Call for testing: OpenSSH 7.6

Kevin Brott kevin.brott at gmail.com
Mon Sep 25 10:37:35 AEST 2017 

On 09/20/2017 05:47 PM, Damien Miller wrote:
> Hi,
>
> OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.

openssh-SNAP-20170925.tar.gz && git clone as of 2017/09/24 @ 17:20 PDT

OpSys           Compiler   OpenSSL     Build     Test
Debian 8.9    gcc 4.9.2    1.0.1t        YES        all tests passed
Debian 9.1    gcc 6.3.0    1.1.0f        NO *1

Looks like the default openssl version on Debian 9 is 1.1.0f, which according to the INSTALL doc is a deal-breaker (LibreSSL or OpenSSL >= 0.9.8f < 1.1.0).
I'm hesitant to backrev the default openssl package. Simply trying to install the openssl 1.0 dev kit will force several other dev packages to un-install (like libclamav and php7.0-dev).
LibreSSL doesn't appear to be a Debian package (not an issue for me - building a side-package isn't a big deal), but this could be a dealbreaker for J. Random LinuxD00d.
Thoughts?


**1 Build Failure pretty early on:*
gcc -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE   -I. -I.  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshkey.c -o sshkey.o
sshkey.c: In function ‘sshkey_size’:
sshkey.c:267:28: error: dereferencing pointer to incomplete type ‘RSA {aka struct rsa_st}’
    return BN_num_bits(k->rsa->n);
                             ^~
sshkey.c:270:28: error: dereferencing pointer to incomplete type ‘DSA {aka struct dsa_st}’
    return BN_num_bits(k->dsa->p);
                             ^~
sshkey.c: In function ‘sshkey_new’:
sshkey.c:470:11: error: dereferencing pointer to incomplete type ‘RSA {aka struct rsa_st}’
        (rsa->n = BN_new()) == NULL ||
            ^~
sshkey.c:482:11: error: dereferencing pointer to incomplete type ‘DSA {aka struct dsa_st}’
        (dsa->p = BN_new()) == NULL ||
            ^~
sshkey.c: In function ‘translate_libcrypto_error’:
sshkey.c:3398:8: error: ‘EVP_R_BN_DECODE_ERROR’ undeclared (first use in this function)
    case EVP_R_BN_DECODE_ERROR:
         ^~~~~~~~~~~~~~~~~~~~~
sshkey.c:3398:8: note: each undeclared identifier is reported only once for each function it appears in
sshkey.c: In function ‘sshkey_parse_private_pem_fileblob’:
sshkey.c:3463:8: error: dereferencing pointer to incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
   if (pk->type == EVP_PKEY_RSA &&
         ^~
Makefile:152: recipe for target 'sshkey.o' failed
make: *** [sshkey.o] Error 1

More information about the openssh-unix-dev mailing list