mouring at etoh.eviladmin.org
2001-Feb-22 07:21 UTC
Lets try this push again.. 2.5.1p2 bugs left.
Things that are still outstanding: 1) Solaris/Redhat/HPUX session.c patch. I've not seen a ya or na on Kevin's pam patch from the Solaris group. 2) Odd Redhat/Debian scp/ssh issues. .. I'm baffled, and I can't replicate the bug. Nor have I seen anything remotely like it reported. 3) SCO.. Is it happy yet for compiling? =) Completed: 1) mdoc2man.pl .. Commited into contrib/ directory. In the semi-near future either we need a patch to configure.in to support it directly. 2) SCO setluid patch commited (Verify please). Anything else I'm missing for brokeness that was introduced between 2.3.0p1 and 2.5.1p1 that needs to be corrected? I'm expecting that 2.5.1p2 will stand for a long time. So speak up now. I want to put p2 to rest with the next week and half so we can catch back up with the OpenBSD tree and head on to bigger and better problems. =) Sorry, Kevin.. I'll get you the patches for the website by tomorrow evening I ended up being called away for the night. <sigh> - Ben
i think i have to add a workaround for buggy windows clients+x11fwd. On Thu, Feb 22, 2001 at 01:21:21AM -0600, mouring at etoh.eviladmin.org wrote:> > Things that are still outstanding: > > 1) Solaris/Redhat/HPUX session.c patch. I've not seen a ya or na on > Kevin's pam patch from the Solaris group. > > 2) Odd Redhat/Debian scp/ssh issues. .. I'm baffled, and I can't > replicate the bug. Nor have I seen anything remotely like it reported. > > 3) SCO.. Is it happy yet for compiling? =) > > Completed: > > 1) mdoc2man.pl .. Commited into contrib/ directory. In the semi-near > future either we need a patch to configure.in to support it directly. > > 2) SCO setluid patch commited (Verify please). > > Anything else I'm missing for brokeness that was introduced between > 2.3.0p1 and 2.5.1p1 that needs to be corrected? I'm expecting that > 2.5.1p2 will stand for a long time. So speak up now. I want to put p2 > to rest with the next week and half so we can catch back up with the > OpenBSD tree and head on to bigger and better problems. =) > > Sorry, Kevin.. I'll get you the patches for the website by tomorrow > evening I ended up being called away for the night. <sigh> > > - Ben >
On Thu, Feb 22, 2001 at 01:21:21AM -0600, mouring at etoh.eviladmin.org wrote:> > Things that are still outstanding: > > 1) Solaris/Redhat/HPUX session.c patch. I've not seen a ya or na on > Kevin's pam patch from the Solaris group. > > 2) Odd Redhat/Debian scp/ssh issues. .. I'm baffled, and I can't > replicate the bug. Nor have I seen anything remotely like it reported. > > 3) SCO.. Is it happy yet for compiling? =) > [...] > Anything else I'm missing for brokeness that was introduced between > 2.3.0p1 and 2.5.1p1 that needs to be corrected? I'm expecting that > 2.5.1p2 will stand for a long time. So speak up now. I want to put p2 > to rest with the next week and half so we can catch back up with the > OpenBSD tree and head on to bigger and better problems. =)OpenSSH sftp closes the sockets/pipes (dependent of the value of USE_PIPES) and then kills it's underlying ssh by calling kill(ssh, SIGHUP). This kills the underlying ssh immediately which results in breaking the connection to sshd which in turn terminates without cleanly disconnecting from the subsystem. This results in a hanging sftp-server, waiting for `select' to return on Windows/Cygwin systems. A graceful shutdown solves that problem by itself without the need to kill the underlying ssh: Index: sftp.c ==================================================================RCS file: /cvs/openssh_cvs/sftp.c,v retrieving revision 1.4 diff -u -p -r1.4 sftp.c --- sftp.c 2001/02/09 13:40:04 1.4 +++ sftp.c 2001/02/18 16:59:27 @@ -246,11 +246,18 @@ main(int argc, char **argv) interactive_loop(in, out); +#if defined(HAVE_CYGWIN) && !defined(USE_PIPES) + shutdown(in, SHUT_RDWR); + shutdown(out, SHUT_RDWR); +#endif + close(in); close(out); +#if !defined(HAVE_CYGWIN) if (kill(sshpid, SIGHUP) == -1) fatal("Couldn't terminate ssh process: %s", strerror(errno)); +#endif if (waitpid(sshpid, NULL, 0) == -1) fatal("Couldn't wait for ssh process: %s", strerror(errno)); Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
On Thu, 22 Feb 2001 mouring at etoh.eviladmin.org wrote:> Anything else I'm missing for brokeness that was introduced between > 2.3.0p1 and 2.5.1p1 that needs to be corrected? I'm expecting that > 2.5.1p2 will stand for a long time. So speak up now. I want to put p2 > to rest with the next week and half so we can catch back up with the > OpenBSD tree and head on to bigger and better problems. =)Not exactly brokenness, but sshd -t functionality (patch here yesterday) would be very nice to have to ease the transition to 2.5.x. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
> 1) Solaris/Redhat/HPUX session.c patch. I've not seen a ya or na on > Kevin's pam patch from the Solaris group.sshd works for me with that patch (on Solaris 2.6 with PAM). Cheers, David -- _ __| |___ David Schweikert <dws at ee.ethz.ch> / _` / __| IT Support Group, EE-Dept, ETH-Zurich | (_| \__ \ Tel: +41(0)1-6327019 Room: ETL F24.1 \__,_|___/ http://ee-staff.ethz.ch/~dws
Under older Redhat (i.e. 5.2) the make fails. There was a message on here before I subscribed about it with no replies, but I am seeing it too. Looks like something from signal.h is not being included. I only looked at it briefly last night at about midnight so I didn't figure out exactly what is going on there. But I did want to confirm the problem the other guy was seeing. Chuck mouring at etoh.eviladmin.org wrote:> 2) Odd Redhat/Debian scp/ssh issues. .. I'm baffled, and I can't > replicate the bug. Nor have I seen anything remotely like it reported. >
There's a patch I posted a while back that hasn't made it in yet. The
form currently distributed breaks, e.g., "wall" on IRIX because the
recorded tty is broken. The ifdef was introduced mistakenly some time ago.
--- openssh-2.5.1p1/loginrec.c Tue Feb 20 16:19:17 2001
+++ openssh-2.5.1p1.orig//loginrec.c Mon Feb 5 07:42:17 2001
@@ -539,8 +539,13 @@
memset(dst, '\0', dstsize);
/* Always skip prefix if present */
+#ifdef sgi
+ if (strncmp(src, "/dev/tty", 8) == 0)
+ src += 8;
+#else
if (strncmp(src, "/dev/", 5) == 0)
src += 5;
+#endif
len = strlen(src);
--
Mike Stone
On Thu, Feb 22, 2001 at 01:21:21AM -0600, mouring at etoh.eviladmin.org wrote:> 1) Solaris/Redhat/HPUX session.c patch. I've not seen a ya or na on > Kevin's pam patch from the Solaris group.Ben, I can confirm that the reproducible problem with PAM and env/scp/etc is gone in the latest 02/22 SNAP, at least in my Solaris 7/8 environment. Everything else is looking great, too :) Thanks, -Irving
Circa 2001-Feb-22 01:21:21 -0600 dixit mouring at etoh.eviladmin.org:
:
: Things that are still outstanding:
[...]
4) Figure out whether we want to update contrib/redhat/sshd.init or
not.
5) Patch to make sshd log to stderr (-L switch) for use with djb's
daemontools (http://cr.yp.to/daemontools.html). Can't remember
whose that was [searches...] ah, here we go:
Date: Wed, 21 Feb 2001 12:10:07 -0800
From: Jos Backus <josb at cncdsl.com>
Subject: Re: Portable OpenSSH 2.5.1p1: daemontools-aware?
Message-ID: <20010221121007.A94515 at lizzy.bugworks.com>
--
jim knoble | jmknoble at jmknoble.cx | http://www.jmknoble.cx/
On Thu, 22 Feb 2001 mouring at etoh.eviladmin.org wrote:> Anything else I'm missing for brokeness that was introduced between > 2.3.0p1 and 2.5.1p1 that needs to be corrected? I'm expecting that > 2.5.1p2 will stand for a long time. So speak up now. I want to put p2 > to rest with the next week and half so we can catch back up with the > OpenBSD tree and head on to bigger and better problems. =) >Here is a patch to fix double -I Preprocessor flags: -I/usr/local/include -I/usr/local/ssl/include -I/usr/local/ ssl/include>-- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net -------------- next part -------------- --- openssh_cvs/configure.in.old Thu Feb 22 15:42:00 2001 +++ openssh_cvs/configure.in Thu Feb 22 16:00:03 2001 @@ -619,9 +619,9 @@ # Try to use $ssldir/include if it exists, otherwise # $ssldir if test -d "$ssldir/include" ; then - CPPFLAGS="$CPPFLAGS -I$ssldir/include" + CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include" else - CPPFLAGS="$CPPFLAGS -I$ssldir" + CPPFLAGS="$saved_CPPFLAGS -I$ssldir" fi fi @@ -681,9 +681,9 @@ # Try to use $ssldir/include if it exists, otherwise # $ssldir if test -d "$ssldir/include" ; then - CPPFLAGS="$CPPFLAGS -I$ssldir/include" + CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include" else - CPPFLAGS="$CPPFLAGS -I$ssldir" + CPPFLAGS="$saved_CPPFLAGS -I$ssldir" fi fi fi
On Thu, 22 Feb 2001 mouring at etoh.eviladmin.org wrote:> > Things that are still outstanding: > > 3) SCO.. Is it happy yet for compiling? =)It's compiling on Open Server 3 and Open Server 5 However on Open Server 3 ... tim(trr)@sco42 40% ssh uw213 Couldn't restore privileges ... Hmm, that comes from entropy.c I'll look deeper whin I have more time. On Open Server 3 & Open Server 5 the version 2 protocol has a problem. The stty modes are not set correctly. ... tim at soyo:~> ssh -2 sco504 tim at sco504.int.multitalents.net's password: Last login: Thu Feb 22 19:31:28 2001 With Enhancements by Multitalents You have mail The first time, it's a KLU DGE! The second, a trick. Later, it's a well-established technique! -- Mike Broido, Intermetrics tim(trr)@sco504 1% ...> > Completed: > > 1) mdoc2man.pl .. Commited into contrib/ directory. In the semi-near > future either we need a patch to configure.in to support it directly. > > 2) SCO setluid patch commited (Verify please).Doesn't seem to be working.> > Anything else I'm missing for brokeness that was introduced between > 2.3.0p1 and 2.5.1p1 that needs to be corrected? I'm expecting that > 2.5.1p2 will stand for a long time. So speak up now. I want to put p2 > to rest with the next week and half so we can catch back up with the > OpenBSD tree and head on to bigger and better problems. =) > > Sorry, Kevin.. I'll get you the patches for the website by tomorrow > evening I ended up being called away for the night. <sigh> > > - Ben > >-- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net
Hi, On Thu, Feb 22, 2001 at 01:21:21AM -0600, mouring at etoh.eviladmin.org wrote:> 3) SCO.. Is it happy yet for compiling? =)Tried SCO ODT 3.0 (3.2v4.2) today, with skey. Everything compiles fine, one problem occurs at the linking stage: "-lskey" is linked after "-lintl", but references strftime() -> library order has to be reversed, -lskey first. Run time (I tested protocol 1 only): - using "ssh" without it being suid root works as expected, - using "ssh" suid root leads to: "Couldn't restore privileges" (which has been reported a couple of days ago, but it's still there) - sshd has some problems (calling with ssh.com 1.2.27, but the same with openssh client): greenie.muc.de: Doing password authentication. gert at greenie.muc.de's password: greenie.muc.de: Requesting pty. greenie.muc.de: Requesting shell. greenie.muc.de: Entering interactive session. Command terminated on signal 11. -> oops? Will investigate. - same effect with SKey-Authentication - authentication succeeds, and then it bombs: otp-md5 98 gree04564 S/Key Password: debug: Requesting pty. debug: Requesting shell. debug: Entering interactive session. Received disconnect from 193.149.48.161: Command terminated on signal 11. debug: Calling cleanup 0x9dbc(0x0) debug: Calling cleanup 0x19464(0x0) debug: Calling cleanup 0x1e898(0x0) debug: writing PRNG seed to file /u/gert/.ssh/prng_seed Hmmm. Not bad so far, but not perfect either... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de