1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1064328: snort: identified for time_t transition but no ABI in shli

    From Steve Langasek@21:1/5 to All on Tue Feb 20 00:40:02 2024
    Source: snort
    Version: 2.9.15.1-6
    Severity: serious
    User: debian-arm@lists.debian.org
    Usertags: time-t

    Dear maintainers,

    Analysis of the archive for the 64-bit time_t transition[0][1] identifies
    snort as an affected package, on the basis that the headers could not be compiled and analyzed out of the box using abi-compliance-checker[2], so we have to assume it's affected.

    However, snort's shlibs file declares a dependency on a library package name that contains no ABI information:

    $ cat DEBIAN/shlibs
    libsf_sorules 0 snort-common-libraries (>= 2.9.15.1)
    libsf_engine 0 snort-common-libraries (>= 2.9.15.1)
    libsf_appid_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_dce2_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_dnp3_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_dns_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_ftptelnet_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_gtp_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_imap_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_modbus_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_pop_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_reputation_preproc 0 snort-common-libraries (>= 2.9.15.1) libsf_sdf_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_sip_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_smtp_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_ssh_preproc 0 snort-common-libraries (>= 2.9.15.1)
    libsf_ssl_preproc 0 snort-common-libraries (>= 2.9.15.1)
    $

    It is not obvious that we should rename the package to 'snort-common-librariest64' as part of this transition.

    Looking at the archive, there is a package that depends on this library,
    snort. Despite being built from the same source package, it does not have a strict versioned dependency on snort-common-libraries but instead uses the shlibs.

    Since there is no self-evident thing to do with the library package name
    here, we will not be handling this package as part of the mass NMUs.
    Instead I am filing a serious bug because partial upgrades from bookworm to trixie on 32-bit architectures (upgrading snort-common-libraries without
    also upgrading snort) will result in ABI skew and may result in broken behavior.

    Thanks,
    --
    Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org

    [0] https://wiki.debian.org/ReleaseGoals/64bit-time
    [1] https://lists.debian.org/debian-devel/2024/01/msg00041.html
    [2] https://adrien.dcln.fr/misc/armhf-time_t/2024-02-16T21%3A19%3A00/logs/snort-common-libraries/base/log.txt

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmXT47MACgkQVo0w8yGy Ez0tLA//YcvgEOGYFFrgbf7DSigsA6lVJzIGrVeHTewXiv4tzuTlWCUowfdZr/Nu dGJbGUKhxGD1x1gZIALRIiu83LVUquJmdYk2hQ1/FsCr8PyRI65F5zkGVeAfPhw2 KyzXLJ1uK9AqlxVCOCgJVBVTNoZ9bs3S7ZWmAaJr8zHfFnZAG/wg7RUTg6qBhUjj TdVVRvqW6ylJFgQRIQmOcd53owhlfHQ0PEUL/R1bIUcHcHcmPiDp9PquR9Kz6wkY Cx8ei9l/RDpo4F6tLroq8VlyIaXx+E8xrZf6jACtB70yoLVscRR1rToU7p8LNrpY LZdThBaXGKV3V4wp75w3GoqcDT0o8iox8PC2zkynrQc/Jc/mYSGnR