Bug 20204 - Openssh breaks if openssl-0.9.6 is installed
Summary: Openssh breaks if openssl-0.9.6 is installed
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh   
(Show other bugs)
Version: 7.0
Hardware: i386 Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2000-11-02 13:20 UTC by David D. Johnson
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-12-15 02:55:28 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
sftp patch (12.08 KB, patch)
2000-11-02 13:21 UTC, David D. Johnson
no flags Details | Diff
sftp source patch (the last attachment was the new spec file). (28.10 KB, patch)
2000-11-02 13:23 UTC, David D. Johnson
no flags Details | Diff

Description David D. Johnson 2000-11-02 13:20:09 UTC
The openssh SRPM/RPMs need to have a requirement on openssl < 0.9.6.
The API data structures for some of the EVP_ calls in libcrypto.so.0
were changed drastically, and will not work at all with any applications
built against openssl-0.9.5a (or lower).

I also have a patch that enables the sftp server so openssh may be used
with the commercial sshwin2 sftp client.  Contact me if you are interested.

$ diff openssl.spec.rh openssl.spec
< Requires: openssl >= 0.9.5a
> Requires: openssl >= 0.9.5a, openssl < 0.9.6

Comment 1 David D. Johnson 2000-11-02 13:21:42 UTC
Created attachment 4916 [details]
sftp patch

Comment 2 David D. Johnson 2000-11-02 13:23:40 UTC
Created attachment 4917 [details]
sftp source patch (the last attachment was the new spec file).

Comment 3 Nalin Dahyabhai 2000-11-02 21:55:10 UTC
If binary compatibility is broken, then we need to bump the soname when we add
0.9.6 to the build system, which will properly catch binary-incompatibility
problems (lack of time to verify this either way is why it's not already in Raw
Hide).  If sftp isn't in the default portable distribution of OpenSSH, I'm also
loathe to add it.

Comment 4 Pekka Savola 2000-11-07 06:37:28 UTC
That sftp-server is from the normal distribution.  It's also included in OpenSSH-2.3.0p1 released today.

Comment 5 Nalin Dahyabhai 2000-11-20 19:42:07 UTC
The sftp server will be in the 2.3.0p1 errata.  I'll leave this one open until
we get 0.9.6 into Raw Hide, along with the various rebuilds it requires.

Comment 6 Nalin Dahyabhai 2000-11-28 22:23:14 UTC
Getting 0.9.6 into Raw Hide will require bumping the shared object's SONAME,
which is going to require adding a compatibility package for with the older
version of the shared library to keep third-party apps working, in addition to
numerous rebuilds in the distribution itself.

Comment 7 Damien Miller 2000-12-15 02:55:25 UTC
You will have to do this for every release then - the OpenSSL people are not
promising binary compat until at lease 1.0.0.

Comment 8 Nalin Dahyabhai 2001-01-23 03:39:17 UTC
Exactly.  It's a mess, and we're not going to go there for now.  (As an aside,
this almost certainly explains why mysterious problems show up when J. Random
User runs openssh using openssl packages other than the ones they were built

Note You need to log in before you can comment on or make changes to this bug.