Source: syslog-ng Version: 1:5.107.0-1 Severity: serious Tags: patch sid trixie Justification: library ABI skew on upgrade User: debian-...@lists.debian.org Usertags: time-t
Dear maintainers, As part of the 64-bit time_t transition required to support 32-bit architectures in 2038 and beyond (https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified syslog-ng as a source package shipping runtime libraries whose ABI could not be analyzed via abi-compliance-checker (and therefore to be on the safe side we assume is affected). syslog-ng is an interesting case, because it has no reverse-dependencies in the archive aside from modules built from the same source package; but it has a shlibs file declaring no version information at all, so any external package that *did* build-depend on syslog-ng-dev is sure to get incomplete runtime dependencies allowing for ABI skew. Furthermore, the module packages built from the source get a dependency on: syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) This for some reason assumes that there can never be ABI skew introduced by a binNMU. But if the ABI of the libraries in syslog-ng-core are affected by 64-bit time_t, and syslog-ng gets binNMUed, that's exactly what would happen! So I think it's simply better to have strict versioned dependencies in the shlibs as in the attached patch, which then makes the hard-coded dependencies in debian/control unnecessary, allowing you to simplify the package somewhat. Since there are no external reverse-dependencies and no package renames are required here, I do not intend to upload any NMUs for this. But I suggest applying the attached patch all the same, to guard against any breakage due to binNMUs. If you do not apply this patch, then because syslog-ng depends on at least one library that is being renamed for the time_t transition (libssl3), syslog-ng WILL be binNMUed, so if the syslog-ng-core ABI *is* affected by time_t (which, again, we don't know for sure), there WILL be ABI skew and packages could break at runtime due to insufficiently strict dependencies. I therefore recommend that you apply this patch, which is safe to apply immediately without waiting for dpkg changes, just to be safe. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
diff -Nru syslog-ng-3.38.1/debian/changelog syslog-ng-3.38.1/debian/changelog --- syslog-ng-3.38.1/debian/changelog 2023-01-30 18:18:56.000000000 +0000 +++ syslog-ng-3.38.1/debian/changelog 2024-02-04 21:35:03.000000000 +0000 @@ -1,3 +1,15 @@ +syslog-ng (3.38.1-5.1) experimental; urgency=medium + + * Non-maintainer upload. + * Adjust shlibs for syslog-ng-core to use a strict versioned depends; + previously, modules used >=, << dependencies which did not account for + the possibility of ABI skew in a binNMU, which is exactly what happens + with the 64-bit time_t transition. + * Drop hard-coded dependency rules on syslog-ng-core from modules + packages, now redundant. + + -- Steve Langasek <vor...@debian.org> Sun, 04 Feb 2024 21:35:03 +0000 + syslog-ng (3.38.1-5) unstable; urgency=medium * Build without Criterion support. diff -Nru syslog-ng-3.38.1/debian/control syslog-ng-3.38.1/debian/control --- syslog-ng-3.38.1/debian/control 2023-01-30 18:18:56.000000000 +0000 +++ syslog-ng-3.38.1/debian/control 2024-02-04 21:32:59.000000000 +0000 @@ -150,7 +150,7 @@ Package: syslog-ng-mod-mongodb Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: mongodb-server Description: Enhanced system logging daemon (MongoDB plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input @@ -174,7 +174,7 @@ Package: syslog-ng-mod-sql Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: libdbd-mysql, libdbd-pgsql, libdbd-sqlite3 Description: Enhanced system logging daemon (SQL plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input @@ -199,7 +199,7 @@ Package: syslog-ng-mod-smtp Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (SMTP plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, @@ -222,7 +222,7 @@ Package: syslog-ng-mod-amqp Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: rabbitmq-server Description: Enhanced system logging daemon (AMQP plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input @@ -246,7 +246,7 @@ Package: syslog-ng-mod-geoip2 Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Provides: syslog-ng-mod-geoip Replaces: syslog-ng-mod-geoip (<< 3.25.1~) Breaks: syslog-ng-mod-geoip (<< 3.25.1~) @@ -273,7 +273,7 @@ Package: syslog-ng-mod-redis Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (Redis plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, @@ -296,7 +296,7 @@ Package: syslog-ng-mod-stomp Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: activemq Description: Enhanced system logging daemon (STOMP plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input @@ -320,7 +320,7 @@ Package: syslog-ng-mod-riemann Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (Riemann destination) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, @@ -343,7 +343,7 @@ Package: syslog-ng-mod-graphite Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: graphite-web Description: Enhanced system logging daemon (graphite plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input @@ -368,7 +368,7 @@ Package: syslog-ng-mod-python Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} XB-Python-Version: ${python:Versions} Description: Enhanced system logging daemon (Python plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input @@ -392,7 +392,7 @@ Package: syslog-ng-mod-add-contextual-data Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (add-contextual-data plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, @@ -420,7 +420,7 @@ Package: syslog-ng-mod-stardate Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (stardate plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, @@ -444,7 +444,7 @@ Package: syslog-ng-mod-snmp Architecture: linux-any hurd-i386 Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: syslog-ng-mod-snmptrapd-parser (<< 3.27.1~) Breaks: syslog-ng-mod-snmptrapd-parser (<< 3.27.1~) Description: Enhanced system logging daemon (SNMP plugin) @@ -469,7 +469,7 @@ Package: syslog-ng-mod-xml-parser Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (xml parser plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, @@ -492,7 +492,7 @@ Package: syslog-ng-mod-http Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: syslog-ng-core (<< 3.26.1~) Breaks: syslog-ng-core (<< 3.26.1~) Description: Enhanced system logging daemon (HTTP destination) @@ -517,7 +517,7 @@ Package: syslog-ng-mod-rdkafka Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (Kafka destination, based on librdkafka) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, @@ -548,7 +548,7 @@ Package: syslog-ng-scl Architecture: all Multi-Arch: foreign -Depends: ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${misc:Depends} Provides: syslog-ng-mod-extra Replaces: syslog-ng-mod-extra (<< 3.38.1~), syslog-ng-core (<< 3.38.1~), syslog-ng-mod-graphite (<< 3.38.1~), syslog-ng-mod-rdkafka (<< 3.38.1~), syslog-ng-mod-snmp (<< 3.38.1~) Breaks: syslog-ng-mod-extra (<< 3.38.1~), syslog-ng-core (<< 3.38.1~), syslog-ng-mod-graphite (<< 3.38.1~), syslog-ng-mod-rdkafka (<< 3.38.1~), syslog-ng-mod-snmp (<< 3.38.1~) @@ -574,7 +574,7 @@ Package: syslog-ng-mod-examples Architecture: any Multi-Arch: foreign -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (example plugins) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, @@ -598,7 +598,7 @@ Multi-Arch: foreign Replaces: syslog-ng-core (<< 3.28.1~) Breaks: syslog-ng-core (<< 3.28.1~) -Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~) +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Enhanced system logging daemon (secure logging plugin) syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, diff -Nru syslog-ng-3.38.1/debian/rules syslog-ng-3.38.1/debian/rules --- syslog-ng-3.38.1/debian/rules 2022-09-21 20:41:47.000000000 +0000 +++ syslog-ng-3.38.1/debian/rules 2024-02-04 21:31:26.000000000 +0000 @@ -175,7 +175,7 @@ # shlibs file for that, shall we? # override_dh_makeshlibs: - dh_makeshlibs -n -Xusr/lib/syslog-ng/${UMAJOR} + dh_makeshlibs -n -Xusr/lib/syslog-ng/${UMAJOR} -V 'syslog-ng-core (= $${binary:Version})' # Since syslog-ng depends on all the modules, and syslog-ng-core # suggests the same set, and modules can come and go as new versions