Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3

[Kurt Roeckx <kurt@roeckx.be>]

On Mon, Jun 13, 2016 at 10:19:29AM +0200, Julien Cristau wrote:
> On Mon, Jun 13, 2016 at 00:50:05 +0200, Kurt Roeckx wrote:
> 
> > I should probably add that I don't intend to fix this in
> > testing/unstable.  There are probably reverse dependencies that
> > saw those symbols are available and then started using them again,
> > and so it would break things.  But I'm going to change to the 1.1
> 
> Doesn't the same reasoning apply to stable?

There currently shouldn't be reverse dependencies that saw the
defines so it could pick up the symbols, but the longer it stays
like this the more likely some upload will see it and use it.

> Why was this not caught when updating the libssl1.0.2.symbols file for
> the new release?

The .symbols files just looks like:
libcrypto.so.1.0.2 libssl1.0.2 #MINVER#
 *@OPENSSL_1.0.2d 1.0.2d
 *@OPENSSL_1.0.2g 1.0.2g
libssl.so.1.0.2 libssl1.0.2 #MINVER#
 *@OPENSSL_1.0.2d 1.0.2d
 *@OPENSSL_1.0.2g 1.0.2g

And the symbols already "existed", they were just not exported.

> > soname soon anyway, and it'll get fixed at that point.  Also, the
> > symbols are available but if you try to use them it's not going to
> > do anything useful.
> > 
> 
> > But I'd like to remove them in stable again, since nothing there
> > should use on it now, and it broke something.
> > 
> Can you be more specific than "broke something"?

https://github.com/openssl/openssl/issues/1190

But I guess that will solve itself.


Kurt