Mailing List Archive

Call for testing: OpenSSH 8.1
Hi,

OpenSSH 8.1p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.

Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/

The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html

Portable OpenSSH is also available via git using the
instructions at http://www.openssh.com/portable.html#cvs
At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
https://github.com/openssh/openssh-portable

Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:

$ ./configure && make tests

Live testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev@mindrot.org. Security bugs should be reported
directly to openssh@openssh.com.

Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.

Thanks to the many people who contributed to this release.

Security
========

* ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory sidechannel attacks like
Spectre, Meltdown and Rambleed. This release encrypts private keys
when they are not in use with a symmetic key that is derived from a
relatively large "prekey" consisting of random data (currently 16KB).
Attackers must recover the entire prekey before they are able to
decrypt the protected private keys, but the current generation of
attacks have bit error rates that render this unlikely to be
practical.

Potentially-incompatible changes
================================

This release includes one change that may affect existing
configurations:

* ssh-keygen(1): when acting as a CA and signing certificates with
an RSA key, default to using the rsa-sha2-512 signature algorithm.
Certificates signed by RSA keys will therefore be incompatible
with OpenSSH versions prior to 7.2 unless the default is
overridden (using "ssh-keygen -t ssh-rsa -s ...").

Changes since OpenSSH 8.0
=========================

This release is focused on bugfixing.

New Features
------------

* ssh(1): Allow %n to be expanded in ProxyCommand strings

* ssh(1), sshd(8): Allow prepending a list of algorithms to the
default set by starting the list with the '^' character, E.g.
"HostKeyAlgorithms ^ssh-ed25519"

* ssh-keygen(1): add an experimental lightweight signature and
verification ability. Signatures may be made using regular ssh keys
held on disk or stored in a ssh-agent and verified against an
authorized_keys-like list of allowed keys. Signatures embed a
namespace that prevents confusion and attacks between different
usage domains (e.g. files vs email).

* ssh-keygen(1): print key comment when extracting publc key from a
private key. bz#3052

* ssh-keygen(1): accept the verbose flag when searching for host keys
in known hosts (i.e. "ssh-keygen -vF host") to print the matching
host's random-art signature too. bz#3003

* All: support PKCS8 as an optional format for storage of private
keys to disk. The OpenSSH native key format remains the default,
but PKCS8 is a superior format to PEM if interoperability with
non-OpenSSH software is required, as it may use a less insecure
key derivation function than PEM's.

Bugfixes
--------

* ssh(1): if a PKCS#11 token returns no keys then try to login and
refetch them. Based on patch from Jakub Jelen; bz#2430

* ssh(1): produce a useful error message if the user's shell is set
incorrectly during "match exec" processing. bz#2791

* sftp(1): allow the maximimum uint32 value for the argument passed
to -b which allows better error messages from later validation.
bz#3050

* ssh(1): avoid pledge sandbox violations in some combinations of
remote forwarding, connection multiplexing and ControlMaster.

* ssh-keyscan(1): include SHA2-variant RSA key algorithms in KEX
proposal; allows ssh-keyscan to harvest keys from servers that
disable olde SHA1 ssh-rsa. bz#3029

* sftp(1): print explicit "not modified" message if a file was
requested for resumed download but was considered already complete.
bz#2978

* sftp(1): fix a typo and make <esc><right> move right to the
closest end of a word just like <esc><left> moves left to the
closest beginning of a word.

* sshd(8): cap the number of permiopen/permitlisten directives
allowed to appear on a single authorized_keys line.

* All: fix a number of memory leaks (one-off or on exit paths).

* Regression tests: a number of fixes and improvments, including
fixes to the interop tests, adding the ability to run most tests
on builds that disable OpenSSL support, better support for running
tests under Valgrind and a number of bugfixes.

* ssh(1), sshd(8): check for convtime() refusing to accept times that
resolve to LONG_MAX Reported by Kirk Wolf bz2977

* ssh(1): slightly more instructive error message when the user
specifies multiple -J options on the commandline. bz3015

* ssh-agent(1): process agent requests for RSA certificate private
keys using correct signature algorithm when requested. bz3016

* sftp(1): check for user@host when parsing sftp target. This
allows user@[1.2.3.4] to work without a path. bz#2999

* sshd(8): enlarge format buffer size for certificate serial
number so the log message can record any 64-bit integer without
truncation. bz#3012

* sshd(8): for PermitOpen violations add the remote host and port to
be able to more easily ascertain the source of the request. Add the
same logging for PermitListen violations which where not previously
logged at all.

* scp(1), sftp(1): use the correct POSIX format style for left
justification for the transfer progress meter. bz#3002

* sshd(8) when examining a configureation using sshd -T, assume any
attibute not provided by -C does not match, which allows it to work
when sshd_config contains a Match directive with or without -C.
bz#2858

* ssh(1), ssh-keygen(1): downgrade PKCS#11 "provider returned no
slots" warning from log level error to debug. This is common when
attempting to enumerate keys on smartcard readers with no cards
plugged in. bz#3058

* ssh(1), ssh-keygen(1): do not unconditionally log in to PKCS#11
tokens. Avoids spurious PIN prompts for keys not selected for
authentication in ssh(1) and when listing public keys available in
a token using ssh-keygen(1). bz#3006

Portability
-----------

* ssh(1): fix SIGWINCH delivery of Solaris for multiplexed sessions
bz#3030

* ssh(1), sshd(8): fix typo that prevented detection of Linux VRF

* sshd(8): add no-op implementation of pam_putenv to avoid build
breakage on platforms where the PAM implementation lacks this
function (e.g. HP-UX). bz#3008

* sftp-server(8): fix Solaris privilege sandbox from preventing
the legacy sftp rename operation from working (was refusing to
allow hard links to files owned by other users). bz#3036

* All: add a proc_pidinfo()-based closefrom() for OS X to avoid
the need to brute-force close all high-numbered file descriptors.
bz#3049

* sshd(8): in the Linux seccomp-bpf sandbox, allow mprotect(2) with
PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
heap allocators. Github PR#142

* sshd(8): in the Linux seccomp-bpf sandbox, allow the s390-specific
ioctl for ecc hardware support.

* All: use "doc" man page format if the mandoc(1) tool is present on
the system. Previously configure would not select the "doc" man
page format if mandoc was present but nroff was not.

* sshd(8): don't install duplicate STREAMS modules on Solaris; check
if STREAMS modules are already installed on a pty before installing
since when compiling with XPG>=4 they will likely be installed
already. Prevents hangs and duplicate lines on the terminal.
bz#2945 and bz#2998,

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
On Tue, 2019-10-01 at 21:33 +1000, Damien Miller wrote:
> Hi,
>
> OpenSSH 8.1p1 is almost ready for release, so we would appreciate
> testing
> on as many platforms and systems as possible. This is a bugfix
> release.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/

During some patching, I noticed excessive includes of stdlib.h in some
of the files. The duplicates are removed with the attached patch or on
github:

https://github.com/Jakuje/openssh-portable/commit/88038f85

Regards,
--
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
On Tue, 1 Oct 2019, Jakub Jelen wrote:

> On Tue, 2019-10-01 at 21:33 +1000, Damien Miller wrote:
> > Hi,
> >
> > OpenSSH 8.1p1 is almost ready for release, so we would appreciate
> > testing
> > on as many platforms and systems as possible. This is a bugfix
> > release.
> >
> > Snapshot releases for portable OpenSSH are available from
> > http://www.mindrot.org/openssh_snap/
>
> During some patching, I noticed excessive includes of stdlib.h in some
> of the files. The duplicates are removed with the attached patch or on
> github:
>
> https://github.com/Jakuje/openssh-portable/commit/88038f85

Thanks - there were a few other multiple #includes apart from stdlib.h
and I just whacked them all

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
> Hi,
>
> OpenSSH 8.1p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
[…]
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev@mindrot.org. Security bugs should be reported
> directly to openssh@openssh.com.

I have put it onto a custom i.MX6 board running with Linux kernel 4.9.88 and
glibc 2.28. Normal usage (login, scp) works fine.

Eike
--
Rolf Eike Beer, emlix GmbH, http://www.emlix.com
Fon +49 551 30664-0, Fax +49 551 30664-11
Gothaer Platz 3, 37083 Göttingen, Germany
Sitz der Gesellschaft: Göttingen, Amtsgericht Göttingen HR B 3160
Geschäftsführung: Heike Jordan, Dr. Uwe Kracke – Ust-IdNr.: DE 205 198 055

emlix - smart embedded open source
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
Just reporting that Openssh 8.1 pre is working on FreeBSD 12
using openssl 1.1.1e-dev .

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Canada - Choose Forward on 21 Oct 2019 !
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
Hi all,

thanks for heads up, compiles fine on Illumos based OpenIndiana /hipster
distribution:

:; ssh -V
OpenSSH_8.0p1-snap20191002, OpenSSL 1.1.1d 10 Sep 2019

Regards.

On 01.10.2019 13:33, Damien Miller wrote:
> Hi,
>
> OpenSSH 8.1p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev@mindrot.org. Security bugs should be reported
> directly to openssh@openssh.com.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Security
> ========
>
> * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
> rest in RAM against speculation and memory sidechannel attacks like
> Spectre, Meltdown and Rambleed. This release encrypts private keys
> when they are not in use with a symmetic key that is derived from a
> relatively large "prekey" consisting of random data (currently 16KB).
> Attackers must recover the entire prekey before they are able to
> decrypt the protected private keys, but the current generation of
> attacks have bit error rates that render this unlikely to be
> practical.
>
> Potentially-incompatible changes
> ================================
>
> This release includes one change that may affect existing
> configurations:
>
> * ssh-keygen(1): when acting as a CA and signing certificates with
> an RSA key, default to using the rsa-sha2-512 signature algorithm.
> Certificates signed by RSA keys will therefore be incompatible
> with OpenSSH versions prior to 7.2 unless the default is
> overridden (using "ssh-keygen -t ssh-rsa -s ...").
>
> Changes since OpenSSH 8.0
> =========================
>
> This release is focused on bugfixing.
>
> New Features
> ------------
>
> * ssh(1): Allow %n to be expanded in ProxyCommand strings
>
> * ssh(1), sshd(8): Allow prepending a list of algorithms to the
> default set by starting the list with the '^' character, E.g.
> "HostKeyAlgorithms ^ssh-ed25519"
>
> * ssh-keygen(1): add an experimental lightweight signature and
> verification ability. Signatures may be made using regular ssh keys
> held on disk or stored in a ssh-agent and verified against an
> authorized_keys-like list of allowed keys. Signatures embed a
> namespace that prevents confusion and attacks between different
> usage domains (e.g. files vs email).
>
> * ssh-keygen(1): print key comment when extracting publc key from a
> private key. bz#3052
>
> * ssh-keygen(1): accept the verbose flag when searching for host keys
> in known hosts (i.e. "ssh-keygen -vF host") to print the matching
> host's random-art signature too. bz#3003
>
> * All: support PKCS8 as an optional format for storage of private
> keys to disk. The OpenSSH native key format remains the default,
> but PKCS8 is a superior format to PEM if interoperability with
> non-OpenSSH software is required, as it may use a less insecure
> key derivation function than PEM's.
>
> Bugfixes
> --------
>
> * ssh(1): if a PKCS#11 token returns no keys then try to login and
> refetch them. Based on patch from Jakub Jelen; bz#2430
>
> * ssh(1): produce a useful error message if the user's shell is set
> incorrectly during "match exec" processing. bz#2791
>
> * sftp(1): allow the maximimum uint32 value for the argument passed
> to -b which allows better error messages from later validation.
> bz#3050
>
> * ssh(1): avoid pledge sandbox violations in some combinations of
> remote forwarding, connection multiplexing and ControlMaster.
>
> * ssh-keyscan(1): include SHA2-variant RSA key algorithms in KEX
> proposal; allows ssh-keyscan to harvest keys from servers that
> disable olde SHA1 ssh-rsa. bz#3029
>
> * sftp(1): print explicit "not modified" message if a file was
> requested for resumed download but was considered already complete.
> bz#2978
>
> * sftp(1): fix a typo and make <esc><right> move right to the
> closest end of a word just like <esc><left> moves left to the
> closest beginning of a word.
>
> * sshd(8): cap the number of permiopen/permitlisten directives
> allowed to appear on a single authorized_keys line.
>
> * All: fix a number of memory leaks (one-off or on exit paths).
>
> * Regression tests: a number of fixes and improvments, including
> fixes to the interop tests, adding the ability to run most tests
> on builds that disable OpenSSL support, better support for running
> tests under Valgrind and a number of bugfixes.
>
> * ssh(1), sshd(8): check for convtime() refusing to accept times that
> resolve to LONG_MAX Reported by Kirk Wolf bz2977
>
> * ssh(1): slightly more instructive error message when the user
> specifies multiple -J options on the commandline. bz3015
>
> * ssh-agent(1): process agent requests for RSA certificate private
> keys using correct signature algorithm when requested. bz3016
>
> * sftp(1): check for user@host when parsing sftp target. This
> allows user@[1.2.3.4] to work without a path. bz#2999
>
> * sshd(8): enlarge format buffer size for certificate serial
> number so the log message can record any 64-bit integer without
> truncation. bz#3012
>
> * sshd(8): for PermitOpen violations add the remote host and port to
> be able to more easily ascertain the source of the request. Add the
> same logging for PermitListen violations which where not previously
> logged at all.
>
> * scp(1), sftp(1): use the correct POSIX format style for left
> justification for the transfer progress meter. bz#3002
>
> * sshd(8) when examining a configureation using sshd -T, assume any
> attibute not provided by -C does not match, which allows it to work
> when sshd_config contains a Match directive with or without -C.
> bz#2858
>
> * ssh(1), ssh-keygen(1): downgrade PKCS#11 "provider returned no
> slots" warning from log level error to debug. This is common when
> attempting to enumerate keys on smartcard readers with no cards
> plugged in. bz#3058
>
> * ssh(1), ssh-keygen(1): do not unconditionally log in to PKCS#11
> tokens. Avoids spurious PIN prompts for keys not selected for
> authentication in ssh(1) and when listing public keys available in
> a token using ssh-keygen(1). bz#3006
>
> Portability
> -----------
>
> * ssh(1): fix SIGWINCH delivery of Solaris for multiplexed sessions
> bz#3030
>
> * ssh(1), sshd(8): fix typo that prevented detection of Linux VRF
>
> * sshd(8): add no-op implementation of pam_putenv to avoid build
> breakage on platforms where the PAM implementation lacks this
> function (e.g. HP-UX). bz#3008
>
> * sftp-server(8): fix Solaris privilege sandbox from preventing
> the legacy sftp rename operation from working (was refusing to
> allow hard links to files owned by other users). bz#3036
>
> * All: add a proc_pidinfo()-based closefrom() for OS X to avoid
> the need to brute-force close all high-numbered file descriptors.
> bz#3049
>
> * sshd(8): in the Linux seccomp-bpf sandbox, allow mprotect(2) with
> PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
> heap allocators. Github PR#142
>
> * sshd(8): in the Linux seccomp-bpf sandbox, allow the s390-specific
> ioctl for ecc hardware support.
>
> * All: use "doc" man page format if the mandoc(1) tool is present on
> the system. Previously configure would not select the "doc" man
> page format if mandoc was present but nroff was not.
>
> * sshd(8): don't install duplicate STREAMS modules on Solaris; check
> if STREAMS modules are already installed on a pty before installing
> since when compiling with XPG>=4 they will likely be installed
> already. Prevents hangs and duplicate lines on the terminal.
> bz#2945 and bz#2998,
>
> Reporting Bugs:
> ===============
>
> - Please read http://www.openssh.com/report.html
> Security bugs should be reported directly to openssh@openssh.com
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
While compiling the master branch on
https://github.com/openssh/openssh-portable just now on the latest
version of Kali Linux, I got the following warnings:


fmt_scaled.c: In function ‘fmt_scaled’:
fmt_scaled.c:272:52: warning: ‘%1lld’ directive output may be truncated
writing between 1 and 17 bytes into a region of size between 0 and 5
[-Wformat-truncation=]
272 | (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
| ^~~~~
fmt_scaled.c:272:46: note: directive argument in the range
[-9007199254740991, 9]
272 | (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
| ^~~~~~~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from ../openbsd-compat/getrrsetbyname.h:59,
from ../openbsd-compat/openbsd-compat.h:44,
from ../includes.h:174,
from fmt_scaled.c:41:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output between 5 and 40 bytes into a
destination of size 7
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ar: creating libopenbsd-compat.a
sshkey.c: In function ‘sshkey_format_cert_validity’:
sshkey.c:2994:42: warning: ‘%s’ directive output may be truncated
writing up to 31 bytes into a region of size between 24 and 55
[-Wformat-truncation=]
2994 | snprintf(ret, sizeof(ret), "from %s to %s", from, to);
| ^~ ~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from sshkey.c:28:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output between 10 and 72 bytes into a
destination of size 64
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hostfile.c: In function ‘host_hash’:
hostfile.c:150:44: warning: ‘%s’ directive output may be truncated
writing up to 511 bytes into a region of size between 509 and 1020
[-Wformat-truncation=]
150 | snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC,
uu_salt,
| ^~
151 | HASH_DELIM, uu_result);
| ~~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from hostfile.c:39:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output between 5 and 1027 bytes into a
destination of size 1024
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ar: creating libssh.a
sshconnect.c: In function ‘check_host_key.constprop’:
sshconnect.c:895:8: warning: ‘%s’ directive output may be truncated
writing up to 1023 bytes into a region of size between 773 and 973
[-Wformat-truncation=]
895 | "The authenticity of host '%.200s (%s)' can't be "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
900 | host, ip, msg1, type, fp,
| ~~~~
sshconnect.c:896:20: note: format string is defined here
896 | "established%s\n"
| ^~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from sshconnect.c:16:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output 144 or more bytes (assuming 2391) into
a destination of size 1024
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssh-keygen.c: In function ‘do_convert_to’:
ssh-keygen.c:346:34: warning: ‘%s’ directive output may be truncated
writing up to 1024 bytes into a region of size 39 [-Wformat-truncation=]
346 | "%u-bit %s, converted by %s@%s from OpenSSH",
| ^~
347 | sshkey_size(k), sshkey_type(k),
348 | pw->pw_name, hostname);
| ~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from ssh-keygen.c:15:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output 36 or more bytes (assuming 1060) into
a destination of size 61
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssh-keygen.c: In function ‘main’:
ssh-keygen.c:3280:41: warning: ‘%s’ directive output may be truncated
writing up to 1024 bytes into a region of size 1023 [-Wformat-truncation=]
3280 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
hostname);
| ^~ ~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from ssh-keygen.c:15:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output 2 or more bytes (assuming 1026) into a
destination of size 1024
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssh-keygen.c:1079:41: warning: ‘%s’ directive output may be truncated
writing up to 1024 bytes into a region of size 1023 [-Wformat-truncation=]
1079 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
| ^~
1080 | hostname);
| ~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from ssh-keygen.c:15:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output 2 or more bytes (assuming 1026) into a
destination of size 1024
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssh-agent.c: In function ‘main’:
ssh-agent.c:1232:48: warning: ‘/agent.’ directive output may be
truncated writing 7 bytes into a region of size between 1 and 4096
[-Wformat-truncation=]
1232 | snprintf(socket_name, sizeof socket_name, "%s/agent.%ld",
socket_dir,
| ^~~~~~~
ssh-agent.c:1232:45: note: directive argument in the range [-2147483648,
2147483647]
1232 | snprintf(socket_name, sizeof socket_name, "%s/agent.%ld",
socket_dir,
| ^~~~~~~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from ssh-agent.c:37:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output between 9 and 4114 bytes into a
destination of size 4096
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Here's the version of gcc in use:

# gcc --version
gcc (Debian 9.2.1-8) 9.2.1 20190909


FYI, all tests pass on Kali Linux.

- Joe


--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
On Mon, Oct 07, 2019 at 12:08:27PM -0400, Joseph S. Testa II wrote:
> While compiling the master branch on
> https://github.com/openssh/openssh-portable just now on the latest version
> of Kali Linux, I got the following warnings:
>
>
> fmt_scaled.c: In function ‘fmt_scaled’:
> fmt_scaled.c:272:52: warning: ‘%1lld’ directive output may be truncated
> writing between 1 and 17 bytes into a region of size between 0 and 5
> [-Wformat-truncation=]
> 272 | (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
> | ^~~~~
> fmt_scaled.c:272:46: note: directive argument in the range
> [-9007199254740991, 9]
> 272 | (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
> | ^~~~~~~~~~~~~~

At least this part seems to be a regression of
https://bugzilla.mindrot.org/show_bug.cgi?id=2769, in case that's
helpful in tracking it down.

--
Colin Watson [cjwatson@debian.org]
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
On 01/10/19 13:33, Damien Miller wrote:
> Hi,
>
> OpenSSH 8.1p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>

I was able to build b1e79ea8 and run the testsuite on Solaris 2.6, 7, 8
and 9 both SPARC and x86.
Testsuite passes all tests on all of them.

The only issue I had was on Solaris 2.6 where <stdint.h> is not available.
I got build errors because sshbuf-getput-basic.c and ssh-keygen.c
include <stdint.h> unconditionally but wrapping those includes with
#ifdef HAVE_STDINT_H fixed it.

-tgc

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Call for testing: OpenSSH 8.1 [ In reply to ]
On Tue, 8 Oct 2019, Tom G. Christensen wrote:

> On 01/10/19 13:33, Damien Miller wrote:
> > Hi,
> >
> > OpenSSH 8.1p1 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This is a bugfix release.
> >
>
> I was able to build b1e79ea8 and run the testsuite on Solaris 2.6, 7, 8 and 9
> both SPARC and x86.
> Testsuite passes all tests on all of them.
>
> The only issue I had was on Solaris 2.6 where <stdint.h> is not available.
> I got build errors because sshbuf-getput-basic.c and ssh-keygen.c include
> <stdint.h> unconditionally but wrapping those includes with #ifdef
> HAVE_STDINT_H fixed it.

Thanks for testing - I've added this fix.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev