Bug#668271: libssh2-1: The libssh2 has several limitations when configured --with-libgcrypt. Please do not use libgcrypt.
Hi Le 2021-03-26 à 21 h 22, Bastian Germann a écrit : there is no requirement of an OpenSSL clause anymore. FTP Masters have reconsidered the use of OpenSSL and it can be used by GPL software now with invoking the system library exception. See the last comments on #924937. It would be very appreciated if you could switch to building with OpenSSL before full bullseye freeze! Thanks for the information, I'll upload a new package to fix the issue! /Nicolas OpenPGP_0xFE82139440BD22B9.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Bug#668271: libssh2-1: The libssh2 has several limitations when configured --with-libgcrypt. Please do not use libgcrypt.
On Tue, 10 Apr 2012 17:26:46 +0200 Mikhail Gusarov wrote: apt-rdepends -r libssh2-1 lists at least 2556 packages, so enabling OpenSSL would require all GPL-ed reverse-depends to add a clause to their license that allows the package in question to be linked against OpenSSL. According to GPL usage statistics and amount of subpackages amongst the reverse-depends, it amounts to ~500 upstream projects to change their license. Once it is done, I will definitely change the libssh2 backend. Hi, there is no requirement of an OpenSSL clause anymore. FTP Masters have reconsidered the use of OpenSSL and it can be used by GPL software now with invoking the system library exception. See the last comments on #924937. It would be very appreciated if you could switch to building with OpenSSL before full bullseye freeze! Thanks, Bastian
Bug#668271: libssh2-1: The libssh2 has several limitations when configured --with-libgcrypt. Please do not use libgcrypt.
Package: libssh2-1 Version: 1.4.0-1 Severity: normal This case reported already in one of tools whis uses libssh2: https://support.zabbix.com/browse/ZBX-4850 Here is almost the same description: Debain'n package is using Libgcrypt: http://packages.debian.org/squeeze/libssh2-1 Why it happened? Here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409362 And as result Debian's package is using Libgcrypt :( In the same time openssh-client is using only OpenSSL: http://packages.debian.org/squeeze/openssh-client so, the problen is not visible when try an private key *with* passphrase from console (by openssh-client). Quoting Simon: The Libgcrypt backend in libssh2 contains a hand written slimmed down ASN.1 parser to read out the RSA key, but it does not support any of the PKCS* encrypted forms of RSA keys. The OpenSSL backend in libssh2 uses OpenSSL to read the keys, so it supports whatever private key formats that OpenSSL supports. and Are you using libgcrypt or OpenSSL as the backend? The libgcrypt backend can only read unencrypted private keys. Sources: http://www.mail-archive.com/libssh2-devel@cool.haxx.se/msg02226.html http://www.mail-archive.com/libssh2-devel@cool.haxx.se/msg02057.html From a #libssh2 on a Freenode I learned that Simon is the author of the libgcrypt backend for libssh The library libssh2 for several other checked distros (centos, gentoo) and freebsd is using default OpenSSL So, I'd suggest to discard changes performed in the http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409362 Thanks! -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libssh2-1 depends on: ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr ii multiarch-support 2.13-27 Transitional package to ensure mul ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime libssh2-1 recommends no packages. libssh2-1 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#668271: libssh2-1: The libssh2 has several limitations when configured --with-libgcrypt. Please do not use libgcrypt.
Oleksiy, apt-rdepends -r libssh2-1 lists at least 2556 packages, so enabling OpenSSL would require all GPL-ed reverse-depends to add a clause to their license that allows the package in question to be linked against OpenSSL. According to GPL usage statistics and amount of subpackages amongst the reverse-depends, it amounts to ~500 upstream projects to change their license. Once it is done, I will definitely change the libssh2 backend. -- pgpiDnpweDwMT.pgp Description: PGP signature
