On Thu, Nov 20, 2014 at 4:59 PM, Damien Miller <djm@xxxxxxxxxxx> wrote: > On Wed, 19 Nov 2014, David Flatley wrote: > >> >> I am trying to build Openssh 6.7p1 on a Red Hat 5.6 x86_64 system >> with Red Hat openssl-0.9.8e-31, which is the latest Red Hat openssl >> version. The Openssh build checks openssl versions and requires 0.9.8f. >> Is there a work around for this? > > Build a more recent OpenSSL (perhaps configured to make static libraries) > and build OpenSSH against it. > > -d Then you've got *two* packages not directly supported by Red Hat or included in CentOS or Scientific Linux to support, and little to no traction with the upstream support community if any other components interact badly with it. I see the patch where the version check was added, in https://github.com/openssh/openssh-portable/commit/d7c81e216a7bd9eed6e239c970d9261bb1651947. Is the check because of the documented 'HeartBleed' bug? That has been patched in the RHEL 5 OpenSSL, even though they did not update the OpenSSL release version? Or are there other features of the latest OpenSSL that OpenSSH 6.7 is reliant on? If it was primarily the HearBleed bug, then it should be acceptable for RHEL 5 compilation to disable that check as long as the developer is sure the minor release version is recent enough. I'd be happy to submit such a patch for the contrib/redhat/openssh.spec file, if folks would consider it useful. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
