[Gambas-user] Pre-release of Gambas 3.9.1

Tobias Boege taboege at ...626...
Mon Sep 5 17:22:52 CEST 2016 

On Mon, 05 Sep 2016, Benoît Minisini wrote:
> Le 05/09/2016 à 16:48, PICCORO McKAY Lenz a écrit :
> > still this are open and the patch was given:
> >
> > http://gambaswiki.org/bugtracker/edit?object=BUG.984&from=L21haW4-
> >
> > and some bugs found related to hmac crypt, seems its better in the near
> > future use polarssl event the openssl that has a long bugs history
> >
> > Lenz McKAY Gerardo (PICCORO)
> > http://qgqlochekone.blogspot.com
> >
> 
> Once Tobias has committed the patch, you get it in the next stable version.
> 
> Apparently, openssl is a bad beast and the patch is not so trivial, so 
> it takes a little time.
> 

Two things are preventing me from applying it:

  1. Currently: I have exams and my thesis to do.
  2. More fundamentally: I see no point in that patch. It adds code that is
     compiled in for openssl versions so old that the configure script would
     not even enable gb.openssl.

Apparently Piccoro's openssl version, which is strictly below the requirement
of 1.0.0, is some marvellous chimera of patches which somehow add the
functions required to build gb.openssl even if the version number is too
small. But I have no idea where these patches come from. I have inspected the
squeeze-lts (which is the Debian version he is running(?)) package of openssl
with its patches twice and could not find a way which could have added these
functions.

So, I simply don't understand how it is possible that gb.openssl compiles on
his deprecated system, and I /believe/ it is some specific patch on his end.
Therefore, I can't just lower the general version requirement, because it
might break on systems which don't have this mysterious patch.

If I don't lower the version requirement from 1.0.0 to 0.9.8o, then the
patch is effectively useless and there is no justification to apply it.
My stance is that since (for all I know) his openssl is very old and very
special (in a way that conflicts with the openssl changelog), he should be
the one to patch his local Gambas source tree to compile with his local
openssl version.

So the problem really is my lack of understanding. If anyone understands why
Piccoro's openssl 0.9.8o has the EVP_MD_do_all() function, please explain the
situation to me. Otherwise I'll do nothing.

But Benoit: if you say we can just apply it even if it makes no sense, and
propose something sensible for the commit log, I'll just throw it in and try
to forget this huge waste of time. We are talking hours upon hours about
openssl on a Debian that has ended LTS support 6 months ago for god's sake.

Regards,
Tobi

-- 
"There's an old saying: Don't change anything... ever!" -- Mr. Monk

More information about the User mailing list