Package: rhash
Version: 1.3.3-1+b2
Severity: important
Hi,
Your package seems able to dlopen various versions of libcrypto, and it
has a Recommends accordingly.
In stretch, librhash/plug_openssl.c has:
| void* handle = dlopen("libcrypto.so", RTLD_NOW);
| if (!handle) handle = dlopen("libcrypto.so.1.0.0", RTLD_NOW); /*
hotfix */^M
| if (!handle) handle = dlopen("libcrypto.so.0.9.8", RTLD_NOW);
with:
| Recommends: libssl1.0.0 (>= 1.0.0)
In git:
| void* handle = dlopen("libcrypto.so", RTLD_NOW);
| if (!handle) handle = dlopen("libcrypto.so.1.1", RTLD_NOW);
| if (!handle) handle = dlopen("libcrypto.so.1.0.2", RTLD_NOW);
| if (!handle) handle = dlopen("libcrypto.so.1.0.0", RTLD_NOW);
| if (!handle) handle = dlopen("libcrypto.so.0.9.8", RTLD_NOW);
with:
| Recommends: libssl1.1 | libssl1.0.2 | libssl1.0.0
The git version seems fine as the first two are available, even if the
last one isn't. The stretch version doesn't seem reasonable though,
since it only knows about libssl1.0.0, which isn't available in stretch
(it was last seen in jessie).
This makes tools like aptitude report issues due to unmet recommends.
Not entirely sure it's worth fixing though (is adding another dlopen
call with a different filename and adding an alternative recommends
sufficient?). You might want to check with the release team.
Cheers,
--
Cyril Brulebois ([email protected]) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
