[Pkg-openssl-devel] Bug#895547: Bug#895547: openssl: After symbol versioning, distributed pkgs are missing API symbols (e.g. EVP_PKEY_asn1_set_item)

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Fri Apr 13 21:31:09 BST 2018


On 2018-04-13 23:20:07 [+0300], Nicola wrote:
> On 13 April 2018 at 22:45, Sebastian Andrzej Siewior
> <sebastian at breakpoint.cc> wrote:
> > On 2018-04-12 13:08:57 [+0000], Nicola Tuveri wrote:
> >> Package: openssl
> >> Version: 1.0.2l-1~bpo8+1
> >> Severity: important
> >> Tags: patch
> >
> > backports?
> >
> 
> Yes, old-stable backports.

I see this in the version. You are two versions behind and there were a
few CVEs released. I couldn't upload earlier, I would need to check if
it changed but I did not receive a message that it did.

> >> I marked this bug as important, as it stops everyone using official
> >> debian packages from using third-party ENGINEs that require to use that
> >> function to set special handling of ASN.1 format, which basically
> >> includes every ENGINE that would add support for cryptosystems that
> >> upstream OpenSSL does not support (defying the purpose of using some
> >> ENGINEs).
> >
> > Not everyone. It should work in stable, doesn't it?
> 
> Yes, my application does work in stable. Has symbol versioning been
> completely disabled there?
> 
> Or am I just lucky that the function I need was whitelisted when the
> versioning script was created for the new release, but the same bug
> can still resurface for the symbol OPENSSL_foobar_magic in future
> OpenSSL 1.1.0x?

If I am not mistaken the versioning is still in place but differently /
with upstream support. So it should remain working.
Can we consider this issue closed?

> Thanks for your reply,
> 
> Nicola

Sebastian



More information about the Pkg-openssl-devel mailing list