On Sun, Jun 04, 2017 at 05:29:21AM +0200, Cyril Brulebois wrote: > Niels Thykier <[email protected]> (2017-06-03): > > Kurt Roeckx: > > > Package: release.debian.org > > > User: [email protected] > > > Usertags: unblock > > > Severity: normal > > > > > > Hi, > > > > > > I've uploaded a new upstream version of openssl that contains bug > > > fixes. The Debian changelog says: > > > * New upstream version > > > - Fix regression in req -x509 (Closes: #839575) > > > - Properly detect features on the AMD Ryzen processor > > > (Closes: #861145) > > > - Don't mention -tls1_3 in the manpage (Closes: #859191) > > > * Update libssl1.1.symbols for new symbols > > > * Update man-section.patch > > > > > > > > > Kurt > > > > > > > Hi, > > > > Fine by me. CC'ing KiBi for a d-i ack assuming he is ok with this > > last minute change. > > Erm. > > The libssl1.1-udeb package is broken, as it fails to depend on an > appropriate version of libcrypto1.1-udeb, which means I've just > successfully built a debian-installer against testing with this > addition: build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb > and gotten a broken wget: > | wget: /usr/lib/libcrypto.so.1.1: version `OPENSSL_1_1_0f' not found > (required by /usr/lib/libssl.so.1.1) > > See the missing version here: > | $ dpkg --info build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb|grep > Depends: > | Depends: libc6-udeb (>= 2.24), libcrypto1.1-udeb > > One could argue they're from the same source and that this isn't a > practical problem since they're going to migrate at the same time and be > used together in debian-installer, but further fun could come up when > other packages start depending on particular symbols (hello wget), so I > think I'd be nice to have this fixed. > > Maybe file this as an RC bug against openssl so that it isn't forgotten > about, but ignore it for r0?
So I have prepared an update. Should I upload it? The source changes are: --- openssl-1.1.0f/debian/changelog 2017-05-25 18:29:01.000000000 +0200 +++ openssl-1.1.0f/debian/changelog 2017-06-04 12:07:38.000000000 +0200 @@ -1,3 +1,10 @@ +openssl (1.1.0f-2) unstable; urgency=medium + + * Make the udeb use a versioned depends (Closes: #864080) + * Conflict with libssl1.0-dev (Closes: #863367) + + -- Kurt Roeckx <[email protected]> Sun, 04 Jun 2017 12:07:38 +0200 + openssl (1.1.0f-1) unstable; urgency=medium * New upstream version diff -Nru openssl-1.1.0f/debian/control openssl-1.1.0f/debian/control --- openssl-1.1.0f/debian/control 2017-01-26 23:19:08.000000000 +0100 +++ openssl-1.1.0f/debian/control 2017-06-04 12:07:33.000000000 +0200 @@ -72,6 +72,7 @@ Multi-Arch: same Recommends: libssl-doc Depends: libssl1.1 (= ${binary:Version}), ${misc:Depends} +Conflicts: libssl1.0-dev Description: Secure Sockets Layer toolkit - development files This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the diff -Nru openssl-1.1.0f/debian/rules openssl-1.1.0f/debian/rules --- openssl-1.1.0f/debian/rules 2017-05-25 18:17:29.000000000 +0200 +++ openssl-1.1.0f/debian/rules 2017-06-04 11:48:25.000000000 +0200 @@ -138,7 +138,7 @@ override_dh_makeshlibs: #dpkg-gensymbols -Pdebian/libssl1.1/ -plibssl1.1 -c4 - dh_makeshlibs -a --add-udeb="libcrypto1.1-udeb" -Xengines + dh_makeshlibs -a --add-udeb="libcrypto1.1-udeb (>= 1.1.0f)" -Xengines # XXX: This needs gets set perl:any by dh_perl which is correct, but # that breaks debootstrap in jessie (the current stable). This hack # could be removed once stretch is stable and contains a fixed It changes the shlibs file from: libcrypto 1.1 libssl1.1 libssl 1.1 libssl1.1 udeb: libcrypto 1.1 libcrypto1.1-udeb udeb: libssl 1.1 libssl1.1-udeb to: libcrypto 1.1 libssl1.1 libssl 1.1 libssl1.1 udeb: libcrypto 1.1 libcrypto1.1-udeb (>= 1.1.0f) udeb: libssl 1.1 libssl1.1-udeb (>= 1.1.0f) It results in the following debdiff change on the binaries: File lists identical (after any substitutions) Control files of package libcrypto1.1-udeb: lines which differ (wdiff format) ----------------------------------------------------------------------------- Version: [-1.1.0f-1-] {+1.1.0f-2+} Control files of package libssl-dev: lines which differ (wdiff format) ---------------------------------------------------------------------- {+Conflicts: libssl1.0-dev+} Depends: libssl1.1 (= [-1.1.0f-1)-] {+1.1.0f-2)+} Version: [-1.1.0f-1-] {+1.1.0f-2+} Control files of package libssl-doc: lines which differ (wdiff format) ---------------------------------------------------------------------- Version: [-1.1.0f-1-] {+1.1.0f-2+} Control files of package libssl1.1: lines which differ (wdiff format) --------------------------------------------------------------------- Version: [-1.1.0f-1-] {+1.1.0f-2+} Control files of package libssl1.1-dbgsym: lines which differ (wdiff format) ---------------------------------------------------------------------------- Depends: libssl1.1 (= [-1.1.0f-1)-] {+1.1.0f-2)+} Version: [-1.1.0f-1-] {+1.1.0f-2+} Control files of package libssl1.1-udeb: lines which differ (wdiff format) -------------------------------------------------------------------------- Depends: libc6-udeb (>= 2.24), libcrypto1.1-udeb {+(>= 1.1.0f)+} Version: [-1.1.0f-1-] {+1.1.0f-2+} Control files of package openssl: lines which differ (wdiff format) ------------------------------------------------------------------- Version: [-1.1.0f-1-] {+1.1.0f-2+} Control files of package openssl-dbgsym: lines which differ (wdiff format) -------------------------------------------------------------------------- Depends: openssl (= [-1.1.0f-1)-] {+1.1.0f-2)+} Version: [-1.1.0f-1-] {+1.1.0f-2+} Kurt
