Your message dated Tue, 29 May 2018 13:00:13 +0000
with message-id <e1fneex-00097g...@fasolo.debian.org>
and subject line Bug#797869: fixed in libzypp 17.3.1-1
has caused the Debian Bug report #797869,
regarding libzypp: shared library does not generate correct dependencies
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
797869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797869
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libzypp
Version: 15.3.0-1
Severity: serious
Justification: Policy 8.1
The libzypp binary package contains a public shared library
(libzypp.so.1503), and zypper depends on it.
Policy ยง8.1 says:
> The run-time shared library must be placed in a package whose name
> changes whenever the SONAME of the shared library changes.
In this case, the shared library package should be libzypp1503,
and zypper should depend on that. I realise this is going to
involve a lot of going through the NEW queue, but that's what
happens if a library doesn't have a stable ABI.
In addition, libzypp does not generate correct dependencies
via its shlibs or symbol file: zypper depends on "libzypp",
with no version specified. In particular, there is nothing to stop a
user from installing libzypp/jessie (contains libzypp.so.1429) in
conjunction with zypper/stretch (requires libzypp.so.1503), or vice
versa, which will cause the dynamic linker to fail before zypper
has started. The requirement I quoted is there precisely so that
this sort of thing does not happen.
If you are not going to follow ABI-based naming (libzypp1503),
then you need some other solution to make the broken situations
impossible, for example making the shlibs/symbols generate a
dependency on "libzypp (>= 15.3), libzypp (<< 15.4)", and adding
Breaks for older versions of zypper that did not pick up this
dependency. I expect that the easiest way will be to use the
ABI-based naming as intended, instead.
For the C++ transition (#797867) an additional constraint is
that the version of libzypp that has been compiled with g++-5
needs a Breaks on versions of zypper that may have been compiled
with g++-4.
S
--- End Message ---
--- Begin Message ---
Source: libzypp
Source-Version: 17.3.1-1
We believe that the bug you reported is fixed in the latest version of
libzypp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 797...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Gabriel <sunwea...@debian.org> (supplier of updated libzypp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 28 May 2018 14:34:46 +0200
Source: libzypp
Binary: libzypp1702 libzypp-dev libzypp-common libzypp-bin libzypp-config
libzypp-doc
Architecture: source amd64 all
Version: 17.3.1-1
Distribution: unstable
Urgency: medium
Maintainer: Mike Gabriel <sunwea...@debian.org>
Changed-By: Mike Gabriel <sunwea...@debian.org>
Description:
libzypp-bin - openSUSE/SLES package management system library (library tools)
libzypp-common - openSUSE/SLES package management system library (common files)
libzypp-config - openSUSE/SLES package management system library
(configuration)
libzypp-dev - openSUSE/SLES package management system library (development file
libzypp-doc - openSUSE/SLES package management system library (documentation)
libzypp1702 - openSUSE/SLES package management system (library)
Closes: 797865 797869 841769 849899 861995 892674 899065
Changes:
libzypp (17.3.1-1) unstable; urgency=medium
.
* New upstream release (after a long time...).
- Fixes CVE-2017-7435, CVE-2017-7436, CVE-2017-9269. (Closes: #899065).
- SONAME version bump by upstream. (Closes: #797865)
- FTBFS of previous / old-in-Debian version likely solved. (Closes:
#841769).
* debian/patches:
+ Drop 1003-Add-support-for-openssl-1.1.patch. Fixed upstream.
+ Rebase 1002_cmake-module-path-fix.patch.
+ Add 1003_various-typo-fixes.patch. Fix some typo flaws in output
messages.
* debian/control:
+ SONAME bump, rename bin:pkg. Use SONAME based bin:pkg names in the first
place. (Closes: #797869).
+ Add B-D asciidoctor.
+ Add B-D: libgpgme-dev.
+ Update B-D: librpm-dev (>= 4.4).
+ Add B-D: libcurl4-openssl-dev (>= 7.19.4).
+ Update B-D: libsolv0-dev (>= 0.6.27).
+ Add B-Ds: libpopt-dev and dejagnu.
+ Drop Thomas Bechthold from Uploader: field again. (Closes: #892674).
Thanks for previous contributions.
+ Fix LONG_DESCRIPTION (libzypp-common). Remove duplicated paragraph.
(Closes: #861995).
+ Set Priority: from extra to optional.
+ Bump Standards-Version: to 4.1.4.
+ Add S (libzypp1702): libzypp-doc. (Closes: #849899).
+ Update Vcs-*: fields. Packaging Git has been migrated to
salsa.debian.org.
+ Add B:/R: for older libzypp bin:pkg versions.
+ Add B (libzypp(1702): zypper (<< 1.14). We very possibly break zypper
(<< 1.14).
* debian/{control,rules}:
+ Enable all hardening flags.
+ Drop manually crafted dbg:package.
* debian/{control,compat}: Bump to DH compat version level 10.
* debian/rules:
+ Drop chmod on nofify-message. Not shipped anymore.
+ Provide a writeable home to gnupg. Needed for some unit tests.
+ Stop parsing dpkg-parsechangelog's output.
* debian/libzypp-bin.install:
+ No files in /usr/lib/zypp anymore.
* lintian:
+ Drop binary-without-manpage man page override (bin:pkg libzypp-bin). The
non-documented binaries have been removed by upstream.
* debian/copyright:
+ Update auto-generated copyright.in file.
+ Update copyright attributions.
+ Use secure URI for copyright format reference.
Checksums-Sha1:
494efeab336ebae942e72fe42f2353721999ba6d 2532 libzypp_17.3.1-1.dsc
9bc34fe1b4e05098d83aa3d9d541cce327d2d742 4304652 libzypp_17.3.1.orig.tar.xz
d5be480a1523f14ae6407cccda8eb666c0682572 23416 libzypp_17.3.1-1.debian.tar.xz
c21315a4ed01d69a2b9e7e56ebb09c6d789e9f53 579504
libzypp-bin-dbgsym_17.3.1-1_amd64.deb
25eb06988d64c6f080205f513358f3a0ecde1964 47056 libzypp-bin_17.3.1-1_amd64.deb
74020f42244c473831ef26e072a1ca0e01d5171d 409736 libzypp-common_17.3.1-1_all.deb
1d41591dab54db6ee72095d507f24edbc555de4c 24352 libzypp-config_17.3.1-1_all.deb
2fa69a0556a3a9467c80c4b9d3cf38c467dc0a68 295884 libzypp-dev_17.3.1-1_amd64.deb
5e6eccf1bbc2d72454295a77396ac016e2d161dd 183832648 libzypp-doc_17.3.1-1_all.deb
92eed38e166b6bbcda8fc1361164524e19f5817d 30059212
libzypp1702-dbgsym_17.3.1-1_amd64.deb
39aebd2d29e1f3c6e19d96ccc372e9bb195cc8a9 1534704 libzypp1702_17.3.1-1_amd64.deb
174074ab059a359741ba9ee6e006ad1a1aed23b9 13982 libzypp_17.3.1-1_amd64.buildinfo
Checksums-Sha256:
c34a2ee0fd3cd7c562ffb144f9a8d965abdfe04e8db2e1b41cb823b4149525be 2532
libzypp_17.3.1-1.dsc
f310bd147a0f71cd41c11f0b81484450cf07b5b8e028f714a7e86a98f5044f52 4304652
libzypp_17.3.1.orig.tar.xz
a4ee49ccaa096edb4f44d9a373a28926ecf31b596ca895918f79153175601382 23416
libzypp_17.3.1-1.debian.tar.xz
eb3184a6bb6da136c4eb91e55da4e5faee2123aa4e58153c8fc246ca58e2ac21 579504
libzypp-bin-dbgsym_17.3.1-1_amd64.deb
8887a9f9693ba27ec594ec163693afa46730d804521fe8577cf5504860d14523 47056
libzypp-bin_17.3.1-1_amd64.deb
bc13590500988971a634f0390e18821177f5b6c390d811ce7be3ddf57a038b03 409736
libzypp-common_17.3.1-1_all.deb
ce8f86a41b14c9c1aaa6c1fa8fe8d7636d0ff1585521fcf9498faa18eb865e34 24352
libzypp-config_17.3.1-1_all.deb
43a22d4067b95983b31b1e223284d1d1aa79d5718c558462f74420353750786f 295884
libzypp-dev_17.3.1-1_amd64.deb
8c4e91bc56398d999a942e2dc0c5a1c08ea02c68785a6b5cccdabfed9d37c2e3 183832648
libzypp-doc_17.3.1-1_all.deb
07408e7971981b6b6ee5ccf728a4a921abea1b8e967b85cccc0a53407b9f5fa0 30059212
libzypp1702-dbgsym_17.3.1-1_amd64.deb
5a54230f69dc37651e7b40baffdf809c2366c999896b2909aef58d7adcb5bdf0 1534704
libzypp1702_17.3.1-1_amd64.deb
1f25ba1fe4e33a114ac3089e2299993338d0b83b418b85b2c02f1d6e24117581 13982
libzypp_17.3.1-1_amd64.buildinfo
Files:
a9d7f27825ce56520900a752de8f5896 2532 libs optional libzypp_17.3.1-1.dsc
e8754a41dac84f6640c3b7bea3b3b6f7 4304652 libs optional
libzypp_17.3.1.orig.tar.xz
8f232527a25d95c83afa2a2acbf7eea4 23416 libs optional
libzypp_17.3.1-1.debian.tar.xz
f96c13f4cf63adbdc15040a5d2032481 579504 debug optional
libzypp-bin-dbgsym_17.3.1-1_amd64.deb
658dbc056e69ee0249f4ae2965d8d125 47056 libs optional
libzypp-bin_17.3.1-1_amd64.deb
811614deee94b85b65328898820c9821 409736 libs optional
libzypp-common_17.3.1-1_all.deb
00f834608c6daddff8cbd76ff1905e08 24352 libs optional
libzypp-config_17.3.1-1_all.deb
33227c3a18131b47591dc9798d5503a0 295884 libdevel optional
libzypp-dev_17.3.1-1_amd64.deb
70feed8e1d1ac1f4bf44cfc052553488 183832648 doc optional
libzypp-doc_17.3.1-1_all.deb
8e16ed424296c7311aa2bca70c5d84d2 30059212 debug optional
libzypp1702-dbgsym_17.3.1-1_amd64.deb
b6547c4f783cbe55bea4c2eb3e632e8d 1534704 libs optional
libzypp1702_17.3.1-1_amd64.deb
8a07326ee97b6deda956a8fce46dbbb2 13982 libs optional
libzypp_17.3.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlsMD5AVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx6EsP/3TOHgI5CIFmCNflQeup6o0mDkwX
/8PMGI6b6Cu7GOQwjUMULmrUmaJOiMwYS5WFV7UaAlRSE1AJrVg3HkgAOeLwf7KO
LImI7fMU3udiZPTknFwS0Igq/7b/lhpZAMWA092ASoM58ItRBu9EqD+mmfsx1r61
5yN3onco/O4qSXG87SJ4UC4r6atSbJcbRMmBvsO2qojFQylZzJyJlk4TYBKREi1H
7cRE+G0tkSoB9OsTBMfS+PsyA+JhjmzExXDYru02h7X795bqSQX6fvUSAjmYDuWe
s6sWNy8QP8IQRAg3UbuWgAwat7cNQV6L6Wb2rLS0BsMCHz0cUUAYJDloBXVyFeOW
T84xEAv5c4KL9AsbdD32fdD5eCwpRYEsg2zJD/8fGi92iY02sBOvMTXhoHcfNKxN
wtNODe7lWb+RVOAm3XUQ3eZJlea0/uC8y0Tzq9S4HgbVPhsde5UkzK/HkR4/6kw7
uLMF2AZIrYBZ2MHdmZRXuRLdE4Jw2YZjYOYpQuqUIOIwIGI6mqM/JZuL7Nr7Jie1
cMw2pRZCoS0OgvRFTGgya5LVETOPnloLuC/fVsGKZ5rm42UihASaFUQYsLpipfvd
FR6uWsaV4Ph2TWdSEilWqKf3bOe5AkQtiXMyYQcsakrTIYS+VANiLzaY44KgFG6u
9QcmflmthMP8MnOD
=y8La
-----END PGP SIGNATURE-----
--- End Message ---
