Re: Fw: version question

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Nov 20, 2014 at 4:59 PM, Damien Miller <djm@xxxxxxxxxxx> wrote:
> On Wed, 19 Nov 2014, David Flatley wrote:
>
>>
>>       I am trying to build Openssh 6.7p1 on a Red Hat 5.6 x86_64 system
>> with Red Hat openssl-0.9.8e-31, which is the latest Red Hat openssl
>> version. The Openssh build checks openssl versions and requires 0.9.8f.
>> Is there a work around for this?
>
> Build a more recent OpenSSL (perhaps configured to make static libraries)
> and build OpenSSH against it.
>
> -d

Then you've got *two* packages not directly supported by Red Hat or
included in CentOS or Scientific Linux to support, and little to no
traction with the upstream support community if any other components
interact badly with it.

I see the patch where the version check was added, in
https://github.com/openssh/openssh-portable/commit/d7c81e216a7bd9eed6e239c970d9261bb1651947.
Is the check because of the documented 'HeartBleed' bug? That has been
patched in the RHEL 5 OpenSSL, even though they did not update the
OpenSSL release version? Or are there other features of the latest
OpenSSL that OpenSSH 6.7 is reliant on?

If it was primarily the HearBleed bug, then it should be acceptable
for RHEL 5 compilation to disable that check as long as the developer
is sure the minor release version is recent enough. I'd be happy to
submit such a patch for the contrib/redhat/openssh.spec file, if folks
would  consider it useful.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux