Call for testing: OpenSSH 6.7

Damien Miller djm at mindrot.org
Tue Aug 26 09:45:57 EST 2014 

On Mon, 25 Aug 2014, Kevin Brott wrote:

> > ...
> >
> > > *3  --without-pie  # otherwise will not load openssl - which doesn't use
> > PIE
> > > during compile on 64-bit systems
> >
> > We should probably find a way to delay the PIE checks until after we have
> > most dependency libraries located to catch this.
> >
> 
> Per IAN's comment - I tried building openssl on another x64 system
> using ./config
> shared instead of just ./config (builds static library) so that it would
> try to use -fPIC.  After installing and creating an
> /etc/ld.so.conf.d/openssl-101.conf pointing to /usr/local/ssl/lib
> (configure pukes without this - it can't find libssl.so.1.0.0 even with an
> explicit --with-ssl-dir) ... configure works as advertised without telling
> it --without-pie, and make test is 'all tests passed'.  Perhaps a quick
> check to see if libssl is a static or shared library would be in order
> before asking for a slice of pie? ;p

Yes, the only impediment to doing it before this release are 1) making it
work cross-platform (simply delaying the PIE checks until after OpenSSL
has been located might be sufficient for this) and 2) not breaking
anything else in the process (unfortunately, delaying the OpenSSL checks
would almost certainly break something)

> > any clues in regress/failed-*?
> >
> >
> Brought that VM back up (admittedly I didn't look too deep at this one -
> was trying to get through the test suite first), looking at those files I
> see this:
> 
> # ls -alrt failed-*
> -rw-r--r--    1 root     root          308 Aug 25 09:05 failed-ssh.log
> -rw-r--r--    1 root     root          236 Aug 25 09:05 failed-sshd.log
> -rw-r--r--    1 root     root           89 Aug 25 09:05 failed-regress.log
> [root at buildhost regress]# cat failed-regress.log
> trace: wait for sshd
> FAIL: ssh connect after login grace timeout failed without privsep
> 
> [root at buildhost regress]# cat failed-sshd.log
> trace: wait for sshd
> Received signal 15; terminating.
> debug2: channel 0: rcvd close
> Received disconnect from 127.0.0.1: 11: disconnected by user
> debug1: do_cleanup
> FAIL: ssh connect after login grace timeout failed without privsep
> 
> [root at buildhost regress]# cat failed-ssh.log
> trace: wait for sshd
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 127.0.0.1 [127.0.0.1] port 4242.
> debug1: connect to address 127.0.0.1 port 4242: Connection refused
> ssh: connect to host 127.0.0.1 port 4242: Connection refused
> FAIL: ssh connect after login grace timeout failed without privsep
> 
> Need to dig through my email archives - I would swear this is a
> (previously fixed) race in the test suite where it wasn't waiting properly.

Yes, this was supposed to "fix" it

       - djm at cvs.openbsd.org 2014/03/13 20:44:49
         [login-timeout.sh]
         this test is a sorry mess of race conditions; add another sleep
         to avoid a failure on slow machines (at least until I find a
         better way)

Guess I'll have to look for that "better way" soon...

-d

More information about the openssh-unix-dev mailing list