[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#854155: unblock: openssl/1.1.0d-2

On 2017-02-13 18:01:34 [+0100], Emilio Pozuelo Monfort wrote:
> On 04/02/17 15:20, Sebastian Andrzej Siewior wrote:
> > Package: release.debian.org
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > Severity: normal
> > 
> > Please unblock package openssl. It contains a redo of the rules file
> > among other packaging related changes which did not migrate in time due
> > to the new release of the d version which fixes 3 CVE bugs. The d-2
> > version fixes a regression discovered by perl and FTBFS of openssl
> > itself if arch-any and arch-all were built in one go.
> > 
> > unblock openssl/1.1.0d-2
> 
> That includes some changes we don't like during the freeze, but given those were
> done before the freeze and I wouldn't want them reverted this early in the
> freeze, I would be happy to unblock this... but can you attach a binary debdiff
> (e.g. debdiff an old and new .changes file) to make sure things are still
> looking good?

sure. I've build c-2 and d-2 with _all an amd64 in todays sid to get the
changes files and this the resulting debdiff:

[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second .changes but not in first
-----------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/2b/578462762f19aca2fce5f18f02136a0e040ffa.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/54/06ecde81b1cb2ef22ddd54e5dfe2e17a6484ce.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/83/ab63854f485098aabd85de0468f307bc3223e9.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/8a/753d613f23da52c564ce14f8dc406baaf34a8f.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/cd/a94b3e615e2dd7c14de4c2d600e020c765a6d3.debug
-rw-r--r--  root/root   /usr/share/doc/openssl/NEWS.Debian.gz
-rw-r--r--  root/root   /usr/share/lintian/overrides/openssl
-rw-r--r--  root/root   /usr/share/man/man3/X509_digest.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/doc/libssl1.1-dbgsym -> libssl1.1
lrwxrwxrwx  root/root   /usr/share/man/man3/BIO_callback_fn.3ssl.gz -> BIO_set_callback.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/BIO_callback_fn_ex.3ssl.gz -> BIO_set_callback.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/BIO_get_callback_ex.3ssl.gz -> BIO_set_callback.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/BIO_set_callback_ex.3ssl.gz -> BIO_set_callback.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/CRYPTO_secure_used.3ssl.gz -> OPENSSL_secure_malloc.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/DH_check_params.3ssl.gz -> DH_generate_parameters.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/ERR_FATAL_ERROR.3ssl.gz -> ERR_GET_LIB.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_PKEY_gen_cb.3ssl.gz -> EVP_PKEY_keygen.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_blake2b512.3ssl.gz -> EVP_DigestInit.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_blake2s256.3ssl.gz -> EVP_DigestInit.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_chacha20.3ssl.gz -> EVP_EncryptInit.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_chacha20_poly1305.3ssl.gz -> EVP_EncryptInit.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/GEN_SESSION_CB.3ssl.gz -> SSL_CTX_set_generate_session_id.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/PKCS7_ISSUER_AND_SERIAL_digest.3ssl.gz -> X509_digest.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/SSL_COMP_get0_name.3ssl.gz -> SSL_COMP_add_compression_method.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/SSL_COMP_get_compression_methods.3ssl.gz -> SSL_COMP_add_compression_method.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/SSL_COMP_get_id.3ssl.gz -> SSL_COMP_add_compression_method.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/SSL_verify_cb.3ssl.gz -> SSL_CTX_set_verify.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_CRL_digest.3ssl.gz -> X509_digest.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_NAME_digest.3ssl.gz -> X509_digest.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_REQ_digest.3ssl.gz -> X509_digest.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_cert_crl_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_check_crl_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_check_issued_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_check_policy_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_check_revocation_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_cleanup_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_get_crl_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_get_issuer_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_lookup_certs_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_lookup_crls_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_verify_cb.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_verify_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_VERIFY_PARAM_get_inh_flags.3ssl.gz -> X509_VERIFY_PARAM_set_flags.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_VERIFY_PARAM_get_time.3ssl.gz -> X509_VERIFY_PARAM_set_flags.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_VERIFY_PARAM_set_inh_flags.3ssl.gz -> X509_VERIFY_PARAM_set_flags.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/X509_pubkey_digest.3ssl.gz -> X509_digest.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/bio_info_cb.3ssl.gz -> BIO_ctrl.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/custom_ext_add_cb.3ssl.gz -> SSL_extension_supported.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/custom_ext_free_cb.3ssl.gz -> SSL_extension_supported.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/custom_ext_parse_cb.3ssl.gz -> SSL_extension_supported.3ssl.gz

Files in first .changes but not in second
-----------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/2e/654120e377732bb7baa4844a293a8c2a8f7ef6.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/48/89fe5f709c7ac9a051e6d9272f78b2c401a41e.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/b5/373c1c9c943b286a7c0ad89c999d99cf661ba6.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/e0/77880bcfafc5858ecdc1ba8b6fdd6d6810262c.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/ea/4ea23046691d372c8d4caa12b6f9d337355e8b.debug
-rw-r--r--  root/root   /usr/share/doc/libssl1.1-dbg/changelog.Debian.gz
-rw-r--r--  root/root   /usr/share/doc/libssl1.1-dbg/changelog.gz
-rw-r--r--  root/root   /usr/share/doc/libssl1.1-dbg/copyright
lrwxrwxrwx  root/root   /usr/share/man/man3/CYRPTO_secure_used.3ssl.gz -> OPENSSL_secure_malloc.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_blake2b_512.3ssl.gz -> EVP_DigestInit.3ssl.gz
lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_blake2s_256.3ssl.gz -> EVP_DigestInit.3ssl.gz

Control files of package libcrypto1.1-udeb: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Installed-Size: [-2620-] {+2628+}
Version: [-1.1.0c-2-] {+1.1.0d-2+}

Control files of package libssl-dev: lines which differ (wdiff format)
----------------------------------------------------------------------
Depends: libssl1.1 (= [-1.1.0c-2)-] {+1.1.0d-2)+}
Installed-Size: [-6858-] {+6871+}
Version: [-1.1.0c-2-] {+1.1.0d-2+}

Control files of package libssl-doc: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-4346-] {+4388+}
{+Multi-Arch: foreign+}
Version: [-1.1.0c-2-] {+1.1.0d-2+}

Control files of package libssl1.1: lines which differ (wdiff format)
---------------------------------------------------------------------
Installed-Size: [-3502-] {+3520+}
Version: [-1.1.0c-2-] {+1.1.0d-2+}

Control files of package libssl1.1-udeb: lines which differ (wdiff format)
--------------------------------------------------------------------------
Version: [-1.1.0c-2-] {+1.1.0d-2+}

Control files of package openssl: lines which differ (wdiff format)
-------------------------------------------------------------------
Depends: libc6 (>= 2.15), libssl1.1 (>= [-1.1.0)-] {+1.1.0), perl+}
Installed-Size: [-1248-] {+1255+}
Version: [-1.1.0c-2-] {+1.1.0d-2+}

Control files of package openssl-dbgsym: lines which differ (wdiff format)
--------------------------------------------------------------------------
Build-Ids: [-4889fe5f709c7ac9a051e6d9272f78b2c401a41e-] {+8a753d613f23da52c564ce14f8dc406baaf34a8f+}
Depends: openssl (= [-1.1.0c-2)-] {+1.1.0d-2)+}
Version: [-1.1.0c-2-] {+1.1.0d-2+}

> Also please make minimal changes from now on (e.g. for 1.1.0e).

I don't know how the resulting e version will look like but to avoid any
trouble I will open an unblock bug prio the upload to unstable to get
this sorted out. I will try to rebuild all its rev-deps to catch any
regressions like we had in the d release.

> Cheers,
> Emilio

Sebastian
Reply to: