Call for testing: OpenSSH-5.4

Asif Iqbal vadud3 at gmail.com
Tue Mar 2 09:15:13 EST 2010 

all tests passed on ubuntu 9.10 32bit using gcc version 4.4.1

only errors I got was

run test connect.sh ...
Missing privilege separation directory: /var/empty
FATAL: sshd_proxy broken
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/home/iqbala/Downloads/openssh/regress'
make: *** [tests] Error 2

and

skipped: need SUDO to switch to uid nobody

after I ran it again as `sudo make tests'  it were able to create the /var/empty
and no SUDO error.

On Mon, Mar 1, 2010 at 4:59 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
> On Mon, Mar 1, 2010 at 4:49 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>> failing on opensolaris snv_133
>>
>> SunOS scrub 5.11 snv_133 i86pc i386 i86pc
>>
>> gcc version 3.4.3 (csl-sol210-3_4-20050802)
>>
>>
>> gunzip openssh-SNAP-20100302.tar.gz
>> tar tvf openssh-SNAP-20100302.tar
>> tar xvf openssh-SNAP-20100302.tar
>> cd openssh
>> ./configure
>> make tests
>> [...]
>> run test cert-hostkey.sh ...
>> certified host keys: sign host rsa cert
>> certified host keys: sign host dsa cert
>> certified host keys: host rsa cert connect privsep yes
>> certified host keys: host dsa cert connect privsep yes
>> certified host keys: host rsa cert connect privsep no
>> certified host keys: host dsa cert connect privsep no
>> certified host keys: test host cert connect user-certificate expect failure
>> certified host keys: test host cert connect empty principals expect success
>> certified host keys: test host cert connect wrong principals expect failure
>> certified host keys: test host cert connect cert not yet valid expect failure
>> certified host keys: test host cert connect cert expired expect failure
>> certified host keys: test host cert connect cert valid interval expect success
>> certified host keys: test host cert connect cert has constraints expect failure
>> certified host keys: host rsa cert downgrade to raw key
>> certified host keys: host dsa cert downgrade to raw key
>> ok certified host keys
>> run test cert-userkey.sh ...
>> certified user keys: sign user rsa cert
>> certified user keys: sign user dsa cert
>> certified user keys: user rsa cert connect privsep yes
>> Permission denied (publickey,password,keyboard-interactive).
>> ssh cert connect failed
>> certified user keys: user dsa cert connect privsep yes
>> Permission denied (publickey,password,keyboard-interactive).
>> ssh cert connect failed
>> certified user keys: user rsa cert connect privsep no
>> Permission denied (publickey,password,keyboard-interactive).
>> ssh cert connect failed
>> certified user keys: user dsa cert connect privsep no
>> Permission denied (publickey,password,keyboard-interactive).
>> ssh cert connect failed
>> certified user keys: ensure CA key does not authenticate user
>> ssh cert connect with CA key succeeded unexpectedly
>> certified user keys: test user cert connect host-certificate expect failure
>> certified user keys: test user cert connect empty principals expect success
>> ssh cert connect empty principals failed unexpectedly
>> certified user keys: test user cert connect wrong principals expect failure
>> certified user keys: test user cert connect cert not yet valid expect failure
>> certified user keys: test user cert connect cert expired expect failure
>> certified user keys: test user cert connect cert valid interval expect success
>> ssh cert connect cert valid interval failed unexpectedly
>> certified user keys: test user cert connect wrong source-address expect failure
>> certified user keys: test user cert connect force-command expect failure
>> failed certified user keys
>> *** Error code 1
>> The following command caused the error:
>> if [ "xconnect.sh proxy-connect.sh connect-privsep.sh proto-version.sh
>> proto-mismatch.sh exit-status.sh envpass.sh transfer.sh banner.sh
>> rekey.sh stderr-data.sh stderr-after-eof.sh broken-pipe.sh
>> try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
>> agent-getpeereid.sh agent-timeout.sh agent-ptrace.sh keyscan.sh
>> keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh
>> sftp-cmds.sh sftp-badcmds.sh sftp-batch.sh sftp-glob.sh reconfigure.sh
>> dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
>> cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh portnum.sh
>> cert-hostkey.sh cert-userkey.sh" = "x" ]; then exit 0; fi; \
>> for TEST in ""connect.sh proxy-connect.sh connect-privsep.sh
>> proto-version.sh proto-mismatch.sh exit-status.sh envpass.sh
>> transfer.sh banner.sh rekey.sh stderr-data.sh stderr-after-eof.sh
>> broken-pipe.sh try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
>> agent-getpeereid.sh agent-timeout.sh agent-ptrace.sh keyscan.sh
>> keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh
>> sftp-cmds.sh sftp-badcmds.sh sftp-batch.sh sftp-glob.sh reconfigure.sh
>> dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
>> cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh portnum.sh
>> cert-hostkey.sh cert-userkey.sh; do \
>>        echo "run test ${TEST}" ... 1>&2; \
>>        (env SUDO= TEST_ENV="MALLOC_OPTIONS=AFGJPRX" sh
>> /export/home/iqbala/Download/openssh/regress/test-exec.sh
>> /export/home/iqbala/Download/openssh/regress
>> /export/home/iqbala/Download/openssh/regress/${TEST}) || exit $?; \
>> done
>> make: Fatal error: Command failed for target `t-exec'
>> Current working directory /export/home/iqbala/Download/openssh/regress
>> *** Error code 1
>> make: Fatal error: Command failed for target `tests'
>
>
> fails with sunstudio cc: Sun C 5.10 SunOS_i386 2009/06/03
> on opensolaris snv_133
>
> run test cert-userkey.sh ...
> certified user keys: sign user rsa cert
> certified user keys: sign user dsa cert
> certified user keys: user rsa cert connect privsep yes
> Permission denied (publickey,password,keyboard-interactive).
> ssh cert connect failed
> certified user keys: user dsa cert connect privsep yes
> Permission denied (publickey,password,keyboard-interactive).
> ssh cert connect failed
> certified user keys: user rsa cert connect privsep no
> Permission denied (publickey,password,keyboard-interactive).
> ssh cert connect failed
> certified user keys: user dsa cert connect privsep no
> Permission denied (publickey,password,keyboard-interactive).
> ssh cert connect failed
> certified user keys: ensure CA key does not authenticate user
> ssh cert connect with CA key succeeded unexpectedly
> certified user keys: test user cert connect host-certificate expect failure
> certified user keys: test user cert connect empty principals expect success
> ssh cert connect empty principals failed unexpectedly
> certified user keys: test user cert connect wrong principals expect failure
> certified user keys: test user cert connect cert not yet valid expect failure
> certified user keys: test user cert connect cert expired expect failure
> certified user keys: test user cert connect cert valid interval expect success
> ssh cert connect cert valid interval failed unexpectedly
> certified user keys: test user cert connect wrong source-address expect failure
> certified user keys: test user cert connect force-command expect failure
> failed certified user keys
> *** Error code 1
> The following command caused the error:
> if [ "xconnect.sh proxy-connect.sh connect-privsep.sh proto-version.sh
> proto-mismatch.sh exit-status.sh envpass.sh transfer.sh banner.sh
> rekey.sh stderr-data.sh stderr-after-eof.sh broken-pipe.sh
> try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
> agent-getpeereid.sh agent-timeout.sh agent-ptrace.sh keyscan.sh
> keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh
> sftp-cmds.sh sftp-badcmds.sh sftp-batch.sh sftp-glob.sh reconfigure.sh
> dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
> cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh portnum.sh
> cert-hostkey.sh cert-userkey.sh" = "x" ]; then exit 0; fi; \
> for TEST in ""connect.sh proxy-connect.sh connect-privsep.sh
> proto-version.sh proto-mismatch.sh exit-status.sh envpass.sh
> transfer.sh banner.sh rekey.sh stderr-data.sh stderr-after-eof.sh
> broken-pipe.sh try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
> agent-getpeereid.sh agent-timeout.sh agent-ptrace.sh keyscan.sh
> keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh
> sftp-cmds.sh sftp-badcmds.sh sftp-batch.sh sftp-glob.sh reconfigure.sh
> dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
> cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh portnum.sh
> cert-hostkey.sh cert-userkey.sh; do \
>        echo "run test ${TEST}" ... 1>&2; \
>        (env SUDO= TEST_ENV="MALLOC_OPTIONS=AFGJPRX" sh
> /export/home/iqbala/Download/openssh/regress/test-exec.sh
> /export/home/iqbala/Download/openssh/regress
> /export/home/iqbala/Download/openssh/regress/${TEST}) || exit $?; \
> done
> make: Fatal error: Command failed for target `t-exec'
> Current working directory /export/home/iqbala/Download/openssh/regress
> *** Error code 1
> make: Fatal error: Command failed for target `tests'
>
>>
>>
>> On Sat, Feb 27, 2010 at 2:25 AM, Damien Miller <djm at mindrot.org> wrote:
>>> Hi,
>>>
>>> OpenSSH 5.4 is almost ready for release, so we would appreciate testing
>>> on as many platforms and systems as possible. This is a big release,
>>> with a number of major new features and many bug fixes.
>>>
>>> Snapshot releases for portable OpenSSH are available from
>>> http://www.mindrot.org/openssh_snap/
>>>
>>> The OpenBSD version is available in CVS HEAD:
>>> http://www.openbsd.org/anoncvs.html
>>>
>>> Portable OpenSSH is also available via anonymous CVS using the
>>> instructions at http://www.openssh.com/portable.html#cvs
>>>
>>> Running the regression tests supplied with Portable OpenSSH does not
>>> require installation and is a simply:
>>>
>>> $ ./configure && make tests
>>>
>>> Live testing on suitable non-production systems is also
>>> appreciated. Please send reports of success or failure to
>>> openssh-unix-dev at mindrot.org.
>>>
>>> Below is a summary of changes. More detail may be found in the ChangeLog
>>> in the portable OpenSSH tarballs.
>>>
>>> Thanks to the many people who contributed to this release.
>>>
>>> -------------------------------
>>>
>>> Changes since OpenSSH 5.3
>>> =========================
>>>
>>> Features:
>>>
>>>  * After a transition period of about 10 years, this release disables
>>>   SSH protocol 1 by default. Clients and servers that need to use the
>>>   legacy protocol must explicitly enable it in ssh_config / sshd_config
>>>   or on the command-line.
>>>
>>>  * Deprecate the libsectok/OpenSC-based smartcard code and add
>>>   support for PKCS#11 tokens. PKCS#11 support is automatically enabled
>>>   on all platforms that support dlopen(3) and was inspired by patches
>>>   written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1)
>>>   manpages
>>>
>>>  * Add support for certificate authentication of users and hosts using a
>>>   new, minimal OpenSSH certificate format (not X.509). Certificates
>>>   contain a public key, identity information and some validity
>>>   constraints and are signed with a standard SSH public key using
>>>   ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
>>>   (for user authentication) or known_hosts (for host authentication).
>>>
>>>   Documentation for certificate support may be found in ssh-keygen(1),
>>>   sshd(8) and ssh(1) and a description of the protocol changes in
>>>   PROTOCOL.certkeys.
>>>
>>>  * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
>>>   stdio on the client to a single port forward on the server. This
>>>   allows, for example, using ssh as a ProxyCommand to route connections
>>>   via intermediate servers. bz#1618
>>>
>>>  * Rewrite the ssh(1) multiplexing support to support non-blocking
>>>   operation of the mux master, improve the resilience of the master to
>>>   malformed messages sent to it by the slave and add support for
>>>   requesting port- forwardings via the multiplex protocol. The new
>>>   stdio-to-local forward mode ("ssh -W host:port ...") is also
>>>   supported. The revised multiplexing protocol is documented in the
>>>   file PROTOCOL.mux in the source distribution.
>>>
>>>  * Add a 'read-only' mode to sftp-server(8) that disables open in write
>>>   mode and all other fs-modifying protocol methods. bz#430
>>>
>>>  * Allow setting an explicit umask on the sftp-server(8) commandline to
>>>   override whatever default the user has. bz#1229
>>>
>>>  * Many improvements to the sftp(1) client, many of which were
>>>   implemented by Carlos Silva through the Google Summer of Code
>>>   program:
>>>   - Support the "-h" (human-readable units) flag for ls
>>>   - Implement tab-completion of commands, local and remote filenames
>>>   - Support most of scp(1)'s commandline arguments in sftp(1), as a
>>>     first step towards making sftp(1) a drop-in replacement for scp(1).
>>>     Note that the rarely-used "-P sftp_server_path" option has been
>>>     moved to "-D sftp_server_path" to make way for "-P port" to match
>>>     scp(1).
>>>   - Add recursive transfer support for get/put and on the commandline
>>>
>>>  * New RSA keys will be generated with a public exponent of RSA_F4 ==
>>>   (2**16)+1 == 65537 instead of the previous value 35.
>>>
>>>  * Passphrase-protected SSH protocol 2 private keys are now protected
>>>   with AES-128 instead of 3DES. This applied to freshly-generated keys
>>>   as well as keys that are reencrypted (e.g. by changing their
>>>   passphrase).
>>>
>>> Bugfixes:
>>>
>>>  * When using ChrootDirectory, make sure we test for the existence of
>>>   the user's shell inside the chroot and not outside (bz#1679)
>>>  * Cache user and group name lookups in sftp-server using
>>>   user_from_[ug]id(3) to improve performance on hosts where these
>>>   operations are slow (e.g. NIS or LDAP). bz#1495
>>>  * Fix problem that prevented passphrase reading from being interrupted
>>>   in some circumstances; bz#1590
>>>  * Ignore and log any Protocol 1 keys where the claimed size is not
>>>   equal to the actual size.
>>>  * Make HostBased authentication work with a ProxyCommand. bz#1569
>>>  * Avoid run-time failures when specifying hostkeys via a relative
>>>   path by prepending the current working directory in these cases.
>>>   bz#1290
>>>  * Do not prompt for a passphrase if we fail to open a keyfile, and log
>>>   the reason why the open failed to debug. bz#1693
>>>  * Document that the PubkeyAuthentication directive is allowed in a
>>>   sshd_config(5) Match block. bz#1577
>>>  * When converting keys, truncate key comments at 72 chars as per
>>>   RFC4716. bz#1630
>>>  * Do not allow logins if /etc/nologin exists but is not readable by the
>>>   user logging in.
>>>  * Output a debug log if sshd(8) can't open an existing authorized_keys.
>>>   bz#1694
>>>  * Quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
>>>   usually don't actually have a tty to read/set; bz#1686
>>>  * Prevent sftp from crashing when given a "-" without a command.
>>>   Also, allow whitespace to follow a "-". bz#1691
>>>  * After sshd receives a SIGHUP, ignore subsequent HUPs while sshd
>>>   re-execs itself. Prevents two HUPs in quick succession from resulting
>>>   in sshd dying. bz#1692
>>>  * Clarify in sshd_config(5) that StrictModes does not apply to
>>>   ChrootDirectory. Permissions and ownership are always checked when
>>>   chrooting. bz#1532
>>>  * Set close-on-exec on various descriptors so they don't get leaked to
>>>   child processes. bz#1643
>>>  * Fix very rare race condition in x11/agent channel allocation: don't
>>>   read after the end of the select read/write fdset and make sure a
>>>   reused FD is not touched before the pre-handlers are called.
>>>  * Fix incorrect exit status when multiplexing and channel ID 0 is
>>>   recycled. bz#1570
>>>  * Fail with an error when an attempt is made to connect to a server
>>>   with ForceCommand=internal-sftp with a shell session (i.e. not a
>>>   subsystem session). Avoids stuck client when attempting to ssh to
>>>   such a service. bz#1606:
>>>  * Warn but do not fail if stat()ing the subsystem binary fails. This
>>>   helps with chrootdirectory+forcecommand=sftp-server and restricted
>>>   shells. bz #1599
>>>  * Change "Connecting to host..." message to "Connected to host."
>>>   and delay it until after the sftp protocol connection has been
>>>   established. Avoids confusing sequence of messages when the
>>>   underlying ssh connection experiences problems. bz#1588
>>>  * Use the HostKeyAlias rather than the hostname specified on the
>>>   commandline when prompting for passwords. bz#1039
>>>  * Correct off-by-one in percent_expand(): we would fatal() when trying
>>>   to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to
>>>   actually work. Note that nothing in OpenSSH actually uses close to
>>>   this limit at present. bz#1607
>>>  * Fix passing of empty options from scp(1) and sftp(1) to the
>>>   underlying ssh(1). Also add support for the stop option "--".
>>>  * Fix an incorrect magic number and typo in PROTOCOL; bz#1688
>>>  * Don't escape backslashes when displaying the SSH2 banner. bz#1533
>>>  * Don't unnecessarily dup() the in and out fds for sftp-server. bz#1566
>>>  * Force use of the correct hash function for random-art signature
>>>   display as it was inheriting the wrong one when bubblebabble
>>>   signatures were activated. bz#1611
>>>  * Do not fall back to adding keys without contraints (ssh-add -c /
>>>   -t ...) when the agent refuses the constrained add request. bz#1612
>>>  * Fix a race condition in ssh-agent that could result in a wedged or
>>>   spinning agent. bz#1633
>>>  * Flush stdio before exec() to ensure that everying (motd
>>>   in particular) has made it out before the streams go away. bz#1596
>>>  * Set FD_CLOEXEC on in/out sockets in sshd(8). bz#1706
>>>
>>> Portable OpenSSH Bugfixes:
>>>
>>>  * Use system's kerberos principal name on AIX if it's available.
>>>   bz#1583
>>>  * Disable OOM-killing of the listening sshd on Linux. bz#1740
>>>  * Use pkg-config for opensc config if it's available. bz#1160
>>>  * Unbreak Redhat spec to allow building without askpass. bz#1677
>>>  * If PidFile is set in sshd_config, use it in SMF init file. bz#1628
>>>  * Print error and usage() when ssh-rand-helper is passed command-
>>>   line arguments as none are supported. bz#1568
>>>  * Add missing setsockopt() to set IPV6_V6ONLY for local forwarding
>>>   with GatwayPorts=yes. bz#1648
>>>  * Make GNOME 2 askpass dialog desktop-modal. bz#1645
>>>  * If SELinux is enabled set the security context to "sftpd_t" before
>>>   running the internal sftp server. bz#1637
>>>  * Correctly check libselinux for necessary SELinux functions; bz#1713
>>> _______________________________________________
>>> openssh-unix-dev mailing list
>>> openssh-unix-dev at mindrot.org
>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>>
>>
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

More information about the openssh-unix-dev mailing list