Hi All.
We are planning on doing one of our regular OpenSSH releases (4.6/4.6p1)
some time next week. This is a mostly a bugfix release, but there is
one new feature:
sshd now allows the enabling and disabling of authentication methods on
a per user, group, host and network basis via the Match directive in
sshd_config.
The bugs fixed are:
#52 ssh hangs on exit.
#1252 sftp returns 0 when upload is unsuccessful due to a full device.
#1259 small typos in ssh-rand-helper(8).
#1265 SCP progress doesn't map to standard out or standard error.
#1275 Config parsing (parse_time) in Host: context acts globally.
#1281 getrrsetbyname() does not check the presence of SIG records.
#1283 findssl assumes existence of 'which'.
#1267 PermitOpen - Multiple forwards don't works
plus many more small fixes and man page tweaks. Thanks to all who
contributed.
More detail may be found in the ChangeLog in the portable OpenSSH
tarballs.
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable snapshots are available at:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot/
or one of its mirrors listed at http://www.openssh.com/portable.html#ftp
Running the regression tests supplied with Portable does not require
installation and is a simply:
$ ./configure && make tests
Testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev at mindrot.org.
Thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
On Thu, Mar 01, 2007 at 11:54:14PM +1100, Darren Tucker wrote:> Testing on suitable non-production systems is also appreciated. > Please send reports of success or failure to > openssh-unix-dev at mindrot.org.CVS is all good with Linux 2.6.19.1 and glibc 2.4. //Peter
On Thu, 01 Mar 2007 23:54:14 +1100 Darren Tucker <dtucker at zip.com.au> wrote:> Please send reports of success or failure to > openssh-unix-dev at mindrot.org.20070302 builds fine and passes all tests on Tru64 5.1A Simon
On Mar 1 23:54, Darren Tucker wrote:> Hi All. > > We are planning on doing one of our regular OpenSSH releases (4.6/4.6p1) > some time next week. This is a mostly a bugfix release, but there is > one new feature: > [...] > Testing on suitable non-production systems is also appreciated. > Please send reports of success or failure to > openssh-unix-dev at mindrot.org.Current CVS builds and runs fine on Cygwin. However, the testsuite didn't work out of the box. After some time I figured out that this is related to the lineendings in the pidfile (CRLF instead of just LF). It occured to me that OpenSSH on Cygwin is still built so that it uses textmode instead of binary mode when writing files. However, the right way to do this is to read files in textmode (which allows CRLF as well as LF lineendings) and to write in binary mode, except the path to the output file is mounted in textmode(*). So, I hope it's still not too late to get the below patch in, before 4.6p1 is released. With this patch, the testsuite runs fine OOTB as well. Thanks in advance, Corinna Index: configure.ac ==================================================================RCS file: /cvs/openssh/configure.ac,v retrieving revision 1.370 diff -p -u -r1.370 configure.ac --- configure.ac 6 Oct 2006 23:07:21 -0000 1.370 +++ configure.ac 1 Mar 2007 18:38:52 -0000 @@ -360,7 +360,7 @@ int main(void) { exit(0); } ;; *-*-cygwin*) check_for_libcrypt_later=1 - LIBS="$LIBS /usr/lib/textmode.o" + LIBS="$LIBS /usr/lib/textreadmode.o" AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin]) AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()]) AC_DEFINE(DISABLE_SHADOW, 1, (*) I really hate having to consider this Windowism. -- Corinna Vinschen Cygwin Project Co-Leader Red Hat
On 1 Mar 2007, at 12:54, Darren Tucker wrote:> We are planning on doing one of our regular OpenSSH releases > (4.6/4.6p1) > some time next week. This is a mostly a bugfix release, but there is > one new feature:I take it there's no chance of any of the GSSAPI/Kerberos bugs on bugzilla.mindrot.org being fixed for this release? Simon.
On Thu, 01 Mar 2007 23:54:14 +1100 Darren Tucker <dtucker at zip.com.au> wrote:> Please send reports of success or failure to > openssh-unix-dev at mindrot.org.Tried testing with Snapshot 20070302 There seems to be an implicit assumption that if locate exists as an executable on the system, then there will be a database that can be used by locate to find various files. This may not always be the case. In these situations configure will fail. If execute permissions are removed from locate or updatedb is executed, then configure will succeed. Other than that I saw no problems with building, installing or using the Snapshot. Bill
Hi, On Thu, Mar 01, 2007 at 11:54:14PM +1100, Darren Tucker wrote:> Running the regression tests supplied with Portable does not require > installation and is a simply: > > $ ./configure && make testsok for yesterday's CVS snapshot on NetBSD 2.0.3 / Sparc64. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
Norihiko Murase
2007-Mar-02 18:29 UTC
(20070302) Warning messages on FreeBSD 4.11-RELEASE (Re: Call for release testing.)
Two kinds of the warning messages were displayed when I
tried building the snapshot 20070302 on the machine where
FreeBSD 4.11-RELEASE is running.
The environment under which I built it is as follows:
CPU: i386 family
OS: FreeBSD 4.11-RELEASE
Compiler: gcc 2.95.4 20020320 [FreeBSD] (/usr/bin/gcc)
The options I specified in executing the configure script are as follows:
./configure --prefix=/usr/local/OpenSSH --datarootdir='$(prefix)'
--with-rpath \
--without-osfsia --with-zlib=/usr/local/zlib --without-skey
--with-tcp-wrappers \
--with-libedit=/usr/local/libedit --without-audit --without-pam \
--with-ssl-dir=/usr/local/OpenSSL --without-rand-helper \
--with-privsep-user=sshd --with-privsep-path=/var/empty \
--without-sectok --without-opensc --without-kerberos5 \
--with-xauth=/usr/X11R6/bin/xauth --without-ipaddr-display \
--with-default-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
\
--with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
\
--without-4in6 --with-pid-dir=/var/run
The warning messages displayed when I built it are
classified into two:
(1) warning: `MAXSYMLINKS' redefined
(2) warning: `__nonnull__' attribute directive ignored
Both kinds of them are displayed
when openssh/openbsd-compat/bsd-misc.c is compiled, just as follows:
------------------------------------------------------------
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -I. -I.. -I.
-I./.. -I/usr/local/OpenSSL/include -I/usr/l
ocal/zlib/include -I/usr/local/libedit/include -DHAVE_CONFIG_H -c bsd-misc.c
In file included from /usr/include/resolv.h:60,
from ../openbsd-compat/getrrsetbyname.h:59,
from ../openbsd-compat/openbsd-compat.h:45,
from ../includes.h:167,
from bsd-misc.c:18:
/usr/include/sys/param.h:194: warning: `MAXSYMLINKS' redefined
../defines.h:72: warning: this is the location of the previous definition
In file included from bsd-misc.c:31:
../xmalloc.h:26: warning: `__nonnull__' attribute directive ignored
------------------------------------------------------------
I'm very happy if you give me some comments about this.
Thanks,
---
Norihiko Murase <skeleten at shillest.net>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mac OS X version 10.4.8 $ uname -a Darwin enoch.local 8.8.0 Darwin Kernel Version 8.8.0: Fri Sep 8 17:18:57 PDT 2006; root:xnu-792.12.6.obj~1/RELEASE_PPC Power Macintosh powerpc $ ./configure --with-ssl-dir=/usr/local/ssl $ /usr/local/ssl/bin/openssl version OpenSSL 0.9.8d 28 Sep 2006 All tests ok. Stock openssl had an issue with version mismatch between library and include files so I had to use the fresher one that I keep in /usr/local. jd - -- John Devitofranceschi, E-Mail: jdvf at optonline.net Fax: +1 203 348 8219 PGP Fingerprint: 0D33 5A27 0810 9543 64FB DF4A 54CF 4B40 1335 4673 "What," asked Mr. Croup, "do you want?" "What," asked the marquis de Carabas, a little more rhetorically, "does anyone want?" "Dead things," suggested Mr. Vandemar. "Extra teeth." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) iD8DBQFF6c6/VM9LQBM1RnMRAoocAJ4lenwzrsx2L088SSOUz1xLS7pmsgCgyPH1 A2Zz8zv/zg6FC3OzYLtTFkA=LYSD -----END PGP SIGNATURE-----
> Hi All. > > We are planning on doing one of our regular OpenSSH releases (4.6/4.6p1) > some time next week. This is a mostly a bugfix release, but there is > one new feature: > > sshd now allows the enabling and disabling of authentication methods on > a per user, group, host and network basis via the Match directive in > sshd_config. >$ ./configure && make tests are passed in HP-UX 11i version 1.0 and 2.0 platforms. Regards, Santhi.
On Thu, 01 Mar 2007 23:54:14 +1100 Darren Tucker <dtucker at zip.com.au> wrote:> Please send reports of success or failure to > openssh-unix-dev at mindrot.org.Tried testing with Snapshot 20070306 on Tru64 version 5.1B. # sizer -v; uname -svrp Compaq Tru64 UNIX V5.1B (Rev. 2650) OSF1 alpha v5.1 2650 alpha # ./ssh -V OpenSSH_4.5p1-snap20070306, OpenSSL 0.9.8d 28 Sep 2006 All tests are OK. -- Daniele Calore ( orkaan at orkaan.org)
Darren Tucker
2007-Mar-29 13:45 UTC
(20070302) Warning messages on FreeBSD 4.11-RELEASE (Re: Call for release testing.)
Norihiko Murase wrote:> |From: Darren Tucker <dtucker at zip.com.au> > |Subject: (20070302) Warning messages on FreeBSD 4.11-RELEASE (Re: Call for release testing.) > |Message-ID: <20070328120240.GA21541 at gate.dtucker.net> > |Date: Wed, 28 Mar 2007 22:02:40 +1000 > | > |>This is the kind of thing I meant. If you try it you will need to run > |>"autoreconf" to rebuild configure, then rerun configure. > > Ok, I am willing to test this. > > But, unfortunately I do NOT have Autoconf installed in the > FreeBSD box I am using, so I would like you to send me the > tarball which has the new configure script.I have put it up at: http://www.zip.com.au/~dtucker/tmp/openssh-defines.tar.gz Happy testing! -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.