Source: libretls Version: 3.8.1-2 Severity: serious Tags: patch pending Justification: library ABI skew on upgrade User: debian-...@lists.debian.org Usertags: time-t
NOTICE: these changes must not be uploaded to unstable yet! Dear maintainer, As part of the 64-bit time_t transition required to support 32-bit architectures in 2038 and beyond (https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified libretls as a source package shipping runtime libraries whose ABI either is affected by the change in size of time_t, or could not be analyzed via abi-compliance-checker (and therefore to be on the safe side we assume is affected). To ensure that inconsistent combinations of libraries with their reverse-dependencies are never installed together, it is necessary to have a library transition, which is most easily done by renaming the runtime library package. Since turning on 64-bit time_t is being handled centrally through a change to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is important that libraries affected by this ABI change all be uploaded close together in time. Therefore I have prepared a 0-day NMU for libretls which will initially be uploaded to experimental if possible, then to unstable after packages have cleared binary NEW. Please find the patch for this NMU attached. If you have any concerns about this patch, please reach out ASAP. Although this package will be uploaded to experimental immediately, there will be a period of several days before we begin uploads to unstable; so if information becomes available that your package should not be included in the transition, there is time for us to amend the planned uploads. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
diff -Nru libretls-3.8.1/debian/changelog libretls-3.8.1/debian/changelog --- libretls-3.8.1/debian/changelog 2023-10-19 09:28:09.000000000 +0000 +++ libretls-3.8.1/debian/changelog 2024-02-02 05:44:34.000000000 +0000 @@ -1,3 +1,10 @@ +libretls (3.8.1-2.1) experimental; urgency=medium + + * Non-maintainer upload. + * Rename libraries for 64-bit time_t transition. + + -- Steve Langasek <vor...@debian.org> Fri, 02 Feb 2024 05:44:34 +0000 + libretls (3.8.1-2) unstable; urgency=medium * Reupload to unstable. diff -Nru libretls-3.8.1/debian/control libretls-3.8.1/debian/control --- libretls-3.8.1/debian/control 2023-10-14 17:04:21.000000000 +0000 +++ libretls-3.8.1/debian/control 2024-02-02 05:44:34.000000000 +0000 @@ -10,7 +10,10 @@ Vcs-Git: https://salsa.debian.org/md/libretls.git Vcs-Browser: https://salsa.debian.org/md/libretls -Package: libtls28 +Package: libtls28t64 +Provides: ${t64:Provides} +Replaces: libtls28 +Breaks: libtls28 (<< ${source:Version}) Section: libs Architecture: any Multi-Arch: same diff -Nru libretls-3.8.1/debian/libtls28.symbols libretls-3.8.1/debian/libtls28.symbols --- libretls-3.8.1/debian/libtls28.symbols 2023-10-14 17:04:27.000000000 +0000 +++ libretls-3.8.1/debian/libtls28.symbols 1970-01-01 00:00:00.000000000 +0000 @@ -1,93 +0,0 @@ -libtls.so.28 libtls28 #MINVER# - tls_accept_cbs@Base 3.5.0 - tls_accept_fds@Base 3.5.0 - tls_accept_socket@Base 3.5.0 - tls_client@Base 3.5.0 - tls_close@Base 3.5.0 - tls_config_add_keypair_file@Base 3.5.0 - tls_config_add_keypair_mem@Base 3.5.0 - tls_config_add_keypair_ocsp_file@Base 3.5.0 - tls_config_add_keypair_ocsp_mem@Base 3.5.0 - tls_config_add_ticket_key@Base 3.5.0 - tls_config_clear_keys@Base 3.5.0 - tls_config_error@Base 3.5.0 - tls_config_free@Base 3.5.0 - tls_config_insecure_noverifycert@Base 3.5.0 - tls_config_insecure_noverifyname@Base 3.5.0 - tls_config_insecure_noverifytime@Base 3.5.0 - tls_config_new@Base 3.5.0 - tls_config_ocsp_require_stapling@Base 3.5.0 - tls_config_parse_protocols@Base 3.5.0 - tls_config_prefer_ciphers_client@Base 3.5.0 - tls_config_prefer_ciphers_server@Base 3.5.0 - tls_config_set_alpn@Base 3.5.0 - tls_config_set_ca_file@Base 3.5.0 - tls_config_set_ca_mem@Base 3.5.0 - tls_config_set_ca_path@Base 3.5.0 - tls_config_set_cert_file@Base 3.5.0 - tls_config_set_cert_mem@Base 3.5.0 - tls_config_set_ciphers@Base 3.5.0 - tls_config_set_crl_file@Base 3.5.0 - tls_config_set_crl_mem@Base 3.5.0 - tls_config_set_dheparams@Base 3.5.0 - tls_config_set_ecdhecurve@Base 3.5.0 - tls_config_set_ecdhecurves@Base 3.5.0 - tls_config_set_key_file@Base 3.5.0 - tls_config_set_key_mem@Base 3.5.0 - tls_config_set_keypair_file@Base 3.5.0 - tls_config_set_keypair_mem@Base 3.5.0 - tls_config_set_keypair_ocsp_file@Base 3.5.0 - tls_config_set_keypair_ocsp_mem@Base 3.5.0 - tls_config_set_ocsp_staple_file@Base 3.5.0 - tls_config_set_ocsp_staple_mem@Base 3.5.0 - tls_config_set_protocols@Base 3.5.0 - tls_config_set_session_fd@Base 3.5.0 - tls_config_set_session_id@Base 3.5.0 - tls_config_set_session_lifetime@Base 3.5.0 - tls_config_set_verify_depth@Base 3.5.0 - tls_config_skip_private_key_check@Base 3.5.0 - tls_config_use_fake_private_key@Base 3.5.0 - tls_config_verify@Base 3.5.0 - tls_config_verify_client@Base 3.5.0 - tls_config_verify_client_optional@Base 3.5.0 - tls_configure@Base 3.5.0 - tls_conn_alpn_selected@Base 3.5.0 - tls_conn_cipher@Base 3.5.0 - tls_conn_cipher_strength@Base 3.5.0 - tls_conn_servername@Base 3.5.0 - tls_conn_session_resumed@Base 3.5.0 - tls_conn_version@Base 3.5.0 - tls_connect@Base 3.5.0 - tls_connect_cbs@Base 3.5.0 - tls_connect_fds@Base 3.5.0 - tls_connect_servername@Base 3.5.0 - tls_connect_socket@Base 3.5.0 - tls_default_ca_cert_file@Base 3.5.0 - tls_error@Base 3.5.0 - tls_free@Base 3.5.0 - tls_handshake@Base 3.5.0 - tls_init@Base 3.5.0 - tls_load_file@Base 3.5.0 - tls_ocsp_process_response@Base 3.5.0 - tls_peer_cert_chain_pem@Base 3.5.0 - tls_peer_cert_contains_name@Base 3.5.0 - tls_peer_cert_hash@Base 3.5.0 - tls_peer_cert_issuer@Base 3.5.0 - tls_peer_cert_notafter@Base 3.5.0 - tls_peer_cert_notbefore@Base 3.5.0 - tls_peer_cert_provided@Base 3.5.0 - tls_peer_cert_subject@Base 3.5.0 - tls_peer_ocsp_cert_status@Base 3.5.0 - tls_peer_ocsp_crl_reason@Base 3.5.0 - tls_peer_ocsp_next_update@Base 3.5.0 - tls_peer_ocsp_response_status@Base 3.5.0 - tls_peer_ocsp_result@Base 3.5.0 - tls_peer_ocsp_revocation_time@Base 3.5.0 - tls_peer_ocsp_this_update@Base 3.5.0 - tls_peer_ocsp_url@Base 3.5.0 - tls_read@Base 3.5.0 - tls_reset@Base 3.5.0 - tls_server@Base 3.5.0 - tls_unload_file@Base 3.5.0 - tls_write@Base 3.5.0 -* Build-Depends-Package: libtls-dev diff -Nru libretls-3.8.1/debian/libtls28t64.lintian-overrides libretls-3.8.1/debian/libtls28t64.lintian-overrides --- libretls-3.8.1/debian/libtls28t64.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ libretls-3.8.1/debian/libtls28t64.lintian-overrides 2024-02-02 05:44:34.000000000 +0000 @@ -0,0 +1 @@ +libtls28t64: package-name-doesnt-match-sonames libtls28 diff -Nru libretls-3.8.1/debian/libtls28t64.symbols libretls-3.8.1/debian/libtls28t64.symbols --- libretls-3.8.1/debian/libtls28t64.symbols 1970-01-01 00:00:00.000000000 +0000 +++ libretls-3.8.1/debian/libtls28t64.symbols 2024-02-02 05:44:34.000000000 +0000 @@ -0,0 +1,93 @@ +libtls.so.28 libtls28t64 #MINVER# + tls_accept_cbs@Base 3.5.0 + tls_accept_fds@Base 3.5.0 + tls_accept_socket@Base 3.5.0 + tls_client@Base 3.5.0 + tls_close@Base 3.5.0 + tls_config_add_keypair_file@Base 3.5.0 + tls_config_add_keypair_mem@Base 3.5.0 + tls_config_add_keypair_ocsp_file@Base 3.5.0 + tls_config_add_keypair_ocsp_mem@Base 3.5.0 + tls_config_add_ticket_key@Base 3.5.0 + tls_config_clear_keys@Base 3.5.0 + tls_config_error@Base 3.5.0 + tls_config_free@Base 3.5.0 + tls_config_insecure_noverifycert@Base 3.5.0 + tls_config_insecure_noverifyname@Base 3.5.0 + tls_config_insecure_noverifytime@Base 3.5.0 + tls_config_new@Base 3.5.0 + tls_config_ocsp_require_stapling@Base 3.5.0 + tls_config_parse_protocols@Base 3.5.0 + tls_config_prefer_ciphers_client@Base 3.5.0 + tls_config_prefer_ciphers_server@Base 3.5.0 + tls_config_set_alpn@Base 3.5.0 + tls_config_set_ca_file@Base 3.5.0 + tls_config_set_ca_mem@Base 3.5.0 + tls_config_set_ca_path@Base 3.5.0 + tls_config_set_cert_file@Base 3.5.0 + tls_config_set_cert_mem@Base 3.5.0 + tls_config_set_ciphers@Base 3.5.0 + tls_config_set_crl_file@Base 3.5.0 + tls_config_set_crl_mem@Base 3.5.0 + tls_config_set_dheparams@Base 3.5.0 + tls_config_set_ecdhecurve@Base 3.5.0 + tls_config_set_ecdhecurves@Base 3.5.0 + tls_config_set_key_file@Base 3.5.0 + tls_config_set_key_mem@Base 3.5.0 + tls_config_set_keypair_file@Base 3.5.0 + tls_config_set_keypair_mem@Base 3.5.0 + tls_config_set_keypair_ocsp_file@Base 3.5.0 + tls_config_set_keypair_ocsp_mem@Base 3.5.0 + tls_config_set_ocsp_staple_file@Base 3.5.0 + tls_config_set_ocsp_staple_mem@Base 3.5.0 + tls_config_set_protocols@Base 3.5.0 + tls_config_set_session_fd@Base 3.5.0 + tls_config_set_session_id@Base 3.5.0 + tls_config_set_session_lifetime@Base 3.5.0 + tls_config_set_verify_depth@Base 3.5.0 + tls_config_skip_private_key_check@Base 3.5.0 + tls_config_use_fake_private_key@Base 3.5.0 + tls_config_verify@Base 3.5.0 + tls_config_verify_client@Base 3.5.0 + tls_config_verify_client_optional@Base 3.5.0 + tls_configure@Base 3.5.0 + tls_conn_alpn_selected@Base 3.5.0 + tls_conn_cipher@Base 3.5.0 + tls_conn_cipher_strength@Base 3.5.0 + tls_conn_servername@Base 3.5.0 + tls_conn_session_resumed@Base 3.5.0 + tls_conn_version@Base 3.5.0 + tls_connect@Base 3.5.0 + tls_connect_cbs@Base 3.5.0 + tls_connect_fds@Base 3.5.0 + tls_connect_servername@Base 3.5.0 + tls_connect_socket@Base 3.5.0 + tls_default_ca_cert_file@Base 3.5.0 + tls_error@Base 3.5.0 + tls_free@Base 3.5.0 + tls_handshake@Base 3.5.0 + tls_init@Base 3.5.0 + tls_load_file@Base 3.5.0 + tls_ocsp_process_response@Base 3.5.0 + tls_peer_cert_chain_pem@Base 3.5.0 + tls_peer_cert_contains_name@Base 3.5.0 + tls_peer_cert_hash@Base 3.5.0 + tls_peer_cert_issuer@Base 3.5.0 + tls_peer_cert_notafter@Base 3.5.0 + tls_peer_cert_notbefore@Base 3.5.0 + tls_peer_cert_provided@Base 3.5.0 + tls_peer_cert_subject@Base 3.5.0 + tls_peer_ocsp_cert_status@Base 3.5.0 + tls_peer_ocsp_crl_reason@Base 3.5.0 + tls_peer_ocsp_next_update@Base 3.5.0 + tls_peer_ocsp_response_status@Base 3.5.0 + tls_peer_ocsp_result@Base 3.5.0 + tls_peer_ocsp_revocation_time@Base 3.5.0 + tls_peer_ocsp_this_update@Base 3.5.0 + tls_peer_ocsp_url@Base 3.5.0 + tls_read@Base 3.5.0 + tls_reset@Base 3.5.0 + tls_server@Base 3.5.0 + tls_unload_file@Base 3.5.0 + tls_write@Base 3.5.0 +* Build-Depends-Package: libtls-dev diff -Nru libretls-3.8.1/debian/rules libretls-3.8.1/debian/rules --- libretls-3.8.1/debian/rules 2023-10-14 16:59:28.000000000 +0000 +++ libretls-3.8.1/debian/rules 2024-02-02 05:44:34.000000000 +0000 @@ -2,7 +2,7 @@ export DEB_BUILD_MAINT_OPTIONS=hardening=+all future=+lfs export DPKG_GENSYMBOLS_CHECK_LEVEL=4 -LIB_PKG := $(shell sed -nre '/^Package: libtls[0-9]+$$/s/^Package: //p' < debian/control) +LIB_PKG := $(shell sed -nre '/^Package: libtls[0-9]+/s/^Package: //p' < debian/control) D := $(CURDIR)/debian/$(LIB_PKG) DD := $(CURDIR)/debian/libtls-dev
