Bug 1042666

Summary: openssh fails to build with openssl-1.1
Product: [openSUSE] openSUSE Tumbleweed Reporter: Tomáš Chvátal <tchvatal>
Component: OtherAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: cfeck, tchvatal, vcizek
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1042629    

Description Tomáš Chvátal 2017-06-05 10:38:33 UTC 
The package fails to build with openssl-1.1. For more information
see the blocker bug.

Currently tested in Staging:I
https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:I/openssh/standard/x86_64
Comment 1 Petr Cerny 2017-06-06 12:01:47 UTC 
It's still building an old package. Can you grab the newer one from Factory? It was accepted about two days ago - rq#500282.
Comment 2 Dirk Mueller 2017-08-15 15:47:34 UTC 
so its building now in Staging:i
Comment 3 Tomáš Chvátal 2017-08-16 07:41:11 UTC 
It is still not implemented. Staging:I was reused after it was waiting for over 1 month to be reviewed...
Comment 4 Vítězslav Čížek 2017-09-04 09:20:59 UTC 
openssh is currently building against openssl 1.0.2 by explicitly requiring libopenssl-1_0_0-devel.
Comment 5 Vítězslav Čížek 2017-09-14 13:02:56 UTC 
There's an upstream pull request: https://github.com/openssh/openssh-portable/pull/48
Fedora has also a patch: https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-7.3p1-openssl-1.1.0.patch

Petr,
Can we add either of these patches to successfully build against OpenSSL 1.1?
Comment 6 Petr Cerny 2017-09-15 19:58:16 UTC 
(In reply to Vítězslav Čížek from comment #5)
> There's an upstream pull request:
> https://github.com/openssh/openssh-portable/pull/48
> Fedora has also a patch:
> https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-7.3p1-
> openssl-1.1.0.patch
> 
> Petr,
> Can we add either of these patches to successfully build against OpenSSL 1.1?

I don't think we can use the pull request - Sebastian Krahmer found a double free    after the this was committed. The RH/Fedora patch is probably fixed now, but I haven't had time to review it yet - very much like I haven't had time to upgrade Factory to a more recent release. Can we possibly leave this it until then? 2-3 weeks?
Comment 7 Vítězslav Čížek 2017-09-18 13:24:16 UTC 
Yes, it could wait for a while.
Factory openssh is currently building against openssl 1.0.2, so it'll keep on building once we change the default openssl to 1.1.0. Eventually we want to drop 1.0.2, so all the Factory packages should build with 1.1.0.
Comment 10 Vítězslav Čížek 2018-04-30 08:59:51 UTC 
This is already fixed in Factory and Leap 15.