Bug#1062563: libp11: NMU diff for 64-bit time_t transition
Source: libp11
Dear maintainer,
Please find attached a final version of this patch for the time_t
transition. This patch is being uploaded to unstable.
Note that this adds a versioned build-dependency on dpkg-dev, to guard
against accidental backports with a wrong ABI.
Thanks!
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-21-generic (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
diff -Nru libp11-0.4.12/debian/changelog libp11-0.4.12/debian/changelog
--- libp11-0.4.12/debian/changelog 2023-08-21 12:21:43.0 +
+++ libp11-0.4.12/debian/changelog 2024-02-28 16:14:03.0 +
@@ -1,3 +1,10 @@
+libp11 (0.4.12-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Rename libraries for 64-bit time_t transition. Closes: #1062563
+
+ -- Benjamin Drung Wed, 28 Feb 2024 16:14:03 +
+
libp11 (0.4.12-1) unstable; urgency=medium
* Team upload
diff -Nru libp11-0.4.12/debian/control libp11-0.4.12/debian/control
--- libp11-0.4.12/debian/control2023-08-21 12:21:43.0 +
+++ libp11-0.4.12/debian/control2024-02-28 16:14:03.0 +
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Debian OpenSC Maintainers
Uploaders: Eric Dorland
-Build-Depends: debhelper-compat (= 12),
+Build-Depends: dpkg-dev (>= 1.22.5), debhelper-compat (= 12),
libltdl3-dev,
libp11-kit-dev,
libssl-dev,
@@ -16,7 +16,7 @@
Package: libp11-dev
Architecture: any
-Depends: libp11-3 (= ${binary:Version}),
+Depends: libp11-3t64 (= ${binary:Version}),
libssl-dev,
pkg-config,
${misc:Depends}
@@ -28,14 +28,15 @@
.
This package contains the header files and static libraries.
-Package: libp11-3
+Package: libp11-3t64
+Provides: ${t64:Provides}
Architecture: any
Multi-Arch: same
Section: libs
Pre-Depends: ${misc:Pre-Depends}
Depends: ${misc:Depends}, ${shlibs:Depends}
-Breaks: libp11-2
-Replaces: libp11-2
+Breaks: libp11-3 (<< ${source:Version}), libp11-2
+Replaces: libp11-3, libp11-2
Description: pkcs#11 convenience library
Libp11 is a library to simplify using smart cards via PKCS#11
modules. It was spun of the OpenSC project but can be used with any
diff -Nru libp11-0.4.12/debian/libp11-3.install
libp11-0.4.12/debian/libp11-3.install
--- libp11-0.4.12/debian/libp11-3.install 2023-08-21 12:21:43.0
+
+++ libp11-0.4.12/debian/libp11-3.install 1970-01-01 00:00:00.0
+
@@ -1 +0,0 @@
-debian/tmp/usr/lib/*/libp11*.so.*
diff -Nru libp11-0.4.12/debian/libp11-3.symbols
libp11-0.4.12/debian/libp11-3.symbols
--- libp11-0.4.12/debian/libp11-3.symbols 2023-08-21 12:21:43.0
+
+++ libp11-0.4.12/debian/libp11-3.symbols 1970-01-01 00:00:00.0
+
@@ -1,52 +0,0 @@
-libp11.so.3 libp11-3 #MINVER#
- ERR_get_CKR_code@LIBP11_3 0.4.9
- ERR_load_PKCS11_strings@LIBP11_3 0.4.4
- LIBP11_3@LIBP11_3 0.4.4
- PKCS11_CTX_free@LIBP11_3 0.4.4
- PKCS11_CTX_init_args@LIBP11_3 0.4.4
- PKCS11_CTX_load@LIBP11_3 0.4.4
- PKCS11_CTX_new@LIBP11_3 0.4.4
- PKCS11_CTX_unload@LIBP11_3 0.4.4
- PKCS11_change_pin@LIBP11_3 0.4.4
- PKCS11_ecdsa_method_free@LIBP11_3 0.4.4
- PKCS11_enumerate_certs@LIBP11_3 0.4.4
- PKCS11_enumerate_keys@LIBP11_3 0.4.4
- PKCS11_enumerate_public_keys@LIBP11_3 0.4.4
- PKCS11_enumerate_slots@LIBP11_3 0.4.4
- PKCS11_find_certificate@LIBP11_3 0.4.4
- PKCS11_find_key@LIBP11_3 0.4.4
- PKCS11_find_next_token@LIBP11_3 0.4.9
- PKCS11_find_token@LIBP11_3 0.4.4
- PKCS11_generate_key@LIBP11_3 0.4.4
- PKCS11_generate_random@LIBP11_3 0.4.4
- PKCS11_get_ec_key_method@LIBP11_3 0.4.4
- PKCS11_get_ecdh_method@LIBP11_3 0.4.4
- PKCS11_get_ecdsa_method@LIBP11_3 0.4.4
- PKCS11_get_key_exponent@LIBP11_3 0.4.4
- PKCS11_get_key_modulus@LIBP11_3 0.4.4
- PKCS11_get_key_size@LIBP11_3 0.4.4
- PKCS11_get_key_type@LIBP11_3 0.4.4
- PKCS11_get_private_key@LIBP11_3 0.4.4
- PKCS11_get_public_key@LIBP11_3 0.4.4
- PKCS11_get_rsa_method@LIBP11_3 0.4.4
- PKCS11_get_slotid_from_slot@LIBP11_3 0.4.4
- PKCS11_init_pin@LIBP11_3 0.4.4
- PKCS11_init_token@LIBP11_3 0.4.4
- PKCS11_is_logged_in@LIBP11_3 0.4.4
- PKCS11_login@LIBP11_3 0.4.4
- PKCS11_logout@LIBP11_3 0.4.4
- PKCS11_open_session@LIBP11_3 0.4.4
- PKCS11_pkey_meths@LIBP11_3 0.4.9
- PKCS11_private_decrypt@LIBP11_3 0.4.4
- PKCS11_private_encrypt@LIBP11_3 0.4.4
- PKCS11_release_all_slots@LIBP11_3 0.4.4
- PKCS11_remove_certificate@LIBP11_3 0.4.9
- PKCS11_remove_key@LIBP11_3 0.4.9
- PKCS11_seed_random@LIBP11_3 0.4.4
- PKCS11_set_ui_method@LIBP11_3 0.4.4
- PKCS11_sign@LIBP11_3 0.4.4
- PKCS11_store_certificate@LIBP11_3 0.4.4
- PKCS11_store_private_key@LIBP11_3 0.4.4
- PKCS11_store_public_key@LIBP11_3
Bug#1062563: libp11: NMU diff for 64-bit time_t transition
Hello,
Some consistency checking on the NMUs to experimental turned up a surprising
result, which is that libp11, on a no-change rebuild against openssl >= 3.1,
due to a buggy upstream check reverts the soname to libp11.so.2 breaking
ABI.
I suggest that your .install file should include the full soname pattern to
avoid such accidental misbuilds in the future. In the meantime, please find
attached an updated patch which takes a big hammer to the upstream check so
that the soname doesn't wrongly change on rebuild.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
diff -Nru libp11-0.4.12/debian/changelog libp11-0.4.12/debian/changelog
--- libp11-0.4.12/debian/changelog 2023-08-21 12:21:43.0 +
+++ libp11-0.4.12/debian/changelog 2024-02-25 08:02:51.0 +
@@ -1,3 +1,17 @@
+libp11 (0.4.12-1.1~exp2) experimental; urgency=medium
+
+ * debian/patches/fix-upstream-soname-madness.patch: set the correct
+upstream soname for openssl3.
+
+ -- Steve Langasek Sun, 25 Feb 2024 08:02:51 +
+
+libp11 (0.4.12-1.1~exp1) experimental; urgency=medium
+
+ * Non-maintainer upload.
+ * Rename libraries for 64-bit time_t transition.
+
+ -- Steve Langasek Thu, 01 Feb 2024 23:04:59 +
+
libp11 (0.4.12-1) unstable; urgency=medium
* Team upload
diff -Nru libp11-0.4.12/debian/control libp11-0.4.12/debian/control
--- libp11-0.4.12/debian/control2023-08-21 12:21:43.0 +
+++ libp11-0.4.12/debian/control2024-02-01 23:04:59.0 +
@@ -16,7 +16,7 @@
Package: libp11-dev
Architecture: any
-Depends: libp11-3 (= ${binary:Version}),
+Depends: libp11-3t64 (= ${binary:Version}),
libssl-dev,
pkg-config,
${misc:Depends}
@@ -28,14 +28,15 @@
.
This package contains the header files and static libraries.
-Package: libp11-3
+Package: libp11-3t64
+Provides: ${t64:Provides}
Architecture: any
Multi-Arch: same
Section: libs
Pre-Depends: ${misc:Pre-Depends}
Depends: ${misc:Depends}, ${shlibs:Depends}
-Breaks: libp11-2
-Replaces: libp11-2
+Breaks: libp11-3 (<< ${source:Version}), libp11-2
+Replaces: libp11-3, libp11-2
Description: pkcs#11 convenience library
Libp11 is a library to simplify using smart cards via PKCS#11
modules. It was spun of the OpenSC project but can be used with any
diff -Nru libp11-0.4.12/debian/libp11-3.install
libp11-0.4.12/debian/libp11-3.install
--- libp11-0.4.12/debian/libp11-3.install 2023-08-21 12:21:43.0
+
+++ libp11-0.4.12/debian/libp11-3.install 1970-01-01 00:00:00.0
+
@@ -1 +0,0 @@
-debian/tmp/usr/lib/*/libp11*.so.*
diff -Nru libp11-0.4.12/debian/libp11-3.symbols
libp11-0.4.12/debian/libp11-3.symbols
--- libp11-0.4.12/debian/libp11-3.symbols 2023-08-21 12:21:43.0
+
+++ libp11-0.4.12/debian/libp11-3.symbols 1970-01-01 00:00:00.0
+
@@ -1,52 +0,0 @@
-libp11.so.3 libp11-3 #MINVER#
- ERR_get_CKR_code@LIBP11_3 0.4.9
- ERR_load_PKCS11_strings@LIBP11_3 0.4.4
- LIBP11_3@LIBP11_3 0.4.4
- PKCS11_CTX_free@LIBP11_3 0.4.4
- PKCS11_CTX_init_args@LIBP11_3 0.4.4
- PKCS11_CTX_load@LIBP11_3 0.4.4
- PKCS11_CTX_new@LIBP11_3 0.4.4
- PKCS11_CTX_unload@LIBP11_3 0.4.4
- PKCS11_change_pin@LIBP11_3 0.4.4
- PKCS11_ecdsa_method_free@LIBP11_3 0.4.4
- PKCS11_enumerate_certs@LIBP11_3 0.4.4
- PKCS11_enumerate_keys@LIBP11_3 0.4.4
- PKCS11_enumerate_public_keys@LIBP11_3 0.4.4
- PKCS11_enumerate_slots@LIBP11_3 0.4.4
- PKCS11_find_certificate@LIBP11_3 0.4.4
- PKCS11_find_key@LIBP11_3 0.4.4
- PKCS11_find_next_token@LIBP11_3 0.4.9
- PKCS11_find_token@LIBP11_3 0.4.4
- PKCS11_generate_key@LIBP11_3 0.4.4
- PKCS11_generate_random@LIBP11_3 0.4.4
- PKCS11_get_ec_key_method@LIBP11_3 0.4.4
- PKCS11_get_ecdh_method@LIBP11_3 0.4.4
- PKCS11_get_ecdsa_method@LIBP11_3 0.4.4
- PKCS11_get_key_exponent@LIBP11_3 0.4.4
- PKCS11_get_key_modulus@LIBP11_3 0.4.4
- PKCS11_get_key_size@LIBP11_3 0.4.4
- PKCS11_get_key_type@LIBP11_3 0.4.4
- PKCS11_get_private_key@LIBP11_3 0.4.4
- PKCS11_get_public_key@LIBP11_3 0.4.4
- PKCS11_get_rsa_method@LIBP11_3 0.4.4
- PKCS11_get_slotid_from_slot@LIBP11_3 0.4.4
- PKCS11_init_pin@LIBP11_3 0.4.4
- PKCS11_init_token@LIBP11_3 0.4.4
- PKCS11_is_logged_in@LIBP11_3 0.4.4
- PKCS11_login@LIBP11_3 0.4.4
- PKCS11_logout@LIBP11_3 0.4.4
- PKCS11_open_session@LIBP11_3 0.4.4
- PKCS11_pkey_meths@LIBP11_3 0.4.9
- PKCS11_private_decrypt@LIBP11_3 0.4.4
- PKCS11_private_encrypt@LIBP11_3 0.4.4
- PKCS11_release_all_slots@LIBP11_3 0.4.4
- PKCS11_remove_certificate@LIBP11_3 0.4.9
- PKCS11_remove_key@LIBP11_3 0.4.9
- PKCS11_seed_random@LIBP11_3 0.4.4
- PKCS11_set_ui_method@LIBP11_3 0.4.4
- PKCS11_sign@LIBP11_3 0.4.4
- PKCS11_store_certificate@LIBP11_3 0.4.4
- PKCS11_store_private_key@LIBP11_3 0.4.4
-
Bug#1062563: libp11: NMU diff for 64-bit time_t transition
Source: libp11
Version: 0.4.12-1
Severity: serious
Tags: patch pending
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t
NOTICE: these changes must not be uploaded to unstable yet!
Dear maintainer,
As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
libp11 as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).
To ensure that inconsistent combinations of libraries with their
reverse-dependencies are never installed together, it is necessary to
have a library transition, which is most easily done by renaming the
runtime library package.
Since turning on 64-bit time_t is being handled centrally through a change
to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is
important that libraries affected by this ABI change all be uploaded close
together in time. Therefore I have prepared a 0-day NMU for libp11
which will initially be uploaded to experimental if possible, then to
unstable after packages have cleared binary NEW.
Please find the patch for this NMU attached.
If you have any concerns about this patch, please reach out ASAP. Although
this package will be uploaded to experimental immediately, there will be a
period of several days before we begin uploads to unstable; so if information
becomes available that your package should not be included in the transition,
there is time for us to amend the planned uploads.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru libp11-0.4.12/debian/changelog libp11-0.4.12/debian/changelog
--- libp11-0.4.12/debian/changelog 2023-08-21 12:21:43.0 +
+++ libp11-0.4.12/debian/changelog 2024-02-01 23:04:35.0 +
@@ -1,3 +1,10 @@
+libp11 (0.4.12-1.1) experimental; urgency=medium
+
+ * Non-maintainer upload.
+ * Rename libraries for 64-bit time_t transition.
+
+ -- Steve Langasek Thu, 01 Feb 2024 23:04:35 +
+
libp11 (0.4.12-1) unstable; urgency=medium
* Team upload
diff -Nru libp11-0.4.12/debian/control libp11-0.4.12/debian/control
--- libp11-0.4.12/debian/control2023-08-21 12:21:43.0 +
+++ libp11-0.4.12/debian/control2024-02-01 23:04:35.0 +
@@ -16,7 +16,7 @@
Package: libp11-dev
Architecture: any
-Depends: libp11-3 (= ${binary:Version}),
+Depends: libp11-3t64 (= ${binary:Version}),
libssl-dev,
pkg-config,
${misc:Depends}
@@ -28,14 +28,15 @@
.
This package contains the header files and static libraries.
-Package: libp11-3
+Package: libp11-3t64
+Provides: ${t64:Provides}
Architecture: any
Multi-Arch: same
Section: libs
Pre-Depends: ${misc:Pre-Depends}
Depends: ${misc:Depends}, ${shlibs:Depends}
-Breaks: libp11-2
-Replaces: libp11-2
+Breaks: libp11-3 (<< ${source:Version}), libp11-2
+Replaces: libp11-3, libp11-2
Description: pkcs#11 convenience library
Libp11 is a library to simplify using smart cards via PKCS#11
modules. It was spun of the OpenSC project but can be used with any
diff -Nru libp11-0.4.12/debian/libp11-3.install
libp11-0.4.12/debian/libp11-3.install
--- libp11-0.4.12/debian/libp11-3.install 2023-08-21 12:21:43.0
+
+++ libp11-0.4.12/debian/libp11-3.install 1970-01-01 00:00:00.0
+
@@ -1 +0,0 @@
-debian/tmp/usr/lib/*/libp11*.so.*
diff -Nru libp11-0.4.12/debian/libp11-3.symbols
libp11-0.4.12/debian/libp11-3.symbols
--- libp11-0.4.12/debian/libp11-3.symbols 2023-08-21 12:21:43.0
+
+++ libp11-0.4.12/debian/libp11-3.symbols 1970-01-01 00:00:00.0
+
@@ -1,52 +0,0 @@
-libp11.so.3 libp11-3 #MINVER#
- ERR_get_CKR_code@LIBP11_3 0.4.9
- ERR_load_PKCS11_strings@LIBP11_3 0.4.4
- LIBP11_3@LIBP11_3 0.4.4
- PKCS11_CTX_free@LIBP11_3 0.4.4
- PKCS11_CTX_init_args@LIBP11_3 0.4.4
- PKCS11_CTX_load@LIBP11_3 0.4.4
- PKCS11_CTX_new@LIBP11_3 0.4.4
- PKCS11_CTX_unload@LIBP11_3 0.4.4
- PKCS11_change_pin@LIBP11_3 0.4.4
- PKCS11_ecdsa_method_free@LIBP11_3 0.4.4
- PKCS11_enumerate_certs@LIBP11_3 0.4.4
- PKCS11_enumerate_keys@LIBP11_3 0.4.4
- PKCS11_enumerate_public_keys@LIBP11_3 0.4.4
- PKCS11_enumerate_slots@LIBP11_3 0.4.4
- PKCS11_find_certificate@LIBP11_3 0.4.4
- PKCS11_find_key@LIBP11_3 0.4.4
- PKCS11_find_next_token@LIBP11_3 0.4.9
- PKCS11_find_token@LIBP11_3 0.4.4
- PKCS11_generate_key@LIBP11_3 0.4.4
- PKCS11_generate_random@LIBP11_3
