Revert "Merge 9.2 (#657)"

This reverts commit f71f81e.

Author: tgauth

.depend

@@ -1,10 +1,4 @@
-master :
-[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:master)
-[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:master)
-[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master)
-[![CIFuzz](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml)
+[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
+[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml)
+[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml)
 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
-
-9.1 :
-[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_1)
-[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_1)

.github/ci-status.md

@@ -9,13 +9,10 @@
 # LTESTS
 
 config=$1
-if [ "$config" = "" ]; then
-	config="default"
-fi
 
 unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
 
-TEST_TARGET="tests compat-tests"
+TEST_TARGET="tests"
 LTESTS=""
 SKIP_LTESTS=""
 SUDO=sudo	# run with sudo by default
@@ -111,7 +108,7 @@ case "$config" in
     kitchensink)
 	CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
 	CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
-	CFLAGS="-DSK_DEBUG -DSANDBOX_SECCOMP_FILTER_DEBUG"
+	CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
 	;;
     hardenedmalloc)
 	CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
@@ -144,11 +141,6 @@ case "$config" in
 	;;
     openssl-*)
 	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
-	# OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec
-	# fallback.  See https://bugzilla.mindrot.org/show_bug.cgi?id=3483
-	if [ "$config" = "openssl-1.1.1" ]; then
-		SKIP_LTESTS="reexec"
-	fi
 	;;
     selinux)
 	CONFIGFLAGS="--with-selinux"
@@ -160,7 +152,7 @@ case "$config" in
 	LIBCRYPTOFLAGS="--without-openssl"
 	TEST_TARGET=t-exec
 	;;
-    valgrind-[1-5]|valgrind-unit)
+    valgrind-[1-4]|valgrind-unit)
 	# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
 	CONFIGFLAGS="--without-sandbox --without-hardening"
 	CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
@@ -169,19 +161,16 @@ case "$config" in
 	export TEST_SSH_ELAPSED_TIMES
 	# Valgrind slows things down enough that the agent timeout test
 	# won't reliably pass, and the unit tests run longer than allowed
-	# by github so split into separate tests.
-	tests2="integrity try-ciphers"
+	# by github so split into three separate tests.
+	tests2="rekey integrity try-ciphers"
 	tests3="krl forward-control sshsig agent-restrict kextype sftp"
 	tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent"
-	tests5="rekey"
 	case "$config" in
 	    valgrind-1)
-		# All tests except agent-timeout (which is flaky under valgrind),
-		# connection-timeout (which doesn't work since it's so slow)
+		# All tests except agent-timeout (which is flaky under valgrind)
 		# and hostbased (since valgrind won't let ssh exec keysign).
 		# Slow ones are run separately to increase parallelism.
-		SKIP_LTESTS="agent-timeout connection-timeout hostbased"
-		SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}"
+		SKIP_LTESTS="agent-timeout hostbased ${tests2} ${tests3} ${tests4}"
 		;;
 	    valgrind-2)
 		LTESTS="${tests2}"
@@ -192,9 +181,6 @@ case "$config" in
 	    valgrind-4)
 		LTESTS="${tests4}"
 		;;
-	    valgrind-5)
-		LTESTS="${tests5}"
-		;;
 	    valgrind-unit)
 		TEST_TARGET="unit USE_VALGRIND=1"
 		;;
@@ -224,10 +210,6 @@ case "${TARGET_HOST}" in
 	TEST_TARGET="t-exec TEST_SHELL=bash"
 	SKIP_LTESTS="rekey sftp"
 	;;
-    debian-riscv64)
-	# This machine is fairly slow, so skip the unit tests.
-	TEST_TARGET="t-exec"
-	;;
     dfly58*|dfly60*)
 	# scp 3-way connection hangs on these so skip until sorted.
 	SKIP_LTESTS=scp3
@@ -245,15 +227,12 @@ case "${TARGET_HOST}" in
 	# test that relies on one.
 	# Also, Minix seems to be very limited in the number of select()
 	# calls that can be operating concurrently, so prune additional tests for that.
-	T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse
-	    connect connect-uri exit-status forwarding hostkey-agent
-	    key-options keyscan knownhosts-command login-timeout
+	T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse connect
+	    connect-uri exit-status forward-control forwarding hostkey-agent
+	    key-options keyscan knownhosts-command login-timeout multiplex
 	    reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds
 	    sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data
 	    transfer"
-	# Unix domain sockets don't work quite like we expect, so also skip any tests
-	# that use multiplexing.
-	T="$T connection-timeout dynamic-forward forward-control multiplex"
 	SKIP_LTESTS="$(echo $T)"
 	TEST_TARGET=t-exec
 	SUDO=""
@@ -281,8 +260,6 @@ esac
 case "`./config.guess`" in
 *cygwin)
 	SUDO=""
-	# Don't run compat tests on cygwin as they don't currently compile.
-	TEST_TARGET="tests"
 	;;
 *-darwin*)
 	# Unless specified otherwise, build without OpenSSL on Mac OS since

.github/configs

@@ -139,29 +139,16 @@ if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
     sudo apt-add-repository -y ppa:yubico/stable
 fi
 
-tries=3
-while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do
+if [ "x" != "x$PACKAGES" ]; then
     case "$PACKAGER" in
     apt)
 	sudo apt update -qq
-	if sudo apt install -qy $PACKAGES; then
-		PACKAGES=""
-	fi
+	sudo apt install -qy $PACKAGES
 	;;
     setup)
-	if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then
-		PACKAGES=""
-	fi
+	/cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`
 	;;
     esac
-    if [ ! -z "$PACKAGES" ]; then
-	sleep 90
-    fi
-    tries=$(($tries - 1))
-done
-if [ ! -z "$PACKAGES" ]; then
-	echo "Package installation failed."
-	exit 1
 fi
 
 if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then

.github/setup_ci.sh

@@ -1,118 +1,118 @@
 name: C/C++ CI
 
 on:
-  workflow_dispatch:
-  
+  push:
+    branches: [ master, ci, V_9_0 ]
+    paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', 'Makefile.in', 'configure.ac' ]
+  pull_request:
+    branches: [ master ]
+    paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', 'Makefile.in', 'configure.ac' ]
+
 jobs:
   ci:
     if: github.repository != 'openssh/openssh-portable-selfhosted'
     strategy:
       fail-fast: false
       matrix:
         # First we test all OSes in the default configuration.
-        target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022]
-        config: [default]
+        os: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022]
+        configs: [default]
         # Then we include any extra configs we want to test for specific VMs.
         # Valgrind slows things down quite a bit, so start them first.
         include:
-          - { target: windows-2019, config: cygwin-release }
-          - { target: windows-2022, config: cygwin-release }
-          - { target: ubuntu-20.04, config: valgrind-1 }
-          - { target: ubuntu-20.04, config: valgrind-2 }
-          - { target: ubuntu-20.04, config: valgrind-3 }
-          - { target: ubuntu-20.04, config: valgrind-4 }
-          - { target: ubuntu-20.04, config: valgrind-5 }
-          - { target: ubuntu-20.04, config: valgrind-unit }
-          - { target: ubuntu-20.04, config: c89 }
-          - { target: ubuntu-20.04, config: clang-6.0 }
-          - { target: ubuntu-20.04, config: clang-8 }
-          - { target: ubuntu-20.04, config: clang-9 }
-          - { target: ubuntu-20.04, config: clang-10 }
-          - { target: ubuntu-20.04, config: clang-11 }
-          - { target: ubuntu-20.04, config: clang-12-Werror }
-          - { target: ubuntu-20.04, config: clang-sanitize-address }
-          - { target: ubuntu-20.04, config: clang-sanitize-undefined }
-          - { target: ubuntu-20.04, config: gcc-sanitize-address }
-          - { target: ubuntu-20.04, config: gcc-sanitize-undefined }
-          - { target: ubuntu-20.04, config: gcc-7 }
-          - { target: ubuntu-20.04, config: gcc-8 }
-          - { target: ubuntu-20.04, config: gcc-10 }
-          - { target: ubuntu-20.04, config: gcc-11-Werror }
-          - { target: ubuntu-20.04, config: pam }
-          - { target: ubuntu-20.04, config: kitchensink }
-          - { target: ubuntu-20.04, config: hardenedmalloc }
-          - { target: ubuntu-20.04, config: tcmalloc }
-          - { target: ubuntu-20.04, config: musl }
-          - { target: ubuntu-latest, config: libressl-master }
-          - { target: ubuntu-latest, config: libressl-2.2.9 }
-          - { target: ubuntu-latest, config: libressl-2.8.3 }
-          - { target: ubuntu-latest, config: libressl-3.0.2 }
-          - { target: ubuntu-latest, config: libressl-3.2.6 }
-          - { target: ubuntu-latest, config: libressl-3.3.6 }
-          - { target: ubuntu-latest, config: libressl-3.4.3 }
-          - { target: ubuntu-latest, config: libressl-3.5.3 }
-          - { target: ubuntu-latest, config: libressl-3.6.1 }
-          - { target: ubuntu-latest, config: libressl-3.7.0 }
-          - { target: ubuntu-latest, config: openssl-master }
-          - { target: ubuntu-latest, config: openssl-noec }
-          - { target: ubuntu-latest, config: openssl-1.0.1 }
-          - { target: ubuntu-latest, config: openssl-1.0.1u }
-          - { target: ubuntu-latest, config: openssl-1.0.2u }
-          - { target: ubuntu-latest, config: openssl-1.1.0h }
-          - { target: ubuntu-latest, config: openssl-1.1.1 }
-          - { target: ubuntu-latest, config: openssl-1.1.1k }
-          - { target: ubuntu-latest, config: openssl-1.1.1n }
-          - { target: ubuntu-latest, config: openssl-1.1.1q }
-          - { target: ubuntu-latest, config: openssl-1.1.1s }
-          - { target: ubuntu-latest, config: openssl-3.0.0 }
-          - { target: ubuntu-latest, config: openssl-3.0.5 }
-          - { target: ubuntu-latest, config: openssl-3.0.7 }
-          - { target: ubuntu-latest, config: openssl-1.1.1_stable }
-          - { target: ubuntu-latest, config: openssl-3.0 }  # stable branch
-          - { target: ubuntu-22.04, config: pam }
-          - { target: ubuntu-22.04, config: krb5 }
-          - { target: ubuntu-22.04, config: heimdal }
-          - { target: ubuntu-22.04, config: libedit }
-          - { target: ubuntu-22.04, config: sk }
-          - { target: ubuntu-22.04, config: selinux }
-          - { target: ubuntu-22.04, config: kitchensink }
-          - { target: ubuntu-22.04, config: without-openssl }
-          - { target: macos-11, config: pam }
-          - { target: macos-12, config: pam }
-    runs-on: ${{ matrix.target }}
+          - { os: windows-2019, configs: cygwin-release }
+          - { os: windows-2022, configs: cygwin-release }
+          - { os: ubuntu-20.04, configs: valgrind-1 }
+          - { os: ubuntu-20.04, configs: valgrind-2 }
+          - { os: ubuntu-20.04, configs: valgrind-3 }
+          - { os: ubuntu-20.04, configs: valgrind-4 }
+          - { os: ubuntu-20.04, configs: valgrind-unit }
+          - { os: ubuntu-20.04, configs: c89 }
+          - { os: ubuntu-20.04, configs: clang-6.0 }
+          - { os: ubuntu-20.04, configs: clang-8 }
+          - { os: ubuntu-20.04, configs: clang-9 }
+          - { os: ubuntu-20.04, configs: clang-10 }
+          - { os: ubuntu-20.04, configs: clang-11 }
+          - { os: ubuntu-20.04, configs: clang-12-Werror }
+          - { os: ubuntu-20.04, configs: clang-sanitize-address }
+          - { os: ubuntu-20.04, configs: clang-sanitize-undefined }
+          - { os: ubuntu-20.04, configs: gcc-sanitize-address }
+          - { os: ubuntu-20.04, configs: gcc-sanitize-undefined }
+          - { os: ubuntu-20.04, configs: gcc-7 }
+          - { os: ubuntu-20.04, configs: gcc-8 }
+          - { os: ubuntu-20.04, configs: gcc-10 }
+          - { os: ubuntu-20.04, configs: gcc-11-Werror }
+          - { os: ubuntu-20.04, configs: pam }
+          - { os: ubuntu-20.04, configs: kitchensink }
+          - { os: ubuntu-20.04, configs: hardenedmalloc }
+          - { os: ubuntu-20.04, configs: tcmalloc }
+          - { os: ubuntu-20.04, configs: musl }
+          - { os: ubuntu-latest, configs: libressl-master }
+          - { os: ubuntu-latest, configs: libressl-2.2.9 }
+          - { os: ubuntu-latest, configs: libressl-2.8.3 }
+          - { os: ubuntu-latest, configs: libressl-3.0.2 }
+          - { os: ubuntu-latest, configs: libressl-3.2.6 }
+          - { os: ubuntu-latest, configs: libressl-3.3.6 }
+          - { os: ubuntu-latest, configs: libressl-3.4.3 }
+          - { os: ubuntu-latest, configs: libressl-3.5.3 }
+          - { os: ubuntu-latest, configs: openssl-master }
+          - { os: ubuntu-latest, configs: openssl-noec }
+          - { os: ubuntu-latest, configs: openssl-1.0.1 }
+          - { os: ubuntu-latest, configs: openssl-1.0.1u }
+          - { os: ubuntu-latest, configs: openssl-1.0.2u }
+          - { os: ubuntu-latest, configs: openssl-1.1.0h }
+          - { os: ubuntu-latest, configs: openssl-1.1.1 }
+          - { os: ubuntu-latest, configs: openssl-1.1.1k }
+          - { os: ubuntu-latest, configs: openssl-1.1.1n }
+          - { os: ubuntu-latest, configs: openssl-1.1.1p }
+          - { os: ubuntu-latest, configs: openssl-3.0.0 }
+          - { os: ubuntu-latest, configs: openssl-3.0.5 }
+          - { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch
+          - { os: ubuntu-latest, configs: openssl-3.0 }          # stable branch
+          - { os: ubuntu-22.04, configs: pam }
+          - { os: ubuntu-22.04, configs: krb5 }
+          - { os: ubuntu-22.04, configs: heimdal }
+          - { os: ubuntu-22.04, configs: libedit }
+          - { os: ubuntu-22.04, configs: sk }
+          - { os: ubuntu-22.04, configs: selinux }
+          - { os: ubuntu-22.04, configs: kitchensink }
+          - { os: ubuntu-22.04, configs: without-openssl }
+          - { os: macos-11, configs: pam }
+          - { os: macos-12, configs: pam }
+    runs-on: ${{ matrix.os }}
     steps:
     - name: set cygwin git params
-      if: ${{ startsWith(matrix.target, 'windows') }}
+      if: ${{ startsWith(matrix.os, 'windows') }}
       run: git config --global core.autocrlf input
     - name: install cygwin
-      if: ${{ startsWith(matrix.target, 'windows') }}
+      if: ${{ startsWith(matrix.os, 'windows') }}
       uses: cygwin/cygwin-install-action@master
-    - uses: actions/checkout@main
+    - uses: actions/checkout@v2
     - name: setup CI system
-      run: sh ./.github/setup_ci.sh ${{ matrix.config }}
+      run: sh ./.github/setup_ci.sh ${{ matrix.configs }}
     - name: autoreconf
       run: sh -c autoreconf
     - name: configure
-      run: sh ./.github/configure.sh ${{ matrix.config }}
+      run: sh ./.github/configure.sh ${{ matrix.configs }}
     - name: save config
-      uses: actions/upload-artifact@main
+      uses: actions/upload-artifact@v2
       with:
-        name: ${{ matrix.target }}-${{ matrix.config }}-config
+        name: ${{ matrix.os }}-${{ matrix.configs }}-config
         path: config.h
     - name: make clean
       run: make clean
     - name: make
       run: make -j2
     - name: make tests
-      run: sh ./.github/run_test.sh ${{ matrix.config }}
+      run: sh ./.github/run_test.sh ${{ matrix.configs }}
       env:
         TEST_SSH_UNSAFE_PERMISSIONS: 1
         TEST_SSH_HOSTBASED_AUTH: yes
     - name: save logs
       if: failure()
-      uses: actions/upload-artifact@main
+      uses: actions/upload-artifact@v2
       with:
-        name: ${{ matrix.target }}-${{ matrix.config }}-logs
+        name: ${{ matrix.os }}-${{ matrix.configs }}-logs
         path: |
           config.h
           config.log