Call for testing: OpenSSH 6.7
Kevin Brott
kevin.brott at gmail.com
Thu Aug 21 03:56:03 EST 2014
Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140821.tar.gz
OS Build_Target CC
OpenSSL BUILD TEST
============== =========================== ================
============= ====== =================
Centos 2.1 i386-redhat-linux gcc 2.9.6
0.9.6b-engine FAIL*1
RHEL 3.4 i386-redhat-linux gcc 3.2.3-47
0.9.7a FAIL*1
...Fedora Core r2...RHEL 4.8 i386...same...
RHEL 4.8 x86_64-redhat-linux gcc 3.4.6-11
0.9.7a FAIL*1
RHEL 5.4 i386-redhat-linux gcc 4.1.2-46
0.9.8e-fips FAIL*1
...all RHEL 5...
RHEL 5.10 x86_64-redhat-linux gcc 4.1.2-54
0.9.8e-fips FAIL*1
RHEL 6.0 i686-redhat-linux gcc 4.4.4-13
1.0.0-fips FAIL*2
...RHEL 6.1 - 6.4...
RHEL 6.4 x86_64-redhat-linux gcc 4.4.7-3
1.0.0-fips FAIL*2
RHEL 6.5 i686-redhat-linux gcc 4.4.7-4
1.0.1e-fips OK all tests passed
RHEL 6.5 x86_64-redhat-linux gcc 4.4.7-4
1.0.1e-fips OK all tests passed
RHEL 7.0 x86_64-redhat-linux gcc 4.8.2-16
1.0.1e-fips OK all tests passed
Debian 7.6 x86_64-linux-gnu gcc Debian 4.7.2-5
1.0.1e OK all tests passed
AIX 5300-12-02 powerpc-ibm-aix5.3.0.0 xlc 8.0.0.16
0.9.8k FAIL*2
AIX 5300-12-04 powerpc-ibm-aix5.3.0.0 gcc 4.2.0-3
0.9.8k FAIL*2
AIX 6100-07-08 powerpc-ibm-aix6.1.0.0 xlc 11.1.0.6
0.9.8y OK all tests passed
AIX 6100-07-08 powerpc-ibm-aix6.1.0.0 gcc 4.2.0
0.9.8y FIX*1 all tests passed
... further tests pending...
FAIL*1 - configure completes without errors ...
make[1]: Entering directory `/usr/src/openssh/openbsd-compat'
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2
-fno-builtin-memset -std=gnu99 -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c
openssl-compat.c
In file included from openssl-compat.c:32:
openssl-compat.h:28:2: #error OpenSSL 0.9.8f or greater is required
make[1]: *** [openssl-compat.o] Error 1
make[1]: Leaving directory `/usr/src/openssh/openbsd-compat'
make: *** [openbsd-compat/libopenbsd-compat.a] Error 2
FAIL*2 - port-aix.c still fails to compile on RHEL and AIX where ec.h isn't
part of openssl ...
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all
-fPIE -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c port-aix.c
In file included from port-aix.c:31:
../key.h:85: warning: type defaults to 'int' in declaration of 'EC_GROUP'
../key.h:85: error: expected ';', ',' or ')' before '*' token
../key.h:86: warning: type defaults to 'int' in declaration of 'EC_KEY'
../key.h:86: error: expected ';', ',' or ')' before '*' token
make[1]: *** [port-aix.o] Error 1
make[1]: Leaving directory `/usr/src/openssh/openbsd-compat'
make: *** [openbsd-compat/libopenbsd-compat.a] Error 2
FIX*1 - looks like Makefile.in only got updated for test_sshbuf and not
test_sshkey ...
gcc -o regress/unittests/sshkey/test_sshkey -L. -Lopenbsd-compat/
-Wl,-blibpath:/opt/phs/lib:/usr/lib:/usr/ccs/lib -L/opt/phs/lib -L/usr/lib
-L/usr/ccs/lib -Wl,-blibpath:/usr/lib:/lib
regress/unittests/sshkey/test_fuzz.o regress/unittests/sshkey/tests.o
regress/unittests/sshkey/common.o regress/unittests/sshkey/test_file.o
regress/unittests/sshkey/test_sshkey.o \
-L regress/unittests/test_helper -ltest_helper \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lz
-lpthread
collect2: library libtest_helper not found
gmake: *** [regress/unittests/sshkey/test_sshkey] Error 1
This patch fixes this issue cross-platform/compiler AFAICT.
---CUT---
*** openssh-SNAP-20140821/Makefile.in 2014-08-19 18:06:21 -0700
--- openssh-SNAP-20140821/Makefile.in.fixed 2014-08-20 10:32:23 -0700
***************
*** 457,461 ****
regress/unittests/test_helper/libtest_helper.a libssh.a
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHBUF_OBJS) \
! regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
--- 457,461 ----
regress/unittests/test_helper/libtest_helper.a libssh.a
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHBUF_OBJS) \
! -Lregress/unittests/test_helper -ltest_helper \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
***************
*** 470,474 ****
regress/unittests/test_helper/libtest_helper.a libssh.a
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHKEY_OBJS) \
! -L regress/unittests/test_helper -ltest_helper \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
--- 470,474 ----
regress/unittests/test_helper/libtest_helper.a libssh.a
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHKEY_OBJS) \
! -Lregress/unittests/test_helper -ltest_helper \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
---CUT---
On Tue, Aug 19, 2014 at 6:07 PM, Damien Miller <djm at mindrot.org> wrote:
> On Tue, 19 Aug 2014, Kevin Brott wrote:
>
> > AIX6/7 + gcc 4.2.0/4.4.7 passes all tests fine with the library
> explicitly
> > substituted for the -L -l construct. I'll work out a patch that does
> this
> > automagically as soon as I work out where it should go, unless someone
> has a
> > better idea
>
> I think we can just do this unconditionally. (patch below)
>
> > FAIL*1 - Shouldn't this have been caught by configure?
> > gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized
> ..
> > In file included from openssl-compat.c:32:
> > openssl-compat.h:28:2: #error OpenSSL 0.9.8f or
> > greater is required
>
> good point; patch below.
>
> > FAIL*2 - Different AIX failure on old openssl ...
> > gcc -g -O2 -Wall -Wpointer-arith
> > -Wuninitialized -Wsign-compare -Wformat-security
> > -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2
> > -ftrapv -fno-builtin-memset -I. -I.. -I. -I./..
> > -DHAVE_CONFIG_H -c port-aix.c
> > In file included from ../key.h:29,
> > from port-aix.c:31:
> > ../sshkey.h:34:24: error: openssl/ec.h: No such file
> > or directory
> > In file included from ../key.h:29,
> > from port-aix.c:31:
> > ../sshkey.h:103: error: expected
> > specifier-qualifier-list before 'EC_KEY'
> > ../sshkey.h:149: error: expected ')' before '*' token
> > ../sshkey.h:151: warning: type defaults to 'int' in
>
> patch below
>
> all these are committed and will be in the 0821 snapshot
>
> Index: Makefile.in
> ===================================================================
> RCS file: /var/cvs/openssh/Makefile.in,v
> retrieving revision 1.362
> diff -u -p -r1.362 Makefile.in
> --- Makefile.in 18 Jul 2014 20:33:12 -0000 1.362
> +++ Makefile.in 20 Aug 2014 01:01:09 -0000
> @@ -456,7 +456,7 @@ UNITTESTS_TEST_SSHBUF_OBJS=\
> regress/unittests/sshbuf/test_sshbuf$(EXEEXT):
> ${UNITTESTS_TEST_SSHBUF_OBJS} \
> regress/unittests/test_helper/libtest_helper.a libssh.a
> $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHBUF_OBJS) \
> - -L regress/unittests/test_helper -ltest_helper \
> + regress/unittests/test_helper/libtest_helper.a \
> -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
>
> UNITTESTS_TEST_SSHKEY_OBJS=\
> Index: configure.ac
> ===================================================================
> RCS file: /var/cvs/openssh/configure.ac,v
> retrieving revision 1.578
> diff -u -p -r1.578 configure.ac
> --- configure.ac 15 Jul 2014 00:41:39 -0000 1.578
> +++ configure.ac 20 Aug 2014 01:01:09 -0000
> @@ -2278,13 +2278,21 @@ AC_RUN_IFELSE(
> if(fd == NULL)
> exit(1);
>
> - if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(),
> SSLeay_version(SSLEAY_VERSION))) <0)
> + if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(),
> + SSLeay_version(SSLEAY_VERSION))) <0)
> exit(1);
>
> exit(0);
> ]])],
> [
> ssl_library_ver=`cat conftest.ssllibver`
> + # Check version is supported.
> + case "$ssl_library_ver" in
> + 0090[0-7]*|009080[0-5]*)
> + AC_MSG_ERROR([OpenSSL >= 0.9.8f required])
> + ;;
> + *) ;;
> + esac
> AC_MSG_RESULT([$ssl_library_ver])
> ],
> [
> Index: sshkey.h
> ===================================================================
> RCS file: /var/cvs/openssh/sshkey.h,v
> retrieving revision 1.1
> diff -u -p -r1.1 sshkey.h
> --- sshkey.h 2 Jul 2014 05:28:04 -0000 1.1
> +++ sshkey.h 20 Aug 2014 01:01:09 -0000
> @@ -31,13 +31,19 @@
> #ifdef WITH_OPENSSL
> #include <openssl/rsa.h>
> #include <openssl/dsa.h>
> -#include <openssl/ec.h>
> -#else /* OPENSSL */
> -#define RSA void
> -#define DSA void
> -#define EC_KEY void
> -#define EC_GROUP void
> -#define EC_POINT void
> +# ifdef OPENSSL_HAS_ECC
> +# include <openssl/ec.h>
> +# else /* OPENSSL_HAS_ECC */
> +# define EC_KEY void
> +# define EC_GROUP void
> +# define EC_POINT void
> +# endif /* OPENSSL_HAS_ECC */
> +#else /* WITH_OPENSSL */
> +# define RSA void
> +# define DSA void
> +# define EC_KEY void
> +# define EC_GROUP void
> +# define EC_POINT void
> #endif /* WITH_OPENSSL */
>
> #define SSH_RSA_MINIMUM_MODULUS_SIZE 768
> @@ -211,12 +217,16 @@ int ssh_ed25519_verify(const struct sshk
> const u_char *data, size_t datalen, u_int compat);
> #endif
>
> -#ifndef WITH_OPENSSL
> -#undef RSA
> -#undef DSA
> -#undef EC_KEY
> -#undef EC_GROUP
> -#undef EC_POINT
> -#endif /* WITH_OPENSSL */
> +#if !defined(WITH_OPENSSL)
> +# undef RSA
> +# undef DSA
> +# undef EC_KEY
> +# undef EC_GROUP
> +# undef EC_POINT
> +#elif !defined(OPENSSL_HAS_ECC)
> +# undef EC_KEY
> +# undef EC_GROUP
> +# undef EC_POINT
> +#endif
>
> #endif /* SSHKEY_H */
>
--
# include <stddisclaimer.h>
/* Kevin Brott <Kevin.Brott at gmail.com> */
More information about the openssh-unix-dev
mailing list