Debian Bug report logs - #732940
Broken with newer OpenSSL: "OpenSSL version mismatch. Built against 1000105f, you have 10001060"

Toggle useless messages

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Sun, 22 Dec 2013 14:02:37 -0800

Package: libssl1.0.0
Version: 1.0.1e-5
Severity: critical

Upgrading OpenSSL caused SSH to break.

Here's the upgrade from aptitude's log:
[UPGRADE] libssl-dev:amd64 1.0.1e-4 -> 1.0.1e-5
[UPGRADE] libssl1.0.0:amd64 1.0.1e-4 -> 1.0.1e-5
[UPGRADE] openssl:amd64 1.0.1e-4 -> 1.0.1e-5

And here's SSH failing:
$ ssh joshtriplett.org
OpenSSL version mismatch. Built against 1000105f, you have 10001060

- Josh Triplett

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl1.0.0 depends on:
ii  debconf [debconf-2.0]  1.5.52
ii  libc6                  2.17-97
ii  multiarch-support      2.17-97

libssl1.0.0 recommends no packages.

libssl1.0.0 suggests no packages.

-- debconf information excluded

Message #8 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>

To: Josh Triplett <josh@joshtriplett.org>, 732940@bugs.debian.org

Subject: Re: Bug#732940: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Sun, 22 Dec 2013 23:08:17 +0100

[Message part 1 (text/plain, inline)]

On Sun, Dec 22, 2013 at 14:02:37 -0800, Josh Triplett wrote:

> Package: libssl1.0.0
> Version: 1.0.1e-5
> Severity: critical
> 
> Upgrading OpenSSL caused SSH to break.
> 
> Here's the upgrade from aptitude's log:
> [UPGRADE] libssl-dev:amd64 1.0.1e-4 -> 1.0.1e-5
> [UPGRADE] libssl1.0.0:amd64 1.0.1e-4 -> 1.0.1e-5
> [UPGRADE] openssl:amd64 1.0.1e-4 -> 1.0.1e-5
> 
> And here's SSH failing:
> $ ssh joshtriplett.org
> OpenSSL version mismatch. Built against 1000105f, you have 10001060
> 
sounds like an openssh bug to me...

Cheers,
Julien

[signature.asc (application/pgp-signature, inline)]

Message #11 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Debian Bug Tracking System <732940@bugs.debian.org>

Subject: Re: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Sun, 22 Dec 2013 14:16:43 -0800

Package: libssl1.0.0
Version: 1.0.1e-5
Followup-For: Bug #732940

Julien Cristau wrote:
> On Sun, Dec 22, 2013 at 14:02:37 -0800, Josh Triplett wrote:
>> Package: libssl1.0.0
>> Version: 1.0.1e-5
>> Severity: critical
>> 
>> Upgrading OpenSSL caused SSH to break.
>> 
>> Here's the upgrade from aptitude's log:
>> [UPGRADE] libssl-dev:amd64 1.0.1e-4 -> 1.0.1e-5
>> [UPGRADE] libssl1.0.0:amd64 1.0.1e-4 -> 1.0.1e-5
>> [UPGRADE] openssl:amd64 1.0.1e-4 -> 1.0.1e-5
>> 
>> And here's SSH failing:
>> $ ssh joshtriplett.org
>> OpenSSL version mismatch. Built against 1000105f, you have 10001060
>> 
> sounds like an openssh bug to me...

I upgraded OpenSSL and OpenSSH stopped working.  Since the SONAME didn't
change, kinda by definition this seems like a bug in OpenSSL, not
OpenSSH.

- Josh Triplett

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl1.0.0 depends on:
ii  debconf [debconf-2.0]  1.5.52
ii  libc6                  2.17-97
ii  multiarch-support      2.17-97

libssl1.0.0 recommends no packages.

libssl1.0.0 suggests no packages.

-- debconf information excluded

Message #16 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Josh Triplett <josh@joshtriplett.org>, 732940@bugs.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732940: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Sun, 22 Dec 2013 23:27:57 +0100

On Sun, Dec 22, 2013 at 02:16:43PM -0800, Josh Triplett wrote:
> Package: libssl1.0.0
> Version: 1.0.1e-5
> Followup-For: Bug #732940
> 
> Julien Cristau wrote:
> > On Sun, Dec 22, 2013 at 14:02:37 -0800, Josh Triplett wrote:
> >> Package: libssl1.0.0
> >> Version: 1.0.1e-5
> >> Severity: critical
> >> 
> >> Upgrading OpenSSL caused SSH to break.
> >> 
> >> Here's the upgrade from aptitude's log:
> >> [UPGRADE] libssl-dev:amd64 1.0.1e-4 -> 1.0.1e-5
> >> [UPGRADE] libssl1.0.0:amd64 1.0.1e-4 -> 1.0.1e-5
> >> [UPGRADE] openssl:amd64 1.0.1e-4 -> 1.0.1e-5
> >> 
> >> And here's SSH failing:
> >> $ ssh joshtriplett.org
> >> OpenSSL version mismatch. Built against 1000105f, you have 10001060
> >> 
> > sounds like an openssh bug to me...
> 
> I upgraded OpenSSL and OpenSSH stopped working.  Since the SONAME didn't
> change, kinda by definition this seems like a bug in OpenSSL, not
> OpenSSH.

So openssl is never supposed to change it's version number?


Kurt

Message #19 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Debian Bug Tracking System <732940@bugs.debian.org>

Subject: Re: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Sun, 22 Dec 2013 14:45:32 -0800

Package: libssl1.0.0
Version: 1.0.1e-5
Followup-For: Bug #732940

Kurt Roeckx wrote:
>On Sun, Dec 22, 2013 at 02:16:43PM -0800, Josh Triplett wrote:
>> Package: libssl1.0.0
>> Version: 1.0.1e-5
>> Followup-For: Bug #732940
>> 
>> Julien Cristau wrote:
>> > On Sun, Dec 22, 2013 at 14:02:37 -0800, Josh Triplett wrote:
>> >> Package: libssl1.0.0
>> >> Version: 1.0.1e-5
>> >> Severity: critical
>> >> 
>> >> Upgrading OpenSSL caused SSH to break.
>> >> 
>> >> Here's the upgrade from aptitude's log:
>> >> [UPGRADE] libssl-dev:amd64 1.0.1e-4 -> 1.0.1e-5
>> >> [UPGRADE] libssl1.0.0:amd64 1.0.1e-4 -> 1.0.1e-5
>> >> [UPGRADE] openssl:amd64 1.0.1e-4 -> 1.0.1e-5
>> >> 
>> >> And here's SSH failing:
>> >> $ ssh joshtriplett.org
>> >> OpenSSL version mismatch. Built against 1000105f, you have 10001060
>> >> 
>> > sounds like an openssh bug to me...
>> 
>> I upgraded OpenSSL and OpenSSH stopped working.  Since the SONAME didn't
>> change, kinda by definition this seems like a bug in OpenSSL, not
>> OpenSSH.
>
> So openssl is never supposed to change it's version number?

It's not OK to break forward compatibility without changing SONAME.
Software built against an older version of a library must always work
with a newer version that has the same SONAME; that's what the SONAME
exists for.  It'd be perfectly OK for software built against a newer
OpenSSL to refuse to work with an older version (ideally by requiring a
symbol the older library doesn't have), but the reverse is a bug,
regardless of the mechanism.

- Josh Triplett

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl1.0.0 depends on:
ii  debconf [debconf-2.0]  1.5.52
ii  libc6                  2.17-97
ii  multiarch-support      2.17-97

libssl1.0.0 recommends no packages.

libssl1.0.0 suggests no packages.

-- debconf information excluded

Message #24 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Josh Triplett <josh@joshtriplett.org>, 732940@bugs.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732940: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Sun, 22 Dec 2013 23:57:20 +0100

On Sun, Dec 22, 2013 at 02:45:32PM -0800, Josh Triplett wrote:
> 
> It's not OK to break forward compatibility without changing SONAME.
> Software built against an older version of a library must always work
> with a newer version that has the same SONAME; that's what the SONAME
> exists for.  It'd be perfectly OK for software built against a newer
> OpenSSL to refuse to work with an older version (ideally by requiring a
> symbol the older library doesn't have), but the reverse is a bug,
> regardless of the mechanism.

Openssl does not do this version check, nor does it suggest to do
any such check.  I think I've already filed this bug against
openssh twice and it seems to be comming back.

I don't see how openssl is breaking either forward or backward
compatibility.  It just changed the version it returned.  Openssl
can't be responible for whatever people do with that version.

Openssl in Debian also properly maintains the soname, it has
versioned symbols depending on the version that introduced
the symbol.

If openssh wants to refused to run with a newer version of openssl
and you say that that is perfectly OK, I guess there is no bug at
all here and I can just close this bug.


Kurt

Message #29 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: Julien Cristau <jcristau@debian.org>

Cc: Josh Triplett <josh@joshtriplett.org>, 732940@bugs.debian.org, openssh@packages.debian.org

Subject: Re: Bug#732940: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Mon, 23 Dec 2013 00:09:49 +0100

On 2013-12-22 23:08 +0100, Julien Cristau wrote:

> On Sun, Dec 22, 2013 at 14:02:37 -0800, Josh Triplett wrote:
>
>> Package: libssl1.0.0
>> Version: 1.0.1e-5
>> Severity: critical
>> 
>> Upgrading OpenSSL caused SSH to break.
>> 
>> Here's the upgrade from aptitude's log:
>> [UPGRADE] libssl-dev:amd64 1.0.1e-4 -> 1.0.1e-5
>> [UPGRADE] libssl1.0.0:amd64 1.0.1e-4 -> 1.0.1e-5
>> [UPGRADE] openssl:amd64 1.0.1e-4 -> 1.0.1e-5
>> 
>> And here's SSH failing:
>> $ ssh joshtriplett.org
>> OpenSSL version mismatch. Built against 1000105f, you have 10001060
>> 
> sounds like an openssh bug to me...

This had happened in the past, see #678661. Looks like that problem is
biting us again. :-/

Cheers,
       Sven

Message #40 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Uoti Urpala <uoti.urpala@pp1.inet.fi>

To: 732940@bugs.debian.org

Subject: Re: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Mon, 23 Dec 2013 01:16:17 +0200

Josh Triplett wrote:
> I upgraded OpenSSL and OpenSSH stopped working.  Since the SONAME didn't
> change, kinda by definition this seems like a bug in OpenSSL, not
> OpenSSH.

That "by definition" only holds if you assume all applications are
perfect software with no bugs whatsoever, and use libraries strictly
according to their formal API only (however badly that API is often
defined in practice). In reality it's quite common for perfectly
ABI-compatible updates to break other software (or perhaps that should
be phrased "make the brokenness of other software have visible
effects").

In this case the breakage seems to be caused by an explicit version
check in OpenSSH. There's this code in entropy.c:

>         * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
>          * We match major, minor, fix and status (not patch) for <1.0.0.
>          * After that, we acceptable compatible fix versions (so we
>          * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
>          * within a patch series.
>          */
>         u_long version_mask = SSLeay() >= 0x1000000f ?  ~0xffff0L : ~0xff0L;
>         if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
>             (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
>                 fatal("OpenSSL version mismatch. Built against %lx, you "
>                     "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());

For some weird reason the last byte "status" is not masked out of the
comparison. This libssl update changed the version from "1.0.1e release"
to "1.0.1f beta0", and the release->beta0 (f to 0) change in last byte
triggers the check.

The OpenSSH Debian package has this changelog entry:
openssh (1:5.9p1-4) unstable; urgency=low

  * Disable OpenSSL version check again, as its SONAME is sufficient
    nowadays (closes: #664383).

but apparently it was either not really disabled or was enabled again
for some reason; I see no changelog entry for that.

Message #43 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Debian Bug Tracking System <732940@bugs.debian.org>

Subject: Re: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Sun, 22 Dec 2013 15:16:36 -0800

Package: libssl1.0.0
Version: 1.0.1e-5
Followup-For: Bug #732940

Kurt Roeckx wrote:
> On Sun, Dec 22, 2013 at 02:45:32PM -0800, Josh Triplett wrote:
>> 
>> It's not OK to break forward compatibility without changing SONAME.
>> Software built against an older version of a library must always work
>> with a newer version that has the same SONAME; that's what the SONAME
>> exists for.  It'd be perfectly OK for software built against a newer
>> OpenSSL to refuse to work with an older version (ideally by requiring a
>> symbol the older library doesn't have), but the reverse is a bug,
>> regardless of the mechanism.
>
> Openssl does not do this version check, nor does it suggest to do
> any such check.  I think I've already filed this bug against
> openssh twice and it seems to be comming back.
>
> I don't see how openssl is breaking either forward or backward
> compatibility.  It just changed the version it returned.  Openssl
> can't be responible for whatever people do with that version.

I stand corrected; my apologies.  I've seen so many libraries that put
in version checks like this that I assumed the version check lived in
OpenSSL, not OpenSSH.  You're right, this is *not* an OpenSSL bug, it's
an OpenSSH bug.  I'll reassign accordingly.

- Josh Triplett

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl1.0.0 depends on:
ii  debconf [debconf-2.0]  1.5.52
ii  libc6                  2.17-97
ii  multiarch-support      2.17-97

libssl1.0.0 recommends no packages.

libssl1.0.0 suggests no packages.

-- debconf information excluded

Message #82 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Valérian Galliat <valerian.dredd@gmail.com>

To: 732940@bugs.debian.org

Subject: Found 732940 on ssh=1:6.4p1-1 in Sid

Date: Mon, 23 Dec 2013 10:18:53 +0100

[Message part 1 (text/plain, inline)]

found 732940 1:6.4p1-1

[Message part 2 (text/html, inline)]

Message #103 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Uoti Urpala <uoti.urpala@pp1.inet.fi>, 732940@bugs.debian.org

Subject: Re: Bug#732940: Breaks ssh: OpenSSL version mismatch. Built against 1000105f, you have 10001060

Date: Mon, 23 Dec 2013 10:37:59 +0000

On Mon, Dec 23, 2013 at 01:16:17AM +0200, Uoti Urpala wrote:
> The OpenSSH Debian package has this changelog entry:
> openssh (1:5.9p1-4) unstable; urgency=low
> 
>   * Disable OpenSSL version check again, as its SONAME is sufficient
>     nowadays (closes: #664383).
> 
> but apparently it was either not really disabled or was enabled again
> for some reason; I see no changelog entry for that.

That was actually a typo for "Enable".  Sorry for the confusion.  I'll
put that patch back.

-- 
Colin Watson                                       [cjwatson@debian.org]

Message #112 received at 732940-close@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 732940-close@bugs.debian.org

Subject: Bug#732940: fixed in openssh 1:6.4p1-1.1

Date: Mon, 23 Dec 2013 10:49:37 +0000

Source: openssh
Source-Version: 1:6.4p1-1.1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 732940@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Dec 2013 10:33:59 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.4p1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 732940
Changes: 
 openssh (1:6.4p1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Adjust check for openssl version (Closes: #732940)
Checksums-Sha1: 
 cdb386efe2254d85329b0f6fd3657d4c9e295455 2538 openssh_6.4p1-1.1.dsc
 d25e8df8f2d5537b8cfcca307a3f4f621917aa9d 173124 openssh_6.4p1-1.1.debian.tar.gz
 fb1707054a2d208c11f447c74bdc8827bc7eb3f6 597016 openssh-client_6.4p1-1.1_amd64.deb
 c4327244fa52704dc8bca141e6195f95759b3de5 263604 openssh-server_6.4p1-1.1_amd64.deb
 337fe72f23616c7677b6ae483a77c4bdad97d89e 1060 ssh_6.4p1-1.1_all.deb
 834107d445e1d5c6b846297fbe9ae99d82c0ce3e 113714 ssh-krb5_6.4p1-1.1_all.deb
 c06d03d2e81fd8301d61556a360f03c7e251a878 121564 ssh-askpass-gnome_6.4p1-1.1_amd64.deb
 d94f7560f66fbabe6ac7a9f4f3426b1c2f3efe58 188180 openssh-client-udeb_6.4p1-1.1_amd64.udeb
 fee2337f734e81ad62d7a46d054ad6b729dc8711 217386 openssh-server-udeb_6.4p1-1.1_amd64.udeb
Checksums-Sha256: 
 b8954ab3a9b2b5fba55bcd1580b64712e68fff19fc696593198114b3c6a0f780 2538 openssh_6.4p1-1.1.dsc
 70874fd195531e776ce3db5f5b378ce8e20b68114992873ee7f31f0398422fa3 173124 openssh_6.4p1-1.1.debian.tar.gz
 ba775f9632c2cd1a9d7a9dc2d3ebd43c1c008c6ac07cc2d28e3c9ba873254c24 597016 openssh-client_6.4p1-1.1_amd64.deb
 583b893b4ed5105db1ddaf302debadb372a4b0483958f71c3a4e9587889b0daf 263604 openssh-server_6.4p1-1.1_amd64.deb
 94a892c508afb285be263c11a779b03a06003ae6bd5ad4e578d62b831169b5e0 1060 ssh_6.4p1-1.1_all.deb
 b2bc5d6cd167e78f6b1547fe9143067f70dc48dc93d2c57985441f2413bf8aaf 113714 ssh-krb5_6.4p1-1.1_all.deb
 fa239ffa5a25f61d78d6a4aba5ecc85cc5cb5002e5d38cffb622d91a9e13e77e 121564 ssh-askpass-gnome_6.4p1-1.1_amd64.deb
 41ca2651771ef5746aba7ba617c467c8a83ea3e8d2283e2c90a5e4b160e687de 188180 openssh-client-udeb_6.4p1-1.1_amd64.udeb
 a97607596b66a96b17f7aab146759bda0faed45dc2cd0245466a92ccbffc0201 217386 openssh-server-udeb_6.4p1-1.1_amd64.udeb
Files: 
 9295b18287bb0f72db4819e87490214c 2538 net standard openssh_6.4p1-1.1.dsc
 ee4bdf1852e2d5047a8d0553d3c574a8 173124 net standard openssh_6.4p1-1.1.debian.tar.gz
 4edd1b3295822e1f3ed04a5432d89d6f 597016 net standard openssh-client_6.4p1-1.1_amd64.deb
 bb610fafb19a8ef551812467a96f63b3 263604 net optional openssh-server_6.4p1-1.1_amd64.deb
 6b7916e32564685634b56614b6950cee 1060 net extra ssh_6.4p1-1.1_all.deb
 3d09cf7d1caf5935c5948559bdf39c26 113714 oldlibs extra ssh-krb5_6.4p1-1.1_all.deb
 5fe1a4f0450343df1f0a9f338235a506 121564 gnome optional ssh-askpass-gnome_6.4p1-1.1_amd64.deb
 6671d6633a852c20fd1a2163eb9a058d 188180 debian-installer optional openssh-client-udeb_6.4p1-1.1_amd64.udeb
 b8c4e2270ec1b0c65d62cb1f1edbcdaf 217386 debian-installer optional openssh-server-udeb_6.4p1-1.1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSuA88AAoJEKGfLDAaVSLdck8P/1pHn9aCwTRXVWnS3INhenDw
5QVWotUVXWNtkylWZ7Ujx2AwRmYfWzY847gVaeHCStIFsAPD9dLSQXC/5VcrXjSY
yw66/T/q2aFiLLzm4kj3qVHu3Xyh25ZrIR3qK0CnFm0/cPt6+C63GIsmf5Hqh+jZ
XoBnoDE4F1NRoGq57+9c/NGPFNTHMsB5IbNB4fqnpCNWKSsvr8ag9A00PI6p4rpJ
uUFSbxh4y6+kps8tSUeX3hdHEXwX6jUEYWVnD71wE82n+1Hm/VqC3fMBLdxAgSG2
snJq0hnEK7pKoKE3XM+o+B16gjz9qQw7/AEDJGF7T7tl70xxIW44V2qQxrH1UP3l
x+39i+x0x7x0cBALVyYLZorWjObWfQCEwrJ0uRiTonWg5u1h8MhieAR8KtENfHhv
5Kb96a4Lc+1CqJlIM6FUPvUbxFg1KJ2Qwc2opkaREAw3629gcRT8VA7YI3eNg+lg
jpAW76IrhRxXCDBy4sILJsNU/MxswazjpIrKX85T5hPfkW105o+J6jYKGqllMseu
nwni4u373dlRQrDGqb2e82fQuf2BoTiQ4ORz+2GOShxaXk0nwgVa9rX43GVLcyIY
VGqa6qlCaTDZIHfxT58BQG+XKO/dKY83LTidDuBstdtvzztwOCzJdxuavdzezbo3
mph9ZvOJNK3q19BFlOHn
=mXZv
-----END PGP SIGNATURE-----

Message #137 received at 732940-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 732940-close@bugs.debian.org

Subject: Bug#732940: fixed in openssh 1:6.4p1-2

Date: Mon, 23 Dec 2013 12:03:58 +0000

Source: openssh
Source-Version: 1:6.4p1-2

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 732940@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 23 Dec 2013 10:44:04 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.4p1-2
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 727622 732940
Changes: 
 openssh (1:6.4p1-2) unstable; urgency=high
 .
   * Increase ServerKeyBits value in package-generated sshd_config to 1024
     (closes: #727622, LP: #1244272).
   * Restore patch to disable OpenSSL version check (closes: #732940).
Checksums-Sha1: 
 d20f60f2f70f3d56b2d94ae98ab90068f2919c3d 2586 openssh_6.4p1-2.dsc
 85599527be2cbd1e53e84f07600e75a323fbedbb 172717 openssh_6.4p1-2.debian.tar.gz
 d68fa4bdd95a7e90f41064957d23de62f0495fe6 600180 openssh-client_6.4p1-2_i386.deb
 66f40f9dff0c0ba8064d36b712b037c29762f276 262098 openssh-server_6.4p1-2_i386.deb
 f8ec5fbd2f88078f5f3f68c78b5d2238122befdd 1056 ssh_6.4p1-2_all.deb
 25f206a4abde9dbac0e2854c4d20ee4c56fb4f33 113828 ssh-krb5_6.4p1-2_all.deb
 3e1f88268e6ab23f4b35cba9ad861d9edc3bc326 121546 ssh-askpass-gnome_6.4p1-2_i386.deb
 7c2d3679ee04fc54c6ac49bd1de92b56f630ae10 185164 openssh-client-udeb_6.4p1-2_i386.udeb
 ff16e19a9c83b2e845aaa6ab459325058d23d095 212096 openssh-server-udeb_6.4p1-2_i386.udeb
Checksums-Sha256: 
 a97905b6826b319c8602cf4cd0730d9e1ea4c80701489c9920892cd3c6ca06c0 2586 openssh_6.4p1-2.dsc
 83df33885f2e5cb1493cb8337fbbd55f069510537880cc93ca1ff09ddbc80e49 172717 openssh_6.4p1-2.debian.tar.gz
 42ed7349c3f926f77c2d9e67944fe3ad5a4eb4f5382921ccb92ad7f1e43c4efe 600180 openssh-client_6.4p1-2_i386.deb
 91e7db3994e081509f6de9bb1b7afd54c6cc66b074b4e656e4d801a283a3e8cb 262098 openssh-server_6.4p1-2_i386.deb
 052458195876bfad2cbda9abfe27235d8065a3b8c72afea72f49bd8e118c63ae 1056 ssh_6.4p1-2_all.deb
 6c97b81c6189c8579988cb22a5d31fc681aa4d5572488c60440d8eede852b81e 113828 ssh-krb5_6.4p1-2_all.deb
 982969205cd7a01d780881010f8451fc5a9e5a2817033eb7cb783ac45876e0fe 121546 ssh-askpass-gnome_6.4p1-2_i386.deb
 a233f4fd56a72318856554aa53053517c1a4c0e80d8e4807a422bc1ca3fd2509 185164 openssh-client-udeb_6.4p1-2_i386.udeb
 3050a9f29109419d86bda37b21c4efd39615fc7ce2eac0dadd9ec1959c300307 212096 openssh-server-udeb_6.4p1-2_i386.udeb
Files: 
 2900c0878c4703b27ff79ff2e8f86e68 2586 net standard openssh_6.4p1-2.dsc
 cf30f3f271accf2b6dbe068c5fea7c84 172717 net standard openssh_6.4p1-2.debian.tar.gz
 4fd9d2c422a2419d44fd824d8c731577 600180 net standard openssh-client_6.4p1-2_i386.deb
 047a770f5aafe1dca22d75f938df4994 262098 net optional openssh-server_6.4p1-2_i386.deb
 9089a06a1505b2e373acd88625a1f09d 1056 net extra ssh_6.4p1-2_all.deb
 37a1eafa377f0668b101da578268c4a0 113828 oldlibs extra ssh-krb5_6.4p1-2_all.deb
 87dce163f425ec981702ab275d2ec1bd 121546 gnome optional ssh-askpass-gnome_6.4p1-2_i386.deb
 fb594d4b140b4fc723faf7d4a35c2e53 185164 debian-installer optional openssh-client-udeb_6.4p1-2_i386.udeb
 daaa3064a45c6342a845598b53ca017b 212096 debian-installer optional openssh-server-udeb_6.4p1-2_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBUrgWeTk1h9l9hlALAQgNdBAAjaRiniYdTLfWwLtP43RC3Eljt2xTpHJ+
XXUqGJpvTuiCSek4uQawHbfLmLDoN6ox3ggkJw2iCUNvQftgGNxNBKIFQHcKavFj
Z+PzzwZTqMtg6r8M/rrvRY6N6WRHdGwDU+Oaq7YXtqAYZXZSV9nxVJpfKeQx6FAX
Lq0GEZD4bYng0ne8rMZu4g+2u3AXLwNXlNFWnEFfkLcj7QIqSoo88Ki4bflKst2z
MGAeDSDVcu9cqNsTrTgENNMGf933z34auxdGiMDL9Tc7GJrSMfriBeXv35ByHwmw
uAO0BkgkKSWh8/iUZbz/v1+rltDBOZIeOI0gq86I3g6cnsSP7jsycTmoKe5+95I7
WTXzcNipD0VLOvEFDDeS5C2YIuEMsMmkV1Tq1Hn8jxxqJU1a2K92GW/5FjYOZBnK
gMddBnpreikZrnoXQY4TpJQrmCjY8LQN/Ot/T+Bnd0n4V/Q3jWyZ+MnWvUOwORFP
qXnaQ3JYHROOI6QDVNCgfUFuQdjxj+LJVyDm6gPmdO57FsK7GSFB8OCzHjTIXZ+F
eiAcYK7fGL87w0+UNEwTFvcDAytjUrbfJaq1XwE0x3kEqMI8lCmMYl5cV0+WBGNk
Cq6fU73+bkqC0Nl1qTZrLrqkSXI3cdEeJY637XYKZT8WCpMxeGT8osu9S4cEuplk
9Qpn34do1Dw=
=+ii/
-----END PGP SIGNATURE-----

Message #162 received at 732940@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 732940@bugs.debian.org

Subject: 6.4p1-1.1 NMU diff

Date: Mon, 23 Dec 2013 15:15:59 +0100

[Message part 1 (text/plain, inline)]

Hi,

Here is the diff of the NMU that I uploaded.


Kurt

[openssh_6.4p1-1.1.diff (text/x-diff, attachment)]

Message #163 received at 732940-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 732940-close@bugs.debian.org

Subject: Re: Bug#732940: 6.4p1-1.1 NMU diff

Date: Mon, 23 Dec 2013 14:55:50 +0000

On Mon, Dec 23, 2013 at 03:15:59PM +0100, Kurt Roeckx wrote:
> Here is the diff of the NMU that I uploaded.

I already had a different upload in progress (1:6.4p1-2) so I went ahead
with that.  Thanks anyway.  Perhaps you could forward your patch
upstream since it's probably more upstreamable than the old one I
resurrected?

-- 
Colin Watson                                       [cjwatson@debian.org]

Send a report that this bug log contains spam.