Bug#828608: Building with OpenSSL 1.0.2 is sufficient for stretch
bunk at stusta.de
Sun Dec 11 15:14:23 UTC 2016
On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote:
> Control: tags -1 - patch
> Adrian Bunk <bunk at stusta.de> writes:
> > Not a perfect solution but sufficient for stretch is the patch below to
> > use OpenSSL 1.0.2
> > [...]
> > libcurl4-openssl-dev,
> > liblog4shib-dev,
> > - libssl-dev,
> > + libssl1.0-dev | libssl-dev (<< 1.1.0~),
> As previously established in this bug report, XMLTooling and cURL must
> use the same OpenSSL version, because they exchange SSL_CTX pointers.
> I think the only sensible way out would be introducing an OpenSSL 1.0
> flavour of curl, and build-depending on libcurl4-openssl1.0-dev here.
> See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844263.
Having two different OpenSSL flavours of curl would open a whole new set
of problems, like what happens when a binary ends up linking both.
Also note that due to the freeze deadlines any solution must be
in a non-RC state in unstable before Christmas, to allow packages
like moonshot-gss-eap to re-enter testing before January 5th.
The best available solution is to force all r-(b)deps of libcurl4
to stay at 1.0.2 for stretch:
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
More information about the Pkg-shibboleth-devel