On Wed, Mar 02, 2016 at 11:57:35PM +0100, Raphael Manfredi wrote: > Package: openssl > Version: 1.0.1e-2+deb7u20 > Severity: important > > After an "apt-get upgrade" in Debian wheezy, my openssl is unusable. > Launching: > > $ openssl -v > openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version > `OPENSSL_1.0.1s' not found (required by openssl) > > Doing the same operation on a 32-bit wheezy system with the exact same > version (1.0.1e-2+deb7u20 i386) does not exhibit the problem, so this > seems to be a broken dependency for 64-bit machines. > On the 32-bit system, I do have libssl1.0.0 at version 1.0.1e-2+deb7u20. > > On the 64-bit system, my libssl1.0.0 is version 1.0.1k-1 and there does > not seem to be a newer version, since a manual "apt-get install" does > nothing on that package.
The annoying problem with introducing new symbols in a stable release is that you have to introduce it in 2 different versions. You need either >= 1.0.1e-2+deb7u20 or 1.0.1k-3+deb8u3. I need to think how to prevent this. > ii libssl1.0.0 1.0.1k-1 You should really upgrade (or downgrade) that version. That's not from any release. It's from just before the jessie release and has many known security issues. Kurt
