Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#54990 closed defect (fixed)

OpenSSH is bound too tightly to OpenSSL builds

Reported by: mouse07410 (Mouse) Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc:
Port: openssh

Description 

$ ssh git@github.com -T
OpenSSL version mismatch. Built against 100020cf, you have 100020d0

I do not need/want OpenSSH to demand rebuild every time a 100% binary-compatible OpenSSL shared library is updated.

Oh, and as we're at it - please feel free to update OpenSSH to the current released v7.6.

Change History (5)

comment:1 in reply to:  description ; Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Owner: set to ryandesign
Status: newaccepted

Replying to mouse07410: 

$ ssh git@github.com -T
OpenSSL version mismatch. Built against 100020cf, you have 100020d0

I do not need/want OpenSSH to demand rebuild every time a 100% binary-compatible OpenSSL shared library is updated.

I guess the developers of OpenSSH don't feel they are 100% compatible, else they would not have inserted this message. If you want it to change, you'll have to take it up with them.

But this does point out that when we update openssl, we need to remember to revbump openssh. I'll take care of that.

Oh, and as we're at it - please feel free to update OpenSSH to the current released v7.6.

That's already requested in #53108.

comment:2 in reply to:  1 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Port: openssh added; OpenSSH removed

Replying to ryandesign:

But this does point out that when we update openssl, we need to remember to revbump openssh. I'll take care of that.

Actually it's already been done this time. openssl was updated to 1.0.2l in May and openssh's revision was increased in September for an unrelated reason.

So I'll just add openssh to the list of ports we revbump after updating openssl.

comment:3 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Resolution: fixed
Status: acceptedclosed

In 8497d1134ce358ab322207e80e3159256a113edf/macports-ports:

openssl: Add comment to revbump openssh after updating

Closes: #54990

comment:4 Changed 7 years ago by mouse07410 (Mouse)

I guess the developers of OpenSSH don't feel they are 100% compatible, else they would not have inserted this message. If you want it to change, you'll have to take it up with them.

I realize that, but it's plain silly, considering the binary API compatibility guarantees of OpenSSL, and the fact that the OpenSSL libraries are opaque to SSH (accessed only via the API calls).

comment:5 Changed 7 years ago by raimue (Rainer Müller)

Your complaint should go to the OpenSSH developers that added such a check (I am quite sure there is a good reason).

Note: See TracTickets for help on using tickets.