Call for testing: OpenSSH 8.9
Corinna Vinschen
vinschen at redhat.com
Sat Feb 12 05:54:50 AEDT 2022
On Feb 11 22:25, Darren Tucker wrote:
> On Fri, 11 Feb 2022 at 21:53, Corinna Vinschen <vinschen at redhat.com> wrote:
>
> > [...]
> > I wonder why sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com is not in the
> > above list of cert type offers. What explanation could that have?
> >
>
> I've just updated our win10 cygwin test VM to current and will attempt to
> reproduce with your config flags.
>
> --without-hardening
> >
>
> Out of curiosity why do you need to disable the compiler hardening?
Actually... I *think* there was a problem with an older gcc or libc
version when trying to use FORTIFY_SOURCE and/or retpoline. I have to
admit I don't remember exactly.
> I
> don't think it's going to make a difference in the failure case you noted,
> but our build farm runs a VM with cygwin on win10 with the default
> configure flags which enables hardening and it passes.
I've just built OpenSSH without the above flag and it builds and
packages fine. Thanks for pointing this out! I will certainly build
with hardening in future.
I also ran the hostkey-agent test again, but yeah, hardening doesn't
change the result. Still
bad SSH_CONNECTION key type sk-ssh-ed25519-cert-v01 at openssh.com
I'm going to run the entire testsuite now, but I don't expect any
other problem.
Thanks,
Corinna
More information about the openssh-unix-dev
mailing list