Control: tags -1 + patch Adrian Bunk <b...@stusta.de> writes:
> On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote: > >> Adrian Bunk <b...@stusta.de> writes: >> >>> Not a perfect solution but sufficient for stretch is the patch below to >>> use OpenSSL 1.0.2 >>> [...] >>> libcurl4-openssl-dev, >>> liblog4shib-dev, >>> - libssl-dev, >>> + libssl1.0-dev | libssl-dev (<< 1.1.0~), >> >> As previously established in this bug report, XMLTooling and cURL must >> use the same OpenSSL version, because they exchange SSL_CTX pointers. >> I think the only sensible way out would be introducing an OpenSSL 1.0 >> flavour of curl, and build-depending on libcurl4-openssl1.0-dev here. >> See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844263. > > Having two different OpenSSL flavours of curl would open a whole new set > of problems, like what happens when a binary ends up linking both. > > Also note that due to the freeze deadlines any solution must be > in a non-RC state in unstable before Christmas, to allow packages > like moonshot-gss-eap to re-enter testing before January 5th. > > The best available solution is to force all r-(b)deps of libcurl4 > to stay at 1.0.2 for stretch: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018#10 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018#69 Do you mean that curl itself will stay with OpenSSL 1.0 in stretch? I haven't noticed this decision, but I'm certainly happy with it. Sorry, your patch is correct then. Shall I upload ASAP, or wait for the switchover in curl? -- Feri
