On Wed, Dec 28, 2005 at 11:31:11AM +0100, Javier Fernández-Sanguino Peña wrote: > On Wed, Dec 28, 2005 at 02:16:26AM -0800, Steve Langasek wrote: > > > The issue should be fixed by recompiling the client against a set of the > > > libraries, and should affect only the 2.2.5-3 version under i386. Notice, > > > also that the package has an undeclared dependency on libssl0.9.7 (the > > > binary > > > is linked against that one).
> > Why do you say that?
> > $ dpkg -x n/nessus-core/nessus_2.2.5-3_i386.deb /tmp/nessus
> > $ ldd /tmp/nessus/usr/bin/nessus |grep ssl
> > libssl.so.0.9.8 => not found
> > $
> > I don't see any reason to think that 2.2.5-3 is linked against 0.9.7.
> Sorry, my mistake:
> * nessusd 2.2.5-3, the server, is linked against both 0.9.7 and
> 0.9.8
Ok, I don't see this either:
$ ldd /tmp/nessus/usr/sbin/nessusd|grep ssl
libssl.so.0.9.8 => not found
$
:)
Could you please explain why you believe nessusd is linked against both
versions of the library? To me, this bug looks like it's just an instance
of #338006.
> The 2.2.5-2 client works with the 2.2.5-3 and 2.2.5-2 server. The 2.2.5-3
> client does not work against any of the servers. It's the server that has an
> undeclared dependency (because it's linked against 0.9.7 but depends on just
> libssl0.9.8 (>= 0.9.8a-1)). A known fix is to have nessus, the server and
> client, link against just 0.9.7 (since it's known to work).
Well, that fix is not available to us, since there is no -dev package left
for openssl0.9.7.
> Moving to 0.9.8 might require a recompile of other nessus related packages
> (nasl and nessus-plugins) in order for all of that to work out, it might
> be another (better?) option.
Or the only option :)
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
