Merge of 10.2p1 into Dynamic Window.

No changes to the synamic window code was required.

Author: rapier1

.depend

@@ -1,18 +1,22 @@
 master :
-[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:master)
+[![C/C++ CI](../../../actions/workflows/c-cpp.yml/badge.svg)](../../../actions/workflows/c-cpp.yml?query=branch:master)
+[![VM CI](../../../actions/workflows/vm.yml/badge.svg)](../../../actions/workflows/vm.yml?query=branch:master)
 [![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:master)
 [![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master)
-[![CIFuzz](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml)
-[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
+[![CIFuzz](../../../actions/workflows/cifuzz.yml/badge.svg)](../../../actions/workflows/cifuzz.yml)
+[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://issues.oss-fuzz.com/issues?q="Project:+openssh"+is:open)
 [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
+<br>
+
+10.1 :
+[![C/C++ CI](../../../actions/workflows/c-cpp.yml/badge.svg?branch=V_10_1)](../../../actions/workflows/c-cpp.yml?query=branch:V_10_1)
+[![VM CI](../../../actions/workflows/vm.yml/badge.svg?branch=V_10_1)](../../../actions/workflows/vm.yml?query=branch:V_10_1)
+[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_10_1)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_10_1)
+
+10.0 :
+[![C/C++ CI](../../../actions/workflows/c-cpp.yml/badge.svg?branch=V_10_0)](../../../actions/workflows/c-cpp.yml?query=branch:V_10_0)
+[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_10_0)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_10_0)
 
 9.9 :
-[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_9)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_9)
+[![C/C++ CI](../../../actions/workflows/c-cpp.yml/badge.svg?branch=V_9_9)](../../../actions/workflows/c-cpp.yml?query=branch:V_9_9)
 [![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_9)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_9)
-9.8 :
-[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8)
-[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8)
-
-9.7 :
-[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7)
-[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7)

.github/ci-status.md

@@ -13,6 +13,10 @@ if [ "$config" = "" ]; then
 	config="default"
 fi
 
+if [ ! -z "${LTESTS}" ]; then
+	OVERRIDE_LTESTS="${LTESTS}"
+fi
+
 unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
 
 TEST_TARGET="tests compat-tests"
@@ -144,6 +148,8 @@ case "$config" in
 	TCMALLOC_STACKTRACE_METHOD=generic_fp
 	TEST_SSH_SSHD_ENV="TCMALLOC_STACKTRACE_METHOD=generic_fp"
 	export TCMALLOC_STACKTRACE_METHOD TEST_SSH_SSHD_ENV
+
+	SKIP_LTESTS="agent-restrict"
 	;;
     krb5|heimdal)
 	CONFIGFLAGS="--with-kerberos5"
@@ -277,7 +283,7 @@ case "${TARGET_HOST}" in
 	# Native linker is not great with PIC so OpenSSL is built w/out.
 	CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key"
 	;;
-    fbsd14-ppc64)
+    fbsd14-ppc64|nbsd-arm64be)
 	# Disable security key tests for bigendian interop test.
 	CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key"
 	;;
@@ -392,5 +398,10 @@ if [ -x "$(which plink 2>/dev/null)" ]; then
 	export REGRESS_INTEROP_PUTTY
 fi
 
+if [ ! -z "${OVERRIDE_LTESTS}" ]; then
+	echo >&2 "Overriding LTESTS, was '${LTESTS}', now '${OVERRIDE_LTESTS}'"
+	LTESTS="${OVERRIDE_LTESTS}"
+fi
+
 export CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
 export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL

.github/configs

@@ -0,0 +1,75 @@
+#!/bin/sh
+#
+# Install specified libcrypto.
+#  -a : install version for ABI compatibility test.
+#  -n : dry run, don't actually build and install.
+#
+# Usage: $0 [-a] [-n] openssl-$branch/tag destdir [config options]
+
+set -e
+
+bincompat_test=""
+dryrun=""
+while [ "$1" = "-a" ] || [ "$1" = "-n" ]; do
+	if [ "$1" = "-a" ]; then
+		abi_compat_test=y
+	elif [ "$1" = "-n" ]; then
+		dryrun="echo dryrun:"
+	fi
+	shift
+done
+
+ver="$1"
+destdir="$2"
+opts="$3"
+
+if [ -z "${ver}" ] || [ -z "${destdir}" ]; then
+	echo tag/branch and destdir required
+	exit 1
+fi
+
+set -x
+
+if [ ! -d ${HOME}/openssl ]; then
+	cd ${HOME}
+	git clone https://github.com/openssl/openssl.git
+	cd ${HOME}/openssl
+	git fetch --all
+fi
+cd ${HOME}/openssl
+
+if [ "${abi_compat_test}" = "y" ]; then
+	echo selecting ABI test release/branch for ${ver}
+	case "${ver}" in
+	openssl-3.6)
+		ver=openssl-3.0.0
+		echo "selecting older release ${ver}"
+		;;
+	openssl-3.[012345])
+		major=$(echo ${ver} | cut -f1 -d.)
+		minor=$(echo ${ver} | cut -f2 -d.)
+		ver="${major}.$((${minor} + 1))"
+		echo selecting next release branch ${ver}
+		;;
+	openssl-3.*.*)
+		major=$(echo ${ver} | cut -f1 -d.)
+		minor=$(echo ${ver} | cut -f2 -d.)
+		patch=$(echo ${ver} | cut -f3 -d.)
+		ver="${major}.${minor}.$((${patch} + 1))"
+		echo checking for release tag ${ver}
+		if git tag | grep -q "^${ver}\$"; then
+			echo selected next patch release ${ver}
+		else
+			ver="${major}.${minor}"
+			echo not found, selecting release branch ${ver}
+		fi
+		;;
+	esac
+fi
+
+git checkout ${ver}
+make clean >/dev/null 2>&1 || true
+${dryrun} ./config no-threads shared ${opts} --prefix=${destdir} \
+    -Wl,-rpath,${destdir}/lib64
+${dryrun} make -j4
+${dryrun} sudo make install_sw

.github/install_libcrypto.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+ver="$1"
+
+echo
+echo --------------------------------------
+echo Installing PuTTY version ${ver}
+echo --------------------------------------
+
+cd /tmp
+
+case "${ver}" in
+snapshot)
+	tarball=putty.tar.gz
+	url=https://tartarus.org/~simon/putty-snapshots/${tarball}
+	;;
+*)
+	tarball=putty-${ver}.tar.gz
+	url=https://the.earth.li/~sgtatham/putty/${ver}/${tarball}
+	;;
+esac
+
+if [ ! -f ${tarball} ]; then
+	wget -q ${url}
+fi
+
+mkdir -p /tmp/puttybuild
+cd /tmp/puttybuild
+
+tar xfz /tmp/${tarball} && cd putty-*
+if [ -f CMakeLists.txt ]; then
+	cmake . && cmake --build . -j4 && sudo cmake --build . --target install
+else
+	./configure && make -j4 && sudo make install
+fi
+sudo rm -rf /tmp/puttybuild
+/usr/local/bin/plink -V

.github/install_putty.sh

@@ -13,26 +13,13 @@ if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then
     hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null
     echo "EnableSSHKeysign yes" | $SUDO tee $sshconf/ssh_config >/dev/null
     $SUDO mkdir -p $sshconf
-    $SUDO cp -p /etc/ssh/ssh_host*key* $sshconf
     $SUDO make install
     for key in $sshconf/ssh_host*key*.pub; do
         echo `hostname` `cat $key` | \
             $SUDO tee -a $sshconf/ssh_known_hosts >/dev/null
     done
 fi
 
-output_failed_logs() {
-    for i in regress/failed*.log; do
-        if [ -f "$i" ]; then
-            echo -------------------------------------------------------------------------
-            echo LOGFILE $i
-            cat $i
-            echo -------------------------------------------------------------------------
-        fi
-    done
-}
-trap output_failed_logs 0
-
 env=""
 if [ ! -z "${SUDO}" ]; then
     env="${env} SUDO=${SUDO}"
@@ -47,6 +34,17 @@ if [ ! -z "${env}" ]; then
     env="env${env}"
 fi
 
+if [ "$1" = "putty-versions" ]; then
+	for ver in 0.71 0.72 0.73 0.74 0.75 0.76 0.77 0.78 0.79 0.80 \
+	    0.81 0.82 0.83 snapshot; do
+		.github/install_putty.sh "${ver}"
+		${env} make ${TEST_TARGET} \
+		    SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}"
+	done
+
+	exit 0
+fi
+
 if [ -z "${LTESTS}" ]; then
     ${env} make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}"
 else

.github/run_test.sh

@@ -1,18 +1,35 @@
 #!/bin/sh
 
+config="$1"
+target="$2"
+
 PACKAGES=""
 
- . .github/configs $@
+echo Running as:
+id
+
+echo Environment:
+set
+
+ . .github/configs ${config}
 
 host=`./config.guess`
 echo "config.guess: $host"
 case "$host" in
 *cygwin)
 	PACKAGER=setup
 	echo Setting CYGWIN system environment variable.
-	setx CYGWIN "binmode"
+	setx CYGWIN "winsymlinks:native"
 	echo Removing extended ACLs so umask works as expected.
+	set -x
 	setfacl -b . regress
+	icacls regress /c /t /q /Inheritance:d
+	icacls regress /c /t /q /Grant ${USERNAME}:F
+	icacls regress /c /t /q /Remove:g "Authenticated Users" \
+	     BUILTIN\\Administrators BUILTIN Everyone System Users
+	takeown /F regress
+	icacls regress
+	set +x
 	PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
 	PACKAGES="$PACKAGES,make,openssl,libssl-devel,zlib-devel"
 	;;
@@ -24,7 +41,7 @@ case "$host" in
 	PACKAGER=apt
 esac
 
-TARGETS=$@
+TARGETS=${config}
 
 INSTALL_FIDO_PPA="no"
 export DEBIAN_FRONTEND=noninteractive
@@ -147,7 +164,7 @@ for TARGET in $TARGETS; do
         PACKAGES="${PACKAGES} cmake ninja-build"
         ;;
     putty-*)
-	INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-)
+	INSTALL_PUTTY=0.83
 	PACKAGES="${PACKAGES} cmake"
 	;;
     valgrind*)
@@ -184,7 +201,8 @@ while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do
 	fi
 	;;
     setup)
-	if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then
+	setup="/cygdrive/$(echo "${CYGWIN_SETUP}" | tr -d : | tr '\' '/')"
+	if "${setup}" -q -P `echo "$PACKAGES" | tr ' ' ,`; then
 		PACKAGES=""
 	fi
 	;;
@@ -207,13 +225,8 @@ if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
 fi
 
 if [ ! -z "${INSTALL_OPENSSL}" ]; then
-    (cd ${HOME} &&
-     git clone https://github.com/openssl/openssl.git &&
-     cd ${HOME}/openssl &&
-     git checkout ${INSTALL_OPENSSL} &&
-     ./config no-threads shared ${SSLCONFOPTS} \
-         --prefix=/opt/openssl &&
-     make && sudo make install_sw)
+	.github/install_libcrypto.sh \
+	    "${INSTALL_OPENSSL}" /opt/openssl "${SSLCONFOPTS}"
 fi
 
 if [ ! -z "${INSTALL_LIBRESSL}" ]; then
@@ -240,7 +253,7 @@ if [ ! -z "${INSTALL_BORINGSSL}" ]; then
      cd ${HOME}/boringssl && mkdir build && cd build &&
      cmake -GNinja  -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja &&
      mkdir -p /opt/boringssl/lib &&
-     cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib &&
+     cp ${HOME}/boringssl/build/libcrypto.a /opt/boringssl/lib &&
      cp -r ${HOME}/boringssl/include /opt/boringssl)
 fi
 
@@ -260,23 +273,23 @@ if [ ! -z "${INSTALL_ZLIB}" ]; then
 fi
 
 if [ ! -z "${INSTALL_PUTTY}" ]; then
-    ver="${INSTALL_PUTTY}"
-    case "${INSTALL_PUTTY}" in
-    snapshot)
-	tarball=putty.tar.gz
-	(cd /tmp && wget https://tartarus.org/~simon/putty-snapshots/${tarball})
-	;;
-    *)
-	tarball=putty-${ver}.tar.gz
-	(cd /tmp && wget https://the.earth.li/~sgtatham/putty/${ver}/${tarball})
+	.github/install_putty.sh "${INSTALL_PUTTY}"
+fi
+
+# If we're running on an ephemeral VM, set a random password and set
+# up to run the password auth test.
+if [ ! -z "${EPHEMERAL_VM}" ]; then
+
+    # This is the github "target" as specified in the yml file.
+    # In particular, ubuntu-latest sets the password field to the locked
+    # value, so unless we reset it here most of the tests will fail.
+    case "${target}" in
+    ubuntu-*)
+	echo ${target} target: setting random password.
+	openssl rand -base64 9 >regress/password
+	pw=$(tr -d '\n' <regress/password | openssl passwd -6 -stdin)
+	sudo usermod --password "${pw}" runner
+	sudo usermod --unlock runner
 	;;
     esac
-    (cd ${HOME} && tar xfz /tmp/${tarball} && cd putty-*
-     if [ -f CMakeLists.txt ]; then
-	cmake . && cmake --build . && sudo cmake --build . --target install
-     else
-	./configure && make && sudo make install
-     fi
-    )
-    /usr/local/bin/plink -V
 fi