[Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end

https://bugzilla.mindrot.org/show_bug.cgi?id=3603 Bug ID: 3603 Summary: ssh clients can't communicate with server with default cipher when fips is enabled at server end Product: Portable OpenSSH Version: 9.4p1 Hardware:

[Bug 3602] New: Limit artificial delay to some reasonable limit

https://bugzilla.mindrot.org/show_bug.cgi?id=3602 Bug ID: 3602 Summary: Limit artificial delay to some reasonable limit Product: Portable OpenSSH Version: 9.4p1 Hardware: Other OS: Linux Status: NEW

[Bug 3601] Cannot change password if no password is given

https://bugzilla.mindrot.org/show_bug.cgi?id=3601 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from

[Bug 3601] New: Cannot change password if no password is given

https://bugzilla.mindrot.org/show_bug.cgi?id=3601 Bug ID: 3601 Summary: Cannot change password if no password is given Product: Portable OpenSSH Version: 8.1p1 Hardware: 68k OS: Mac OS X Status: NEW

[Bug 3599] How to scan for keys when sshd server has fips enabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #7 from Shreenidhi Shedi --- Hi Damien Miller, Any inputs on when this will get merged? I mean when will this be a part of github repo? Thanks. -- You are receiving this mail because: You are watching the assignee of the bug. You

[Bug 3599] How to scan for keys when sshd server has fips enabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #6 from Shreenidhi Shedi --- Okay, that looks fine. I was expecting these new pointers to get freed programmatically, if we are delegating that job to system, that's fine too. Thanks for the response. -- You are receiving this mail

[Bug 3599] How to scan for keys when sshd server has fips enabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #5 from Damien Miller --- It won't until the program exits. It will be around for the life of the process because it's needed for the life of the process -- You are receiving this mail because: You are watching the assignee of the

[Bug 3599] How to scan for keys when sshd server has fips enabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #4 from Shreenidhi Shedi --- One query, take this for example. ``` macs = xstrdup(optarg + 5); ``` When will macs get freed? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are

[Bug 3599] How to scan for keys when sshd server has fips enabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #3 from Shreenidhi Shedi --- Awesome, yes. These additional changes makes this fix complete for now. Thanks a lot. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the

[Bug 3598] Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 --- Comment #12 from Damien Miller --- > This seems like a bit too large of a change to go in so close to a release? oh sure, not proposing this for 9.4 but afterwards -- You are receiving this mail because: You are watching the assignee of

[Bug 3598] Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 Damien Miller changed: What|Removed |Added Attachment #3714|0 |1 is obsolete|

[Bug 3236] multiple Subsystem options in sshd_config prevent sshd from starting

https://bugzilla.mindrot.org/show_bug.cgi?id=3236 Michael Yagliyan changed: What|Removed |Added CC||burnsmellfact...@gmail.com -- You

[Bug 3598] Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 Damien Miller changed: What|Removed |Added Attachment #3714|ok?(dtuc...@dtucker.net)| Flags|

[Bug 3598] Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 Damien Miller changed: What|Removed |Added Attachment #3711|ok?(dtuc...@dtucker.net)| Flags|

[Bug 3600] New: please make ssh-keygen symlink aware for proper handling of hosts removal in symlinked known_hosts

https://bugzilla.mindrot.org/show_bug.cgi?id=3600 Bug ID: 3600 Summary: please make ssh-keygen symlink aware for proper handling of hosts removal in symlinked known_hosts Product: Portable OpenSSH Version: 9.3p2 Hardware:

[Bug 3595] Configure.ac Check Header Versions

https://bugzilla.mindrot.org/show_bug.cgi?id=3595 --- Comment #4 from Darren Tucker --- (In reply to soup_79 from comment #3) > It is a gentoo based system. then why are you installing mixed library and header versions? I don't think we would be interested in relaxing the default checks as it

[Bug 3599] How to scan for keys when sshd server has fips enabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 --- Comment #1 from Shreenidhi Shedi --- Created attachment 3713 --> https://bugzilla.mindrot.org/attachment.cgi?id=3713=edit attempt to fix. Tried fixing the issue. PTAL. I'm unaware of the development process in this project, so raised a

[Bug 3599] How to scan for keys when sshd server has fips enabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 Shreenidhi Shedi changed: What|Removed |Added CC||d...@mindrot.org, |

[Bug 3599] New: How to scan for keys when sshd server has fips enabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3599 Bug ID: 3599 Summary: How to scan for keys when sshd server has fips enabled? Product: Portable OpenSSH Version: 9.3p2 Hardware: All OS: Linux

[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes

https://bugzilla.mindrot.org/show_bug.cgi?id=3566 --- Comment #1 from Shreenidhi Shedi --- Probably the attached patch is incorrect, if you think this is a valid issue; I'll try to come up with a better solution and inputs welcome. -- Shedi -- You are receiving this mail because: You are

[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes

https://bugzilla.mindrot.org/show_bug.cgi?id=3566 Shreenidhi Shedi changed: What|Removed |Added CC||d...@mindrot.org -- You are

[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes

https://bugzilla.mindrot.org/show_bug.cgi?id=3566 Shreenidhi Shedi changed: What|Removed |Added CC||dtuc...@dtucker.net -- You are

[Bug 3595] Configure.ac Check Header Versions

https://bugzilla.mindrot.org/show_bug.cgi?id=3595 --- Comment #3 from soup...@hotmail.com --- It is a gentoo based system. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

[Bug 1975] Support for Match configuration directive to also include subsystems

https://bugzilla.mindrot.org/show_bug.cgi?id=1975 --- Comment #2 from Damien Miller --- Implemented in https://github.com/djmdjm/openssh-wip/pull/23 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

[Bug 3598] Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 --- Comment #5 from Damien Miller --- nerfing sigdie would mean that we lose the following log messages: auth-pam.c: sigdie("PAM: authentication thread exited unexpectedly"); auth-pam.c: sigdie("PAM: authentication thread

[Bug 3598] Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #3 from

[Bug 3598] Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 --- Comment #2 from mzhan017 --- Darren, Yes, you're correct. We could be blocked in the first syslog call, even without the dead lock. But still could face the issue of the number of process/memory usage kept increasing. Is it possible to

[Bug 3598] Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #1 from

[Bug 3598] New: Dead lock of sshd and Defunct of sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3598 Bug ID: 3598 Summary: Dead lock of sshd and Defunct of sshd Product: Portable OpenSSH Version: 9.1p1 Hardware: ix86 OS: Linux Status: NEW Severity: normal

[Bug 3597] Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3597 --- Comment #3 from Damien Miller --- > For lower version, before openssh-8.9p1, only checking the > value of remote_add_provider is stricter, although it may > cause some problems else. That won't work. Older versions have no way of telling

[Bug 3597] Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3597 --- Comment #2 from renmingshuai --- (In reply to Damien Miller from comment #1) > remote_add_provider indicates whether the user has allowed remote > ssh-agent clients to add PKCS#11 providers. > > e->nsession_ids>0 indicates that a session is

[Bug 3597] Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3597 Damien Miller changed: What|Removed |Added Resolution|--- |WORKSFORME Status|NEW

[Bug 3597] New: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3597 Bug ID: 3597 Summary: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is

[Bug 3596] New: Add support of RADIUS for AAA (Authentication, Authorization, Accounting)

https://bugzilla.mindrot.org/show_bug.cgi?id=3596 Bug ID: 3596 Summary: Add support of RADIUS for AAA (Authentication, Authorization, Accounting) Product: Portable OpenSSH Version: -current Hardware: All

[Bug 3595] Configure.ac Check Header Versions

https://bugzilla.mindrot.org/show_bug.cgi?id=3595 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #2 from

[Bug 3595] Configure.ac Check Header Versions

https://bugzilla.mindrot.org/show_bug.cgi?id=3595 --- Comment #1 from soup...@hotmail.com --- The versions in question are Version: openssh-9.3_p2 Openssl: OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.1.1 30 May 2023) -- You are receiving this mail because: You are watching the assignee of the

[Bug 3595] New: Configure.ac Check Header Versions

https://bugzilla.mindrot.org/show_bug.cgi?id=3595 Bug ID: 3595 Summary: Configure.ac Check Header Versions Product: Portable OpenSSH Version: 9.3p1 Hardware: amd64 OS: Linux Status: NEW Severity:

[Bug 3594] PKCS11Provider now requires full paths

https://bugzilla.mindrot.org/show_bug.cgi?id=3594 --- Comment #3 from Marc Deslauriers --- Yes, I cherry picked that commit when fixing Ubuntu. Thanks for your response, I just wanted to make sure this change was intentional. -- You are receiving this mail because: You are watching the

[Bug 3594] PKCS11Provider now requires full paths

https://bugzilla.mindrot.org/show_bug.cgi?id=3594 --- Comment #2 from Damien Miller --- I should add that the change that causes this has not been released yet. It will be part of OpenSSH 9.4 which is due pretty soon. I guess somebody has mistakenly cherry-picked it somewhere? It is not required

[Bug 3594] PKCS11Provider now requires full paths

https://bugzilla.mindrot.org/show_bug.cgi?id=3594 Damien Miller changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW

[Bug 1948] ssh -f doesn't terminate when muxing connections.

https://bugzilla.mindrot.org/show_bug.cgi?id=1948 Damien Miller changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|---

[Bug 3549] Tracking bug for OpenSSH 9.4

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Damien Miller changed: What|Removed |Added Depends on||3589 Referenced Bugs:

[Bug 3549] Tracking bug for OpenSSH 9.4

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Bug 3549 depends on bug 3589, which changed state. Bug 3589 Summary: ControlMaster auto, persist and -f fail. https://bugzilla.mindrot.org/show_bug.cgi?id=3589 What|Removed |Added

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 Damien Miller changed: What|Removed |Added Blocks||3549 Status|ASSIGNED

[Bug 3594] New: PKCS11Provider now requires full paths

https://bugzilla.mindrot.org/show_bug.cgi?id=3594 Bug ID: 3594 Summary: PKCS11Provider now requires full paths Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity:

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 --- Comment #6 from Peter Chubb --- Yay! the latest patch seems to work (more consistently than my half-baked ones anyway) Thanks! -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 Darren Tucker changed: What|Removed |Added Attachment #3709|ok?(dtuc...@dtucker.net)|ok+ Flags|

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 Damien Miller changed: What|Removed |Added CC||dtuc...@dtucker.net Attachment #3709|

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 Damien Miller changed: What|Removed |Added Assignee|unassigned-b...@mindrot.org |d...@mindrot.org Status|NEW

[Bug 1948] ssh -f doesn't terminate when muxing connections.

https://bugzilla.mindrot.org/show_bug.cgi?id=1948 --- Comment #23 from Damien Miller --- I don't think that's right, because fork_after_authentication flag is unconditionally set for ControlPersist sessions and this will cause them always to daemonise regardless of -f being specified. I think I

[Bug 1948] ssh -f doesn't terminate when muxing connections.

https://bugzilla.mindrot.org/show_bug.cgi?id=1948 Damien Miller changed: What|Removed |Added Attachment #3705|application/octet-stream|text/plain mime type|

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 --- Comment #4 from Peter Chubb --- https://bugzilla.mindrot.org/attachment.cgi?id=3705 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 --- Comment #3 from Peter Chubb --- For that you need the new patch I appended to https://bugzilla.mindrot.org/show_bug.cgi?id=1948 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #2 from

[Bug 3589] ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 --- Comment #1 from Peter Chubb --- Created attachment 3708 --> https://bugzilla.mindrot.org/attachment.cgi?id=3708=edit Possible fix. -- You are receiving this mail because: You are watching the assignee of the bug.

[Bug 3593] New: 26/07/2023 4:47Am

https://bugzilla.mindrot.org/show_bug.cgi?id=3593 Bug ID: 3593 Summary: 26/07/2023 4:47Am Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: enhancement

[Bug 3592] New: 26/07/2023 4:47Am

https://bugzilla.mindrot.org/show_bug.cgi?id=3592 Bug ID: 3592 Summary: 26/07/2023 4:47Am Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5

[Bug 3591] Introduction of "users-groups-by...@openssh.com" causes nlink to be lost with long view

https://bugzilla.mindrot.org/show_bug.cgi?id=3591 --- Comment #1 from nec...@apple.com --- Related bugs that contain patches that would add nlink file attributes extensions: https://bugzilla.mindrot.org/show_bug.cgi?id=1555 https://bugzilla.mindrot.org/show_bug.cgi?id=2579 -- You are receiving

[Bug 3590] Why is the service name in the USERAUTH REQUEST message "ssh-connect" instead of "ssh-userauth"?

https://bugzilla.mindrot.org/show_bug.cgi?id=3590 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED CC|

[Bug 3589] New: ControlMaster auto, persist and -f fail.

https://bugzilla.mindrot.org/show_bug.cgi?id=3589 Bug ID: 3589 Summary: ControlMaster auto, persist and -f fail. Product: Portable OpenSSH Version: 9.3p1 Hardware: amd64 OS: Linux Status: NEW Severity:

[Bug 1948] ssh -f doesn't terminate when muxing connections.

https://bugzilla.mindrot.org/show_bug.cgi?id=1948 Peter Chubb changed: What|Removed |Added Version|5.9p1 |9.3p1 -- You are receiving this mail

[Bug 1948] ssh -f doesn't terminate when muxing connections.

https://bugzilla.mindrot.org/show_bug.cgi?id=1948 --- Comment #22 from Peter Chubb --- The fix I propose is not to change the TTY settings if we're daemonising. It makes no sense to change terminal settings if we're detaching from the terminal anyway. -- You are receiving this mail because:

[Bug 1948] ssh -f doesn't terminate when muxing connections.

https://bugzilla.mindrot.org/show_bug.cgi?id=1948 Peter Chubb changed: What|Removed |Added CC||peter.ch...@unsw.edu.au --- Comment #21

[Bug 3048] ssh reads from the wrong directory in user namespace

https://bugzilla.mindrot.org/show_bug.cgi?id=3048 chr...@fsfe.org changed: What|Removed |Added CC||chr...@fsfe.org --- Comment #3 from

[Bug 3253] ssh-keygen man page still lists deprecated key types for -t

https://bugzilla.mindrot.org/show_bug.cgi?id=3253 Seff changed: What|Removed |Added CC||ajdkg...@duck.com --- Comment #4 from Seff --- I

[Bug 3588] Build/Configure with ldns fails if OpenSSL includes are not in a standard path

https://bugzilla.mindrot.org/show_bug.cgi?id=3588 H. Thiele changed: What|Removed |Added CC||thi...@streamline-x.org -- You are

[Bug 3588] New: Build/Configure with ldns fails if OpenSSL includes are not in a standard path

https://bugzilla.mindrot.org/show_bug.cgi?id=3588 Bug ID: 3588 Summary: Build/Configure with ldns fails if OpenSSL includes are not in a standard path Product: Portable OpenSSH Version: 9.3p1 Hardware: amd64

[Bug 3572] ssh-agent refused operation when using FIDO2 with -O verify-required

https://bugzilla.mindrot.org/show_bug.cgi?id=3572 xspielinbox+mind...@protonmail.com changed: What|Removed |Added CC|

[Bug 3587] Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?

https://bugzilla.mindrot.org/show_bug.cgi?id=3587 Damien Miller changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW

[Bug 3587] Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?

https://bugzilla.mindrot.org/show_bug.cgi?id=3587 --- Comment #2 from renmingshuai --- Some scanning software determines whether OpenSSH has certain vulnerabilities based on the specific version number, even if the vulnerabilities have been fixed through patches. Hiding specific version numbers

[Bug 1672] add local DNSSEC validation

https://bugzilla.mindrot.org/show_bug.cgi?id=1672 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #9 from

[Bug 1672] add local DNSSEC validation

https://bugzilla.mindrot.org/show_bug.cgi?id=1672 --- Comment #8 from pva --- What is the status of this patch? It looks like many people don't realize that without a secure local resolver, SSHFP just hides security under the carpet: instead of a clear one-time 'yes' it makes this 'yes'

[Bug 3586] Create mechanism for vendor-specific extensions to be placed in config without breaking other platforms

https://bugzilla.mindrot.org/show_bug.cgi?id=3586 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from

[Bug 3587] Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?

https://bugzilla.mindrot.org/show_bug.cgi?id=3587 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from

[Bug 3587] New: Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?

https://bugzilla.mindrot.org/show_bug.cgi?id=3587 Bug ID: 3587 Summary: Would OpenSSH consider adding a switch to hide the specific OpenSSH version number? Product: Portable OpenSSH Version: -current Hardware: Other

[Bug 3586] New: Create mechanism for vendor-specific extensions to be placed in config without breaking other platforms

https://bugzilla.mindrot.org/show_bug.cgi?id=3586 Bug ID: 3586 Summary: Create mechanism for vendor-specific extensions to be placed in config without breaking other platforms Product: Portable OpenSSH Version: 9.0p1

[Bug 2143] X11 forwarding for ipv4 is broken when ipv6 is disabled on the loopback interface

https://bugzilla.mindrot.org/show_bug.cgi?id=2143 Parke changed: What|Removed |Added CC||parke.ne...@gmail.com -- You are receiving this

[Bug 2143] X11 forwarding for ipv4 is broken when ipv6 is disabled on the loopback interface

https://bugzilla.mindrot.org/show_bug.cgi?id=2143 Parke changed: What|Removed |Added See Also||https://bugzilla.mindrot.or |

[Bug 2636] Fix X11 forwarding, when ::1 is not configured

https://bugzilla.mindrot.org/show_bug.cgi?id=2636 Damien Miller changed: What|Removed |Added Status|RESOLVED|CLOSED Parke changed: What

[Bug 3585] New: "misc.h" required when build the sk middleware ("sk-usbhid.c") as standalone library

https://bugzilla.mindrot.org/show_bug.cgi?id=3585 Bug ID: 3585 Summary: "misc.h" required when build the sk middleware ("sk-usbhid.c") as standalone library Product: Portable OpenSSH Version: 9.3p1 Hardware: All

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 --- Comment #9 from Carlo Cabrera --- Yes, so it looks like `configure.ac` already knows to avoid `-fzero-call-used-regs=all` when compiling with `clang-15`, except that Apple clang uses a misleading version scheme. Wikipedia is usually a pretty

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 Michael Cho changed: What|Removed |Added CC||ch...@tuta.io --- Comment #8 from Michael

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 --- Comment #7 from Carlo Cabrera --- > How do you select specific xcode versions? You can use `xcode-select --switch /path/to/Xcode.app`. For example, to use Xcode 14.3.1 on a GitHub macos-13 runner [1], do ``` sudo xcode-select --switch

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 --- Comment #6 from Darren Tucker --- (In reply to Carlo Cabrera from comment #4) [...] > GitHub provides free access to macOS runners for public > repositories, and these have various versions of Xcode installed. An interesting idea. We

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 --- Comment #5 from Damien Miller --- Darren already answered your question but fwiw I didn't suggest --without-hardening as a workaround, but to determine whether the compiler bug is with -Os alone or when combined with other flags. -- You are

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 --- Comment #4 from Carlo Cabrera --- > IMO you'd be better off with the compiler hardening flags rather > than -Os. Things like -ftrapv could mitigate what would otherwise > be a vulnerability. Ok, sounds good. We (Homebrew) recently had to

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #3 from

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 --- Comment #2 from Carlo Cabrera --- Yes, at Homebrew, we've also come to the conclusion that this is a compiler bug (likely in the backend). I'll try to find the time to report this to Apple. Passing `--without-hardening` to `configure` also

[Bug 3584] Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org --- Comment #1 from

[Bug 3584] New: Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3

https://bugzilla.mindrot.org/show_bug.cgi?id=3584 Bug ID: 3584 Summary: Segfault when built with optimisations on macOS 13 (x86_64) with Xcode 14.3 Product: Portable OpenSSH Version: 9.3p1 Hardware: amd64

[Bug 3583] New: server-sig-algs reports incorrect list of algorithms

https://bugzilla.mindrot.org/show_bug.cgi?id=3583 Bug ID: 3583 Summary: server-sig-algs reports incorrect list of algorithms Product: Portable OpenSSH Version: 8.7p1 Hardware: Other OS: Linux Status: NEW

[Bug 3549] Tracking bug for OpenSSH 9.4

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Bug 3549 depends on bug 3581, which changed state. Bug 3581 Summary: ssh-keyscan fails with `fdlim_get: bad value` with large file descriptor limit due to type confusion https://bugzilla.mindrot.org/show_bug.cgi?id=3581 What

[Bug 3581] ssh-keyscan fails with `fdlim_get: bad value` with large file descriptor limit due to type confusion

https://bugzilla.mindrot.org/show_bug.cgi?id=3581 Damien Miller changed: What|Removed |Added Resolution|--- |FIXED Status|REOPENED

[Bug 3581] ssh-keyscan fails with `fdlim_get: bad value` with large file descriptor limit due to type confusion

https://bugzilla.mindrot.org/show_bug.cgi?id=3581 Darren Tucker changed: What|Removed |Added Attachment #3703|ok?(dtuc...@dtucker.net)|ok+ Flags|

[Bug 3581] ssh-keyscan fails with `fdlim_get: bad value` with large file descriptor limit due to type confusion

https://bugzilla.mindrot.org/show_bug.cgi?id=3581 Damien Miller changed: What|Removed |Added Attachment #3703||ok?(dtuc...@dtucker.net)

[Bug 3582] Improve error message when using Jump Hosts

https://bugzilla.mindrot.org/show_bug.cgi?id=3582 bluebird090...@proton.me changed: What|Removed |Added Summary|Confusing error message |Improve error message when

[Bug 3582] New: Confusing error message when using ProxyJump

https://bugzilla.mindrot.org/show_bug.cgi?id=3582 Bug ID: 3582 Summary: Confusing error message when using ProxyJump Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW

[Bug 3549] Tracking bug for OpenSSH 9.4

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Darren Tucker changed: What|Removed |Added Depends on||3581 Referenced Bugs:

[Bug 3162] Tracking bug for 8.4 release

https://bugzilla.mindrot.org/show_bug.cgi?id=3162 Darren Tucker changed: What|Removed |Added Depends on|3581| Referenced Bugs:

[Bug 3581] ssh-keyscan fails with `fdlim_get: bad value` with large file descriptor limit due to type confusion

https://bugzilla.mindrot.org/show_bug.cgi?id=3581 Darren Tucker changed: What|Removed |Added Blocks|3162|3549 Referenced Bugs:

<    4   5   6   7   8   9   10   11   12   13   >