Message ID | 1397570346-25849-1-git-send-email-gustavo@zacarias.com.ar |
---|---|
State | Accepted |
Headers | show |
Dear Gustavo Zacarias, On Tue, 15 Apr 2014 10:59:06 -0300, Gustavo Zacarias wrote: > As of curl 7.36.0 it doesn't support polarssl < 1.3 any longer. Fixes: > http://autobuild.buildroot.net/results/d82/d82c3618e9dde3da7e36ba2b58545a9a8de5e442/ It seems odd to drop a feature because we have a too old version of a dependency, no? Shouldn't we package polarssl 1.3, even if as a separate polarssl13 package? Thomas
On 04/15/2014 01:10 PM, Thomas Petazzoni wrote: > It seems odd to drop a feature because we have a too old version of a > dependency, no? Shouldn't we package polarssl 1.3, even if as a > separate polarssl13 package? The problem is that they aren't made to live together in a friendly way and some packages don't take path arguments for it. It would require quite some package patching since we'd need each polarssl to live outside the default include/library PATHs. We aren't dropping a feature itself, just a feature based on one of the possible candidates that enables it, with gnutls, nss and openssl being the other candidates for the job. The big culprit here AFAIK is just openvpn, it's the only mofo that won't do with polarssl 1.3. There are patches in the master branch upstream for it, but that's to become openvpn 2.4 or so. Maybe they're not hard to backport, i don't know, but it would require more testing than just "it builds". Or we can kill polarssl support in openvpn, not great either since the other alternative is openssl. Regards.
Dear Gustavo Zacarias, On Tue, 15 Apr 2014 13:22:08 -0300, Gustavo Zacarias wrote: > The problem is that they aren't made to live together in a friendly way > and some packages don't take path arguments for it. > It would require quite some package patching since we'd need each > polarssl to live outside the default include/library PATHs. > We aren't dropping a feature itself, just a feature based on one of the > possible candidates that enables it, with gnutls, nss and openssl being > the other candidates for the job. > The big culprit here AFAIK is just openvpn, it's the only mofo that > won't do with polarssl 1.3. There are patches in the master branch > upstream for it, but that's to become openvpn 2.4 or so. > Maybe they're not hard to backport, i don't know, but it would require > more testing than just "it builds". > Or we can kill polarssl support in openvpn, not great either since the > other alternative is openssl. Ok. I guess we can wait for openvpn 2.4 to be released. If that takes too long, I'd say we should kill polarssl support in openvpn, because it's the one lagging behind. It seems more logical to me to kill that one (the one lagging behind) instead of the one being up-to-date (i.e, libcurl). Thomas
On 04/15/2014 01:31 PM, Thomas Petazzoni wrote: > Ok. I guess we can wait for openvpn 2.4 to be released. If that takes > too long, I'd say we should kill polarssl support in openvpn, because > it's the one lagging behind. It seems more logical to me to kill that > one (the one lagging behind) instead of the one being up-to-date (i.e, > libcurl). That's debatable, if you don't like openssl support for libcurl (paranoia, security, friends & family, whatever) you still got other options, if you do that to openvpn you're stuck since it's the only other option. That being said a 2.4 release is quite off IMHO and the polarssl backend isn't feature-complete compared to openssl, though the paranoia point is still valid given the heartbleed fallout. Regards.
Dear Gustavo Zacarias, On Tue, 15 Apr 2014 10:59:06 -0300, Gustavo Zacarias wrote: > As of curl 7.36.0 it doesn't support polarssl < 1.3 any longer. Fixes: > http://autobuild.buildroot.net/results/d82/d82c3618e9dde3da7e36ba2b58545a9a8de5e442/ > > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> > --- > package/libcurl/libcurl.mk | 3 --- > 1 file changed, 3 deletions(-) Applied, thanks. Thomas
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index ab558fb..2907303 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -36,9 +36,6 @@ LIBCURL_CONF_OPT += --with-ssl=$(STAGING_DIR)/usr \ else ifeq ($(BR2_PACKAGE_GNUTLS),y) LIBCURL_CONF_OPT += --with-gnutls=$(STAGING_DIR)/usr LIBCURL_DEPENDENCIES += gnutls -else ifeq ($(BR2_PACKAGE_POLARSSL),y) -LIBCURL_CONF_OPT += --with-polarssl=$(STAGING_DIR)/usr -LIBCURL_DEPENDENCIES += polarssl else ifeq ($(BR2_PACKAGE_LIBNSS),y) LIBCURL_CONF_OPT += --with-nss=$(STAGING_DIR)/usr LIBCURL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) `$(PKG_CONFIG_HOST_BINARY) nspr nss --cflags`"
As of curl 7.36.0 it doesn't support polarssl < 1.3 any longer. Fixes: http://autobuild.buildroot.net/results/d82/d82c3618e9dde3da7e36ba2b58545a9a8de5e442/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> --- package/libcurl/libcurl.mk | 3 --- 1 file changed, 3 deletions(-)