Bug#828608: Building with OpenSSL 1.0.2 is sufficient for stretch

Adrian Bunk bunk at stusta.de
Sun Dec 11 15:14:23 UTC 2016

On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote:
> Control: tags -1 - patch
> Adrian Bunk <bunk at stusta.de> writes:
> > Not a perfect solution but sufficient for stretch is the patch below to 
> > use OpenSSL 1.0.2
> > [...]
> >   libcurl4-openssl-dev,
> >   liblog4shib-dev,
> > - libssl-dev,
> > + libssl1.0-dev | libssl-dev (<< 1.1.0~),
> As previously established in this bug report, XMLTooling and cURL must
> use the same OpenSSL version, because they exchange SSL_CTX pointers.
> I think the only sensible way out would be introducing an OpenSSL 1.0
> flavour of curl, and build-depending on libcurl4-openssl1.0-dev here.
> See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844263.

Having two different OpenSSL flavours of curl would open a whole new set 
of problems, like what happens when a binary ends up linking both.

Also note that due to the freeze deadlines any solution must be
in a non-RC state in unstable before Christmas, to allow packages
like moonshot-gss-eap to re-enter testing before January 5th.

The best available solution is to force all r-(b)deps of libcurl4
to stay at 1.0.2 for stretch:

> Regards,
> Feri



       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

More information about the Pkg-shibboleth-devel mailing list