Hi all.
As most of you know, we are preparing OpenSSH 4.4p1 for release. We have
had one round of testing and I would like to thank all who responded.
We believe that most of the problems reported have been resolved.
If you are so inclined, we would appreciate a quick retest to ensure
that the fixed ones remain fixed and the working ones remain working.
Of the problems identitified, I am only aware of two reported that I do
not believe have been resolved:
regress hangs on Redhat 7.3, reason unknown (maybe IPv6 related?):
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115700350117023
regress failure on IRIX w/mipspro compiler (SSH protocol 1 only):
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115716627223333
I believe the first is new, but the latter is not. Unfortunately we are
not able to reproduce either.
And now, a rerun of the earlier message with the details:
Snapshots are available from http://www.mindrot.org/openssh_snap or
from any of the mirrors listed on http://www.openssh.org/portable.html
The latter page also includes instructions for checking out portable
OpenSSH via anonymous CVS.
This release contains many bugfixes and feature improvements. Here
are some highlights:
- Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of post-
authentication options are supported and more are expected to be
added in future releases.
- Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
- Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
- Add optional logging of transactions to sftp-server(8).
- ssh(1) will now record port numbers for hosts stored in
~/.ssh/authorized_keys when a non-standard port has been requested.
- Add an "ExitOnForwardFailure" options to cause ssh(1) to exit (with
a non-zero exit code) when requested port forwardings could not be
established.
- Extend the sshd_config(5) "SubSystem" directive to allow the
specification of commandline arguments.
- Add optional support for SELinux, controlled using the --with-selinux
configure option (experimental)
- Add optional support for Solaris process contracts, enabled using the
--with-solaris-contracts configure option (experimental)
- Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
- Fixed a lot of bugs. See
http://bugzilla.mindrot.org/show_bug.cgi?id=1155 for an incomplete
list (more in the ChangeLog)
- Lots of manpage fixes and improvements
- Many code cleanups, including:
- Switching to safer memory allocation functions that avoid integer
overflows when allocating arrays
- Cleanups of header file usage (ongoing)
- Fixes to leaks reported by the Coverity static analysis tool
Running the regression tests supplied with Portable does not require
installation, just run:
$ ./configure && make tests
Testing on suitable non-production systems is also appreciated. Please send
reports of success or failure to openssh-unix-dev at mindrot.org, including
details of your platform, compiler and configure options.
Thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Hi, On Fri, Sep 22, 2006 at 12:20:58AM +1000, Darren Tucker wrote:> We believe that most of the problems reported have been resolved. > If you are so inclined, we would appreciate a quick retest to ensure > that the fixed ones remain fixed and the working ones remain working.NetBSD 2.0.3_STABLE, Sparc64, CVS as of "just now": everything works. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
On 09/22/2006 00:20, Darren Tucker wrote:> Hi all. > > As most of you know, we are preparing OpenSSH 4.4p1 for release. We have > had one round of testing and I would like to thank all who responded. > > We believe that most of the problems reported have been resolved. > If you are so inclined, we would appreciate a quick retest to ensure > that the fixed ones remain fixed and the working ones remain working.Builds and passes regressions on SCO OSR6 using native compiler. Builds and passes regressions on SCO OSR507 using gcc 3.4.4. On OSR507 w/native compiler, fails during configure with: "OpenSSH requires int64_t support. Contact your vendor or install an alternative compiler (I.E., GCC) before continuing." But I believe this is expected. -- Roger Cornelius rac at tenzing.org
On Thu, Sep 21, 2006 at 01:36:08PM -0400, Roger Cornelius wrote:> On 09/22/2006 00:20, Darren Tucker wrote: > > Hi all. > > > > As most of you know, we are preparing OpenSSH 4.4p1 for release. We have > > had one round of testing and I would like to thank all who responded. > > > > We believe that most of the problems reported have been resolved. > > If you are so inclined, we would appreciate a quick retest to ensure > > that the fixed ones remain fixed and the working ones remain working. > > > Builds and passes regressions on SCO OSR6 using native compiler. > Builds and passes regressions on SCO OSR507 using gcc 3.4.4.Thanks.> On OSR507 w/native compiler, fails during configure with: > > "OpenSSH requires int64_t support. Contact your vendor or install > an alternative compiler (I.E., GCC) before continuing." > > But I believe this is expected.Yes, OpenSSH requires a native 64 bit type such as the "long" on LP64 systems or a 64 bit "long long" such as provided by most modern (and some not-so-modern) compilers. Without either of those, you will see that message and the build will fail. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Hi All,
I have tested the openssh-SNAP-20060922 in the following HP-UX machines:
11.11 PA-RISC:
-----------------
Configure and compile successfully.
11.23 IPF:
-----------
Configure and compile successfully.
HP-UX 11.00 PA-RISC:
--------------------------
Configures successfully. But the compilation ends with the following error:
cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o
sshconnect1.o
sshconnect2.o -L. -Lopenbsd-compat/ -L/usr/local/SSH-LIBS-42/openssl-0.9.7i/
ssl-2.0/lib -L/usr/local/SSH-LIBS-42/tcp_wrappers_7.6/tcp_wrappers-2.0 -L/us
r/local/SSH-LIBS-42/zlib-1.2.3/zlib-2.0/lib -L/usr/local/lib -lssh -lopenbs
d-compat -lcrypto -lz -lnsl -lxnet -lsec -lgssapi_krb5 -lkrb5 -lk5crypto -l
com_err
/usr/ccs/bin/ld: Unsatisfied symbols:
htonl (first referenced in ./libssh.a(canohost.o)) (code)
*** Error exit code 1
Stop.
Fix:
----
Include <arpa/inet.h> in canohost.c
Again the compilation ends with the following error:
cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o
sshconnect1.o
sshconnect2.o -L. -Lopenbsd-compat/ -L/usr/local/SSH-LIBS-42/openssl-0.9.7i/
ssl-2.0/lib -L/usr/local/SSH-LIBS-42/tcp_wrappers_7.6/tcp_wrappers-2.0 -L/us
r/local/SSH-LIBS-42/zlib-1.2.3/zlib-2.0/lib -L/usr/local/lib -lssh -lopenbs
d-compat -lcrypto -lz -lnsl -lxnet -lsec -lgssapi_krb5 -lkrb5 -lk5crypto -l
com_err
/usr/ccs/bin/ld: Unsatisfied symbols:
htonl (first referenced in ./libssh.a(packet.o)) (code)
*** Error exit code 1
Stop
Fix:
----
Include <arpa/inet.h> in packet.c
Thanks,
Santhi.
----- Original Message -----
From: "Darren Tucker" <dtucker at zip.com.au>
To: <openssh-unix-dev at mindrot.org>
Sent: Thursday, September 21, 2006 7:50 PM
Subject: Testing for the 4.4p1 release, round 2
> Hi all.
>
> As most of you know, we are preparing OpenSSH 4.4p1 for release. We have
> had one round of testing and I would like to thank all who responded.
>
> We believe that most of the problems reported have been resolved.
> If you are so inclined, we would appreciate a quick retest to ensure
> that the fixed ones remain fixed and the working ones remain working.
>
> Of the problems identitified, I am only aware of two reported that I do
> not believe have been resolved:
>
> regress hangs on Redhat 7.3, reason unknown (maybe IPv6 related?):
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115700350117023
>
> regress failure on IRIX w/mipspro compiler (SSH protocol 1 only):
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115716627223333
>
> I believe the first is new, but the latter is not. Unfortunately we are
> not able to reproduce either.
>
> And now, a rerun of the earlier message with the details:
>
> Snapshots are available from http://www.mindrot.org/openssh_snap or
> from any of the mirrors listed on http://www.openssh.org/portable.html
> The latter page also includes instructions for checking out portable
> OpenSSH via anonymous CVS.
>
> This release contains many bugfixes and feature improvements. Here
> are some highlights:
>
> - Implemented conditional configuration in sshd_config(5) using the
> "Match" directive. This allows some configuration options to be
> selectively overridden if specific criteria (based on user, group,
> hostname and/or address) are met. So far a useful subset of post-
> authentication options are supported and more are expected to be
> added in future releases.
> - Added a "ForceCommand" directive to sshd_config(5). Similar to
the
> command="..." option accepted in ~/.ssh/authorized_keys, this
forces
> the execution of the specified command regardless of what the user
> requested. This is very useful in conjunction with the new
"Match"
> option.
> - Add a "PermitOpen" directive to sshd_config(5). This mirrors
the
> permitopen="..." authorized_keys option, allowing fine-grained
> control over the port-forwardings that a user is allowed to
> establish.
> - Add optional logging of transactions to sftp-server(8).
> - ssh(1) will now record port numbers for hosts stored in
> ~/.ssh/authorized_keys when a non-standard port has been requested.
> - Add an "ExitOnForwardFailure" options to cause ssh(1) to exit
(with
> a non-zero exit code) when requested port forwardings could not be
> established.
> - Extend the sshd_config(5) "SubSystem" directive to allow the
> specification of commandline arguments.
> - Add optional support for SELinux, controlled using the --with-selinux
> configure option (experimental)
> - Add optional support for Solaris process contracts, enabled using the
> --with-solaris-contracts configure option (experimental)
> - Add support for Diffie-Hellman group exchange key agreement with a
> final hash of SHA256.
> - Fixed a lot of bugs. See
> http://bugzilla.mindrot.org/show_bug.cgi?id=1155 for an incomplete
> list (more in the ChangeLog)
> - Lots of manpage fixes and improvements
> - Many code cleanups, including:
> - Switching to safer memory allocation functions that avoid integer
> overflows when allocating arrays
> - Cleanups of header file usage (ongoing)
> - Fixes to leaks reported by the Coverity static analysis tool
>
> Running the regression tests supplied with Portable does not require
> installation, just run:
>
> $ ./configure && make tests
>
> Testing on suitable non-production systems is also appreciated. Please
send> reports of success or failure to openssh-unix-dev at mindrot.org, including
> details of your platform, compiler and configure options.
>
> Thanks.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
On Fri, Sep 22, 2006 at 02:34:43PM +0530, santhi wrote:> Hi All, > > I have tested the openssh-SNAP-20060922 in the following HP-UX machines:Thanks.> HP-UX 11.00 PA-RISC: > -------------------------- > Configures successfully. But the compilation ends with the following error:[...]> /usr/ccs/bin/ld: Unsatisfied symbols: > htonl (first referenced in ./libssh.a(canohost.o)) (code) > > Fix: > ---- > Include <arpa/inet.h> in canohost.c[...]> Include <arpa/inet.h> in packet.cBoth now fixed, thanks. Index: canohost.c ==================================================================RCS file: /var/cvs/openssh/canohost.c,v retrieving revision 1.70 diff -u -p -r1.70 canohost.c --- canohost.c 5 Aug 2006 02:39:39 -0000 1.70 +++ canohost.c 22 Sep 2006 09:21:46 -0000 @@ -18,6 +18,7 @@ #include <sys/socket.h> #include <netinet/in.h> +#include <arpa/inet.h> #include <ctype.h> #include <errno.h> Index: packet.c ==================================================================RCS file: /var/cvs/openssh/packet.c,v retrieving revision 1.144 diff -u -p -r1.144 packet.c --- packet.c 21 Sep 2006 03:00:25 -0000 1.144 +++ packet.c 22 Sep 2006 09:21:46 -0000 @@ -50,6 +50,7 @@ #include <netinet/in_systm.h> #include <netinet/in.h> #include <netinet/ip.h> +#include <arpa/inet.h> #include <errno.h> #include <stdarg.h> -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.