Merge remote-tracking branch 'upstream-openssh-portable/master' into sync-with-upstream-2

.github/configs

@@ -164,6 +164,11 @@ case "$config" in
     libressl-*)
 	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
 	;;
+    putty-*)
+	CONFIGFLAGS="--with-plink=/usr/local/bin/plink --with-puttygen=/usr/local/bin/puttygen"
+	# We don't need to rerun the regular tests, just the interop ones.
+	TEST_TARGET=interop-tests
+	;;
     openssl-*)
 	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
 	# OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec
@@ -269,20 +274,22 @@ case "${TARGET_HOST}" in
 	;;
     minix3)
 	CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key"
+	# Unix domain sockets don't work quite like we expect, so also
+	# disable FD passing (and thus multiplexing).
+	CONFIGFLAGS="${CONFIGFLAGS} --disable-fd-passing"
 	LIBCRYPTOFLAGS="--without-openssl"
+
 	# Minix does not have a loopback interface so we have to skip any
 	# test that relies on one.
 	# Also, Minix seems to be very limited in the number of select()
 	# calls that can be operating concurrently, so prune additional tests for that.
 	T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse
-	    connect connect-uri exit-status forwarding hostkey-agent
-	    key-options keyscan knownhosts-command login-timeout
+	    connect connect-uri dynamic-forward exit-status forwarding
+	    forward-control
+	    hostkey-agent key-options keyscan knownhosts-command login-timeout
 	    reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds
 	    sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data
 	    transfer"
-	# Unix domain sockets don't work quite like we expect, so also skip any tests
-	# that use multiplexing.
-	T="$T connection-timeout dynamic-forward forward-control multiplex"
 	SKIP_LTESTS="$(echo $T)"
 	TEST_TARGET=t-exec
 	SUDO=""
@@ -320,6 +327,10 @@ case "$host" in
 	# modern versions don't ship with libcrypto.
 	LIBCRYPTOFLAGS="--without-openssl"
 	TEST_TARGET=t-exec
+
+	# On some OS X runners we can't write to /var/empty.
+	CONFIGFLAGS="${CONFIGFLAGS} --with-privsep-path=/usr/local/empty"
+
 	case "$host" in
 	*-darwin22.*)
 		# sudo -S nobody doesn't work on macos 13 for some reason.

.github/setup_ci.sh

@@ -142,6 +142,10 @@ for TARGET in $TARGETS; do
         INSTALL_BORINGSSL=1
         PACKAGES="${PACKAGES} cmake ninja-build"
        ;;
+    putty-*)
+	INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-)
+	PACKAGES="${PACKAGES} cmake"
+	;;
     valgrind*)
        PACKAGES="$PACKAGES valgrind"
        ;;
@@ -241,3 +245,25 @@ if [ ! -z "${INSTALL_ZLIB}" ]; then
      cd ${HOME}/zlib && ./configure && make &&
      sudo make install prefix=/opt/zlib)
 fi
+
+if [ ! -z "${INSTALL_PUTTY}" ]; then
+    ver="${INSTALL_PUTTY}"
+    case "${INSTALL_PUTTY}" in
+    snapshot)
+	tarball=putty.tar.gz
+	(cd /tmp && wget https://tartarus.org/~simon/putty-snapshots/${tarball})
+	;;
+    *)
+	tarball=putty-${ver}.tar.gz
+	(cd /tmp && wget https://the.earth.li/~sgtatham/putty/${ver}/${tarball})
+	;;
+    esac
+    (cd ${HOME} && tar xfz /tmp/${tarball} && cd putty-*
+     if [ -f CMakeLists.txt ]; then
+	cmake . && cmake --build . && sudo cmake --build . --target install
+     else
+	./configure && make && sudo make install
+     fi
+    )
+    /usr/local/bin/plink -V
+fi

.github/workflows/c-cpp.yml

@@ -73,6 +73,17 @@ jobs:
           - { target: ubuntu-latest, config: openssl-1.1.1_stable }
           - { target: ubuntu-latest, config: openssl-3.0 }  # stable branch
           - { target: ubuntu-latest, config: openssl-3.2 }  # stable branch
+          - { target: ubuntu-latest, config: putty-0.71 }
+          - { target: ubuntu-latest, config: putty-0.72 }
+          - { target: ubuntu-latest, config: putty-0.73 }
+          - { target: ubuntu-latest, config: putty-0.74 }
+          - { target: ubuntu-latest, config: putty-0.75 }
+          - { target: ubuntu-latest, config: putty-0.76 }
+          - { target: ubuntu-latest, config: putty-0.77 }
+          - { target: ubuntu-latest, config: putty-0.78 }
+          - { target: ubuntu-latest, config: putty-0.79 }
+          - { target: ubuntu-latest, config: putty-0.80 }
+          - { target: ubuntu-latest, config: putty-snapshot }
           - { target: ubuntu-latest, config: zlib-develop }
           - { target: ubuntu-22.04, config: pam }
           - { target: ubuntu-22.04, config: krb5 }

configure.ac

@@ -5305,6 +5305,16 @@ AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
 	[Specify location of ssh.pid])
 AC_SUBST([piddir])
 
+
+AC_ARG_ENABLE([fd-passing],
+	[  --disable-fd-passing    disable file descriptor passsing [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE([DISABLE_FD_PASSING])
+		fi
+	]
+)
+
 dnl allow user to disable some login recording features
 AC_ARG_ENABLE([lastlog],
 	[  --disable-lastlog       disable use of lastlog even if detected [no]],

regress/multiplex.sh

@@ -14,8 +14,7 @@ fi
 
 trace "will use ProxyCommand $proxycmd"
 if config_defined DISABLE_FD_PASSING ; then
-	echo "skipped (not supported on this platform)"
-	exit 0
+	skip "not supported on this platform (FD passing disabled)"
 fi
 
 P=3301  # test port