On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote: > Control: tags -1 - patch > > Adrian Bunk <b...@stusta.de> writes: > > > Not a perfect solution but sufficient for stretch is the patch below to > > use OpenSSL 1.0.2 > > [...] > > libcurl4-openssl-dev, > > liblog4shib-dev, > > - libssl-dev, > > + libssl1.0-dev | libssl-dev (<< 1.1.0~), > > As previously established in this bug report, XMLTooling and cURL must > use the same OpenSSL version, because they exchange SSL_CTX pointers. > I think the only sensible way out would be introducing an OpenSSL 1.0 > flavour of curl, and build-depending on libcurl4-openssl1.0-dev here. > See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844263.
Having two different OpenSSL flavours of curl would open a whole new set of problems, like what happens when a binary ends up linking both. Also note that due to the freeze deadlines any solution must be in a non-RC state in unstable before Christmas, to allow packages like moonshot-gss-eap to re-enter testing before January 5th. The best available solution is to force all r-(b)deps of libcurl4 to stay at 1.0.2 for stretch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018#10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018#69 > Regards, > Feri cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed