Call for testing: OpenSSH-5.4

Kevin Brott kevin.brott at gmail.com
Wed Mar 3 11:39:17 EST 2010 

On Tue, Mar 2, 2010 at 15:30, Damien Miller <djm at mindrot.org> wrote:

> On Mon, 1 Mar 2010, Iain Morgan wrote:
>
> > On OS X (Intel), the snapshot builds but fails the regression tests:
> >
> > certified host keys: test host cert connect cert not yet valid expect
> failure
> > Invalid certificate time 20200101
> > couldn't sign cert_host_key_rsa
> > certified host keys: test host cert connect cert expired expect failure
> > Invalid certificate time 19800101
> > couldn't sign cert_host_key_rsa
>
> Thanks for the report, this problem is now fixed in CVS and will be in
> tomorrow's snapshot. If you can't wait or are curious, then this is the
> diff:
>
> Index: ssh-keygen.c
> ===================================================================
> RCS file: /var/cvs/openssh/ssh-keygen.c,v
> retrieving revision 1.192
> diff -u -r1.192 ssh-keygen.c
> --- ssh-keygen.c        26 Feb 2010 20:55:06 -0000      1.192
> +++ ssh-keygen.c        2 Mar 2010 23:05:12 -0000
> @@ -1243,13 +1243,29 @@
>  {
>        struct tm tm;
>        time_t tt;
> +       char buf[32], *fmt;
>
> -       if (strlen(s) != 8 && strlen(s) != 14)
> +       /*
> +        * POSIX strptime says "The application shall ensure that there
> +        * is white-space or other non-alphanumeric characters between
> +        * any two conversion specifications" so arrange things this way.
> +        */
> +       switch (strlen(s)) {
> +       case 8:
> +               fmt = "%Y/%m/%d";
> +               snprintf(buf, sizeof(buf), "%.4s/%.2s/%.2s", s, s + 4, s +
> 6);
> +               break;
> +       case 14:
> +               fmt = "%Y/%m/%d %H:%M:%S";
> +               snprintf(buf, sizeof(buf), "%.4s/%.2s/%.2s %.2s:%.2s:%.2s",
> +                   s, s + 4, s + 6, s + 8, s + 10, s + 12);
> +               break;
> +       default:
>                fatal("Invalid certificate time format %s", s);
> +       }
>
>        bzero(&tm, sizeof(tm));
> -       if (strptime(s,
> -           strlen(s) == 8 ? "%Y%m%d" : "%Y%m%d%H%M%S", &tm) == NULL)
> +       if (strptime(buf, fmt, &tm) == NULL)
>                fatal("Invalid certificate time %s", s);
>        if ((tt = mktime(&tm)) < 0)
>                fatal("Certificate time %s cannot be represented", s);
>
>
Gah. What I get for going into heads-down mode with my gmail client open in
edit mode.

This patch fixes the cert-hostkey.sh regression failure on AIX and HP-UX,
but the test results for those builds is now:
...
ok certified host keys
run test cert-userkey.sh ...
certified user keys: sign user rsa cert
certified user keys: sign user dsa cert
certified user keys: user rsa cert connect privsep yes
Permission denied (publickey,password,keyboard-interactive).
ssh cert connect failed
certified user keys: user dsa cert connect privsep yes
Permission denied (publickey,password,keyboard-interactive).
ssh cert connect failed
certified user keys: user rsa cert connect privsep no
Permission denied (publickey,password,keyboard-interactive).
ssh cert connect failed
certified user keys: user dsa cert connect privsep no
Permission denied (publickey,password,keyboard-interactive).
ssh cert connect failed
certified user keys: ensure CA key does not authenticate user
ssh cert connect with CA key succeeded unexpectedly
certified user keys: test user cert connect host-certificate expect failure
certified user keys: test user cert connect empty principals expect success
ssh cert connect empty principals failed unexpectedly
certified user keys: test user cert connect wrong principals expect failure
certified user keys: test user cert connect cert not yet valid expect
failure
certified user keys: test user cert connect cert expired expect failure
certified user keys: test user cert connect cert valid interval expect
success
ssh cert connect cert valid interval failed unexpectedly
certified user keys: test user cert connect wrong source-address expect
failure
certified user keys: test user cert connect force-command expect failure
failed certified user keys
gmake[1]: *** [t-exec] Error 1
gmake[1]: Leaving directory `./openssh/regress'
make: *** [tests] Error 2

Summary:
  RH 6.2 - builds - works - agent-ptrace.sh hangs - all other tests pass
  RHEL 4.6 i686 - build fails in ssh-keygen.c for undefined BSDoptarg -
openssh.spec broken
  RHEL 5.4 x86_64 - builds - works - alll tests passed - openssh.spec broken
  Ubuntu 9.10 x86_64 - builds - works - alll tests passed
  HP-UX B.11.23 ia64 - builds - works - regression tests fail at
cert-userkey.sh
  HP-UX B.11.31 ia64 - gcc - builds - works - regression tests fail at
cert-userkey.sh
  HP-UX B.11.31 ia64 - cc/aC++ - builds - works - regression tests fail at
cert-userkey.sh
  AIX 5.3sp7 - builds - works - regression tests fail at cert-userkey.sh
  AIX 6.1sp4 - builds - works - regression tests fail at cert-userkey.sh
-- 
# include <stddisclaimer.h>
/* Kevin  Brott <Kevin.Brott at gmail.com> */

More information about the openssh-unix-dev mailing list