[MacPorts] #67539: openssh @9.3p1_1 Nearly all client programs crash with Segmentation Fault.

Wed May 31 19:25:36 UTC 2023

#67539: openssh @9.3p1_1 Nearly all client programs crash with Segmentation Fault.
------------------------+----------------------
  Reporter:  snowflake  |      Owner:  artkiver
      Type:  defect     |     Status:  assigned
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:  2.8.99
Resolution:             |   Keywords:
      Port:  openssh    |
------------------------+----------------------

Comment (by artkiver):

 Thanks for reporting this!

 As elventear speculated, I think this is related to the PR
 https://github.com/macports/macports-ports/pull/18879 which neverpanic
 merged with a revision increment to cause OpenSSH to rebuild relative to
 OpenSSL yesterday.

 I attempted to reassign it for the time though I thought Trac had a way to
 CC people on issues, I am not seeing that option presently. Unfortunately,
 it seems as if I do not have sufficient permissions to reassign the ticket
 either.

 Locally:

 {{{
 % ssh -V
 OpenSSH_9.3p1, LibreSSL 3.8.0
 }}}

 {{{
 % ssh-agent -dD
 usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
                  [-O option] [-P allowed_providers] [-t life]
        ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]
                  [-P allowed_providers] [-t life] command [arg ...]
        ssh-agent [-c | -s] -k
 }}}

 {{{
  % ssh-keygen
 Generating public/private rsa key pair.
 ^C
 }}}

 So, speculatively, if building against libressl or libressl-devel I am
 guessing OpenSSH is still OK and this is more related to the TLS library
 choice?

 However, the compiler workaround is also fascinating, at least locally I
 am typically using llvm-devel or llvm-16 on my laptops so I am thinking
 that may be another potential alternative to test if gcc isn't desired?

 I had been testing some things related to a different issue (specifically
 for the kerberos5 variant which is presently broken with LibreSSL
 mentioned in this: https://trac.macports.org/ticket/67442#comment:11) and
 had planned to add a "conflicts libressl" to that variant after getting a
 response from the individual who had filed it, though I have had half a
 mind to augment the Portfile similar to the modifications made to rpki-
 client to attempt to auto-detect which TLS library may already be
 installed and default to LibreSSL if none had previously been used (which
 is more in alignment with what macOS ships as well as the upstream non
 -portable branch of OpenSSH); but just because my present setups can't
 replicate these errors, doesn't mean there may not be some other ways to
 address it!

 Unfortunately, I probably won't have much opportunity to look at this
 again until tomorrow, but I wanted to at least reply with some preliminary
 perspective and hopefully Clemens may be able to provide some additional
 insights!

-- 
Ticket URL: <https://trac.macports.org/ticket/67539#comment:11>
MacPorts <https://www.macports.org/>
Ports system for macOS