Source snapshot from Powershell/openssh-portable:latestw_all

Author: manojampalam

Makefile.in

@@ -236,6 +236,8 @@ clean:	regressclean
 	rm -f regress/unittests/sshkey/test_sshkey
 	rm -f regress/unittests/bitmap/*.o
 	rm -f regress/unittests/bitmap/test_bitmap
+	rm -f regress/unittests/conversion/*.o
+	rm -f regress/unittests/conversion/test_conversion
 	rm -f regress/unittests/hostkeys/*.o
 	rm -f regress/unittests/hostkeys/test_hostkeys
 	rm -f regress/unittests/kex/*.o
@@ -262,6 +264,8 @@ distclean:	regressclean
 	rm -f regress/unittests/sshkey/test_sshkey
 	rm -f regress/unittests/bitmap/*.o
 	rm -f regress/unittests/bitmap/test_bitmap
+	rm -f regress/unittests/conversion/*.o
+	rm -f regress/unittests/conversion/test_conversion
 	rm -f regress/unittests/hostkeys/*.o
 	rm -f regress/unittests/hostkeys/test_hostkeys
 	rm -f regress/unittests/kex/*.o
@@ -426,6 +430,8 @@ regress-prep:
 		mkdir -p `pwd`/regress/unittests/sshkey
 	[ -d `pwd`/regress/unittests/bitmap ] || \
 		mkdir -p `pwd`/regress/unittests/bitmap
+	[ -d `pwd`/regress/unittests/conversion ] || \
+		mkdir -p `pwd`/regress/unittests/conversion
 	[ -d `pwd`/regress/unittests/hostkeys ] || \
 		mkdir -p `pwd`/regress/unittests/hostkeys
 	[ -d `pwd`/regress/unittests/kex ] || \
@@ -503,6 +509,16 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
 	    regress/unittests/test_helper/libtest_helper.a \
 	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
+UNITTESTS_TEST_CONVERSION_OBJS=\
+	regress/unittests/conversion/tests.o
+
+regress/unittests/conversion/test_conversion$(EXEEXT): \
+    ${UNITTESTS_TEST_CONVERSION_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_CONVERSION_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
 UNITTESTS_TEST_KEX_OBJS=\
 	regress/unittests/kex/tests.o \
 	regress/unittests/kex/test_kex.o
@@ -558,13 +574,14 @@ regress-binaries: regress/modpipe$(EXEEXT) \
 	regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
 	regress/unittests/sshkey/test_sshkey$(EXEEXT) \
 	regress/unittests/bitmap/test_bitmap$(EXEEXT) \
+	regress/unittests/conversion/test_conversion$(EXEEXT) \
 	regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
 	regress/unittests/kex/test_kex$(EXEEXT) \
 	regress/unittests/match/test_match$(EXEEXT) \
 	regress/unittests/utf8/test_utf8$(EXEEXT) \
 	regress/misc/kexfuzz/kexfuzz$(EXEEXT)
 
-tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS)
+tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
 	BUILDDIR=`pwd`; \
 	TEST_SSH_SCP="$${BUILDDIR}/scp"; \
 	TEST_SSH_SSH="$${BUILDDIR}/ssh"; \

README

@@ -1,4 +1,4 @@
-See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes.
+See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes.
 
 Please read https://www.openssh.com/report.html for bug reporting
 instructions and note that we do not use Github for bug reporting or

appveyor.yml

@@ -1,4 +1,4 @@
-version: 0.0.8.0.{build}
+version: 0.0.10.0.{build}
 image: Visual Studio 2015
 
 branches:
@@ -11,12 +11,12 @@ init:
 
 build_script:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 -DisableNameChecking
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
       Invoke-AppVeyorBuild
 
 after_build:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 -DisableNameChecking
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
       Install-OpenSSH
   - ps: Write-Verbose "Restart computer ..."
   - ps: Restart-Computer -Force
@@ -25,23 +25,20 @@ after_build:
 
 before_test:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 -DisableNameChecking
-      Install-TestDependencies
-      Deploy-OpenSSHTests
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
+      Setup-OpenSSHTestEnvironment -Quiet
 
 test_script:
-  - cmd: |
-       "%ProgramFiles%\PowerShell\6.0.0.14\powershell.exe" -Command "Import-Module \"%APPVEYOR_BUILD_FOLDER%\contrib\win32\openssh\AppVeyor.psm1\" -DisableNameChecking;Run-OpenSSHPesterTest"
   - ps: |
-      Check-PesterTestResult
-      Run-OpenSSHUnitTest
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
+      Run-OpenSSHTests
 
 after_test:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 -DisableNameChecking
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
       Upload-OpenSSHTestResults
       
 on_finish:
   - ps: |
-      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 -DisableNameChecking
+      Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppveyorHelper.psm1 -DisableNameChecking
       Publish-Artifact

auth-passwd.c

@@ -227,15 +227,16 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 #elif defined(WINDOWS)
 /*
 * Authenticate on Windows - Pass credentials to ssh-agent and retrieve token
-* upon succesful authentication
+* upon successful authentication
+* TODO - password is sent in plain text over IPC. Consider implications. 
 */
-extern int auth_sock;
 int sys_auth_passwd(Authctxt *authctxt, const char *password)
 {
+	struct sshbuf *msg = NULL;
 	size_t blen = 0;
 	DWORD token = 0;
-	struct sshbuf *msg = NULL;
-	int r;
+	extern int auth_sock;
+	int r = 0;
 
 	msg = sshbuf_new();
 	if (!msg)

auth.c

@@ -490,7 +490,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
     uid_t uid, char *err, size_t errlen)
 {
 #ifdef WINDOWS
-	error("auth_secure_path should not be called in Windows");
+	error("auth_secure_path should not be called in Windows yet");
 	return -1;
 #else /* !WINDOWS */
 	char buf[PATH_MAX], homedir[PATH_MAX];
@@ -579,7 +579,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
 	FILE *f;
 
 #ifdef WINDOWS
-        /* Windows POSIX adpater does not support fdopen() on open(file)*/
+        /* Windows POSIX adapter does not support fdopen() on open(file)*/
         if ((f = fopen(file, "r")) == NULL) {
                 debug("Could not open %s '%s': %s", file_type, file,
                         strerror(errno));

auth2-pubkey.c

@@ -178,14 +178,14 @@ userauth_pubkey(Authctxt *authctxt)
 		authenticated = 0;
 
 #ifdef WINDOWS
-		/* Pass key challenge material to ssh-agent to retrieve token upon succesful authentication */
+		/* Pass key challenge material to ssh-agent to retrieve token upon successful authentication */
 		{
-			extern int auth_sock;
-			int r;
+			struct sshbuf *msg = NULL; 
 			u_char *blob = NULL;
 			size_t blen = 0;
 			DWORD token = 0;
-			struct sshbuf *msg = NULL;
+			extern int auth_sock;
+			int r = 0;
 
 			while (1) {
 				msg = sshbuf_new();
@@ -246,11 +246,7 @@ userauth_pubkey(Authctxt *authctxt)
 		 * if a user is not allowed to login. is this an
 		 * issue? -markus
 		 */
-#ifdef WINDOWS /* key validation in done in agent for Windows */
-		{
-#else  /* !WINDOWS */
 		if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0))) {
-#endif  /* !WINDOWS */
 			packet_start(SSH2_MSG_USERAUTH_PK_OK);
 			packet_put_string(pkalg, alen);
 			packet_put_string(pkblob, blen);

authfd.c

@@ -113,7 +113,6 @@ ssh_get_authentication_socket(int *fdp)
 		errno = oerrno;
 		return SSH_ERR_SYSTEM_ERROR;
 	}
-
 	if (fdp != NULL)
 		*fdp = sock;
 	else

configure.ac

@@ -1486,6 +1486,7 @@ AC_ARG_WITH(ldns,
 		else
 			LIBS="$LIBS `$LDNSCONFIG --libs`"
 			CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
+			ldns=yes
 		fi
 	elif test "x$withval" != "xno" ; then
 			CPPFLAGS="$CPPFLAGS -I${withval}/include"
@@ -1717,6 +1718,7 @@ AC_CHECK_FUNCS([ \
 	inet_ntoa \
 	inet_ntop \
 	innetgr \
+	llabs \
 	login_getcapbool \
 	md5_crypt \
 	memmove \
@@ -2531,8 +2533,8 @@ if test "x$openssl" = "xyes" ; then
 			ssl_library_ver=`cat conftest.ssllibver`
 			# Check version is supported.
 			case "$ssl_library_ver" in
-				0090[[0-7]]*|009080[[0-5]]*)
-					AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
+				10000*|0*)
+					AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
 			                ;;
 			        *) ;;
 			esac

contrib/cygwin/ssh-host-config

@@ -63,7 +63,6 @@ sshd_config_configured=no
 port_number=22
 service_name=sshd
 strictmodes=yes
-privsep_used=yes
 cygwin_value=""
 user_account=
 password_value=
@@ -140,33 +139,21 @@ sshd_strictmodes() {
 
 # ======================================================================
 # Routine: sshd_privsep
-#  MODIFIES: privsep_used
+# Try to create ssshd user account
 # ======================================================================
 sshd_privsep() {
   local ret=0
 
   if [ "${sshd_config_configured}" != "yes" ]
   then
-    echo
-    csih_inform "Privilege separation is set to 'sandbox' by default since"
-    csih_inform "OpenSSH 6.1.  This is unsupported by Cygwin and has to be set"
-    csih_inform "to 'yes' or 'no'."
-    csih_inform "However, using privilege separation requires a non-privileged account"
-    csih_inform "called 'sshd'."
-    csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
-    if csih_request "Should privilege separation be used?"
+    if ! csih_create_unprivileged_user sshd
     then
-      privsep_used=yes
-      if ! csih_create_unprivileged_user sshd
-      then
-	csih_error_recoverable "Couldn't create user 'sshd'!"
-	csih_error_recoverable "Privilege separation set to 'no' again!"
-	csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
-	let ++ret
-	privsep_used=no
-      fi
-    else
-      privsep_used=no
+      csih_error_recoverable "Could not create user 'sshd'!"
+      csih_error_recoverable "You will not be able to run an sshd service"
+      csih_error_recoverable "under a privileged account successfully."
+      csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
+      csih_error_recoverable "manually before trying to run the service!"
+      let ++ret
     fi
   fi
   return $ret
@@ -202,18 +189,6 @@ sshd_config_tweak() {
       let ++ret
     fi
   fi
-  if [ "${sshd_config_configured}" != "yes" ]
-  then
-    /usr/bin/sed -i -e "
-      s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
-      ${SYSCONFDIR}/sshd_config
-    if [ $? -ne 0 ]
-    then
-      csih_warning "Setting privilege separation failed!"
-      csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
-      let ++ret
-    fi
-  fi
   return $ret
 } # --- End of sshd_config_tweak --- #
 
@@ -693,7 +668,7 @@ then
   fi
 fi
 
-# handle sshd_config (and privsep)
+# handle sshd_config
 csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
 if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
 then

contrib/redhat/openssh.spec

@@ -1,4 +1,4 @@
-%define ver 7.4p1
+%define ver 7.5p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID

contrib/suse/openssh.spec

@@ -13,7 +13,7 @@
 
 Summary:	OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:		openssh
-Version:	7.4p1
+Version:	7.5p1
 URL:		https://www.openssh.com/
 Release:	1
 Source0:	openssh-%{version}.tar.gz