Call for testing: OpenSSH 6.7

Kevin Brott kevin.brott at gmail.com
Wed Aug 27 03:52:29 EST 2014 

Good news/Bad News

The test race in RHEL 3.4 seems to be gone ... but another ec.h failure ...

Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140827.tar.gz
OS              Build_Target                CC
OpenSSL       BUILD    TEST
==============  =========================== ================
============= ======   =================
*RHEL 3.4        i386-redhat-linux           gcc 3.2.3-47
1.0.1i**a     OK*1     all tests passed*

*AIX 5300-12-04  powerpc-ibm-aix5.3.0.0      gcc 4.2.0-3         0.9.8k
   FAIL*1     *
*FAIL*1 missing e.h in test_sshbuf_getput_crypto*
  gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset  -I. -I.
-DSSHDIR=\"/usr/local/etc\"  -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"  -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DHAVE_CONFIG_H -c regress/unittests/sshbuf/test_sshbuf_getput_crypto.c -o
regress/unittests/sshbuf/test_sshbuf_getput_crypto.o
  regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:20:24: error:
openssl/ec.h: No such file or directory
  regress/unittests/sshbuf/test_sshbuf_getput_crypto.c: In function
'sshbuf_getput_crypto_tests':
  regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:35: warning: unused
variable 'bn_y'
  regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:35: warning: unused
variable 'bn_x'
  regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:34: warning: unused
variable 's'
  regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:33: warning: unused
variable 'd'
  make: The error code from the last command is 1.




On Mon, Aug 25, 2014 at 4:45 PM, Damien Miller <djm at mindrot.org> wrote:

> On Mon, 25 Aug 2014, Kevin Brott wrote:
>
> > > ...
> > >
> > > > *3  --without-pie  # otherwise will not load openssl - which doesn't
> use
> > > PIE
> > > > during compile on 64-bit systems
> > >
> > > We should probably find a way to delay the PIE checks until after we
> have
> > > most dependency libraries located to catch this.
> > >
> >
> > Per IAN's comment - I tried building openssl on another x64 system
> > using ./config
> > shared instead of just ./config (builds static library) so that it would
> > try to use -fPIC.  After installing and creating an
> > /etc/ld.so.conf.d/openssl-101.conf pointing to /usr/local/ssl/lib
> > (configure pukes without this - it can't find libssl.so.1.0.0 even with
> an
> > explicit --with-ssl-dir) ... configure works as advertised without
> telling
> > it --without-pie, and make test is 'all tests passed'.  Perhaps a quick
> > check to see if libssl is a static or shared library would be in order
> > before asking for a slice of pie? ;p
>
> Yes, the only impediment to doing it before this release are 1) making it
> work cross-platform (simply delaying the PIE checks until after OpenSSL
> has been located might be sufficient for this) and 2) not breaking
> anything else in the process (unfortunately, delaying the OpenSSL checks
> would almost certainly break something)
>
> > > any clues in regress/failed-*?
> > >
> > >
> > Brought that VM back up (admittedly I didn't look too deep at this one -
> > was trying to get through the test suite first), looking at those files I
> > see this:
> >
> > # ls -alrt failed-*
> > -rw-r--r--    1 root     root          308 Aug 25 09:05 failed-ssh.log
> > -rw-r--r--    1 root     root          236 Aug 25 09:05 failed-sshd.log
> > -rw-r--r--    1 root     root           89 Aug 25 09:05
> failed-regress.log
> > [root at buildhost regress]# cat failed-regress.log
> > trace: wait for sshd
> > FAIL: ssh connect after login grace timeout failed without privsep
> >
> > [root at buildhost regress]# cat failed-sshd.log
> > trace: wait for sshd
> > Received signal 15; terminating.
> > debug2: channel 0: rcvd close
> > Received disconnect from 127.0.0.1: 11: disconnected by user
> > debug1: do_cleanup
> > FAIL: ssh connect after login grace timeout failed without privsep
> >
> > [root at buildhost regress]# cat failed-ssh.log
> > trace: wait for sshd
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to 127.0.0.1 [127.0.0.1] port 4242.
> > debug1: connect to address 127.0.0.1 port 4242: Connection refused
> > ssh: connect to host 127.0.0.1 port 4242: Connection refused
> > FAIL: ssh connect after login grace timeout failed without privsep
> >
> > Need to dig through my email archives - I would swear this is a
> > (previously fixed) race in the test suite where it wasn't waiting
> properly.
>
> Yes, this was supposed to "fix" it
>
>        - djm at cvs.openbsd.org 2014/03/13 20:44:49
>          [login-timeout.sh]
>          this test is a sorry mess of race conditions; add another sleep
>          to avoid a failure on slow machines (at least until I find a
>          better way)
>
> Guess I'll have to look for that "better way" soon...
>
> -d
>



-- 
# include <stddisclaimer.h>
/* Kevin  Brott <Kevin.Brott at gmail.com> */

More information about the openssh-unix-dev mailing list