[Pkg-openssl-devel] Bug#833328: Bug#833328: Bug#833328: openssl does not start on x86_64: version `OPENSSL_1.0.1s' not found

[Kurt Roeckx]

On Wed, Aug 03, 2016 at 10:48:42PM +0200, Sebastian Andrzej Siewior wrote:
> On 2016-08-03 17:06:22 [+0200], Kurt Roeckx wrote:
> > You're using openssl from stable but libssl1.0.0 from backports.
> > 
> > It's rather annoying, but I wasn't sure how to deal with it.  I
> > guess I should add a Breaks in the backports version.
> 
> I think the linker version script is wrong. In stable we have:
> 
> OPENSSL_1.0.1s {
> global:
> 	SRP_VBASE_get1_by_user;
> 	SRP_user_pwd_free;
> }
> 
> and bpo we have
> 
> OPENSSL_1.0.2g {
> global:
> 	SRP_VBASE_get1_by_user;
> 	SRP_user_pwd_free;
> }
> 
> I think we have to use 1.0.1s unless there was a ABI change. If there
> was a change we would need to update the symbols files.
> nginx (bpo) picked up the correct dependency due to the ALPN symbols so
> that worked as planned :)
> 
> If I read codesearch.d.n right then openssl is the only use of those two
> symbols so nothing else should be affected.

The problem is that both 1.0.1s and 1.0.2g introduced those symbol
in a security update, and I didn't know what to do with it.

For things in unstable that want to use the symbols, you really
want to have at least 1.0.2g.

I still don't see a good solution for this, other than packages
that make use of those symbols to break on the 1.0.1 version.


Kurt