Call for testing: OpenSSH-6.5
Tom Christensen
tgc at jupiterrise.com
Mon Jan 27 00:04:12 EST 2014
On 17/01/14 01:26, Damien Miller wrote:
> Hi,
>
> OpenSSH 6.5 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release contains
> some substantial new features and a number of bugfixes.
>
I tried building from git HEAD (603b8f4) but ran into a few issues.
It fails to build out of the box on Solaris 2.6:
gmake[1]: Entering directory
`/export/home/tgc/buildpkg/openssh/src/openssh-git/openbsd-compat'
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all
-I. -I.. -I. -I./.. -I/usr/tgcware/include -DHAVE_CONFIG_H -c arc4random.c
In file included from ../includes.h:174,
from arc4random.c:27:
../openbsd-compat/openbsd-compat.h:124: error: conflicting types for
'inet_ntop'
/usr/include/resolv.h:303: error: previous declaration of 'inet_ntop'
was here
gmake[1]: *** [arc4random.o] Error 1
The problem is that configure does not detect that inet_ntop is in
libresolv.
...
checking for inet_ntop... no
...
$ nm /usr/lib/libresolv.so|grep inet_ntop
[264] | 42144| 83|FUNC |GLOB |0 |12 |inet_ntop
[153] | 0| 0|FILE |LOCL |0 |ABS |inet_ntop.c
[154] | 42228| 104|FUNC |LOCL |0 |12 |inet_ntop4
[155] | 42332| 504|FUNC |LOCL |0 |12 |inet_ntop6
$ grep inet_ntop /usr/include/resolv.h
const char *inet_ntop __P((int af, const void *src, char *dst, size_t s));
$
I modified configure.ac to detect inet_ntop and the build completes and
it passes the testsuite.
I also gave it a try on IRIX and found issues there aswell.
During configure I get this error:
./configure[10160]: ==: unknown test operator
This is a typo in configure.ac, in the pie test.
There is still the generic IRIX issue with killpg() only being supported
when explicitly using BSD signal semantics.
Details are here:
http://permalink.gmane.org/gmane.network.openssh.devel/19422
I'm using kill(0, SIGTERM) instead as kill(2) indicates it should work
the same.
On IRIX 6.5.22 it builds out of the box using MIPSpro 7.4.4m (CC=c99).
The testsuite runs until:
env passing over multiplexed connection
Where is seems to hang, or atleast 10 minutes later there has been no
further activity in the logs.
On IRIX 6.2 it builds out of the box using MIPSpro 7.3 (7.3.1.2m).
The testsuite runs until:
test stderr data transfer: proto 2 ()
Where it hangs and does not get any further, this is the same as
previous releases.
On IRIX 5.3 the compilation fails using gcc 3.4.6:
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv
-fno-builtin-memset -std=gnu99 -I. -I.. -I. -I./..
-I/usr/tgcware/include/openssl -I/usr/tgcware/include -DHAVE_CONFIG_H -c
bcrypt_pbkdf.c
In file included from bcrypt_pbkdf.c:34:
../crypto_api.h:17: error: syntax error before "crypto_uint32"
../crypto_api.h:17: warning: type defaults to `int' in declaration of
`crypto_uint32'
../crypto_api.h:17: warning: data definition has no type or storage class
bcrypt_pbkdf.c: In function `bcrypt_hash':
bcrypt_pbkdf.c:70: error: `uint32_t' undeclared (first use in this function)
bcrypt_pbkdf.c:70: error: (Each undeclared identifier is reported only once
bcrypt_pbkdf.c:70: error: for each function it appears in.)
bcrypt_pbkdf.c:70: error: syntax error before "cdata"
bcrypt_pbkdf.c:72: error: `uint16_t' undeclared (first use in this function)
bcrypt_pbkdf.c:72: error: syntax error before "j"
bcrypt_pbkdf.c:84: error: `j' undeclared (first use in this function)
bcrypt_pbkdf.c:86: error: `cdata' undeclared (first use in this function)
bcrypt_pbkdf.c:89: error: `uint64_t' undeclared (first use in this function)
bcrypt_pbkdf.c: In function `bcrypt_pbkdf':
bcrypt_pbkdf.c:115: error: `uint32_t' undeclared (first use in this
function)
bcrypt_pbkdf.c:115: error: syntax error before "count"
bcrypt_pbkdf.c:134: error: `count' undeclared (first use in this function)
make[1]: *** [bcrypt_pbkdf.o] Error 1
make[1]: Leaving directory
`/usr/people/tgc/buildpkg/openssh/src/openssh-git/openbsd-compat'
It's the same issue with poly1305.c
For building with gcc < 4.5 adding #include <inttypes.h> is necessary,
while gcc 4.5 and later provides <stdint.h> on platforms that lack it.
Unfortunately on IRIX 5.3 <inttypes.h> conflicts with <sys/types.h> when
using the SGI compiler which means building with gcc is now the only
option since the source seems to rely on being able to include
<sys/types.h> unconditionally.
Once I got the build to complete using gcc 4.5.3, it ends up failling
some of the rekey tests.
$ cat failed-regress.log
trace: client rekey chacha20-poly1305 at openssh.com
diffie-hellman-group-exchange-sha1
FAIL: ssh failed (-oRekeyLimit=256k
-oCiphers=chacha20-poly1305 at openssh.com
-oKexAlgorithms=diffie-hellman-group-exchange-sha1)
trace: client rekey chacha20-poly1305 at openssh.com
diffie-hellman-group-exchange-sha1
FAIL: ssh failed (-oRekeyLimit=256k
-oCiphers=chacha20-poly1305 at openssh.com
-oKexAlgorithms=diffie-hellman-group-exchange-sha1)
FAIL: corrupted copy (-oRekeyLimit=256k
-oCiphers=chacha20-poly1305 at openssh.com
-oKexAlgorithms=diffie-hellman-group-exchange-sha1)
trace: -1 rekeying(s)
FAIL: no rekeying occured (-oRekeyLimit=256k
-oCiphers=chacha20-poly1305 at openssh.com
-oKexAlgorithms=diffie-hellman-group-exchange-sha1)
trace: client rekey chacha20-poly1305 at openssh.com
diffie-hellman-group-exchange-sha256
FAIL: ssh failed (-oRekeyLimit=256k
-oCiphers=chacha20-poly1305 at openssh.com
-oKexAlgorithms=diffie-hellman-group-exchange-sha256)
trace: client rekey chacha20-poly1305 at openssh.com
diffie-hellman-group-exchange-sha256
FAIL: ssh failed (-oRekeyLimit=256k
-oCiphers=chacha20-poly1305 at openssh.com
-oKexAlgorithms=diffie-hellman-group-exchange-sha256)
FAIL: corrupted copy (-oRekeyLimit=256k
-oCiphers=chacha20-poly1305 at openssh.com
-oKexAlgorithms=diffie-hellman-group-exchange-sha256)
trace: -1 rekeying(s)
FAIL: no rekeying occured (-oRekeyLimit=256k
-oCiphers=chacha20-poly1305 at openssh.com
-oKexAlgorithms=diffie-hellman-group-exchange-sha256)
The failed-* logs are here:
http://www.jupiterrise.com/tmp/
If I skip the rekey tests the testsuite runs until:
test stderr data transfer: proto 2 ()
Where it hangs and does not get any further, this is the same as
previous releases.
None of these issues will prevent me from using openssh on IRIX, basic
functionality is still okay.
-tgc
More information about the openssh-unix-dev
mailing list