The next OpenSSH release is close, too. If you want OpenSSH 3.2 to be the best version of OpenSSH, then please test the snapshots. If you like to see new features in future OpenSSH releases, then test the snapshots. If you are running OpenBSD then please test the OpenBSD snapshots. If you are running the portable OpenSSH release then please test the nightly snapshots from http://www.openssh.com/portable.html If you are running into bugs, please report them at http://bugzilla.mindrot.org/ Thanks, -m
On Fri, 5 Apr 2002, Markus Friedl wrote:> > The next OpenSSH release is close, too.If I was to update my patches for MIT Kerberos support in protocol 1 to the latest portable CVS, would they be likely to make it into this release? Cheers, Simon.
Markus Friedl wrote: [test snapshots, test snapshots] I get the impression you want us to test snapshots :-) The current CVS version won't build on AIX 4.2.1 (as of a couple of minutes ago). It's already logged in Bugzilla (#201). -Daz.
On Fri, Apr 05, 2002 at 12:16:15PM +0200, Markus Friedl wrote:> > The next OpenSSH release is close, too. > > If you want OpenSSH 3.2 to be the best version of OpenSSH, > then please test the snapshots.Current from CVS: OpenSSH has been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc Askpass program: /usr/sbin/ssh-askpass Manual pages: /usr/man/manX PID file: /var/run sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin Manpage format: doc PAM support: no KerberosIV support: no Smartcard support: no AFS support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-cygwin Compiler: i686-pc-cygwin-gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: Linker flags: Libraries: -lz /usr/lib/textmode.o -lcrypto Configures, builds and runs OOTB. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
To get trust HP-UX patches into the next version of openssh, should I submit patches based on latest CVS? Bug submitted as http://bugzilla.mindrot.org/show_bug.cgi?id=184 Latest patch was against 3.1p1 Darren
Hi, On Fri, Apr 05, 2002 at 12:16:15PM +0200, Markus Friedl wrote:> If you want OpenSSH 3.2 to be the best version of OpenSSH, > then please test the snapshots.SCO 3.2v4.2 (ODT 3.0) doesn't compile. Major stumbling block is monitor_fdpass.c - SCO does not have a "struct cmsghdr", so all the CMSG_SPACE/CMSG_LEN macros fail with monitor_fdpass.c:42: sizeof applied to an incomplete type and later on monitor_fdpass.c:51: structure has no member named `msg_control' monitor_fdpass.c:52: structure has no member named `msg_controllen' Further, there is no SCM_RIGHTS on this system (I assume that this has to do with file descriptor passing, which SCO cannot do). Next issue is monitor_mm.c, due to having neither <sys/mman.h> nor mmap(). I don't fully understand the PrivSep stuff, so I don't really feel like putting big #ifdef's around that stuff and trying to make it work "without"... All other source files compile fine, though I can see that two changes I had to do for 3.1p1 are still not merged in: - sftp-server.c uses "truncate()", which doesn't exist (needs to use ftruncate()). - entropy.c needs to do seteuid(getuid()) before doing setuid(original_uid), otherwise the setuid() call will fail (as per the man page, though I do not claim to understand why this is so): diff -u -w -r1.41 entropy.c --- entropy.c 11 Mar 2002 00:16:35 -0000 1.41 +++ entropy.c 7 Apr 2002 10:34:17 -0000 @@ -85,9 +85,10 @@ close(devnull); if (original_uid != original_euid && - setuid(original_uid) == -1) { - fprintf(stderr, "(rand child) setuid: %s\n", - strerror(errno)); + ( seteuid(getuid()) == -1 || + setuid(original_uid) == -1) ) { + fprintf(stderr, "(rand child) setuid(%d): %s\n", + original_uid, strerror(errno)); _exit(1); } gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
On Sun, 7 Apr 2002, Ben Lindstrom wrote: :> > :Next issue is monitor_mm.c, due to having neither <sys/mman.h> nor :> > :mmap(). :> > :> > can you try with current again? :> :> Better. Compilation works, though linking fails: :> :> undefined first referenced :> symbol in file :> munmap monitor_mm.o :> socketpair monitor.o :> ld fatal: Symbol referencing errors. No output written to sshd ok, i missed munmap(). :> there is no socketpair() on SCO (relates to "no unix sockets here"), and :> of course no munmap() either. i think we want to support USE_PIPES. in fact, native OpenSSH uses that by default now. :Which is one of the reasons why I #ifdef out the section with munmap() :also in the proposed starting point in the bugzilla tree. yes, i missed that. i wanted to wrap close to the syscall for now.
Hi, On Sun, Apr 07, 2002 at 03:20:58PM -0700, Kevin Steves wrote:> :> undefined first referenced > :> symbol in file > :> munmap monitor_mm.o > :> socketpair monitor.o > :> ld fatal: Symbol referencing errors. No output written to sshd > ok, i missed munmap().checkout -> yes, that part compiles & links now. Socketpair() is still open...> :> there is no socketpair() on SCO (relates to "no unix sockets here"), and > :> of course no munmap() either. > > i think we want to support USE_PIPES. in fact, native OpenSSH uses that > by default now.Is this something that should happen "by magic" in the current code? Or is this more "thinking aloud" about necessary changes to monitor.c? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
Won't build on Solaris 2.6 due to lack of MAP_ANON in sys/mman.h Relavant output follows: ... monitor_mm.c: In function `mm_create': monitor_mm.c:88: `MAP_ANON' undeclared (first use in this function) monitor_mm.c:88: (Each undeclared identifier is reported only once monitor_mm.c:88: for each function it appears in.) Built as follows: configure --prefix=/opt/openssh --with-xauth=/usr/openwin/bin/xauth --enable-largefile --with-pam --with-tcp_wrappers=/opt/openssh --with-default-path=/usr/bin:/usr/sbin:/usr/local/bin --with-pid-dir=/opt/openssh/etc --with-mantype=man *************************************************************************************** WARNING: All e-mail sent to and from this address will be received or otherwise recorded by the A.G. Edwards corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient. *************************************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020409/c127102e/attachment.html
Once upon a time, Markus Friedl <markus at openbsd.org> said:> If you want OpenSSH 3.2 to be the best version of OpenSSH, > then please test the snapshots.Here's a patch for a compile bug in SIA support: ************************************************************************ diff -urN openssh-cvs/auth-sia.c openssh/auth-sia.c --- openssh-cvs/auth-sia.c Thu Apr 4 13:02:28 2002 +++ openssh/auth-sia.c Tue Apr 9 22:17:17 2002 @@ -2,11 +2,11 @@ #ifdef HAVE_OSF_SIA #include "ssh.h" +#include "auth.h" #include "auth-sia.h" #include "log.h" #include "servconf.h" #include "canohost.h" -#include "auth.h" #include <sia.h> #include <siad.h> ************************************************************************ Otherwise, quick tests appear to be working fine on Tru64 5.1A (I'll do some more testing tomorrow). -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
I need to have Tim and Kevin signoff on this since it affects SCO and HP. - Ben On Wed, 10 Apr 2002, Darren Cole wrote:> > Tested building from cvs today on hp-ux 10.26. Once I applied my patch > (<http://bugzilla.mindrot.org/showattachment.cgi?attach_id=67> to bug > <http://bugzilla.mindrot.org/show_bug.cgi?id=184>), everything built and ran > fine. Is there anyway I can get this patch commited for 3.2? If there is > anything I can do to help get the patch accepted please let me know. > > Darren Cole > dcole at keysoftsys.com > > _______________________________________________ > openssh-unix-dev at mindrot.org mailing list > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev >
On Fri, Apr 05, 2002 at 12:16:15PM +0200, Markus Friedl wrote:> If you are running the portable OpenSSH release then please > test the nightly snapshots from > http://www.openssh.com/portable.htmlHi, somebody found a small flaw in the contrib/cygwin/ssh-host-config script. Could anybody apply this small patch: Index: contrib/cygwin/ssh-host-config ==================================================================RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v retrieving revision 1.4 diff -u -p -r1.4 ssh-host-config --- contrib/cygwin/ssh-host-config 11 Nov 2001 23:36:21 -0000 1.4 +++ contrib/cygwin/ssh-host-config 12 Apr 2002 07:52:59 -0000 @@ -434,9 +434,9 @@ then then if [ "${with_comment}" -eq 0 ] then - echo 'ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}" + echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" else - echo '# ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}" + echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" fi echo "Added ssh to ${_inetcnf}" fi Thanks, Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
Using a cvs checkout of the openssh module from CVSROOT=openssh at anoncvs.be.openbsd.org:/cvs A Solaris 2.6 sparc system fails to compile with the error: ../openssh/monitor_mm.c: In function `mm_create': ../openssh/monitor_mm.c:88: `MAP_ANON' undeclared (first use in this function) ../openssh/monitor_mm.c:88: (Each undeclared identifier is reported only once ../openssh/monitor_mm.c:88: for each function it appears in.) make: *** [monitor_mm.o] Error 1 It might be well for such systems to default to --without-privsep-user in configure Also, it would be well to add the documentation of the --with(out)-privsep-user to the 'configure --help' output. Thanks, -- Mark
On Wed, 10 Apr 2002, Darren Cole wrote:> > Tested building from cvs today on hp-ux 10.26. Once I applied my patch > (<http://bugzilla.mindrot.org/showattachment.cgi?attach_id=67> to bug > <http://bugzilla.mindrot.org/show_bug.cgi?id=184>), everything built and ran > fine. Is there anyway I can get this patch commited for 3.2? If there is > anything I can do to help get the patch accepted please let me know.A couple of questions about your patch. --- configure.ac.orig Fri Apr 12 20:57:56 2002 +++ configure.ac Sat Apr 13 10:01:51 2002 @@ -79,6 +79,23 @@ +*-*-hpux10.26) [snip] + AC_DEFINE(HAVE_SECUREWARE_PW) + AC_DEFINE(BROKEN_LOGIN) + AC_DEFINE(TRUSTED_HPUX) Are all 10.26 machines trusted HP/UX? --- sshd.c.orig Tue Apr 9 20:19:04 2002 +++ sshd.c Sat Apr 13 10:01:52 2002 @@ -47,7 +47,10 @@ #include <openssl/dh.h> #include <openssl/bn.h> #include <openssl/md5.h> -#include <openssl/rand.h> ^^ was this intentional? +#ifdef HAVE_SECUREWARE_PW +#include <sys/security.h> +#include <prot.h> +#endif> > Darren Cole > dcole at keysoftsys.com >-- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net
Tomorrows snapshot synchronises us with OpenBSD CVS HEAD and includes fixes to several bugs. (Including the KrbIV/AFS/Tgt issue). Portable -current also makes PAM work (or seem to) when sshd is configured with UsePrivilegeSeparation=yes. This is still experimental, please let openssh-unix-dev@ know how you goes. -d