Bug#732940: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060
Package: libssl1.0.0
Version: 1.0.1e-5
Followup-For: Bug #732940
Kurt Roeckx wrote:
> On Sun, Dec 22, 2013 at 02:45:32PM -0800, Josh Triplett wrote:
>>
>> It's not OK to break forward compatibility without changing SONAME.
>> Software built against an older version of a library must always work
>> with a newer version that has the same SONAME; that's what the SONAME
>> exists for. It'd be perfectly OK for software built against a newer
>> OpenSSL to refuse to work with an older version (ideally by requiring a
>> symbol the older library doesn't have), but the reverse is a bug,
>> regardless of the mechanism.
>
> Openssl does not do this version check, nor does it suggest to do
> any such check. I think I've already filed this bug against
> openssh twice and it seems to be comming back.
>
> I don't see how openssl is breaking either forward or backward
> compatibility. It just changed the version it returned. Openssl
> can't be responible for whatever people do with that version.
I stand corrected; my apologies. I've seen so many libraries that put
in version checks like this that I assumed the version check lived in
OpenSSL, not OpenSSH. You're right, this is *not* an OpenSSL bug, it's
an OpenSSH bug. I'll reassign accordingly.
- Josh Triplett
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl1.0.0 depends on:
ii debconf [debconf-2.0] 1.5.52
ii libc6 2.17-97
ii multiarch-support 2.17-97
libssl1.0.0 recommends no packages.
libssl1.0.0 suggests no packages.
-- debconf information excluded
Reply to: