similar to: Announce: OpenSSH 9.3 released

Hi, OpenSSH 9.3p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hello. I have an issue with SSHFP lookups using "VerifyHostKeyDNS=yes" and "options edns0" in /etc/resolv.conf (glib >= 2.6). getrrsetbyname() calls res_query() with a maximum buffer size of 65536. The glibc resolver truncates this value to 16 bits, reducing the query's advertised buffer size to 0. BIND appears to ignore it while Unbound returns a server failure.

Dear OpenSSH Developers, I'm a member of the Debian System Administration (DSA) team. [1] We manage the Debian Projects computing infrastructure. Recently, DSA had the opportunity to address a member's request that we begin using certificates to authenticate Debian Project machines to ssh clients. We provided a lengthy reply, the summary of which is "we publish SSHFP records; use

Hi All. Haven't looked at this yet but it looks like the resolver changes broke AIX and HP-UX. -Daz. AIX 4.3.3.11: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I../../openbsd-compat -I../../openbsd-compat/.. -I/usr/local/ssl/include -I/usr/local/include -DHAVE_CONFIG_H -c ../../openbsd-compat/getrrsetbyname.c ../../openbsd-compat/getrrsetbyname.c:133: warning: static

Hello, I have dowloaded all that is required to build a working OpenSSH on HP-UX 10.20 from the HP-UX Porting and Archibve centre (this seems to be the only way to go for 10.20). Make/install of all prerequisites has scucceeded. Now make of openssh-3.7.1p2 gives the following: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/usr/local/openssl-0.9.7b/include

Hi, When building OpenSSH 5.2p1 on MacOSX 10.6.0, I get the following ld error gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -fstack-protector-all -lssh -lopenbsd-compat -lcrypto -lz Undefined symbols: "_res_9_query", referenced from: _getrrsetbyname in libopenbsd-compat.a(getrrsetbyname.o)

Hello I am attempting to build on a LynxOS platform and am using a old version of zlib and OpenSSL-0.9.6a. I get past the configure stage by ignoring the zlib version check. However, at make stage I run into the following undefineds. Any idea what may be causing this. I am using version 3.8p1 of OpenSSH. Thank you in advance for your response Amba (cd openbsd-compat && make)

http://bugzilla.mindrot.org/show_bug.cgi?id=1111 Summary: memory leak in openbsd-compat/getrrsetbyname.c, function: getrrsetbyname Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

I've been trying to figure out why I can't seem to use SSHFP fingerprints delivered via DNSSEC, which led me to try to figure out why OpenSSH won't use DNSSEC on my NetBSD-4-branch platform. It turns out that around line 70 in openbsd-compat/getrrsetbyname.c, we have the following: /* to avoid conflicts where a platform already has _res */ #ifdef _res # undef _res

http://bugzilla.mindrot.org/show_bug.cgi?id=1299 Summary: Remove redefinition of _res in getrrsetbyname.c Product: Portable OpenSSH Version: 4.5p1 Platform: All OS/Version: NetBSD Status: NEW Keywords: patch Severity: major Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org

Hi, as discussed before, we're trying to make use of SSHFP records (RFC 4255) to publish host key fingerprints in the DNS. However, some non-OpenBSD platforms don't support DNSSEC in the native resolver (e.g. glibc), which renders the whole thing quite useless, since openssh correctly requires the RRs to be signed and validated. The following patch adds support for ldns, an external

Could someone with HEADER.ad in arpa/nameser.h please test the attached patch (against current) to see it it's detected. None of my platforms have the ad member. config.h will end up with "#define HAVE_HEADER_AD". -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net -------------- next part -------------- --- openssh/configure.ac.old 2003-09-08 06:33:33.000000000

Dear developers, as reported earlier, recent versions of OpenSSH (4.3p1, 4.3p2 as well as the current CVS) on IRIX 5.3 exhibit a DNS resolution failure. Even for perfectly valid hostnames they return "no address associated with name". After some digging through the code I found what is causing this strange behaviour. Basically it was introduced with the following change:

http://bugzilla.mindrot.org/show_bug.cgi?id=1050 Summary: getrrsetbyname compat broken Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: jakob at rfc.se it

https://bugzilla.mindrot.org/show_bug.cgi?id=2603 Bug ID: 2603 Summary: Build with ldns and without kerberos support fails if ldns compiled with kerberos support Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

Hi I am trying to compile openssh-3.7.1p1 on HPUX version 11.00 and 11.22. I ran the configure with "--with-dns" option ( I know it is still in experimental stage ). The configure ran ok and in compile time I got the error: gmake[1]: Entering directory `/net/ia64/lavasani/ssh/openssh-3.7.1p1/openssh-3.7.1p1/openbsd-compat' gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I.

https://bugzilla.mindrot.org/show_bug.cgi?id=2022 Bug #: 2022 Summary: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal

http://bugzilla.mindrot.org/show_bug.cgi?id=651 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-12-30 16:39 ------- tried openssh-SNAP-20031223 does not compile: (cd openbsd-compat && make) gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/usr/local/ssl/include -Dftruncate=chsize -I/usr/local/include -DHAVE_CONFIG_H -c

Please find attached file "configure.ac+dns.patch". This patch allow to compile current (30 Jun 2003) with options --with-dns on my platform. Output from "ssh -v -o VerifyHostKeyDNS=yes ..." follow: ... debug1: found 1 fingerprints in DNS debug1: matching host key fingerprint found in DNS ... -------------- next part -------------- An embedded and charset-unspecified text

I've made some changes to the 2.9p2 release code to add support for using DNSSEC lookups to check host keys. I've also made the changes to the OPENBSD_2_9 tree. Both patches are available at ftp://ftp.tislabs.com/pub/fmeshd/ as openssh.[portable,openbsd].patch.20010709 I'm really looking for testers at this time. Right now the lookups are done using a getrrsetbyname() function that is