On 2014-08-18 at 11:23 +1000, Damien Miller wrote: > OpenSSH 6.7 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a big release > containing a number of features, a lot of internal refactoring and some > potentially-incompatible changes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ Downloaded openssh-SNAP-20140911.tar.gz onto MacOS 10.8.5, using Clang (Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)). Configured with: ./configure --with-libedit --with-pam --with-kerberos5 \ --prefix=/opt/openssh --sysconfdir=/etc/ssh \ --with-ssl-dir=/usr/local/Cellar/openssl/1.0.1i \ --with-ldns stolen/derived from the Homebrew configuration: so I think this will match a common configuration profile on this platform (everything except the --prefix value chosen). "all tests passed". The Unix port forwarding appears to be undocumented. From reading the code, presence of a '/' anywhere in the PORT field causes parse_fwd_field() to mark the item as a path. When I supply an absolute path, this works and works great! :) If I supply a relative path, then it's passed to the server as a path but fails, triggering a warning message: Warning: remote port forwarding failed for listen path tmp/FRED The server-side debug logs: ----------------------------8< cut here >8------------------------------ debug1: server_input_global_request: rtype streamlocal-forward@xxxxxxxxxxx want_reply 1 debug1: server_input_global_request: streamlocal-forward listen path usr/fred debug3: channel_setup_fwd_listener_streamlocal: type 19 path usr/fred bind: Permission denied unix_listener: cannot bind to path: usr/fred ----------------------------8< cut here >8------------------------------ This is with client and server both on the same MacOS box. Since I'm not sure if it's only supposed to work if the path _starts_ with a slash, or if it _should_ work for _contains_ a slash, I'm not offering a documentation patch; I'll note that I'd expect to see this documented under -L, -R or the ssh_config options, or perhaps in a new section in ssh(1) "Port Forwarding" and cut down on a bunch of the duplication by referring to a full spec in that. (If you want an nroff patch and say what the behaviour should be, I'd be happy to contribute). To finish off, compilation warnings until the end of the email, so if not interested in these, then there's nothing else to read here. Thanks, -Phil I'll list them all for completeness, despite the lack of visible replacements for some deprecation-warning items: * `getrrsetbyname-ldns.c` had complaints on multiple lines of the form: ----------------------------8< cut here >8------------------------------ getrrsetbyname-ldns.c:92:6: warning: variable 'ldns_res' is used uninitialized whenever 'if' condition is true ----------------------------8< cut here >8------------------------------ Always for `ldns_res`. These were classed as `-Wsometimes-uninitialized` warnings. * Lots of ranlib complaints of files having no symbols; which I suspect come down to not defining things like USE_BUILTIN_RIJNDAEL so these are just noise * Two complaints of daemon() deprecation in ssh.c, lines 1288 & 1300; also in sshd.c:1892: ----------------------------8< cut here >8------------------------------ ssh.c:1288:2: warning: 'daemon' is deprecated: first deprecated in OS X 10.5 [-Wdeprecated-declarations] ----------------------------8< cut here >8------------------------------ Man-page daemon(3) says nothing about a deprecation; stdlib.h just has: ----------------------------8< cut here >8------------------------------ int daemon(int, int) __DARWIN_1050(daemon) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0, __MAC_10_5, __IPHONE_2_0, __IPHONE_2_0); ----------------------------8< cut here >8------------------------------ and I'm not seeing what replaces it, unless the answer is just "use launchd". * Many of these: ----------------------------8< cut here >8------------------------------ clang: warning: argument unused during compilation: '-pie' ----------------------------8< cut here >8------------------------------ * loginrec.c : `struct utmp` and the `login()`, `logout()` and `logwtmp()` functions are triggering deprecation warnings: ----------------------------8< cut here >8------------------------------ loginrec.c:188:49: warning: 'utmp' is deprecated [-Wdeprecated-declarations] void set_utmp_time(struct logininfo *li, struct utmp *ut); ----------------------------8< cut here >8------------------------------ The function at least has a deprecated-since label of 10.5: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0,__MAC_10_5,__IPHONE_NA,__IPHONE_NA); * sandbox-darwin.c warnings and deprecations: ----------------------------8< cut here >8------------------------------ sandbox-darwin.c:43:25: warning: declaration of 'struct monitor' will not be visible outside of this function [-Wvisibility] ssh_sandbox_init(struct monitor *monitor) ^ sandbox-darwin.c:65:6: warning: 'sandbox_init' is deprecated: first deprecated in OS X 10.8 [-Wdeprecated-declarations] if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED, ^ /usr/include/sandbox.h:65:5: note: 'sandbox_init' declared here int sandbox_init(const char *profile, uint64_t flags, char **errorbuf); ^ sandbox-darwin.c:65:19: warning: 'kSBXProfilePureComputation' is deprecated: first deprecated in OS X 10.8 [-Wdeprecated-declarations] if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED, ^ /usr/include/sandbox.h:97:19: note: 'kSBXProfilePureComputation' declared here extern const char kSBXProfilePureComputation[]; ^ 3 warnings generated. ----------------------------8< cut here >8------------------------------ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev