Your message dated Wed, 13 Apr 2022 09:03:59 +0000
with message-id <[email protected]>
and subject line Bug#996890: fixed in jansson 2.14-1
has caused the Debian Bug report #996890,
regarding json-c and jansson declare the same unversionned symbol
json_object_get
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
996890: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996890
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: uwsgi-core
Version: 2.0.20-1
Severity: normal
Dear Maintainer,
I am encountering an issue when trying to run a PSGI application under
UWSGI.
My application depends on libcrypt-u2f-server-perl, which in turn
depends on libu2f-server, which is build again libjson-c.
libjson-c has known symbol conflicts with libjansson
see https://github.com/json-c/json-c/issues/621
Because of those symbol conflicts, my application works under Apache,
Plackup, Starman, and just about any PSGI server, but not UWSGI.
Here is a very simple test case:
use Crypt::U2F::Server::Simple;
use MIME::Base64 qw(decode_base64url);
my $c = Crypt::U2F::Server::Simple->new(
appId => 'http://example.com',
origin => 'http://example.com',
keyHandle => 'xqrFVqvymzLlrdh9HyBSC5vy_3feWzh2gge'
. 'Jpx03_5D8t5w1LpcPcSirvMNnOgCLRyjkjnMlYDwh6I8QdGfPpA',
publicKey => decode_base64url(
'BM4M55Vu4ZriaFrk9J273SVb2PUEFNKU-q2W-lt'
. 'rUT2OlnXncwlTYw1V0pDXALP36qbaFcwejqfSsPVXL0FL0rc'
),
);
my $app = sub {
return [
200,
[ 'Content-Type' => 'text/plain' ],
[ $c->authenticationChallenge ]
];
}
This test works with plackup (libplack-perl):
plackup test.psgi
curl http://localhost:5000 | json_pp
# As expected:
{
"appId" : "http://example.com";,
"challenge" : "z_HKSxGvUuefsJOEFRMpAHbWaFdyOiy6DtbdBaKmmuU",
"keyHandle" :
"xqrFVqvymzLlrdh9HyBSC5vy_3feWzh2ggeJpx03_5D8t5w1LpcPcSirvMNnOgCLRyjkjnMlYDwh6I8QdGfPpA",
"version" : "U2F_V2"
}
But not with uwsgi (uwsgi-plugin-psgi):
uwsgi --http-socket 127.0.0.1:5000 --plugins psgi --psgi test-u2f.psgi
curl http://localhost:5000 | json_pp
# incorrect
{
"appId" : null,
"challenge" : null,
"keyHandle" : null,
"version" : null
}
The reason is the json_object_get symbol used by libu2f-server
conflicting. As indicated by LD_DEBUG=bindings:
Plackup case (working):
4604: binding file /lib/x86_64-linux-gnu/libu2f-server.so.0 [0] to
/lib/x86_64-linux-gnu/libjson-c.so.5 [0]: normal symbol `json_object_get'
[JSONC_0.14]
UWSGI case (failing):
4601: binding file /lib/x86_64-linux-gnu/libu2f-server.so.0 [0] to
/lib/x86_64-linux-gnu/libjansson.so.4 [0]: normal symbol `json_object_get'
[JSONC_0.14]
I am able to work around this issue with LD_PRELOAD, but this does not
feel like a long term solution to me.
I'm not very familiar with symbol resolution rules, but the GitHub
discussion above suggests that building libjansson with versionned
symbols would fix this issue. I'm however not entirely sure what the
correct course of action is:
* Should I also report this issue to the libjansson Debian maintainers?
* Is it possible for Debian to build uwsgi against libyajl instead? This
seems like a possibility in UWSGI 2.0, and libyajl does not seem to
have symbol conflicts
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-9-amd64 (SMP w/6 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages uwsgi-core depends on:
ii libc6 2.32-4
ii libcap2 1:2.44-1
ii libcrypt1 1:4.4.25-2
ii libjansson4 2.13.1-1.1
ii libpam0g 1.4.0-10
ii libpcre3 2:8.39-13
ii libssl1.1 1.1.1l-1
ii libsystemd0 249.5-1
ii libuuid1 2.37.2-3
ii libxml2 2.9.12+dfsg-5
ii libyaml-0-2 0.2.2-1
ii libzmq5 4.3.4-1
ii zlib1g 1:1.2.11.dfsg-2
uwsgi-core recommends no packages.
Versions of packages uwsgi-core suggests:
pn nginx-full | cherokee | libapache2-mod-proxy-uwsgi | libapache2-mod <none>
pn uwsgi-dev <none>
pn uwsgi-extra <none>
pn uwsgi-plugins-all <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: jansson
Source-Version: 2.14-1
Done: Gianfranco Costamagna <[email protected]>
We believe that the bug you reported is fixed in the latest version of
jansson, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <[email protected]> (supplier of updated jansson
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 13 Apr 2022 08:47:00 +0200
Source: jansson
Architecture: source
Version: 2.14-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <[email protected]>
Changed-By: Gianfranco Costamagna <[email protected]>
Closes: 966398 996890 1008003
Changes:
jansson (2.14-1) unstable; urgency=medium
.
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database, Bug-Submit (from ./configure),
Repository, Repository-Browse.
* Drop unnecessary dependency on dh-autoreconf.
* Update standards version to 4.6.0, no changes needed.
.
[ Florian Ernst ]
* Update debian/watch file to detect new release (Closes: #1008003)
.
[ Gianfranco Costamagna ]
* Team upload (salsa.debian.org/debian namespace)
* New upstream version 2.14 (Closes: #996890, Closes: #966398)
* Drop sphinx patch, now upstream
* Add new symbols versioning from upstream -Wl,--default-symver
* Add new symbols from new release
* Bump symbols to 2.14
* Add R^3: no
Checksums-Sha1:
c0989ea0a533d63f33c92b5a095281bbd24999b0 1980 jansson_2.14-1.dsc
c3c2b631864eca28de482e51fc027c9cd276eb67 141500 jansson_2.14.orig.tar.gz
8d5730c3f53f880cbe345cbe89e9a6a7e19479b0 4904 jansson_2.14-1.debian.tar.xz
3beebd6181f6d3ca688cc6022d0c7b7132c944f7 7261 jansson_2.14-1_source.buildinfo
Checksums-Sha256:
cb369b62d476603e182ae3d1a3fea48e22cff43126386d6d34dfb36e3ff39502 1980
jansson_2.14-1.dsc
c739578bf6b764aa0752db9a2fdadcfe921c78f1228c7ec0bb47fa804c55d17b 141500
jansson_2.14.orig.tar.gz
b25f7584b2d491961a30e87c56fc6fa13f91134a3acc7bb1205f25efce10ca63 4904
jansson_2.14-1.debian.tar.xz
4d243cf6a5c6785d85eb27adedaffba4bd96c8090b10d6dbbb7cac509556ef49 7261
jansson_2.14-1_source.buildinfo
Files:
a23a5c38ae4e5d76437dd3b63e6d0029 1980 libs optional jansson_2.14-1.dsc
bc78f39c7cd7fab1dd5fc4a2c3be1661 141500 libs optional jansson_2.14.orig.tar.gz
8489b22eee2753c90d828a7ce4e3486c 4904 libs optional
jansson_2.14-1.debian.tar.xz
590ff0344f2d9b6c09b8e7e304ce4e6e 7261 libs optional
jansson_2.14-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAmJWj5kACgkQ808JdE6f
Xdl3cQ/2PmEI2QlrMk7OG/bfBy5DPiVblQEz2ZCDP2jN0hAGOkY+i8w22tAajIwJ
wq+ehcOJB86b+i9jaPGXY5NwawWsSF/UlOVRPDSmdHu29jK9h1P/WDd4TfDszLs+
UoPftZuJCESL8qRJDn1bcz8H3nU/MVRoJ3BnjqbK8g8jfUUgjrhbjPg8zHwhAdWy
1puPwbkJt/wLCV+3hBnlsLucb0Outg7GdTG2bXMdXJbLVgJiJxtRUfG4hy1mO0vd
glMoWASScKaK+0YyCefUcN4ufTShdorxuxdtLJuJN/AwkYvxfnrntP5QQNVgw0Eh
j9EgydwM2KwfrpU8OdvznN8tp0k4ZiJllvL/WdDa55XJt9ZDlT0A+b+pCW4lOgBC
SsZpPevOtfjr2g2b0Z4ePvw7hStmT/rWo1H62cF9iq1OVVuzOqlMftbMieV/Sg1n
dYmO96dRQO1c/bqXLIQPBLbjv/FDMpWlJ3XXeiTxGi2ctlcd+MjZVgizlTQRpRF5
BZwld1SYRLh69Z+//emaqm72IZ94pp5Kmy6mmWIJ1EvJyCnMq/JpeYObD+Ers3NH
Nr13e8XZnv9+lZS6nplRAMWR/r8F+vARQbIQb33eIAdoO7/0qoYIc0RIwhlgR5kr
99FPCRLvZqWDDMVaSTxs56I2IChWiJfISFkeC7LnxnnWpjUVGA==
=drPu
-----END PGP SIGNATURE-----
--- End Message ---
