Please login or register. August 20, 2017, 09:45:33 AM

Author Topic: Openssh 7.4  (Read 669 times)

0 Members and 1 Guest are viewing this topic.

dbabault

  • New Member
  • *
  • Posts: 4
  • Karma: +0/-0
Openssh 7.4
« on: January 31, 2017, 04:50:03 PM »
aixtools.openbsd.openssh.7.4.0.1601.I use  /usr/lib/libz.a and need version 1.2.10

aixTOOLS zlib home page says :

Due to the bug fixes, any installations of 1.2.9 or 1.2.10 should be immediately replaced with 1.2.11 ...

For no chance, zlib 1.2.8 is installed under /opt/freeware and I don't know if /opt/freeware binaries support zlib 1.2.10


Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1041
  • Karma: +0/-0
Re: Openssh 7.4
« Reply #1 on: February 02, 2017, 06:56:45 AM »
Yes it does.
And I guess I need to look at /opt/freeware/lib again - last time I looked that was still at zlib-1.2.4.

To answer your question (zlib is now at 1.2.11) there was an exchange about zlib on the png-mng maillist.

The original question:
Quote
Hi,
Recently I saw many security vulnerability fixes being done in zlib and are included in zlib version 1.2.11. When will zlib 1.2.11 be integrated with libpng?

Thanks and regards,
Anand

The reply:
Quote
zlib is a separate package.  I tested 1.2.10 against I think every currently supported libpng version and my main development system (which is Gentoo) is currently running 1.2.11, which means that any tests I do are against 1.2.11.  I haven't run a complete set yet, but I don't anticipate any problems with 1.2.11.

Upgrading to 1.2.11 is possible without recompilation of libpng or anything which uses it; this has been happening on my own system with every release.   zlib releases are API and ABI backward compatible; you can upgrade, however you can't downgrade (zlib doesn't offer forward compatibility in general).

I have never tried any of the machine specific enhancements; I only run unmodified zlib.   Building libpng with "make check" is probably a reasonable way of validating the basic functionality of a modified zlib, but any zlib client only uses a small fraction of the compression options and only presents a small fraction of the possible compressed streams to "inflate".


Thus - as zlib supports upgrades you should not have any issues.

Also, aixtools.zlib installation does not remove the file in /opt/freeware/lib. Instead it renames to link in /usr/lib (so it can be restored should you choose to remove aixtools.zlib) - and sets a new symbolic link to point at /opt/lib/libz.a

As the aixtools version has an archive member with the same name as the archive member in /opt/freeware/lib/libz.a new and old programs work as expected.


michael@x071.home.local:[/home/michael]ar -Xany -tv /opt/freeware/lib/libz.a
rwxr-xr-x   203/1     120624 Jan 03 16:59 2008 libz.so.1
rwxr-xr-x   203/1     135054 Jan 03 16:59 2008 libz.so.1
rwxr-xr-x   203/1       6015 Jan 03 16:59 2008 shr.o
michael@x071.home.local:[/home/michael]ar -Xany -tv /opt/lib/libz.a
rwxr-xr-x     0/0     174334 Jan 31 12:53 2017 libz.so.1.2.11
rwxr-xr-x     0/0     174334 Jan 31 12:53 2017 libz.so.1
rw-r--r--     0/0       5565 Jan 31 12:53 2017 adler32.o
rw-r--r--     0/0      13383 Jan 31 12:53 2017 crc32.o
rw-r--r--     0/0      35062 Jan 31 12:53 2017 deflate.o
rw-r--r--     0/0      10562 Jan 31 12:53 2017 infback.o
rw-r--r--     0/0       3716 Jan 31 12:53 2017 inffast.o
rw-r--r--     0/0      25237 Jan 31 12:53 2017 inflate.o
rw-r--r--     0/0       4274 Jan 31 12:53 2017 inftrees.o
rw-r--r--     0/0      17741 Jan 31 12:53 2017 trees.o
rw-r--r--     0/0       2517 Jan 31 12:53 2017 zutil.o
rw-r--r--     0/0       1937 Jan 31 12:53 2017 compress.o
rw-r--r--     0/0       2082 Jan 31 12:53 2017 uncompr.o
rw-r--r--     0/0       1073 Jan 31 12:53 2017 gzclose.o
rw-r--r--     0/0       9137 Jan 31 12:53 2017 gzlib.o
rw-r--r--     0/0      12156 Jan 31 12:53 2017 gzread.o
rw-r--r--     0/0      10973 Jan 31 12:53 2017 gzwrite.o
rwxr-xr-x     2/2     164632 Jan 31 12:55 2017 libz.so.1.2.11
rwxr-xr-x     0/0     164632 Jan 31 12:55 2017 libz.so.1
rw-r--r--     0/0       5249 Jan 31 12:55 2017 adler32.o
rw-r--r--     0/0      13880 Jan 31 12:55 2017 crc32.o
rw-r--r--     0/0      32490 Jan 31 12:55 2017 deflate.o
rw-r--r--     0/0      10335 Jan 31 12:55 2017 infback.o
rw-r--r--     0/0       3803 Jan 31 12:55 2017 inffast.o
rw-r--r--     0/0      26222 Jan 31 12:55 2017 inflate.o
rw-r--r--     0/0       4141 Jan 31 12:55 2017 inftrees.o
rw-r--r--     0/0      16789 Jan 31 12:55 2017 trees.o
rw-r--r--     0/0       2320 Jan 31 12:55 2017 zutil.o
rw-r--r--     0/0       1908 Jan 31 12:55 2017 compress.o
rw-r--r--     0/0       2082 Jan 31 12:55 2017 uncompr.o
rw-r--r--     0/0       1149 Jan 31 12:55 2017 gzclose.o
rw-r--r--     0/0       8459 Jan 31 12:55 2017 gzlib.o
rw-r--r--     0/0      11463 Jan 31 12:55 2017 gzread.o
rw-r--r--     0/0      10385 Jan 31 12:55 2017 gzwrite.o


Note re: above.

rpm.rte is not (always) included in the normal SP updates - so mine is old. I know there is a newer version of rpm.rte, but I do not know if it also is supported on AIX 6.1. My packaging, unless otherwise noted: installs on AIX 5.3 TL7 and later.


michael@x071.home.local:[/home/michael]lslpp -w | grep libz.a
  /opt/lib/libz.a                             aixtools.zlib.rte     File
  /usr/opt/freeware/lib/libz.a                rpm.rte               File
michael@x071.home.local:[/home/michael]lslpp -L rpm.rte
  Fileset                      Level  State  Type  Description (Uninstaller)
  ----------------------------------------------------------------------------
  rpm.rte                   3.0.5.52    C     F    RPM Package Manager


State codes:
 A -- Applied.
 B -- Broken.
 C -- Committed.
 E -- EFIX Locked.
 O -- Obsolete.  (partially migrated to newer version)
 ? -- Inconsistent State...Run lppchk -v.

Type codes:
 F -- Installp Fileset
 P -- Product
 C -- Component
 T -- Feature
 R -- RPM Package
 E -- Interim Fix

« Last Edit: February 02, 2017, 07:25:06 AM by Michael »

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1041
  • Karma: +0/-0
Re: Openssh 7.4
« Reply #2 on: February 02, 2017, 06:25:38 PM »
I have noticed - undesired dependancies on zlib-1.2.8 (or better libz.so.1.2.8 as a member) - and I expect the openssh will suffer from that as well (expecting strictly libz.so.1.2.10) - so I shall be repackaging openssh (to depend on libz.so.1). And, I'll do this without aixtools.zlib installed - and in so-doing, remove the dependancy on aixtools.zlib.

HOWEVER - I will still recommend that you update zlib (either from IBM or aixtools) asap.

The repackaging of aixtools.zlib is so that it contains the older .so members for packages that are still dependent on those.