On 03/29/2010 05:42 AM, Jon Peatfield wrote:
> On Mon, 29 Mar 2010, Jon Peatfield wrote:
>
>> On Mon, 29 Mar 2010, Faye Gibbins wrote:
>>
>>>   When trying to collect a https address, e.g:
>>>
>>>   lftp -c "get https://www.example.com/foo.tar.gz -o /tmp/foo.tar.gz"
>>>
>>>   lftp reports:
>>>
>>>   fgibbins$ lftp -c "get https://www.example.com/foo.tar.gz -o
>>>   /tmp/foo.tar.gz"
>>>   /usr/lib/libgnutls.so.13: symbol gcry_cipher_setkey, version GCRYPT_1.2
>>>   not defined in file libgcrypt.so.11 with link time reference
>>>   get: https - not supported protocol
>>>   fgibbins$
>>
>> Once of our users reported the same problem this morning on our sl53 machines
>> - we did the gnutls security update on Saturday morning...
>>
>>>
>>>   (Some domain names have been changed to protect the innocent)
>>>
>>>   Any thoughts on how to fix this?
>>
>> It appears that sl54 ships with a newer libgcrypt (1.4.4) so bindings to that
>> may have gotten into something that prevents it from working on earlier
>> versions of sl5x...
>>
>> I'm about to test pulling over the newer libgcrypt onto an sl53 box...
>
> Just to confirm, updating to libgcrypt-1.4.4-5.el5 seems to fix it on both
> i386 and x86_64 machines...
>
>    -- Jon

Oh, the wonders of compatibilities. and how one package breaks another.
I will put the proper libgcrypt packages into testing today, and if 
everyone is agreed that it works and fixes the problem, without creating 
others, I'll push it out into the security errata tomorrow.
Troy
-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LSCS/CSI/USS Group
__________________________________________________