Commit Graph

11077 Commits

Author SHA1 Message Date
djm@openbsd.org 1a4d1da918 upstream: fix memleak in test
OpenBSD-Regress-ID: 5e529d0982aa04666604936df43242e97a7a6f81
2021-06-01 14:38:41 +10:00
djm@openbsd.org 60455a5d98 upstream: also check contents of remaining string
OpenBSD-Regress-ID: d526fa07253f4eebbc7d6205a0ab3d491ec71a28
2021-06-01 14:38:41 +10:00
djm@openbsd.org 39f6cd2078 upstream: unit test for misc.c:strdelim() that mostly servces to
highlight its inconsistencies

OpenBSD-Regress-ID: 8d2bf970fcc01ccc6e36a5065f89b9c7fa934195
2021-06-01 14:38:41 +10:00
Darren Tucker 7a3a1dd2c7 Put minix3 config in the host-specific block. 2021-06-01 09:38:26 +10:00
djm@openbsd.org 59a194825f upstream: Hash challenge supplied by client during FIDO key enrollment
prior to passing it to libfido2, which does expect a hash.

There is no effect for users who are simply generating FIDO keys using
ssh-keygen - by default we generate a random 256 bit challenge, but
people building attestation workflows around our tools should now have
a more consistent experience (esp. fewer failures when they fail to
guess the magic 32-byte challenge length requirement).

ok markus@

OpenBSD-Commit-ID: b8d5363a6a7ca3b23dc28f3ca69470472959f2b5
2021-05-31 16:50:00 +10:00
Darren Tucker eb68e669bc Include login_cap.h for login_getpwclass override.
On minix3, login_getpwclass is __RENAME'ed to __login_getpwclass50 so
without this the include overriding login_getpwclass causes a compile
error.
2021-05-27 21:14:15 +10:00
Darren Tucker 2063af7142 Add minix3 test target. 2021-05-27 21:13:38 +10:00
djm@openbsd.org 2e1efcfd9f upstream: fix SEGV in UpdateHostkeys debug() message, triggered
when the update removed more host keys than remain present. Fix tested by
reporter James Cook, via bugs@

OpenBSD-Commit-ID: 44f641f6ee02bb957f0c1d150495b60cf7b869d3
2021-05-26 12:46:01 +10:00
naddy@openbsd.org 9acd76e6e4 upstream: ssh: The client configuration keyword is
"hostbasedacceptedalgorithms"

This fixes a mistake that slipped in when "HostbasedKeyTypes" was
renamed to "HostbasedAcceptedAlgorithms".

Bug report by zack@philomathiclife.com

OpenBSD-Commit-ID: d745a7e8e50b2589fc56877f322ea204bc784f38
2021-05-26 12:46:01 +10:00
Darren Tucker 078a0e60c9 Rename README.md to ci-status.md.
The original intent was to provide a status page for the CIs configured
in that directory, but it had the side effect of replacing the top-level
README.md.
2021-05-25 11:40:47 +10:00
djm@openbsd.org 7be4ac8136 upstream: restore blocking status on stdio fds before close
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.

> $ cat > test.sh << _EOF
> #!/bin/sh
> {
>         ssh -Fnone -oLogLevel=verbose ::1 hostname
>         cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable

This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.

This was reported as bz3280 and GHPR246; ok dtucker@

OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
2021-05-19 11:52:14 +10:00
djm@openbsd.org c4902e1a65 upstream: fix breakage of -W forwaring introduced in 1.554; reported by
naddy@ and sthen@, ok sthen@

OpenBSD-Commit-ID: f72558e643a26dc4150cff6e5097b5502f6c85fd
2021-05-18 11:02:32 +10:00
dtucker@openbsd.org afea01381a upstream: Regenerate moduli.
OpenBSD-Commit-ID: 83c93a2a07c584c347ac6114d6329b18ce515557
2021-05-17 19:25:00 +10:00
Damien Miller be2866d620 Handle Android libc returning NULL pw->pw_passwd
Reported by Luke Dashjr
2021-05-17 09:41:46 +10:00
djm@openbsd.org 5953c14300 upstream: fix previous: test saved no_shell_flag, not the one that just
got clobbered

OpenBSD-Commit-ID: b8deace085d9d941b2d02f810243b9c302e5355d
2021-05-14 17:20:35 +10:00
djm@openbsd.org 1e9fa55f4d upstream: Fix ssh started with ControlPersist incorrectly executing a
shell when the -N (no shell) option was specified. bz3290 reported by Richard
Schwab; patch from markus@ ok me

OpenBSD-Commit-ID: ea1ea4af16a95687302f7690bdbe36a6aabf87e1
2021-05-14 13:10:50 +10:00
dtucker@openbsd.org d1320c492f upstream: Clarify language about moduli. While both ends of the
connection do need to use the same parameters (ie groups), the DH-GEX
protocol takes care of that and both ends do not need the same contents in
the moduli file, which is what the previous text suggested.  ok djm@ jmc@

OpenBSD-Commit-ID: f0c18cc8e79c2fbf537a432a9070ed94e96a622a
2021-05-14 08:14:41 +10:00
djm@openbsd.org d3cc4d650c upstream: include pid in LogVerbose spam
OpenBSD-Commit-ID: aacb86f96ee90c7cb84ec27452374285f89a7f00
2021-05-10 10:58:11 +10:00
djm@openbsd.org e3c032333b upstream: don't sigdie() in signal handler in privsep child process;
this can end up causing sandbox violations per bz3286; ok dtucker@

OpenBSD-Commit-ID: a7f40b2141dca4287920da68ede812bff7ccfdda
2021-05-10 10:57:58 +10:00
dtucker@openbsd.org a4039724a3 upstream: Increase ConnectionAttempts from 4 to 10 as the tests
occasionally time out on heavily loaded hosts.

OpenBSD-Regress-ID: 29a8cdef354fc9da471a301f7f65184770434f3a
2021-05-07 19:42:35 +10:00
djm@openbsd.org c0d7e36e97 upstream: dump out a usable private key string too; inspired by Tyson
Whitehead

OpenBSD-Regress-ID: 65572d5333801cb2f650ebc778cbdc955e372058
2021-05-07 12:36:24 +10:00
djm@openbsd.org 24fee8973a upstream: correct mistake in spec - the private key blobs are encoded
verbatim and not as strings (i.e. no 4-byte length header)

OpenBSD-Commit-ID: 3606b5d443d72118c5b76c4af6dd87a5d5a4f837
2021-05-07 12:36:18 +10:00
dtucker@openbsd.org f43859159c upstream: Don't pass NULL as a string in debugging as it does not work
on some platforms in -portable.  ok djm@

OpenBSD-Commit-ID: 937c892c99aa3c9c272a8ed78fa7c2aba3a44fc9
2021-05-05 10:08:43 +10:00
djm@openbsd.org ac31aa3c63 upstream: more debugging for UpdateHostKeys signature failures
OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36
2021-05-03 11:05:31 +10:00
Darren Tucker 8e32e97e78 Add obsd69 test target. 2021-05-01 20:07:47 +10:00
djm@openbsd.org f068930635 upstream: a little debugging in the main mux process for status
confirmation failures in multiplexed sessions

OpenBSD-Commit-ID: 6e27b87c95176107597035424e1439c3232bcb49
2021-04-30 14:32:18 +10:00
dtucker@openbsd.org e65cf00da6 upstream: Remove now-unused skey function prototypes leftover from
skey removal.

OpenBSD-Commit-ID: 2fc36d519fd37c6f10ce74854c628561555a94c3
2021-04-30 14:32:18 +10:00
Darren Tucker ae5f9b0d5c Wrap sntrup761x25519 inside ifdef.
From balu.gajjala at gmail.com via bz#3306.
2021-04-29 13:01:50 +10:00
Darren Tucker 70a8dc138a Add status badges for Actions-based tests. 2021-04-29 10:59:54 +10:00
Darren Tucker 40b59024cc Add obsdsnap (OpenBSD snapshot) test target. 2021-04-28 12:22:11 +10:00
Darren Tucker e627067ec8 Add test building upstream OpenBSD source. 2021-04-28 11:43:54 +10:00
Darren Tucker 1b8108ebd1 Test against OpenSSL 1.1.0h instead of 1.1.0g.
1.1.0g requires a perl glob module that's not installed by default.
2021-04-27 14:22:20 +10:00
Darren Tucker 9bc20efd39 Use the default VM type for libcrypto ver tests. 2021-04-27 12:37:59 +10:00
Darren Tucker 9f79e80dc4 Always build OpenSSL shared.
This is the default for current versions but we need it to test against
earlier versions.
2021-04-27 12:32:46 +10:00
Darren Tucker b3cc9fbdff Fix custom OpenSSL tests.
Check out specified OpenSSL version.  Install custom libcrypto where
configure expects to find it.  Remove unneeded OpenSSL config time
options.  Older OpenSSL versions were not make -j safe so remove it.
2021-04-27 11:44:29 +10:00
Darren Tucker 7753260987 Export CC and CFLAGS for c89 test. 2021-04-26 17:20:23 +10:00
Darren Tucker 33f62dfbe8 Add c89 here too. 2021-04-26 17:13:44 +10:00
Darren Tucker da9d59f526 Add test against OpenSSL w/out ECC. 2021-04-26 15:34:23 +10:00
Darren Tucker 29e194a752 Ensure we can still build with C89. 2021-04-26 14:50:58 +10:00
Darren Tucker a38016d369 Interop test agains PuTTY. 2021-04-26 14:50:58 +10:00
Darren Tucker 095b0307a7 Support testing against arbitary libcrytpo vers.
Add tests against various LibreSSL and OpenSSL versions.
2021-04-26 14:50:44 +10:00
Darren Tucker b16082aa11 Add fbsd10 test target. 2021-04-26 13:35:44 +10:00
Darren Tucker 2c805f16b2 Disable compiler hardening on nbsd4.
The system compiler supports -fstack-protector-all, but using it will
result in an internal compiler error on some files.
2021-04-25 14:15:02 +10:00
Darren Tucker 6a5d393056 Add nbsd3, nbsd4 and nbsd9 test targets. 2021-04-25 13:01:34 +10:00
Darren Tucker d1aed05bd2 Comment out nbsd2 test target for now. 2021-04-24 22:03:46 +10:00
Darren Tucker a6b4ec94e5 Add OPENBSD ORIGINAL marker. 2021-04-24 17:52:24 +10:00
Darren Tucker 3737c9f66e Replace "==" (a bashism) with "=". 2021-04-23 19:49:46 +10:00
Darren Tucker a116b6f5be Add nbsd2 test target. 2021-04-23 16:34:48 +10:00
Darren Tucker 196bf2a9bb Add obsd68 test target. 2021-04-23 14:54:10 +10:00
Darren Tucker e3ba6574ed Remove dependency on bash. 2021-04-23 14:53:32 +10:00