Call for testing: OpenSSH 6.7

Damien Miller djm at mindrot.org
Thu Aug 21 10:47:02 EST 2014 

On Wed, 20 Aug 2014, Kevin Brott wrote:

> FAIL*1 - configure completes without errors ...
>    make[1]: Entering directory `/usr/src/openssh/openbsd-compat'
>    gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
> -Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2
> -fno-builtin-memset -std=gnu99  -I. -I.. -I. -I./..  -DHAVE_CONFIG_H -c
> openssl-compat.c
>    In file included from openssl-compat.c:32:
>    openssl-compat.h:28:2: #error OpenSSL 0.9.8f or greater is required

that's strange - you aren't cross-compiling? The test in configure.ac
won't work for x-compiles.

If not, what does configure report your OpenSSL version as? e.g.

checking OpenSSL header version... 1000106f (OpenSSL 1.0.1f 6 Jan 2014)
checking OpenSSL library version... 1000106f (OpenSSL 1.0.1f 6 Jan 2014)

>    make[1]: Leaving directory `/usr/src/openssh/openbsd-compat'
>    make: *** [openbsd-compat/libopenbsd-compat.a] Error 2
> 
> FAIL*2 - port-aix.c still fails to compile on RHEL and AIX where ec.h isn't
> part of openssl ...
>    gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
> -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2
> -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE  -I. -I.. -I.
> -I./..  -DHAVE_CONFIG_H -c port-aix.c
>    In file included from port-aix.c:31:
>    ../key.h:85: warning: type defaults to ?int? in declaration of ?EC_GROUP?
>    ../key.h:85: error: expected ?;?, ?,? or ?)? before ?*? token
>    ../key.h:86: warning: type defaults to ?int? in declaration of ?EC_KEY?
>    ../key.h:86: error: expected ?;?, ?,? or ?)? before ?*? token

another missing check for no-ECC OpenSSL:

Index: key.h
===================================================================
RCS file: /var/cvs/openssh/key.h,v
retrieving revision 1.45
diff -u -p -r1.45 key.h
--- key.h	2 Jul 2014 05:28:03 -0000	1.45
+++ key.h	21 Aug 2014 00:46:48 -0000
@@ -81,10 +81,10 @@ int	 key_cert_check_authority(const Key 
 	    const char **);
 char	*key_alg_list(int, int);
 
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 int	 key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
 int	 key_ec_validate_private(const EC_KEY *);
-#endif /* WITH_OPENSSL */
+#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
 
 Key	*key_from_blob(const u_char *, u_int);
 int	 key_to_blob(const Key *, u_char **, u_int *);

More information about the openssh-unix-dev mailing list