Bug 20204

Summary: Openssh breaks if openssl-0.9.6 is installed
Product: [Retired] Red Hat Linux Reporter: David D. Johnson <ddj>
Component: opensshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED DEFERRED QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dr, t8m
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-12-15 02:55:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
sftp patch
none
sftp source patch (the last attachment was the new spec file). none

Description David D. Johnson 2000-11-02 13:20:09 UTC 
The openssh SRPM/RPMs need to have a requirement on openssl < 0.9.6.
The API data structures for some of the EVP_ calls in libcrypto.so.0
were changed drastically, and will not work at all with any applications
built against openssl-0.9.5a (or lower).

I also have a patch that enables the sftp server so openssh may be used
with the commercial sshwin2 sftp client.  Contact me if you are interested.

$ diff openssl.spec.rh openssl.spec
20c20
< Requires: openssl >= 0.9.5a
---
> Requires: openssl >= 0.9.5a, openssl < 0.9.6
Comment 1 David D. Johnson 2000-11-02 13:21:42 UTC 
Created attachment 4916 [details]
sftp patch
Comment 2 David D. Johnson 2000-11-02 13:23:40 UTC 
Created attachment 4917 [details]
sftp source patch (the last attachment was the new spec file).
Comment 3 Nalin Dahyabhai 2000-11-02 21:55:10 UTC 
If binary compatibility is broken, then we need to bump the soname when we add
0.9.6 to the build system, which will properly catch binary-incompatibility
problems (lack of time to verify this either way is why it's not already in Raw
Hide).  If sftp isn't in the default portable distribution of OpenSSH, I'm also
loathe to add it.
Comment 4 Pekka Savola 2000-11-07 06:37:28 UTC 
That sftp-server is from the normal distribution.  It's also included in OpenSSH-2.3.0p1 released today.
Comment 5 Nalin Dahyabhai 2000-11-20 19:42:07 UTC 
The sftp server will be in the 2.3.0p1 errata.  I'll leave this one open until
we get 0.9.6 into Raw Hide, along with the various rebuilds it requires.
Comment 6 Nalin Dahyabhai 2000-11-28 22:23:14 UTC 
Getting 0.9.6 into Raw Hide will require bumping the shared object's SONAME,
which is going to require adding a compatibility package for with the older
version of the shared library to keep third-party apps working, in addition to
numerous rebuilds in the distribution itself.
Comment 7 Damien Miller 2000-12-15 02:55:25 UTC 
You will have to do this for every release then - the OpenSSL people are not
promising binary compat until at lease 1.0.0.
Comment 8 Nalin Dahyabhai 2001-01-23 03:39:17 UTC 
Exactly.  It's a mess, and we're not going to go there for now.  (As an aside,
this almost certainly explains why mysterious problems show up when J. Random
User runs openssh using openssl packages other than the ones they were built
against.)