[TriLUG] Openssh update failure

Kevin Hunter khunter at rhoworld.com
Fri Dec 14 15:38:30 EST 2001


Well, from your detailed response, it seems I'm stuck.  The goal this
entire time was to get ssh up to date due to the CERT announcement (
2001-35 ).  It would seem this would be a case to try up2date.  This
is a RH 7.1 install.  I tried a 7.2 upgrade last night and ended up
w/ a "anaconda page fault" during install and a "LI" prompt after
reboot. I had to recover the whole thing from scratch ( which is not
a big deal since this is not a production server ) and Dell had
provided a recovery CD.  I'm not proficient enought to recover from a
LI situation.

This whole mess is my own fault. This server sat for a while b/f I
got serious about getting it up and running and secured.  That's
while it's so many errata behind.  Would it be foolish to do an
up2date this one time and from there deal w/ errata's by hand on an
"as needed" basis??

KH

*********** REPLY SEPARATOR  ***********

On 12/14/2001 at 2:23 PM Lisa Lorenzin wrote:

>> I'm actually doing a run through to see what it needs and finding
>> that I have a dependency problem. I can't find what rpm I'm
missing.
>> How do I find out where to get these libcrypto.so.* files ??
>
>rpmfind is your friend. :)  if you go to www.rpmfind.net and type
the name
>of a library or file into the search, it will return a list of which
rpms
>contain that library or file.  libcrypto.so.1 is in openssl-0.9.6-3
and
>later.
>
>i have some thoughts on the rest of this, having btdt, but i'm not 
>anything like an expert, so you might want to wait until jon carnes
weighs 
>in before you act on any of my suggestions. :)
>
>> [root at dogbert updates]# rpm -Fvh --test openssh*
>> error: failed dependencies:
>>         libcrypto.so.1   is needed by openssh-2.9p2-11.7
>>         libcrypto.so.1   is needed by openssh-clients-2.9p2-11.7
>>         libcrypto.so.1   is needed by openssh-server-2.9p2-11.7
>>         libc.so.6(GLIBC_2.2.4)   is needed by
>> openssh-server-2.9p2-11.7
>
>looks like this is telling you that the new version of openssh
you're
>trying to install wants a newer version of openssl than you
currently have
>(which you probably already know) and a newer version of glibc than
you
>currently have (which is more complicated). what distro/version are
you
>trying to install this onto?
>
>> [root at dogbert updates]# rpm -Fvh --test openssl*
>> error: failed dependencies:
>>         libcrypto.so.0 is needed by cyrus-sasl-1.5.24-11
>>         libcrypto.so.0 is needed by python-1.5.2-27
>>         libcrypto.so.0 is needed by imap-2000-3
>>         libcrypto.so.0 is needed by pine-4.30-2
>>         libcrypto.so.0 is needed by samba-2.0.7-21ssl
>>         libcrypto.so.0 is needed by samba-client-2.0.7-21ssl
>>         libcrypto.so.0 is needed by samba-common-2.0.7-21ssl
>>         libcrypto.so.0 is needed by openssh-2.1.1p4-1
>>         libcrypto.so.0 is needed by openssh-clients-2.1.1p4-1
>>         libcrypto.so.0 is needed by openssh-server-2.1.1p4-1
>>         libcrypto.so.0 is needed by stunnel-3.8p4-1
>>         libcrypto.so.0 is needed by mod_ssl-2.6.6-25
>>         libssl.so.0 is needed by python-1.5.2-27
>>         libssl.so.0 is needed by imap-2000-3
>>         libssl.so.0 is needed by pine-4.30-2
>>         libssl.so.0 is needed by samba-2.0.7-21ssl
>>         libssl.so.0 is needed by samba-client-2.0.7-21ssl
>>         libssl.so.0 is needed by samba-common-2.0.7-21ssl
>>         libssl.so.0 is needed by stunnel-3.8p4-1
>>         libssl.so.0 is needed by mod_ssl-2.6.6-25
>
>looks like this is telling you something different - that if you
upgrade
>openssl, it will break that list of packages, all of which are
dependent
>on an older version of openssl.  (in other words, if those require
>libcrypto.so.0, and the new version of openssl only has
libcrypto.so.1,
>then you'll have to upgrade all of those packages if you install the
new
>version of openssl.).
>
>since you're not going to get the new openssh running with your
current
>version of glibc, imho your best bet is to update your version of
your
>distro.  my understanding (which could be wrong, but i tend to err
on the
>side of caution for this one) is that upgrading glibc by itself is a
>really fast way to trash your system unless you know exactly what
you're
>doing, since practically everything depends on it.
>
>hope this helps.  let me know if you have any further questions -
i'm
>running openssh-2.9p2-12, which i upgraded from the 2.9p2-(something
>smaller than 12) that came with rh7.2.  if you have the latest
version of
>everything else, the upgrade is actually seamless. *wry grin*
>
>							lisa
>
>-- 
>lisa lorenzin   |   lorenzin at 1000plus.com   |  
>http://www.1000plus.com/lisa/
># find / -user your -name base -print0 | xargs -0 chown us
>
>
>
>_______________________________________________
>TriLUG mailing list
>http://www.trilug.org/mailman/listinfo/trilug






More information about the TriLUG mailing list