[SRU] SSL/TLS features are disabled because of new version of OpenSSL

Bug #1072725 reported by Linda Hanigan on 2012-10-29
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
ckermit (Ubuntu)
Undecided
Unassigned

Bug Description

Here is the error message given by ckermit at start up

?OpenSSL libraries do not match required version:
  . C-Kermit built with OpenSSL 1.0.0e 6 Sep 2011
  . Version found OpenSSL 1.0.1 14 Mar 2012
  OpenSSL versions prior to 1.0.0 must be the same.
  Set LD_LIBRARY_PATH for OpenSSL 1.0.0e 6 Sep 2011.
  Or rebuild C-Kermit from source on this computer to make versions agree.
  C-Kermit makefile target: linux+krb5+openssl
  Or if that is what you did then try to find out why
  the program loader (image activator) is choosing a
  different OpenSSL library than the one specified in the build.

  All SSL/TLS features disabled.

C-Kermit 9.0.302 OPEN SOURCE:, 20 Aug 2011, for Linux+SSL+KRB5 (64-bit)
 Copyright (C) 1985, 2011,
  Trustees of Columbia University in the City of New York.

Incompatiable with version of OpenSSL that is part of 12.04.1 LTS
Synaptic shows ckermit 302-1 and OpenSLL 1.0.1-4ubunutu5.5

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ckermit 302-1
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
Uname: Linux 3.2.0-32-generic x86_64
ApportVersion: 2.0.1-0ubuntu14
Architecture: amd64
Date: Mon Oct 29 08:32:20 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ckermit
UpgradeStatus: No upgrade log present (probably fresh install)

Linda Hanigan (haniganwork) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

summary: - wrong version OpenSLL
+ wrong version OpenSSL
information type: Private Security → Public

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ckermit (Ubuntu):
status: New → Confirmed
Chris Good (chris-good) wrote :

As I could not find on the internet any other solution, I'm going to document here how I compiled ckermit 9.0.302 on my Ubuntu 12.04.1 LTS:

1) Download cku302.tar.gz from http://www.columbia.edu/kermit/ck90.html#source
to /usr/local/src/ckermit
2) gunzip -c cku302.tar.gz | tar xf -
3) make linux+krb5+ssl
compilation failed: openssl/comp.h: No such file or directory
4) Install package libssl-dev: apt-get install libssl-dev
5) Also needed packages libkrb5-dev & libpam0g-dev
6) Compilation failed: /usr/bin/ld: cannot find -lgssapi
libgssapi-krb5-2 was already installed which contains /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
        but not libgssapi.so...
These do exist (part of package libgssapi3-heimdal:
/usr/lib/x86_64-linux-gnu/libgssapi.so.3
/usr/lib/x86_64-linux-gnu/libgssapi.so.3.0.0

I'm not sure if I should be using krb5 MIT or heimdal.
I don't need krb5 anyway.

7) make linux+ssl
Now compilation failed complaining about missing curses symbols...
8) change makefile in section linux:
        if test -f /usr/lib64/libncurses.so || \
           test -f /usr/lib/libncurses.a || \
           test -f /usr/lib/libncurses.so; then \
          HAVE_LIBCURSES='-lncurses'; \
        else if test -f /usr/lib64/libcurses.so || \
           test -f /usr/lib/libcurses.a || \
           test -f /usr/lib/libcurses.so; then \
             HAVE_LIBCURSES='-lcurses'; fi; fi; \
to
        if test -f /usr/lib64/libncurses.so || \
           test -f /usr/lib/libncurses.a || \
           test -f /lib/x86_64-linux-gnu/libncurses.so.5 || \ ### add this line - do not include this comment###
           test -f /usr/lib/libncurses.so; then \
          HAVE_LIBCURSES='-lncurses'; \
        else if test -f /usr/lib64/libcurses.so || \
           test -f /usr/lib/libcurses.a || \
           test -f /usr/lib/libcurses.so; then \
             HAVE_LIBCURSES='-lcurses'; fi; fi; \

9) make linux+ssl
(Clean compiled now.)

David Grayson (davidegrayson) wrote :

Well, it's been a year and the problem hasn't been fixed yet, so we still see this annoying message every time we run kermit on Ubuntu 12.04. Is there anything I can do to help out? I've built a Debian package before so I kind of know the basics.

Norbert (nrbrtx) on 2014-05-30
summary: - wrong version OpenSSL
+ [SRU] wrong version OpenSSL
tags: removed: amd64

Same here on Ubuntu 12.04.4 i686.

We need an SRU for ckermit package.
Please recompile (and publish) ckermit package linked to new version of the OpenSSL.

summary: - [SRU] wrong version OpenSSL
+ [SRU] SSL/TLS features are disabled because of new version of OpenSSL
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers