Call for testing: OpenSSH 6.8

Carson Gaspar carson at taltos.org
Fri Feb 27 12:29:33 AEDT 2015 

I see some issues on Solaris 11.2 (fresh git pull from master, commit 
bd58853102cee739f0e115e6d4b5334332ab1442):

First, linking fails as the system version of OpenSSL does not have 
EC_KEY_free (it's oddly only in the FIPS version...):

cc -m64 -xO5 -xtarget=ivybridge -xarch=sse4_2 -xarch=avx_i -xarch=aes 
-I. -I.  -DSSHDIR=\"/usr/local/etc\" 
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" 
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" 
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" 
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" 
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" 
-D_PATH_SSH_PIDDIR=\"/var/run\" 
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c kex.c -o kex.o
"kex.c", line 98: warning: initializer will be sign-extended: -1
"kex.c", line 436: warning: implicit function declaration: EC_KEY_free

...

cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o 
sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. 
-Lopenbsd-compat/ -m64 -xO5 -xtarget=ivybridge -xarch=sse4_2 
-xarch=avx_i -xarch=aes -lssh -lopenbsd-compat  -lresolv -lcrypto -lz 
-lsocket -lnsl
ld: warning: symbol 'umac_ctx' has differing sizes:
         (file ./libssh.a(umac.o) value=0x5f8; file 
./libssh.a(umac128.o) value=0x690);
         ./libssh.a(umac128.o) definition taken
Undefined                       first referenced
  symbol                             in file
EC_KEY_free                         ./libssh.a(kex.o)

If I force the usage of a clean openssl-1.0.1k, it builds, but I still see:

ld: warning: symbol 'umac_ctx' has differing sizes:
         (file ./libssh.a(umac.o) value=0x5f8; file 
./libssh.a(umac128.o) value=0x690);
         ./libssh.a(umac128.o) definition taken

which worries me...

Forcing netcat.c to compile by adding -D_XPG4_2 -D__EXTENSIONS__ (as it 
seems the msghdr fixes haven't been commited yet) allows the tests to run.

All tests pass except for hostkey-rotate, which triggers grep errors:

run test hostkey-rotate.sh ...
learn hostkey with StrictHostKeyChecking=no
learn additional hostkeys
learn additional hostkeys, type=ssh-ed25519
learn additional hostkeys, type=ssh-rsa
learn additional hostkeys, type=ssh-dss
learn additional hostkeys, type=ecdsa-sha2-nistp256
learn additional hostkeys, type=ecdsa-sha2-nistp384
learn additional hostkeys, type=ecdsa-sha2-nistp521
learn changed non-primary hostkey
learn new primary hostkey
grep: RE error 41: No remembered search string.
current key missing
grep: RE error 41: No remembered search string.
new key missing
rotate primary hostkey
check rotate primary hostkey
failed hostkey rotate
gmake[1]: *** [t-exec] Error 1

Forcing GNU grep first in PATH allows it to succeed. Switching to the 
Solaris fgrep also allows it to succeed.

diff --git a/regress/hostkey-rotate.sh b/regress/hostkey-rotate.sh
index d964b35..10ea1e9 100644
--- a/regress/hostkey-rotate.sh
+++ b/regress/hostkey-rotate.sh
@@ -42,7 +42,7 @@ check_key_present() {
         test "x$_kfile" = "x" && _kfile="$OBJ/hkr.${_type}.pub"
         _ktext=`awk "/ $_type / { $_prog }" < $OBJ/known_hosts` || \
                 fatal "awk failed"
-       grep -q "$_ktext" $_kfile
+       fgrep "$_ktext" $_kfile >/dev/null
  }

  cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy

More information about the openssh-unix-dev mailing list