Ok.. I'm starting official testing calls early this release. I'd like to have more feedback and more time for handling fixes. If people could test snapshots (http://www.openssh.org/portable.html, pick your favorate mirror and select snapshots directory) and report failures it would be useful. For those with pmake install there is regress/ which you can try out. It may help any platform issues. I know some platforms will outright fail (AIX). Hopefully post 3.5 we can look at supplying gnu make files. For those that build packages for yourself/others from the contrib/ section also let us know what needs to be updated. With the changes to the Solaris/Sysv package that I think it needs to be retested on non-solaris platforms (Tim, do you still have Daz's last patch to buildpkg.sh so you could test under SCO or should I just commit it and we can play cvs tag?). Known issues: 1. Tru64 (OSF/1) w/ SIA still is broken under Privsep. (For partial privsep support change config.h /* #undef DISABLE_FD_PASSING */ to #define DISABLE_FD_PASSING 1) If we can't come up with a solution by 3.5 release then I'll just set DISABLE_FD_PASSING for the 3.5 release. The issue is how the SIA sessioning is getting horked. And without someone giving me a tru64 box or access (w/ root) for a few days it is pretty much never going to be fixed. Ya, I know.=) I hate touching other people's servers and even worse having root on them. 2. AIX (some version) stall on large data output. Current CVS patch is wrong and will be pulled unless an agreement can be made. 3. Any platform lacking mmap() will not have compression (Sorry fokes, this is not an issue really..This is a fact of life.) Those platforms lacking a usable MAP_ANON should test the release. It should fall back to /dev/zero mmap() then back to sparse files. NOTE: The fall back is runtime so if one could (gawd) compile and run OpenSSH on multiple kernel release it should do the right thing. 4. NeXTStep is more than likely borken. I'm pretty sure.=) It lies about having a mmap(). I'll look into it once I get my NeXT box back on the network unless someone can fire off a simple patch to solve it. 5. Pam changes have not been merged. So password changing is still disabled. I'm looking mostly for privsep issues. If you have a platform that has an issue with privsep and you are part of the main portable tree (uwin and cray are excluded at this moment) it needs to be discussed or you'll be suffering for another 4+ months. Side notes: uwin - You going to resend a patch againt -current for review? cray - This weekend or next week. =) I've promised this forever. Let me know what non-intrustive syncs we can do to lessen your tracking. Lastly, I'd like to thank all of you for bearing with us during the last few months. I'm sure it is was frustrating to you as it is for us.=) Let me state something right now.. *NO NEW FEATURES* 3.5 is a patch release to stablize out every platform. Don't suggest, don't push, don't even THINK about thinking about suggestion new features. I'm serious. You will be ignored. - Ben
I hope to have time to test, but I have a quick question: I caught the message that PAM is working for some transactions, but the last patch I saw said that it still doesn't work for password changes. Did I miss a patch, or is that still broken? We've got to choose a new version to deploy enterprise-wide within the next week or two and I've got to decide if we want to wait for 3.5 or go with 3.2 which IIRC was the last version with a functional PAM. Will it work if privsep is disabled and relavent sections of code uncommented? Thanks in advance, --Jason -----Original Message----- From: Ben Lindstrom [mailto:mouring at etoh.eviladmin.org] Sent: Wednesday, July 17, 2002 3:04 PM To: OpenSSH Development Subject: Testing Call Ok.. I'm starting official testing calls early this release. I'd like to have more feedback and more time for handling fixes. If people could test snapshots (http://www.openssh.org/portable.html, pick your favorate mirror and select snapshots directory) and report failures it would be useful. For those with pmake install there is regress/ which you can try out. It may help any platform issues. I know some platforms will outright fail (AIX). Hopefully post 3.5 we can look at supplying gnu make files. For those that build packages for yourself/others from the contrib/ section also let us know what needs to be updated. With the changes to the Solaris/Sysv package that I think it needs to be retested on non-solaris platforms (Tim, do you still have Daz's last patch to buildpkg.sh so you could test under SCO or should I just commit it and we can play cvs tag?). Known issues: 1. Tru64 (OSF/1) w/ SIA still is broken under Privsep. (For partial privsep support change config.h /* #undef DISABLE_FD_PASSING */ to #define DISABLE_FD_PASSING 1) If we can't come up with a solution by 3.5 release then I'll just set DISABLE_FD_PASSING for the 3.5 release. The issue is how the SIA sessioning is getting horked. And without someone giving me a tru64 box or access (w/ root) for a few days it is pretty much never going to be fixed. Ya, I know.=) I hate touching other people's servers and even worse having root on them. 2. AIX (some version) stall on large data output. Current CVS patch is wrong and will be pulled unless an agreement can be made. 3. Any platform lacking mmap() will not have compression (Sorry fokes, this is not an issue really..This is a fact of life.) Those platforms lacking a usable MAP_ANON should test the release. It should fall back to /dev/zero mmap() then back to sparse files. NOTE: The fall back is runtime so if one could (gawd) compile and run OpenSSH on multiple kernel release it should do the right thing. 4. NeXTStep is more than likely borken. I'm pretty sure.=) It lies about having a mmap(). I'll look into it once I get my NeXT box back on the network unless someone can fire off a simple patch to solve it. 5. Pam changes have not been merged. So password changing is still disabled. I'm looking mostly for privsep issues. If you have a platform that has an issue with privsep and you are part of the main portable tree (uwin and cray are excluded at this moment) it needs to be discussed or you'll be suffering for another 4+ months. Side notes: uwin - You going to resend a patch againt -current for review? cray - This weekend or next week. =) I've promised this forever. Let me know what non-intrustive syncs we can do to lessen your tracking. Lastly, I'd like to thank all of you for bearing with us during the last few months. I'm sure it is was frustrating to you as it is for us.=) Let me state something right now.. *NO NEW FEATURES* 3.5 is a patch release to stablize out every platform. Don't suggest, don't push, don't even THINK about thinking about suggestion new features. I'm serious. You will be ignored. - Ben _______________________________________________ openssh-unix-dev at mindrot.org mailing list http://www.mindrot.org/mailman/listinfo/openssh-unix-dev *********************************************************************************** WARNING: All e-mail sent to and from this address will be received or otherwise recorded by the A.G. Edwards corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient. ************************************************************************************ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020717/5be8e351/attachment.html
Ben Lindstrom wrote:> For those that build packages for yourself/others from the contrib/ > section also let us know what needs to be updated.This patch to buildbff.sh fixes the following problems reported by Val Baranov: * doesn't work when run from contrib/aix * doesn't clean up package build directory The patch has been up for a while. I had originally intended adding optional SRC support before submitting but haven't had time to do so. http://www.zip.com.au/~dtucker/openssh/openssh-3.4p1-aixbff.patch -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Wed, 17 Jul 2002, Ben Lindstrom wrote:> > For those with pmake install there is regress/ which you can try out. It > may help any platform issues. I know some platforms will outright fail > (AIX). Hopefully post 3.5 we can look at supplying gnu make files.I think gert supplied us with one. (it's in my inbox somewhere) Looks like none of us has had time to test it yet.> For those that build packages for yourself/others from the contrib/ > section also let us know what needs to be updated. With the changes to > the Solaris/Sysv package that I think it needs to be retested on > non-solaris platforms (Tim, do you still have Daz's last patch to > buildpkg.sh so you could test under SCO or should I just commit it and we > can play cvs tag?).I've still got it. I'll test it soon. The only thing I didn't like was uid/gid of 22 Anyone have a problem with using 67 for the uid/gid? -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net
On Wed, Jul 17, 2002 at 03:04:07PM -0500, Ben Lindstrom wrote:> For those with pmake install there is regress/ which you can try out. It > may help any platform issues. I know some platforms will outright fail > (AIX). Hopefully post 3.5 we can look at supplying gnu make files.we could ship a simple script: % cat run-tests.sh pwd=`pwd` for test in connect \ proxy-connect \ connect-privsep \ proto-version \ proto-mismatch \ exit-status \ transfer \ stderr-data \ stderr-after-eof \ broken-pipe \ try-ciphers \ yes-head \ agent \ keyscan \ sftp \ forwarding ; do sh test-exec.sh $pwd $pwd/${test}.sh done
On Wed, Jul 17, 2002 at 03:04:07PM -0500, Ben Lindstrom wrote:> > Ok.. I'm starting official testing calls early this release. I'd like to > have more feedback and more time for handling fixes.OpenSSH has been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc Askpass program: /usr/sbin/ssh-askpass Manual pages: /usr/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin Manpage format: doc PAM support: no KerberosIV support: no KerberosV support: no Smartcard support: no AFS support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-cygwin Compiler: i686-pc-cygwin-gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: Linker flags: Libraries: -lwrap -lz /usr/lib/textmode.o -lcrypto Current from CVS, builds and runs fine. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
Yesterday, Ben Lindstrom wrote:> 2. AIX (some version) stall on large data output. Current CVS patch is > wrong and will be pulled unless an agreement can be made.The (apparent) bug in AIX applies to AIX 4.3.3ML03 and above. Having at last found a solution that works I'd be really grateful if we can have a workaround for the bug before the release. I have attached a patch that moves the workaround to the correct place, above the write, and changes "c->isatty" to "isatty(c->wfd)", because c->isatty is not true if nonblock is false (I don't know why it is setup like this). It may not be the most correct or efficient solution, but it only applies to AIX, and without it openssh locks up solid very easily when ssh'ing from a box that you telnet'd or rlogin'd to. Please apply! BTW I'm running last night's snapshot with this patch applied and privilege separation enabled, and it all seems to be working fine. I will report if I encounter any problems. Cheers, Leigh. -------------- next part -------------- A non-text attachment was scrubbed... Name: aix.fix.patch Type: application/octet-stream Size: 596 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020718/18844d62/attachment.obj
Ben Lindstrom wrote:> Ok.. I'm starting official testing calls early this release. I'd like to > have more feedback and more time for handling fixes. >Compilation warnings gcc -v Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98) after ./configure gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c:65: warning: initialization from incompatible pointer type cipher.c:66: warning: initialization from incompatible pointer type cipher.c:70: warning: initialization from incompatible pointer type cipher.c:71: warning: initialization from incompatible pointer type cipher.c:72: warning: initialization from incompatible pointer type cipher.c:73: warning: initialization from incompatible pointer type cipher.c: In function `cipher_get_keycontext': cipher.c:706: warning: comparison of distinct pointer types lacks a cast cipher.c: In function `cipher_set_keycontext': cipher.c:721: warning: comparison of distinct pointer types lacks a cast gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c mac.c mac.c:42: warning: initialization from incompatible pointer type mac.c:43: warning: initialization from incompatible pointer type mac.c:44: warning: initialization from incompatible pointer type mac.c:45: warning: initialization from incompatible pointer type mac.c:46: warning: initialization from incompatible pointer type mac.c:47: warning: initialization from incompatible pointer type gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c monitor_mm.c monitor_mm.c: In function `mm_create': monitor_mm.c:94: warning: implicit declaration of function `xmmap' monitor_mm.c:94: warning: assignment makes pointer from integer without a cast
Hi, On Wed, Jul 17, 2002 at 03:04:07PM -0500, Ben Lindstrom wrote:> Ok.. I'm starting official testing calls early this release. I'd like to > have more feedback and more time for handling fixes.from current CVS (Jul 19): OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /bin:/usr/bin:/usr/local/bin:/usr/local/games/bin Manpage format: man PAM support: no KerberosIV support: no KerberosV support: no Smartcard support: no AFS support: no S/KEY support: yes TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: ssh-rand-helper ssh-rand-helper collects from: TCP localhost:3300 Host: i586-pc-sco3.2v4.2 Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: -I/usr/local/ssl/include -Dftruncate=chsize -I/usr/local/include Linker flags: -L/usr/local/ssl/lib -L/usr/local/lib Libraries: -lskey -lintl -lz -lrpc -lyp -lrpc -lsocket -los -lprot -lx -ltinfo -lm -lcrypto compilation completes without errors, basic testing of ssh, sshd, sftp doesn't exhibit any surprises. UsePrivilegeSeparation still doesn't work (due to no socketpair()), but that's nothing unexpected. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
On 2002-07-17, Ben Lindstrom <mouring at etoh.eviladmin.org> wrote:> If people could test snapshots (http://www.openssh.org/portable.html, > pick your favorate mirror and select snapshots directory) and report > failures it would be useful.[snip]> I'm looking mostly for privsep issues. If you have a platform that has > an issue with privsep and you are part of the main portable tree (uwin > and cray are excluded at this moment) it needs to be discussed or > you'll be suffering for another 4+ months.Per bug 325[1] reported by jfm at bitfactor.com on 2002-06-29 and echoed by me 2002-07-12, 'PermitRootLogin forced-commands-only' is broken when privsep is enabled (at least on Linux 2.2.x/glibc 2.[12], but that does not seem to matter). From my report: ...it appears that when auth2.c:userauth_finish is called, forced_command has been cleared (or perhaps, never set in that forked sshd) so the call to auth_root_allowed(method) returns 0. I included a "dumb but makes the problem go away" patch in the report. I've just tested 2002-07-19's snapshot, and forced root commands are still refused when 'PermitRootLogin forced-commands-only' is set.> Lastly, I'd like to thank all of you for bearing with us during the last > few months. I'm sure it is was frustrating to you as it is for us.=)Thank YOU and the rest of the team for putting up with all us cranky users over the last few months. :-P [1] http://bugzilla.mindrot.org/show_bug.cgi?id=325 -- Hank Leininger <hlein at progressive-comp.com>
HP-UX 10.26 seems to work fine in initial testing with priv sep enabled.
(from cvs pulled yesterday).
For the record there is a hang on exit problem with 10.26. After extensive
hacking at the problem was determined to be a 10.26 issue. Waiting on HP for
now. Temporary work around is to add these two lines to one line from the
end of session_exit_message() in session.c :
if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
chan_read_failed(c);
This comes from John C. Bowman's patch. This can cause possible data loss,
but for us the chance of data loss far outweighs the hang on exit.
Ignore the below, unless you want a more thorough explanation.
When all child pty's are closed, the select calls does not return as
expected when using older style /dev/pty and friends. In the manpages when
all children are closed the select call should return in such a case. The
reason the old style are used over others (/dev/ptmx and such) is that login
will not authenticate unless the older style /dev/pty and friends are used
(Trusted CMW issues of login). Using /dev/tmx will return as expected, but
then login wont work.
The better solution might be to quit using login altogether, and move
all necessary work into the ssh (set clearance, drop privilege, audit, note
login in the right files, check roles, etc). But then the UseLogin option
wont work on HP-UX 10.26. Figured this would at least give some record of
openssh on HP-UX 10.26 issues.
Darren Cole
dcole at keysoftsys.com
----- Original Message -----
From: "Ben Lindstrom" <mouring at etoh.eviladmin.org>
To: "OpenSSH Development" <openssh-unix-dev at mindrot.org>
Sent: Wednesday, July 17, 2002 1:04 PM
Subject: Testing Call
>
> Ok.. I'm starting official testing calls early this release. I'd
like to
> have more feedback and more time for handling fixes.
>
> If people could test snapshots (http://www.openssh.org/portable.html, pick
> your favorate mirror and select snapshots directory) and report failures
> it would be useful.
Ben Lindstrom wrote:> For those with pmake install there is regress/ which you can try out. It > may help any platform issues. I know some platforms will outright fail > (AIX). Hopefully post 3.5 we can look at supplying gnu make files.Received: from yahoo.com ([195.226.71.10]) by mangalore.zipworld.com.au (8.9.3/8.9.3) with SMTP id VAA12577; Sat, 20 Jul 2002 21:22:32 +1000 From: ourgreatestdealsonearth3178e01 at yahoo.com Received: from unknown (173.109.241.138) by rly-xl05.dohuya.com with esmtp; 20 Jul 0102 01:22:16 +0800 Received: from unknown (110.179.235.111) by symail.kustanai.co.kr with asmtp; Sat, 20 Jul 0102 09:16:20 +0100 Received: from unknown (HELO mail.gimmixx.net) (74.202.20.88) by f64.law4.hottestmale.com with asmtp; Sat, 20 Jul 0102 10:10:24 +0100 Reply-To: <ourgreatestdealsonearth3178e01 at yahoo.com> Message-ID: <001a15d20c5d$6333d8d7$2bb60aa2 at vtjvei> To: Smart.Shopper at mangalore.zipworld.com.au Subject: The Mighty Pro Grill ! ADV 9415pwmF0-138fo-14 Date: Sat, 20 Jul 0102 20:59:50 -1000 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00C6_43D01D7C.C7471A75" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal ------=_NextPart_000_00C6_43D01D7C.C7471A75 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4gDQo8bWV0YSBuYW1lPSJHRU5FUkFUT1IiIGNvbnRl bnQ9Ik1pY3Jvc29mdCBGcm9udFBhZ2UgNS4wIj4NCjxtZXRhIG5hbWU9IlBy b2dJZCIgY29udGVudD0iRnJvbnRQYWdlLkVkaXRvci5Eb2N1bWVudCI+DQo8 bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQv aHRtbDsgY2hhcnNldD13aW5kb3dzLTEyNTIiPg0KPHRpdGxlPkhlYWx0aHkg QWxsIEFtZXJpY2FuIENvb2tpbmcgYWxsIHllYXIgcm91bmQ8L3RpdGxlPg0K PC9oZWFkPg0KPGJvZHk+DQo8dGFibGUgY2VsbFNwYWNpbmc9IjAiIGNlbGxQ YWRkaW5nPSIwIiB3aWR0aD0iMTAwJSI+DQogIDx0cj4NCiAgICA8dGQgdkFs aWduPSJ0b3AiIGFsaWduPSJtaWRkbGUiPg0KICAgIDx0YWJsZSBjZWxsU3Bh Y2luZz0iMCIgY2VsbFBhZGRpbmc9IjAiIHdpZHRoPSI1NTQiIGJvcmRlcj0i MCIgaGVpZ2h0PSI1ODciPg0KICAgICAgPHRyPg0KICAgICAgICA8dGQgdkFs aWduPSJ0b3AiIGFsaWduPSJyaWdodCIgaGVpZ2h0PSI1ODciPg0KICAgICAg ICA8cCBhbGlnbj0iY2VudGVyIj48YSBocmVmPSJodHRwOi8vd3d3LndoaXRl Y2Fyc2VhdC5jb20iPg0KICAgICAgICA8aW1nIHNyYz0iaHR0cDovL3d3dy53 aGl0ZWNhcnNlYXQuY29tL2ltZy9mYW1fZW1haWxfMDEuZ2lmIiBib3JkZXI9 IjAiIE5PU0VORD0iMSIgd2lkdGg9IjE0MSIgaGVpZ2h0PSIyMTMiPg0KCTxi cj4NCiAgICAgICAgPGEgaHJlZj0iaHR0cDovL3d3dy53aGl0ZWNhcnNlYXQu Y29tIj4NCiAgICAgICAgPGltZyBoZWlnaHQ9IjM3IiBzcmM9Imh0dHA6Ly93 d3cud2hpdGVjYXJzZWF0LmNvbS9pbWcvZmFtX2VtYWlsX2NsaWNraGVyZS5n aWYiIHdpZHRoPSIxNDEiIGJvcmRlcj0iMCIgTk9TRU5EPSIxIj4NCgk8L2E+ PC9wPg0KICAgICAgICA8cCBhbGlnbj0iY2VudGVyIj4NCgkgICZuYnNwOzxi PjxzdHJpa2U+PGZvbnQgc2l6ZT0iNSI+UmV0YWlsIFByaWNlICQyNy45NTwv Zm9udD48L3N0cmlrZT48L2I+PC9wPg0KICAgICAgICA8aDEgYWxpZ249ImNl bnRlciI+PGZvbnQgY29sb3I9IiNmZjAwMDAiPjxmb250IHNpemU9IjciPk5P VyBPTkxZPC9mb250Pg0KICAgICAgICA8Zm9udCBzaXplPSI3Ij4kNC45NSE8 L2ZvbnQ+PC9mb250PjwvaDE+DQogICAgICAgIDxoMSBhbGlnbj0iY2VudGVy Ij48Zm9udCBmYWNlPSJ2ZXJkYW5hLGFyaWFsIiBzaXplPSIyIj48YSBocmVm PSJodHRwOi8vd3d3LndoaXRlY2Fyc2VhdC5jb20iPg0KICAgICAgICA8aW1n IGJvcmRlcj0iMCIgc3JjPSJodHRwOi8vd3d3LndoaXRlY2Fyc2VhdC5jb20v aW1nL21pZ2h0eXByby5qcGciIHdpZHRoPSIxMzgiIGhlaWdodD0iMTAwIj48 L2ZvbnQ+PC9oMT4NCiAgICAgICAgPC90ZD4NCiAgICAgICAgPHRkIHZBbGln bj0idG9wIiBhbGlnbj0ibGVmdCIgaGVpZ2h0PSI1ODciPjxhIGhyZWY9Imh0 dHA6Ly93d3cud2hpdGVjYXJzZWF0LmNvbSI+DQogICAgICAgIDxpbWcgc3Jj PSJodHRwOi8vd3d3LndoaXRlY2Fyc2VhdC5jb20vaW1nL2ZhbV9lbWFpbF8w Mi5naWYiIGJvcmRlcj0iMCIgTk9TRU5EPSIxIiB3aWR0aD0iNDEzIiBoZWln aHQ9IjEwNiI+DQogICAgICAgIDxwIGFsaWduPSJjZW50ZXIiPjxmb250IGNv bG9yPSIjZmYwMDAwIiBzaXplPSI0Ij5IZWFsdGh5IEFsbCBBbWVyaWNhbiAN CiAgICAgICAgQ29va2luZyBhbGwgeWVhciByb3VuZCAhPC9mb250Pjxmb250 IHNpemU9IjQiPiA8L2ZvbnQ+IDwvcD4NCiAgICAgICAgPHRhYmxlIHdpZHRo PSI0MTMiIGhlaWdodD0iMzkyIj4NCiAgICAgICAgICA8dHI+DQogICAgICAg ICAgICA8dGQgYWxpZ249ImxlZnQiIGhlaWdodD0iMzg4Ij48Zm9udCBmYWNl PSJ2ZXJkYW5hLGFyaWFsIiBzaXplPSIyIj5Ob3cgeW91IGNhbiANCiAgICAg ICAgICAgIGhhdmUgdGhlIGdyZWF0IHRhc3RlLCB0ZXh0dXJlIGFuZCBmbGF2 b3Igb2YgZ3JpbGxlZCBmb29kIHJpZ2h0IGluIA0KICAgICAgICAgICAgeW91 ciBob21lLCBhbnl0aW1lIHllYXIgJ3JvdW5kIHdpdGhvdXQgYXdrd2FyZCBl cXVpcG1lbnQuIFRoZSA8Yj5NaWdodHkgDQogICAgICAgICAgICBQcm8gR3Jp bGw8L2I+IHR1cm5zIGFueSBlbGVjdHJpYyBvciBnYXMgc3RvdmUgaW50byBh IGdyaWxsaW5nIG1hcnZlbC4gDQogICAgICAgICAgICBUaGUgbm9uLXN0aWNr IHByZWNpc2lvbiBjb29rIGdyaWxsIHBsYXRlIHNlYXJzIHRoZSBmb29kIHRv IGdvbGRlbiANCiAgICAgICAgICAgIGJyb3duIGNoYXIgZ3JpbGxlZCBwZXJm ZWN0aW9uIHdoaWxlIHRoZSBmbGF2b3IgcmluZyBzdGVhbXMgYmFjayB0aGUg DQogICAgICAgICAgICBuYXR1cmFsIGZsYXZvcnMgaW5mdXNpbmcgdGhlIGZv b2Qgd2l0aCBpbmNyZWRpYmxlIHRhc3RlLiBUaGUgZ3JlYXNlIA0KICAgICAg ICAgICAgYW5kIGZhdHMgcm9sbCBoYXJtbGVzc2x5IGF3YXkgc28geW91J3Jl IGVhdGluZyBsb3cgZmF0LiBHcmlsbCANCiAgICAgICAgICAgIGJ1cmdlcnMs IGhvdCBkb2dzLCBzdGVha3MgYW5kIGNob3BzLCBjaGlja2VuLCBzaHJpbXAg a2Fib2JzLCBhbmQgDQogICAgICAgICAgICBtZWx0IGluIHlvdXIgbW91dGgg Z3JpbGxlZCB2ZWdldGFibGVzLiBUaGUgPGI+TWlnaHR5IFBybyBHcmlsbDwv Yj4gZXZlbiANCiAgICAgICAgICAgIGdvZXMgaW50byB0aGUgb3ZlbiBmb3Ig bG93IGZhdCBtZWF0IGxvYWYgYW5kIENvcm5pc2ggZ2FtZSBoZW4uIEFsc28g DQogICAgICAgICAgICBncmVhdCBmb3IgUlZzLCBib2F0cyBhbmQgY2FtcGVy cy48L2ZvbnQ+PGZvbnQgZmFjZT0idmVyZGFuYSxhcmlhbCIgc2l6ZT0iMiI+ PHVsPg0KICAgICAgICAgICAgICA8bGk+U21va2VsZXNzIEdyaWxsIENvbnZl cnRzIFlvdXIgU3RvdmUgdG8gaW5kb29yIEJhcmJlY3VlIDwvbGk+DQogICAg ICAgICAgICAgIDxsaT5Vc2Ugb24gRWxlY3RyaWMsIEdhcyBvciBQcm9wYW5l IHN0b3ZlcyA8L2xpPg0KICAgICAgICAgICAgICA8bGk+V2F0ZXItRmlsbGVk IG91dGVyIHJpbmcgY2F0Y2hlcyBmYXQgYW5kIGp1aWNlcyBkdXJpbmcgY29v a2luZywgDQogICAgICAgICAgICAgIGVsaW1pbmF0ZXMgc21va2UgYW5kIHNw bGF0dGVyaW5nIDwvbGk+DQogICAgICAgICAgICAgIDxsaT5Ob24tc3RpY2sg c3VyZmFjZSBmb3IgZWFzeSBjbGVhbnVwIDwvbGk+DQogICAgICAgICAgICAg IDxsaT5ObyBmdXNzaW5nIHdpdGggY2hhcmNvYWwgb3Igd2FpdGluZyBmb3Ig dGhlIGZpcmUgdG8gaGVhdCB1cA0KICAgICAgICAgICAgICA8L2xpPg0KICAg ICAgICAgICAgICA8bGk+R3JlYXQgZm9yIGNoaWNrZW4sIGZpc2gsIHN0ZWFr LCBob3QgZG9ncywgaGFtYnVyZ2VycywgDQogICAgICAgICAgICAgIHZlZ2V0 YWJsZXMsIG1vcmUuLi48L2xpPg0KICAgICAgICAgICAgPC91bD4NCiAgICAg ICAgICAgIDwvZm9udD4NCiAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAg PC90cj4NCiAgICAgICAgPC90YWJsZT4NCiAgICAgICAgPHAgYWxpZ249ImNl bnRlciI+DQogICAgICAgIDxpbWcgYWx0PSJNYXN0ZXIgQ2FyZCIgc3JjPSJo dHRwOi8vd3d3LndoaXRlY2Fyc2VhdC5jb20vaW1nL21jbG9nby5naWYiIGJv cmRlcj0iMCIgd2lkdGg9IjYwIiBoZWlnaHQ9IjM2Ij4NCgkgIDxpbWcgYWx0 PSJWaXNhIENhcmQiIHNyYz0iaHR0cDovL3d3dy53aGl0ZWNhcnNlYXQuY29t L2ltZy92aXNhLmdpZiIgYm9yZGVyPSIwIiB3aWR0aD0iNjAiIGhlaWdodD0i MzgiPg0KICAgICAgICA8L3RkPg0KICAgICAgPC90cj4NCiAgICA8L3RhYmxl PiANCiAgICA8L3RkPg0KICA8L3RyPg0KPC90YWJsZT4NCjxkaXYgYWxpZ249 ImNlbnRlciI+DQogIDxjZW50ZXI+DQogIDx0YWJsZSBib3JkZXI9IjAiIGNl bGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgc3R5bGU9ImJvcmRlci1j b2xsYXBzZTogY29sbGFwc2UiIGJvcmRlcmNvbG9yPSIjMTExMTExIiB3aWR0 aD0iNjElIiBpZD0iQXV0b051bWJlcjEiPg0KICAgIDx0cj4NCiAgICAgIDx0 ZCB3aWR0aD0iMTAwJSI+PHR0Pg0KICAgICAgPGZvbnQgZmFjZT0iQXJpYWws SGVsdmV0aWNhLHNhbnMtc2VyaWYiIGNvbG9yPSIjODA4MDgwIiBzaXplPSIx Ij5USElTIA0KICAgICAgTUVTU0FHRSBJUyBCRUlORyBTRU5UIElOIENPTVBM SUFOQ0UgV0lUSCBQRU5ESU5HIEVNQUlMIEJJTExTICZhbXA7IExBV1M6Jm5i c3A7IA0KICAgICAgU0VDVElPTiAzMDEuIFBFUiBTRUNUSU9OLCBQQVJBR1JB UEggKGEpICgyKSAoYykgb2YgUy4gMTYxOC4gVGhpcyBtZXNzYWdlIA0KICAg ICAgaXMgbm90IGludGVuZGVkIGZvciByZXNpZGVudHMgaW4gdGhlIFN0YXRl IG9mIFdBLCBOViwgQ0EgJmFtcDsgVkEuIFNjcmVlbmluZyANCiAgICAgIG9m IGFkZHJlc3NlcyBoYXMgYmVlbiBkb25lIHRvIHRoZSBiZXN0IG9mIG91ciB0 ZWNobmljYWwgYWJpbGl0eS4gV2UgaG9ub3IgDQogICAgICBhbGwgcmVtb3Zh bCByZXF1ZXN0cy4gVG8gYmUgcmVtb3ZlZCBmcm9tIG91ciBkYXRhYmFzZSwg cGxlYXNlIGRvIA0KICAgICAgZm9sbG93aW5nOyBSZXBseSB0byBtZXNzYWdl IHdpdGggdGhlIHdvcmQgJnF1b3Q7UmVtb3ZlJnF1b3Q7IGluIHRoZSBzdWJq ZWN0IGxpbmUuIA0KICAgICAgRW1haWwgcmVwbGllcyBtYXkgdGFrZSB1cCB0 byA1IGJ1c2luZXNzIGRheXMgdG8gcHJvY2Vzcy48L2ZvbnQ+PC90dD48L3Rk Pg0KICAgIDwvdHI+DQogIDwvdGFibGU+DQogIDwvY2VudGVyPg0KPC9kaXY+ DQo8L2JvZHk+DQo8L2h0bWw+DQoNCjg2MDJiVHlBMC04NzFyQ3VRNjA3MGZI cHI0LTY3MGhOVnVsMzI -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Ben Lindstrom wrote:> For those with pmake install there is regress/ which you can try out. It > may help any platform issues. I know some platforms will outright fail > (AIX). Hopefully post 3.5 we can look at supplying gnu make files.Apologies for the previous message (had a small cut-and-paste accident :-). Builds and test OK on AIX 4.3.3. Regression tests seem OK. I wasn't sure what to expect, I've included the results below. I needed to make some modifications to the tests which I'll clean up and post. I don't think they reduce portability but I could be wrong. OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /usr/local/etc Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin Manpage format: man PAM support: no KerberosIV support: no KerberosV support: no Smartcard support: no AFS support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: ssh-rand-helper ssh-rand-helper collects from: Command hashing (timeout 200) Host: powerpc-ibm-aix4.3.3.0 Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: -I/usr/local/ssl/include -I/usr/local/include Linker flags: -L/usr/local/ssl/lib -L/usr/local/lib Libraries: -lz -lcrypto $ ./run-tests.sh ok simple connect ok proxy connect ok proxy connect with privsep ok sshd version with different protocol combinations ok protocol version mismatch test remote exit status: proto 1 status 0 test remote exit status: proto 1 status 1 test remote exit status: proto 1 status 4 test remote exit status: proto 1 status 5 test remote exit status: proto 1 status 44 test remote exit status: proto 2 status 0 test remote exit status: proto 2 status 1 test remote exit status: proto 2 status 4 test remote exit status: proto 2 status 5 test remote exit status: proto 2 status 44 ok remote exit status transfer data: proto 1 transfer data: proto 2 ok transfer data test stderr data transfer: proto 1 () test stderr data transfer: proto 2 () test stderr data transfer: proto 1 (-n) test stderr data transfer: proto 2 (-n) ok stderr data transfer ok stderr data after eof ok broken pipe test test try ciphers: proto 2 cipher aes128-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes128-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes128-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes128-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher 3des-cbc mac hmac-sha1 test try ciphers: proto 2 cipher 3des-cbc mac hmac-md5 test try ciphers: proto 2 cipher 3des-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher 3des-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-sha1 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-md5 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher cast128-cbc mac hmac-sha1 test try ciphers: proto 2 cipher cast128-cbc mac hmac-md5 test try ciphers: proto 2 cipher cast128-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher cast128-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher arcfour mac hmac-sha1 test try ciphers: proto 2 cipher arcfour mac hmac-md5 test try ciphers: proto 2 cipher arcfour mac hmac-sha1-96 test try ciphers: proto 2 cipher arcfour mac hmac-md5-96 test try ciphers: proto 2 cipher aes192-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes192-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes192-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes192-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher aes256-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes256-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes256-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes256-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-sha1 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-md5 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-sha1-96 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-md5-96 test try ciphers: proto 1 cipher 3des test try ciphers: proto 1 cipher blowfish ok try ciphers ok yes pipe head ok simple agent test ok keyscan test basic sftp put/get: buffer_size 5 num_requests 1 test basic sftp put/get: buffer_size 5 num_requests 2 test basic sftp put/get: buffer_size 5 num_requests 10 test basic sftp put/get: buffer_size 1000 num_requests 1 test basic sftp put/get: buffer_size 1000 num_requests 2 test basic sftp put/get: buffer_size 1000 num_requests 10 test basic sftp put/get: buffer_size 32000 num_requests 1 test basic sftp put/get: buffer_size 32000 num_requests 2 test basic sftp put/get: buffer_size 32000 num_requests 10 test basic sftp put/get: buffer_size 64000 num_requests 1 test basic sftp put/get: buffer_size 64000 num_requests 2 test basic sftp put/get: buffer_size 64000 num_requests 10 ok basic sftp put/get ok local and remote forwarding -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Compiles and tests OK on HP-UX 11.00. Regression tests seem OK.
I did find that neither ssh nor sshd work when compiled as a 64-bit
binary with gcc. I don't know if there would ever be a good reason to do
this; you can run a 32-bit ssh/sshd on a 64-bit capable system.
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH:
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: man
PAM support: no
KerberosIV support: no
KerberosV support: no
Smartcard support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: yes
Use IPv4 by default hack: no
Translate v4 in v6 hack: no
BSD Auth support: no
Random number source: ssh-rand-helper
ssh-rand-helper collects from: Unix domain socket
"/var/run/egd-pool"
Host: hppa2.0w-hp-hpux11.00
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags: -I/usr/local/ssl/include -D_HPUX_SOURCE
-D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXT
ENDED=1
Linker flags: -L/usr/local/ssl/lib
Libraries: -lz -lnsl -lxnet -lsec -lcrypto
$ ./run-tests.sh
ok simple connect
ok proxy connect
ok proxy connect with privsep
ok sshd version with different protocol combinations
ok protocol version mismatch
test remote exit status: proto 1 status 0
test remote exit status: proto 1 status 1
test remote exit status: proto 1 status 4
test remote exit status: proto 1 status 5
test remote exit status: proto 1 status 44
test remote exit status: proto 2 status 0
test remote exit status: proto 2 status 1
test remote exit status: proto 2 status 4
test remote exit status: proto 2 status 5
test remote exit status: proto 2 status 44
ok remote exit status
transfer data: proto 1
transfer data: proto 2
ok transfer data
test stderr data transfer: proto 1 ()
test stderr data transfer: proto 2 ()
test stderr data transfer: proto 1 (-n)
test stderr data transfer: proto 2 (-n)
ok stderr data transfer
ok stderr data after eof
ok broken pipe test
test try ciphers: proto 2 cipher aes128-cbc mac hmac-sha1
test try ciphers: proto 2 cipher aes128-cbc mac hmac-md5
test try ciphers: proto 2 cipher aes128-cbc mac hmac-sha1-96
test try ciphers: proto 2 cipher aes128-cbc mac hmac-md5-96
test try ciphers: proto 2 cipher 3des-cbc mac hmac-sha1
test try ciphers: proto 2 cipher 3des-cbc mac hmac-md5
test try ciphers: proto 2 cipher 3des-cbc mac hmac-sha1-96
test try ciphers: proto 2 cipher 3des-cbc mac hmac-md5-96
test try ciphers: proto 2 cipher blowfish-cbc mac hmac-sha1
test try ciphers: proto 2 cipher blowfish-cbc mac hmac-md5
test try ciphers: proto 2 cipher blowfish-cbc mac hmac-sha1-96
test try ciphers: proto 2 cipher blowfish-cbc mac hmac-md5-96
test try ciphers: proto 2 cipher cast128-cbc mac hmac-sha1
test try ciphers: proto 2 cipher cast128-cbc mac hmac-md5
test try ciphers: proto 2 cipher cast128-cbc mac hmac-sha1-96
test try ciphers: proto 2 cipher cast128-cbc mac hmac-md5-96
test try ciphers: proto 2 cipher arcfour mac hmac-sha1
test try ciphers: proto 2 cipher arcfour mac hmac-md5
test try ciphers: proto 2 cipher arcfour mac hmac-sha1-96
test try ciphers: proto 2 cipher arcfour mac hmac-md5-96
test try ciphers: proto 2 cipher aes192-cbc mac hmac-sha1
test try ciphers: proto 2 cipher aes192-cbc mac hmac-md5
test try ciphers: proto 2 cipher aes192-cbc mac hmac-sha1-96
test try ciphers: proto 2 cipher aes192-cbc mac hmac-md5-96
test try ciphers: proto 2 cipher aes256-cbc mac hmac-sha1
test try ciphers: proto 2 cipher aes256-cbc mac hmac-md5
test try ciphers: proto 2 cipher aes256-cbc mac hmac-sha1-96
test try ciphers: proto 2 cipher aes256-cbc mac hmac-md5-96
test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac
hmac-sha1
test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac
hmac-md5
test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac
hmac-sha1-96
test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac
hmac-md5-96
test try ciphers: proto 1 cipher 3des
test try ciphers: proto 1 cipher blowfish
ok try ciphers
ok yes pipe head
ok simple agent test
ok keyscan
test basic sftp put/get: buffer_size 5 num_requests 1
test basic sftp put/get: buffer_size 5 num_requests 2
test basic sftp put/get: buffer_size 5 num_requests 10
test basic sftp put/get: buffer_size 1000 num_requests 1
test basic sftp put/get: buffer_size 1000 num_requests 2
test basic sftp put/get: buffer_size 1000 num_requests 10
test basic sftp put/get: buffer_size 32000 num_requests 1
test basic sftp put/get: buffer_size 32000 num_requests 2
test basic sftp put/get: buffer_size 32000 num_requests 10
test basic sftp put/get: buffer_size 64000 num_requests 1
test basic sftp put/get: buffer_size 64000 num_requests 2
test basic sftp put/get: buffer_size 64000 num_requests 10
ok basic sftp put/get
ok local and remote forwarding
--
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.