[oi-dev] libssh2

Goetz T. Fischer g.fischer at r-a-c.de
Tue Jun 4 01:45:48 UTC 2024 

hi guys,

i was about to update libssh2 despite the lack of openssl > 1.0.2 support and checked: 
http://pkg.openindiana.org/hipster/en/search.shtml?token=libssh2&action=Search

there i saw "library/libssh2 at 1.10.0,5.11-2023.0.0.2:20230917T073330Z". still the old one so i fired 
up my userland vm and did a pkg update. to my surprise i spotted:

openindiana.org -> userland
  library/libssh2
    1.10.0-2023.0.0.2 -> 1.11.0-2024.0.0.0

so is pkg.openindiana.org out of sync or something?

On Thu, 16 May 2024 06:01:04 +0200, Goetz T. Fischer wrote:
> unfortunately libssh2 turned out to be yet another ssl mediator victim. however this one can 
> probably be solved because it builds fine. the problem only occurs during publish:
> 
> /userland/oi-userland/components/library/libssh2/build/manifest-i386-libssh2.depend has 
> unresolved 
> dependency '
>     depend type=require fmri=__TBD pkg.debug.depend.file=libcrypto.so.1.0.0 \
>         pkg.debug.depend.reason=usr/lib/libssh2.so.1.0.1 \
>         pkg.debug.depend.type=elf \
>         pkg.debug.depend.path=lib \
>         pkg.debug.depend.path=usr/gcc/13/lib \
>         pkg.debug.depend.path=usr/lib \
>         pkg.debug.depend.path=usr/openssl/3.1/lib'.
> gmake: *** [/userland/oi-userland/make-rules/ips.mk:521: 
> /userland/oi-userland/components/library/libssh2/build/.resolved-i386] Error 1
> 
> my updated Makefile has:
> CPPFLAGS += -I$(OPENSSL_INCDIR)
> LDFLAGS  += -L$(OPENSSL_LIBDIR)
> CONFIGURE_OPTIONS += --with-libssl-prefix=/usr/openssl/3.1
> 
> and as mentioned builds and installs fine. unfortunately libssh2.so doesn't attract any ssl libs 
> directly so ldd is no help.
> anyhow with the openssl mediator set to 3.1 everything is fine.
> 
> On Tue, 14 May 2024 11:49:03 +0200, Till Wegmüller wrote:
>> Hi, Goetz
>> 
>> I am not aware of any compatibility issues if there are it would be a
>> good idea to remove them. Best way to find out is to start and push it
>> through the finishline.
>> 
>> -Till
>> 
>> On 14.05.24 03:52, Goetz T. Fischer wrote:
>>> hi guys,
>>> 
>>> just a quickie, i've been going through the list of packages with security implications and 
>>> noticed
>>> that libssh2 is at 1.10.0. however 1.11.0 has been released almost one year ago so i wondered, 
>>> is
>>> that on purpose because of some compatibility issues or something like that?
>>> if not i would get to that next.
>>> 
>>> --
>>> R-A-C
>>> Götz T. Fischer CertIT&Comp
>>> +49(0)7225/98 98 79
>>> g.fischer at r-a-c.de
>>> r-a-c.de
>>> 
>>> _______________________________________________
>>> oi-dev mailing list
>>> oi-dev at openindiana.org
>>> https://openindiana.org/mailman/listinfo/oi-dev
>> 
>> _______________________________________________
>> oi-dev mailing list
>> oi-dev at openindiana.org
>> https://openindiana.org/mailman/listinfo/oi-dev

More information about the oi-dev mailing list