Hi All.
OpenSSH 4.7 is preparing for release so we are asking for any interested
folks to please test a snapshot. The main changes are:
* sshd(8) in new installations defaults to SSH Protocol 2 only.
Existing installations are unchanged.
* The SSH channel window size has been increased, which improves
performance on high-BDP networks.
* ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
* A new MAC algorithm has been added, UMAC-64 (RFC4418) which is
approximately 20% faster than HMAC-MD5.
* A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes
#616: proxycommand breaks hostbased authentication.
#856: scp hangs on FIFOs rather than erroring
#891: possible problem with non-printing characters during scp copy
#1196: SIGINT is ignored by SSHD in case of privilegeseparation yes
#1220: Fix error messages for multiple mechanism GSSAPI libraries
#1224: ssh-add man page does not fully describe -d
#1225: Tidy up GSSAPI code
#1232: "LocalCommand" is executed before session is set up
#1236: SCP inappropriate truncate error when copying to FIFO file
#1261: Timed out command through ControlMaster yields 0 return value.
#1286: SFTP keeps reading input until it runs out of buffer space
#1243: Multiple including of paths.h on AIX 5.1 systems.
#1262: ssh disconnect message from master control is confusing
#1287: Use getpeerucred on Solaris
#1294: includes.h should pull in string.h based on HAVE_STRING_H
#1299: Remove redefinition of _res in getrrsetbyname.c
#1306: Spurious : "chan_read_failed for istate 3" errors from sshd
#1325: SELinux support broken when SELinux is in permissive mode
#1339: pam_dhkeys doesn't work
#1343: Privilege separation does not work on QNX
There is also #1322 (pam_abl) which has not been applied, but I'm not
sure about that one (so if you use PAM, please try the latest patch from
that bug, even if you don't use pam_abl or equivalent).
Thanks to all who contributed.
More detail may be found in the ChangeLog in the portable OpenSSH
tarballs.
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable snapshots are available at:
http://www.mindrot.org/openssh_snap/
Running the regression tests supplied with Portable does not require
installation and is a simply:
$ ./configure && make tests
Testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev at mindrot.org.
Thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
On Aug 16 00:28, Darren Tucker wrote:> Hi All. > > OpenSSH 4.7 is preparing for release so we are asking for any interested > folks to please test a snapshot. The main changes are:Builds OOTB on Cygwin. Testsuite runs fine. Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat
Darren Tucker wrote:> * The SSH channel window size has been increased, which improves > performance on high-BDP networks.While I'm a fan of larger buffers I'm also leery of arbitrarily increasing buffer sizes statically. While a larger buffer will help in bulk data transfers it can be a hindrance in other situations. In this case I'm mostly concerned about issues relating to overbuffering in interactive sessions. Has the dev team looked at this? BTW: builds and tests fine under OS X 10.4.10 (Darwin 8.10.0 Darwin Kernel Version 8.10.0: Wed May 23 16:50:59 PDT 2007; root:xnu-792.21.3~1/RELEASE_PPC Power Macintosh unknown PowerBook6,4 Darwin) And linux 2.6.16 Linux 2.6.16-web100 #1 SMP Wed Feb 7 09:59:18 EST 2007 i686 i686 i386 GNU/Linux
Hi, On Thu, Aug 16, 2007 at 12:28:32AM +1000, Darren Tucker wrote:> OpenSSH 4.7 is preparing for release so we are asking for any interested > folks to please test a snapshot.Tested on NetBSD 2.0.3_STABLE on Sparc64. Configures, compiles, and runs "make tests" without complaints. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
On 8/15/07, Darren Tucker <dtucker at zip.com.au> wrote:> Hi All. > > OpenSSH 4.7 is preparing for release so we are asking for any interested > folks to please test a snapshot. The main changes are: > Running the regression tests supplied with Portable does not require > installation and is a simply: > > $ ./configure && make testsAll tests succesful on x86_64-unknown-linux-gnu (debian etch) Well done, and keep up the good work. I'll test on solaris 8/10 in the morning -- Mark Janssen -- maniac(at)maniac.nl -- pgp: 0x357D2178 | ,''`. | Unix / Linux Open-Source and Internet Consultant @ Snow.nl | : :' : | Maniac.nl MarkJanssen.nl NerdNet.nl Unix.nl | `. `' | Skype: markmjanssen ICQ: 129696007 irc: FooBar on undernet | `- |
On Thu, 16 Aug 2007, Darren Tucker wrote:> Running the regression tests supplied with Portable does not require > installation and is a simply: > > $ ./configure && make testsOn CentOS 5 on i386, I see the following warnings: mac.c: In function 'mac_compute': mac.c:131: warning: format '%lu' expects type 'long unsigned int', but argument 3 has type 'unsigned int' ssh.c: In function 'control_client': ssh.c:1475: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'unsigned int' readconf.c: In function 'process_config_line': readconf.c:695: warning: dereferencing type-punned pointer will break strict-aliasing rules servconf.c: In function 'process_server_config_line': servconf.c:979: warning: dereferencing type-punned pointer will break strict-aliasing rules servconf.c:990: warning: dereferencing type-punned pointer will break strict-aliasing rules sftp.c: In function 'parse_dispatch_command': sftp.c:1031: warning: 'n_arg' may be used uninitialized in this function sftp.c:1030: warning: 'iflag' may be used uninitialized in this function sftp.c:1030: warning: 'lflag' may be used uninitialized in this function sftp.c:1030: warning: 'pflag' may be used uninitialized in this function Make tests fails with the following: ... run test login-timeout.sh ... ssh: connect to host 127.0.0.1 port 4242: Connection refused ssh connect after login grace timeout failed without privsep failed connect after login grace timeout make[1]: *** [t-exec] Error 1 I ran this as a regular user. My configure flags were --with-tcp-wrappers --with-md5-passwords --with-privsep-path=/var/empty/sshd. HTH.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Once upon a time, Darren Tucker <dtucker at zip.com.au> said:> OpenSSH 4.7 is preparing for release so we are asking for any interested > folks to please test a snapshot. The main changes are:openssh-SNAP-20070816.tar.gz passes testing on Tru64 5.1B. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
--- Darren Tucker <dtucker at zip.com.au> wrote:> $ ./configure && make testsopenssh-SNAP-20070816 on Solaris 8, Sun Forte 7 C 5.4, 64-bit, YASSP, OpenSSL 0.9.8e, /dev/random: Manpage format: man PAM support: yes OSF SIA support: no KerberosV support: no SELinux support: no Smartcard support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no libedit support: no Solaris process contract support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: sparc-sun-solaris2.8 Compiler: cc Compiler flags: -xtarget=ultra -xarch=v9 Preprocessor flags: -I/opt/local/ssl/include -D_XOPEN_SOURCE=500 -D__EXTENSIONS__ Linker flags: -L/opt/local/ssl/lib -R/opt/local/ssl/lib -xtarget=ultra -xarch=v9 -L/opt/local/ssl/lib/64 Libraries: -lpam -ldl -lresolv -lcrypto -lrt -lz -lsocket -lnsl No errors reported. openssh-SNAP-20070816 on Solaris 10, Sun Forte 7 C 5.7, 64-bit, OpenSSL 0.9.8e, /dev/random: Manpage format: man PAM support: yes OSF SIA support: no KerberosV support: no SELinux support: no Smartcard support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no libedit support: no Solaris process contract support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: sparc-sun-solaris2.10 Compiler: cc Compiler flags: -xtarget=ultra -xarch=v9 Preprocessor flags: -I/opt/local/ssl/include -D_XOPEN_SOURCE=500 -D__EXTENSIONS__ Linker flags: -L/opt/local/ssl/lib -R/opt/local/ssl/lib -xtarget=ultra -xarch=v9 -L/opt/local/ssl/lib/64 Libraries: -lpam -ldl -lresolv -lcrypto -lrt -lz -lsocket -lnsl No errors reported. Cheers, -Thomas ____________________________________________________________________________________ Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool. http://autos.yahoo.com/carfinder/
On Thu, 16 Aug 2007, Darren Tucker wrote:> Running the regression tests supplied with Portable does not require > installation and is a simply: > > $ ./configure && make testsI tested on NetBSD-current/i386 (version 4.99.27). There was no configure script in the code that I obtained from "cvs -d anoncvs at anoncvs.mindrot.org:/cvs checkout openssh". I managed to generate a configure script via "autoreconf", and the configure script appeared to work. make tests failed with the following error: run test connect.sh ... Missing privilege separation directory: /var/empty FATAL: sshd_proxy broken *** Error code 1 I created /var/empty (as root) and then ran "make tests" again (as an unprivileged user). This time, "make tests" complained about some unrecognised syntax in my .ssh/config file. OK, the file did contain syntax that I didn't expect an unpatched vesion of openssh to understand, but it seems liek an error for the tests to use whatever random contant I happen to have in my configuration file. Surely the tests should use "-F /dev/null", or "-F ${special_configuration_file}"? I moved by .ssh directory aside and tried "make tests" again. This time, "make tests" succeeded. However, it created an empty $HOME/.ssh directory. I think it's rude for a test suite to create any non-temporary files or directories. --apb (Alan Barrett)
Darren Tucker wrote:> > OpenSSH 4.7 is preparing for release so we are asking for any interested > folks to please test a snapshot.Running "make tests" with openssh-SNAP-20070817 on AIX 5.1 ML9, AIX 5.2 TL9 and AIX 5.3 TL6 SP3 all looked good (minus the few expected skipped tests). I noticed a few informational and warning messages on the AIX 5.3 system (I didn't pay attention on the older systems). In port-aix.c: "/usr/include/syms.h", line 288.9: 1506-236 (W) Macro name T_NULL has been redefined. "/usr/include/syms.h", line 288.9: 1506-358 (I) "T_NULL" is defined on line 150 of /usr/include/arpa/onameser_compat.h. In serverloop.c: "serverloop.c", line 845.21: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. In sftp-client.c: "sftp-client.c", line 1066.62: 1506-280 (W) Function argument assignment between types "long long*" and "unsigned long long*" is not allowed. -- Hello World. David Bronder - Systems Admin Segmentation Fault ITS-SPA, Univ. of Iowa Core dumped, disk trashed, quota filled, soda warm. david-bronder at uiowa.edu
Possibly Parallel Threads
- AIX compilation issues - openssh V 3.8.1p1 and 3.9p1
- [patch] ./configure problem on Solaris with Sun's CC
- samba 64 for Solaris
- Samba 2.2.4 make fails on Solaris 8 (Ultra Sparc III) using Sun F orte 6-update 2 compilers
- Samba 2.2.4 make fails on Solaris 8 (Ultra Sparc III) using Sun Forte 6-update 2 compilers