Bug#863472: unblock: openssl/1.1.0f-1
On Sun, Jun 04, 2017 at 05:29:21AM +0200, Cyril Brulebois wrote:
> Niels Thykier <niels@thykier.net> (2017-06-03):
> > Kurt Roeckx:
> > > Package: release.debian.org
> > > User: release.debian.org@packages.debian.org
> > > Usertags: unblock
> > > Severity: normal
> > >
> > > Hi,
> > >
> > > I've uploaded a new upstream version of openssl that contains bug
> > > fixes. The Debian changelog says:
> > > * New upstream version
> > > - Fix regression in req -x509 (Closes: #839575)
> > > - Properly detect features on the AMD Ryzen processor
> > > (Closes: #861145)
> > > - Don't mention -tls1_3 in the manpage (Closes: #859191)
> > > * Update libssl1.1.symbols for new symbols
> > > * Update man-section.patch
> > >
> > >
> > > Kurt
> > >
> >
> > Hi,
> >
> > Fine by me. CC'ing KiBi for a d-i ack assuming he is ok with this
> > last minute change.
>
> Erm.
>
> The libssl1.1-udeb package is broken, as it fails to depend on an
> appropriate version of libcrypto1.1-udeb, which means I've just
> successfully built a debian-installer against testing with this
> addition: build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb
> and gotten a broken wget:
> | wget: /usr/lib/libcrypto.so.1.1: version `OPENSSL_1_1_0f' not found (required by /usr/lib/libssl.so.1.1)
>
> See the missing version here:
> | $ dpkg --info build/localudebs/libssl1.1-udeb_1.1.0f-1_amd64.udeb|grep Depends:
> | Depends: libc6-udeb (>= 2.24), libcrypto1.1-udeb
>
> One could argue they're from the same source and that this isn't a
> practical problem since they're going to migrate at the same time and be
> used together in debian-installer, but further fun could come up when
> other packages start depending on particular symbols (hello wget), so I
> think I'd be nice to have this fixed.
>
> Maybe file this as an RC bug against openssl so that it isn't forgotten
> about, but ignore it for r0?
So I have prepared an update. Should I upload it?
The source changes are:
--- openssl-1.1.0f/debian/changelog 2017-05-25 18:29:01.000000000 +0200
+++ openssl-1.1.0f/debian/changelog 2017-06-04 12:07:38.000000000 +0200
@@ -1,3 +1,10 @@
+openssl (1.1.0f-2) unstable; urgency=medium
+
+ * Make the udeb use a versioned depends (Closes: #864080)
+ * Conflict with libssl1.0-dev (Closes: #863367)
+
+ -- Kurt Roeckx <kurt@roeckx.be> Sun, 04 Jun 2017 12:07:38 +0200
+
openssl (1.1.0f-1) unstable; urgency=medium
* New upstream version
diff -Nru openssl-1.1.0f/debian/control openssl-1.1.0f/debian/control
--- openssl-1.1.0f/debian/control 2017-01-26 23:19:08.000000000 +0100
+++ openssl-1.1.0f/debian/control 2017-06-04 12:07:33.000000000 +0200
@@ -72,6 +72,7 @@
Multi-Arch: same
Recommends: libssl-doc
Depends: libssl1.1 (= ${binary:Version}), ${misc:Depends}
+Conflicts: libssl1.0-dev
Description: Secure Sockets Layer toolkit - development files
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
diff -Nru openssl-1.1.0f/debian/rules openssl-1.1.0f/debian/rules
--- openssl-1.1.0f/debian/rules 2017-05-25 18:17:29.000000000 +0200
+++ openssl-1.1.0f/debian/rules 2017-06-04 11:48:25.000000000 +0200
@@ -138,7 +138,7 @@
override_dh_makeshlibs:
#dpkg-gensymbols -Pdebian/libssl1.1/ -plibssl1.1 -c4
- dh_makeshlibs -a --add-udeb="libcrypto1.1-udeb" -Xengines
+ dh_makeshlibs -a --add-udeb="libcrypto1.1-udeb (>= 1.1.0f)" -Xengines
# XXX: This needs gets set perl:any by dh_perl which is correct, but
# that breaks debootstrap in jessie (the current stable). This hack
# could be removed once stretch is stable and contains a fixed
It changes the shlibs file from:
libcrypto 1.1 libssl1.1
libssl 1.1 libssl1.1
udeb: libcrypto 1.1 libcrypto1.1-udeb
udeb: libssl 1.1 libssl1.1-udeb
to:
libcrypto 1.1 libssl1.1
libssl 1.1 libssl1.1
udeb: libcrypto 1.1 libcrypto1.1-udeb (>= 1.1.0f)
udeb: libssl 1.1 libssl1.1-udeb (>= 1.1.0f)
It results in the following debdiff change on the binaries:
File lists identical (after any substitutions)
Control files of package libcrypto1.1-udeb: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Version: [-1.1.0f-1-] {+1.1.0f-2+}
Control files of package libssl-dev: lines which differ (wdiff format)
----------------------------------------------------------------------
{+Conflicts: libssl1.0-dev+}
Depends: libssl1.1 (= [-1.1.0f-1)-] {+1.1.0f-2)+}
Version: [-1.1.0f-1-] {+1.1.0f-2+}
Control files of package libssl-doc: lines which differ (wdiff format)
----------------------------------------------------------------------
Version: [-1.1.0f-1-] {+1.1.0f-2+}
Control files of package libssl1.1: lines which differ (wdiff format)
---------------------------------------------------------------------
Version: [-1.1.0f-1-] {+1.1.0f-2+}
Control files of package libssl1.1-dbgsym: lines which differ (wdiff format)
----------------------------------------------------------------------------
Depends: libssl1.1 (= [-1.1.0f-1)-] {+1.1.0f-2)+}
Version: [-1.1.0f-1-] {+1.1.0f-2+}
Control files of package libssl1.1-udeb: lines which differ (wdiff format)
--------------------------------------------------------------------------
Depends: libc6-udeb (>= 2.24), libcrypto1.1-udeb {+(>= 1.1.0f)+}
Version: [-1.1.0f-1-] {+1.1.0f-2+}
Control files of package openssl: lines which differ (wdiff format)
-------------------------------------------------------------------
Version: [-1.1.0f-1-] {+1.1.0f-2+}
Control files of package openssl-dbgsym: lines which differ (wdiff format)
--------------------------------------------------------------------------
Depends: openssl (= [-1.1.0f-1)-] {+1.1.0f-2)+}
Version: [-1.1.0f-1-] {+1.1.0f-2+}
Kurt
Reply to: