Source: h2o Version: 2.2.5+dfsg2-8 Severity: serious Tags: patch pending Justification: library ABI skew on upgrade User: debian-...@lists.debian.org Usertags: time-t
Dear maintainer, As part of the 64-bit time_t transition required to support 32-bit architectures in 2038 and beyond (https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified h2o as a source package shipping runtime libraries whose ABI either is affected by the change in size of time_t, or could not be analyzed via abi-compliance-checker (and therefore to be on the safe side we assume is affected). To ensure that inconsistent combinations of libraries with their reverse-dependencies are never installed together, it is necessary to have a library transition, which is most easily done by renaming the runtime library package. Since turning on 64-bit time_t is being handled centrally through a change to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is important that libraries affected by this ABI change all be uploaded close together in time. Therefore I have prepared a 0-day NMU for h2o which will initially be uploaded to experimental if possible, then to unstable after packages have cleared binary NEW. Please find the patch for this NMU attached. If you have any concerns about this patch, please reach out ASAP. Although this package will be uploaded to experimental immediately, there will be a period of several days before we begin uploads to unstable; so if information becomes available that your package should not be included in the transition, there is time for us to amend the planned uploads. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-15-generic (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect
diff -Nru h2o-2.2.5+dfsg2/debian/changelog h2o-2.2.5+dfsg2/debian/changelog --- h2o-2.2.5+dfsg2/debian/changelog 2023-10-20 04:24:36.000000000 +0000 +++ h2o-2.2.5+dfsg2/debian/changelog 2024-02-01 05:31:58.000000000 +0000 @@ -1,3 +1,10 @@ +h2o (2.2.5+dfsg2-8.1) experimental; urgency=medium + + * Non-maintainer upload. + * Rename libraries for 64-bit time_t transition. + + -- Graham Inggs <gin...@debian.org> Thu, 01 Feb 2024 05:31:58 +0000 + h2o (2.2.5+dfsg2-8) unstable; urgency=high * [b195d95] CVE-2023-44487. Fix http2-issue. (Closes: #1054232) diff -Nru h2o-2.2.5+dfsg2/debian/control h2o-2.2.5+dfsg2/debian/control --- h2o-2.2.5+dfsg2/debian/control 2023-10-20 04:24:23.000000000 +0000 +++ h2o-2.2.5+dfsg2/debian/control 2024-02-01 05:31:58.000000000 +0000 @@ -44,7 +44,10 @@ ground-up, the server takes full advantage of HTTP/2 features including prioritized content serving and server push. -Package: libh2o0.13 +Package: libh2o0.13t64 +Provides: ${t64:Provides} +Replaces: libh2o0.13 +Breaks: libh2o0.13 (<< ${source:Version}) Architecture: any Multi-Arch: same Section: libs @@ -61,7 +64,10 @@ This package provides the H2O library compiled with libuv which allows you to link your own software to H2O -Package: libh2o-evloop0.13 +Package: libh2o-evloop0.13t64 +Provides: ${t64:Provides} +Replaces: libh2o-evloop0.13 +Breaks: libh2o-evloop0.13 (<< ${source:Version}) Architecture: any Multi-Arch: same Section: libs @@ -82,7 +88,7 @@ Architecture: any Section: libdevel Depends: ${misc:Depends}, - libh2o0.13 (= ${binary:Version}), + libh2o0.13t64 (= ${binary:Version}), libh2o-dev-common (= ${source:Version}) Description: dev helpers of the H2O library compiled with libuv H2O is a new generation HTTP server that provides quicker response to users @@ -98,7 +104,7 @@ Architecture: any Section: libdevel Depends: ${misc:Depends}, - libh2o-evloop0.13 (= ${binary:Version}), + libh2o-evloop0.13t64 (= ${binary:Version}), libh2o-dev-common (= ${source:Version}) Description: dev helpers of the H2O library compiled with its own event loop H2O is a new generation HTTP server that provides quicker response to users @@ -115,7 +121,7 @@ Multi-Arch: foreign Section: libdevel Depends: ${misc:Depends}, - libh2o0.13 (>= ${source:Version}) | libh2o-evloop0.13 (>= ${source:Version}) + libh2o0.13t64 (>= ${source:Version}) | libh2o-evloop0.13t64 (>= ${source:Version}) Description: H2O library headers H2O is a new generation HTTP server that provides quicker response to users with less CPU utilization when compared to older generation of web servers. diff -Nru h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13.install h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13.install --- h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13.install 2020-05-03 20:12:52.000000000 +0000 +++ h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13.install 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -usr/lib/*/libh2o-evloop.so.0* diff -Nru h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.install h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.install --- h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.install 1970-01-01 00:00:00.000000000 +0000 +++ h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.install 2020-05-03 20:12:52.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/*/libh2o-evloop.so.0* diff -Nru h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.lintian-overrides h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.lintian-overrides --- h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.lintian-overrides 2024-02-01 05:31:58.000000000 +0000 @@ -0,0 +1 @@ +libh2o-evloop0.13t64: package-name-doesnt-match-sonames libh2o-evloop0.13 diff -Nru h2o-2.2.5+dfsg2/debian/libh2o0.13.install h2o-2.2.5+dfsg2/debian/libh2o0.13.install --- h2o-2.2.5+dfsg2/debian/libh2o0.13.install 2020-05-03 20:12:52.000000000 +0000 +++ h2o-2.2.5+dfsg2/debian/libh2o0.13.install 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -usr/lib/*/libh2o.so.0* diff -Nru h2o-2.2.5+dfsg2/debian/libh2o0.13t64.install h2o-2.2.5+dfsg2/debian/libh2o0.13t64.install --- h2o-2.2.5+dfsg2/debian/libh2o0.13t64.install 1970-01-01 00:00:00.000000000 +0000 +++ h2o-2.2.5+dfsg2/debian/libh2o0.13t64.install 2020-05-03 20:12:52.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/*/libh2o.so.0* diff -Nru h2o-2.2.5+dfsg2/debian/libh2o0.13t64.lintian-overrides h2o-2.2.5+dfsg2/debian/libh2o0.13t64.lintian-overrides --- h2o-2.2.5+dfsg2/debian/libh2o0.13t64.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ h2o-2.2.5+dfsg2/debian/libh2o0.13t64.lintian-overrides 2024-02-01 05:31:58.000000000 +0000 @@ -0,0 +1 @@ +libh2o0.13t64: package-name-doesnt-match-sonames libh2o0.13