Am 01.03.2016 um 20:08 schrieb Bruno Pagani:
Le 01/03/2016 19:59, Thomas Bächler a écrit :
Am 01.03.2016 um 15:53 schrieb Pierre Schmitz:
Hi all,
I just looked into updating to openssl 1.0.2g. Unfortunately this comes with an ABI change due to SSL2 being disabled by default. This would mean we need to rebuild most packages that link against openssl. Imho re-enabling ssl2 seems to be a bad idea.
I already pushed the packages into staging. We would need to do the rebuild as quickly as possible.
What do you think? Last time an ABI change happened during a release cycle, it was a bug in OpenSSL and the next release fixed it. Don't you think this is the case again?
Hum, I don’t think so. Because last time was previous release last month, and it has not been “fixed” on OpenSSL side: https://github.com/OpenSMTPD/OpenSMTPD/issues/650#issuecomment-178168966
And for this new release, it’s even in the Changelog: https://github.com/openssl/openssl/blob/902f3f50d051dfd6ebf009d352aaf581195c... https://github.com/openssl/openssl/blob/902f3f50d051dfd6ebf009d352aaf581195c...
I see nothing in these files that suggest that there is an ABI incompatibility.