mirror of
https://github.com/opnsense/src.git
synced 2026-04-15 14:29:58 -04:00
4d3fc8b057
This release fixes a number of security bugs and has minor new features and bug fixes. Security fixes, from the release notes (https://www.openssh.com/txt/release-9.3): This release contains fixes for a security problem and a memory safety problem. The memory safety problem is not believed to be exploitable, but we report most network-reachable memory faults as security bugs. * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer. Sponsored by: The FreeBSD Foundation |
||
|---|---|---|
| .. | ||
| misc | ||
| unittests | ||
| addrmatch.sh | ||
| agent-getpeereid.sh | ||
| agent-pkcs11.sh | ||
| agent-ptrace.sh | ||
| agent-restrict.sh | ||
| agent-subprocess.sh | ||
| agent-timeout.sh | ||
| agent.sh | ||
| allow-deny-users.sh | ||
| authinfo.sh | ||
| banner.sh | ||
| broken-pipe.sh | ||
| brokenkeys.sh | ||
| cert-file.sh | ||
| cert-hostkey.sh | ||
| cert-userkey.sh | ||
| cfginclude.sh | ||
| cfgmatch.sh | ||
| cfgmatchlisten.sh | ||
| cfgparse.sh | ||
| channel-timeout.sh | ||
| check-perm.c | ||
| cipher-speed.sh | ||
| conch-ciphers.sh | ||
| connect-privsep.sh | ||
| connect-uri.sh | ||
| connect.sh | ||
| connection-timeout.sh | ||
| dhgex.sh | ||
| dsa_ssh2.prv | ||
| dsa_ssh2.pub | ||
| dynamic-forward.sh | ||
| ed25519_openssh.prv | ||
| ed25519_openssh.pub | ||
| envpass.sh | ||
| exit-status-signal.sh | ||
| exit-status.sh | ||
| forcecommand.sh | ||
| forward-control.sh | ||
| forwarding.sh | ||
| host-expand.sh | ||
| hostbased.sh | ||
| hostkey-agent.sh | ||
| hostkey-rotate.sh | ||
| integrity.sh | ||
| kextype.sh | ||
| key-options.sh | ||
| keygen-change.sh | ||
| keygen-comment.sh | ||
| keygen-convert.sh | ||
| keygen-knownhosts.sh | ||
| keygen-moduli.sh | ||
| keygen-sshfp.sh | ||
| keys-command.sh | ||
| keyscan.sh | ||
| keytype.sh | ||
| knownhosts-command.sh | ||
| knownhosts.sh | ||
| krl.sh | ||
| limit-keytype.sh | ||
| localcommand.sh | ||
| login-timeout.sh | ||
| Makefile | ||
| mkdtemp.c | ||
| modpipe.c | ||
| moduli.in | ||
| multiplex.sh | ||
| multipubkey.sh | ||
| netcat.c | ||
| percent.sh | ||
| portnum.sh | ||
| principals-command.sh | ||
| proto-mismatch.sh | ||
| proto-version.sh | ||
| proxy-connect.sh | ||
| putty-ciphers.sh | ||
| putty-kex.sh | ||
| putty-transfer.sh | ||
| README.regress | ||
| reconfigure.sh | ||
| reexec.sh | ||
| rekey.sh | ||
| rsa_openssh.prv | ||
| rsa_openssh.pub | ||
| rsa_ssh2.prv | ||
| scp-ssh-wrapper.sh | ||
| scp-uri.sh | ||
| scp.sh | ||
| scp3.sh | ||
| servcfginclude.sh | ||
| setuid-allowed.c | ||
| sftp-badcmds.sh | ||
| sftp-batch.sh | ||
| sftp-chroot.sh | ||
| sftp-cmds.sh | ||
| sftp-glob.sh | ||
| sftp-perm.sh | ||
| sftp-uri.sh | ||
| sftp.sh | ||
| ssh-com-client.sh | ||
| ssh-com-keygen.sh | ||
| ssh-com-sftp.sh | ||
| ssh-com.sh | ||
| ssh2putty.sh | ||
| sshcfgparse.sh | ||
| sshfp-connect.sh | ||
| sshsig.sh | ||
| stderr-after-eof.sh | ||
| stderr-data.sh | ||
| t4.ok | ||
| t5.ok | ||
| t11.ok | ||
| test-exec.sh | ||
| timestamp.c | ||
| transfer.sh | ||
| try-ciphers.sh | ||
| valgrind-unit.sh | ||
| yes-head.sh | ||
Overview.
$ ./configure && make tests
You'll see some progress info. A failure will cause either the make to
abort or the driver script to report a "FATAL" failure.
The test consists of 2 parts. The first is the file-based tests which is
driven by the Makefile, and the second is a set of network or proxycommand
based tests, which are driven by a driver script (test-exec.sh) which is
called multiple times by the Makefile.
Failures in the first part will cause the Makefile to return an error.
Failures in the second part will print a "FATAL" message for the failed
test and continue.
OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
suite is based on OpenBSD's with modifications.
Environment variables.
SKIP_UNIT: Skip unit tests.
SUDO: path to sudo/doas command, if desired. Note that some systems
(notably systems using PAM) require sudo to execute some tests.
LTESTS: Whitespace separated list of tests (filenames without the .sh
extension) to run.
SKIP_LTESTS: Whitespace separated list of tests to skip.
OBJ: used by test scripts to access build dir.
TEST_SHELL: shell used for running the test scripts.
TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test
currently in progress.
TEST_SSH_PORT: TCP port to be used for the listening tests.
TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
before running each test.
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to
ssh_config before running each test.
TEST_SSH_TRACE: set to "yes" for verbose output from tests
TEST_SSH_x: path to "ssh" command under test, where x is one of
SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or
SFTPSERVER
USE_VALGRIND: Run the tests under valgrind memory checker.
Individual tests.
You can run an individual test from the top-level Makefile, eg:
$ make tests LTESTS=agent-timeout
If you need to manipulate the environment more you can invoke test-exec.sh
directly if you set up the path to find the binaries under test and the
test scripts themselves, for example:
$ cd regress
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
agent-timeout.sh
ok agent timeout test
Files.
test-exec.sh: the main test driver. Sets environment, creates config files
and keys and runs the specified test.
At the time of writing, the individual tests are:
connect.sh: simple connect
proxy-connect.sh: proxy connect
connect-privsep.sh: proxy connect with privsep
connect-uri.sh: uri connect
proto-version.sh: sshd version with different protocol combinations
proto-mismatch.sh: protocol version mismatch
exit-status.sh: remote exit status
envpass.sh: environment passing
transfer.sh: transfer data
banner.sh: banner
rekey.sh: rekey
stderr-data.sh: stderr data transfer
stderr-after-eof.sh: stderr data after eof
broken-pipe.sh: broken pipe test
try-ciphers.sh: try ciphers
yes-head.sh: yes pipe head
login-timeout.sh: connect after login grace timeout
agent.sh: simple connect via agent
agent-getpeereid.sh: disallow agent attach from other uid
agent-timeout.sh: agent timeout test
agent-ptrace.sh: disallow agent ptrace attach
keyscan.sh: keyscan
keygen-change.sh: change passphrase for key
keygen-convert.sh: convert keys
keygen-moduli.sh: keygen moduli
key-options.sh: key options
scp.sh: scp
scp-uri.sh: scp-uri
sftp.sh: basic sftp put/get
sftp-chroot.sh: sftp in chroot
sftp-cmds.sh: sftp command
sftp-badcmds.sh: sftp invalid commands
sftp-batch.sh: sftp batchfile
sftp-glob.sh: sftp glob
sftp-perm.sh: sftp permissions
sftp-uri.sh: sftp-uri
ssh-com-client.sh: connect with ssh.com client
ssh-com-keygen.sh: ssh.com key import
ssh-com-sftp.sh: basic sftp put/get with ssh.com server
ssh-com.sh: connect to ssh.com server
reconfigure.sh: simple connect after reconfigure
dynamic-forward.sh: dynamic forwarding
forwarding.sh: local and remote forwarding
multiplex.sh: connection multiplexing
reexec.sh: reexec tests
brokenkeys.sh: broken keys
sshcfgparse.sh: ssh config parse
cfgparse.sh: sshd config parse
cfgmatch.sh: sshd_config match
cfgmatchlisten.sh: sshd_config matchlisten
addrmatch.sh: address match
localcommand.sh: localcommand
forcecommand.sh: forced command
portnum.sh: port number parsing
keytype.sh: login with different key types
kextype.sh: login with different key exchange algorithms
cert-hostkey.sh certified host keys
cert-userkey.sh: certified user keys
host-expand.sh: expand %h and %n
keys-command.sh: authorized keys from command
forward-control.sh: sshd control of local and remote forwarding
integrity.sh: integrity
krl.sh: key revocation lists
multipubkey.sh: multiple pubkey
limit-keytype.sh: restrict pubkey type
hostkey-agent.sh: hostkey agent
keygen-knownhosts.sh: ssh-keygen known_hosts
hostkey-rotate.sh: hostkey rotate
principals-command.sh: authorized principals command
cert-file.sh: ssh with certificates
cfginclude.sh: config include
allow-deny-users.sh: AllowUsers/DenyUsers
authinfo.sh: authinfo
Problems?
Run the failing test with shell tracing (-x) turned on:
$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh
Failed tests can be difficult to diagnose. Suggestions:
- run the individual test via ./test-exec.sh `pwd` [testname]
- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
auth.debug (eg to /var/log/authlog).
Known Issues.
- Similarly, if you do not have "scp" in your system's $PATH then the
multiplex scp tests will fail (since the system's shell startup scripts
will determine where the shell started by sshd will look for scp).
- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
test to fail. The old behaviour can be restored by setting (and
exporting) _POSIX2_VERSION=199209 before running the tests.