On Thu, Dec 15, 2016 at 4:22 PM, Zev Weiss <zev@xxxxxxxxxxxxxxxxx> wrote:
[...]
> I tested (or tried) git commit b737e4d7 on three systems, with somewhat
> mixed results.
Thanks for the comprehensive testing!
> On Mac OSX (macOS?) 10.9, configure failed with:
>
> ...
> checking OpenSSL header version... 1000208f (OpenSSL 1.0.2h 3 May 2016)
> checking OpenSSL library version... 009081df (OpenSSL 0.9.8zg 14 July
> 2015)
> checking whether OpenSSL's headers match the library... no
> configure: error: Your OpenSSL headers do not match your
> library. Check config.log for details.
I think that's due to the headers and libraries supplied (or not) by Apple.
> A second attempt with configure's openssl-dir pointed at a macports install
> in /opt/local built successfully and passed all tests, though there were
> some warnings during the build (mostly noticed just because I configured
> with -Werror and then manually papered over them; not sure how important
> these really are):
>
> - daemon() deprecated (ssh.c, sshd.c)
> - utmp, login, logout, logwtmp deprecated (loginrec.c)
> - sandbox_init() deprecated (sandbox-darwin.c)
I don't think there's much we can do about these without abandoning
earlier OS releases.
> - struct monitor declared in ssh_sandbox_init() parameter list
> (sandbox-darwin.c)
Missing monitor.h include. Harmless (it's never used), now fixed.
> - set-but-unused 'flag' variable in sys_tun_open() (port-tun.c)
True, the code that uses it is inside an ifdef. Might look at this later.
> On Void Linux (which uses LibreSSL, for what it's worth): unable to compile
> due to undeclared arc4random*() functions. The symbols exist in libcrypto
> so configure's tests for them pass, but they're not declared in any header
> files. I'm not sure where exactly these are "supposed" to be declared, so I
> don't know if this is a problem with OpenSSH or LibreSSL or some packaging
> bungle on Void's part.
Don't know about this one. Might install a VM to look at this if I
get a chance.
> On Debian testing: discovered a small-but-significant problem in auth.c's
> allowed_user() function. Commit 010359b3 expanded the body of the loop that
> checks DenyUsers entries, but didn't add the necessary braces around it, so
> it didn't exactly have the intended effect, instead resulting in only the
> last entry in DenyUsers actually being enforced. (Credit to gcc's
> -Wmisleading-indentation warning here.)
Nice find! Fixed.
> The attached patch 0001-Unbreak-DenyUsers-with-1-user-specified.patch fixes
> the bug; the next two patches
All patches applied.
Thank you.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
