Call for testing: OpenSSH 6.7

Kevin Brott kevin.brott at gmail.com
Sat Aug 30 07:56:50 EST 2014


Mea Culpa.

So ... I did some hard digging, and *part* of my problem was a pair of
missing steps in my test build methodology.  Here's what I've found  ...

On Centos 2.1 ... openssl build status ... all revs of 0.9.[6-7] arefine
for static/shared library builds. Shared builds are broken in all versions
from 0.9.8 upwards, while static builds are fine.
CentOS 2.1AS i386    gcc-2.96-128.7.2    binutils-2.11.90.0.8-12.4
    0.9.6*  STATIC = OK[D] / SHARED = OK
    0.9.7*  STATIC = OK[D] / SHARED = OK
    0.9.8*  STATIC = OK[D] / SHARED = FAIL :: test BN_sqr make[1]: ***
[test_bn] Error 139
    1.0.*   STATIC = OK[D] / SHARED = FAIL :: output word alignment test 0
1 2 3 make[1]: *** [test_des] Segmentation fault

On RHEL 3.x - 5.10 - all tested versions of openssl from 0.9.6 to 1.0.1i
build and pass all tests as static or shared - without issue in a clean
environment (specifically nothing already in /usr/local/ssl - and no
C*FLAGS variables set with *facepalm* forgotten wonky settings from
previous debug builds of other packages).

As a result ... the current snapshot openssh-SNAP-20140830.tar.gz builds
and passes all tests in all versions of where the native openssl is
insufficient.  But only when a version of openssl >= 0.9.8f is installed
(in /usr/local/ssl or whereever you put non-OS libs) and
ld.so.conf(.d./openssl.conf - depending on OS version) is updated and
ldconfig run before starting configure (<- my bad here).  The holdouts for
working shared openssl is RH <=2.x - on these systems the library must be
static unless someone figures out where the builds are broken.



On Wed, Aug 27, 2014 at 5:51 PM, Kevin Brott <kevin.brott at gmail.com> wrote:

>
> Tangentially related - the openssl quirks have me intrigued, so I'm going
> to dive deeper into what's really required vs the quick hacks I did to get
> the snapshots to build and pass tests.
>
> Assuming I can find the time tomorrow, I plan on sitting down and figuring
> out exactly what the openssl build requirements really are, but briefly on
> the hosts I'm using this is what I've seen:
>
>   a) gcc < 4.x.x - openssl 1.0.1i will not build as shared
>   b) gcc >= 4.x.x - openssl 1.0.1i will build either as dynamic or static
>   c) on i386 systems - openssh 6.7 will build against static or dynamic
> libssl with no issues
>   d) on x86_64 systems - openssh 6.7 will build against static libssl only
> using --without-pie, otherwise libssl must be dynamic
>
> I'm going to look at the current (and minimal) versions of the openssl
> 0.9.8, 1.0.0, and 1.0.1 series and see if I can figure out where the break
> point is on static vs shared libraries (because I'm curious and I've not
> looked into this before). And there's always the hope someone else will
> benefit.
>
>
>
> On Wed, Aug 27, 2014 at 5:03 PM, Kevin Brott <kevin.brott at gmail.com>
> wrote:
>
>>
>> Must have bolluxed something up in the compile environment - that or
>> http://www.mindrot.org/openssh_snap/openssh-SNAP-20140828.tar.gz had a
>> configure tweak that fixed it.  All systems tested now build and pass all
>> tests.
>>
>> That said - the stupid race condition in that one test is cropping up
>> sporadically still - I think it's related to the load (or lack thereof) on
>> the VM host.
>>
>> With, of course, the caveat that any system with a native openssl <
>> 0.9.8.f will not compile OOTB. A supplemental openssl needs to be installed
>> that meets the version requirements, and then ./configure needs a
>> --with-ssl-dir= directive that points to it.
>>
>>
>>
>> On Tue, Aug 26, 2014 at 11:37 PM, Damien Miller <djm at mindrot.org> wrote:
>>
>>> On Tue, 26 Aug 2014, Kevin Brott wrote:
>>>
>>> >       > 0.9.8k        FAILxlc_r -g  -I. -I. -I/var/tmp/ssh/include
>>> >       ...
>>> >       > roaming_client.o"/usr/include/stdarg.h", line 89.9: 1506-236
>>> >       (W) Macro name
>>> >       > va_copy has been redefined."/usr/include/stdarg.h", line 89.9:
>>> >       1506-358 (I)
>>> >       > "va_copy" is defined on line 829 of defines.h. xlc_r -o ssh
>>> >       ssh.o
>>> >
>>> >       It looks like configure has failed to detect va_copy and is
>>> >       trying to
>>> >       supply a surrogate. There might be some clues as to what went
>>> >       wrong
>>> >       if you search for "va_copy"
>>>
>>> I meant to say: search config.log for "va_copy"
>>>
>>> -d
>>>
>>
>>
>>
>> --
>> # include <stddisclaimer.h>
>> /* Kevin  Brott <Kevin.Brott at gmail.com> */
>>
>>
>
>
> --
> # include <stddisclaimer.h>
> /* Kevin  Brott <Kevin.Brott at gmail.com> */
>
>


-- 
# include <stddisclaimer.h>
/* Kevin  Brott <Kevin.Brott at gmail.com> */


More information about the openssh-unix-dev mailing list