Bug#802159: New OpenSSL upstream version

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

[dropped explicit CCs to RT and TC members]

On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > So from what I'm gathering, this looks like a case where there isn't
> > enough eyeballs to adequately review this particularly set of updates,
> > coupled with the importance of making sure that these updates are
> > correct and don't cause any unintended issues.
> 
> There is always the case that one persons bug is an other persons
> feature.  But those new upstream versions have been in stable and
> testing for a while now without actually breaking anything.

(I'm assuming "unstable".)

Even a naively filtered diff - excluding documentation and tests -
between the 1.0.1k tag and HEAD on upstream's stable branch is much
larger than I'd imagined (1091 files changed, 73609+, 68591-), but
paging through it there's a significant amount of "no-op" changes such
as

-               seed_len,
-               param_len;
+     seed_len, param_len;

that git diff is sadly too dumb to be able to ignore (or I'm too dumb to
be able to drive it to do so).

Do we have an approximate idea of how far divorced from upstream's
1.0.1e/k releases the corresponding packages in wheezy and jessie
currently are? 

Regards,

Adam