Bug#1108934: marked as done (libexpat1: missing Pre-Depends on libc6 (>= 2.38) causes error during python3-cryptography upgrade (?))

[Debian Bug Tracking System]

Your message dated Thu, 17 Jul 2025 07:49:02 +0000
with message-id <e1ucjmu-003opy...@fasolo.debian.org>
and subject line Bug#1108934: fixed in expat 2.7.1-2
has caused the Debian Bug report #1108934,
regarding libexpat1: missing Pre-Depends on libc6 (>= 2.38) causes error during 
python3-cryptography upgrade (?)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1108934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108934
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libexpat1
Version: 2.7.1-1
Severity: serious
Control: affects -1 python3-cryptography

Hi,

While testing upgrades from bookworm to trixie, I ran into the following
issue, that affects upgrades for the following packages:

arctica-greeter-remote-logon barbican-tempest-plugin changeme
cinder-tempest-plugin cloudkitty-tempest-plugin designate-tempest-plugin
firejail-profiles firejail firetools glance-tempest-plugin
horizon-tempest-plugin ironic-tempest-plugin jeepyb
keystone-tempest-plugin lightdm-remote-session-x2go
magnum-tempest-plugin manila-tempest-plugin mistral-tempest-plugin
placement-common pyhoca-cli python3-placement python3-tempest
python3-tempestconf python3-x2go refstack-client remmina-plugin-x2go
ros-perception ros-viz senlin-tempest-plugin telemetry-tempest-plugin
tempest vorta watcher-tempest-plugin zaqar-tempest-plugin

In a bookworm chroot, I do:
apt-get update && apt-get -y install pyhoca-cli && sed -i s/bookworm/trixie/ 
/etc/apt/sources.list && apt-get update && apt-get -y upgrade
(that is, install pyhoca-cli, then apt-get upgrade to trixie)

The situation in the chroot is then the following:
# dpkg -l |grep -e libc6 -e libexpat1 -e python3-cryptography
ii  libc6:amd64                          2.36-9+deb12u10             amd64      
  GNU C Library: Shared libraries
ii  libexpat1:amd64                      2.5.0-1+deb12u1             amd64      
  XML parsing C library - runtime library
ii  python3-cryptography                 38.0.4-3+deb12u1            amd64      
  Python library exposing cryptographic recipes and primitives (Python 3)

now, if I apt-get dist-upgrade, one possible ordering results in:

Preconfiguring packages ...
(Reading database ... 14370 files and directories currently installed.)
Preparing to unpack .../00-openssl_3.5.0-2_amd64.deb ...
Unpacking openssl (3.5.0-2) over (3.0.16-1~deb12u1) ...
Selecting previously unselected package libpython3.13-minimal:amd64.
Preparing to unpack .../01-libpython3.13-minimal_3.13.3-2_amd64.deb ...
Unpacking libpython3.13-minimal:amd64 (3.13.3-2) ...
Preparing to unpack .../02-libexpat1_2.7.1-1_amd64.deb ...
Unpacking libexpat1:amd64 (2.7.1-1) over (2.5.0-1+deb12u1) ...
Preparing to unpack .../03-python3-cryptography_43.0.0-3_amd64.deb ...
+ set -e
+ command -v py3clean
+ py3clean -p python3-cryptography:amd64
/usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not 
found (required by /lib/x86_64-linux-gnu/libexpat.so.1)
dpkg: warning: old python3-cryptography package pre-removal script subprocess 
returned error exit status 1
dpkg: trying script from the new package instead ...
/usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not 
found (required by /lib/x86_64-linux-gnu/libexpat.so.1)
dpkg: error processing archive 
/tmp/apt-dpkg-install-4LX8Uy/03-python3-cryptography_43.0.0-3_amd64.deb 
(--unpack):
 new python3-cryptography package pre-removal script subprocess returned error 
exit status 1
+ set -e
+ command -v py3compile
+ py3compile -p python3-cryptography:amd64
/usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not 
found (required by /lib/x86_64-linux-gnu/libexpat.so.1)
dpkg: error while cleaning up:
 installed python3-cryptography package post-installation script subprocess 
returned error exit status 1

I believe that this happens if the following ordering is picked by apt:
- unpack libexpat1/trixie
- unpack python3-cryptography/trixie
- unpack libc6/trixie

if another package causes libc6 to be unpacked earlier, of course the
issue doesn't happen. I had trouble reproducing the issue in a larger
environment because of this.

Also, this doesn't happen if apt is upgraded before 'apt-get upgrade',
because upgrading apt would pull a newer libc6. But I see that the
releae notes no longer recommend upgrading apt prior to running 'apt-get
upgrade'

I'm obviously fine with the severity being downgraded to non-RC.
Also I'm not sure of my analysis above, so please take it with a grain
of salt.

Lucas

--- End Message ---

--- Begin Message ---

Source: expat
Source-Version: 2.7.1-2
Done: Laszlo Boszormenyi (GCS) <g...@debian.org>

We believe that the bug you reported is fixed in the latest version of
expat, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1108...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated expat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 14 Jul 2025 08:05:27 +0000
Source: expat
Architecture: source
Version: 2.7.1-2
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org>
Closes: 1108934
Changes:
 expat (2.7.1-2) unstable; urgency=medium
 .
   * Move libc6 dependency to pre-dependency on libexpat1 to prevent
     dist-upgrade errors with python packages (closes: #1108934).
Checksums-Sha1:
 1d6a9236569312cafa473d9f0edaa62499e53c0a 1964 expat_2.7.1-2.dsc
 a27c1403229c91d974b54e21746cf442f1b0d601 13264 expat_2.7.1-2.debian.tar.xz
Checksums-Sha256:
 0f6068677eae5a40d223f47cc798210c8227022516d90569f657a793e5b2956f 1964 
expat_2.7.1-2.dsc
 3b5417d59688e7759b00af6f92a87415b363ba00f946078201555fa3dd78420d 13264 
expat_2.7.1-2.debian.tar.xz
Files:
 fd484603c47d457224293120c9be165a 1964 text optional expat_2.7.1-2.dsc
 bd7c0fdcceb8f3310b6152c33fb94ae1 13264 text optional 
expat_2.7.1-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmh4qK0ACgkQ3OMQ54ZM
yL/vcQ//fCpNYemJlASONtXHvOYxFHUZb/kJ5wEhiY/tt2WeeXatm9d+Zu61HJCE
lqAOlm913ishgm15hQzWWbugO6LZgJSR1x6VGl0gK88uT2tgAQf8no/VkpBq+TW5
WDEpWiNBlupPVaJGXflJjbAQfH6oFpQeVXSEK40OEnDu4/u1a0VAcNR4h81T8LQ2
EkKtpxz3I7GIeNShlKm73SLpNrbcc2LSGdhtJvwo+huD/Li42wOIgA1AoE2tqhAl
3OA/HDtJvP6SPpfLUYc9OBc3l6LP5Z2hJu2YSRjNRFmzbjbwMH8rnf7zAbpoR63i
FEgQ67q84rPDXK3sYmlIQfbgKgJbhsmjOsmi4KjVkK5TK3XZW+gWNASM4EQlTEaW
wbk+D6WgiRv4YLC2tlqm2+6UsSVl7JqIWHOMcDxBeKCUT9QeYTJ+QJwO/kNTCclF
xN38lJBscDeAQd/u50uTl/N9vxAapE1dqGYoDY/gEReFCYjzA3PKsEMasMuf9BFM
BRgvMegN8GsQjREF+NVahP7PGB5vhVEnMWpBJ6BCmFXComEQ5XE15bpAZ9cjsYfm
9WKuFKTXZzPD+jDe1fpnsNo3y21GDyXVF1CNDxxPouIUzJGZNnkSDe/h8YqSYNji
LjnBnsADkMA8H7P6lnZaHZCvv66DUzKaNjYSaIx2aA27EuEf5Bw=
=96Yn
-----END PGP SIGNATURE-----

pgpbybQgbDQwM.pgp
Description: PGP signature

--- End Message ---