Re: Proposed (lib)curl switch to openssl 1.1
On 2017-11-23 17:09:09 [+0200], Adrian Bunk wrote:
> On Thu, Nov 23, 2017 at 01:57:58PM +0000, Ian Jackson wrote:
> > 2. For the reason just mentioned, it might be a good idea to put in a
> > Breaks against old versions of packages using
> > CURLOPT_SSL_CTX_FUNCTION. However, (a) I am not sure if this is
> > actually necessary
>
> See #846908 for an example where it is necessary.
#844018 has some history and was the reason for curl to stay with 1.0
> > (b) in any case I don't have a good list of all
> > the appropriate versions
>
> Kurt did search for affected packages a year ago,
> so the information about affected packages in
> stretch should already be available.
>
> Note that such Breaks won't work for backported packages.
I did a grep and it seems that all affected users are blocked by
#858398 except for hhvm. All of them seem to touch
CURLOPT_SSL_CTX_FUNCTION and ask for libssl1.0-dev.
I skipped some others (while doing the grep just now) which should not
be an issue (like `cargo' but it depends on libssl-dev and
libcurl4-gnutls-dev or `sx' which uses it only in its configure script
or `cmake', r-cran-rcurl, curlpp which do not link against libssl,…).
> cu
> Adrian
Sebastian
Reply to: