On Wed, Aug 03, 2016 at 10:48:42PM +0200, Sebastian Andrzej Siewior wrote:
> On 2016-08-03 17:06:22 [+0200], Kurt Roeckx wrote:
> > You're using openssl from stable but libssl1.0.0 from backports.
> >
> > It's rather annoying, but I wasn't sure how to deal with it. I
> > guess I should add a Breaks in the backports version.
>
> I think the linker version script is wrong. In stable we have:
>
> OPENSSL_1.0.1s {
> global:
> SRP_VBASE_get1_by_user;
> SRP_user_pwd_free;
> }
>
> and bpo we have
>
> OPENSSL_1.0.2g {
> global:
> SRP_VBASE_get1_by_user;
> SRP_user_pwd_free;
> }
>
> I think we have to use 1.0.1s unless there was a ABI change. If there
> was a change we would need to update the symbols files.
> nginx (bpo) picked up the correct dependency due to the ALPN symbols so
> that worked as planned :)
>
> If I read codesearch.d.n right then openssl is the only use of those two
> symbols so nothing else should be affected.
The problem is that both 1.0.1s and 1.0.2g introduced those symbol
in a security update, and I didn't know what to do with it.
For things in unstable that want to use the symbols, you really
want to have at least 1.0.2g.
I still don't see a good solution for this, other than packages
that make use of those symbols to break on the 1.0.1 version.
Kurt
