Integrate OpenSSH 9.8 into HPN-SSH #96
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Should better detect problems with gcc 13 on m68k. bz#3673 from Colin Watson via bz#3673 and https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110934 Signed-off-by: Darren Tucker <[email protected]>
Handle replacement of 'id' the same way as we do other Portable specific replacements in test-exec.sh. This brings percent.sh back into sync with upstream.
OK djm@ OpenBSD-Commit-ID: 524ddae97746b3563ad4a887dfd0a6e6ba114c50
OpenBSD-Commit-ID: ad3d1486d105b008c93e952d158e5af4d9d4c531
version is 0. Patch from cjwatson at debian.org via bz#3671. OpenBSD-Regress-ID: 835ed03c1b04ad46be82e674495521f11b840191
the test VMs are slow enough for this to matter. OpenBSD-Regress-ID: 6a83a693602eb0312f06a4ad2cd6f40d99d24b26
from portable. In some shells, "case" will reset the value of $?, so save it first. OpenBSD-Regress-ID: da32e5be19299cb4f0f7de7f29c11257a62d6949
redirect stdout, and use printf instead of relying on echo to do \n substitution. Reduces diff vs Portable. Also resync somewhat with upstream. OpenBSD-Regress-ID: 9ae876a8ec4c4725f1e9820a0667360ee2398337
OpenBSD-Regress-ID: 5039bde24d33d809aebfa8d3ad7fe9053224e6f8
OpenBSD-Regress-ID: b4852bf97ac8fb2e3530f2d5f999edd66058d7bc
diff vs Portable. OpenBSD-Regress-ID: 6f31cd6e231e3b8c5c2ca0307573ccb7484bff7d
Some plaforms don't have the latter so this makes things easier in -portable. OpenBSD-Regress-ID: ff82260eb0db1f11130200b25d820cf73753bbe3
From dkg via GHPR479; ok dtucker@ OpenBSD-Commit-ID: 1ac1f9c45da44eabbae89375393c662349239257
Wrong function signature in configure.ac prevents openssh from enabling the recently new support for ED25519 priv keys in PEM PKCS8 format.
Verified in person and via signature with old key. Will remove old key in a bit.
Instead of trying to infer the type of the self hosted tests in each of the driver scripts (inconsistently...), set one of the following variables to "true" in the workflow: VM: tests run in a virtual machine. EPHEMERAL: tests run on an ephemeral virtual machine. PERSISTENT: tests run on a persistent virtual machine REMOTE: tests run on a physical remote host. EPHEMERAL VMs can have multiple instances of any given VM can exist simultaneously and are run by a runner pool. The other types have a dedicated runner instance and can only run a single test at a time. Other settings: SSHFS: We need to sshfs mount over the repo so the workflow can collect build artifacts. This also implies the tests must be run over ssh. DEBUG_ACTIONS: enable "set -x" in scripts for debugging.
This changes SSH_AUTH_INFO_0 to be exposed to PAM auth modules also when a password authentication method is in use and not only when a keyboard-interactive authentication method is in use.
private keys in blob. From Jakub Jelen via GHPR430 OpenBSD-Commit-ID: d17dbf47554de2d752061592f95b5d772baab50b
If --enable/disable-dsa-keys is not specified, set based on what OpenSSL supports. If specified as enabled, but not supported by OpenSSL error out. ok djm@
Should get them working again.
OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c
ok djm OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25
perform system calls, for systems with libc that do perform libc sigtramps. ok djm markus OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62
the parts of the grace_alarm_handler() using the exact things allowed by the signal-safe rules. This is a good rule of thumb: Handlers should be written to either set a global volatile sig_atomic_t inspected from outside, and/or directly perform only safe operations listed in our sigaction(2) manual page. ok djm markus OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
ok deraadt OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741
OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245
OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b
OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2
since the directory we're trying to list is local. Spotted by Corinna Vinschen OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415
can't rely on channel_did_enqueue to tell that there is data to send. This flag indicates that the channels code enqueued a packet on _this_ ppoll() iteration, not that data was enqueued in _any_ ppoll() iteration in the timeslice. ok markus@ OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19
This will be HPN-SSH 18.5.
I had been using Ubuntu 24.04 as the target platform for everything however, that release doesn't have access to a number of the clang and gcc versions we are testing so I had to roll those back. This may require more tuning.
Trying to use ubuntu-24.04 as a target but that might be throwing an error. This is a test to see if removing that fixes the issue
That didn't work. Trying to convert tabs to spaces now.
cipher: Restore DisableMTAES capability to resolve FIPS SIGSEGV.
This is the first pass of the 9.8 port that will be subject to the github ci tests. It is passing local regression tests.
There have been issues with cygwin/windows CI tests. I think I have identified the problem as missing steps in the workflow file. This also incorporates a minor change in the dependencies for cygwin. That was taken from openssh master.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| continue; | ||
| /* Don't add an algorithm twice. */ | ||
| if (ssh->kex->server_sig_algs != NULL && | ||
| has_any_alg(sigalg, ssh->kex->server_sig_algs)) | ||
| kex_has_any_alg(sigalg, ssh->kex->server_sig_algs)) |
Check failure
Code scanning / CodeQL
Potential use after free Critical
According to RFC 4253 the version string cannot include a hyphen or minus sign in the protoversion or softwareversion stanzas. So while you can use a hyphen between those stanzas you cannot include a hypen in the stanza. Since the hpn version is part of the softwareversion stanza we can't include a hypen. Chnaging it to an underscore is acceptable and won't break our compatability tests in compat.c See RFC 4253 Section 4.2. brought to our attention by Lapo Luchini via github issue #97
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Functional tests all pass. CI test on Github pass with the exception of cygwin/windows. There seems to be some issue with the resume function in scp. Might be an issue with the regression test. Since it's not a dev priority we're skipping it for now.