Bug#1062563: libp11: NMU diff for 64-bit time_t transition
Source: libp11 Dear maintainer, Please find attached a final version of this patch for the time_t transition. This patch is being uploaded to unstable. Note that this adds a versioned build-dependency on dpkg-dev, to guard against accidental backports with a wrong ABI. Thanks! -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-21-generic (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect diff -Nru libp11-0.4.12/debian/changelog libp11-0.4.12/debian/changelog --- libp11-0.4.12/debian/changelog 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/changelog 2024-02-28 16:14:03.0 + @@ -1,3 +1,10 @@ +libp11 (0.4.12-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Rename libraries for 64-bit time_t transition. Closes: #1062563 + + -- Benjamin Drung Wed, 28 Feb 2024 16:14:03 + + libp11 (0.4.12-1) unstable; urgency=medium * Team upload diff -Nru libp11-0.4.12/debian/control libp11-0.4.12/debian/control --- libp11-0.4.12/debian/control2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/control2024-02-28 16:14:03.0 + @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian OpenSC Maintainers Uploaders: Eric Dorland -Build-Depends: debhelper-compat (= 12), +Build-Depends: dpkg-dev (>= 1.22.5), debhelper-compat (= 12), libltdl3-dev, libp11-kit-dev, libssl-dev, @@ -16,7 +16,7 @@ Package: libp11-dev Architecture: any -Depends: libp11-3 (= ${binary:Version}), +Depends: libp11-3t64 (= ${binary:Version}), libssl-dev, pkg-config, ${misc:Depends} @@ -28,14 +28,15 @@ . This package contains the header files and static libraries. -Package: libp11-3 +Package: libp11-3t64 +Provides: ${t64:Provides} Architecture: any Multi-Arch: same Section: libs Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} -Breaks: libp11-2 -Replaces: libp11-2 +Breaks: libp11-3 (<< ${source:Version}), libp11-2 +Replaces: libp11-3, libp11-2 Description: pkcs#11 convenience library Libp11 is a library to simplify using smart cards via PKCS#11 modules. It was spun of the OpenSC project but can be used with any diff -Nru libp11-0.4.12/debian/libp11-3.install libp11-0.4.12/debian/libp11-3.install --- libp11-0.4.12/debian/libp11-3.install 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/libp11-3.install 1970-01-01 00:00:00.0 + @@ -1 +0,0 @@ -debian/tmp/usr/lib/*/libp11*.so.* diff -Nru libp11-0.4.12/debian/libp11-3.symbols libp11-0.4.12/debian/libp11-3.symbols --- libp11-0.4.12/debian/libp11-3.symbols 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/libp11-3.symbols 1970-01-01 00:00:00.0 + @@ -1,52 +0,0 @@ -libp11.so.3 libp11-3 #MINVER# - ERR_get_CKR_code@LIBP11_3 0.4.9 - ERR_load_PKCS11_strings@LIBP11_3 0.4.4 - LIBP11_3@LIBP11_3 0.4.4 - PKCS11_CTX_free@LIBP11_3 0.4.4 - PKCS11_CTX_init_args@LIBP11_3 0.4.4 - PKCS11_CTX_load@LIBP11_3 0.4.4 - PKCS11_CTX_new@LIBP11_3 0.4.4 - PKCS11_CTX_unload@LIBP11_3 0.4.4 - PKCS11_change_pin@LIBP11_3 0.4.4 - PKCS11_ecdsa_method_free@LIBP11_3 0.4.4 - PKCS11_enumerate_certs@LIBP11_3 0.4.4 - PKCS11_enumerate_keys@LIBP11_3 0.4.4 - PKCS11_enumerate_public_keys@LIBP11_3 0.4.4 - PKCS11_enumerate_slots@LIBP11_3 0.4.4 - PKCS11_find_certificate@LIBP11_3 0.4.4 - PKCS11_find_key@LIBP11_3 0.4.4 - PKCS11_find_next_token@LIBP11_3 0.4.9 - PKCS11_find_token@LIBP11_3 0.4.4 - PKCS11_generate_key@LIBP11_3 0.4.4 - PKCS11_generate_random@LIBP11_3 0.4.4 - PKCS11_get_ec_key_method@LIBP11_3 0.4.4 - PKCS11_get_ecdh_method@LIBP11_3 0.4.4 - PKCS11_get_ecdsa_method@LIBP11_3 0.4.4 - PKCS11_get_key_exponent@LIBP11_3 0.4.4 - PKCS11_get_key_modulus@LIBP11_3 0.4.4 - PKCS11_get_key_size@LIBP11_3 0.4.4 - PKCS11_get_key_type@LIBP11_3 0.4.4 - PKCS11_get_private_key@LIBP11_3 0.4.4 - PKCS11_get_public_key@LIBP11_3 0.4.4 - PKCS11_get_rsa_method@LIBP11_3 0.4.4 - PKCS11_get_slotid_from_slot@LIBP11_3 0.4.4 - PKCS11_init_pin@LIBP11_3 0.4.4 - PKCS11_init_token@LIBP11_3 0.4.4 - PKCS11_is_logged_in@LIBP11_3 0.4.4 - PKCS11_login@LIBP11_3 0.4.4 - PKCS11_logout@LIBP11_3 0.4.4 - PKCS11_open_session@LIBP11_3 0.4.4 - PKCS11_pkey_meths@LIBP11_3 0.4.9 - PKCS11_private_decrypt@LIBP11_3 0.4.4 - PKCS11_private_encrypt@LIBP11_3 0.4.4 - PKCS11_release_all_slots@LIBP11_3 0.4.4 - PKCS11_remove_certificate@LIBP11_3 0.4.9 - PKCS11_remove_key@LIBP11_3 0.4.9 - PKCS11_seed_random@LIBP11_3 0.4.4 - PKCS11_set_ui_method@LIBP11_3 0.4.4 - PKCS11_sign@LIBP11_3 0.4.4 - PKCS11_store_certificate@LIBP11_3 0.4.4 - PKCS11_store_private_key@LIBP11_3 0.4.4 - PKCS11_store_public_key@LIBP11_3
Bug#1062563: libp11: NMU diff for 64-bit time_t transition
Hello, Some consistency checking on the NMUs to experimental turned up a surprising result, which is that libp11, on a no-change rebuild against openssl >= 3.1, due to a buggy upstream check reverts the soname to libp11.so.2 breaking ABI. I suggest that your .install file should include the full soname pattern to avoid such accidental misbuilds in the future. In the meantime, please find attached an updated patch which takes a big hammer to the upstream check so that the soname doesn't wrongly change on rebuild. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru libp11-0.4.12/debian/changelog libp11-0.4.12/debian/changelog --- libp11-0.4.12/debian/changelog 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/changelog 2024-02-25 08:02:51.0 + @@ -1,3 +1,17 @@ +libp11 (0.4.12-1.1~exp2) experimental; urgency=medium + + * debian/patches/fix-upstream-soname-madness.patch: set the correct +upstream soname for openssl3. + + -- Steve Langasek Sun, 25 Feb 2024 08:02:51 + + +libp11 (0.4.12-1.1~exp1) experimental; urgency=medium + + * Non-maintainer upload. + * Rename libraries for 64-bit time_t transition. + + -- Steve Langasek Thu, 01 Feb 2024 23:04:59 + + libp11 (0.4.12-1) unstable; urgency=medium * Team upload diff -Nru libp11-0.4.12/debian/control libp11-0.4.12/debian/control --- libp11-0.4.12/debian/control2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/control2024-02-01 23:04:59.0 + @@ -16,7 +16,7 @@ Package: libp11-dev Architecture: any -Depends: libp11-3 (= ${binary:Version}), +Depends: libp11-3t64 (= ${binary:Version}), libssl-dev, pkg-config, ${misc:Depends} @@ -28,14 +28,15 @@ . This package contains the header files and static libraries. -Package: libp11-3 +Package: libp11-3t64 +Provides: ${t64:Provides} Architecture: any Multi-Arch: same Section: libs Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} -Breaks: libp11-2 -Replaces: libp11-2 +Breaks: libp11-3 (<< ${source:Version}), libp11-2 +Replaces: libp11-3, libp11-2 Description: pkcs#11 convenience library Libp11 is a library to simplify using smart cards via PKCS#11 modules. It was spun of the OpenSC project but can be used with any diff -Nru libp11-0.4.12/debian/libp11-3.install libp11-0.4.12/debian/libp11-3.install --- libp11-0.4.12/debian/libp11-3.install 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/libp11-3.install 1970-01-01 00:00:00.0 + @@ -1 +0,0 @@ -debian/tmp/usr/lib/*/libp11*.so.* diff -Nru libp11-0.4.12/debian/libp11-3.symbols libp11-0.4.12/debian/libp11-3.symbols --- libp11-0.4.12/debian/libp11-3.symbols 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/libp11-3.symbols 1970-01-01 00:00:00.0 + @@ -1,52 +0,0 @@ -libp11.so.3 libp11-3 #MINVER# - ERR_get_CKR_code@LIBP11_3 0.4.9 - ERR_load_PKCS11_strings@LIBP11_3 0.4.4 - LIBP11_3@LIBP11_3 0.4.4 - PKCS11_CTX_free@LIBP11_3 0.4.4 - PKCS11_CTX_init_args@LIBP11_3 0.4.4 - PKCS11_CTX_load@LIBP11_3 0.4.4 - PKCS11_CTX_new@LIBP11_3 0.4.4 - PKCS11_CTX_unload@LIBP11_3 0.4.4 - PKCS11_change_pin@LIBP11_3 0.4.4 - PKCS11_ecdsa_method_free@LIBP11_3 0.4.4 - PKCS11_enumerate_certs@LIBP11_3 0.4.4 - PKCS11_enumerate_keys@LIBP11_3 0.4.4 - PKCS11_enumerate_public_keys@LIBP11_3 0.4.4 - PKCS11_enumerate_slots@LIBP11_3 0.4.4 - PKCS11_find_certificate@LIBP11_3 0.4.4 - PKCS11_find_key@LIBP11_3 0.4.4 - PKCS11_find_next_token@LIBP11_3 0.4.9 - PKCS11_find_token@LIBP11_3 0.4.4 - PKCS11_generate_key@LIBP11_3 0.4.4 - PKCS11_generate_random@LIBP11_3 0.4.4 - PKCS11_get_ec_key_method@LIBP11_3 0.4.4 - PKCS11_get_ecdh_method@LIBP11_3 0.4.4 - PKCS11_get_ecdsa_method@LIBP11_3 0.4.4 - PKCS11_get_key_exponent@LIBP11_3 0.4.4 - PKCS11_get_key_modulus@LIBP11_3 0.4.4 - PKCS11_get_key_size@LIBP11_3 0.4.4 - PKCS11_get_key_type@LIBP11_3 0.4.4 - PKCS11_get_private_key@LIBP11_3 0.4.4 - PKCS11_get_public_key@LIBP11_3 0.4.4 - PKCS11_get_rsa_method@LIBP11_3 0.4.4 - PKCS11_get_slotid_from_slot@LIBP11_3 0.4.4 - PKCS11_init_pin@LIBP11_3 0.4.4 - PKCS11_init_token@LIBP11_3 0.4.4 - PKCS11_is_logged_in@LIBP11_3 0.4.4 - PKCS11_login@LIBP11_3 0.4.4 - PKCS11_logout@LIBP11_3 0.4.4 - PKCS11_open_session@LIBP11_3 0.4.4 - PKCS11_pkey_meths@LIBP11_3 0.4.9 - PKCS11_private_decrypt@LIBP11_3 0.4.4 - PKCS11_private_encrypt@LIBP11_3 0.4.4 - PKCS11_release_all_slots@LIBP11_3 0.4.4 - PKCS11_remove_certificate@LIBP11_3 0.4.9 - PKCS11_remove_key@LIBP11_3 0.4.9 - PKCS11_seed_random@LIBP11_3 0.4.4 - PKCS11_set_ui_method@LIBP11_3 0.4.4 - PKCS11_sign@LIBP11_3 0.4.4 - PKCS11_store_certificate@LIBP11_3 0.4.4 - PKCS11_store_private_key@LIBP11_3 0.4.4 -
Bug#1062563: libp11: NMU diff for 64-bit time_t transition
Source: libp11 Version: 0.4.12-1 Severity: serious Tags: patch pending Justification: library ABI skew on upgrade User: debian-...@lists.debian.org Usertags: time-t NOTICE: these changes must not be uploaded to unstable yet! Dear maintainer, As part of the 64-bit time_t transition required to support 32-bit architectures in 2038 and beyond (https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified libp11 as a source package shipping runtime libraries whose ABI either is affected by the change in size of time_t, or could not be analyzed via abi-compliance-checker (and therefore to be on the safe side we assume is affected). To ensure that inconsistent combinations of libraries with their reverse-dependencies are never installed together, it is necessary to have a library transition, which is most easily done by renaming the runtime library package. Since turning on 64-bit time_t is being handled centrally through a change to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is important that libraries affected by this ABI change all be uploaded close together in time. Therefore I have prepared a 0-day NMU for libp11 which will initially be uploaded to experimental if possible, then to unstable after packages have cleared binary NEW. Please find the patch for this NMU attached. If you have any concerns about this patch, please reach out ASAP. Although this package will be uploaded to experimental immediately, there will be a period of several days before we begin uploads to unstable; so if information becomes available that your package should not be included in the transition, there is time for us to amend the planned uploads. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) diff -Nru libp11-0.4.12/debian/changelog libp11-0.4.12/debian/changelog --- libp11-0.4.12/debian/changelog 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/changelog 2024-02-01 23:04:35.0 + @@ -1,3 +1,10 @@ +libp11 (0.4.12-1.1) experimental; urgency=medium + + * Non-maintainer upload. + * Rename libraries for 64-bit time_t transition. + + -- Steve Langasek Thu, 01 Feb 2024 23:04:35 + + libp11 (0.4.12-1) unstable; urgency=medium * Team upload diff -Nru libp11-0.4.12/debian/control libp11-0.4.12/debian/control --- libp11-0.4.12/debian/control2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/control2024-02-01 23:04:35.0 + @@ -16,7 +16,7 @@ Package: libp11-dev Architecture: any -Depends: libp11-3 (= ${binary:Version}), +Depends: libp11-3t64 (= ${binary:Version}), libssl-dev, pkg-config, ${misc:Depends} @@ -28,14 +28,15 @@ . This package contains the header files and static libraries. -Package: libp11-3 +Package: libp11-3t64 +Provides: ${t64:Provides} Architecture: any Multi-Arch: same Section: libs Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} -Breaks: libp11-2 -Replaces: libp11-2 +Breaks: libp11-3 (<< ${source:Version}), libp11-2 +Replaces: libp11-3, libp11-2 Description: pkcs#11 convenience library Libp11 is a library to simplify using smart cards via PKCS#11 modules. It was spun of the OpenSC project but can be used with any diff -Nru libp11-0.4.12/debian/libp11-3.install libp11-0.4.12/debian/libp11-3.install --- libp11-0.4.12/debian/libp11-3.install 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/libp11-3.install 1970-01-01 00:00:00.0 + @@ -1 +0,0 @@ -debian/tmp/usr/lib/*/libp11*.so.* diff -Nru libp11-0.4.12/debian/libp11-3.symbols libp11-0.4.12/debian/libp11-3.symbols --- libp11-0.4.12/debian/libp11-3.symbols 2023-08-21 12:21:43.0 + +++ libp11-0.4.12/debian/libp11-3.symbols 1970-01-01 00:00:00.0 + @@ -1,52 +0,0 @@ -libp11.so.3 libp11-3 #MINVER# - ERR_get_CKR_code@LIBP11_3 0.4.9 - ERR_load_PKCS11_strings@LIBP11_3 0.4.4 - LIBP11_3@LIBP11_3 0.4.4 - PKCS11_CTX_free@LIBP11_3 0.4.4 - PKCS11_CTX_init_args@LIBP11_3 0.4.4 - PKCS11_CTX_load@LIBP11_3 0.4.4 - PKCS11_CTX_new@LIBP11_3 0.4.4 - PKCS11_CTX_unload@LIBP11_3 0.4.4 - PKCS11_change_pin@LIBP11_3 0.4.4 - PKCS11_ecdsa_method_free@LIBP11_3 0.4.4 - PKCS11_enumerate_certs@LIBP11_3 0.4.4 - PKCS11_enumerate_keys@LIBP11_3 0.4.4 - PKCS11_enumerate_public_keys@LIBP11_3 0.4.4 - PKCS11_enumerate_slots@LIBP11_3 0.4.4 - PKCS11_find_certificate@LIBP11_3 0.4.4 - PKCS11_find_key@LIBP11_3 0.4.4 - PKCS11_find_next_token@LIBP11_3 0.4.9 - PKCS11_find_token@LIBP11_3 0.4.4 - PKCS11_generate_key@LIBP11_3 0.4.4 - PKCS11_generate_random@LIBP11_3