Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssh: Allow all openssl 3.1.x releases #23945

Merged
merged 5 commits into from
May 10, 2024
Merged

openssh: Allow all openssl 3.1.x releases #23945

merged 5 commits into from
May 10, 2024

Conversation

klausholstjacobsen
Copy link
Contributor

@klausholstjacobsen klausholstjacobsen commented May 10, 2024
edited
Loading

openssh/*

Changed requirements to allow all openssl/3.1.x releases and not only 3.1.0

@conan-center-bot

This comment has been minimized.

Sign in to view
AbrilRBS
AbrilRBS previously approved these changes May 10, 2024
View reviewed changes
Copy link
Member

@AbrilRBS AbrilRBS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@AbrilRBS AbrilRBS self-assigned this May 10, 2024
@klausholstjacobsen @jcar87
updates openssl requirements to [>=1.1 <4]
4435cf1 
Co-authored-by: Luis Caro Campos <3535649+jcar87@users.noreply.github.com>
@conan-center-bot

This comment has been minimized.

Sign in to view
@conan-center-bot

This comment has been minimized.

Sign in to view
@jcar87
Copy link
Contributor

jcar87 commented May 10, 2024
edited
Loading 

checking for openssl/opensslv.h... yes
checking OpenSSL header version... 30200010 (OpenSSL 3.2.1 30 Jan 2024)
checking for OpenSSL_version... yes
checking for OpenSSL_version_num... yes
checking OpenSSL library version... openssh/9.1p1: 
configure: error: Unknown/unsupported OpenSSL version ("30200010 (OpenSSL 3.2.1 30 Jan 2024)")

Interesting error here - if it is the code from here: https://github.com/openssh/openssh-portable/blob/1c0d81357921f8d3bab06841df649edac515ae5b/configure.ac#L2864-L2888
then I don't see why any version of >3 would fail, other than 3.0.4 due to a vulnerability.

Will investigate!

Edit: oh, the error is quite clear. It is somehow comparing the string openssh/9.1p1 with the known/compatible versions of OpenSSL... which of course fails. It expects something that starts with 3

@klausholstjacobsen
Copy link
Contributor Author

Added differentiated openssl requirements for 9.1p1 and 9.6p1

@jcar87
Copy link
Contributor

jcar87 commented May 10, 2024

Added differentiated openssl requirements for 9.1p1 and 9.6p1

It looks like they have recently added this: openssh/openssh-portable@2eded55

with

OpenSSL has moved to 3.4 which we don't currently accept. Based on
the OpenSSL versioning policy[0] it looks like all of the 3.x versions
should work with OpenSSH, so remove the distinction in configure and
accept all of them.

I think this confirms that it's okay for the recipe to simply resolve to any version in the 3.x series.

Another solution for the version that is failing:

    def source(self):
        get(self, **self.conan_data["sources"][self.version], strip_root=True)
        if self.version == "9.1p1":
            # See https://github.com/openssh/openssh-portable/commit/2eded551ba96e66bc3afbbcc883812c2eac02bd7
            replace_in_file(self, join(self.source_folder, "configure"), "300*", "30*")

@conan-center-bot

This comment has been minimized.

Sign in to view
jcar87
jcar87 reviewed May 10, 2024
View reviewed changes
recipes/openssh/all/conanfile.py
@@ -66,6 +66,10 @@ def validate(self):

def source(self):
get(self, **self.conan_data["sources"][self.version], strip_root=True)
if self.version in ["9.1p1", "9.6p1"]:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

version 9.1p1 would have not accepted version 3.2,
and version 9.6p1 would have not accepted versions higher than than 3.2, so the recipe would've started failing once OpenSSL 3.3 or higher was released. Newer versions should already have the fix to accept any in the 3.x range, as per the OpenSSL versioning guidelines

@conan-center-bot
Copy link
Collaborator

Conan v1 pipeline ✔️

All green in build 7 (fd701afaaa29a304d45af871fffdabc6e03a1b52):

  • openssh/9.6p1:
    All packages built successfully! (All logs)

  • openssh/9.1p1:
    All packages built successfully! (All logs)

Conan v2 pipeline ✔️

Note: Conan v2 builds are now mandatory. Please read our discussion about it.

All green in build 7 (fd701afaaa29a304d45af871fffdabc6e03a1b52):

  • openssh/9.6p1:
    All packages built successfully! (All logs)

  • openssh/9.1p1:
    All packages built successfully! (All logs)

@conan-center-bot conan-center-bot merged commit 6c38509 into conan-io:master May 10, 2024
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcar87 jcar87 jcar87 approved these changes

@AbrilRBS AbrilRBS AbrilRBS approved these changes

Assignees

@AbrilRBS AbrilRBS

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@klausholstjacobsen @conan-center-bot @jcar87 @AbrilRBS