[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#854155: unblock: openssl/1.1.0d-2

On 13/02/17 21:37, Sebastian Andrzej Siewior wrote:
> On 2017-02-13 18:01:34 [+0100], Emilio Pozuelo Monfort wrote:
>> On 04/02/17 15:20, Sebastian Andrzej Siewior wrote:
>>> Package: release.debian.org
>>> User: release.debian.org@packages.debian.org
>>> Usertags: unblock
>>> Severity: normal
>>>
>>> Please unblock package openssl. It contains a redo of the rules file
>>> among other packaging related changes which did not migrate in time due
>>> to the new release of the d version which fixes 3 CVE bugs. The d-2
>>> version fixes a regression discovered by perl and FTBFS of openssl
>>> itself if arch-any and arch-all were built in one go.
>>>
>>> unblock openssl/1.1.0d-2
>>
>> That includes some changes we don't like during the freeze, but given those were
>> done before the freeze and I wouldn't want them reverted this early in the
>> freeze, I would be happy to unblock this... but can you attach a binary debdiff
>> (e.g. debdiff an old and new .changes file) to make sure things are still
>> looking good?
> 
> sure. I've build c-2 and d-2 with _all an amd64 in todays sid to get the
> changes files and this the resulting debdiff:
> 
> [The following lists of changes regard files as different if they have
> different names, permissions or owners.]
> 
> Files in second .changes but not in first
> -----------------------------------------
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/2b/578462762f19aca2fce5f18f02136a0e040ffa.debug
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/54/06ecde81b1cb2ef22ddd54e5dfe2e17a6484ce.debug
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/83/ab63854f485098aabd85de0468f307bc3223e9.debug
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/8a/753d613f23da52c564ce14f8dc406baaf34a8f.debug
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/cd/a94b3e615e2dd7c14de4c2d600e020c765a6d3.debug
> -rw-r--r--  root/root   /usr/share/doc/openssl/NEWS.Debian.gz
> -rw-r--r--  root/root   /usr/share/lintian/overrides/openssl
> -rw-r--r--  root/root   /usr/share/man/man3/X509_digest.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/doc/libssl1.1-dbgsym -> libssl1.1
> lrwxrwxrwx  root/root   /usr/share/man/man3/BIO_callback_fn.3ssl.gz -> BIO_set_callback.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/BIO_callback_fn_ex.3ssl.gz -> BIO_set_callback.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/BIO_get_callback_ex.3ssl.gz -> BIO_set_callback.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/BIO_set_callback_ex.3ssl.gz -> BIO_set_callback.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/CRYPTO_secure_used.3ssl.gz -> OPENSSL_secure_malloc.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/DH_check_params.3ssl.gz -> DH_generate_parameters.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/ERR_FATAL_ERROR.3ssl.gz -> ERR_GET_LIB.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_PKEY_gen_cb.3ssl.gz -> EVP_PKEY_keygen.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_blake2b512.3ssl.gz -> EVP_DigestInit.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_blake2s256.3ssl.gz -> EVP_DigestInit.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_chacha20.3ssl.gz -> EVP_EncryptInit.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_chacha20_poly1305.3ssl.gz -> EVP_EncryptInit.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/GEN_SESSION_CB.3ssl.gz -> SSL_CTX_set_generate_session_id.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/PKCS7_ISSUER_AND_SERIAL_digest.3ssl.gz -> X509_digest.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/SSL_COMP_get0_name.3ssl.gz -> SSL_COMP_add_compression_method.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/SSL_COMP_get_compression_methods.3ssl.gz -> SSL_COMP_add_compression_method.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/SSL_COMP_get_id.3ssl.gz -> SSL_COMP_add_compression_method.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/SSL_verify_cb.3ssl.gz -> SSL_CTX_set_verify.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_CRL_digest.3ssl.gz -> X509_digest.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_NAME_digest.3ssl.gz -> X509_digest.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_REQ_digest.3ssl.gz -> X509_digest.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_cert_crl_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_check_crl_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_check_issued_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_check_policy_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_check_revocation_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_cleanup_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_get_crl_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_get_issuer_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_lookup_certs_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_lookup_crls_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_verify_cb.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_STORE_CTX_verify_fn.3ssl.gz -> X509_STORE_set_verify_cb_func.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_VERIFY_PARAM_get_inh_flags.3ssl.gz -> X509_VERIFY_PARAM_set_flags.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_VERIFY_PARAM_get_time.3ssl.gz -> X509_VERIFY_PARAM_set_flags.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_VERIFY_PARAM_set_inh_flags.3ssl.gz -> X509_VERIFY_PARAM_set_flags.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/X509_pubkey_digest.3ssl.gz -> X509_digest.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/bio_info_cb.3ssl.gz -> BIO_ctrl.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/custom_ext_add_cb.3ssl.gz -> SSL_extension_supported.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/custom_ext_free_cb.3ssl.gz -> SSL_extension_supported.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/custom_ext_parse_cb.3ssl.gz -> SSL_extension_supported.3ssl.gz
> 
> Files in first .changes but not in second
> -----------------------------------------
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/2e/654120e377732bb7baa4844a293a8c2a8f7ef6.debug
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/48/89fe5f709c7ac9a051e6d9272f78b2c401a41e.debug
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/b5/373c1c9c943b286a7c0ad89c999d99cf661ba6.debug
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/e0/77880bcfafc5858ecdc1ba8b6fdd6d6810262c.debug
> -rw-r--r--  root/root   /usr/lib/debug/.build-id/ea/4ea23046691d372c8d4caa12b6f9d337355e8b.debug
> -rw-r--r--  root/root   /usr/share/doc/libssl1.1-dbg/changelog.Debian.gz
> -rw-r--r--  root/root   /usr/share/doc/libssl1.1-dbg/changelog.gz
> -rw-r--r--  root/root   /usr/share/doc/libssl1.1-dbg/copyright
> lrwxrwxrwx  root/root   /usr/share/man/man3/CYRPTO_secure_used.3ssl.gz -> OPENSSL_secure_malloc.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_blake2b_512.3ssl.gz -> EVP_DigestInit.3ssl.gz
> lrwxrwxrwx  root/root   /usr/share/man/man3/EVP_blake2s_256.3ssl.gz -> EVP_DigestInit.3ssl.gz
> 
> Control files of package libcrypto1.1-udeb: lines which differ (wdiff format)
> -----------------------------------------------------------------------------
> Installed-Size: [-2620-] {+2628+}
> Version: [-1.1.0c-2-] {+1.1.0d-2+}
> 
> Control files of package libssl-dev: lines which differ (wdiff format)
> ----------------------------------------------------------------------
> Depends: libssl1.1 (= [-1.1.0c-2)-] {+1.1.0d-2)+}
> Installed-Size: [-6858-] {+6871+}
> Version: [-1.1.0c-2-] {+1.1.0d-2+}
> 
> Control files of package libssl-doc: lines which differ (wdiff format)
> ----------------------------------------------------------------------
> Installed-Size: [-4346-] {+4388+}
> {+Multi-Arch: foreign+}
> Version: [-1.1.0c-2-] {+1.1.0d-2+}
> 
> Control files of package libssl1.1: lines which differ (wdiff format)
> ---------------------------------------------------------------------
> Installed-Size: [-3502-] {+3520+}
> Version: [-1.1.0c-2-] {+1.1.0d-2+}
> 
> Control files of package libssl1.1-udeb: lines which differ (wdiff format)
> --------------------------------------------------------------------------
> Version: [-1.1.0c-2-] {+1.1.0d-2+}
> 
> Control files of package openssl: lines which differ (wdiff format)
> -------------------------------------------------------------------
> Depends: libc6 (>= 2.15), libssl1.1 (>= [-1.1.0)-] {+1.1.0), perl+}
> Installed-Size: [-1248-] {+1255+}
> Version: [-1.1.0c-2-] {+1.1.0d-2+}
> 
> Control files of package openssl-dbgsym: lines which differ (wdiff format)
> --------------------------------------------------------------------------
> Build-Ids: [-4889fe5f709c7ac9a051e6d9272f78b2c401a41e-] {+8a753d613f23da52c564ce14f8dc406baaf34a8f+}
> Depends: openssl (= [-1.1.0c-2)-] {+1.1.0d-2)+}
> Version: [-1.1.0c-2-] {+1.1.0d-2+}

Thanks. That looks sane.

> 
>> Also please make minimal changes from now on (e.g. for 1.1.0e).
> 
> I don't know how the resulting e version will look like but to avoid any
> trouble I will open an unblock bug prio the upload to unstable to get
> this sorted out. I will try to rebuild all its rev-deps to catch any
> regressions like we had in the d release.

I was more talking about intrusive packaging changes. Of course extensive
testing for the upstream changes is very welcome.

Cheers,
Emilio
Reply to: