Package: libssl1.0.0 Version: 1.0.1e-5 Followup-For: Bug #732940 Kurt Roeckx wrote: >On Sun, Dec 22, 2013 at 02:16:43PM -0800, Josh Triplett wrote: >> Package: libssl1.0.0 >> Version: 1.0.1e-5 >> Followup-For: Bug #732940 >> >> Julien Cristau wrote: >> > On Sun, Dec 22, 2013 at 14:02:37 -0800, Josh Triplett wrote: >> >> Package: libssl1.0.0 >> >> Version: 1.0.1e-5 >> >> Severity: critical >> >> >> >> Upgrading OpenSSL caused SSH to break. >> >> >> >> Here's the upgrade from aptitude's log: >> >> [UPGRADE] libssl-dev:amd64 1.0.1e-4 -> 1.0.1e-5 >> >> [UPGRADE] libssl1.0.0:amd64 1.0.1e-4 -> 1.0.1e-5 >> >> [UPGRADE] openssl:amd64 1.0.1e-4 -> 1.0.1e-5 >> >> >> >> And here's SSH failing: >> >> $ ssh joshtriplett.org >> >> OpenSSL version mismatch. Built against 1000105f, you have 10001060 >> >> >> > sounds like an openssh bug to me... >> >> I upgraded OpenSSL and OpenSSH stopped working. Since the SONAME didn't >> change, kinda by definition this seems like a bug in OpenSSL, not >> OpenSSH. > > So openssl is never supposed to change it's version number?
It's not OK to break forward compatibility without changing SONAME. Software built against an older version of a library must always work with a newer version that has the same SONAME; that's what the SONAME exists for. It'd be perfectly OK for software built against a newer OpenSSL to refuse to work with an older version (ideally by requiring a symbol the older library doesn't have), but the reverse is a bug, regardless of the mechanism. - Josh Triplett -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libssl1.0.0 depends on: ii debconf [debconf-2.0] 1.5.52 ii libc6 2.17-97 ii multiarch-support 2.17-97 libssl1.0.0 recommends no packages. libssl1.0.0 suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
