[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 Darren Tucker changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #11 from Darren Tucker --- (In reply to Damien Miller from comment #10) > I withdraw my version of the diff. Darren, do you want to commit > yours? IMO we should keep the status check that is in yours but not > in the post to the mailing list. Committed, thanks. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #10 from Damien Miller --- I withdraw my version of the diff. Darren, do you want to commit yours? IMO we should keep the status check that is in yours but not in the post to the mailing list. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 Damien Miller changed: What|Removed |Added Attachment #3685||ok- Flags|| -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #9 from Sam James --- See also https://marc.info/?l=openssh-unix-dev&m=168348988530204&w=2. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 Damien Miller changed: What|Removed |Added Attachment #3684||ok+ Flags|| -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 Darren Tucker changed: What|Removed |Added Blocks||3549 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3549 [Bug 3549] Tracking bug for OpenSSH 9.4 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 psykose changed: What|Removed |Added CC||al...@ayaya.dev -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #8 from Darren Tucker --- (In reply to Darren Tucker from comment #7) > since in that case the dynamic linking would fail actually adding accessors would be fine, only deleting them would be a problem, so I don't see any reason we'd want to include the patchlevel in the check? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #7 from Darren Tucker --- Comment on attachment 3685 --> https://bugzilla.mindrot.org/attachment.cgi?id=3685 My take >+lfix = (libver & 0x0ff0L) >> 12; That's going to include the patchlevel which we previously did not (but since they also say "We also allow backporting of accessor functions in these releases" was that deliberate? if so is there any point in disallowing this here, since in that case the dynamic linking would fail anyway before we got to this check?) If we're going to do the same checks we can use the same code. if (headerver < 0x300f) { mask = 0xffffL; /* major,minor,status */ hfix = (headerver & 0x000ff000) >> 12; lfix = (libver & 0x000ff000) >> 12; } else { mask = 0xf00fL; /* major, status */ hfix = (headerver & 0x0ff0L) >> 12; lfix = (libver & 0x0ff0L) >> 12; } if ( (headerver & mask) == (libver & mask) && lfix >= hfix) return 1; return 0; If you ignore the patchlevel for both you could even complement the mask and use that to compute hfix and lfix once, but I think that'd be sufficiently unclear as to be not worth the couple of lines saved. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #6 from Sam James --- (In reply to Damien Miller from comment #4) > I could interpret this to mean that a minor release could adding > API. It would still be API/ABI compatible but only in one direction. This is generally the case for any shared library because of symbol versioning - you often can't upgrade, build a bunch of stuff against the new version, then downgrade it. But openssh has very few dependencies and even fewer which use symbol versioning so, I guess this doesn't come up often. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #5 from Sam James --- Ah, thanks, that makes sense. I thought I remembered 1.0 and 1.1 being incompatible so I knew something had changed, but didn't dig into what yet. Your patch seems to work and cope with upgrading openssl. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #4 from Damien Miller --- Created attachment 3685 --> https://bugzilla.mindrot.org/attachment.cgi?id=3685&action=edit My take Don't we still want to prevent backsliding? The OpenSSL page says this: "MINOR: API/ABI compatible feature releases will change this" I could interpret this to mean that a minor release could adding API. It would still be API/ABI compatible but only in one direction. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 Darren Tucker changed: What|Removed |Added CC||d...@mindrot.org Attachment #3684||ok?(d...@mindrot.org) Flags|| --- Comment #3 from Darren Tucker --- Created attachment 3684 --> https://bugzilla.mindrot.org/attachment.cgi?id=3684&action=edit Update OpenSSL version check for v3 policy. Remove <1 since we no longer support them. I think this will fix it (untested). -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 Darren Tucker changed: What|Removed |Added CC||dtuc...@dtucker.net --- Comment #2 from Darren Tucker --- (In reply to Sam James from comment #0) > the relevant OpenSSL versions are supposed to be ABI compatible? Looks like OpenSSL changed their compatibility guarantees between 1.1 and 3: https://www.openssl.org/policies/releasestrat.html "As of release 3.0.0, the OpenSSL versioning scheme is changing to a more contemporary format: MAJOR.MINOR.PATCH With this format, API/ABI compatibility will be guaranteed for the same MAJOR version number. Previously we guaranteed API/ABI compatibility across the same MAJOR.MINOR combination." Our check only implements the latter. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3548] Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
https://bugzilla.mindrot.org/show_bug.cgi?id=3548 --- Comment #1 from Sam James --- (This is with 9.2_p1). -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs