So apparently openssl/ec.h didn't show up earlier than 0.9.8m right now it's looking like any system with earlier versions will configure, but fail to build off the bat. On Mon, Aug 18, 2014 at 9:18 AM, Kevin Brott <kevin.brott@xxxxxxxxx> wrote: > Ugh - so, forgot to RT the list ... and another failed buildhost ... > > I know these are legacy OS version - but they're still in use here so ... > > OS Build_Target CC OpenSSL BUILD TEST > =========== ================= ============ ============= ===== > ================= > Centos 2.1 i386-redhat-linux gcc 2.9.6 0.9.6b-engine FAIL*1 > RHEL 3.4 i386-redhat-linux gcc 3.2.3-47 0.9.7a FAIL*1 > > make[1]: Entering directory `/usr/src/openssh/openbsd-compat' > gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare > -Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2 > -fno-builtin-memset -std=gnu99 -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c > arc4random.c > In file included from ../buffer.h:24, > from ../entropy.h:30, > from ../includes.h:177, > from arc4random.c:27: > ../sshbuf.h:25:24: openssl/ec.h: No such file or directory > make[1]: *** [arc4random.o] Error 1 > make[1]: Leaving directory `/usr/src/openssh/openbsd-compat' > make: *** [openbsd-compat/libopenbsd-compat.a] Error 2 > [root@localhost openssh]# find ec.h > find: ec.h: No such file or directory > > > > > On Sun, Aug 17, 2014 at 6:23 PM, Damien Miller <djm@xxxxxxxxxxx> wrote: > >> Hi, >> >> OpenSSH 6.7 is almost ready for release, so we would appreciate testing >> on as many platforms and systems as possible. This is a big release >> containing a number of features, a lot of internal refactoring and some >> potentially-incompatible changes. >> >> Snapshot releases for portable OpenSSH are available from >> http://www.mindrot.org/openssh_snap/ >> >> The OpenBSD version is available in CVS HEAD: >> http://www.openbsd.org/anoncvs.html >> >> Portable OpenSSH is also available via anonymous CVS using the >> instructions at http://www.openssh.com/portable.html#cvs or >> via Git at https://anongit.mindrot.org/openssh.git/ >> >> Running the regression tests supplied with Portable OpenSSH does not >> require installation and is a simply: >> >> $ ./configure && make tests >> >> Live testing on suitable non-production systems is also >> appreciated. Please send reports of success or failure to >> openssh-unix-dev@xxxxxxxxxxx. >> >> Below is a summary of changes. More detail may be found in the ChangeLog >> in the portable OpenSSH tarballs. >> >> Thanks to the many people who contributed to this release. >> >> Changes since OpenSSH 6.6 >> ========================= >> >> Potentially-incompatible changes >> >> * sshd(8): The default set of ciphers and MACs has been altered to >> remove unsafe algorithms. In particular, CBC ciphers and arcfour* >> are disabled by default. >> >> The full set of algorithms remains available if configured >> explicitly via the Ciphers and MACs sshd_config options. >> >> * sshd(8): Support for tcpwrappers/libwrap has been removed. >> >> * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections >> using the curve25519-sha256@xxxxxxxxxx KEX exchange method to fail >> when connecting with something that implements the specification >> correctly. OpenSSH 6.7 disables this KEX method when speaking to >> one of the affected versions. >> >> New Features >> >> * Major internal refactoring to begin to make part of OpenSSH usable >> as a library. So far the wire parsing, key handling and KRL code >> has been refactored. Please note that we do not consider the API >> stable yet, nor do we offer the library in separable form. >> >> * ssh(1), sshd(8): Add support for Unix domain socket forwarding. >> A remote TCP port may be forwarded to a local Unix domain socket >> and vice versa or both ends may be a Unix domain socket. >> >> * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for >> ED25519 key types. >> >> * sftp(1): Allow resumption of interrupted uploads. >> >> * ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it >> is the same as the one sent during initial key exchange; bz#2154 >> >> * sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind >> addresses when GatewayPorts=no; allows client to choose address >> family; bz#2222 >> >> * sshd(8): Add a sshd_config PermitUserRC option to control whether >> ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys >> option; bz#2160 >> >> * ssh(1): Add a %C escape sequence for LocalCommand and ControlPath >> that expands to a unique identifer based on a hash of the tuple of >> (local host, remote user, hostname, port). Helps avoid exceeding >> miserly pathname limits for Unix domain sockets in multiplexing >> control paths; bz#2220 >> >> * sshd(8): Make the "Too many authentication failures" message >> include the user, source address, port and protocol in a format >> similar to the authentication success / failure messages; bz#2199 >> >> * Added unit and fuzz tests for refactored code. These are run >> automatically in portable OpenSSH via the "make tests" target. >> >> Bugfixes >> >> * sshd(8): Fix remote fwding with same listen port but different >> listen address. >> >> * ssh(1): Fix inverted test that caused PKCS#11 keys that were >> explicitly listed in ssh_config or on the commandline not to be >> preferred. >> >> * ssh-keygen(1): Fix bug in KRL generation: multiple consecutive >> revoked certificate serial number ranges could be serialised to an >> invalid format. Readers of a broken KRL caused by this bug will >> fail closed, so no should-have-been-revoked key will be accepted. >> >> * ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in >> exit status. Previously we were always returning 0; bz#2255 >> >> * ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the >> randomart border; bz#2247 >> >> * ssh-agent(1): Only cleanup agent socket in the main agent process >> and not in any subprocesses it may have started (e.g. forked >> askpass). Fixes agent sockets being zapped when askpass processes >> fatal(); bz#2236 >> >> * ssh-add(1): Make stdout line-buffered; saves partial output getting >> lost when ssh-add fatal()s part-way through (e.g. when listing keys >> from an agent that supports key types that ssh-add doesn't); >> bz#2234 >> >> * ssh-keygen(1): When hashing or removing hosts, don't choke on >> @revoked markers and don't remove @cert-authority markers; bz#2241 >> >> * ssh(1): Don't fatal when hostname canonicalisation fails and a >> ProxyCommand is in use; continue and allow the ProxyCommand to >> connect anyway (e.g. to a host with a name outside the DNS behind >> a bastion) >> >> * scp(1): When copying local->remote fails during read, don't send >> uninitialised heap to the remote end. >> >> * sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing >> filenames with a single quote char somewhere in the string; >> bz#2238 >> >> * ssh-keyscan(1): Scan for Ed25519 keys by default. >> >> * ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down- >> convert any certificate keys to plain keys and attempt SSHFP >> resolution. Prevents a server from skipping SSHFP lookup and >> forcing a new-hostkey dialog by offering only certificate keys. >> >> * sshd(8): Avoid crash at exit via NULL pointer reference; bz#2225 >> >> * Fix some strict-alignment errors. >> >> Portable OpenSSH >> >> * Portable OpenSSH now supports building against libressl-portable. >> >> * Portable OpenSSH now requires openssl 0.9.8f or greater. Older >> versions are no longer supported. >> >> * In the OpenSSL version check, allow fix version upgrades (but not >> downgrades. Debian bug #748150. >> >> * sshd(8): On Cygwin, determine privilege separation user at runtime, >> since it may need to be a domain account. >> >> * sshd(8): Don't attempt to use vhangup on Linux. It doens't work for >> non-root users, and for them it just messes up the tty settings. >> >> * Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is >> available. It takes into account time spent suspended, thereby >> ensuring timeouts (e.g. for expiring agent keys) fire correctly. >> bz#2228 >> >> * Add support for ed25519 to opensshd.init init script. >> >> * sftp-server(8): On platforms that support it, use prctl() to >> prevent sftp-server from accessing /proc/self/{mem,maps} >> >> Reporting Bugs: >> =============== >> >> - Please read http://www.openssh.com/report.html >> Security bugs should be reported directly to openssh@xxxxxxxxxxx >> >> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, >> Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and >> Ben Lindstrom. >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev@xxxxxxxxxxx >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >> > > > > -- > # include <stddisclaimer.h> > /* Kevin Brott <Kevin.Brott@xxxxxxxxx> */ > > -- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott@xxxxxxxxx> */ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev