Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only

  • 1.  Openssh 9.x for AIX 7.3 TL1

    Posted Mon March 06, 2023 03:04 AM

    Dear community,

    I'm struggling compiling openssh V9.2 on an AIX 7.3 TL1 LPAR.

    The problem seems to that there are still headers installed for openssl 1.1 additionally to the the openssl 3.0.7
    Here is the the message I get from ./configure

    checking for openssl... /usr/bin/openssl
checking for openssl/opensslv.h... yes
checking OpenSSL header version... 30000070 (OpenSSL 3.0.7 1 Nov 2022)
checking for OpenSSL_version... yes
checking for OpenSSL_version_num... yes
checking OpenSSL library version... 101010cf (OpenSSL 1.1.1l  24 Aug 2021)
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
        library. Check config.log for details.
        If you are sure your installation is consistent, you can disable the check
        by running "./configure --without-openssl-header-check".
        Also see contrib/findssl.sh for help identifying header/library mismatches.

    Compiling with AIX 7.2 is working well, no errors.
    Any idea how I can solve this issue on AIX 7.3 TL1?

    Many thanks to you all in advance.

    best regards.



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    #AIXOpenSource


  • 2.  RE: Openssh 9.x for AIX 7.3 TL1

    Posted Mon March 06, 2023 06:04 AM

    from the releasenotes...

    * configure: refuse to use OpenSSL 3.0.4 due to potential RCE in its
   RSA implementation (CVE-2022-2274) on x86_64.

    smells like there might be a culprit with openssl v3...but i can be mistaken anyway



    ------------------------------
    I regret starting this entire conversation
    ------------------------------

    Original Message


  • 3.  RE: Openssh 9.x for AIX 7.3 TL1

    Posted Mon March 06, 2023 06:06 AM

    as a sidenote...i forgot..i see no real reason compiling openssh for aix from source...its provided by ibm as an lpp



    ------------------------------
    I regret starting this entire conversation
    ------------------------------

    Original Message


  • 4.  RE: Openssh 9.x for AIX 7.3 TL1

    Posted Mon March 06, 2023 06:44 AM

    Hi C- -T ,

    correct, openssh is available as lpp source, but...

    the only available version is 8.1 and we would need at min. 8.2 for FIDO support.

    Regarding the release notes: Thanks for pointing out... I thought with the LPP Version of openssl 3.0.7 we would be save... looks like we're not.

    best regards,
    Joerg



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


  • 5.  RE: Openssh 9.x for AIX 7.3 TL1

    Posted Mon March 06, 2023 11:32 AM

    I think this is happening because AIX openssl has removed support for all deprecated APIs but looks like not all packages have done that.

    So AIX is going to fix and a new openssl fileset will be uploaded on AIX web download soon. ETA end of this week.

    Once openssl 3.0.8 is available from AIX web download please try with that and see if your issue get resolved.

     

    Thanks,

     

    Sanket Rathi

     




    Original Message


  • 6.  RE: Openssh 9.x for AIX 7.3 TL1

    Posted Tue March 07, 2023 03:29 AM

    Hello Sanket,

    many thanks, that sounds great... 

    I will take a look at it next week.

    best regards,
    Joerg



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


Related Content