[Pkg-openssl-devel] Question on Debian OpenSSL

Kurt Roeckx kurt at roeckx.be
Wed Dec 27 12:04:40 UTC 2006 

On Sun, Dec 24, 2006 at 02:03:00AM +0800, imacat wrote:
> Dear Christoph Martin,
> 
>     Hi.  This is imacat from Taiwan.  I saw that you are the maintainer
> of Debian OpenSSL.
> 
>     I have a machine that installs Debian Etch for some reason.  It
> comes with OpenSSL 0.9.8c.  And I override it with OpenSSL 0.9.8d I
> compiled from source from the OpenSSL official website.  Now all the
> Debian binary packages depending on libssl generates a warning:

The package in debian might be called 0.9.8c, but it actually takes the
security updates from 0.9.8d.  There is only 1 change in d that isn't in
the Debian package.

> 
> imacat at atlas ~ % wget --version
> wget: /usr/lib/libcrypto.so.0.9.8: no version information available (required by wget)
> wget: /usr/lib/libssl.so.0.9.8: no version information available (required by wget)
> GNU Wget 1.10.2
> ...

The package in Debian is compiled with symbol versioning which upstream
doesn't do.  This is to avoid problems on library upgrades.

Everything that that links to openssl in Debian knows that it was using
those symbol versioning.  Since you now don't have have those symbols,
it's complaining.

>     I'm very confused since I have many cron jobs that's using wget, etc. 
> These warnings filled up my mailbox.
> 
>     I tried to investigate this issue.  It seems that somewhere in the
> Debian patch openssl_0.9.8c-4.diff.gz makes the difference.  OpenSSL
> 0.9.8c without the patch generate the same warnings.  But I couldn't go
> further on this.  I'm avoiding to re-compile everything referring to
> Debian OpenSSL, that is, wget, etc.
> 
>     Could you tell me how I can avoid this warning?  Which part of this
> patch caused this?  Where can I find a clue on this?  Or is it a bug
> that should be filed upon Debian OpenSSL?

In Configure this change:
+$shared_ldflag .= " -Wl,--version-script=openssl.ld";

And you also need the openssl.ld file.


But can I suggest you just use the Debian package and upgrade that,
instead building your own?  You might run into other problems using the
upstream version that the Debian version doesn't have.


Kurt

More information about the Pkg-openssl-devel mailing list