Greetings.
Executive summary:
I'd like to know if there is metadata that can be added to the Qt4 and Qt5
packages (qt4-x11 and qtbase-opensource-src) which will indicate that they
need to be binNMUed for OpenSSL transitions at nearly the same time that
Mumble gets binNMUed.
More detail:
Qt (both 4 and 5) use dlopen() to load libssl/libcrypto libraries [see lines
634-654]:
https://github.com/qtproject/qtbase/blob/dev/src/network/ssl/qsslsocket_openssl_symbols.cpp#L624-L727
and as a result during OpenSSL transitions where there's a library rename,
two different copies of libssl/libcrypto can get loaded when running
Mumble... one version Qt is compiled with, and one version Mumble is
compiled with, and they may have ABI differences.
This situation is non-trivial and caused Mumble to break (#804363) because
the SSL library wasn't getting initialized, and we believe the patch that
was used to fix this bug may be initializing both copies of SSL during the
transition period, and because of the unknown of what this might cause,
Mumble upstream is likely to implement code to disallow Mumble to continue
running when two different copies of libssl/libcrypto are loaded:
https://github.com/mumble-voip/mumble/pull/2124
We're hoping that there's some way that metadata could be added (somewhere)
such that the Qt source packages and Mumble can be binNMUed/rebuilt around
the same time for OpenSSL transitions.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#97
Is this possible?