[Syslog-ng-maintainers] Bug#1063077: syslog-ng: NMU diff for 64-bit time_t transition
Steve Langasek
vorlon at debian.org
Sun Feb 4 22:13:38 GMT 2024
Source: syslog-ng
Version: 1:5.107.0-1
Severity: serious
Tags: patch sid trixie
Justification: library ABI skew on upgrade
User: debian-arm at lists.debian.org
Usertags: time-t
Dear maintainers,
As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
syslog-ng as a source package shipping runtime libraries whose ABI could
not be analyzed via abi-compliance-checker (and therefore to be on the
safe side we assume is affected).
syslog-ng is an interesting case, because it has no reverse-dependencies
in the archive aside from modules built from the same source package; but
it has a shlibs file declaring no version information at all, so any
external package that *did* build-depend on syslog-ng-dev is sure to get
incomplete runtime dependencies allowing for ABI skew. Furthermore, the
module packages built from the source get a dependency on:
syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
This for some reason assumes that there can never be ABI skew introduced by
a binNMU. But if the ABI of the libraries in syslog-ng-core are affected by
64-bit time_t, and syslog-ng gets binNMUed, that's exactly what would happen!
So I think it's simply better to have strict versioned dependencies in
the shlibs as in the attached patch, which then makes the hard-coded
dependencies in debian/control unnecessary, allowing you to simplify the
package somewhat.
Since there are no external reverse-dependencies and no package renames
are required here, I do not intend to upload any NMUs for this. But I
suggest applying the attached patch all the same, to guard against any
breakage due to binNMUs.
If you do not apply this patch, then because syslog-ng depends on at
least one library that is being renamed for the time_t transition
(libssl3), syslog-ng WILL be binNMUed, so if the syslog-ng-core ABI *is*
affected by time_t (which, again, we don't know for sure), there WILL be
ABI skew and packages could break at runtime due to insufficiently strict
dependencies. I therefore recommend that you apply this patch, which is safe
to apply immediately without waiting for dpkg changes, just to be safe.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
diff -Nru syslog-ng-3.38.1/debian/changelog syslog-ng-3.38.1/debian/changelog
--- syslog-ng-3.38.1/debian/changelog 2023-01-30 18:18:56.000000000 +0000
+++ syslog-ng-3.38.1/debian/changelog 2024-02-04 21:35:03.000000000 +0000
@@ -1,3 +1,15 @@
+syslog-ng (3.38.1-5.1) experimental; urgency=medium
+
+ * Non-maintainer upload.
+ * Adjust shlibs for syslog-ng-core to use a strict versioned depends;
+ previously, modules used >=, << dependencies which did not account for
+ the possibility of ABI skew in a binNMU, which is exactly what happens
+ with the 64-bit time_t transition.
+ * Drop hard-coded dependency rules on syslog-ng-core from modules
+ packages, now redundant.
+
+ -- Steve Langasek <vorlon at debian.org> Sun, 04 Feb 2024 21:35:03 +0000
+
syslog-ng (3.38.1-5) unstable; urgency=medium
* Build without Criterion support.
diff -Nru syslog-ng-3.38.1/debian/control syslog-ng-3.38.1/debian/control
--- syslog-ng-3.38.1/debian/control 2023-01-30 18:18:56.000000000 +0000
+++ syslog-ng-3.38.1/debian/control 2024-02-04 21:32:59.000000000 +0000
@@ -150,7 +150,7 @@
Package: syslog-ng-mod-mongodb
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: mongodb-server
Description: Enhanced system logging daemon (MongoDB plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
@@ -174,7 +174,7 @@
Package: syslog-ng-mod-sql
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: libdbd-mysql, libdbd-pgsql, libdbd-sqlite3
Description: Enhanced system logging daemon (SQL plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
@@ -199,7 +199,7 @@
Package: syslog-ng-mod-smtp
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (SMTP plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
@@ -222,7 +222,7 @@
Package: syslog-ng-mod-amqp
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: rabbitmq-server
Description: Enhanced system logging daemon (AMQP plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
@@ -246,7 +246,7 @@
Package: syslog-ng-mod-geoip2
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Provides: syslog-ng-mod-geoip
Replaces: syslog-ng-mod-geoip (<< 3.25.1~)
Breaks: syslog-ng-mod-geoip (<< 3.25.1~)
@@ -273,7 +273,7 @@
Package: syslog-ng-mod-redis
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (Redis plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
@@ -296,7 +296,7 @@
Package: syslog-ng-mod-stomp
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: activemq
Description: Enhanced system logging daemon (STOMP plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
@@ -320,7 +320,7 @@
Package: syslog-ng-mod-riemann
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (Riemann destination)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
@@ -343,7 +343,7 @@
Package: syslog-ng-mod-graphite
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: graphite-web
Description: Enhanced system logging daemon (graphite plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
@@ -368,7 +368,7 @@
Package: syslog-ng-mod-python
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}
XB-Python-Version: ${python:Versions}
Description: Enhanced system logging daemon (Python plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
@@ -392,7 +392,7 @@
Package: syslog-ng-mod-add-contextual-data
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (add-contextual-data plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
@@ -420,7 +420,7 @@
Package: syslog-ng-mod-stardate
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (stardate plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
@@ -444,7 +444,7 @@
Package: syslog-ng-mod-snmp
Architecture: linux-any hurd-i386
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Replaces: syslog-ng-mod-snmptrapd-parser (<< 3.27.1~)
Breaks: syslog-ng-mod-snmptrapd-parser (<< 3.27.1~)
Description: Enhanced system logging daemon (SNMP plugin)
@@ -469,7 +469,7 @@
Package: syslog-ng-mod-xml-parser
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (xml parser plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
@@ -492,7 +492,7 @@
Package: syslog-ng-mod-http
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Replaces: syslog-ng-core (<< 3.26.1~)
Breaks: syslog-ng-core (<< 3.26.1~)
Description: Enhanced system logging daemon (HTTP destination)
@@ -517,7 +517,7 @@
Package: syslog-ng-mod-rdkafka
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (Kafka destination, based on librdkafka)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
@@ -548,7 +548,7 @@
Package: syslog-ng-scl
Architecture: all
Multi-Arch: foreign
-Depends: ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${misc:Depends}
Provides: syslog-ng-mod-extra
Replaces: syslog-ng-mod-extra (<< 3.38.1~), syslog-ng-core (<< 3.38.1~), syslog-ng-mod-graphite (<< 3.38.1~), syslog-ng-mod-rdkafka (<< 3.38.1~), syslog-ng-mod-snmp (<< 3.38.1~)
Breaks: syslog-ng-mod-extra (<< 3.38.1~), syslog-ng-core (<< 3.38.1~), syslog-ng-mod-graphite (<< 3.38.1~), syslog-ng-mod-rdkafka (<< 3.38.1~), syslog-ng-mod-snmp (<< 3.38.1~)
@@ -574,7 +574,7 @@
Package: syslog-ng-mod-examples
Architecture: any
Multi-Arch: foreign
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (example plugins)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
@@ -598,7 +598,7 @@
Multi-Arch: foreign
Replaces: syslog-ng-core (<< 3.28.1~)
Breaks: syslog-ng-core (<< 3.28.1~)
-Depends: ${shlibs:Depends}, ${misc:Depends}, syslog-ng-core (>= ${source:Version}), syslog-ng-core (<< ${source:Version}.1~)
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Enhanced system logging daemon (secure logging plugin)
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
diff -Nru syslog-ng-3.38.1/debian/rules syslog-ng-3.38.1/debian/rules
--- syslog-ng-3.38.1/debian/rules 2022-09-21 20:41:47.000000000 +0000
+++ syslog-ng-3.38.1/debian/rules 2024-02-04 21:31:26.000000000 +0000
@@ -175,7 +175,7 @@
# shlibs file for that, shall we?
#
override_dh_makeshlibs:
- dh_makeshlibs -n -Xusr/lib/syslog-ng/${UMAJOR}
+ dh_makeshlibs -n -Xusr/lib/syslog-ng/${UMAJOR} -V 'syslog-ng-core (= $${binary:Version})'
# Since syslog-ng depends on all the modules, and syslog-ng-core
# suggests the same set, and modules can come and go as new versions
More information about the Syslog-ng-maintainers
mailing list