Bug#828477: openvpn: FTBFS with openssl 1.1.0
Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian
Bug#859555: [be...@debian.org: Bug#828477: openvpn: FTBFS with openssl 1.1.0]
Hi, somehow I forgot to also add this message to the pkcs11 bug... Eric, if openvpn was the only reason to stay on OpenSSL 1.0 feel free to switch over now. OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.08 (that is without libpkcs11) Bernhard --- Begin Message --- Control: blocks 828477 859555 On Sat, Jun 24, 2017 at 11:24:18AM +0200, Dr. Markus Waldeck wrote: Hi, > this defect will be fixed in OpenVPN 2.5. > > OpenVPN 2.5_git [git:master/0402c7faadf907d4] x86_64-pc-linux-gnu [SSL > (OpenSSL)] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017 > library versions: OpenSSL 1.1.0f 25 May 2017 > works fine e.g. with tls-cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 > > Is there any chance to get a prebuild based on > https://github.com/OpenVPN/openvpn.git for experimental? As far as I can see it has been fixed in 2.4.3, but switching over is currently blocked by libpkcs11-helper1-dev depending on libssl1.0-dev (presumably because of OpenVPN, see Bug #859555). Eric, if openvpn was the only reason to stay on OpenSSL 1.0 feel free to switch over now. OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.08 (that is without libpkcs11) Bernhard--- End Message ---
Bug#828477: openvpn: FTBFS with openssl 1.1.0
Am 29.06.2017 um 06:31 schrieb Dr. Markus Waldeck: Hi Markus, > this topic should have gone directly to you: > > OpenSSL 1.1 support in OpenVPN > >> has been fixed in 2.4.3, but switching over is >> currently blocked by libpkcs11-helper1-dev depending on libssl1.0-dev >> (presumably because of OpenVPN, see Bug #859555). >> >> Eric, if openvpn was the only reason to stay on OpenSSL 1.0 feel free to >> switch over now. > > Please check. > > Thanks in advance! Is there any particular reason you want OpenVPN to build against 1.1.0 this badly? It will happen in Buster eventually (probably sooner than later), but Stretch won't have it. Even a possible stretch-backports build will likely not get it either, since this would involve getting libpkcs11 build against OpenSSL 1.1.0 in -backports as well. Bernhard
Bug#828477: Aw: Re: Bug#828477: openvpn: FTBFS with openssl 1.1.0
Hi Eric, this topic should have gone directly to you: OpenSSL 1.1 support in OpenVPN > has been fixed in 2.4.3, but switching over is > currently blocked by libpkcs11-helper1-dev depending on libssl1.0-dev > (presumably because of OpenVPN, see Bug #859555). > > Eric, if openvpn was the only reason to stay on OpenSSL 1.0 feel free to > switch over now. Please check. Thanks in advance! Markus
Bug#828477: openvpn: FTBFS with openssl 1.1.0
Control: blocks 828477 859555 On Sat, Jun 24, 2017 at 11:24:18AM +0200, Dr. Markus Waldeck wrote: Hi, > this defect will be fixed in OpenVPN 2.5. > > OpenVPN 2.5_git [git:master/0402c7faadf907d4] x86_64-pc-linux-gnu [SSL > (OpenSSL)] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017 > library versions: OpenSSL 1.1.0f 25 May 2017 > works fine e.g. with tls-cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 > > Is there any chance to get a prebuild based on > https://github.com/OpenVPN/openvpn.git for experimental? As far as I can see it has been fixed in 2.4.3, but switching over is currently blocked by libpkcs11-helper1-dev depending on libssl1.0-dev (presumably because of OpenVPN, see Bug #859555). Eric, if openvpn was the only reason to stay on OpenSSL 1.0 feel free to switch over now. OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.08 (that is without libpkcs11) Bernhard
Bug#828477: openvpn: FTBFS with openssl 1.1.0
Hi Alberto, this defect will be fixed in OpenVPN 2.5. OpenVPN 2.5_git [git:master/0402c7faadf907d4] x86_64-pc-linux-gnu [SSL (OpenSSL)] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017 library versions: OpenSSL 1.1.0f 25 May 2017 works fine e.g. with tls-cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 Is there any chance to get a prebuild based on https://github.com/OpenVPN/openvpn.git for experimental? Thanks in advance! Markus
Bug#828477: openvpn: FTBFS with openssl 1.1.0
Source: openvpn Version: 2.3.11-1 Severity: important Control: block 827061 by -1 Hi, OpenSSL 1.1.0 is about to released. During a rebuild of all packages using OpenSSL this package fail to build. A log of that build can be found at: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/openvpn_2.3.11-1_amd64-20160529-1501 On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the reasons why it might fail. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information. There is a libssl-dev package available in experimental that contains a recent snapshot, I suggest you try building against that to see if everything works. If you have problems making things work, feel free to contact us. Kurt
