Announce: OpenSSH 8.9 released

[Val Baranov]

On Wednesday, February 23, 2022 7:09 AM, Damien Miller <djm at cvs.openbsd.org> wrote:
<OpenSSH 8.9 has just been released. It will be available from the mirrors listed at https://urldefense.com/v3/__https://www.openssh.com/__;!!OToaGQ!8Cf0KPZ5tLwOiN5u2XUTZs2M3RI-4WweqkikJOlCHgDAnnS_4y14RrV9Wu4mI3-S8v8$  shortly.

Running "make tests" revealed 2 "cert type" tests in "hostkey-agent.sh" script to fail. Those 2 tests are not present in RC from Feb. 11, where all tests passed successfully.
Those failed tests are "sk-ssh-*" and "sk-ecdsa-*" below (4 lines with errors are shifted to the right in output below):
ok restrict pubkey type
run test hostkey-agent.sh ...
key type ssh-ed25519
key type ssh-rsa
key type ssh-dss
key type ecdsa-sha2-nistp256
key type ecdsa-sha2-nistp384
key type ecdsa-sha2-nistp521
cert type ssh-ed25519-cert-v01 at openssh.com
cert type sk-ssh-ed25519-cert-v01 at openssh.com
           cert type sk-ssh-ed25519-cert-v01 at openssh.com failed
           bad SSH_CONNECTION key type sk-ssh-ed25519-cert-v01 at openssh.com
cert type ssh-rsa-cert-v01 at openssh.com
cert type rsa-sha2-256-cert-v01 at openssh.com
cert type rsa-sha2-512-cert-v01 at openssh.com
cert type ssh-dss-cert-v01 at openssh.com
cert type ecdsa-sha2-nistp256-cert-v01 at openssh.com
cert type ecdsa-sha2-nistp384-cert-v01 at openssh.com
cert type ecdsa-sha2-nistp521-cert-v01 at openssh.com
cert type sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com
           cert type sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com failed
           bad SSH_CONNECTION key type sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com
failed hostkey agent

Re-tested release candidate from Feb. 11 and no "cert type sk-*" tests were found. 
Could it happened that the required priv/pub keys are missing in "./regress" subdir and this is why it says "bad key type" ?

Filtering out those 2 cert types helped to pass all tests successfully.

Thanks

--
Val Baranov val.baranov at duke.edu>