Call for testing: OpenSSH 6.9
Ron Frederick
ronf at timeheart.net
Wed Jun 3 10:43:03 AEST 2015
On Jun 2, 2015, at 4:46 PM, Damien Miller <djm at mindrot.org> wrote:
> On Tue, 2 Jun 2015, Ron Frederick wrote:
>
>>> The privsep chroot path is specified at build time (./configure --with-privsep-path if you want to change it).
>>
>> Ok, thanks. I?ve re-run the tests on Linux with --sysconfdir=/etc/ssh
>> --with-privsep-path=/var/run, and I no longer see either of the issues
>> mentioned above. With the above config option, all tests passed for me
>> on Ubuntu 14.04.2 LTS.
>
> You should use /var/run/sshd on Ubuntu. Don't use a directory with other
> stuff in it.
Ok, thanks. I didn’t actually do an install with those parameters. I was just using them to get around the “/var/empty” error that I got in my previous run, but I’ll keep this in mind if I upgrade OpenSSH myself on that system.
>> Done. This is now filed as bz#2407. No hurry on this one, as the code
>> still runs fine at the moment and passes all the tests. I just thought
>> I’d report it to avoid future problems if those APIs are ever removed.
>
> Most of those are due to Apple soft-deprecating the OpenSSL libcrypto
> API as a supported interface. If they ever fully deprecate it, we'll
> ask users to build OpenSSH against an independent installation of
> libcrypto.
I see. Do you know if there is any way to add something to the Makefile to suppress the warnings in the meantime?
One of the other items I called out in the bug that wasn’t a deprecation was around the assignment of ssh1_3des_cdc to a “do_cipher” function pointer. It looks like the issue there is that ssh1_3des_cbc is declared to take a “size_t” as its last argument, where the do_cipher function pointer is expecting an “unsigned int”. It looks like other instances of functions assigned to do_cipher use the type LIBCRYPTO_EVP_INL_TYPE as the type of this argument, but for some reason this wasn’t done in the ssh1 3des case. This looks like it would be an easy fix, though.
The last issue was clang not liking the “-pie” switch on compilations.
--
Ron Frederick
ronf at timeheart.net
More information about the openssh-unix-dev
mailing list