Bug#828608: Building with OpenSSL 1.0.2 is sufficient for stretch
Ferenc Wágner
wferi at niif.hu
Sun Dec 11 16:06:54 UTC 2016
Control: tags -1 + patch
Adrian Bunk <bunk at stusta.de> writes:
> On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote:
>
>> Adrian Bunk <bunk at stusta.de> writes:
>>
>>> Not a perfect solution but sufficient for stretch is the patch below to
>>> use OpenSSL 1.0.2
>>> [...]
>>> libcurl4-openssl-dev,
>>> liblog4shib-dev,
>>> - libssl-dev,
>>> + libssl1.0-dev | libssl-dev (<< 1.1.0~),
>>
>> As previously established in this bug report, XMLTooling and cURL must
>> use the same OpenSSL version, because they exchange SSL_CTX pointers.
>> I think the only sensible way out would be introducing an OpenSSL 1.0
>> flavour of curl, and build-depending on libcurl4-openssl1.0-dev here.
>> See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844263.
>
> Having two different OpenSSL flavours of curl would open a whole new set
> of problems, like what happens when a binary ends up linking both.
>
> Also note that due to the freeze deadlines any solution must be
> in a non-RC state in unstable before Christmas, to allow packages
> like moonshot-gss-eap to re-enter testing before January 5th.
>
> The best available solution is to force all r-(b)deps of libcurl4
> to stay at 1.0.2 for stretch:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018#10
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018#69
Do you mean that curl itself will stay with OpenSSL 1.0 in stretch? I
haven't noticed this decision, but I'm certainly happy with it. Sorry,
your patch is correct then. Shall I upload ASAP, or wait for the
switchover in curl?
--
Feri
More information about the Pkg-shibboleth-devel
mailing list