Source: snort
Version: 2.9.15.1-6
Severity: serious
User:
debian-arm@lists.debian.org
Usertags: time-t
Dear maintainers,
Analysis of the archive for the 64-bit time_t transition[0][1] identifies
snort as an affected package, on the basis that the headers could not be compiled and analyzed out of the box using abi-compliance-checker[2], so we have to assume it's affected.
However, snort's shlibs file declares a dependency on a library package name that contains no ABI information:
$ cat DEBIAN/shlibs
libsf_sorules 0 snort-common-libraries (>= 2.9.15.1)
libsf_engine 0 snort-common-libraries (>= 2.9.15.1)
libsf_appid_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_dce2_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_dnp3_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_dns_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_ftptelnet_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_gtp_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_imap_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_modbus_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_pop_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_reputation_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_sdf_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_sip_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_smtp_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_ssh_preproc 0 snort-common-libraries (>= 2.9.15.1)
libsf_ssl_preproc 0 snort-common-libraries (>= 2.9.15.1)
$
It is not obvious that we should rename the package to 'snort-common-librariest64' as part of this transition.
Looking at the archive, there is a package that depends on this library,
snort. Despite being built from the same source package, it does not have a strict versioned dependency on snort-common-libraries but instead uses the shlibs.
Since there is no self-evident thing to do with the library package name
here, we will not be handling this package as part of the mass NMUs.
Instead I am filing a serious bug because partial upgrades from bookworm to trixie on 32-bit architectures (upgrading snort-common-libraries without
also upgrading snort) will result in ABI skew and may result in broken behavior.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer
https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
[0]
https://wiki.debian.org/ReleaseGoals/64bit-time
[1]
https://lists.debian.org/debian-devel/2024/01/msg00041.html
[2]
https://adrien.dcln.fr/misc/armhf-time_t/2024-02-16T21%3A19%3A00/logs/snort-common-libraries/base/log.txt
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmXT47MACgkQVo0w8yGy Ez0tLA//YcvgEOGYFFrgbf7DSigsA6lVJzIGrVeHTewXiv4tzuTlWCUowfdZr/Nu dGJbGUKhxGD1x1gZIALRIiu83LVUquJmdYk2hQ1/FsCr8PyRI65F5zkGVeAfPhw2 KyzXLJ1uK9AqlxVCOCgJVBVTNoZ9bs3S7ZWmAaJr8zHfFnZAG/wg7RUTg6qBhUjj TdVVRvqW6ylJFgQRIQmOcd53owhlfHQ0PEUL/R1bIUcHcHcmPiDp9PquR9Kz6wkY Cx8ei9l/RDpo4F6tLroq8VlyIaXx+E8xrZf6jACtB70yoLVscRR1rToU7p8LNrpY LZdThBaXGKV3V4wp75w3GoqcDT0o8iox8PC2zkynrQc/Jc/mYSGnR