Fw: version question
Nico Kadel-Garcia
nkadel at gmail.com
Fri Nov 21 12:54:25 EST 2014
On Thu, Nov 20, 2014 at 4:59 PM, Damien Miller <djm at mindrot.org> wrote:
> On Wed, 19 Nov 2014, David Flatley wrote:
>
>>
>> I am trying to build Openssh 6.7p1 on a Red Hat 5.6 x86_64 system
>> with Red Hat openssl-0.9.8e-31, which is the latest Red Hat openssl
>> version. The Openssh build checks openssl versions and requires 0.9.8f.
>> Is there a work around for this?
>
> Build a more recent OpenSSL (perhaps configured to make static libraries)
> and build OpenSSH against it.
>
> -d
Then you've got *two* packages not directly supported by Red Hat or
included in CentOS or Scientific Linux to support, and little to no
traction with the upstream support community if any other components
interact badly with it.
I see the patch where the version check was added, in
https://github.com/openssh/openssh-portable/commit/d7c81e216a7bd9eed6e239c970d9261bb1651947.
Is the check because of the documented 'HeartBleed' bug? That has been
patched in the RHEL 5 OpenSSL, even though they did not update the
OpenSSL release version? Or are there other features of the latest
OpenSSL that OpenSSH 6.7 is reliant on?
If it was primarily the HearBleed bug, then it should be acceptable
for RHEL 5 compilation to disable that check as long as the developer
is sure the minor release version is recent enough. I'd be happy to
submit such a patch for the contrib/redhat/openssh.spec file, if folks
would consider it useful.
More information about the openssh-unix-dev
mailing list