Niels, do you think this might get resolved in time to make the freeze deadline? I would like to enter freeze with up-to-date PHP version, so I don't have to upload to testing-security right away ;)
Cheers, -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver On Sun, Jan 22, 2017, at 08:37, Niels Thykier wrote: > Sebastian Andrzej Siewior: > > On 2017-01-20 21:36:00 [+0000], Niels Thykier wrote: > >> Hi Ondřej, > >> > >> Sorry for being the "messenger" triggering this issue in php7.0. > >> > >> Kurt/Sebastian, what are you recommendations here? Should we migrate > >> net-snmp itself to ssl1.1 (possibly with all of its rdeps) or can we > >> detangle net-snmp and php7 from each other in a graceful manner? > > > > [...] I grep the deps [0] and didn't find a user of > > cert_util.h so it looks like nobody cares about that. > > > > Thanks. :) > > Codesearch also appears to agree with this (assuming we are only looking > at rdeps). :) Internally, snmp appears to have a few uses of it. > > > I would suggest to drop the the libssl1.0-dev dep in libsnmp-dev and add > > a guard cert_util.h to ensure openssl's version is less than 1.1.0 in > > case someone tries to use this on its own. > > The header file is used internally by snmp, so this change implies > upgrading snmp to ssl1.1. All in all, we need to: > > * Apply the patch in #828449 > > * Remove "libssl1.0-dev | libssl-dev (<< 1.1)" from Depends and add a > "libssl-dev" to Suggests in the the "-dev" package? > > * Add an "#if"-guard rejecting ssl1.0 in the cert_util.h file. > (Can you provide me with an example/patch for the guard?) > > > I will try to make that change tomorrow and rebuild the packages [0]. > > > > [...] > > Thanks. Let me know how it goes. I am happy to do the upload if your > test says go and you can provide me with the "#if"-guard. (apparently, > net-snmp also needs an unrelated patch for pie - see #852023) > > > Thanks, > ~Niels > >
