Source: snort Version: 2.9.15.1-6 Severity: serious User: [email protected] Usertags: time-t
Dear maintainers, Analysis of the archive for the 64-bit time_t transition[0][1] identifies snort as an affected package, on the basis that the headers could not be compiled and analyzed out of the box using abi-compliance-checker[2], so we have to assume it's affected. However, snort's shlibs file declares a dependency on a library package name that contains no ABI information: $ cat DEBIAN/shlibs libsf_sorules 0 snort-common-libraries (>= 2.9.15.1) libsf_engine 0 snort-common-libraries (>= 2.9.15.1) libsf_appid_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_dce2_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_dnp3_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_dns_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_ftptelnet_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_gtp_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_imap_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_modbus_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_pop_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_reputation_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_sdf_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_sip_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_smtp_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_ssh_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_ssl_preproc 0 snort-common-libraries (>= 2.9.15.1) $ It is not obvious that we should rename the package to 'snort-common-librariest64' as part of this transition. Looking at the archive, there is a package that depends on this library, snort. Despite being built from the same source package, it does not have a strict versioned dependency on snort-common-libraries but instead uses the shlibs. Since there is no self-evident thing to do with the library package name here, we will not be handling this package as part of the mass NMUs. Instead I am filing a serious bug because partial upgrades from bookworm to trixie on 32-bit architectures (upgrading snort-common-libraries without also upgrading snort) will result in ABI skew and may result in broken behavior. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ [email protected] [email protected] [0] https://wiki.debian.org/ReleaseGoals/64bit-time [1] https://lists.debian.org/debian-devel/2024/01/msg00041.html [2] https://adrien.dcln.fr/misc/armhf-time_t/2024-02-16T21%3A19%3A00/logs/snort-common-libraries/base/log.txt
signature.asc
Description: PGP signature
