Commit Graph

11935 Commits

Author SHA1 Message Date
Darren Tucker 15a01cf15f
Add fallback for old platforms w/out MAP_ANON. 2022-11-23 13:24:53 +11:00
Darren Tucker 6b9bbbfe8b
If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
2022-11-23 13:24:50 +11:00
Darren Tucker 8926956f22
Add dfly62 test target. 2022-11-11 11:25:37 +11:00
dtucker@openbsd.org 650de7ecd3
upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@

OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
2022-11-11 11:24:46 +11:00
Darren Tucker 5372db7e79
Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.

ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
2022-11-10 12:44:51 +11:00
Darren Tucker ca98d3f8c6
Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test.  See bz#3483 for details.
2022-11-09 20:59:20 +11:00
dtucker@openbsd.org 5ec4ebc254
upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.

OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
2022-11-09 20:43:58 +11:00
dtucker@openbsd.org e6abafe9a6
upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.

OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
2022-11-09 20:43:35 +11:00
djm@openbsd.org db2027a687
upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change

OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
2022-11-09 20:43:16 +11:00
djm@openbsd.org 1c2be7c200
upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
2022-11-09 20:41:32 +11:00
Darren Tucker cf1a9852d7
Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use.  bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
2022-11-09 09:23:47 +11:00
Darren Tucker dffa644801
Fix comment text. From emaste at freebsd.org. 2022-11-09 08:27:47 +11:00
Pierre Ossman d9df5689c2
Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.

The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
2022-11-08 19:33:47 +11:00
Darren Tucker 419aa8a312
Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
2022-11-08 12:42:52 +11:00
Darren Tucker a32c07cbb7
Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
2022-11-08 12:01:33 +11:00
Darren Tucker 2b40a7dfcd
Add valrind-5 test here too. 2022-11-08 11:03:31 +11:00
Darren Tucker 2ea03d1f6d
Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
2022-11-08 10:29:32 +11:00
Darren Tucker 4e316ff0f1
Split out rekey test since it runs the longest. 2022-11-08 10:29:32 +11:00
dtucker@openbsd.org 21625a6424
upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@

OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
2022-11-07 22:22:18 +11:00
dtucker@openbsd.org 747691604d
upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable.  ok djm@

OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
2022-11-07 22:22:15 +11:00
dtucker@openbsd.org 1d78d25653
upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@

OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
2022-11-07 22:22:06 +11:00
djm@openbsd.org a00f59a645
upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.

from Ed Maste

OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
2022-11-07 15:43:13 +11:00
Darren Tucker f58acaf8c7
Fix merge conflict. 2022-11-07 15:10:59 +11:00
Darren Tucker 162e574102
Branch-specific links for master status badges. 2022-11-07 15:07:33 +11:00
Darren Tucker e4b7c12ab2
Add CIFuzz status badge. 2022-11-07 14:46:38 +11:00
Darren Tucker b496b9f831
Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
2022-11-07 14:45:37 +11:00
Darren Tucker 2138b1c4dd
Whitespace change to trigger CIFuzz workflow. 2022-11-07 14:41:58 +11:00
Darren Tucker 4670b97ef8
Run cifuzz workflow on the actions as regular CI. 2022-11-07 14:34:04 +11:00
David Korczynski 79391e66ce
Add CIFuzz integration 2022-11-07 14:31:45 +11:00
dtucker@openbsd.org c1893364a0
upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
2022-11-07 14:00:57 +11:00
dtucker@openbsd.org 5c3f18fb99
upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
2022-11-07 14:00:23 +11:00
Darren Tucker e1c6fcc142
Link to branch-specific queries for V_9_1 status. 2022-11-07 12:46:58 +11:00
Darren Tucker 4f4a5fad6d
Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
2022-11-07 10:54:29 +11:00
Darren Tucker 0f7e1eba55
Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly.  From
emaste at freebsd.org.
2022-11-07 10:54:29 +11:00
Darren Tucker 32fddb982f
Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks.  From
sam at @gentoo.org via bz#3497.
2022-11-07 10:39:01 +11:00
Sam James 12af712d11
configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is).  github PR#355.

Signed-off-by: Sam James <sam@gentoo.org>
2022-11-06 18:51:52 +11:00
Sam James 40b0a5eb6e
configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default).  github PR#355.

See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be19763532
2022-11-06 18:51:52 +11:00
Rochdi Nassah 6b17e12887
Fix broken zlib link. 2022-11-05 07:33:11 +11:00
Darren Tucker 99500df246
Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary.  Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
2022-11-04 17:30:58 +11:00
djm@openbsd.org 3cae9f92a3
upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@

OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
2022-11-04 09:01:17 +11:00
Darren Tucker 9655217231
Rerun tests on changes to Makefile.in in any dir. 2022-11-03 23:07:50 +11:00
Darren Tucker 3500f0405a
Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
2022-11-03 23:04:08 +11:00
Darren Tucker ec59effcf6
Fix compat regress to work with non-GNU make. 2022-11-03 21:44:23 +11:00
Darren Tucker 73550a218e
Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
2022-11-03 13:41:16 +11:00
Darren Tucker db97d8d0b9
Only run opensslver tests if built with OpenSSL. 2022-11-03 10:00:43 +11:00
Darren Tucker ba05370963
Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. 2022-11-03 08:40:06 +11:00
Darren Tucker edd24101c7
Run compat regress tests too. 2022-11-03 08:17:39 +11:00
Darren Tucker fe88d67e75
Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor.  Spotted by
rapier at psc.edu.
2022-11-03 08:14:05 +11:00
Darren Tucker 96b519726b
Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
2022-11-03 04:25:34 +11:00
Darren Tucker da6038bd5c
Always use compat getentropy.
Have it call native getentropy and fall back as required.  Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel.  Based on github PR#354 from simsergey.
2022-11-02 12:20:50 +11:00