| Summary: | OpenSSH uses deprecated APIs on MacOS | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Ron Frederick <ronf> | ||||
| Component: | Miscellaneous | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED WONTFIX | ||||||
| Severity: | normal | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | -current | ||||||
| Hardware: | All | ||||||
| OS: | Mac OS X | ||||||
| Attachments: |
|
||||||
Yes, Apple have deprecated their system copy of the OpenSSL libcrypto API. If you want to avoid these errors then you should build against a copy of OpenSSL that you've installed yourself (AFAIK macports, etc do this) We don't have any plans to port OpenSSH to whatever Apple is replacing OpenSSL with. Pointing at a version of OpenSSL in /opt/local (from MacPorts) did help. However, it didn't completely eliminate the warnings. The following warnings not related to SSL remained:
In ssh.c:
ssh.c:1409:2: warning: 'daemon' is deprecated: first deprecated in OS X 10.5 -
Use posix_spawn APIs instead. [-Wdeprecated-declarations]
daemon(1, 1);
^
/usr/include/stdlib.h:267:6: note: 'daemon' has been explicitly marked
deprecated here
int daemon(int, int) __DARWIN_1050(daemon) __OSX_AVAILABLE_BUT_DEPR...
^
ssh.c:1421:6: warning: 'daemon' is deprecated: first deprecated in OS X 10.5 -
Use posix_spawn APIs instead. [-Wdeprecated-declarations]
if (daemon(1, 1) < 0)
^
/usr/include/stdlib.h:267:6: note: 'daemon' has been explicitly marked
deprecated here
int daemon(int, int) __DARWIN_1050(daemon) __OSX_AVAILABLE_BUT_DEPR...
^
In sshd.c:
sshd.c:1972:7: warning: 'daemon' is deprecated: first deprecated in OS X 10.5 -
Use posix_spawn APIs instead. [-Wdeprecated-declarations]
if (daemon(0, 0) < 0)
^
/usr/include/stdlib.h:267:6: note: 'daemon' has been explicitly marked
deprecated here
int daemon(int, int) __DARWIN_1050(daemon) __OSX_AVAILABLE_BUT_DEPR...
^
In loginrec.c:
loginrec.c:188:49: warning: 'utmp' is deprecated [-Wdeprecated-declarations]
void set_utmp_time(struct logininfo *li, struct utmp *ut);
^
/usr/include/util.h:88:8: note: 'utmp' has been explicitly marked deprecated
here
struct utmp; /* forward reference to /usr/include/utmp.h */
^
loginrec.c:189:50: warning: 'utmp' is deprecated [-Wdeprecated-declarations]
void construct_utmp(struct logininfo *li, struct utmp *ut);
^
/usr/include/util.h:88:8: note: 'utmp' has been explicitly marked deprecated
here
struct utmp; /* forward reference to /usr/include/utmp.h */
^
loginrec.c:632:44: warning: 'utmp' is deprecated [-Wdeprecated-declarations]
set_utmp_time(struct logininfo *li, struct utmp *ut)
^
/usr/include/util.h:88:8: note: 'utmp' has been explicitly marked deprecated
here
struct utmp; /* forward reference to /usr/include/utmp.h */
^
loginrec.c:644:14: warning: 'utmp' is deprecated [-Wdeprecated-declarations]
struct utmp *ut)
^
/usr/include/util.h:88:8: note: 'utmp' has been explicitly marked deprecated
here
struct utmp; /* forward reference to /usr/include/utmp.h */
^
loginrec.c:1416:9: warning: 'utmp' is deprecated [-Wdeprecated-declarations]
struct utmp *ut;
^
/usr/include/util.h:88:8: note: 'utmp' has been explicitly marked deprecated
here
struct utmp; /* forward reference to /usr/include/utmp.h */
^
loginrec.c:1420:2: warning: 'login' is deprecated: first deprecated in OS X 10.5
[-Wdeprecated-declarations]
login(ut);
^
/usr/include/util.h:89:6: note: 'login' has been explicitly marked deprecated
here
void login(struct utmp *) __OSX_AVAILABLE_BUT_DEPRECATED(_...
^
loginrec.c:1434:7: warning: 'logout' is deprecated: first deprecated in OS X
10.5 [-Wdeprecated-declarations]
if (!logout(line))
^
/usr/include/util.h:91:5: note: 'logout' has been explicitly marked deprecated
here
int logout(const char *) __OSX_AVAILABLE_BUT_DEPRECATED(_...
^
loginrec.c:1438:3: warning: 'logwtmp' is deprecated: first deprecated in OS X
10.5 [-Wdeprecated-declarations]
logwtmp(line, "", "");
^
/usr/include/util.h:92:6: note: 'logwtmp' has been explicitly marked deprecated
here
void logwtmp(const char *, const char *, const char *) __OSX_AVAILABL...
^
In sandbox-darwin.c:
sandbox-darwin.c:43:25: warning: declaration of 'struct monitor' will not be
visible outside of this function [-Wvisibility]
ssh_sandbox_init(struct monitor *monitor)
^
sandbox-darwin.c:65:6: warning: 'sandbox_init' is deprecated: first deprecated
in OS X 10.8 [-Wdeprecated-declarations]
if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
^
/usr/include/sandbox.h:65:5: note: 'sandbox_init' has been explicitly marked
deprecated here
int sandbox_init(const char *profile, uint64_t flags, char **errorbuf);
^
sandbox-darwin.c:65:19: warning: 'kSBXProfilePureComputation' is deprecated:
first deprecated in OS X 10.8 [-Wdeprecated-declarations]
if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
^
/usr/include/sandbox.h:97:19: note: 'kSBXProfilePureComputation' has been
explicitly marked deprecated here
extern const char kSBXProfilePureComputation[];
^
These warnings were found in compiling 6.9p1, which I used since that's what this bug was originally filed against.
Also, for what it's worth, OS X 10.11 (El Capitan) is now shipping from Apple with OpenSSH 6.9p1 compiled against LibreSSL 2.1.7.
Close all resolved bugs after 7.3p1 release |
Created attachment 2642 [details] Log of running "make tests" When compiling and running unit tests on the latest OpenSSH 6.9p1 snapshot from 05/31, I saw a number of compiler warnings output related to the use of deprecated APIs. Most of the deprecations go back to OS X version 10.7 -- I'm currently compiling it on 10.10.3. There were several hundred of these, referencing various bignum and crypto APIs. In addition to the deprecation warnings, I also got multiple instances of the following warning: clang: warning: argument unused during compilation: '-pie' and one instance of: cipher-3des1.c:152:22: warning: incompatible pointer types assigning to 'int (*)(EVP_CIPHER_CTX *, unsigned char *, const unsigned char *, unsigned int)' from 'int (EVP_CIPHER_CTX *, u_char *, const u_char *, size_t)' [-Wincompatible-pointer-types] ssh1_3des.do_cipher = ssh1_3des_cbc; ^ ~~~~~~~~~~~~~ I've attached the complete output from the compile and running the tests. Despite all these warnings, the tests all passed in the end.