https://bugzilla.mindrot.org/show_bug.cgi?id=3584
--- Comment #4 from Carlo Cabrera <carlo.antonio.cabr...@gmail.com> --- > IMO you'd be better off with the compiler hardening flags rather > than -Os. Things like -ftrapv could mitigate what would otherwise > be a vulnerability. Ok, sounds good. We (Homebrew) recently had to rebuild our OpenSSH package to use OpenSSL 3 and shipped it without `-O` flags on macOS 13-x86_64, so we're not going to change that for now. > If you want to investigate further, you could enumerate the flags > added by --with-hardening (which will depend on what the compiler > supports, you could diff Makefile generated with and without) and > add them to CFLAGS one at a time along with -Os and see if you can > narrow down which of them triggers the problem. Thanks for the tip. I'll also try to find the time to do this. > (I tried installing xcode 14.3 to reproduce but my test mac doesn't > support a new enough OSX version to do that.) GitHub provides free access to macOS runners for public repositories, and these have various versions of Xcode installed. This is what I'll probably end up using to investigate this problem further, but you might also be inclined to do the same. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
