Call for testing: OpenSSH 6.8

Kevin Brott kevin.brott at gmail.com
Tue Feb 24 08:31:26 AEDT 2015


Neglected to mention - this is using openssh-SNAP-20150224.tar.gz

On Mon, Feb 23, 2015 at 1:28 PM, Kevin Brott <kevin.brott at gmail.com> wrote:

> Stock - Debian GNU/Linux 7.8 (wheezy) - all tests passed
>
>
> build failure on:
>  * AIX 6.1 (6100-09-03-1415) IBM XL C/C++ Compiler (11.1.0.16)
>  * AIX 7.1 (7100-03-04-1441) IBM XL C/C++ Compiler (12.1.0.6)
>
> ./configure && make tests
>
> ...
>
> xlc_r -g  -I. -I.  -DSSHDIR=\"/usr/local/etc\"
>  -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
>  -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
>  -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
>  -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
>  -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
>  -D_PATH_SSH_PIDDIR=\"/var/run\"  -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
> -DHAVE_CONFIG_H -c ssh_api.c -o ssh_api.o
> "ssh_api.c", line 143.19: 1506-068 (W) Operation between types "struct
> key_entry*" and "int" is not allowed.
> "ssh_api.c", line 149.19: 1506-068 (W) Operation between types "struct
> key_entry*" and "int" is not allowed.
> "ssh_api.c", line 440.45: 1506-045 (S) Undeclared identifier next.
> "ssh_api.c", line 440.51: 1506-277 (S) Syntax error: possible missing ';'
> or ','?
> "ssh_api.c", line 455.46: 1506-045 (S) Undeclared identifier next.
> "ssh_api.c", line 455.52: 1506-277 (S) Syntax error: possible missing ';'
> or ','?
> "ssh_api.c", line 470.45: 1506-045 (S) Undeclared identifier next.
> "ssh_api.c", line 470.51: 1506-277 (S) Syntax error: possible missing ';'
> or ','?
> "ssh_api.c", line 505.53: 1506-045 (S) Undeclared identifier next.
> "ssh_api.c", line 505.59: 1506-277 (S) Syntax error: possible missing ';'
> or ','?
> make: 1254-004 The error code from the last command is 1.
>
>
>
> On Thu, Feb 19, 2015 at 2:21 PM, Damien Miller <djm at mindrot.org> wrote:
>
>> Hi,
>>
>> OpenSSH 6.8 is almost ready for release, so we would appreciate testing
>> on as many platforms and systems as possible. This release contains
>> some substantial new features and a number of bugfixes.
>>
>> Snapshot releases for portable OpenSSH are available from
>> http://www.mindrot.org/openssh_snap/
>>
>> The OpenBSD version is available in CVS HEAD:
>> http://www.openbsd.org/anoncvs.html
>>
>> Portable OpenSSH is also available via anonymous CVS using the
>> instructions at http://www.openssh.com/portable.html#cvs or
>> via Git at https://anongit.mindrot.org/openssh.git/
>>
>> Running the regression tests supplied with Portable OpenSSH does not
>> require installation and is a simply:
>>
>> $ ./configure && make tests
>>
>> Live testing on suitable non-production systems is also
>> appreciated. Please send reports of success or failure to
>> openssh-unix-dev at mindrot.org.
>>
>> Below is a summary of changes. More detail may be found in the ChangeLog
>> in the portable OpenSSH tarballs.
>>
>> Thanks to the many people who contributed to this release.
>>
>> Changes since OpenSSH 6.7
>> =========================
>>
>> This is a major release, containing a number of new features as
>> well as a large internal re-factoring.
>>
>> Potentially-incompatible changes
>> --------------------------------
>>
>>  * sshd(8): UseDNS now defaults to 'no'. Configurations that match
>>    against the client host name (via sshd_config or authorized_keys)
>>    may need to re-enable it or convert to matching against addresses.
>>
>> New Features
>> ------------
>>
>>  * Much of OpenSSH's internal code has been re-factored to be more
>>    library-like. These changes are mostly not user-visible, but
>>    have greatly improved OpenSSH's testability and internal layout.
>>
>>  * Add FingerprintHash option to ssh(1) and sshd(8), and equivalent
>>    command-line flags to the other tools to control algorithm used
>>    for key fingerprints. The default changes from MD5 to SHA256 and
>>    format from hex to base64.
>>
>>    Fingerprints now have the hash algorithm prepended. An example of
>>    the new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE
>>    Please note that visual host keys will also be different.
>>
>>  * ssh(1), sshd(8): Host key rotation support. Add a protocol
>>    extension for a server to inform a client of all its available
>>    host keys after authentication has completed. The client may
>>    record the keys in known_hosts, allowing it to upgrade to better
>>    host key algorithms and a server to gracefully rotate its keys.
>>
>>    The client side of this is controlled by a UpdateHostkeys config
>>    option (default on).
>>
>>  * ssh(1): Add a ssh_config HostbasedKeyType option to control which
>>    host public key types are tried during host-based authentication.
>>
>>  * ssh(1), sshd(8): fix connection-killing host key mismatch errors
>>    when sshd offers multiple ECDSA keys of different lengths.
>>
>>  * ssh(1): when host name canonicalisation is enabled, try to
>>    parse host names as addresses before looking them up for
>>    canonicalisation. fixes bz#2074 and avoiding needless DNS
>>    lookups in some cases.
>>
>>  * ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer
>>    require OpenSSH to be compiled with OpenSSL support.
>>
>>  * ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
>>    authentication.
>>
>>  * sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
>>    Bleichenbacher Side Channel Attack. Fake up a bignum key before
>>    RSA decryption.
>>
>>  * sshd(8): Remember which public keys have been used for
>>    authentication and refuse to accept previously-used keys.
>>    This allows AuthenticationMethods=publickey,publickey to require
>>    that users authenticate using two _different_ public keys.
>>
>>  * sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
>>    PubkeyAcceptedKeyTypes options to allow sshd to control what
>>    public key types will be accepted. Currently defaults to all.
>>
>>  * sshd(8): Don't count partial authentication success as a failure
>>    against MaxAuthTries.
>>
>>  * ssh(1): Add RevokedHostKeys option for the client to allow
>>    text-file or KRL-based revocation of host keys.
>>
>>  * ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by
>>    serial number or key ID without scoping to a particular CA.
>>
>>  * ssh(1): Add a "Match canonical" criteria that allows ssh_config
>>    Match blocks to trigger only in the second config pass.
>>
>>  * ssh(1): Add a -G option to ssh that causes it to parse its
>>    configuration and dump the result to stdout, similar to "sshd -T".
>>
>>  * ssh(1): Allow Match criteria to be negated. E.g. "Match !host".
>>
>>  * The regression test suite has been extended to cover more OpenSSH
>>    features. The unit tests have been expanded and now cover key
>>    exchange.
>>
>> Bugfixes
>> --------
>>
>>  * ssh-keyscan(1): ssh-keyscan has been made much more robust again
>>    servers that hang or violate the SSH protocol.
>>
>>  * ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were
>>    being lost as comment fields.
>>
>>  * ssh(1): Allow ssh_config Port options set in the second config
>>    parse phase to be applied (they were being ignored). bz#2286
>>
>>  * ssh(1): Tweak config re-parsing with host canonicalisation - make
>>    the second pass through the config files always run when host name
>>    canonicalisation is enabled (and not whenever the host name
>>    changes) bz#2267
>>
>>  * ssh(1): Fix passing of wildcard forward bind addresses when
>>    connection multiplexing is in use; bz#2324;
>>
>>  * ssh-keygen(1): Fix broken private key conversion from non-OpenSSH
>>    formats; bz#2345.
>>
>>  * ssh-keygen(1): Fix KRL generation bug when multiple CAs are in
>>    use.
>>
>>  * Various fixed to manual pages: bz#2288, bz#2316, bz#2273
>>
>> Portable OpenSSH
>> ----------------
>>
>>  * Support --without-openssl at configure time
>>
>>    Disables and removes dependency on OpenSSL. Many features,
>>    including SSH protocol 1 are not supported and the set of crypto
>>    options is greatly restricted. This will only work on system with
>>    native arc4random or /dev/urandom.
>>
>>    Considered highly experimental for now.
>>
>>  * Support --without-ssh1 option at configure time
>>
>>    Allows disabling support for SSH protocol 1.
>>
>>    Still experimental - not all regression and unit tests have been
>>    been adapted for the absence of SSH protocol 1.
>>
>>  * sshd(8): Fix compilation on systems with IPv6 support in utmpx; bz#2296
>>
>>  * Allow custom service name for sshd on Cygwin. Permits the use of
>>    multiple sshd running with different service names.
>>
>> Reporting Bugs:
>> ===============
>>
>> - Please read http://www.openssh.com/report.html
>>   Security bugs should be reported directly to openssh at openssh.com
>>
>> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
>> Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
>> Ben Lindstrom.
>>
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>
>
>
>
> --
> # include <stddisclaimer.h>
> /* Kevin  Brott <Kevin.Brott at gmail.com> */
>
>


-- 
# include <stddisclaimer.h>
/* Kevin  Brott <Kevin.Brott at gmail.com> */


More information about the openssh-unix-dev mailing list