22.11.2016 в 22:57:30 +0200 Adrian Bunk написал: > 23:14 < bunk> Q_: If you come up with a better patch than mine in #844018, > please post to that bug. I know that my patch is not pretty, > but > I did not find any better short-term solution.
Search for CURLOPT_SSL_CTX_FUNCTION on codesearch.debian.net produces the following list of potentially affected packages: cargo chromium-browser cmake criticalmass curl curlpp firefox firefox-esr fpc hhvm icedove lastpass-cli libapache2-mod-auth-cas libwww-curl-perl lua-curl netcdf netsurf openjfx r-cran-curl r-cran-rcurl ruby-curb slcurl sx tclcurl wpa xmltooling zurl So the the alternative to you patch looks like: fixing #828564 (fixed-upstream, new upstream version available), fixing #828608 or removing xmltooling out of testing, checking whether last apache2 upload fixed #844799, fixing or ignoring #828259 (not in testing, fixed upstream version available), fixing #828371 (untested patch available) or removing lastpass-cli, removing 3 characters from zurl's debian/control, binnmu-ing affected packages that still depend on libssl1.0.2, no need to ensure that applications (even if they are linked with libcurl3 indirectly) are linked with the same libssl as libcurl3 (unlike with the patch), more compatibility with applications from jessie than with the patch.