Bug#670367: pu: package coolkey/1.1.0-6
On Wed, 2012-05-02 at 21:08 -0400, A. Maitland Bottoms wrote:
> >>>>> "Adam" == Adam D Barratt <adam@adam-barratt.org.uk> writes:
>
> Adam> Even accounting for the patch overhead, the diff is still somewhat
> Adam> larger than most we'd usually handle via proposed-updates. That's not
> Adam> necessarily a blocker in and of itself, but we are rapidly approaching
> Adam> the cut-off point for the next point release and I don't think I'm
> Adam> likely to have time to do a proper review myself before that point.
[...]
> Time is an issue no matter which update is considered, so let me add
> a little more background and triage to help smooth the process.
Indeed, but larger and/or more involved updates obviously require more
time. They also tend to benefit from more time in proposed-updates
before the point release in order to allow for them to be tested.
> I've added a squeeze branch in the phg-coolkey subversion repository at
> http://anonscm.debian.org/viewvc/pkg-coolkey/coolkey/tags/squeeze/debian/patches/
[...]
> Patch 10* is large, and I suspect few people beyond its author Robert Relyea
> really understand all the changes.
> Patch 11* and 12* are new to Debian, but are a bit simpler and keep
> things from crashing on our users for situtations that have been observed
> in practice.
You say "new to Debian", but afaict the content is already in the
unstable/testing package.
> Of cource patch 10*
> went through whatever review processes were involved in updateing RHEL:
> http://rhn.redhat.com/errata/RHEA-2011-0111.html
Apparently that review process didn't notice - or didn't care about -
the fact that the changes in the above patch cause an ABI break in
libckyapplet1. The Debian packages should really have changed SONAME at
that point; looking at the packages in testing/sid, it appears that
didn't happen. This would also be an issue for partial squeeze to
wheezy upgrades already - installing wheezy's libckyapplet1 on a system
with squeeze's coolkey will break if the affected functions are called.
Specifically:
459 CKYStatus
460 -CACAppletFactory_SignDecrypt(CKYAPDU *apdu, const void *param)
461 +CACAppletFactory_SignDecryptStep(CKYAPDU *apdu, const void *param)
[...]
467 +CKYStatus
468 +CACAppletFactory_SignDecryptFinal(CKYAPDU *apdu, const void *param)
[...]
955 CKYStatus
956 -CACAPDUFactory_SignDecrypt(CKYAPDU *apdu, const CKYBuffer *data)
957 +CACAPDUFactory_SignDecrypt(CKYAPDU *apdu, CKYByte type, const CKYBuffer *data)
Both CACAPDUFactory_SignDecrypt and CACAppletFactory_SignDecrypt are
exported from the library.
Regards,
Adam
Reply to: