[Debian-med-packaging] Bug#969597: libzstd: Please correct version in symbol file
Stephen Kitt
skitt at debian.org
Fri Feb 26 14:42:03 GMT 2021
Control: severity -1 important
On Wed, 27 Jan 2021 20:14:22 +0100, Stephen Kitt <skitt at debian.org> wrote:
> On Mon, 25 Jan 2021 23:20:37 +0100, Sebastian Andrzej Siewior
> <sebastian at breakpoint.cc> wrote:
> > On 2021-01-25 22:59:08 [+0100], Stephen Kitt wrote:
> > > That was no doubt the intention, however in practice the symbol
> > > visibility wasn’t as expected: looking at the .so build in version
> > > 1.3.8, common/pool.c includes common/zstd_internal.h which defines
> > > ZSTD_STATIC_LINKING_ONLY before including zstd.h, and as a result the
> > > symbols are visible.
> > >
> > > (It’s unfortunate that the build hides the exact commands used, so
> > > they’re not visible in the build logs, but that’s another issue. Easy
> > > enough to fix in a local build to see exactly what’s going on...)
> > >
> > > So the cat is out of the bag, and the symbols are present and visible
> > > in the .so. The symbols file is generated and only reflects the
> > > reality of what is present in the file (apart from the version numbers
> > > which are added manually).
> >
> > I opened the bug because I couldn't use these symbols in Buster's zstd
> > but had to use bpo instead. rsync is meanwhile available in bpo and
> > pulls-in the libzstd from bpo which is good.
> >
> > I have no idea what should be done here to close this properly.
>
> I think the best fix at this point will be to bump the versions in the
> symbols file to match the intention, and then binNMU all the packages with a
> dependency on (>= 1.3.8) so that they get fixed to (>= 1.4.0) if
> appropriate.
I’ve been working on improving this, but ultimately I think a symbols file
isn’t currently appropriate for libzstd in Debian (see
https://github.com/facebook/zstd/pull/2501 for the discussion with upstream).
I’m going to file an unblock request to discuss this with the release team;
my plan now is to NMU the package, dropping the symbols file and adjusting
the shlibs file, and then requesting rebuilds of all packages with
insufficient dependencies.
Regards,
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20210226/001419cd/attachment.sig>
More information about the Debian-med-packaging
mailing list