Hi, OpenSSH 5.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains a couple of large and intrusive features and changes and quite a number of bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via anonymous CVS using the instructions at http://www.openssh.com/portable.html#cvs or via Mercurial at http://hg.mindrot.org/openssh Running the regression tests supplied with Portable OpenSSH does not require installation and is a simply: $ ./configure && make tests Live testing on suitable non-production systems is also appreciated. Please send reports of success or failure to openssh-unix-dev at mindrot.org. Below is a summary of changes. More detail may be found in the ChangeLog in the portable OpenSSH tarballs. Thanks to the many people who contributed to this release. ------------------------------- Features: * Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656) is NOT implemented. Certificate host and user keys using the new ECDSA key types are supported - an ECDSA key may be certified, and an ECDSA key may act as a CA to sign certificates. ECDH in a 256 bit curve field is the preferred key agreement algorithm when both the client and server support it. ECDSA host keys are preferred when learning a host's keys for the first time. * sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command * scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. * ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys, since these are now preferred when learning hostkeys for the first time. * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. * sftp(1): the sftp client is now significantly faster, using OpenBSD glob(3) extensions to preserve the results of stat(3) operations performed in the course of its execution rather than performing expensive round trips to fetch them again afterwards. * ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. this allows the mux clients to determine that the server socket is either ready or stale without races. stale server sockets are now automatically removed * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism and use it to add a bandwidth limit option to sftp(1). BugFixes: * ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories * ssh(1): avoid NULL deref on receiving a channel request on an unknown or invalid channel; bz#1842 * sshd(8): remove a debug() that pollutes stderr on client connecting to a server in debug mode; bz#1719, ok dtucker * scp(1): pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 * sftp-server(8): umask should be parsed as octal * sftp(1): escape '[' in filename tab-completion * ssh(1): Typo in confirmation message. bz#1827 * sshd(8): prevent free() of string in .rodata when overriding AuthorizedKeys in a Match block * Support building against openssl-1.0.0a * sshd(8): Use default shell /bin/sh if $SHELL is "" * ssh(1): kill proxy command on fatal() (we already kill it on clean exit); * ssh(1): install a SIGCHLD handler to reap expiried child process Portable OpenSSH Bugfixes: * Use mandoc as preferred manpage formatter if it is present, followed by nroff and groff respectively. * sshd(8): Relax permission requirement on btmp logs to allow group read/writea * bz#1840: fix warning when configuring --with-ssl-engine * sshd(8): Use correct uid_t/pid_t types instead of int. bz#1817 * sshd(8): bz#1824: Add Solaris Project support. * sshd(8): Check is_selinux_enabled for exact return code since it can apparently return -1 under some conditions. Reporting Bugs: ============== - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh at openssh.com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom.
----- Original Message -----> Hi, > > OpenSSH 5.7 is almost ready for release, so we would appreciate > testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number > of > bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via anonymous CVS using the > instructions at http://www.openssh.com/portable.html#cvs or > via Mercurial at http://hg.mindrot.org/openssh > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also > appreciated. Please send reports of success or failure to > openssh-unix-dev at mindrot.org. > > Below is a summary of changes. More detail may be found in the > ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > >Hello, snapshot from Jan 6 2011 failed on rhel6: cd ./regress || exit $?; \ make \ .OBJDIR="${BUILDDIR}/regress" \ .CURDIR="`pwd`" \ BUILDDIR="${BUILDDIR}" \ OBJ="${BUILDDIR}/regress/" \ PATH="${BUILDDIR}:${PATH}" \ TEST_SHELL="${TEST_SHELL}" \ TEST_SSH_SSH="${TEST_SSH_SSH}" \ TEST_SSH_SSHD="${TEST_SSH_SSHD}" \ TEST_SSH_SSHAGENT="${TEST_SSH_SSHAGENT}" \ TEST_SSH_SSHADD="${TEST_SSH_SSHADD}" \ TEST_SSH_SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" \ TEST_SSH_SSHPKCS11HELPER="${TEST_SSH_SSHPKCS11HELPER}" \ TEST_SSH_SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" \ TEST_SSH_SFTP="${TEST_SSH_SFTP}" \ TEST_SSH_SFTPSERVER="${TEST_SSH_SFTPSERVER}" \ TEST_SSH_PLINK="${TEST_SSH_PLINK}" \ TEST_SSH_PUTTYGEN="${TEST_SSH_PUTTYGEN}" \ TEST_SSH_CONCH="${TEST_SSH_CONCH}" \ TEST_SSH_IPV6="yes" \ EXEEXT="" \ tests && echo all tests passed make[1]: Entering directory `/home/jfch/test/openssh/regress' ssh-keygen -if /home/jfch/test/openssh/regress/rsa_ssh2.prv | diff - /home/jfch/test/openssh/regress/rsa_openssh.prv tr '\n' '\r' </home/jfch/test/openssh/regress/rsa_ssh2.prv > /home/jfch/test/openssh/regress/rsa_ssh2_cr.prv ssh-keygen -if /home/jfch/test/openssh/regress/rsa_ssh2_cr.prv | diff - /home/jfch/test/openssh/regress/rsa_openssh.prv awk '{print $0 "\r"}' /home/jfch/test/openssh/regress/rsa_ssh2.prv > /home/jfch/test/openssh/regress/rsa_ssh2_crnl.prv ssh-keygen -if /home/jfch/test/openssh/regress/rsa_ssh2_crnl.prv | diff - /home/jfch/test/openssh/regress/rsa_openssh.prv cat /home/jfch/test/openssh/regress/rsa_openssh.prv > /home/jfch/test/openssh/regress//t2.out chmod 600 /home/jfch/test/openssh/regress//t2.out ssh-keygen -yf /home/jfch/test/openssh/regress//t2.out | diff - /home/jfch/test/openssh/regress/rsa_openssh.pub ssh-keygen -ef /home/jfch/test/openssh/regress/rsa_openssh.pub >/home/jfch/test/openssh/regress//rsa_secsh.pub ssh-keygen -if /home/jfch/test/openssh/regress//rsa_secsh.pub | diff - /home/jfch/test/openssh/regress/rsa_openssh.pub rm -f /home/jfch/test/openssh/regress/rsa_secsh.pub ssh-keygen -lf /home/jfch/test/openssh/regress/rsa_openssh.pub |\ awk '{print $2}' | diff - /home/jfch/test/openssh/regress/t4.ok 0a1> 3b:dd:44:e9:49:18:84:95:f1:e7:33:6b:9d:93:b1:36make[1]: *** [t4] Error 1 make[1]: Leaving directory `/home/jfch/test/openssh/regress' make: *** [tests] Error 2 -- JFCh <jchadima at redhat.com>
----- Original Message -----> Hi, > > OpenSSH 5.7 is almost ready for release, so we would appreciate > testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number > of > bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via anonymous CVS using the > instructions at http://www.openssh.com/portable.html#cvs or > via Mercurial at http://hg.mindrot.org/openssh > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also > appreciated. Please send reports of success or failure to > openssh-unix-dev at mindrot.org. > > Below is a summary of changes. More detail may be found in the > ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. >RHEL 5 pass without problems. -- JFCh <jchadima at redhat.com>
On Thu, 6 Jan 2011, Damien Miller wrote:> > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number of > bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/On a debian unstable (aka. sid), this: http://www.mindrot.org/openssh_snap/openssh-SNAP-20110107.tar.gz passes "all" tests; at least says so "all tests passed". Still, this patch: --- regress/cert-userkey.sh.orig 2010-11-05 08:23:38.000000000 +0100 +++ regress/cert-userkey.sh 2011-01-06 17:27:51.000000000 +0100 @@ -5,7 +5,7 @@ tid="certified user keys" # used to disable ECC based tests on platforms without ECC ecdsa="" -if "$TEST_SSH_ECC" = "yes"; then +if [ "$TEST_SSH_ECC" = yes ]; then ecdsa=ecdsa fi is, IMO, sure needed :) Cheers, -- Cristian
> OpenSSH 5.7 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number of > bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/Using openssh-SNAP-20110107.tar.gz: Slackware-12.0 and slackware 13.0 both pass all tests. Regards, Andy Dr Andy Tsouladze Sr Unix/Storage SysAdmin
On Thu, Jan 06, 2011 at 06:31:24 -0600, Damien Miller wrote:> > * scp(1): Add a new -3 option to scp: Copies between two remote hosts > are transferred through the local host. Without this option the > data is copied directly between the two remote hosts. >Hi Damien, Unfortunately, this breaks the command-line compatibility between scp(1) and sftp(1) that was recently achieved. Admittedly, sftp doesn't support transfers between two remote hosts, but it might be worthwhile to add some dummy support to sftp(1) to preserve the compatibility. In other words, it should accept but ignore -3. -- Iain Morgan
On Thu, Jan 6, 2011 at 13:31, Damien Miller <djm at mindrot.org> wrote:> > Hi, > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number of > bug fixes.Please consider my patch send yesterday (fix %n expansion in LocalCommand) to fix this regression introduced in 5.6. Thanks. Bert
Damien Miller wrote:> Hi, > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing[SNIP] Now make target "distprep" is broken. So either remove dependency from catman-do or provide bootstrap shell script, please. Roumen
On Thu, 6 Jan 2011, Bert Wesarg wrote:> On Thu, Jan 6, 2011 at 13:31, Damien Miller <djm at mindrot.org> wrote: > > > > Hi, > > > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains a > > couple of large and intrusive features and changes and quite a number of > > bug fixes. > > Please consider my patch send yesterday (fix %n expansion in > LocalCommand) to fix this regression introduced in 5.6.Applied - thanks -d
applied - thanks! (cert-hostkey.sh too) On Thu, 6 Jan 2011, Cristian Ionescu-Idbohrn wrote:> On Thu, 6 Jan 2011, Damien Miller wrote: > > > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains a > > couple of large and intrusive features and changes and quite a number of > > bug fixes. > > > > Snapshot releases for portable OpenSSH are available from > > http://www.mindrot.org/openssh_snap/ > > On a debian unstable (aka. sid), this: > > http://www.mindrot.org/openssh_snap/openssh-SNAP-20110107.tar.gz > > passes "all" tests; at least says so "all tests passed". Still, this > patch: > > --- regress/cert-userkey.sh.orig 2010-11-05 08:23:38.000000000 +0100 > +++ regress/cert-userkey.sh 2011-01-06 17:27:51.000000000 +0100 > @@ -5,7 +5,7 @@ tid="certified user keys" > > # used to disable ECC based tests on platforms without ECC > ecdsa="" > -if "$TEST_SSH_ECC" = "yes"; then > +if [ "$TEST_SSH_ECC" = yes ]; then > ecdsa=ecdsa > fi > > > is, IMO, sure needed :) > > > Cheers, > > -- > Cristian > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
On Thu, 6 Jan 2011, Roumen Petrov wrote:> Damien Miller wrote: > > Hi, > > > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > [SNIP] > Now make target "distprep" is broken. So either remove dependency from > catman-do or provide bootstrap shell script, please.Works for me. Can you please provide the output of a failing make? -d
> OpenSSH 5.7 is almost ready for release, so we would appreciatetesting> on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number > of > bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ >openssh-SNAP-20110108.tar.gz passes all tests on Mandriva 2010.2
On Thu, Jan 06, 2011 at 06:31:24 -0600, Damien Miller wrote:> > Hi, > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number of > bug fixes. >Hi, The 20110110 snapshot builds on RHEL 5 (x86_64), Solaris 9 (SPARC), and FMac OS X (Intel). It passes the regression tests on the RHEL 5 system, but fails on the other two. Initially, the OS X case failed with: ok banner run test rekey.sh ... no rekeying occured failed rekey during transfer data make[1]: *** [t-exec] Error 1 However, after editing my PATH, it now fails in keytype.sh. The Solaris system likewise fails in keytype.sh. In both cases, I suspect that the version of OpenSSL may be an issue, although previous OpenSSH releases (5.6 for example) have tested correctly on these systems. -- Iain Morgan
> -----Original Message----- > From: Scott Neugroschl > Sent: Friday, January 07, 2011 11:18 AM > To: openssh-unix-dev at mindrot.org > Subject: RE: Call for testing: OpenSSH-5.7 > > > OpenSSH 5.7 is almost ready for release, so we would appreciate > testing > > on as many platforms and systems as possible. This release containsa> > couple of large and intrusive features and changes and quite anumber> > of > > bug fixes. > > > > Snapshot releases for portable OpenSSH are available from > > http://www.mindrot.org/openssh_snap/ > > > > openssh-SNAP-20110108.tar.gz passes all tests on Mandriva 2010.2 >Follow-up -- that's the 32-bit version.
On Fri, 7 Jan 2011, Iain Morgan wrote:> Hi, > > The 20110110 snapshot builds on RHEL 5 (x86_64), Solaris 9 (SPARC), and > FMac OS X (Intel). It passes the regression tests on the RHEL 5 system, > but fails on the other two. > > Initially, the OS X case failed with: > > ok banner > run test rekey.sh ... > no rekeying occured > failed rekey during transfer data > make[1]: *** [t-exec] Error 1 > > However, after editing my PATH, it now fails in keytype.sh. The Solaris > system likewise fails in keytype.sh.Do you have an error message from this failure? Also, what $PATH change did you have to make?> In both cases, I suspect that the version of OpenSSL may be an issue, > although previous OpenSSH releases (5.6 for example) have tested > correctly on these systems.Which version of OSX are you using? -d
On Fri, Jan 07, 2011 at 15:12:54 -0600, Damien Miller wrote:> On Fri, 7 Jan 2011, Iain Morgan wrote: > > > Hi, > > > > The 20110110 snapshot builds on RHEL 5 (x86_64), Solaris 9 (SPARC), and > > FMac OS X (Intel). It passes the regression tests on the RHEL 5 system, > > but fails on the other two. > > > > Initially, the OS X case failed with: > > > > ok banner > > run test rekey.sh ... > > no rekeying occured > > failed rekey during transfer data > > make[1]: *** [t-exec] Error 1 > > > > However, after editing my PATH, it now fails in keytype.sh. The Solaris > > system likewise fails in keytype.sh. > > Do you have an error message from this failure? Also, what $PATH change did > you have to make?Sorry about that, I meant to include the error. I had my own build of OpenSsL at the head of the PATH during the first build attempt. I removed it from my PATH to avoid confusion when I was checking the system-provided version. After that, the error in the regression tests changed. I would not have expected the PATH change to be relevant, but it was the only thing that I had changed. The error is as follows: ok port number parsing run test keytype.sh ... keygen dsa, 1024 bits: 0.21 real 0.21 user 0.00 sys keygen rsa, 2048 bits: 0.74 real 0.74 user 0.00 sys keygen rsa, 3072 bits: 3.01 real 2.99 user 0.00 sys userkey dsa-1024, hostkey dsa-1024: No DSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.01 real 0.00 user 0.00 sys ssh userkey dsa-1024, hostkey dsa-1024 failed userkey dsa-1024, hostkey dsa-1024: No DSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.01 real 0.00 user 0.00 sys ssh userkey dsa-1024, hostkey dsa-1024 failed userkey dsa-1024, hostkey dsa-1024: No DSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.01 real 0.00 user 0.00 sys ssh userkey dsa-1024, hostkey dsa-1024 failed userkey rsa-2048, hostkey rsa-2048: No RSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.02 real 0.00 user 0.00 sys ssh userkey rsa-2048, hostkey rsa-2048 failed userkey rsa-2048, hostkey rsa-2048: No RSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.02 real 0.00 user 0.00 sys ssh userkey rsa-2048, hostkey rsa-2048 failed userkey rsa-2048, hostkey rsa-2048: No RSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.02 real 0.00 user 0.00 sys ssh userkey rsa-2048, hostkey rsa-2048 failed userkey rsa-3072, hostkey rsa-3072: No RSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.04 real 0.00 user 0.00 sys ssh userkey rsa-3072, hostkey rsa-3072 failed userkey rsa-3072, hostkey rsa-3072: No RSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.04 real 0.00 user 0.00 sys ssh userkey rsa-3072, hostkey rsa-3072 failed userkey rsa-3072, hostkey rsa-3072: No RSA host key is known for localhost-with-alias and you have requested strict checking. Host key verification failed. 0.04 real 0.00 user 0.00 sys ssh userkey rsa-3072, hostkey rsa-3072 failed failed login with different key types make[1]: *** [t-exec] Error 1> > > In both cases, I suspect that the version of OpenSSL may be an issue, > > although previous OpenSSH releases (5.6 for example) have tested > > correctly on these systems. > > Which version of OSX are you using? > > -d-- Iain Morgan
On Fri, 7 Jan 2011, Iain Morgan wrote:> userkey dsa-1024, hostkey dsa-1024: No DSA host key is known for localhost-with-alias and you have requested strict checking.These should be fixed in the next (20110108) snapshot. It was a bug in the regress script. -d
Damien Miller wrote:> Hi, > > OpenSSH 5.7 is almost ready for release [SNIP] >One minor issue /etc/ssh/ssh_host_ecdsa_key is not listed in PATHSUBS command in Makefile.in like other host key paths. Roumen
On Sat, 8 Jan 2011, Roumen Petrov wrote:> Damien Miller wrote: > > Hi, > > > > OpenSSH 5.7 is almost ready for release [SNIP] > > > One minor issue /etc/ssh/ssh_host_ecdsa_key is not listed in PATHSUBS > command in Makefile.in like other host key paths.Fixed - thanks. -d
On Jan 6 23:31, Damien Miller wrote:> > Hi, > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number of > bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via anonymous CVS using the > instructions at http://www.openssh.com/portable.html#cvs or > via Mercurial at http://hg.mindrot.org/openssh > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make testsBuilds OOTB on Cygwin 1.7.7. All tests pass (except, as usual, sftp-glob). Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat
On 01/06/2011 07:31 AM, Damien Miller wrote:> > Hi, > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number of > bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via anonymous CVS using the > instructions at http://www.openssh.com/portable.html#cvs or > via Mercurial at http://hg.mindrot.org/openssh > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also > appreciated. Please send reports of success or failure to > openssh-unix-dev at mindrot.org. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > -------------------------------openssh-SNAP-20110111 passed ALL tests on openSUSE 11.3 (x86_64)
On Sat, Jan 08, 2011 at 05:01:43 -0600, Damien Miller wrote:> On Fri, 7 Jan 2011, Iain Morgan wrote: > > > userkey dsa-1024, hostkey dsa-1024: No DSA host key is known for localhost-with-alias and you have requested strict checking. > > These should be fixed in the next (20110108) snapshot. It was a bug in the > regress script. > > -dConfirmed. The 20110112 snapshot builds and tests correctly on RHEL 5 (x86_64), Solaris 9 (SPARC), and Mac OS X (Intel). -- Iain Morgan
Hi, Thanks everyone for their test reports. Last night Tim Rice and I fixed some makefile and regress test problems that were causing some tests not to run completely. If you have the opportunity, we'd appreciate if you could rerun your tests with the latest snapshot (20110114). Thanks, Damien
Damien Miller wrote:> Hi, > > OpenSSH 5.7 is almost ready for release,[SNIP] As this version adds new key type the test case expose but not fixed by previous releases. The make tXXX targets in file regress/Makefile use command ssh-keygen instead macro TEST_SSH_SSHKEYGEN as result tests use program from host system and t9 cannot pass on system with ecc sypport. CLEANFILES in same make file lack new keys key.ecdsa-* The target t3 use own output file rsa_secsh.pub with name not compatible with other tXXX tests . More expected is t3.out. The file created by this test is not removed properly and is not listed in CLEANFILES. What about to add t3.out to CLEANFILES and to rewrite this particular tests to: t3: $(TEST_SSH_SSHKEYGEN) -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out $(TEST_SSH_SSHKEYGEN) -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub Regards, Roumen
20110116 builds cleanly and passes all tests on debian 5.0.7 64-bit (stable) with openssl-1.0.0c. -- ----------------------------------------------------------------------------------------- Wocky | A poem for the lonely: hello. fishcustard at gmail.com | -- Spike Milligan -----------------------------------------------------------------------------------------
Damien Miller wrote:> Hi, > > OpenSSH 5.7 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains a > couple of large and intrusive features and changes and quite a number of > bug fixes. >Building the 20110118 snapshot on IRIX 5.3 dies with: gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -fno-builtin-memset -std=gnu99 -I. -I.. -I. -I./.. -I/usr/tgcware/include/openssl -I/usr/tgcware/include -DHAVE_CONFIG_H -c port-tun.c In file included from port-tun.c:24: /usr/include/netinet/ip.h:34: error: redefinition of `struct ip' /usr/include/netinet/ip.h:112: error: redefinition of `struct ip_timestamp' /usr/include/netinet/ip.h:124: error: redefinition of `union ipt_timestamp' /usr/include/netinet/ip.h:126: error: redefinition of `struct ipt_ta' make[1]: *** [port-tun.o] Error 1 I had to remove #include <netinet/in_systm.h> and #include <netinet/ip.h> from defines.h and #include <netinet/in_systm.h> from includes.h to make the build complete. I haven't looked closely at the testsuite results but it looks like it's no worse off than with 5.6p1. -tgc