on Ubuntu 14.04 with openssh-SNAP-20150306.tar.gz with gcc, libz-dev,
and libssl-dev
configure; make; make tests
fails at:
test_hostkeys:
regress/unittests/hostkeys/test_iterate.c:124 test #1 "hostkeys_iterate
all with key parse" - entry 5/61, file line 5
ASSERT_PTR_EQ(l->key, NULL) failed:
l->key = 0x2b14c2d7af80
NULL = (nil)
Aborted
make[1]: *** [unit] Error 134
make[1]: Leaving directory `/home/hpcmhech/tmp/openssh/regress'
make: *** [tests] Error 2
I have also tried to run make install in-between, and created new
host-keys, but tests didn't pass at the same point.
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH:
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: doc
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
Smartcard support:
S/KEY support: no
MD5 password support: no
libedit support: no
Solaris process contract support: no
Solaris project support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
Host: x86_64-unknown-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized
-Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess
-Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE
Preprocessor flags:
Linker flags: -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
-fstack-protector-all -pie
Libraries: -lcrypto -ldl -lutil -lz -lnsl -lcrypt -lresolv
On 02/19/2015 11:21 PM, Damien Miller wrote:
> Hi,
>
> OpenSSH 6.8 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release contains
> some substantial new features and a number of bugfixes.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via anonymous CVS using the
> instructions at http://www.openssh.com/portable.html#cvs or
> via Git at https://anongit.mindrot.org/openssh.git/
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also
> appreciated. Please send reports of success or failure to
> openssh-unix-dev@xxxxxxxxxxx.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Changes since OpenSSH 6.7
> =========================
>
> This is a major release, containing a number of new features as
> well as a large internal re-factoring.
>
> Potentially-incompatible changes
> --------------------------------
>
> * sshd(8): UseDNS now defaults to 'no'. Configurations that match
> against the client host name (via sshd_config or authorized_keys)
> may need to re-enable it or convert to matching against addresses.
>
> New Features
> ------------
>
> * Much of OpenSSH's internal code has been re-factored to be more
> library-like. These changes are mostly not user-visible, but
> have greatly improved OpenSSH's testability and internal layout.
>
> * Add FingerprintHash option to ssh(1) and sshd(8), and equivalent
> command-line flags to the other tools to control algorithm used
> for key fingerprints. The default changes from MD5 to SHA256 and
> format from hex to base64.
>
> Fingerprints now have the hash algorithm prepended. An example of
> the new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE
> Please note that visual host keys will also be different.
>
> * ssh(1), sshd(8): Host key rotation support. Add a protocol
> extension for a server to inform a client of all its available
> host keys after authentication has completed. The client may
> record the keys in known_hosts, allowing it to upgrade to better
> host key algorithms and a server to gracefully rotate its keys.
>
> The client side of this is controlled by a UpdateHostkeys config
> option (default on).
>
> * ssh(1): Add a ssh_config HostbasedKeyType option to control which
> host public key types are tried during host-based authentication.
>
> * ssh(1), sshd(8): fix connection-killing host key mismatch errors
> when sshd offers multiple ECDSA keys of different lengths.
>
> * ssh(1): when host name canonicalisation is enabled, try to
> parse host names as addresses before looking them up for
> canonicalisation. fixes bz#2074 and avoiding needless DNS
> lookups in some cases.
>
> * ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer
> require OpenSSH to be compiled with OpenSSL support.
>
> * ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
> authentication.
>
> * sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
> Bleichenbacher Side Channel Attack. Fake up a bignum key before
> RSA decryption.
>
> * sshd(8): Remember which public keys have been used for
> authentication and refuse to accept previously-used keys.
> This allows AuthenticationMethods=publickey,publickey to require
> that users authenticate using two _different_ public keys.
>
> * sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
> PubkeyAcceptedKeyTypes options to allow sshd to control what
> public key types will be accepted. Currently defaults to all.
>
> * sshd(8): Don't count partial authentication success as a failure
> against MaxAuthTries.
>
> * ssh(1): Add RevokedHostKeys option for the client to allow
> text-file or KRL-based revocation of host keys.
>
> * ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by
> serial number or key ID without scoping to a particular CA.
>
> * ssh(1): Add a "Match canonical" criteria that allows ssh_config
> Match blocks to trigger only in the second config pass.
>
> * ssh(1): Add a -G option to ssh that causes it to parse its
> configuration and dump the result to stdout, similar to "sshd -T".
>
> * ssh(1): Allow Match criteria to be negated. E.g. "Match !host".
>
> * The regression test suite has been extended to cover more OpenSSH
> features. The unit tests have been expanded and now cover key
> exchange.
>
> Bugfixes
> --------
>
> * ssh-keyscan(1): ssh-keyscan has been made much more robust again
> servers that hang or violate the SSH protocol.
>
> * ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were
> being lost as comment fields.
>
> * ssh(1): Allow ssh_config Port options set in the second config
> parse phase to be applied (they were being ignored). bz#2286
>
> * ssh(1): Tweak config re-parsing with host canonicalisation - make
> the second pass through the config files always run when host name
> canonicalisation is enabled (and not whenever the host name
> changes) bz#2267
>
> * ssh(1): Fix passing of wildcard forward bind addresses when
> connection multiplexing is in use; bz#2324;
>
> * ssh-keygen(1): Fix broken private key conversion from non-OpenSSH
> formats; bz#2345.
>
> * ssh-keygen(1): Fix KRL generation bug when multiple CAs are in
> use.
>
> * Various fixed to manual pages: bz#2288, bz#2316, bz#2273
>
> Portable OpenSSH
> ----------------
>
> * Support --without-openssl at configure time
>
> Disables and removes dependency on OpenSSL. Many features,
> including SSH protocol 1 are not supported and the set of crypto
> options is greatly restricted. This will only work on system with
> native arc4random or /dev/urandom.
>
> Considered highly experimental for now.
>
> * Support --without-ssh1 option at configure time
>
> Allows disabling support for SSH protocol 1.
>
> Still experimental - not all regression and unit tests have been
> been adapted for the absence of SSH protocol 1.
>
> * sshd(8): Fix compilation on systems with IPv6 support in utmpx; bz#2296
>
> * Allow custom service name for sshd on Cygwin. Permits the use of
> multiple sshd running with different service names.
>
> Reporting Bugs:
> ===============
>
> - Please read http://www.openssh.com/report.html
> Security bugs should be reported directly to openssh@xxxxxxxxxxx
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
> Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
> Ben Lindstrom.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Dr. Martin Hecht
High Performance Computing Center Stuttgart (HLRS)
Office 0.051, HPCN Production, IT-Security
University of Stuttgart
Nobelstraße 19, 70569 Stuttgart, Germany
Tel: +49(0)711/685-65799 Fax: -55799
Mail: hecht@xxxxxxx
Web: http://www.hlrs.de/people/hecht/
PGP Key Fingerprint: 41BB 33E9 7170 3864 D5B3 44AD 5490 010B 96C2 6E4A
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
