[MacPorts] #67442: openssh @9.3p1_0+kerberos5+xauth not compatible with openssl @3_10--segmentation fault

MacPorts noreply at macports.org
Sat May 27 02:12:48 UTC 2023 

#67442: openssh @9.3p1_0+kerberos5+xauth not compatible with openssl @3_10--
segmentation fault
-------------------------+----------------------
  Reporter:  EJFielding  |      Owner:  artkiver
      Type:  defect      |     Status:  assigned
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:  2.8.1
Resolution:              |   Keywords:
      Port:  openssh     |
-------------------------+----------------------

Comment (by artkiver):

 I've done some additional testing as follows:

 {{{
 ssh -V
 OpenSSH_9.3p1, OpenSSL 3.1.0 14 Mar 2023
 }}}

 {{{
 port installed openssh
 The following ports are currently installed:
   openssh @9.3p1_0+kerberos5 (active)
 }}}

 So, no segfault there either. As suspected, kerberos5 seems OK as long as
 OpenSSL(3) is the active TLS library.

 Similarly, reinstalling OpenSSH with +xauth also does not segfault for me:

 {{{
 ssh -V
 OpenSSH_9.3p1, OpenSSL 3.1.0 14 Mar 2023
 }}}

 {{{
 port installed openssh
 The following ports are currently installed:
   openssh @9.3p1_0+kerberos5+xauth (active)
 }}}

 My thought is that perhaps until https://github.com/macports/macports-
 ports/pull/16927 is closed/fixed that I should add a "conflicts libressl"
 parameter to the kerberos5 variant as that will, for the time being, not
 function unless using OpenSSL(3).

 I'll prep a diff for that, but I'll wait to submit the PR until you have a
 chance to respond to see if that may be an acceptable alternative for the
 time being; if you can test on your Intel Mac and report back that would
 be ideal since I do not think this is related to CPU architecture so much
 as an issue between the active TLS library and kerberos5, which is already
 a known defect though the present patch/PR to restore kerberos5
 compatibility with LibreSSL has not been functional in my testing, and
 presumably others' which is why it remains unmerged.

 Thank you again for your patience! I hope this provides some additional
 insights from another vantage?

-- 
Ticket URL: <https://trac.macports.org/ticket/67442#comment:11>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list