Backporting to stretch: OpenSSL versions mix
wferi at niif.hu
wferi at niif.hu
Fri Mar 22 14:04:51 GMT 2019
Etienne Dysli Metref <etienne.dysli-metref at switch.ch> writes:
> My backport without the padding also failed, printing 38, 133, 106.
> Since testOpenSSLDSA failed during the build I tried it too in the
> same loop and it also randomly fails. Swapping libxml-security-c20 for
> the one with your patch [60acda36], I can run the loop without
> failure. So your patch is indeed required.
Hi Etienne,
Thanks for the testing!
>>> In 36577efb, you used `libssl1.0-dev (>= 1.0.1)` while other
>>> packages (xmltooling in debian/stretch for example) have
>>> `libssl1.0-dev | libssl-dev (<< 1.1.0~)`. The latter looks safer,
>>> but is it really better?
>>
>> I just reverted to what it was. The latter is backporting-safe, so
>> if you plan to backport the SP3 stack to jessie, it's a better
>> choice.
>
> I don't plan to backport the SP3 to jessie because xerces 3.2 isn't
> available there, but I still prefer to use the backporting-safe
> dependency.
OK. Feel free to replace 36577efb4 with the other form. The 1.0.1
lower bound to have AES-GCM lost its significance after squeeze.
> Unless you disagree, I'll rebase wferi/debian/stretch-backports onto
> debian/stretch-backports and run with that for the other packages.
I'm not sure I'd call it rebase, but the plan is pretty clear, so go
ahead!
--
Thanks,
Feri
More information about the Pkg-shibboleth-devel
mailing list