re-merge 9.1

Author: tgauth

.depend

@@ -0,0 +1,5 @@
+[email protected] ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKecyjh9aNmD4rb8WblA8v91JjRb0Cd2JtkzqxcggGeG
+[email protected] [email protected] AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLnJo3ZVDENYZGXm5uO9lU7b0iDFq5gHpTu1MaHPWTEfPdvw+AjFQQ/q5YizuMJkXGsMdYmblJEJZYHpm9IS7ZkAAAAEc3NoOg==
+[email protected] [email protected] AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJoAXBTQalfg+kC5wy1vE7HkIHtVnmV6AUuuIo9KQ1P+70juHwvsFKpsGaqQbrHJkTVgYDGVP02XHj8+Fb18yBIAAAAEc3NoOg==
+[email protected] [email protected] AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBH+z1I48s6ydOhP5SJmI02zVCLf0K15B+UMHgoTIKVfUIv5oDoVX7e9f+7QiRmTeEOdZfQydiaVqsfi7qPSve+0AAAAEc3NoOg==
+[email protected] [email protected] AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBPM4BmUg/fMnsl42JwktTekk/mB8Be3M+yK2ayg6lqYsqEri8yhRx84gey51OHKVk1TwlGbJjcMHI4URreDBEMQAAAAEc3NoOg==

.git_allowed_signers

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmMMMiIACgkQKj9BTnNg
+YLpyGhAAhZ1RxmD62JnT0gnor1aD0inq1fGPRadaFvXH2OScPcxXMIZWx+otnyZ/
+H9s0bIti42dPHqurgh92KS2mDGVIW8Y8MvxFUr678+hdem1U7Xvjoo0uaveNhJhe
+GxuQDOvXKRmmfL2c6w3wnFChFA1o3K+JNshjCHhWz7u6+UmY0Q9yIxqbSi+vmEPP
+NfWPfGdu4h8r7q11UgTxRSUQkfZXMqpBtb367B9BLduGuKRFKEJNyi6WpjBrqy38
+BvEbAaL52KX8hEp3TKMjo38RbOK+veSoPV5zlLui0WlEwwasgljal3f4RkqCAJob
+hqpFJRogM5XNnA2e68TDTf3buJ3wRRjuK39/CusOJz5v4i6+VCdte+BET1Y4gD6y
+v8KV4pRyumcdbN3khFUkmaQsjo+fyQjWNrgOvv60J2xUWZdchn8lxHOxrfRVKnOi
+BD4bdks7tPQY/XsS5GNJIp21Ji9HGyBajjHo0BlesLodw7FEOf6YE18A3n9qzosR
+RliuP4Hs/Z4sCUuDTbpKtQiUVs40kBbkhEL8kS8FsXz3VO89hAWaUqNUYom8AkKv
+nfDjrZDBLXuVj1Mi8qNPXxqrB/1Cza2/W4U7SK4TlMFXfoXXWxxhefN5vIdMhAJB
+u9Mdz1pY9mowKbd0c0dR+3fauvjM133dzKuyeDHMqDa5JPyd59o=
+=kgnS
+-----END PGP SIGNATURE-----

.git_allowed_signers.asc

@@ -10,6 +10,8 @@
 
 config=$1
 
+unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
+
 TEST_TARGET="tests"
 LTESTS=""
 SKIP_LTESTS=""
@@ -32,19 +34,72 @@ case "$config" in
 	TEST_TARGET=t-exec
 	;;
     cygwin-release)
-	CONFIGFLAGS="--with-libedit --with-xauth=/usr/bin/xauth --disable-strip --with-security-key-builtin"
+	# See https://cygwin.com/git/?p=git/cygwin-packages/openssh.git;a=blob;f=openssh.cygport;hb=HEAD
+	CONFIGFLAGS="--with-xauth=/usr/bin/xauth --with-security-key-builtin"
+	CONFIGFLAGS="$CONFIGFLAGS --with-kerberos5=/usr --with-libedit --disable-strip"
 	;;
    clang-12-Werror)
 	CC="clang-12"
 	# clang's implicit-fallthrough requires that the code be annotated with
 	# __attribute__((fallthrough)) and does not understand /* FALLTHROUGH */
-	CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough"
+	CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough -Wno-error=unused-parameter"
 	CONFIGFLAGS="--with-pam --with-Werror"
 	;;
+    *-sanitize-*)
+	case "$config" in
+	gcc-*)
+		CC=gcc
+		;;
+	clang-*)
+		# Find the newest available version of clang
+		for i in `seq 10 99`; do
+		    clang="`which clang-$i 2>/dev/null`"
+		    [ -x "$clang" ] && CC="$clang"
+		done
+		;;
+	esac
+	# Put Sanitizer logs in regress dir.
+	SANLOGS=`pwd`/regress
+	# - We replace chroot with chdir so that the sanitizer in the preauth
+	#   privsep process can read /proc.
+	# - clang does not recognizes explicit_bzero so we use bzero
+	#   (see https://github.com/google/sanitizers/issues/1507
+	# - openssl and zlib trip ASAN.
+	# - sp_pwdp returned by getspnam trips ASAN, hence disabling shadow.
+	case "$config" in
+	*-sanitize-address)
+	    CFLAGS="-fsanitize=address -fno-omit-frame-pointer"
+	    LDFLAGS="-fsanitize=address"
+	    CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -D_FORTIFY_SOURCE=0 -DASAN_OPTIONS=\"detect_leaks=0:log_path='$SANLOGS'/asan.log\"'
+	    CONFIGFLAGS=""
+	    TEST_TARGET="t-exec"
+	    ;;
+	clang-sanitize-memory)
+	    CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer"
+	    LDFLAGS="-fsanitize=memory"
+	    CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DMSAN_OPTIONS=\"log_path='$SANLOGS'/msan.log\"'
+	    CONFIGFLAGS="--without-openssl --without-zlib --without-shadow"
+	    TEST_TARGET="t-exec"
+	    ;;
+	*-sanitize-undefined)
+	    CFLAGS="-fsanitize=undefined"
+	    LDFLAGS="-fsanitize=undefined"
+	    ;;
+	*)
+	     echo unknown sanitize option;
+	     exit 1;;
+	esac
+	features="--disable-security-key --disable-pkcs11"
+	hardening="--without-sandbox --without-hardening --without-stackprotect"
+	privsep="--with-privsep-user=root"
+	CONFIGFLAGS="$CONFIGFLAGS $features $hardening $privsep"
+	# Because we hobble chroot we can't test it.
+	SKIP_LTESTS=sftp-chroot
+	;;
     gcc-11-Werror)
 	CC="gcc"
 	# -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled
-	CFLAGS="-Wall -Wextra -Wno-format-truncation -O2 -Wimplicit-fallthrough=4"
+	CFLAGS="-Wall -Wextra -O2 -Wno-format-truncation -Wimplicit-fallthrough=4 -Wno-unused-parameter"
 	CONFIGFLAGS="--with-pam --with-Werror"
 	;;
     clang*|gcc*)
@@ -107,14 +162,15 @@ case "$config" in
 	# Valgrind slows things down enough that the agent timeout test
 	# won't reliably pass, and the unit tests run longer than allowed
 	# by github so split into three separate tests.
-	tests2="rekey integrity try-ciphers sftp"
-	tests3="krl forward-control sshsig agent-restrict kextype"
+	tests2="rekey integrity try-ciphers"
+	tests3="krl forward-control sshsig agent-restrict kextype sftp"
 	tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent"
 	case "$config" in
 	    valgrind-1)
 		# All tests except agent-timeout (which is flaky under valgrind)
-		#) and slow ones that run separately to increase parallelism.
-		SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}"
+		# and hostbased (since valgrind won't let ssh exec keysign).
+		# Slow ones are run separately to increase parallelism.
+		SKIP_LTESTS="agent-timeout hostbased ${tests2} ${tests3} ${tests4}"
 		;;
 	    valgrind-2)
 		LTESTS="${tests2}"
@@ -145,10 +201,23 @@ case "$config" in
 esac
 
 case "${TARGET_HOST}" in
+    aix*)
+	# These are slow real or virtual machines so skip the slowest tests
+	# (which tend to be thw ones that transfer lots of data) so that the
+	# test run does not time out.
+	# The agent-restrict test fails due to some quoting issue when run
+	# with sh or ksh so specify bash for now.
+	TEST_TARGET="t-exec TEST_SHELL=bash"
+	SKIP_LTESTS="rekey sftp"
+	;;
     dfly58*|dfly60*)
 	# scp 3-way connection hangs on these so skip until sorted.
 	SKIP_LTESTS=scp3
 	;;
+    fbsd6)
+	# Native linker is not great with PIC so OpenSSL is built w/out.
+	CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key"
+	;;
     hurd)
 	SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
 	;;
@@ -173,6 +242,10 @@ case "${TARGET_HOST}" in
 	# SHA256 functions in sha2.h conflict with OpenSSL's breaking sk-dummy
 	CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key"
 	;;
+    openwrt-*)
+	CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib"
+	TEST_TARGET="t-exec"
+	;;
     sol10|sol11)
 	# sol10 VM is 32bit and the unit tests are slow.
 	# sol11 has 4 test configs so skip unit tests to speed up.
@@ -184,10 +257,13 @@ case "${TARGET_HOST}" in
 	;;
 esac
 
-# Unless specified otherwise, build without OpenSSL on Mac OS since
-# modern versions don't ship with libcrypto.
 case "`./config.guess`" in
+*cygwin)
+	SUDO=""
+	;;
 *-darwin*)
+	# Unless specified otherwise, build without OpenSSL on Mac OS since
+	# modern versions don't ship with libcrypto.
 	LIBCRYPTOFLAGS="--without-openssl"
 	TEST_TARGET=t-exec
 	;;
@@ -210,5 +286,5 @@ if [ -x "$(which plink 2>/dev/null)" ]; then
 	export REGRESS_INTEROP_PUTTY
 fi
 
-export CC CFLAGS LTESTS SUDO
+export CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
 export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL

.github/configs

@@ -18,4 +18,4 @@ if [ "x$LDFLAGS" != "x" ]; then
 fi
 
 echo ./configure ${CONFIGFLAGS}
-./configure ${CONFIGFLAGS}
+./configure ${CONFIGFLAGS} 2>&1

.github/configure.sh

@@ -6,6 +6,20 @@
 
 set -ex
 
+# If we want to test hostbased auth, set up the host for it.
+if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then
+    sshconf=/usr/local/etc
+    hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null
+    echo "EnableSSHKeysign yes" | $SUDO tee $sshconf/ssh_config >/dev/null
+    $SUDO mkdir -p $sshconf
+    $SUDO cp -p /etc/ssh/ssh_host*key* $sshconf
+    $SUDO make install
+    for key in $sshconf/ssh_host*key*.pub; do
+        echo `hostname` `cat $key` | \
+            $SUDO tee -a $sshconf/ssh_known_hosts >/dev/null
+    done
+fi
+
 output_failed_logs() {
     for i in regress/failed*; do
         if [ -f "$i" ]; then

.github/run_test.sh

@@ -1,42 +1,73 @@
 #!/bin/sh
 
+PACKAGES=""
+
  . .github/configs $@
 
 case "`./config.guess`" in
+*cygwin)
+	PACKAGER=setup
+	echo Setting CYGWIN sustem environment variable.
+	setx CYGWIN "binmode"
+	chmod -R go-rw /cygdrive/d/a
+	umask 077
+	PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
+	PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
+	;;
 *-darwin*)
+	PACKAGER=brew
 	brew install automake
 	exit 0
 	;;
+*)
+	PACKAGER=apt
 esac
 
 TARGETS=$@
 
-PACKAGES=""
 INSTALL_FIDO_PPA="no"
 export DEBIAN_FRONTEND=noninteractive
 
 #echo "Setting up for '$TARGETS'"
 
 set -ex
 
-lsb_release -a
+if [ -x "`which lsb_release 2>&1`" ]; then
+	lsb_release -a
+fi
+
+# Ubuntu 22.04 defaults to private home dirs which prevent the
+# agent-getpeerid test from running ssh-add as nobody.  See
+# https://github.com/actions/runner-images/issues/6106
+if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then
+	echo ~ is not executable by nobody, adding perms.
+	chmod go+x ~
+fi
 
 if [ "${TARGETS}" = "kitchensink" ]; then
 	TARGETS="krb5 libedit pam sk selinux"
 fi
 
 for flag in $CONFIGFLAGS; do
     case "$flag" in
-    --with-pam)		PACKAGES="${PACKAGES} libpam0g-dev" ;;
-    --with-libedit)	PACKAGES="${PACKAGES} libedit-dev" ;;
+    --with-pam)		TARGETS="${TARGETS} pam" ;;
+    --with-libedit)	TARGETS="${TARGETS} libedit" ;;
     esac
 done
 
 for TARGET in $TARGETS; do
     case $TARGET in
-    default|without-openssl|without-zlib|c89|libedit|*pam)
+    default|without-openssl|without-zlib|c89)
         # nothing to do
         ;;
+    clang-sanitize*)
+        PACKAGES="$PACKAGES clang-12"
+        ;;
+    cygwin-release)
+        PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel"
+        ;;
+    gcc-sanitize*)
+        ;;
     clang-*|gcc-*)
         compiler=$(echo $TARGET | sed 's/-Werror//')
         PACKAGES="$PACKAGES $compiler"
@@ -47,6 +78,15 @@ for TARGET in $TARGETS; do
     heimdal)
         PACKAGES="$PACKAGES heimdal-dev"
         ;;
+    libedit)
+	case "$PACKAGER" in
+	setup)	PACKAGES="$PACKAGES libedit-devel" ;;
+	apt)	PACKAGES="$PACKAGES libedit-dev" ;;
+	esac
+        ;;
+    *pam)
+        PACKAGES="$PACKAGES libpam0g-dev"
+        ;;
     sk)
         INSTALL_FIDO_PPA="yes"
         PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev"
@@ -80,7 +120,7 @@ for TARGET in $TARGETS; do
         INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
         case ${INSTALL_LIBRESSL} in
           master) ;;
-          *) INSTALL_LIBRESSL="v$(echo ${TARGET} | cut -f2 -d-)" ;;
+          *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;;
         esac
         PACKAGES="${PACKAGES} putty-tools"
        ;;
@@ -99,9 +139,16 @@ if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
     sudo apt-add-repository -y ppa:yubico/stable
 fi
 
-if [ "x" != "x$PACKAGES" ]; then 
-    sudo apt update -qq
-    sudo apt install -qy $PACKAGES
+if [ "x" != "x$PACKAGES" ]; then
+    case "$PACKAGER" in
+    apt)
+	sudo apt update -qq
+	sudo apt install -qy $PACKAGES
+	;;
+    setup)
+	/cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`
+	;;
+    esac
 fi
 
 if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
@@ -122,11 +169,20 @@ if [ ! -z "${INSTALL_OPENSSL}" ]; then
 fi
 
 if [ ! -z "${INSTALL_LIBRESSL}" ]; then
-    (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
-     git clone https://github.com/libressl-portable/portable.git &&
-     cd ${HOME}/libressl/portable &&
-     git checkout ${INSTALL_LIBRESSL} &&
-     sh update.sh && sh autogen.sh &&
-     ./configure --prefix=/opt/libressl &&
-     make -j2 && sudo make install)
+    if [ "${INSTALL_LIBRESSL}" = "master" ]; then
+        (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
+         git clone https://github.com/libressl-portable/portable.git &&
+         cd ${HOME}/libressl/portable &&
+         git checkout ${INSTALL_LIBRESSL} &&
+         sh update.sh && sh autogen.sh &&
+         ./configure --prefix=/opt/libressl &&
+         make -j2 && sudo make install)
+    else
+        LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL
+        (cd ${HOME} &&
+         wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz &&
+         tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz &&
+         cd libressl-${INSTALL_LIBRESSL} &&
+         ./configure --prefix=/opt/libressl && make -j2 && sudo make install)
+    fi
 fi