Source: h2o
Version: 2.2.5+dfsg2-8
Severity: serious
Tags: patch pending
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t
Dear maintainer,
As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
h2o as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).
To ensure that inconsistent combinations of libraries with their
reverse-dependencies are never installed together, it is necessary to
have a library transition, which is most easily done by renaming the
runtime library package.
Since turning on 64-bit time_t is being handled centrally through a change
to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is
important that libraries affected by this ABI change all be uploaded close
together in time. Therefore I have prepared a 0-day NMU for h2o
which will initially be uploaded to experimental if possible, then to
unstable after packages have cleared binary NEW.
Please find the patch for this NMU attached.
If you have any concerns about this patch, please reach out ASAP. Although
this package will be uploaded to experimental immediately, there will be a
period of several days before we begin uploads to unstable; so if information
becomes available that your package should not be included in the transition,
there is time for us to amend the planned uploads.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-15-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
diff -Nru h2o-2.2.5+dfsg2/debian/changelog h2o-2.2.5+dfsg2/debian/changelog
--- h2o-2.2.5+dfsg2/debian/changelog 2023-10-20 04:24:36.000000000 +0000
+++ h2o-2.2.5+dfsg2/debian/changelog 2024-02-01 05:31:58.000000000 +0000
@@ -1,3 +1,10 @@
+h2o (2.2.5+dfsg2-8.1) experimental; urgency=medium
+
+ * Non-maintainer upload.
+ * Rename libraries for 64-bit time_t transition.
+
+ -- Graham Inggs <gin...@debian.org> Thu, 01 Feb 2024 05:31:58 +0000
+
h2o (2.2.5+dfsg2-8) unstable; urgency=high
* [b195d95] CVE-2023-44487. Fix http2-issue. (Closes: #1054232)
diff -Nru h2o-2.2.5+dfsg2/debian/control h2o-2.2.5+dfsg2/debian/control
--- h2o-2.2.5+dfsg2/debian/control 2023-10-20 04:24:23.000000000 +0000
+++ h2o-2.2.5+dfsg2/debian/control 2024-02-01 05:31:58.000000000 +0000
@@ -44,7 +44,10 @@
ground-up, the server takes full advantage of HTTP/2 features including
prioritized content serving and server push.
-Package: libh2o0.13
+Package: libh2o0.13t64
+Provides: ${t64:Provides}
+Replaces: libh2o0.13
+Breaks: libh2o0.13 (<< ${source:Version})
Architecture: any
Multi-Arch: same
Section: libs
@@ -61,7 +64,10 @@
This package provides the H2O library compiled with libuv which allows you to
link your own software to H2O
-Package: libh2o-evloop0.13
+Package: libh2o-evloop0.13t64
+Provides: ${t64:Provides}
+Replaces: libh2o-evloop0.13
+Breaks: libh2o-evloop0.13 (<< ${source:Version})
Architecture: any
Multi-Arch: same
Section: libs
@@ -82,7 +88,7 @@
Architecture: any
Section: libdevel
Depends: ${misc:Depends},
- libh2o0.13 (= ${binary:Version}),
+ libh2o0.13t64 (= ${binary:Version}),
libh2o-dev-common (= ${source:Version})
Description: dev helpers of the H2O library compiled with libuv
H2O is a new generation HTTP server that provides quicker response to users
@@ -98,7 +104,7 @@
Architecture: any
Section: libdevel
Depends: ${misc:Depends},
- libh2o-evloop0.13 (= ${binary:Version}),
+ libh2o-evloop0.13t64 (= ${binary:Version}),
libh2o-dev-common (= ${source:Version})
Description: dev helpers of the H2O library compiled with its own event loop
H2O is a new generation HTTP server that provides quicker response to users
@@ -115,7 +121,7 @@
Multi-Arch: foreign
Section: libdevel
Depends: ${misc:Depends},
- libh2o0.13 (>= ${source:Version}) | libh2o-evloop0.13 (>=
${source:Version})
+ libh2o0.13t64 (>= ${source:Version}) | libh2o-evloop0.13t64 (>=
${source:Version})
Description: H2O library headers
H2O is a new generation HTTP server that provides quicker response to users
with less CPU utilization when compared to older generation of web servers.
diff -Nru h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13.install
h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13.install
--- h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13.install 2020-05-03
20:12:52.000000000 +0000
+++ h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13.install 1970-01-01
00:00:00.000000000 +0000
@@ -1 +0,0 @@
-usr/lib/*/libh2o-evloop.so.0*
diff -Nru h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.install
h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.install
--- h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.install 1970-01-01
00:00:00.000000000 +0000
+++ h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.install 2020-05-03
20:12:52.000000000 +0000
@@ -0,0 +1 @@
+usr/lib/*/libh2o-evloop.so.0*
diff -Nru h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.lintian-overrides
h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.lintian-overrides
--- h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.lintian-overrides
1970-01-01 00:00:00.000000000 +0000
+++ h2o-2.2.5+dfsg2/debian/libh2o-evloop0.13t64.lintian-overrides
2024-02-01 05:31:58.000000000 +0000
@@ -0,0 +1 @@
+libh2o-evloop0.13t64: package-name-doesnt-match-sonames libh2o-evloop0.13
diff -Nru h2o-2.2.5+dfsg2/debian/libh2o0.13.install
h2o-2.2.5+dfsg2/debian/libh2o0.13.install
--- h2o-2.2.5+dfsg2/debian/libh2o0.13.install 2020-05-03 20:12:52.000000000
+0000
+++ h2o-2.2.5+dfsg2/debian/libh2o0.13.install 1970-01-01 00:00:00.000000000
+0000
@@ -1 +0,0 @@
-usr/lib/*/libh2o.so.0*
diff -Nru h2o-2.2.5+dfsg2/debian/libh2o0.13t64.install
h2o-2.2.5+dfsg2/debian/libh2o0.13t64.install
--- h2o-2.2.5+dfsg2/debian/libh2o0.13t64.install 1970-01-01
00:00:00.000000000 +0000
+++ h2o-2.2.5+dfsg2/debian/libh2o0.13t64.install 2020-05-03
20:12:52.000000000 +0000
@@ -0,0 +1 @@
+usr/lib/*/libh2o.so.0*
diff -Nru h2o-2.2.5+dfsg2/debian/libh2o0.13t64.lintian-overrides
h2o-2.2.5+dfsg2/debian/libh2o0.13t64.lintian-overrides
--- h2o-2.2.5+dfsg2/debian/libh2o0.13t64.lintian-overrides 1970-01-01
00:00:00.000000000 +0000
+++ h2o-2.2.5+dfsg2/debian/libh2o0.13t64.lintian-overrides 2024-02-01
05:31:58.000000000 +0000
@@ -0,0 +1 @@
+libh2o0.13t64: package-name-doesnt-match-sonames libh2o0.13
