs: pam } - - { os: sol11, configs: pam-krb5 } - - { os: sol11, configs: sol64 } - # - { os: sol11, configs: sol64-pam } - - { os: win10, configs: cygwin-release } + # Then we include extra libvirt test configs. + - { target: aix51, config: default, host: libvirt } + - { target: debian-i386, config: pam, host: libvirt } + - { target: dfly30, config: without-openssl, host: libvirt} + - { target: dfly48, config: pam ,host: libvirt } + - { target: dfly58, config: pam, host: libvirt } + - { target: dfly60, config: pam, host: libvirt } + - { target: dfly62, config: pam, host: libvirt } + - { target: fbsd10, config: pam, host: libvirt } + - { target: fbsd12, config: pam, host: libvirt } + - { target: fbsd13, config: pam, host: libvirt } + - { target: nbsd8, config: pam, host: libvirt } + - { target: nbsd9, config: pam, host: libvirt } + - { target: openindiana, config: pam, host: libvirt } + - { target: sol10, config: pam, host: libvirt } + - { target: sol11, config: pam-krb5, host: libvirt } + - { target: sol11, config: sol64, host: libvirt } + # VMs with persistent disks that have their own runner. + - { target: win10, config: default, host: win10 } + - { target: win10, config: cygwin-release, host: win10 } + # Physical hosts, with either native runners or remote via ssh. + - { target: ARM, config: default, host: ARM } + - { target: ARM64, config: default, host: ARM64 } + - { target: ARM64, config: pam, host: ARM64 } + - { target: debian-riscv64, config: default, host: debian-riscv64 } + - { target: openwrt-mips, config: default, host: openwrt-mips } + - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } steps: - name: shutdown VM if running run: vmshutdown - - uses: actions/checkout@v2 + working-directory: ${{ runner.temp }} + - uses: actions/checkout@main - name: autoreconf run: autoreconf - name: startup VM run: vmstartup + working-directory: ${{ runner.temp }} - name: configure - run: vmrun ./.github/configure.sh ${{ matrix.configs }} + run: vmrun ./.github/configure.sh ${{ matrix.config }} - name: save config - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-config + name: ${{ matrix.target }}-${{ matrix.config }}-config path: config.h - name: make clean run: vmrun make clean - name: make run: vmrun make - name: make tests - run: vmrun ./.github/run_test.sh ${{ matrix.configs }} + run: vmrun ./.github/run_test.sh ${{ matrix.config }} timeout-minutes: 600 - name: save logs if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | config.h config.log @@ -106,3 +113,4 @@ jobs: - name: shutdown VM if: always() run: vmshutdown + working-directory: ${{ runner.temp }} diff --git a/crypto/openssh/.github/workflows/upstream.yml b/crypto/openssh/.github/workflows/upstream.yml index 3cec069ede74..1e2c2acb7ac0 100644 --- a/crypto/openssh/.github/workflows/upstream.yml +++ b/crypto/openssh/.github/workflows/upstream.yml @@ -2,46 +2,51 @@ name: Upstream self-hosted on: push: - branches: [ master, ci ] + branches: [ master ] paths: [ '**.c', '**.h', '.github/**' ] jobs: selfhosted: if: github.repository == 'openssh/openssh-portable-selfhosted' - runs-on: ${{ matrix.os }} + runs-on: 'libvirt' env: - TARGET_HOST: ${{ matrix.os }} + HOST: 'libvirt' + TARGET_HOST: ${{ matrix.target }} + TARGET_CONFIG: ${{ matrix.config }} strategy: fail-fast: false matrix: - os: [ obsdsnap, obsdsnap-i386 ] - configs: [ default, without-openssl, ubsan ] + target: [ obsdsnap, obsdsnap-i386 ] + config: [ default, without-openssl, ubsan ] steps: - - uses: actions/checkout@v2 - name: shutdown VM if running run: vmshutdown + working-directory: ${{ runner.temp }} + - uses: actions/checkout@main - name: startup VM run: vmstartup + working-directory: ${{ runner.temp }} - name: update source run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" - name: make clean - run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean" + run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean && sudo chmod -R g-w /usr/src /usr/obj" - name: make - run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.configs }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" + run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" - name: make install run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" - name: make tests` - run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.configs }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" + run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" env: SUDO: sudo timeout-minutes: 300 - name: save logs if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | - /usr/obj/regress/usr.bin/ssh/*.log + /usr/obj/regress/usr.bin/ssh/obj/*.log - name: shutdown VM if: always() run: vmshutdown + working-directory: ${{ runner.temp }} diff --git a/crypto/openssh/.skipped-commit-ids b/crypto/openssh/.skipped-commit-ids index b639678939dd..59e80518acf2 100644 --- a/crypto/openssh/.skipped-commit-ids +++ b/crypto/openssh/.skipped-commit-ids @@ -25,6 +25,8 @@ cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b moduli update 6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 makefile change f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update +1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes +e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks Old upstream tree: diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 02e11b023ca0..4251831a1732 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,11314 +1,11196 @@ -commit 0ffb46f2ee2ffcc4daf45ee679e484da8fcf338c +commit 6dfb65de949cdd0a5d198edee9a118f265924f33 Author: Damien Miller <djm@mindrot.org> -Date: Tue Oct 4 01:51:42 2022 +1100 +Date: Thu Feb 2 23:21:54 2023 +1100 - update .depend + crank versions in RPM specs -commit 657e676ff696c7bb787bffb0e249ea1be3b474e1 +commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021 Author: Damien Miller <djm@mindrot.org> -Date: Tue Oct 4 01:45:52 2022 +1100 +Date: Thu Feb 2 23:21:45 2023 +1100 - update release notes URL + update version in README -commit f059da2b29840c0f048448809c317ce2ae014da7 +commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 Author: Damien Miller <djm@mindrot.org> -Date: Tue Oct 4 01:45:41 2022 +1100 +Date: Thu Feb 2 23:17:49 2023 +1100 - crank versions in RPM spec files + adapt compat_kex_proposal() test to portable -commit b51f3f172d87cbdb80ca4eb7b2149e56a7647557 +commit 903c556b938fff2d7bff8da2cc460254430963c5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Sep 26 22:18:40 2022 +0000 +Date: Thu Feb 2 12:12:52 2023 +0000 - upstream: openssh-9.1 + upstream: test compat_kex_proposal(); by dtucker@ - OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 + OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 -commit 4cf8d0c0f3030f594a238bab21a0695735515487 +commit 405fba71962dec8409c0c962408e09049e5624b5 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Sep 21 22:26:50 2022 +0000 +Date: Thu Jan 19 07:53:45 2023 +0000 - upstream: Fix typo. From AlexanderStohr via github PR#343. + upstream: Check if we can copy sshd or need to use sudo to do so - OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 + during reexec test. Skip test if neither can work. Patch from anton@, tweaks + from me. + + OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d -commit 8179fed3264d5919899900ed8881d5f9bb57ca33 +commit b2a2a8f69fd7737ea17dc044353c514f2f962f35 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Sep 19 21:39:16 2022 +0000 +Date: Thu Feb 2 12:10:22 2023 +0000 - upstream: add RequiredRSASize to the list of keywords accepted by + upstream: openssh-9.2 - -o; spotted by jmc@ + OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 + +commit 12da7823336434a403f25c7cc0c2c6aed0737a35 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 2 12:10:05 2023 +0000 + + upstream: fix double-free caused by compat_kex_proposal(); bz3522 - OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e + by dtucker@, ok me + + OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 -commit 5f954929e9f173dd1e279e07d0e8b14fa845814d -Author: Damien Miller <djm@mindrot.org> -Date: Mon Sep 19 20:59:34 2022 +1000 +commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Feb 1 17:17:26 2023 +1100 - no need for glob.h here + Skip connection-timeout test on minix3. - it also causes portability problems + Minix 3's Unix domain sockets don't seem to work the way we expect, so + skip connection-timeout test on that platform. While there, group + together all similarly skipped tests and explicitly comment. -commit 03d94a47207d58b3db37eba4f87eb6ae5a63168a *** 38722 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302142234.31EMY6Ru046604>