Call for testing: OpenSSH-5.4
Asif Iqbal
vadud3 at gmail.com
Tue Mar 2 08:59:59 EST 2010
On Mon, Mar 1, 2010 at 4:49 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
> failing on opensolaris snv_133
>
> SunOS scrub 5.11 snv_133 i86pc i386 i86pc
>
> gcc version 3.4.3 (csl-sol210-3_4-20050802)
>
>
> gunzip openssh-SNAP-20100302.tar.gz
> tar tvf openssh-SNAP-20100302.tar
> tar xvf openssh-SNAP-20100302.tar
> cd openssh
> ./configure
> make tests
> [...]
> run test cert-hostkey.sh ...
> certified host keys: sign host rsa cert
> certified host keys: sign host dsa cert
> certified host keys: host rsa cert connect privsep yes
> certified host keys: host dsa cert connect privsep yes
> certified host keys: host rsa cert connect privsep no
> certified host keys: host dsa cert connect privsep no
> certified host keys: test host cert connect user-certificate expect failure
> certified host keys: test host cert connect empty principals expect success
> certified host keys: test host cert connect wrong principals expect failure
> certified host keys: test host cert connect cert not yet valid expect failure
> certified host keys: test host cert connect cert expired expect failure
> certified host keys: test host cert connect cert valid interval expect success
> certified host keys: test host cert connect cert has constraints expect failure
> certified host keys: host rsa cert downgrade to raw key
> certified host keys: host dsa cert downgrade to raw key
> ok certified host keys
> run test cert-userkey.sh ...
> certified user keys: sign user rsa cert
> certified user keys: sign user dsa cert
> certified user keys: user rsa cert connect privsep yes
> Permission denied (publickey,password,keyboard-interactive).
> ssh cert connect failed
> certified user keys: user dsa cert connect privsep yes
> Permission denied (publickey,password,keyboard-interactive).
> ssh cert connect failed
> certified user keys: user rsa cert connect privsep no
> Permission denied (publickey,password,keyboard-interactive).
> ssh cert connect failed
> certified user keys: user dsa cert connect privsep no
> Permission denied (publickey,password,keyboard-interactive).
> ssh cert connect failed
> certified user keys: ensure CA key does not authenticate user
> ssh cert connect with CA key succeeded unexpectedly
> certified user keys: test user cert connect host-certificate expect failure
> certified user keys: test user cert connect empty principals expect success
> ssh cert connect empty principals failed unexpectedly
> certified user keys: test user cert connect wrong principals expect failure
> certified user keys: test user cert connect cert not yet valid expect failure
> certified user keys: test user cert connect cert expired expect failure
> certified user keys: test user cert connect cert valid interval expect success
> ssh cert connect cert valid interval failed unexpectedly
> certified user keys: test user cert connect wrong source-address expect failure
> certified user keys: test user cert connect force-command expect failure
> failed certified user keys
> *** Error code 1
> The following command caused the error:
> if [ "xconnect.sh proxy-connect.sh connect-privsep.sh proto-version.sh
> proto-mismatch.sh exit-status.sh envpass.sh transfer.sh banner.sh
> rekey.sh stderr-data.sh stderr-after-eof.sh broken-pipe.sh
> try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
> agent-getpeereid.sh agent-timeout.sh agent-ptrace.sh keyscan.sh
> keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh
> sftp-cmds.sh sftp-badcmds.sh sftp-batch.sh sftp-glob.sh reconfigure.sh
> dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
> cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh portnum.sh
> cert-hostkey.sh cert-userkey.sh" = "x" ]; then exit 0; fi; \
> for TEST in ""connect.sh proxy-connect.sh connect-privsep.sh
> proto-version.sh proto-mismatch.sh exit-status.sh envpass.sh
> transfer.sh banner.sh rekey.sh stderr-data.sh stderr-after-eof.sh
> broken-pipe.sh try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
> agent-getpeereid.sh agent-timeout.sh agent-ptrace.sh keyscan.sh
> keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh
> sftp-cmds.sh sftp-badcmds.sh sftp-batch.sh sftp-glob.sh reconfigure.sh
> dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
> cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh portnum.sh
> cert-hostkey.sh cert-userkey.sh; do \
> echo "run test ${TEST}" ... 1>&2; \
> (env SUDO= TEST_ENV="MALLOC_OPTIONS=AFGJPRX" sh
> /export/home/iqbala/Download/openssh/regress/test-exec.sh
> /export/home/iqbala/Download/openssh/regress
> /export/home/iqbala/Download/openssh/regress/${TEST}) || exit $?; \
> done
> make: Fatal error: Command failed for target `t-exec'
> Current working directory /export/home/iqbala/Download/openssh/regress
> *** Error code 1
> make: Fatal error: Command failed for target `tests'
fails with sunstudio cc: Sun C 5.10 SunOS_i386 2009/06/03
on opensolaris snv_133
run test cert-userkey.sh ...
certified user keys: sign user rsa cert
certified user keys: sign user dsa cert
certified user keys: user rsa cert connect privsep yes
Permission denied (publickey,password,keyboard-interactive).
ssh cert connect failed
certified user keys: user dsa cert connect privsep yes
Permission denied (publickey,password,keyboard-interactive).
ssh cert connect failed
certified user keys: user rsa cert connect privsep no
Permission denied (publickey,password,keyboard-interactive).
ssh cert connect failed
certified user keys: user dsa cert connect privsep no
Permission denied (publickey,password,keyboard-interactive).
ssh cert connect failed
certified user keys: ensure CA key does not authenticate user
ssh cert connect with CA key succeeded unexpectedly
certified user keys: test user cert connect host-certificate expect failure
certified user keys: test user cert connect empty principals expect success
ssh cert connect empty principals failed unexpectedly
certified user keys: test user cert connect wrong principals expect failure
certified user keys: test user cert connect cert not yet valid expect failure
certified user keys: test user cert connect cert expired expect failure
certified user keys: test user cert connect cert valid interval expect success
ssh cert connect cert valid interval failed unexpectedly
certified user keys: test user cert connect wrong source-address expect failure
certified user keys: test user cert connect force-command expect failure
failed certified user keys
*** Error code 1
The following command caused the error:
if [ "xconnect.sh proxy-connect.sh connect-privsep.sh proto-version.sh
proto-mismatch.sh exit-status.sh envpass.sh transfer.sh banner.sh
rekey.sh stderr-data.sh stderr-after-eof.sh broken-pipe.sh
try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
agent-getpeereid.sh agent-timeout.sh agent-ptrace.sh keyscan.sh
keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh
sftp-cmds.sh sftp-badcmds.sh sftp-batch.sh sftp-glob.sh reconfigure.sh
dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh portnum.sh
cert-hostkey.sh cert-userkey.sh" = "x" ]; then exit 0; fi; \
for TEST in ""connect.sh proxy-connect.sh connect-privsep.sh
proto-version.sh proto-mismatch.sh exit-status.sh envpass.sh
transfer.sh banner.sh rekey.sh stderr-data.sh stderr-after-eof.sh
broken-pipe.sh try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
agent-getpeereid.sh agent-timeout.sh agent-ptrace.sh keyscan.sh
keygen-change.sh keygen-convert.sh key-options.sh scp.sh sftp.sh
sftp-cmds.sh sftp-badcmds.sh sftp-batch.sh sftp-glob.sh reconfigure.sh
dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh portnum.sh
cert-hostkey.sh cert-userkey.sh; do \
echo "run test ${TEST}" ... 1>&2; \
(env SUDO= TEST_ENV="MALLOC_OPTIONS=AFGJPRX" sh
/export/home/iqbala/Download/openssh/regress/test-exec.sh
/export/home/iqbala/Download/openssh/regress
/export/home/iqbala/Download/openssh/regress/${TEST}) || exit $?; \
done
make: Fatal error: Command failed for target `t-exec'
Current working directory /export/home/iqbala/Download/openssh/regress
*** Error code 1
make: Fatal error: Command failed for target `tests'
>
>
> On Sat, Feb 27, 2010 at 2:25 AM, Damien Miller <djm at mindrot.org> wrote:
>> Hi,
>>
>> OpenSSH 5.4 is almost ready for release, so we would appreciate testing
>> on as many platforms and systems as possible. This is a big release,
>> with a number of major new features and many bug fixes.
>>
>> Snapshot releases for portable OpenSSH are available from
>> http://www.mindrot.org/openssh_snap/
>>
>> The OpenBSD version is available in CVS HEAD:
>> http://www.openbsd.org/anoncvs.html
>>
>> Portable OpenSSH is also available via anonymous CVS using the
>> instructions at http://www.openssh.com/portable.html#cvs
>>
>> Running the regression tests supplied with Portable OpenSSH does not
>> require installation and is a simply:
>>
>> $ ./configure && make tests
>>
>> Live testing on suitable non-production systems is also
>> appreciated. Please send reports of success or failure to
>> openssh-unix-dev at mindrot.org.
>>
>> Below is a summary of changes. More detail may be found in the ChangeLog
>> in the portable OpenSSH tarballs.
>>
>> Thanks to the many people who contributed to this release.
>>
>> -------------------------------
>>
>> Changes since OpenSSH 5.3
>> =========================
>>
>> Features:
>>
>> * After a transition period of about 10 years, this release disables
>> SSH protocol 1 by default. Clients and servers that need to use the
>> legacy protocol must explicitly enable it in ssh_config / sshd_config
>> or on the command-line.
>>
>> * Deprecate the libsectok/OpenSC-based smartcard code and add
>> support for PKCS#11 tokens. PKCS#11 support is automatically enabled
>> on all platforms that support dlopen(3) and was inspired by patches
>> written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1)
>> manpages
>>
>> * Add support for certificate authentication of users and hosts using a
>> new, minimal OpenSSH certificate format (not X.509). Certificates
>> contain a public key, identity information and some validity
>> constraints and are signed with a standard SSH public key using
>> ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
>> (for user authentication) or known_hosts (for host authentication).
>>
>> Documentation for certificate support may be found in ssh-keygen(1),
>> sshd(8) and ssh(1) and a description of the protocol changes in
>> PROTOCOL.certkeys.
>>
>> * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
>> stdio on the client to a single port forward on the server. This
>> allows, for example, using ssh as a ProxyCommand to route connections
>> via intermediate servers. bz#1618
>>
>> * Rewrite the ssh(1) multiplexing support to support non-blocking
>> operation of the mux master, improve the resilience of the master to
>> malformed messages sent to it by the slave and add support for
>> requesting port- forwardings via the multiplex protocol. The new
>> stdio-to-local forward mode ("ssh -W host:port ...") is also
>> supported. The revised multiplexing protocol is documented in the
>> file PROTOCOL.mux in the source distribution.
>>
>> * Add a 'read-only' mode to sftp-server(8) that disables open in write
>> mode and all other fs-modifying protocol methods. bz#430
>>
>> * Allow setting an explicit umask on the sftp-server(8) commandline to
>> override whatever default the user has. bz#1229
>>
>> * Many improvements to the sftp(1) client, many of which were
>> implemented by Carlos Silva through the Google Summer of Code
>> program:
>> - Support the "-h" (human-readable units) flag for ls
>> - Implement tab-completion of commands, local and remote filenames
>> - Support most of scp(1)'s commandline arguments in sftp(1), as a
>> first step towards making sftp(1) a drop-in replacement for scp(1).
>> Note that the rarely-used "-P sftp_server_path" option has been
>> moved to "-D sftp_server_path" to make way for "-P port" to match
>> scp(1).
>> - Add recursive transfer support for get/put and on the commandline
>>
>> * New RSA keys will be generated with a public exponent of RSA_F4 ==
>> (2**16)+1 == 65537 instead of the previous value 35.
>>
>> * Passphrase-protected SSH protocol 2 private keys are now protected
>> with AES-128 instead of 3DES. This applied to freshly-generated keys
>> as well as keys that are reencrypted (e.g. by changing their
>> passphrase).
>>
>> Bugfixes:
>>
>> * When using ChrootDirectory, make sure we test for the existence of
>> the user's shell inside the chroot and not outside (bz#1679)
>> * Cache user and group name lookups in sftp-server using
>> user_from_[ug]id(3) to improve performance on hosts where these
>> operations are slow (e.g. NIS or LDAP). bz#1495
>> * Fix problem that prevented passphrase reading from being interrupted
>> in some circumstances; bz#1590
>> * Ignore and log any Protocol 1 keys where the claimed size is not
>> equal to the actual size.
>> * Make HostBased authentication work with a ProxyCommand. bz#1569
>> * Avoid run-time failures when specifying hostkeys via a relative
>> path by prepending the current working directory in these cases.
>> bz#1290
>> * Do not prompt for a passphrase if we fail to open a keyfile, and log
>> the reason why the open failed to debug. bz#1693
>> * Document that the PubkeyAuthentication directive is allowed in a
>> sshd_config(5) Match block. bz#1577
>> * When converting keys, truncate key comments at 72 chars as per
>> RFC4716. bz#1630
>> * Do not allow logins if /etc/nologin exists but is not readable by the
>> user logging in.
>> * Output a debug log if sshd(8) can't open an existing authorized_keys.
>> bz#1694
>> * Quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
>> usually don't actually have a tty to read/set; bz#1686
>> * Prevent sftp from crashing when given a "-" without a command.
>> Also, allow whitespace to follow a "-". bz#1691
>> * After sshd receives a SIGHUP, ignore subsequent HUPs while sshd
>> re-execs itself. Prevents two HUPs in quick succession from resulting
>> in sshd dying. bz#1692
>> * Clarify in sshd_config(5) that StrictModes does not apply to
>> ChrootDirectory. Permissions and ownership are always checked when
>> chrooting. bz#1532
>> * Set close-on-exec on various descriptors so they don't get leaked to
>> child processes. bz#1643
>> * Fix very rare race condition in x11/agent channel allocation: don't
>> read after the end of the select read/write fdset and make sure a
>> reused FD is not touched before the pre-handlers are called.
>> * Fix incorrect exit status when multiplexing and channel ID 0 is
>> recycled. bz#1570
>> * Fail with an error when an attempt is made to connect to a server
>> with ForceCommand=internal-sftp with a shell session (i.e. not a
>> subsystem session). Avoids stuck client when attempting to ssh to
>> such a service. bz#1606:
>> * Warn but do not fail if stat()ing the subsystem binary fails. This
>> helps with chrootdirectory+forcecommand=sftp-server and restricted
>> shells. bz #1599
>> * Change "Connecting to host..." message to "Connected to host."
>> and delay it until after the sftp protocol connection has been
>> established. Avoids confusing sequence of messages when the
>> underlying ssh connection experiences problems. bz#1588
>> * Use the HostKeyAlias rather than the hostname specified on the
>> commandline when prompting for passwords. bz#1039
>> * Correct off-by-one in percent_expand(): we would fatal() when trying
>> to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to
>> actually work. Note that nothing in OpenSSH actually uses close to
>> this limit at present. bz#1607
>> * Fix passing of empty options from scp(1) and sftp(1) to the
>> underlying ssh(1). Also add support for the stop option "--".
>> * Fix an incorrect magic number and typo in PROTOCOL; bz#1688
>> * Don't escape backslashes when displaying the SSH2 banner. bz#1533
>> * Don't unnecessarily dup() the in and out fds for sftp-server. bz#1566
>> * Force use of the correct hash function for random-art signature
>> display as it was inheriting the wrong one when bubblebabble
>> signatures were activated. bz#1611
>> * Do not fall back to adding keys without contraints (ssh-add -c /
>> -t ...) when the agent refuses the constrained add request. bz#1612
>> * Fix a race condition in ssh-agent that could result in a wedged or
>> spinning agent. bz#1633
>> * Flush stdio before exec() to ensure that everying (motd
>> in particular) has made it out before the streams go away. bz#1596
>> * Set FD_CLOEXEC on in/out sockets in sshd(8). bz#1706
>>
>> Portable OpenSSH Bugfixes:
>>
>> * Use system's kerberos principal name on AIX if it's available.
>> bz#1583
>> * Disable OOM-killing of the listening sshd on Linux. bz#1740
>> * Use pkg-config for opensc config if it's available. bz#1160
>> * Unbreak Redhat spec to allow building without askpass. bz#1677
>> * If PidFile is set in sshd_config, use it in SMF init file. bz#1628
>> * Print error and usage() when ssh-rand-helper is passed command-
>> line arguments as none are supported. bz#1568
>> * Add missing setsockopt() to set IPV6_V6ONLY for local forwarding
>> with GatwayPorts=yes. bz#1648
>> * Make GNOME 2 askpass dialog desktop-modal. bz#1645
>> * If SELinux is enabled set the security context to "sftpd_t" before
>> running the internal sftp server. bz#1637
>> * Correctly check libselinux for necessary SELinux functions; bz#1713
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
More information about the openssh-unix-dev
mailing list