Bug 20204
Summary: | Openssh breaks if openssl-0.9.6 is installed | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | David D. Johnson <ddj> | ||||||
Component: | openssh | Assignee: | Nalin Dahyabhai <nalin> | ||||||
Status: | CLOSED DEFERRED | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 7.0 | CC: | dr, t8m | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i386 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2000-12-15 02:55:28 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Created attachment 4916 [details]
sftp patch
Created attachment 4917 [details]
sftp source patch (the last attachment was the new spec file).
If binary compatibility is broken, then we need to bump the soname when we add 0.9.6 to the build system, which will properly catch binary-incompatibility problems (lack of time to verify this either way is why it's not already in Raw Hide). If sftp isn't in the default portable distribution of OpenSSH, I'm also loathe to add it. That sftp-server is from the normal distribution. It's also included in OpenSSH-2.3.0p1 released today. The sftp server will be in the 2.3.0p1 errata. I'll leave this one open until we get 0.9.6 into Raw Hide, along with the various rebuilds it requires. Getting 0.9.6 into Raw Hide will require bumping the shared object's SONAME, which is going to require adding a compatibility package for with the older version of the shared library to keep third-party apps working, in addition to numerous rebuilds in the distribution itself. You will have to do this for every release then - the OpenSSL people are not promising binary compat until at lease 1.0.0. Exactly. It's a mess, and we're not going to go there for now. (As an aside, this almost certainly explains why mysterious problems show up when J. Random User runs openssh using openssl packages other than the ones they were built against.) |
The openssh SRPM/RPMs need to have a requirement on openssl < 0.9.6. The API data structures for some of the EVP_ calls in libcrypto.so.0 were changed drastically, and will not work at all with any applications built against openssl-0.9.5a (or lower). I also have a patch that enables the sftp server so openssh may be used with the commercial sshwin2 sftp client. Contact me if you are interested. $ diff openssl.spec.rh openssl.spec 20c20 < Requires: openssl >= 0.9.5a --- > Requires: openssl >= 0.9.5a, openssl < 0.9.6