Re: Call for testing: OpenSSH 8.9

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


On Feb 11 22:25, Darren Tucker wrote:
> On Fri, 11 Feb 2022 at 21:53, Corinna Vinschen <vinschen@xxxxxxxxxx> wrote:
> > [...]
> > I wonder why sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx is not in the
> > above list of cert type offers.  What explanation could that have?
> >
> I've just updated our win10 cygwin test VM to current and will attempt to
> reproduce with your config flags.
>   --without-hardening
> >
> Out of curiosity why do you need to disable the compiler hardening?

Actually... I *think* there was a problem with an older gcc or libc
version when trying to use FORTIFY_SOURCE and/or retpoline.  I have to
admit I don't remember exactly.

> I
> don't think it's going to make a difference in the failure case you noted,
> but our build farm runs a VM with cygwin on win10 with the default
> configure flags which enables hardening and it passes.

I've just built OpenSSH without the above flag and it builds and
packages fine.  Thanks for pointing this out!  I will certainly build
with hardening in future.

I also ran the hostkey-agent test again, but yeah, hardening doesn't
change the result.  Still

  bad SSH_CONNECTION key type sk-ssh-ed25519-cert-v01@xxxxxxxxxxx

I'm going to run the entire testsuite now, but I don't expect any
other problem.


openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux