HP-UX 11.11 (aka 11i) needs BROKEN_GETADDRINFO but the configure script does not turn it on. The result of a default build is an ssh that cannot resolve hostnames via DNS. Manually tweaking config.h to turn on BROKEN_GETADDRINFO and rebuilding/reinstalling fixes this but it's not the solution.
See also this thread (about HP-UX 11.00): http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106736532907806 Is this just some patch levels of HP-UX? Does IPv6 support work as shipped (since defining BROKEN_GETADDRINFO will disable that).
We need to decide what (if anything) to do about this before the next release.
So far no-one has said anything about IPv6 working or not on HP-UX 11.11, so we don't know whether or not it works. We do know that (in some cases, anyway) IPv4 doesn't work because of the getaddrinfo issue. Based on the currently available information, configure will automatically define BROKEN_GETADDRINFO on HP-UX 11.11 in the next release. If you object to this, speak now.
Thanks for the report, this has now been changed. BROKEN_GETADDRINFO will now be defined always on HP-UX 11.11. - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO for HP-UX 11.11. If there are known-good configs where this is not required, please report them. ok djm@ See also: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=103561603330707 http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106736532907806
*** Bug 816 has been marked as a duplicate of this bug. ***
OK, so it looks like there are at least *some* configurations of HP-UX 11.11 that don't require BROKEN_GETADDRINFO. The only thing I can think of is doing a test DNS lookup, but I can't see what could be looked up ("localhost" would normally be resolved from /etc/hosts). Ideas?
Created attachment 574 [details] Test getnameinfo/getaddrinfo Please try this test program an attach the output to this bug.
The IPv6 bundle name is IPv6NCF11i The output from your test program: getaddrinfo returned 0 Attempting to listen on family 22 proto 0 addr = 0x00000000000000000000000000000000 getnameinfo returned name :: port 2222 bind() succeeded getnameinfo(NI_NAMEREQD) failed: host nor service provided, or not known Attempting to listen on family 2 proto 0 getnameinfo returned name 0.0.0.0 port 2222 bind: Address already in use getnameinfo(NI_NAMEREQD) failed: host nor service provided, or not known Jan P. Sorensen
I'd like to get this sorted for 3.8.1p1 but I'm not sure how to detect the problem in configure (and it could change post-build too).
gcc version 3.2 I guess I could update to 3.4.x now. $ uname -a HP-UX censored B.11.11 U 9000/800 censored-number unlimited-user license software bundles installed B3693AA C.03.50.00 HP GlancePlus/UX for s800 11i BUNDLE11i B.11.11.0102.2 Required Patch Bundle for HP-UX 11i, February 2001 Base-VXVM B.03.20.1 Base VERITAS Volume Manager 3.2 for HP-UX CDE-English B.11.11 English CDE Environment FDDI-00 B.11.11.02 PCI FDDI;Supptd HW=A3739A/A3739B;SW=J3626AA FibrChanl-00 B.11.11.09 PCI/HSC FibreChannel;Supptd HW=A6684A,A6685A,A5158A,A6795A GOLDBASE11i B.11.11.0112.6 Gold Base Patches for HP-UX 11i, December 2001 GigEther-00 B.11.11.14 PCI/HSC GigEther;Supptd HW=A4926A/A4929A/A4924A/A4925A;SW=J1642AA GigEther-01 B.11.11.01 PCI/PCI-X GigEther;Supptd HW=A6794A HPUX11i-OE B.11.11.0112 HP-UX 11i Operating Environment Component HPUXBase64 B.11.11 HP-UX 64-bit Base OS HPUXBaseAux B.11.11.0112 HP-UX Base OS Auxiliary HWEnable11i B.11.11.0112.5 Hardware Enablement Patches for HP-UX 11i, December 2001 OnlineDiag B.11.11.05.10 HPUX 11.11 Support Tools Bundle, Dec 2001 RAID-00 B.11.11.01 PCI RAID; Supptd HW=A5856A $ ./getaddrinfo-test getaddrinfo returned 0 Attempting to listen on family 22 proto 0 addr = 0x00000000000000000000000000000000 getnameinfo returned name :: port 2222 bind: Bad file number getnameinfo(NI_NAMEREQD) failed: host nor service provided, or not known Attempting to listen on family 2 proto 0 getnameinfo returned name 0.0.0.0 port 2222 bind() succeeded getnameinfo(NI_NAMEREQD) failed: host nor service provided, or not known
Created attachment 591 [details] Attempt to detect broken getaddrinfo on HP-UX Please try this patch. (I will attach a "configure" built with this patch, in case you don't have autoconf handy).
Created attachment 592 [details] configure.gz: patched configure Replace configure from a current snapshot with this, then run ./configure.
based on previous HP-UX version number plus openssh-SNAP-20040401.tar.gz plus new replacement configure script I get: checking whether snprintf correctly terminates long strings... yes checking for broken getaddrinfo... no checking whether getpgrp takes no argument... yes configure: error: *** Can't find recent OpenSSL libcrypto (see config.log for d\ etails) *** Compilation exited abnormally with code 1 at Sun Apr 4 10:06:51
The new configure script generates a SSHD which listens correctly to IPv4 and IPv6, and works correctly. Jan P. Sorensen
Take a look at config.log, search for "OpenSSL". The following lines should show why it thinks it couldn't find OpenSSL. You can also try "./configure --with-ssl-dir=/path/to/ssl".
Comment on attachment 591 [details] Attempt to detect broken getaddrinfo on HP-UX >+ AC_CHECK_FUNC(getaddrinfo, [ check_for_hpux_broken_getaddrinfo=1 ]) I think that this should be just "check_broken_getaddrinfo=1" (read on) >+if test ! -z "$check_for_hpux_broken_getaddrinfo"; then I think this should be: if test "x$ac_cv_func_snprintf" = "xyes" -a "x$check_broken_getaddrinfo"="x1"; then Otherwise OK.
Fair enough for the AC_CHECK_FUNC thing (I wasn't sure either way) but why test for cached snprintf?
oops- cut'n'pasto, it should be getaddrinfo of course.
OK, makes sense now. I don't think it's necessary, though, since the only way the flag can get set is in the action-if-found from AC_CHECK_FUNC.
I was suggesting that the AC_CHECK_FUNC be replaced with a flag, because we do it anyway later (I don't care too much either way though)
OK, patch applied with suggested mods. Here's hoping this bug stays dead this time...
Closed with release of portable OpenSSH 3.8.1p1
Patch Name: PHNE_27796 Patch Description: s700_800 11.11 libnss_dns DNS backend patch Creation Date: 02/11/26 Post Date: 03/01/07 Hardware Platforms - OS Releases: s700: 11.11 s800: 11.11 Products: N/A Filesets: NFS.NFS-SHLIBS,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP NFS.NFS-64SLIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair enhancement general_release manual_dependencies Path Name: /hp-ux_patches/s700_800/11.X/PHNE_27796 Symptoms: PHNE_27796: 1. JAGae35468 / SR 8606271239 Problem with DNS library resolver routines. 2. JAGae37148 / SR 8606273042 Problem with getipnodeby* IPv6 resolver code. 3. JAGae26956 / SR 8606262621 Programs that use getaddrinfo() may not run properly on certain HP-UX 11.11 systems. PHNE_24129: 1. JAGad75337 / SR 8606206162 The libnss_dns.1 library should be IPv6 enabled. PHNE_23574: 1. JAGad48393 / SR 8606179169: libnss_dns.1's "dependency" on libnsl increases FTP's resource usage. Defect Description: PHNE_27796: 1. JAGae35468 / SR 8606271239 Under certain circumstances, the resolver incorrectly calculates the available buffer size. Resolution: The buffer size is now calculated properly. 2. JAGae37148 / SR 8606273042 Under certain circumstances, large size packets received by the IPv6 resolver were not handled properly. Resolution: The resolver now properly handles packets of all sizes. 3. JAGae26956 / SR 8606262621 The memory initialization and freeing were not done correctly. Resolution: Code has been modified to initialize and free the memory correctly. PHNE_24129: 1. JAGad75337 / SR 8606206162 The libnss_dns.1 library should be IPv6 enabled, so that IPv6 nameservers can be queried by clients. Resolution: The libnss_dns.1 is now IPv6 enabled. The /etc/resolv.conf file now supports IPv6 addresses for the nameserver directive. PHNE_23574: 1. JAGad48393 / SR 8606179169: Since libnss_dns.1 was linked with libnsl, resource utilization was more. Resolution: dependency of libnss_dns.1 on libnsl has been removed. Enhancement: No (superseded patches contained enhancements) PHNE_24129: This is an enhancement to support IPv6 in libnss_dns. SR: 8606206162 8606179169 8606271239 8606273042 8606262621 Patch Files: NFS.NFS-SHLIBS,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /usr/lib/libnss_dns.1 NFS.NFS-64SLIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /usr/lib/pa20_64/libnss_dns.1 what(1) Output: NFS.NFS-SHLIBS,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /usr/lib/libnss_dns.1: $ PATCH/11.11:PHNE_27796 Sep 17 2002 15:43:17 $ NFS.NFS-64SLIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /usr/lib/pa20_64/libnss_dns.1: $ PATCH/11.11:PHNE_27796 Sep 17 2002 15:43:17 $ cksum(1) Output: NFS.NFS-SHLIBS,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: 331410839 36864 /usr/lib/libnss_dns.1 NFS.NFS-64SLIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: 2979937160 34816 /usr/lib/pa20_64/libnss_dns.1 Patch Conflicts: None Patch Dependencies: s700: 11.11: PHCO_24400 s800: 11.11: PHCO_24400 Hardware Dependencies: None Other Dependencies: The solution for SR 8606206162 (JAGad75337) will only be available if the "HP-UX 11i IPv6 product bundle" is installed. SR 8606206162 (JAGad75337) provides details about the IPv6 name resolution for DNS clients. Supersedes: PHNE_23574 PHNE_24129 Equivalent Patches: None Patch Package Size: 100 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_27796 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_27796.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_27796. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_27796.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_27796.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_27796.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: PHNE_27796: After this patch is installed, *ONLY* if you want to recompile and/or relink the applications that use libnsl.1 APIs, link the application explicitly with libnsl.1. This is applicable only in the case of applications expecting to resolve libnsl.1 symbols through libnss_dns.1. Not linking these applications with libnsl.1 will cause the linker to report unresolved symbols, as libnss_dns.1 no longer resolves libnsl.1 entry points. For 64-bit applications, loading of the libnss_dns library will fail unless PHCO_24400 or any later patch is installed in the system. In certain cases such as using shl_load() with BIND_IMMEDIATE flag, 32-bit applications require PHCO_24400 or any of its superseded patch to be present in the system; otherwise it will result in an unsatisfied symbol error.