Hello All. Portable OpenSSH version 3.8.1p1 nearing release. This is primarily a bug fix release and we're asking for interested parties to try a snapshot [1]. A reminder: we rely on community feedback to find out about problems, particularly as there are many platforms any configurations that we don't have access to and can't test. In most cases, running the built-in tests is as simple as "./configure && make tests", but actually using it will provide a better test for your environment. Both would be ideal, but either one is far better than neither. In particular, on HP-UX configure will now attempt to detect a working getnameinfo(), so if you are using IPv6 on HP-UX please see if it detects correctly for your environment. Thanks, -Daz. Bugs fixed in this release: #748 HP-UX 11.11 (aka 11i) needs BROKEN_GETADDRINFO. #802 sshd configured with SIA doesn't link on Tru64. #808 segfault if not using pam/kbdint mech and password's expired #810 TZ environment variable not being set. #811 locked /etc/shadow password prefix on linux. #820 utmp seems to be getting clobbered on logins (IRIX) #825 OpenSSH 3.8p1 breaks on Solaris 8 with 4in6 mapped addresses. [1] ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot/ or one of its mirrors listed at http://www.openssh.com/portable.html#mirrors -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Wed, 14 Apr 2004, Darren Tucker wrote:>Hello All. > Portable OpenSSH version 3.8.1p1 nearing release. This is primarily a >bug fix release and we're asking for interested parties to try a >snapshot [1]. A reminder: we rely on community feedback to find out >about problems, particularly as there are many platforms any >configurations that we don't have access to and can't test. > > In most cases, running the built-in tests is as simple as "./configure >&& make tests", but actually using it will provide a better test for >your environment. Both would be ideal, but either one is far better >than neither. > > In particular, on HP-UX configure will now attempt to detect a working >getnameinfo(), so if you are using IPv6 on HP-UX please see if it >detects correctly for your environment. > > Thanks,Thanks guys. I will try some RPMS soon. I have a quick question for GSSAPI implementation (which is more aimed at Simon and other people and not the core :)). What is the functional difference between the current GSSAPI implementation and the one that was with 3.6p2 with Simons patch? -- Stephen John Smoogen smoogen at lanl.gov Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645 Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545 -- You should consider any operational computer to be a security problem --
On Apr 14 00:42, Darren Tucker wrote:> Hello All. > Portable OpenSSH version 3.8.1p1 nearing release. This is primarily > a bug fix release and we're asking for interested parties to try a > snapshot [1]. A reminder: we rely on community feedback to find out > about problems, particularly as there are many platforms any > configurations that we don't have access to and can't test. > > In most cases, running the built-in tests is as simple as > "./configure && make tests", but actually using it will provide a better > test for your environment. Both would be ideal, but either one is far > better than neither.Current CVS, linked against OpenSSL 0.9.7d, looks good on Cygwin. Just one expected fail in the testsuite when trying to copy a file with quotes (illegal character in filenames on Windows filesystems). Corinna -- Corinna Vinschen Cygwin Co-Project Leader Red Hat, Inc.
Hi, So far we have received only *one* test report as a result of this call for testing (thanks Corinna). We absolutely need wider testing of releases. While we try to test on as many platforms as possible, there is no way we can get them all. If you want the next stable OpenSSH to work for you, then please help out. Also, I know representatives from various OS distributors are on this list. You are very well situated to perform these tests and IMO should be doing so, if only to reduce your own workload in backporting fixes that are needed because of insufficient testing. Downloading a snapshot, compiling and running the tests takes a few minutes only and makes a great difference to the quality of our releases. Please take the time to assist. -d Darren Tucker wrote:> Hello All. > Portable OpenSSH version 3.8.1p1 nearing release. This is primarily a > bug fix release and we're asking for interested parties to try a > snapshot [1]. A reminder: we rely on community feedback to find out > about problems, particularly as there are many platforms any > configurations that we don't have access to and can't test. > > In most cases, running the built-in tests is as simple as "./configure > && make tests", but actually using it will provide a better test for > your environment. Both would be ideal, but either one is far better > than neither. > > In particular, on HP-UX configure will now attempt to detect a working > getnameinfo(), so if you are using IPv6 on HP-UX please see if it > detects correctly for your environment. > > Thanks, > -Daz. > > Bugs fixed in this release: > #748 HP-UX 11.11 (aka 11i) needs BROKEN_GETADDRINFO. > #802 sshd configured with SIA doesn't link on Tru64. > #808 segfault if not using pam/kbdint mech and password's expired > #810 TZ environment variable not being set. > #811 locked /etc/shadow password prefix on linux. > #820 utmp seems to be getting clobbered on logins (IRIX) > #825 OpenSSH 3.8p1 breaks on Solaris 8 with 4in6 mapped addresses. > > [1] ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot/ > or one of its mirrors listed at > http://www.openssh.com/portable.html#mirrors
No problems on Solaris 2.6 on an old SS5 clone. -- Hisashi T Fujinaka - htodd at twofifty.com BSEE(6/86) + BSChem(3/95) + BAEnglish(8/95) + MSCS(8/03) + $2.50 = latte
Hi! On Wed, Apr 14, 2004 at 12:42:44AM +1000, Darren Tucker wrote:> In most cases, running the built-in tests is as simple as > "./configure && make tests", but actually using it will provide > a better test for your environment. Both would be ideal, but > either one is far better than neither.openssh-SNAP-20040415 compiles and passes "make tests" fine on Sparc Solaris 7. Configured with: -- snip -- LIBS=-ldl ./configure \ --with-zlib=/opt/zlib-static \ --with-ssl-dir=/opt/openssl-static \ --prefix=/usr/local \ --with-pid-dir=/etc/ssh \ --sysconfdir=/etc/ssh \ --with-rand-helper \ --with-prngd-socket=/var/run/prngd-socket \ --with-privsep-user=sshd \ --with-privsep-path=/var/empty \ --disable-etc-default-login \ --with-default-path=/usr/bin:/bin:/usr/local/bin \ --with-superuser-path=/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin \ --with-pam -- snap -- Final output of configure: -- snip -- OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /etc/ssh Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /etc/ssh Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/local/bin (If PATH is set in /etc/default/login it will be used instead. If used, ensure the path to scp is present, otherwise scp will not work.) sshd superuser user PATH: /usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin Manpage format: man PAM support: yes KerberosV support: no Smartcard support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: ssh-rand-helper ssh-rand-helper collects from: Unix domain socket "/var/run/prngd-socket" Host: sparc-sun-solaris2.7 Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: -I/opt/openssl-static/include -I/opt/zlib-static/include Linker flags: -L/opt/openssl-static/lib -R/opt/openssl-static/lib -L/opt/zlib-static/lib -R/opt/zlib-static/lib Libraries: -lpam -ldl -lresolv -lcrypto -lrt -lz -lsocket -lnsl -ldl -- snap -- The "LIBS=-ldl" is necessary because for some reason the static libcrypto.a contains calls to dlopen() and therefore even the clients need the libary (configure only added -ldl to $LIBPAM, which is only used for sshd). Ciao Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040416/a4722db1/attachment.bin
On Apr 13, 2004, at 7:42 AM, Darren Tucker wrote:> Hello All. > Portable OpenSSH version 3.8.1p1 nearing release...=======Summary ======= AIX 5.2 ML1, IBM C for AIX 6 compiler, openssh-SNAP-20040416, all tests "ok". =====Notes ===== * I had to specify /usr/local/include and /usr/local/lib as CPPFLAGS and LDFLAGS; if I didn't, configure wouldn't find zlib.h or libcrypto.a * There were a large number of (W)arnings and (I)formation messages during the build process, but nothing fatal. * I tried out the sshd and the ssh client briefly, and it all worked without any obvious problems. * looks like another great release! thanks! =======Details ======= palatino:/usr/local/src/openssh $ uname -a ; oslevel -r AIX palatino 2 5 0001DCBA4C00 5200-01 ----- palatino:/usr/local/src/openssh $ lslpp -L vac.C Fileset Level State Type Description (Uninstaller) ------------------------------------------------------------------------ ---- vac.C 6.0.0.6 C F C for AIX Compiler ----- palatino:/usr/local/src/openssh $ cat 00BUILD CC=/usr/bin/cc \ CPPFLAGS=-I/usr/local/include \ LDFLAGS=-L/usr/local/lib \ ./configure \ --prefix=/usr/local/stow/openssh-snap \ --sysconfdir=/etc/ssh \ --with-xauth=/usr/bin/X11/xauth \ && make tests ----- OpenSSH has been configured with the following options: User binaries: /usr/local/stow/openssh-snap/bin System binaries: /usr/local/stow/openssh-snap/sbin Configuration files: /etc/ssh Askpass program: /usr/local/stow/openssh-snap/libexec/ssh-askpass Manual pages: /usr/local/stow/openssh-snap/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/stow/openssh-snap/bin Manpage format: man PAM support: no KerberosV support: no Smartcard support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: powerpc-ibm-aix5.2.0.0 Compiler: /usr/bin/cc Compiler flags: -g Preprocessor flags: -I/usr/local/include Linker flags: -L/usr/local/lib -blibpath:/usr/lib:/lib Libraries: -lcrypto -lz ==========================="make tests" output =========================== ("make" output removed, cause the message was too big for the list with it; I have the output including the warnings/info messages, if anyone wants it.) ... run test connect.sh ... ok simple connect run test proxy-connect.sh ... ok proxy connect run test connect-privsep.sh ... ok proxy connect with privsep run test proto-version.sh ... ok sshd version with different protocol combinations run test proto-mismatch.sh ... ok protocol version mismatch run test exit-status.sh ... test remote exit status: proto 1 status 0 test remote exit status: proto 1 status 1 test remote exit status: proto 1 status 4 test remote exit status: proto 1 status 5 test remote exit status: proto 1 status 44 test remote exit status: proto 2 status 0 test remote exit status: proto 2 status 1 test remote exit status: proto 2 status 4 test remote exit status: proto 2 status 5 test remote exit status: proto 2 status 44 ok remote exit status run test transfer.sh ... transfer data: proto 1 transfer data: proto 2 ok transfer data run test banner.sh ... test banner: missing banner file test banner: size 0 test banner: size 10 test banner: size 100 test banner: size 1000 test banner: size 10000 test banner: size 100000 test banner: suppress banner (-q) ok banner run test rekey.sh ... ok rekey during transfer data run test stderr-data.sh ... test stderr data transfer: proto 1 () test stderr data transfer: proto 2 () test stderr data transfer: proto 1 (-n) test stderr data transfer: proto 2 (-n) ok stderr data transfer run test stderr-after-eof.sh ... ok stderr data after eof run test broken-pipe.sh ... ok broken pipe test run test try-ciphers.sh ... test try ciphers: proto 2 cipher aes128-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes128-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes128-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes128-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher 3des-cbc mac hmac-sha1 test try ciphers: proto 2 cipher 3des-cbc mac hmac-md5 test try ciphers: proto 2 cipher 3des-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher 3des-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-sha1 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-md5 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher cast128-cbc mac hmac-sha1 test try ciphers: proto 2 cipher cast128-cbc mac hmac-md5 test try ciphers: proto 2 cipher cast128-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher cast128-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher arcfour mac hmac-sha1 test try ciphers: proto 2 cipher arcfour mac hmac-md5 test try ciphers: proto 2 cipher arcfour mac hmac-sha1-96 test try ciphers: proto 2 cipher arcfour mac hmac-md5-96 test try ciphers: proto 2 cipher aes192-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes192-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes192-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes192-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher aes256-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes256-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes256-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes256-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-sha1 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-md5 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-sha1-96 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-md5-96 test try ciphers: proto 2 cipher aes128-ctr mac hmac-sha1 test try ciphers: proto 2 cipher aes128-ctr mac hmac-md5 test try ciphers: proto 2 cipher aes128-ctr mac hmac-sha1-96 test try ciphers: proto 2 cipher aes128-ctr mac hmac-md5-96 test try ciphers: proto 2 cipher aes192-ctr mac hmac-sha1 test try ciphers: proto 2 cipher aes192-ctr mac hmac-md5 test try ciphers: proto 2 cipher aes192-ctr mac hmac-sha1-96 test try ciphers: proto 2 cipher aes192-ctr mac hmac-md5-96 test try ciphers: proto 2 cipher aes256-ctr mac hmac-sha1 test try ciphers: proto 2 cipher aes256-ctr mac hmac-md5 test try ciphers: proto 2 cipher aes256-ctr mac hmac-sha1-96 test try ciphers: proto 2 cipher aes256-ctr mac hmac-md5-96 test try ciphers: proto 1 cipher 3des test try ciphers: proto 1 cipher blowfish test try ciphers: proto 2 cipher acss at openssh.org mac hmac-sha1 test try ciphers: proto 2 cipher acss at openssh.org mac hmac-md5 test try ciphers: proto 2 cipher acss at openssh.org mac hmac-sha1-96 test try ciphers: proto 2 cipher acss at openssh.org mac hmac-md5-96 ok try ciphers run test yes-head.sh ... sh: There is no process to read data written to a pipe. sh: There is no process to read data written to a pipe. ok yes pipe head run test login-timeout.sh ... ok connect after login grace timeout run test agent.sh ... ok simple agent test run test agent-getpeereid.sh ... skipped (not supported on this platform) run test agent-timeout.sh ... ok agent timeout test run test agent-ptrace.sh ... skipped (not supported on this platform) run test keyscan.sh ... ok keyscan run test keygen-change.sh ... ok change passphrase for key run test sftp.sh ... test basic sftp put/get: buffer_size 5 num_requests 1 test basic sftp put/get: buffer_size 5 num_requests 2 test basic sftp put/get: buffer_size 5 num_requests 10 test basic sftp put/get: buffer_size 1000 num_requests 1 test basic sftp put/get: buffer_size 1000 num_requests 2 test basic sftp put/get: buffer_size 1000 num_requests 10 test basic sftp put/get: buffer_size 32000 num_requests 1 test basic sftp put/get: buffer_size 32000 num_requests 2 test basic sftp put/get: buffer_size 32000 num_requests 10 test basic sftp put/get: buffer_size 64000 num_requests 1 test basic sftp put/get: buffer_size 64000 num_requests 2 test basic sftp put/get: buffer_size 64000 num_requests 10 ok basic sftp put/get run test sftp-cmds.sh ... sftp commands: lls sftp commands: ls sftp commands: shell sftp commands: pwd sftp commands: lpwd sftp commands: quit sftp commands: help sftp commands: get sftp commands: get quoted sftp commands: get filename with quotes sftp commands: get to directory sftp commands: glob get to directory sftp commands: get to local dir sftp commands: glob get to local dir sftp commands: put sftp commands: put filename with quotes sftp commands: put to directory sftp commands: glob put to directory sftp commands: put to local dir sftp commands: glob put to local dir sftp commands: rename sftp commands: rename directory sftp commands: ln sftp commands: mkdir sftp commands: chdir sftp commands: rmdir sftp commands: lmkdir sftp commands: lchdir ok sftp commands run test sftp-badcmds.sh ... sftp invalid commands: get nonexistent sftp invalid commands: glob get to nonexistent directory sftp invalid commands: put nonexistent sftp invalid commands: glob put to nonexistent directory sftp invalid commands: rename nonexistent sftp invalid commands: rename target exists sftp invalid commands: rename target exists (directory) sftp invalid commands: glob put files to local file ok sftp invalid commands run test sftp-batch.sh ... sftp batchfile: good commands sftp batchfile: bad commands sftp batchfile: comments and blanks sftp batchfile: junk command ok sftp batchfile run test reconfigure.sh ... ok simple connect after reconfigure run test dynamic-forward.sh ... skipped (no suitable ProxyCommand found) run test forwarding.sh ... ok local and remote forwarding make[1]: Leaving directory `/usr/local/src/openssh/regress' -- Sandor Wade Sklar Unix Systems Administrator Stanford University ITSS-TSS Non impediti ratione cogitationis. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2367 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040416/6326a3b9/attachment.bin
openssh-SNAP-20040416.tar.gz Tests OK on ia32 RedHat 8 Tests OK on ia64 SuSE SLES 8 Tests NOT OK on IRIX 6.5 (surprise!) sftp Tests fail on IRIX 6.5: ... sftp commands: get filename with quotes cmp: EOF on /afs/ncsa/.u10/dopheide/openssh/test/openssh/regress/copy."blah" corrupted copy after get with quotes ... sftp commands: glob put to directory put failed sftp commands: put to local dir sftp commands: glob put to local dir put failed For starters, I know very little about IRIX. This could very easily just be a product of our environment, so I'd prefer it if someone else were to test IRIX 6.5 as well. That being said, I've made the config.log, config.status, and some environment info available for your viewing pleasure: http://www.ncsa.uiuc.edu/~dopheide/openssh/ I do not have administrative privileges on that system, but if you need me to try anything else, just holler. -Mike> Hello All. > Portable OpenSSH version 3.8.1p1 nearing release. This is primarily a > bug fix release and we're asking for interested parties to try a > snapshot [1]. A reminder: we rely on community feedback to find out > about problems, particularly as there are many platforms any > configurations that we don't have access to and can't test. > > In most cases, running the built-in tests is as simple as "./configure > && make tests", but actually using it will provide a better test for > your environment. Both would be ideal, but either one is far better > than neither. > > In particular, on HP-UX configure will now attempt to detect a working > getnameinfo(), so if you are using IPv6 on HP-UX please see if it > detects correctly for your environment. > > Thanks, > -Daz. > > Bugs fixed in this release: > #748 HP-UX 11.11 (aka 11i) needs BROKEN_GETADDRINFO. > #802 sshd configured with SIA doesn't link on Tru64. > #808 segfault if not using pam/kbdint mech and password's expired > #810 TZ environment variable not being set. > #811 locked /etc/shadow password prefix on linux. > #820 utmp seems to be getting clobbered on logins (IRIX) > #825 OpenSSH 3.8p1 breaks on Solaris 8 with 4in6 mapped addresses. > > [1] ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot/ > or one of its mirrors listed at > http://www.openssh.com/portable.html#mirrors > >--
On Tue, 2004-04-13 at 16:42, Darren Tucker wrote:> Hello All. > Portable OpenSSH version 3.8.1p1 nearing release. This is primarily a > bug fix release and we're asking for interested parties to try a > snapshot [1]. A reminder: we rely on community feedback to find out > about problems, particularly as there are many platforms any > configurations that we don't have access to and can't test. > > In most cases, running the built-in tests is as simple as "./configure > && make tests", but actually using it will provide a better test for > your environment. Both would be ideal, but either one is far better > than neither.I've tested with snapshot-20040417 I've tried compiling it on my HP D220 HP-UX 11i system... but it failed during compilation with: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -DHAVE_CONFIG_H -c xcrypt.c In file included from /usr/include/sys/user.h:52, from /usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.3.1/include/rpc/auth.h:30, from /usr/include/rpc/rpc.h:61, from /usr/include/rpcsvc/nis.h:9, from /usr/include/prot.h:23, from xcrypt.c:33: /usr/include/machine/sys/setjmp.h:45: error: redefinition of `struct label_t' In file included from xcrypt.c:43: /usr/include/shadow.h:42: error: conflicting types for `getspnam' /usr/include/prot.h:650: error: previous declaration of `getspnam' xcrypt.c: In function `xcrypt': xcrypt.c:68: warning: passing arg 1 of `bigcrypt' discards qualifiers from pointer target type xcrypt.c:68: warning: passing arg 2 of `bigcrypt' discards qualifiers from pointer target type *** Error exit code 1 Stop. *** Error exit code 1 Stop. # gcc --version gcc (GCC) 3.3.1 Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.> > In particular, on HP-UX configure will now attempt to detect a working > getnameinfo(), so if you are using IPv6 on HP-UX please see if it > detects correctly for your environment.Does anyone have any pointers on how to get HPUX running with IPv6... I'm still looking on how to do that. I'm going to test it on debian on PA-Risc next. Mark Janssen