Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 827054@bugs.debian.org
Subject: Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
From: Kurt Roeckx <kurt@roeckx.be>
Date: Mon, 13 Jun 2016 00:50:05 +0200
Message-id: <[🔎] 20160612225005.GA18497@roeckx.be>
Reply-to: Kurt Roeckx <kurt@roeckx.be>, 827054@bugs.debian.org
In-reply-to: <[🔎] 20160611213524.GA15442@roeckx.be>
References: <[🔎] 20160611173844.GA31040@roeckx.be> <[🔎] 1465678649.28959.10.camel@adam-barratt.org.uk> <[🔎] 20160611213524.GA15442@roeckx.be>

On Sat, Jun 11, 2016 at 11:35:24PM +0200, Kurt Roeckx wrote:
> On Sat, Jun 11, 2016 at 09:57:29PM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Sat, 2016-06-11 at 19:38 +0200, Kurt Roeckx wrote:
> > > The SSLv2 methods actually didn't exist in jessie, but some
> > > defaults where changed and the SSLv2 methods now in jessie just
> > > return NULL.  This removes the symbols again.  Exposing the
> > > symbols in the headers actually seems to have broken something,
> > > so this removes them again.  It was actually never the intention
> > > to introduce those symbols again.
> > [...]
> > > -CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib  enable-tlsext no-ssl2 no-ssl3
> > > +CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2 no-ssl2-method no-ssl3
> > 
> > Does this also affect the 1.0.2 tree? The 1.0.2h package in unstable has
> > no-ssl2, no-ssl3, no-ssl3-method but not no-ssl2-method.
> 
> You're right, it has the same problem.  I completly forgot that, and
> I even commited that myself.
> 
> The reason for splitting no-ssl2 into no-ssl2 and no-ssl2-method
> is that we turned no-ssl2 on by default and people were suprised
> that SSLv2_* methods actually got removed and it of course broke
> various distributions that didn't builld with no-ssl2.  So we
> changed the default to make those funtions return NULL instead by
> default, and then remove them with no-ssl2-method.

I should probably add that I don't intend to fix this in
testing/unstable.  There are probably reverse dependencies that
saw those symbols are available and then started using them again,
and so it would break things.  But I'm going to change to the 1.1
soname soon anyway, and it'll get fixed at that point.  Also, the
symbols are available but if you try to use them it's not going to
do anything useful.

But I'd like to remove them in stable again, since nothing there
should use on it now, and it broke something.


Kurt

Reply to:

Follow-Ups:
- Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
  - From: Julien Cristau <jcristau@debian.org>

References:
- Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
  - From: Kurt Roeckx <kurt@roeckx.be>
- Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
  - From: Kurt Roeckx <kurt@roeckx.be>

Prev by Date: Bug#827126: marked as done (nmu: libzypp_15.3.0-1)
Next by Date: Bug#827160: jessie-pu: package dosfstools/3.0.27-1+deb8u1
Previous by thread: Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
Next by thread: Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
Index(es):
- Date
- Thread