[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#749472: openssh-server: openssl restart failure when upgrading from wheezy: OpenSSL version mismatch. Built against 1000105f, you have 10001080

Control: notfound -1 openssh/1:6.6p1-5
Control: found -1 openssh/1:6.0p1-4

On Tue, May 27, 2014 at 04:14:26PM +0800, Paul Wise wrote:
> Package: openssh-server
> Version: 1:6.6p1-5
> Severity: important
> 
> When I upgrade from wheezy to jessie on a machine with openssh-server
> installed, the openssl package tries to restart openssh but fails:
[...]
> OpenSSL version mismatch. Built against 1000105f, you have 10001080

So, 1:6.6p1-5 is actually fine here; it has this check removed on the
grounds that it does more harm than good given OpenSSL's modern SONAME
management practices (see #664383 and #732940; unfortunately I
incorrectly dropped that patch shortly before wheezy).  The problem here
is that libssl1.0.0 is upgraded before openssh-server, and the version
in wheezy doesn't have that check patched out, so the attempted restart
fails.

Kurt, perhaps it would be worth considering "Breaks: openssh-server (<<
1:6.4p1-2)" in libssl1.0.0 in jessie?

I'll also see if I can get an update to wheezy issued that removes this
check, which should also simplify things.  (In that case, perhaps the
control field in libssl1.0.0 should be "Breaks: openssh-server (<<
1:6.0p1-4+deb7u2)".)

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: