[Pkg-openssl-devel] Bug#1064264: openssl: NMU diff for 64-bit time_t transition

Steve Langasek vorlon at debian.org
Mon Feb 19 07:29:55 GMT 2024 

Source: openssl
Version: 3.1.5-1
Severity: important
Tags: patch pending sid trixie
User: debian-arm at lists.debian.org
Usertags: time-t

NOTICE: these changes must not be uploaded to unstable yet!

Dear maintainer,

As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
openssl as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).

To ensure that inconsistent combinations of libraries with their
reverse-dependencies are never installed together, it is necessary to
have a library transition, which is most easily done by renaming the
runtime library package.

Since turning on 64-bit time_t is being handled centrally through a change
to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is
important that libraries affected by this ABI change all be uploaded close
together in time.  Therefore I have prepared a 0-day NMU for openssl
which will initially be uploaded to experimental if possible, then to
unstable after packages have cleared binary NEW.

Please find the patch for this NMU attached.

If you have any concerns about this patch, please reach out ASAP.  Although
this package will be uploaded to experimental immediately, there will be a
period of several days before we begin uploads to unstable; so if information
becomes available that your package should not be included in the transition,
there is time for us to amend the planned uploads.



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
diff -Nru openssl-3.1.5/debian/changelog openssl-3.1.5/debian/changelog
--- openssl-3.1.5/debian/changelog	2024-02-03 16:11:24.000000000 +0000
+++ openssl-3.1.5/debian/changelog	2024-02-19 07:06:24.000000000 +0000
@@ -1,3 +1,10 @@
+openssl (3.1.5-1.1) experimental; urgency=medium
+
+  * Non-maintainer upload.
+  * Rename libraries for 64-bit time_t transition.
+
+ -- Steve Langasek <vorlon at debian.org>  Mon, 19 Feb 2024 07:06:24 +0000
+
 openssl (3.1.5-1) unstable; urgency=medium
 
   * Import 3.1.5
diff -Nru openssl-3.1.5/debian/control openssl-3.1.5/debian/control
--- openssl-3.1.5/debian/control	2024-02-03 16:00:20.000000000 +0000
+++ openssl-3.1.5/debian/control	2024-02-19 07:06:24.000000000 +0000
@@ -29,11 +29,13 @@
   * testing SSL/TLS clients and servers;
   * handling S/MIME signed or encrypted mail.
 
-Package: libssl3
+Package: libssl3t64
+Provides: ${t64:Provides}
+Replaces: libssl3
 Section: libs
 Architecture: any
 Multi-Arch: same
-Breaks: openssh-client (<< 1:9.4p1), openssh-server (<< 1:9.4p1), python3-m2crypto (<< 0.38.0-4)
+Breaks: libssl3 (<< ${source:Version}), openssh-client (<< 1:9.4p1), openssh-server (<< 1:9.4p1), python3-m2crypto (<< 0.38.0-4)
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: Secure Sockets Layer toolkit - shared libraries
@@ -73,7 +75,7 @@
 Architecture: any
 Multi-Arch: same
 Suggests: libssl-doc
-Depends: libssl3 (= ${binary:Version}), ${misc:Depends}
+Depends: libssl3t64 (= ${binary:Version}), ${misc:Depends}
 Description: Secure Sockets Layer toolkit - development files
  This package is part of the OpenSSL project's implementation of the SSL
  and TLS cryptographic protocols for secure communication over the
diff -Nru openssl-3.1.5/debian/libssl3.NEWS openssl-3.1.5/debian/libssl3.NEWS
--- openssl-3.1.5/debian/libssl3.NEWS	2024-02-03 16:00:20.000000000 +0000
+++ openssl-3.1.5/debian/libssl3.NEWS	1970-01-01 00:00:00.000000000 +0000
@@ -1,8 +0,0 @@
-libssl3 (3.1.4-2) unstable; urgency=medium
-
-  TLSv1.0, TLSv1.1 and DTLS 1.0 work only at security level 0 (it was
-  previously allowed at security level 0). If you are still using them, you
-  need lower security level (via CipherString = DEFAULT:@SECLEVEL=0)
-  additionally to the MinProtocol setting.
-
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc>  Sat, 25 Nov 2023 21:29:39 +0100
diff -Nru openssl-3.1.5/debian/libssl3.dirs openssl-3.1.5/debian/libssl3.dirs
--- openssl-3.1.5/debian/libssl3.dirs	2024-02-03 16:00:20.000000000 +0000
+++ openssl-3.1.5/debian/libssl3.dirs	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-usr/share/doc/libssl3
diff -Nru openssl-3.1.5/debian/libssl3.install openssl-3.1.5/debian/libssl3.install
--- openssl-3.1.5/debian/libssl3.install	2024-02-03 16:00:20.000000000 +0000
+++ openssl-3.1.5/debian/libssl3.install	1970-01-01 00:00:00.000000000 +0000
@@ -1,3 +0,0 @@
-usr/lib/*/*.so.*
-usr/lib/*/engines-*/*.so
-usr/lib/*/ossl-modules/*.so
diff -Nru openssl-3.1.5/debian/libssl3.symbols openssl-3.1.5/debian/libssl3.symbols
--- openssl-3.1.5/debian/libssl3.symbols	2024-02-03 16:00:20.000000000 +0000
+++ openssl-3.1.5/debian/libssl3.symbols	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-libcrypto.so.3 libssl3 #MINVER#
-* Build-Depends-Package: libssl-dev
- *@OPENSSL_3.0.0 3.0.0
- *@OPENSSL_3.0.3 3.0.3
- *@OPENSSL_3.0.8 3.0.8
- *@OPENSSL_3.0.9 3.0.9
- *@OPENSSL_3.1.0 3.1.0
-libssl.so.3 libssl3 #MINVER#
-* Build-Depends-Package: libssl-dev
- *@OPENSSL_3.0.0 3.0.0
diff -Nru openssl-3.1.5/debian/libssl3t64.NEWS openssl-3.1.5/debian/libssl3t64.NEWS
--- openssl-3.1.5/debian/libssl3t64.NEWS	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.1.5/debian/libssl3t64.NEWS	2024-02-03 16:00:20.000000000 +0000
@@ -0,0 +1,8 @@
+libssl3 (3.1.4-2) unstable; urgency=medium
+
+  TLSv1.0, TLSv1.1 and DTLS 1.0 work only at security level 0 (it was
+  previously allowed at security level 0). If you are still using them, you
+  need lower security level (via CipherString = DEFAULT:@SECLEVEL=0)
+  additionally to the MinProtocol setting.
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc>  Sat, 25 Nov 2023 21:29:39 +0100
diff -Nru openssl-3.1.5/debian/libssl3t64.dirs openssl-3.1.5/debian/libssl3t64.dirs
--- openssl-3.1.5/debian/libssl3t64.dirs	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.1.5/debian/libssl3t64.dirs	2024-02-03 16:00:20.000000000 +0000
@@ -0,0 +1 @@
+usr/share/doc/libssl3
diff -Nru openssl-3.1.5/debian/libssl3t64.install openssl-3.1.5/debian/libssl3t64.install
--- openssl-3.1.5/debian/libssl3t64.install	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.1.5/debian/libssl3t64.install	2024-02-03 16:00:20.000000000 +0000
@@ -0,0 +1,3 @@
+usr/lib/*/*.so.*
+usr/lib/*/engines-*/*.so
+usr/lib/*/ossl-modules/*.so
diff -Nru openssl-3.1.5/debian/libssl3t64.lintian-overrides openssl-3.1.5/debian/libssl3t64.lintian-overrides
--- openssl-3.1.5/debian/libssl3t64.lintian-overrides	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.1.5/debian/libssl3t64.lintian-overrides	2024-02-19 07:06:24.000000000 +0000
@@ -0,0 +1 @@
+libssl3t64: package-name-doesnt-match-sonames libssl3
diff -Nru openssl-3.1.5/debian/libssl3t64.symbols openssl-3.1.5/debian/libssl3t64.symbols
--- openssl-3.1.5/debian/libssl3t64.symbols	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.1.5/debian/libssl3t64.symbols	2024-02-19 07:06:24.000000000 +0000
@@ -0,0 +1,10 @@
+libcrypto.so.3 libssl3t64 #MINVER#
+* Build-Depends-Package: libssl-dev
+ *@OPENSSL_3.0.0 3.0.0
+ *@OPENSSL_3.0.3 3.0.3
+ *@OPENSSL_3.0.8 3.0.8
+ *@OPENSSL_3.0.9 3.0.9
+ *@OPENSSL_3.1.0 3.1.0
+libssl.so.3 libssl3 #MINVER#
+* Build-Depends-Package: libssl-dev
+ *@OPENSSL_3.0.0 3.0.0
diff -Nru openssl-3.1.5/debian/rules openssl-3.1.5/debian/rules
--- openssl-3.1.5/debian/rules	2024-02-03 16:00:20.000000000 +0000
+++ openssl-3.1.5/debian/rules	2024-02-19 07:06:24.000000000 +0000
@@ -151,5 +151,5 @@
 	dh_makeshlibs -a -V --add-udeb="libcrypto3-udeb" -Xengines -Xossl-modules -- -c4
 
 override_dh_shlibdeps:
-	sed -i '/^udeb: libssl/s/libcrypto3-udeb/libssl3-udeb/' debian/libssl3/DEBIAN/shlibs
-	dh_shlibdeps -a -L libssl3
+	sed -i '/^udeb: libssl/s/libcrypto3-udeb/libssl3-udeb/' debian/libssl3t64/DEBIAN/shlibs
+	dh_shlibdeps -a -L libssl3t64

More information about the Pkg-openssl-devel mailing list