openssh unix dev - Feb 2016 - Call for testing: OpenSSH 7.2

Hi,

OpenSSH 7.2 is almost ready for release, so we would appreciate
testing on as many platforms and systems as possible. This release
contains many bugfixes and several new features.

The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html

Portable OpenSSH is available via Git at
https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
https://github.com/openssh/openssh-portable

Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:

$ autoreconf && ./configure && make tests

Live testing on suitable non-production systems is also
appreciated. Please send reports of success or failure to
openssh-unix-dev at mindrot.org.

Below is a summary of changes. More detail may be found in the git
revision log.

Thanks to the many people who contributed to this release.

Future deprecation notice
========================
We plan on retiring more legacy cryptography in a near-future
release, specifically:

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

This list reflects our current intentions, but please check the final
release notes for future releases.

Potentially-incompatible changes
===============================
This release disables a number of legacy cryptographic algorithms
by default in ssh:

 * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants
   and the rijndael-cbc aliases for AES.

 * MD5-based and truncated HMAC algorithms.

These algorithms are already disabled by default in sshd.

Changes since OpenSSH 7.1p2
==========================
This is primarily a bugfix release.

Security
--------

 * ssh(1), sshd(8): remove unfinished and unused roaming code (was
   already forcibly disabled in OpenSSH 7.1p2).
 
 * ssh(1): eliminate fallback from untrusted X11 forwarding to
   trusted forwarding when the X server disables the SECURITY
   extension.

 * ssh(1), sshd(8): increase the minimum modulus size supported for
   diffie-hellman-group-exchange to 2048 bits.

New Features
------------

 * all: add support for RSA signatures using SHA-256/512 hash
   algorithms based on draft-rsa-dsa-sha2-256-03.txt and
   draft-ssh-ext-info-04.txt.

 * ssh(1): Add an AddKeysToAgent client option which can be set to
   'yes', 'no', 'ask', or 'confirm', and
defaults to 'no'.  When
   enabled, a private key that is used during authentication will be
   added to ssh-agent if it is running (with confirmation enabled if
   set to 'confirm').
 
 * sshd(8): add a new authorized_keys option "restrict" that includes
   all current and future key restrictions (no-*-forwarding, etc.).
   Also add permissive versions of the existing restrictions, e.g.
   "no-pty" -> "pty". This simplifies the task of setting
up
   restricted keys and ensures they are maximally-restricted,
   regardless of any permissions we might implement in the future.
    
 * ssh(1): add ssh_config CertificateFile option to explicitly list
   certificates. bz#2436
 
 * ssh-keygen(1): allow ssh-keygen to change the key comment for all
   supported formats.

 * ssh-keygen(1): allow fingerprinting from standard input, e.g.
   "ssh-keygen -lf -"

 * ssh-keygen(1): allow fingerprinting multiple public keys in a
   file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319

 * sshd(8): support "none" as an argument for sshd_config
   Foreground and ChrootDirectory. Useful inside Match blocks to
   override a global default. bz#2486

 * ssh-keygen(1): support multiple certificates (one per line) and
   reading from standard input (using "-f -") for "ssh-keygen
-L"
    
 * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow fetching
   certificates instead of plain keys.
 
 * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
   hostname canonicalisation - treat them as already canonical and
   trailing '.' before matching ssh_config.

Bugfixes
--------

 * sftp(1): existing destination directories should not terminate
   recursive uploads (regression in openssh 6.8) bz#2528

 * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED
   replies to unexpected messages during key exchange. bz#2949

 * ssh(1): refuse attempts to set ConnectionAttempts=0, which does
   not make sense and would cause ssh to print an uninitialised stack
   variable. bz#2500

 * ssh(1): fix errors when attempting to connect to scoped IPv6
   addresses with hostname canonicalisation enabled.

 * sshd_config(5): list a couple more options usable in Match blocks.
   bz#2489

 * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block.
    
 * ssh(1): expand tilde characters in filenames passed to -i options
   before checking whether or not the identity file exists. Avoids
   confusion for cases where shell doesn't expand (e.g. "-i
~/file"
   vs. "-i~/file"). bz#2481

 * ssh(1): do not prepend "exec" to the shell command run by
"Match
   exec" in a config file, which could cause some commands to fail
   in certain environments. bz#2471

 * ssh-keyscan(1): fix output for multiple hosts/addrs on one line
   when host hashing or a non standard port is in use bz#2479
 
 * sshd(8): skip "Could not chdir to home directory" message when
   ChrootDirectory is active. bz#2485

 * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump.
    
 * sshd(8): avoid changing TunnelForwarding device flags if they are
   already what is needed; makes it possible to use tun/tap
   networking as non-root user if device permissions and interface
   flags are pre-established

 * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet.
   bz#2521

 * ssh(1): fix multiplexing master failure to notice client exit.

 * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present
   empty key IDs. bz#1773

 * sshd(8): avoid printf of NULL argument. bz#2535  

 * ssh(1), sshd(8): allow RekeyLimits larger than 4GB. bz#2521
 
 * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL signature
   support.

 * ssh(1), sshd(8): fix connections with peers that use the key
   exchange guess feature of the protocol. bz#2515

 * sshd(8): include remote port number in log messages. bz#2503

 * ssh(1): don't try to load SSHv1 private key when compiled without
   SSHv1 support. bz#2505

 * ssh-agent(1), ssh(1): fix incorrect error messages during key
   loading and signing errors. bz#2507

 * ssh-keygen(1): don't leave empty temporary files when performing
   known_hosts file edits when known_hosts doesn't exist.

 * sshd(8): correct packet format for tcpip-forward replies for
   requests that don't allocate a port bz#2509

 * ssh(1), sshd(8): fix possible hang on closed output. bz#2469
    
 * ssh(1): expand %i in ControlPath to UID. bz#2449

 * ssh(1), sshd(8): fix return type of openssh_RSA_verify. bz#2460
 
 * ssh(1), sshd(8): fix some option parsing memory leaks. bz#2182

 * ssh(1): add a some debug output before DNS resolution; it's a
   place where ssh could previously silently stall in cases of
   unresponsive DNS servers. bz#2433
    
 * ssh(1): remove spurious newline in visual hostkey. bz#2686
 
 * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+...
 
 * ssh(1): fix expansion of HostkeyAlgorithms=+...

Documentation
-------------

 * ssh_config(5), sshd_config(5): update default algorithm lists to
   match current reality. bz#2527

 * ssh(1): mention -Q key-plain and -Q key-cert query options.
   bz#2455

 * sshd_config(8): more clearly describe what AuthorizedKeysFile=none
   does.

 * ssh_config(5): better document ExitOnForwardFailure. bz#2444  

 * sshd(5): mention internal DH-GEX fallback groups in manual.
   bz#2302

 * sshd_config(5): better description for MaxSessions option.
   bz#2531

Portability
-----------

 * ssh(1), sftp-server(8), ssh-agent(1), sshd(8): Support Illumos/
   Solaris fine-grained privileges. Including a pre-auth privsep
   sandbox and several pledge() emulations. bz#2511

 * Renovate redhat/openssh.spec, removing deprecated options and
   syntax.

 * configure: allow --without-ssl-engine with --without-openssl
 
 * sshd(8): fix multiple authentication using S/Key. bz#2502

 * sshd(8): read back from libcrypto RAND_* before dropping
   privileges.  Avoids sandboxing violations with BoringSSL.

 * Fix name collision with system-provided glob(3) functions.
   bz#2463

 * Adapt Makefile to use ssh-keygen -A when generating host keys.
   bz#2459
 
 * configure: correct default value for --with-ssh1 bz#2457

 * configure: better detection of _res symbol bz#2259

 * support getrandom() syscall on Linux

Reporting Bugs:
==============
- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh at openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.

On February 11, 2016 10:57 PM, Damien Miller wrote
> To: openssh-unix-dev at mindrot.org
> Subject: Call for testing: OpenSSH 7.2
> OpenSSH 7.2 is almost ready for release, so we would appreciate testing on
> as many platforms and systems as possible. This release contains many
> bugfixes and several new features.
[snip[

Hi Damien,
I am porting 7.1 P2 to HPE NonStop NSE. Once that is done, I would be happy
to test on that platform.

Regards,
Randall

>
>   * ssh(1): refuse attempts to set ConnectionAttempts=0, which does
>     not make sense and would cause ssh to print an uninitialised stack
>     variable. bz#2500
When using connection multiplexing, I sometimes set ConnectionAttempts 
to 0 in order to avoid opening a new connection when the remote side 
refuses to create new sessions after the top defined by MaxSessions is 
reached.

Having a way to avoid that fall-back behavior is important when writing 
automation scripts. Otherwise, authentication prompts may appear at any 
time, and scripts would have to cope with it.

Hi Damien,

On Feb 12 14:56, Damien Miller wrote:
> Hi,
> 
> OpenSSH 7.2 is almost ready for release, so we would appreciate
> testing on as many platforms and systems as possible. This release
> contains many bugfixes and several new features.
> 
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
> 
> Portable OpenSSH is available via Git at
> https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
> https://github.com/openssh/openssh-portable
> 
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> 
> $ autoreconf && ./configure && make tests
Built and tested on current Cygwin 2.4.1 x86_64.  Builds OOTB, all tests
pass.


Thanks,
Corinna

-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160212/7bc39da1/attachment.bin>

On Fri, Feb 12, 2016 at 02:56:30PM +1100, Damien Miller
wrote:
> OpenSSH 7.2 is almost ready for release, so we would appreciate
> testing on as many platforms and systems as possible. This release
> contains many bugfixes and several new features.
[...]
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> 
> $ autoreconf && ./configure && make tests
Debian unstable i386 and Ubuntu 16.04 (development branch) amd64; all
tests passed on both.  I noticed a warning in my Debian environment
which might be worth cleaning up:

packet.c: In function ?ssh_packet_need_rekeying?:
packet.c:1068:48: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
      state->rekey_time + state->rekey_interval <= monotime())
                                                ^

Thanks,

-- 
Colin Watson                                       [cjwatson at debian.org]

On 02/12/2016 04:56 AM, Damien Miller wrote:
>   * all: add support for RSA signatures using SHA-256/512 hash
>     algorithms based on draft-rsa-dsa-sha2-256-03.txt and
>     draft-ssh-ext-info-04.txt.
So far I hit one memory leak in HostKey signing code (see attached 
patch). There might be more that were not hit in our use case.

Regards,

-- 
Jakub Jelen
Security Technologies
Red Hat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-7.2p1-memleak.patch
Type: text/x-patch
Size: 302 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160215/29878c7d/attachment.bin>

On 02/15/2016 10:26 AM, Jakub Jelen wrote:
> On 02/12/2016 04:56 AM, Damien Miller wrote:
>>   * all: add support for RSA signatures using SHA-256/512 hash
>>     algorithms based on draft-rsa-dsa-sha2-256-03.txt and
>>     draft-ssh-ext-info-04.txt.
> So far I hit one memory leak in HostKey signing code (see attached 
> patch). There might be more that were not hit in our use case.
>
Of course there should have been `alg` instead of `sig` in the patch.

Otherwise all the tests passes (without downstream patches) on recent 
Fedora 23.

-- 
Jakub Jelen
Security Technologies
Red Hat

On 02/12/2016 04:56 AM, Damien Miller wrote:
> Hi,
>
> OpenSSH 7.2 is almost ready for release, so we would appreciate
> testing on as many platforms and systems as possible. This release
> contains many bugfixes and several new features.
Hi there,

Would it be possible to cover also ssh-copy-id with recent fixes in this 
release? The accepted patches went to the Philip Hands repo so far:
http://git.hands.com/?p=ssh-copy-id.git;

Regards,

-- 
Jakub Jelen
Security Technologies
Red Hat

Just tested this on the old BSD/OS machine

works with openssl 1.0.2X

Openssl 1.1.X  issues

cipher.h  in openssl 1.1  needs to read

struct sshcipher;
struct sshcipher_ctx {
        int     plaintext;
        int     encrypt;
        struct evp_cipher_ctx_st *evp;
        struct chachapoly_ctx cp_ctx; /* XXX union with evp? */
        struct aesctr_ctx ac_ctx; /* XXX union with evp? */
        const struct sshcipher *cipher;
};
   

I am running into issues with sshkey.c


gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv
-fno-builtin-memset -I. -I. -I/usr/contrib//include  -DSSHDIR=\"/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/contrib/bin/ssh\" 
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/contrib/libexec/ssh-askpass\" 
-D_PATH_SFTP_SERVER=\"/usr/contrib/libexec/sftp-server\" 
-D_PATH_SSH_KEY_SIGN=\"/usr/contrib/libexec/ssh-keysign\" 
-D_PATH_SSH_PKCS11_HELPER=\"/usr/contrib/libexec/ssh-pkcs11-helper\" 
-D_PATH_SSH_PIDDIR=\"/var/run\" 
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey.c
-o sshkey.o
sshkey.c: In function `fingerprint_b64':
sshkey.c:936: warning: implicit declaration of function `strlcpy'
sshkey.c:937: warning: implicit declaration of function `strlcat'
sshkey.c: In function `sshkey_ecdsa_key_to_nid':
sshkey.c:1574: warning: `eg' might be used uninitialized in this function
sshkey.c: In function `sshkey_private_to_blob2':
sshkey.c:3026: warning: `keylen' might be used uninitialized in this
function
sshkey.c:3026: warning: `ivlen' might be used uninitialized in this function
sshkey.c: In function `sshkey_parse_private_pem_fileblob':
sshkey.c:3787: dereferencing pointer to incomplete type
sshkey.c:3802: dereferencing pointer to incomplete type
sshkey.c:3814: dereferencing pointer to incomplete type  

line 3787  

  if (pk->type == EVP_PKEY_RSA &&

line 3802

      } else if (pk->type == EVP_PKEY_DSA &&

line 3814

} else if (pk->type == EVP_PKEY_EC &&

Now  

  EVP_PKEY *pk = NULL;

and

/usr/contrib/include/openssl/ossl_typ.h:typedef struct evp_pkey_st EVP_PKEY;

Any issue?


-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Broadcasting the truth for 25 years

On Mon, 15 Feb 2016, Jakub Jelen wrote:
> On 02/12/2016 04:56 AM, Damien Miller wrote:
> > Hi,
> > 
> > OpenSSH 7.2 is almost ready for release, so we would appreciate
> > testing on as many platforms and systems as possible. This release
> > contains many bugfixes and several new features.
> Hi there,
> 
> Would it be possible to cover also ssh-copy-id with recent fixes in this
> release? The accepted patches went to the Philip Hands repo so far:
> http://git.hands.com/?p=ssh-copy-id.git;
Done - thanks.

-d

On Mon, 15 Feb 2016, The Doctor wrote:
> Just tested this on the old BSD/OS machine
>
> works with openssl 1.0.2X
>
> Openssl 1.1.X issues
Thanks for testing.

OpenSSH won't work with OpenSSL until someone ports it and writes
compat shims to make it work with both OpenSSL 1.0.x and 1.1.x. The
1.1.x series breaks source compatibility by making a heap of structures
opaque, including EVP_PKEY which is causing your compile problems in
sshkey.c

Porting is a fair bit of work, since at least some of the the newly-
opaque structs have not previously had accessor functions available, so
I have no intention of starting the effort until 1.1.x is at least in
beta (no point in wasting time on a moving target). It would help if
OpenSSL publish more detailed migration information than is currently
present in https://www.openssl.org/news/openssl-1.1.0-notes.html -
including a full list of things that have been made opaque and some
links to the accessor functions for things that were previously only
reachable directly.

-d

The Solaris privilege code breaks building on Solaris 10.  If
you let configure just do its thing, you get the following error
when compiling:

"sandbox-solaris.c", line 22: #error: "--with-solaris-privs must
be used
with the Solaris sandbox"

So, I did add "--with-solaris-privs" to the command line for
configure, but then I got the following error messages:

Undefined                       first referenced
  symbol                             in file
priv_basicset openbsd-compat//libopenbsd-compat.a(port-solaris.o)
ld: fatal: symbol referencing errors. No output written to ssh

The function priv_basicset doesn't appear to exist on Solaris 10.

If I set --with-sandbox=none, the compile and "make tests" succeed
(except for the SUDO test, since sudo isn't in the path, and it
wouldn't work without munging the config anyway).

Damien Miller wrote:
> Hi,
>
> OpenSSH 7.2 is almost ready for release, so we would appreciate
> testing on as many platforms and systems as possible. This release
> contains many bugfixes and several new features.
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is available via Git at
> https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ autoreconf && ./configure && make tests
>
> Live testing on suitable non-production systems is also
> appreciated. Please send reports of success or failure to
> openssh-unix-dev at mindrot.org.
>
> Below is a summary of changes. More detail may be found in the git
> revision log.
>
> Thanks to the many people who contributed to this release.
>
> Future deprecation notice
> ========================>
> We plan on retiring more legacy cryptography in a near-future
> release, specifically:
>
>   * Refusing all RSA keys smaller than 1024 bits (the current minimum
>     is 768 bits)
>
> This list reflects our current intentions, but please check the final
> release notes for future releases.
>
> Potentially-incompatible changes
> ===============================>
> This release disables a number of legacy cryptographic algorithms
> by default in ssh:
>
>   * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants
>     and the rijndael-cbc aliases for AES.
>
>   * MD5-based and truncated HMAC algorithms.
>
> These algorithms are already disabled by default in sshd.
>
> Changes since OpenSSH 7.1p2
> ==========================>
> This is primarily a bugfix release.
>
> Security
> --------
>
>   * ssh(1), sshd(8): remove unfinished and unused roaming code (was
>     already forcibly disabled in OpenSSH 7.1p2).
>   
>   * ssh(1): eliminate fallback from untrusted X11 forwarding to
>     trusted forwarding when the X server disables the SECURITY
>     extension.
>
>   * ssh(1), sshd(8): increase the minimum modulus size supported for
>     diffie-hellman-group-exchange to 2048 bits.
>
> New Features
> ------------
>
>   * all: add support for RSA signatures using SHA-256/512 hash
>     algorithms based on draft-rsa-dsa-sha2-256-03.txt and
>     draft-ssh-ext-info-04.txt.
>
>   * ssh(1): Add an AddKeysToAgent client option which can be set to
>     'yes', 'no', 'ask', or 'confirm', and
defaults to 'no'.  When
>     enabled, a private key that is used during authentication will be
>     added to ssh-agent if it is running (with confirmation enabled if
>     set to 'confirm').
>   
>   * sshd(8): add a new authorized_keys option "restrict" that
includes
>     all current and future key restrictions (no-*-forwarding, etc.).
>     Also add permissive versions of the existing restrictions, e.g.
>     "no-pty" -> "pty". This simplifies the task of
setting up
>     restricted keys and ensures they are maximally-restricted,
>     regardless of any permissions we might implement in the future.
>      
>   * ssh(1): add ssh_config CertificateFile option to explicitly list
>     certificates. bz#2436
>   
>   * ssh-keygen(1): allow ssh-keygen to change the key comment for all
>     supported formats.
>
>   * ssh-keygen(1): allow fingerprinting from standard input, e.g.
>     "ssh-keygen -lf -"
>
>   * ssh-keygen(1): allow fingerprinting multiple public keys in a
>     file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319
>
>   * sshd(8): support "none" as an argument for sshd_config
>     Foreground and ChrootDirectory. Useful inside Match blocks to
>     override a global default. bz#2486
>
>   * ssh-keygen(1): support multiple certificates (one per line) and
>     reading from standard input (using "-f -") for
"ssh-keygen -L"
>      
>   * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow
fetching
>     certificates instead of plain keys.
>   
>   * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org.')
in
>     hostname canonicalisation - treat them as already canonical and
>     trailing '.' before matching ssh_config.
>
> Bugfixes
> --------
>
>   * sftp(1): existing destination directories should not terminate
>     recursive uploads (regression in openssh 6.8) bz#2528
>
>   * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED
>     replies to unexpected messages during key exchange. bz#2949
>
>   * ssh(1): refuse attempts to set ConnectionAttempts=0, which does
>     not make sense and would cause ssh to print an uninitialised stack
>     variable. bz#2500
>
>   * ssh(1): fix errors when attempting to connect to scoped IPv6
>     addresses with hostname canonicalisation enabled.
>
>   * sshd_config(5): list a couple more options usable in Match blocks.
>     bz#2489
>
>   * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match
block.
>      
>   * ssh(1): expand tilde characters in filenames passed to -i options
>     before checking whether or not the identity file exists. Avoids
>     confusion for cases where shell doesn't expand (e.g. "-i
~/file"
>     vs. "-i~/file"). bz#2481
>
>   * ssh(1): do not prepend "exec" to the shell command run by
"Match
>     exec" in a config file, which could cause some commands to fail
>     in certain environments. bz#2471
>
>   * ssh-keyscan(1): fix output for multiple hosts/addrs on one line
>     when host hashing or a non standard port is in use bz#2479
>   
>   * sshd(8): skip "Could not chdir to home directory" message
when
>     ChrootDirectory is active. bz#2485
>
>   * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump.
>      
>   * sshd(8): avoid changing TunnelForwarding device flags if they are
>     already what is needed; makes it possible to use tun/tap
>     networking as non-root user if device permissions and interface
>     flags are pre-established
>
>   * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet.
>     bz#2521
>
>   * ssh(1): fix multiplexing master failure to notice client exit.
>
>   * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present
>     empty key IDs. bz#1773
>
>   * sshd(8): avoid printf of NULL argument. bz#2535
>
>   * ssh(1), sshd(8): allow RekeyLimits larger than 4GB. bz#2521
>   
>   * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL signature
>     support.
>
>   * ssh(1), sshd(8): fix connections with peers that use the key
>     exchange guess feature of the protocol. bz#2515
>
>   * sshd(8): include remote port number in log messages. bz#2503
>
>   * ssh(1): don't try to load SSHv1 private key when compiled without
>     SSHv1 support. bz#2505
>
>   * ssh-agent(1), ssh(1): fix incorrect error messages during key
>     loading and signing errors. bz#2507
>
>   * ssh-keygen(1): don't leave empty temporary files when performing
>     known_hosts file edits when known_hosts doesn't exist.
>
>   * sshd(8): correct packet format for tcpip-forward replies for
>     requests that don't allocate a port bz#2509
>
>   * ssh(1), sshd(8): fix possible hang on closed output. bz#2469
>      
>   * ssh(1): expand %i in ControlPath to UID. bz#2449
>
>   * ssh(1), sshd(8): fix return type of openssh_RSA_verify. bz#2460
>   
>   * ssh(1), sshd(8): fix some option parsing memory leaks. bz#2182
>
>   * ssh(1): add a some debug output before DNS resolution; it's a
>     place where ssh could previously silently stall in cases of
>     unresponsive DNS servers. bz#2433
>      
>   * ssh(1): remove spurious newline in visual hostkey. bz#2686
>   
>   * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+...
>   
>   * ssh(1): fix expansion of HostkeyAlgorithms=+...
>
> Documentation
> -------------
>
>   * ssh_config(5), sshd_config(5): update default algorithm lists to
>     match current reality. bz#2527
>
>   * ssh(1): mention -Q key-plain and -Q key-cert query options.
>     bz#2455
>
>   * sshd_config(8): more clearly describe what AuthorizedKeysFile=none
>     does.
>
>   * ssh_config(5): better document ExitOnForwardFailure. bz#2444
>
>   * sshd(5): mention internal DH-GEX fallback groups in manual.
>     bz#2302
>
>   * sshd_config(5): better description for MaxSessions option.
>     bz#2531
>
> Portability
> -----------
>
>   * ssh(1), sftp-server(8), ssh-agent(1), sshd(8): Support Illumos/
>     Solaris fine-grained privileges. Including a pre-auth privsep
>     sandbox and several pledge() emulations. bz#2511
>
>   * Renovate redhat/openssh.spec, removing deprecated options and
>     syntax.
>
>   * configure: allow --without-ssl-engine with --without-openssl
>   
>   * sshd(8): fix multiple authentication using S/Key. bz#2502
>
>   * sshd(8): read back from libcrypto RAND_* before dropping
>     privileges.  Avoids sandboxing violations with BoringSSL.
>
>   * Fix name collision with system-provided glob(3) functions.
>     bz#2463
>
>   * Adapt Makefile to use ssh-keygen -A when generating host keys.
>     bz#2459
>   
>   * configure: correct default value for --with-ssh1 bz#2457
>
>   * configure: better detection of _res symbol bz#2259
>
>   * support getrandom() syscall on Linux
>
> Reporting Bugs:
> ==============>
> - Please read http://www.openssh.com/report.html
>    Security bugs should be reported directly to openssh at openssh.com
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
-- 
           Jeff Wieland            |         Purdue University
    Network Systems Administrator  |        ITIS UNIX Platforms
        Voice: (765)496-8234       |        155 S. Grant Street
         FAX: (765)496-1380        |      West Lafayette, IN 47907

Hi,

On Fri, Feb 12, 2016 at 02:56:30PM +1100, Damien Miller
wrote:
> OpenSSH 7.2 is almost ready for release, so we would appreciate
> testing on as many platforms and systems as possible. This release
> contains many bugfixes and several new features.
According to bdcb7:sshd_config.5, UsePrivilegeSeparation is set to
"sandbox" by default.
But default in servconf.c is PRIVSEP_NOSANDBOX.

I suppose, we should sync servconf.c and sshd_config with documentation:

--- a/servconf.c
+++ b/servconf.c
@@ -362,7 +362,7 @@ fill_default_server_options(ServerOptions *options)
 
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
-		use_privsep = PRIVSEP_NOSANDBOX;
+		use_privsep = PRIVSEP_ON;
 
 #define CLEAR_ON_NONE(v) \
 	do { \
--- a/sshd_config
+++ b/sshd_config
@@ -107,7 +107,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-UsePrivilegeSeparation sandbox		# Default for new installations.
+#UsePrivilegeSeparation sandbox
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

-- 
glebfm

Sorry, I haven't been paying too much attention here, but I'm having
repeated failures when I tried this morning.

NetBSD-current:
test_sshkey: ..................................[1]   Segmentation fault
(core dumped) ${V} /home/htodd...
*** Error code 139

NetBSD-7:
test_hostkeys:
regress/unittests/hostkeys/test_iterate.c:163 test #1 "hostkeys_iterate all
with key parse"
ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file),
&expected[i].l.key, NULL), 0) failed:
sshkey_load_public( test_data_file(expected[i].key_file),
&expected[i].l.key, NULL) = -24
            0 = 0
[1]   Abort trap (core dumped) ${V} /home/htodd...
*** Error code 134

MacOS whatever it is that's current El Capitan:
checking OpenSSL header version... not found
configure: error: OpenSSL version header not found.

-- 
Hisashi T Fujinaka - htodd at twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee

On 12/02/16 04:56, Damien Miller wrote:
> Portable OpenSSH is available via Git at
> https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
> https://github.com/openssh/openssh-portable
>
Building V_7_1_P1-189-g5ac712d on Solaris 2.6 fails:
make[1]: Entering directory 
`/export/home/tgc/buildpkg/openssh/src/openssh-git/openbsd-compat'
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare 
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing 
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all 
-I. -I.. -I. -I./.. -I/usr/tgcware/include -DHAVE_CONFIG_H -c bsd-asprintf.c
bsd-asprintf.c:50:13: error: macro "va_start" requires 2 arguments,
but
only 1 given
bsd-asprintf.c: In function 'vasprintf':
bsd-asprintf.c:50: error: 'va_start' undeclared (first use in this
function)
bsd-asprintf.c:50: error: (Each undeclared identifier is reported only once
bsd-asprintf.c:50: error: for each function it appears in.)
make[1]: *** [bsd-asprintf.o] Error 1
make[1]: Leaving directory 
`/export/home/tgc/buildpkg/openssh/src/openssh-git/openbsd-compat'
make: *** [openbsd-compat/libopenbsd-compat.a] Error 2

I removed the call to va_start just to see if there would be any other 
errors lurking and there is:
gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o 
sshconnect1.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ 
-R/usr/tgcware/lib -L/usr/tgcware/lib -Wl,-z,now -fstack-protector-all 
-lssh -lopenbsd-compat  -lcrypto -lposix4 -ldl -lresolv -lz -lsocket
ld: warning: symbol `umac_ctx' has differing sizes:
         (file ./libssh.a(umac.o) value=0x5ec; file 
./libssh.a(umac128.o) value=0x684);
         ./libssh.a(umac128.o) definition taken
Undefined                       first referenced
  symbol                             in file
gethostbyname 
openbsd-compat//libopenbsd-compat.a(fake-rfc2553.o)  (symbol belongs to 
implicit dependency /usr/lib/libnsl.so.1)
gethostbyaddr 
openbsd-compat//libopenbsd-compat.a(fake-rfc2553.o)  (symbol belongs to 
implicit dependency /usr/lib/libnsl.so.1)
ld: fatal: Symbol referencing errors. No output written to ssh
collect2: ld returned 1 exit status
make: *** [ssh] Error 1

It looks like the check for yp_match previously ensured that -lnsl was 
added.

-tgc

On Tue, Feb 16, 2016 at 10:42:37PM +0100, Tom G. Christensen wrote:
[...]
> gethostbyname openbsd-compat//libopenbsd-compat.a(fake-rfc2553.o)  (symbol
> belongs to implicit dependency /usr/lib/libnsl.so.1)
I think this should fix this problem after applying and running
autoreconf to rebuild configure.  I'll look at the other problems
shortly.

diff --git a/configure.ac b/configure.ac
index 0b399ce..b4c0aaa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1314,8 +1314,10 @@ AC_SEARCH_LIBS([openpty], [util bsd])
 AC_SEARCH_LIBS([updwtmp], [util bsd])
 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
 
-# On some platforms, inet_ntop may be found in libresolv or libnsl.
+# On some platforms, inet_ntop and gethostbyname may be found in libresolv
+# or libnsl.
 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
+AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
 
 AC_FUNC_STRFTIME
 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

On Tue, Feb 16, 2016 at 10:42:37PM +0100, Tom G. Christensen
wrote:
> bsd-asprintf.c:50:13: error: macro "va_start" requires 2
arguments, but only
> 1 given
I think it's a problem with this commit:
https://anongit.mindrot.org/openssh.git/commit/openbsd-compat/bsd-asprintf.c?id=0f754e29dd3760fc0b172c1220f18b753fb0957e

Author: Damien Miller <djm at mindrot.org>
Date:   Fri Oct 16 10:53:14 2015 +1100

    need va_copy before va_start


diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c
index db57acc..d393dfc 100644
--- a/openbsd-compat/bsd-asprintf.c
+++ b/openbsd-compat/bsd-asprintf.c
@@ -47,7 +47,7 @@ vasprintf(char **str, const char *fmt, va_list ap)
 	char *string, *newstr;
 	size_t len;
 
-	va_start(ap);
+	va_start(ap, fmt);
 	VA_COPY(ap2, ap);
 	if ((string = malloc(INIT_SZ)) == NULL)
 		goto fail;

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

On Tue, Feb 16, 2016 at 01:28:42AM -0500, Jeff Wieland
wrote:
> The Solaris privilege code breaks building on Solaris 10.  If
> you let configure just do its thing, you get the following error
> when compiling:
> 
> "sandbox-solaris.c", line 22: #error: "--with-solaris-privs
must be used
> with the Solaris sandbox"
Could you please try this patch?  It adds priv_basicset to the test for
whether or not we have usable solaris privs support.  Note that you will
need to run "autoreconf" after applying the patch to rebuild
configure.

Thanks.

diff --git a/configure.ac b/configure.ac
index b4c0aaa..5b50b9e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -897,8 +897,10 @@ mips-sony-bsd|mips-sony-newsos4)
 		AC_MSG_RESULT([no])
 	fi
 	AC_CHECK_FUNC([setppriv],
-		[ AC_CHECK_HEADERS([priv.h], [
-			SOLARIS_PRIVS="yes"
+		AC_CHECK_FUNC([priv_basicset],
+			[ AC_CHECK_HEADERS([priv.h], [
+				SOLARIS_PRIVS="yes"
+			])
 		])
 	])
 	AC_ARG_WITH([solaris-contracts],

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

On Wed, Feb 17, 2016 at 3:51 AM, Hisashi T Fujinaka <htodd at
twofifty.com> wrote:
> Sorry, I haven't been paying too much attention here, but I'm
having
> repeated failures when I tried this morning.
>
> NetBSD-current:
> test_sshkey: ..................................[1]   Segmentation fault
> (core dumped) ${V} /home/htodd...
> *** Error code 139
did it produce a core dump?  if so, could you feed it to gdb and get a
backtrace?
> NetBSD-7:
> test_hostkeys:
> regress/unittests/hostkeys/test_iterate.c:163 test #1
"hostkeys_iterate all
> with key parse"
I just installed NetBSD 7.0 on a VM ("7.0 NetBSD 7.0
(GENERIC.201509250726Z) amd64") tp try to reproduce this however the
tests passed.  What architecture is this, and have any changes been
made to the system (eg, patches applied)?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

On Tue, 16 Feb 2016, Jeff Wieland wrote:
> The Solaris privilege code breaks building on Solaris 10.  If
> you let configure just do its thing, you get the following error
> when compiling:
> 
> "sandbox-solaris.c", line 22: #error: "--with-solaris-privs
must be used with
> the Solaris sandbox"
> 
> So, I did add "--with-solaris-privs" to the command line for
> configure, but then I got the following error messages:
I think this should fix it. It would be good if someone with recent Solaris/
Illumos that does have the fine-grained privilege support could test it too.

diff --git a/configure.ac b/configure.ac
index b4c0aaa..f614edf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -896,11 +896,8 @@ mips-sony-bsd|mips-sony-newsos4)
 	else
 		AC_MSG_RESULT([no])
 	fi
-	AC_CHECK_FUNC([setppriv],
-		[ AC_CHECK_HEADERS([priv.h], [
-			SOLARIS_PRIVS="yes"
-		])
-	])
+	AC_CHECK_FUNC([setppriv])
+	AC_CHECK_HEADERS([priv.h])
 	AC_ARG_WITH([solaris-contracts],
 		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
 		[
@@ -925,7 +922,9 @@ mips-sony-bsd|mips-sony-newsos4)
 		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
 		[
 		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
-		if test "x$SOLARIS_PRIVS" = "xyes" ; then
+		if test "x$ac_cv_func_setppriv" = "xyes" -a \
+			"x$ac_cv_header_priv_h" = "xyes" ; then
+			SOLARIS_PRIVS=yes
 			AC_MSG_RESULT([found])
 			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
 				[Define to disable UID restoration test])

On Tue, 16 Feb 2016, Gleb Fotengauer-Malinovskiy wrote:
> Hi,
> 
> On Fri, Feb 12, 2016 at 02:56:30PM +1100, Damien Miller wrote:
> > OpenSSH 7.2 is almost ready for release, so we would appreciate
> > testing on as many platforms and systems as possible. This release
> > contains many bugfixes and several new features.
> 
> According to bdcb7:sshd_config.5, UsePrivilegeSeparation is set to
> "sandbox" by default.
> But default in servconf.c is PRIVSEP_NOSANDBOX.
> 
> I suppose, we should sync servconf.c and sshd_config with documentation:
thanks; done

On 12/02/16 04:56, Damien Miller wrote:
> Portable OpenSSH is available via Git at
> https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
> https://github.com/openssh/openssh-portable
>
I'm seeing a hang in the testsuite on Solaris:
run test transfer.sh ...
transfer data: proto 1
<hangs here>

I've tested on 2.6, 7 and 9, x86 only for now.

I bisected it on Solaris 2.6 and the culprit is:
19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a

Reverting it gets rid of the hang and the testsuite runs to completion 
with no errors.

I've inserted the logs from Solaris 9/x86 below.

-tgc


failed-regress.log:
trace: proto 1 dd-size 10
FATAL:

trace: proto 1 dd-size 10
FATAL:
FAIL:

failed-ssh.log:
trace: proto 1 dd-size 10
FATAL:

trace: proto 1 dd-size 10
FATAL:
FAIL:

failed-sshd.log:
trace: proto 1 dd-size 10
debug1: inetd sockets after dupping: 5, 6
Connection from UNKNOWN port 65535 on UNKNOWN port 65535
debug1: Client protocol version 1.5; client software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-1.99-OpenSSH_7.1
Generating 1024 bit RSA key.
RSA key generation complete.
debug2: fd 5 setting O_NONBLOCK
debug2: fd 6 setting O_NONBLOCK
debug2: Network child is on pid 27122
debug3: preauth child monitor started
debug1: Sent 1024 bit server key and 2048 bit host key. [preauth]
debug1: Encryption type: 3des [preauth]
debug3: mm_request_send entering: type 32 [preauth]
debug3: mm_request_receive_expect entering: type 33 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 32
debug3: mm_request_send entering: type 33
debug2: monitor_read: 32 used once, disabling now
debug3: mm_ssh1_session_id entering [preauth]
debug3: mm_request_send entering: type 34 [preauth]
debug1: Received session key; encryption turned on. [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 34
debug3: mm_answer_sessid entering
debug2: monitor_read: 34 used once, disabling now
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 555
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug1: Attempting authentication for tgc. [preauth]
debug3: mm_auth_rsa_key_allowed entering [preauth]
debug3: mm_request_send entering: type 36 [preauth]
debug3: mm_request_receive_expect entering: type 37 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 36
debug3: mm_answer_rsa_keyallowed entering
debug1: temporarily_use_uid: 500/500 (e=500/500)
debug1: trying public RSA key file 
/export/home/tgc/buildpkg/openssh/src/openssh-git/regress/authorized_keys_tgc
debug1: fd 9 clearing O_NONBLOCK
debug1: 
/export/home/tgc/buildpkg/openssh/src/openssh-git/regress/authorized_keys_tgc, 
line 1: non ssh1 key syntax
debug1: matching key found: file 
/export/home/tgc/buildpkg/openssh/src/openssh-git/regress/authorized_keys_tgc, 
line 2 RSA1 SHA256:T373CbnNP2xxI+dYn8iGW/IUdoGB0RyZQd+TEhFbz3k
debug1: restore_uid: (unprivileged)
debug3: mm_request_send entering: type 37
Failed rsa for tgc from UNKNOWN port 65535 ssh1
debug3: mm_auth_rsa_generate_challenge entering [preauth]
debug3: mm_request_send entering: type 38 [preauth]
debug3: mm_request_receive_expect entering: type 39 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 38
debug3: mm_answer_rsa_challenge entering
debug3: mm_answer_rsa_challenge sending reply
debug3: mm_request_send entering: type 39
debug2: monitor_read: 38 used once, disabling now
debug3: mm_auth_rsa_verify_response entering [preauth]
debug3: mm_request_send entering: type 40 [preauth]
debug3: mm_request_receive_expect entering: type 41 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 40
debug3: mm_answer_rsa_response entering
debug3: mm_request_send entering: type 41
debug2: monitor_read: 40 used once, disabling now
Accepted rsa for tgc from UNKNOWN port 65535 ssh1
debug1: monitor_child_preauth: tgc has been authenticated by privileged 
process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 26
debug3: mm_request_receive entering
debug3: mm_get_keystate: GOT new keys
debug3: mm_request_send entering: type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug3: monitor_apply_keystate: packet_set_state
debug1: ssh_packet_set_postauth: called
debug3: ssh_packet_set_state: done
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: Exec command 'cat > 
/export/home/tgc/buildpkg/openssh/src/openssh-git/regress/copy'
Starting session: command for tgc from UNKNOWN port 65535 id 0
User child is on pid 27123
debug1: Entering interactive session.
debug2: fd 8 setting O_NONBLOCK
debug2: fd 10 setting O_NONBLOCK
debug2: fd 12 setting O_NONBLOCK
debug2: fd 7 setting O_NONBLOCK
debug2: fd 11 setting O_NONBLOCK
debug1: server_init_dispatch_13
debug1: server_init_dispatch_15
debug3: mm_request_receive entering
debug1: do_cleanup
FATAL:
FAIL:

On Wed, 17 Feb 2016, Tom G. Christensen wrote:
> On 12/02/16 04:56, Damien Miller wrote:
> > Portable OpenSSH is available via Git at
> > https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
> > https://github.com/openssh/openssh-portable
> > 
> 
> I'm seeing a hang in the testsuite on Solaris:
> run test transfer.sh ...
> transfer data: proto 1
> <hangs here>
> 
> I've tested on 2.6, 7 and 9, x86 only for now.
> 
> I bisected it on Solaris 2.6 and the culprit is:
> 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a
>
> Reverting it gets rid of the hang and the testsuite runs to completion
> with no errors.
Thanks for the analysis. I think this fixes it.

diff --git a/packet.c b/packet.c
index 7ddebeb..6755e74 100644
--- a/packet.c
+++ b/packet.c
@@ -263,8 +263,8 @@ ssh_alloc_session_state(void)
 int
 ssh_packet_is_rekeying(struct ssh *ssh)
 {
-	return ssh->state->rekeying ||
-	    (ssh->kex != NULL && ssh->kex->done == 0);
+	return compat20 &&
+	    (ssh->state->rekeying || (ssh->kex != NULL &&
ssh->kex->done == 0));
 }
 
 /*