Bug#1062199: gvm-libs: NMU diff for 64-bit time_t transition
Hi Sophie,
gvm-libs needs a further change to actually be buildable on 32-bit archs
with 64-bit time_t. I've done a follow-up NMU for this; please find a
comprehensive debdiff attached.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
diff -Nru gvm-libs-22.7.3/debian/changelog gvm-libs-22.7.3/debian/changelog
--- gvm-libs-22.7.3/debian/changelog2023-11-20 15:13:25.0 +
+++ gvm-libs-22.7.3/debian/changelog2024-03-16 00:32:34.0 +
@@ -1,3 +1,18 @@
+gvm-libs (22.7.3-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/patches/64-bit-time-t-compat.patch: wrap the write symbols
+when _FILE_OFFSET_BITS=64 is set.
+
+ -- Steve Langasek Sat, 16 Mar 2024 00:32:34 +
+
+gvm-libs (22.7.3-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Rename libraries for 64-bit time_t transition. Closes: #1062199
+
+ -- Lukas Märdian Wed, 28 Feb 2024 09:24:41 +
+
gvm-libs (22.7.3-1) unstable; urgency=medium
* New upstream version 22.7.3
diff -Nru gvm-libs-22.7.3/debian/control gvm-libs-22.7.3/debian/control
--- gvm-libs-22.7.3/debian/control 2023-11-20 15:13:25.0 +
+++ gvm-libs-22.7.3/debian/control 2024-02-28 09:24:41.0 +
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Debian Security Tools
Uploaders: Sophie Brun
-Build-Depends: debhelper-compat (= 13),
+Build-Depends: dpkg-dev (>= 1.22.5), debhelper-compat (= 13),
cmake,
libcgreen1-dev [!ppc64el !s390x],
libglib2.0-dev,
@@ -37,7 +37,7 @@
libgpgme-dev,
libhiredis-dev,
libksba-dev,
- libgvm22 (= ${binary:Version}),
+ libgvm22t64 (= ${binary:Version}),
libpcap-dev,
libssh-dev,
uuid-dev,
@@ -71,12 +71,14 @@
libraries.
-Package: libgvm22
+Package: libgvm22t64
+Provides: ${t64:Provides}
+Breaks: libgvm22 (<< ${source:Version})
Architecture: any
Depends: ${misc:Depends},
${shlibs:Depends},
Multi-Arch: same
-Replaces: libopenvas9
+Replaces: libgvm22, libopenvas9
Conflicts: libopenvas9
Description: remote network security auditor - shared libraries
The Open Vulnerability Assessment System is a modular security auditing
diff -Nru gvm-libs-22.7.3/debian/libgvm22.install
gvm-libs-22.7.3/debian/libgvm22.install
--- gvm-libs-22.7.3/debian/libgvm22.install 2023-11-20 15:13:25.0
+
+++ gvm-libs-22.7.3/debian/libgvm22.install 1970-01-01 00:00:00.0
+
@@ -1 +0,0 @@
-usr/lib/*/libgvm*.so.*
diff -Nru gvm-libs-22.7.3/debian/libgvm22.lintian-overrides
gvm-libs-22.7.3/debian/libgvm22.lintian-overrides
--- gvm-libs-22.7.3/debian/libgvm22.lintian-overrides 2023-11-20
15:13:25.0 +
+++ gvm-libs-22.7.3/debian/libgvm22.lintian-overrides 1970-01-01
00:00:00.0 +
@@ -1,4 +0,0 @@
-# this package provides several shared libraries built from the same source
-# tree; since they change their SONAMES together they are provided in a single
-# library package
-package-name-doesnt-match-sonames
diff -Nru gvm-libs-22.7.3/debian/libgvm22.symbols
gvm-libs-22.7.3/debian/libgvm22.symbols
--- gvm-libs-22.7.3/debian/libgvm22.symbols 2023-11-20 15:13:25.0
+
+++ gvm-libs-22.7.3/debian/libgvm22.symbols 1970-01-01 00:00:00.0
+
@@ -1,486 +0,0 @@
-libgvm_base.so.22 libgvm22 #MINVER#
-* Build-Depends-Package: libgvm-dev
- addr6_as_str@Base 22.4.0
- addr6_to_str@Base 22.4.0
- append_to_credentials_password@Base 22.4.0
- append_to_credentials_username@Base 22.4.0
- array_add@Base 22.4.0
- array_free@Base 22.4.0
- array_reset@Base 22.4.0
- array_terminate@Base 22.4.0
- cleanup_settings_iterator@Base 22.4.0
- current_environ@Base 22.4.0
- drop_privileges@Base 22.4.0
- facilitynames@Base 22.4.0
- free_credentials@Base 22.4.0
- free_log_configuration@Base 22.4.0
- free_log_reference@Base 22.4.4
- get_cvss_score_from_base_metrics@Base 22.4.0
- get_log_reference@Base 22.4.4
- get_time@Base 22.4.0
- global_source_addr6@Base 22.4.0
- global_source_addr@Base 22.4.0
- global_source_iface@Base 22.4.0
- gvm_append_string@Base 22.4.0
- gvm_append_text@Base 22.4.0
- gvm_close_sentry@Base 22.4.0
- gvm_disable_password_policy@Base 22.4.0
- gvm_duplicate_host@Base 22.4.0
- gvm_duplicate_vhost@Base 22.4.0
- gvm_free_string_var@Base 22.4.0
- gvm_get_host_type@Base 22.4.0
- gvm_get_outgoing_iface@Base 22.4.0
- gvm_has_sentry_support@Base 22.4.0
- gvm_host_add_reverse_lookup@Base 22.4.0
- gvm_host_find_in_hosts@Base 22.4.0
- gvm_host_free@Base 22.4.0
- gvm_host_from_str@Base 22.4.0
- gvm_host_get_addr6@Base 22.4.0
- gvm_host_in_hosts@Base 22.4.0
- gvm_host_resolve@Base 22.4.0
- gvm_host_reverse_lookup@Base 22.4.0
- gvm_host_type@Base
Bug#1062199: gvm-libs: NMU diff for 64-bit time_t transition
Dear maintainer,
Please find attached a final version of this patch for the time_t
transition. This patch is being uploaded to unstable.
Note that this adds a versioned build-dependency on dpkg-dev, to guard
against accidental backports with a wrong ABI.
Thanks!
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-21-generic (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gvm-libs-22.7.3/debian/changelog gvm-libs-22.7.3/debian/changelog
--- gvm-libs-22.7.3/debian/changelog2023-11-20 15:13:25.0 +
+++ gvm-libs-22.7.3/debian/changelog2024-02-28 09:24:41.0 +
@@ -1,3 +1,10 @@
+gvm-libs (22.7.3-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Rename libraries for 64-bit time_t transition. Closes: #1062199
+
+ -- Lukas Märdian Wed, 28 Feb 2024 09:24:41 +
+
gvm-libs (22.7.3-1) unstable; urgency=medium
* New upstream version 22.7.3
diff -Nru gvm-libs-22.7.3/debian/control gvm-libs-22.7.3/debian/control
--- gvm-libs-22.7.3/debian/control 2023-11-20 15:13:25.0 +
+++ gvm-libs-22.7.3/debian/control 2024-02-28 09:24:41.0 +
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Debian Security Tools
Uploaders: Sophie Brun
-Build-Depends: debhelper-compat (= 13),
+Build-Depends: dpkg-dev (>= 1.22.5), debhelper-compat (= 13),
cmake,
libcgreen1-dev [!ppc64el !s390x],
libglib2.0-dev,
@@ -37,7 +37,7 @@
libgpgme-dev,
libhiredis-dev,
libksba-dev,
- libgvm22 (= ${binary:Version}),
+ libgvm22t64 (= ${binary:Version}),
libpcap-dev,
libssh-dev,
uuid-dev,
@@ -71,12 +71,14 @@
libraries.
-Package: libgvm22
+Package: libgvm22t64
+Provides: ${t64:Provides}
+Breaks: libgvm22 (<< ${source:Version})
Architecture: any
Depends: ${misc:Depends},
${shlibs:Depends},
Multi-Arch: same
-Replaces: libopenvas9
+Replaces: libgvm22, libopenvas9
Conflicts: libopenvas9
Description: remote network security auditor - shared libraries
The Open Vulnerability Assessment System is a modular security auditing
diff -Nru gvm-libs-22.7.3/debian/libgvm22.install
gvm-libs-22.7.3/debian/libgvm22.install
--- gvm-libs-22.7.3/debian/libgvm22.install 2023-11-20 15:13:25.0
+
+++ gvm-libs-22.7.3/debian/libgvm22.install 1970-01-01 00:00:00.0
+
@@ -1 +0,0 @@
-usr/lib/*/libgvm*.so.*
diff -Nru gvm-libs-22.7.3/debian/libgvm22.lintian-overrides
gvm-libs-22.7.3/debian/libgvm22.lintian-overrides
--- gvm-libs-22.7.3/debian/libgvm22.lintian-overrides 2023-11-20
15:13:25.0 +
+++ gvm-libs-22.7.3/debian/libgvm22.lintian-overrides 1970-01-01
00:00:00.0 +
@@ -1,4 +0,0 @@
-# this package provides several shared libraries built from the same source
-# tree; since they change their SONAMES together they are provided in a single
-# library package
-package-name-doesnt-match-sonames
diff -Nru gvm-libs-22.7.3/debian/libgvm22.symbols
gvm-libs-22.7.3/debian/libgvm22.symbols
--- gvm-libs-22.7.3/debian/libgvm22.symbols 2023-11-20 15:13:25.0
+
+++ gvm-libs-22.7.3/debian/libgvm22.symbols 1970-01-01 00:00:00.0
+
@@ -1,486 +0,0 @@
-libgvm_base.so.22 libgvm22 #MINVER#
-* Build-Depends-Package: libgvm-dev
- addr6_as_str@Base 22.4.0
- addr6_to_str@Base 22.4.0
- append_to_credentials_password@Base 22.4.0
- append_to_credentials_username@Base 22.4.0
- array_add@Base 22.4.0
- array_free@Base 22.4.0
- array_reset@Base 22.4.0
- array_terminate@Base 22.4.0
- cleanup_settings_iterator@Base 22.4.0
- current_environ@Base 22.4.0
- drop_privileges@Base 22.4.0
- facilitynames@Base 22.4.0
- free_credentials@Base 22.4.0
- free_log_configuration@Base 22.4.0
- free_log_reference@Base 22.4.4
- get_cvss_score_from_base_metrics@Base 22.4.0
- get_log_reference@Base 22.4.4
- get_time@Base 22.4.0
- global_source_addr6@Base 22.4.0
- global_source_addr@Base 22.4.0
- global_source_iface@Base 22.4.0
- gvm_append_string@Base 22.4.0
- gvm_append_text@Base 22.4.0
- gvm_close_sentry@Base 22.4.0
- gvm_disable_password_policy@Base 22.4.0
- gvm_duplicate_host@Base 22.4.0
- gvm_duplicate_vhost@Base 22.4.0
- gvm_free_string_var@Base 22.4.0
- gvm_get_host_type@Base 22.4.0
- gvm_get_outgoing_iface@Base 22.4.0
- gvm_has_sentry_support@Base 22.4.0
- gvm_host_add_reverse_lookup@Base 22.4.0
- gvm_host_find_in_hosts@Base 22.4.0
- gvm_host_free@Base 22.4.0
- gvm_host_from_str@Base 22.4.0
- gvm_host_get_addr6@Base 22.4.0
- gvm_host_in_hosts@Base 22.4.0
- gvm_host_resolve@Base 22.4.0
- gvm_host_reverse_lookup@Base 22.4.0
- gvm_host_type@Base 22.4.0
- gvm_host_type_str@Base 22.4.0
-
Bug#1062199: gvm-libs: NMU diff for 64-bit time_t transition
Source: gvm-libs
Version: 22.7.3-1
Severity: serious
Tags: patch pending
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t
Dear maintainer,
As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
gvm-libs as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).
To ensure that inconsistent combinations of libraries with their
reverse-dependencies are never installed together, it is necessary to
have a library transition, which is most easily done by renaming the
runtime library package.
Since turning on 64-bit time_t is being handled centrally through a change
to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is
important that libraries affected by this ABI change all be uploaded close
together in time. Therefore I have prepared a 0-day NMU for gvm-libs
which will initially be uploaded to experimental if possible, then to
unstable after packages have cleared binary NEW.
Please find the patch for this NMU attached.
If you have any concerns about this patch, please reach out ASAP. Although
this package will be uploaded to experimental immediately, there will be a
period of several days before we begin uploads to unstable; so if information
becomes available that your package should not be included in the transition,
there is time for us to amend the planned uploads.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-15-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
diff -Nru gvm-libs-22.7.3/debian/changelog gvm-libs-22.7.3/debian/changelog
--- gvm-libs-22.7.3/debian/changelog2023-11-20 15:13:25.0 +
+++ gvm-libs-22.7.3/debian/changelog2024-01-31 16:49:39.0 +
@@ -1,3 +1,10 @@
+gvm-libs (22.7.3-1.1) experimental; urgency=medium
+
+ * Non-maintainer upload.
+ * Rename libraries for 64-bit time_t transition.
+
+ -- Graham Inggs Wed, 31 Jan 2024 16:49:39 +
+
gvm-libs (22.7.3-1) unstable; urgency=medium
* New upstream version 22.7.3
diff -Nru gvm-libs-22.7.3/debian/control gvm-libs-22.7.3/debian/control
--- gvm-libs-22.7.3/debian/control 2023-11-20 15:13:25.0 +
+++ gvm-libs-22.7.3/debian/control 2024-01-31 16:49:39.0 +
@@ -37,7 +37,7 @@
libgpgme-dev,
libhiredis-dev,
libksba-dev,
- libgvm22 (= ${binary:Version}),
+ libgvm22t64 (= ${binary:Version}),
libpcap-dev,
libssh-dev,
uuid-dev,
@@ -71,12 +71,14 @@
libraries.
-Package: libgvm22
+Package: libgvm22t64
+Provides: ${t64:Provides}
+Breaks: libgvm22 (<< ${source:Version})
Architecture: any
Depends: ${misc:Depends},
${shlibs:Depends},
Multi-Arch: same
-Replaces: libopenvas9
+Replaces: libgvm22, libopenvas9
Conflicts: libopenvas9
Description: remote network security auditor - shared libraries
The Open Vulnerability Assessment System is a modular security auditing
diff -Nru gvm-libs-22.7.3/debian/libgvm22.install
gvm-libs-22.7.3/debian/libgvm22.install
--- gvm-libs-22.7.3/debian/libgvm22.install 2023-11-20 15:13:25.0
+
+++ gvm-libs-22.7.3/debian/libgvm22.install 1970-01-01 00:00:00.0
+
@@ -1 +0,0 @@
-usr/lib/*/libgvm*.so.*
diff -Nru gvm-libs-22.7.3/debian/libgvm22.lintian-overrides
gvm-libs-22.7.3/debian/libgvm22.lintian-overrides
--- gvm-libs-22.7.3/debian/libgvm22.lintian-overrides 2023-11-20
15:13:25.0 +
+++ gvm-libs-22.7.3/debian/libgvm22.lintian-overrides 1970-01-01
00:00:00.0 +
@@ -1,4 +0,0 @@
-# this package provides several shared libraries built from the same source
-# tree; since they change their SONAMES together they are provided in a single
-# library package
-package-name-doesnt-match-sonames
diff -Nru gvm-libs-22.7.3/debian/libgvm22.symbols
gvm-libs-22.7.3/debian/libgvm22.symbols
--- gvm-libs-22.7.3/debian/libgvm22.symbols 2023-11-20 15:13:25.0
+
+++ gvm-libs-22.7.3/debian/libgvm22.symbols 1970-01-01 00:00:00.0
+
@@ -1,486 +0,0 @@
-libgvm_base.so.22 libgvm22 #MINVER#
-* Build-Depends-Package: libgvm-dev
- addr6_as_str@Base 22.4.0
- addr6_to_str@Base 22.4.0
- append_to_credentials_password@Base 22.4.0
- append_to_credentials_username@Base 22.4.0
- array_add@Base 22.4.0
- array_free@Base 22.4.0
- array_reset@Base 22.4.0
- array_terminate@Base 22.4.0
- cleanup_settings_iterator@Base 22.4.0
- current_environ@Base 22.4.0
- drop_privileges@Base 22.4.0
-
