On Wed, Mar 02, 2016 at 11:57:35PM +0100, Raphael Manfredi wrote:
> Package: openssl
> Version: 1.0.1e-2+deb7u20
> Severity: important
>
> After an "apt-get upgrade" in Debian wheezy, my openssl is unusable.
> Launching:
>
> $ openssl -v
> openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version
> `OPENSSL_1.0.1s' not found (required by openssl)
>
> Doing the same operation on a 32-bit wheezy system with the exact same
> version (1.0.1e-2+deb7u20 i386) does not exhibit the problem, so this
> seems to be a broken dependency for 64-bit machines.
> On the 32-bit system, I do have libssl1.0.0 at version 1.0.1e-2+deb7u20.
>
> On the 64-bit system, my libssl1.0.0 is version 1.0.1k-1 and there does
> not seem to be a newer version, since a manual "apt-get install" does
> nothing on that package.
The annoying problem with introducing new symbols in a stable
release is that you have to introduce it in 2 different versions.
You need either >= 1.0.1e-2+deb7u20 or 1.0.1k-3+deb8u3. I need to
think how to prevent this.
> ii libssl1.0.0 1.0.1k-1
You should really upgrade (or downgrade) that version. That's not
from any release. It's from just before the jessie release and
has many known security issues.
Kurt