[MacPorts] #59016: [openssh/openssl] : Apple keychain patch update should have blocked openssl upgrade

MacPorts noreply at macports.org
Sat Oct 26 07:56:54 UTC 2019


#59016: [openssh/openssl] : Apple keychain patch update should have blocked openssl
upgrade
----------------------+----------------------
  Reporter:  RJVB     |      Owner:  Ionic
      Type:  defect   |     Status:  closed
  Priority:  Normal   |  Milestone:
 Component:  ports    |    Version:
Resolution:  fixed    |   Keywords:  security
      Port:  openssh  |
----------------------+----------------------

Comment (by RJVB):

 Replying to [comment:19 Ionic]:
 > I worry more about 10.7, 10.6 and such. For 10.9, everything should work
 out of the box (with the few changes I had to make due to undefined
 dictionary values).

 I suppose you mean dictionary keys? Those (and other constants that are in
 fact NSStrings) can usually just be defined in an appropriate place, as
 long as the code using them can handle not getting the expected result
 from using them.

 > I admit to not really having tested this, though. I still use the Apple-
 provided ssh-agent on my machine and using that, the client throws a
 warning message (invalid/unknown signature(?)), but otherwise seems to
 work. The ssh-agent typically isn't a huge security problem so changing it
 doesn't benefit a lot, other than supporting newer features/key types.

 And I admit that I don't really know which ssh-agent I'm using. The
 keychain feature is (or used to be) implemented solely in the control
 application, `ssh-add`. What I reckon happens is that ssh-add fetches the
 certificates it stored in the keychain and then feeds them to ssh-agent as
 if you were reading them from file.

-- 
Ticket URL: <https://trac.macports.org/ticket/59016#comment:20>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list