[SRU] SSL/TLS features are disabled because of new version of OpenSSL

Bug #1072725 reported by Linda Hanigan on 2012-10-29
This bug affects 5 people
Affects Status Importance Assigned to Milestone
ckermit (Ubuntu)

Bug Description

Here is the error message given by ckermit at start up

?OpenSSL libraries do not match required version:
  . C-Kermit built with OpenSSL 1.0.0e 6 Sep 2011
  . Version found OpenSSL 1.0.1 14 Mar 2012
  OpenSSL versions prior to 1.0.0 must be the same.
  Set LD_LIBRARY_PATH for OpenSSL 1.0.0e 6 Sep 2011.
  Or rebuild C-Kermit from source on this computer to make versions agree.
  C-Kermit makefile target: linux+krb5+openssl
  Or if that is what you did then try to find out why
  the program loader (image activator) is choosing a
  different OpenSSL library than the one specified in the build.

  All SSL/TLS features disabled.

C-Kermit 9.0.302 OPEN SOURCE:, 20 Aug 2011, for Linux+SSL+KRB5 (64-bit)
 Copyright (C) 1985, 2011,
  Trustees of Columbia University in the City of New York.

Incompatiable with version of OpenSSL that is part of 12.04.1 LTS
Synaptic shows ckermit 302-1 and OpenSLL 1.0.1-4ubunutu5.5

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ckermit 302-1
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
Uname: Linux 3.2.0-32-generic x86_64
ApportVersion: 2.0.1-0ubuntu14
Architecture: amd64
Date: Mon Oct 29 08:32:20 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
 PATH=(custom, user)
SourcePackage: ckermit
UpgradeStatus: No upgrade log present (probably fresh install)

Linda Hanigan (haniganwork) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

summary: - wrong version OpenSLL
+ wrong version OpenSSL
information type: Private Security → Public

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ckermit (Ubuntu):
status: New → Confirmed
Chris Good (chris-good) wrote :

As I could not find on the internet any other solution, I'm going to document here how I compiled ckermit 9.0.302 on my Ubuntu 12.04.1 LTS:

1) Download cku302.tar.gz from http://www.columbia.edu/kermit/ck90.html#source
to /usr/local/src/ckermit
2) gunzip -c cku302.tar.gz | tar xf -
3) make linux+krb5+ssl
compilation failed: openssl/comp.h: No such file or directory
4) Install package libssl-dev: apt-get install libssl-dev
5) Also needed packages libkrb5-dev & libpam0g-dev
6) Compilation failed: /usr/bin/ld: cannot find -lgssapi
libgssapi-krb5-2 was already installed which contains /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
        but not libgssapi.so...
These do exist (part of package libgssapi3-heimdal:

I'm not sure if I should be using krb5 MIT or heimdal.
I don't need krb5 anyway.

7) make linux+ssl
Now compilation failed complaining about missing curses symbols...
8) change makefile in section linux:
        if test -f /usr/lib64/libncurses.so || \
           test -f /usr/lib/libncurses.a || \
           test -f /usr/lib/libncurses.so; then \
          HAVE_LIBCURSES='-lncurses'; \
        else if test -f /usr/lib64/libcurses.so || \
           test -f /usr/lib/libcurses.a || \
           test -f /usr/lib/libcurses.so; then \
             HAVE_LIBCURSES='-lcurses'; fi; fi; \
        if test -f /usr/lib64/libncurses.so || \
           test -f /usr/lib/libncurses.a || \
           test -f /lib/x86_64-linux-gnu/libncurses.so.5 || \ ### add this line - do not include this comment###
           test -f /usr/lib/libncurses.so; then \
          HAVE_LIBCURSES='-lncurses'; \
        else if test -f /usr/lib64/libcurses.so || \
           test -f /usr/lib/libcurses.a || \
           test -f /usr/lib/libcurses.so; then \
             HAVE_LIBCURSES='-lcurses'; fi; fi; \

9) make linux+ssl
(Clean compiled now.)

David Grayson (davidegrayson) wrote :

Well, it's been a year and the problem hasn't been fixed yet, so we still see this annoying message every time we run kermit on Ubuntu 12.04. Is there anything I can do to help out? I've built a Debian package before so I kind of know the basics.

Norbert (nrbrtx) on 2014-05-30
summary: - wrong version OpenSSL
+ [SRU] wrong version OpenSSL
tags: removed: amd64

Same here on Ubuntu 12.04.4 i686.

We need an SRU for ckermit package.
Please recompile (and publish) ckermit package linked to new version of the OpenSSL.

summary: - [SRU] wrong version OpenSSL
+ [SRU] SSL/TLS features are disabled because of new version of OpenSSL
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers