On 09/24/2017 07:12 PM, Phil Pennock wrote: > On 2017-09-24 at 17:37 -0700, Kevin Brott wrote: >> On 09/20/2017 05:47 PM, Damien Miller wrote: >>> Hi, >>> >>> OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing >>> on as many platforms and systems as possible. This is a bugfix release. >> openssh-SNAP-20170925.tar.gz && git clone as of 2017/09/24 @ 17:20 PDT >> >> OpSys Compiler OpenSSL Build Test >> Debian 8.9 gcc 4.9.2 1.0.1t YES all tests passed >> Debian 9.1 gcc 6.3.0 1.1.0f NO *1 >> >> Looks like the default openssl version on Debian 9 is 1.1.0f, which according to the INSTALL doc is a deal-breaker (LibreSSL or OpenSSL >= 0.9.8f < 1.1.0). > Debian 9.1 is one of the ones I tested on and it worked, so I looked > into this: it looks like Debian 9.1 has libssl installed for both 1.0.2l > and 1.1.0f, but then the openssl package for the latter, providing only > the command-line interface. > > https://people.spodhuis.org/phil.pennock/openssh-testing/SNAP-20170925/bento-debian9.1.txt > > A plain install of Debian includes neither set of dev headers, the > "apt-get build-dep openssh" step installed "libssl1.0-dev". The plain > install I got included both binary-library packages by default. > I must not have properly cleaned up the dev environment from the tweaking run I did on clamav for our systems. You're quite right. After I installed the openssl1.0-dev package and it cleared out the conflicting 1.1 stuff, the openssh 7.6 sources then built and tested without a hitch. Nothing on the system broke, except the dev environment for clamav, which I was done with anyway. Interesting that there seems to be a mix of ssl dependencies on 9.1 (I got a bit dizzy trying to follow them all). Any idea if openssh is going to roadmap into openssl 1.1 any time soon? -- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott@xxxxxxxxx> */ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev