Re: Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality

To: Sebastian Ramacher <sramacher@debian.org>
Cc: debian-release@lists.debian.org, Carsten Schoenert <c.schoenert@t-online.de>, 989839@bugs.debian.org, 990059@bugs.debian.org
Subject: Re: Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality
From: Kevin Locke <kevin@kevinlocke.name>
Date: Fri, 18 Jun 2021 15:31:08 -0600
Message-id: <YM0QnCNQ/UguGRg2@kevinlocke.name>
Mail-followup-to: Kevin Locke <kevin@kevinlocke.name>, Sebastian Ramacher <sramacher@debian.org>, debian-release@lists.debian.org, Carsten Schoenert <c.schoenert@t-online.de>, 989839@bugs.debian.org, 990059@bugs.debian.org
In-reply-to: <[🔎] YM0BemKpV9HNfeJT@ramacher.at>
References: <[🔎] YMuxbhKPROZWMMMT@ramacher.at> <[🔎] YMzORfF5ZUhAH8b9@kevinlocke.name> <5b9048bd-0722-a007-5b8f-3f173a92c664@gmx.ch> <[🔎] YM0BemKpV9HNfeJT@ramacher.at>

Hi Sebastian,

On Fri, 2021-06-18 at 22:26 +0200, Sebastian Ramacher wrote:
> Thanks for this detailed analysis. That actually means that the symbol
> file for libnss3 2:3.67-1 is broken. It would need to bump the minimum
> version requirement for all symbols that works with SSLChannelInfo. From
> your description, at least the version for SSL_GetChannelInfo would need
> to be bumped. If thunderbird would then be built against a libnss3
> version with a fixed symbol files, it would pick up tight enought
> dependencies.
> 
> So ideally the bug against thunderbird would be reassigned to libnss3
> 2:3.67-1 and its severits raised to serious. Once fixed, we can rebuild
> thunderbird to pick up the correct depedencies.

Good point.  Fixing the libnss3 symbol file sounds like the right fix to
me.  As far as I can tell SSL_GetChannelInfo is the only symbol which
takes SSLChannelInfo.  I've opened https://bugs.debian.org/990058 with
the proposed fix.

> But since that version of libnss3 is not in bullseye, the rebuild would
> not be abile to migrate. Ideally libnss3 would be reverted to the
> version in bullseye to avoid this issue. Otherwise I can schedule
> binNMUs of thunderbird in tpu, but that means that we would need to do
> that for any thunderbird upload that we want in bullseye until the
> release. That is suboptimal - it's more work with less testing.

That may be tricky.  firefox 88.0.1-1 in unstable depends on
libnss3 (>= 2:3.63~).  If the maintainers are willing to upload an NSS
version between 2:3.63 and 2:3.65, I believe that would solve the issue
without breaking firefox.  (2:3.63-1 is the only suitable version
in debian/changelog.)  I've opened https://bugs.debian.org/990059 to
discuss.

Thanks,
Kevin

P.S. My apologies for not following your suggestion to reassign #989839
to libnss3.  I thought we might need separate issues for better
granularity over the different parts of the issue.  I hope it doesn't
end up causing more confusion or hassle.

Reply to:

Follow-Ups:
- Re: Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality
  - From: Carsten Schoenert <c.schoenert@t-online.de>

References:
- Re: Thunderbird 1:78.11.0-1 in testing lacks full functionality
  - From: Sebastian Ramacher <sramacher@debian.org>
- Re: Thunderbird 1:78.11.0-1 in testing lacks full functionality
  - From: Kevin Locke <kevin@kevinlocke.name>
- Re: Thunderbird 1:78.11.0-1 in testing lacks full functionality
  - From: Sebastian Ramacher <sramacher@debian.org>

Prev by Date: Bug#990036: marked as done (unblock: xdot/1.2-2)
Next by Date: Your "distcc" stable upload
Previous by thread: Re: Thunderbird 1:78.11.0-1 in testing lacks full functionality
Next by thread: Re: Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality
Index(es):
- Date
- Thread