Bug 20204 - Openssh breaks if openssl-0.9.6 is installed
Openssh breaks if openssl-0.9.6 is installed
Status: CLOSED DEFERRED
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-02 08:20 EST by David D. Johnson
Modified: 2008-05-01 11:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-14 21:55:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sftp patch (12.08 KB, patch)
2000-11-02 08:21 EST, David D. Johnson
no flags Details | Diff
sftp source patch (the last attachment was the new spec file). (28.10 KB, patch)
2000-11-02 08:23 EST, David D. Johnson
no flags Details | Diff

  None (edit)
Description David D. Johnson 2000-11-02 08:20:09 EST
The openssh SRPM/RPMs need to have a requirement on openssl < 0.9.6.
The API data structures for some of the EVP_ calls in libcrypto.so.0
were changed drastically, and will not work at all with any applications
built against openssl-0.9.5a (or lower).

I also have a patch that enables the sftp server so openssh may be used
with the commercial sshwin2 sftp client.  Contact me if you are interested.

$ diff openssl.spec.rh openssl.spec
20c20
< Requires: openssl >= 0.9.5a
---
> Requires: openssl >= 0.9.5a, openssl < 0.9.6
Comment 1 David D. Johnson 2000-11-02 08:21:42 EST
Created attachment 4916 [details]
sftp patch
Comment 2 David D. Johnson 2000-11-02 08:23:40 EST
Created attachment 4917 [details]
sftp source patch (the last attachment was the new spec file).
Comment 3 Nalin Dahyabhai 2000-11-02 16:55:10 EST
If binary compatibility is broken, then we need to bump the soname when we add
0.9.6 to the build system, which will properly catch binary-incompatibility
problems (lack of time to verify this either way is why it's not already in Raw
Hide).  If sftp isn't in the default portable distribution of OpenSSH, I'm also
loathe to add it.
Comment 4 Pekka Savola 2000-11-07 01:37:28 EST
That sftp-server is from the normal distribution.  It's also included in OpenSSH-2.3.0p1 released today.
Comment 5 Nalin Dahyabhai 2000-11-20 14:42:07 EST
The sftp server will be in the 2.3.0p1 errata.  I'll leave this one open until
we get 0.9.6 into Raw Hide, along with the various rebuilds it requires.
Comment 6 Nalin Dahyabhai 2000-11-28 17:23:14 EST
Getting 0.9.6 into Raw Hide will require bumping the shared object's SONAME,
which is going to require adding a compatibility package for with the older
version of the shared library to keep third-party apps working, in addition to
numerous rebuilds in the distribution itself.
Comment 7 Damien Miller 2000-12-14 21:55:25 EST
You will have to do this for every release then - the OpenSSL people are not
promising binary compat until at lease 1.0.0.
Comment 8 Nalin Dahyabhai 2001-01-22 22:39:17 EST
Exactly.  It's a mess, and we're not going to go there for now.  (As an aside,
this almost certainly explains why mysterious problems show up when J. Random
User runs openssh using openssl packages other than the ones they were built
against.)

Note You need to log in before you can comment on or make changes to this bug.