Package: ftp.debian.org
Severity: normal
User: ftp.debian....@packages.debian.org
Usertags: remove
X-Debbugs-Cc: libfi...@packages.debian.org, Steve Langasek <vor...@debian.org>
Control: affects -1 + src:libfido2
Please remove libfido2 1.14.0-1.1~exp1 from experimental, as per Steve's
attached email. (Thanks for the confirmation, Steve!)
--
Colin Watson (he/him) [cjwat...@debian.org]
--- Begin Message ---
On Thu, Feb 01, 2024 at 01:17:29PM +0000, Colin Watson wrote:
> On Thu, Feb 01, 2024 at 12:26:58AM +0000, Steve Langasek wrote:
> > As part of the 64-bit time_t transition required to support 32-bit
> > architectures in 2038 and beyond
> > (https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
> > libfido2 as a source package shipping runtime libraries whose ABI
> > either is affected by the change in size of time_t, or could not be
> > analyzed via abi-compliance-checker (and therefore to be on the safe
> > side we assume is affected).
> [...]
> > If you have any concerns about this patch, please reach out ASAP. Although
> > this package will be uploaded to experimental immediately, there will be a
> > period of several days before we begin uploads to unstable; so if
> > information
> > becomes available that your package should not be included in the
> > transition,
> > there is time for us to amend the planned uploads.
> This one surprised me, because there doesn't seem to be anything about
> either times or offsets in libfido2's ABI as far as I can see.
> https://people.canonical.com/~vorlon/armhf-time_t/compat_reports/libfido2-dev/lfs_to_timet/compat_report.html
> reports 100% binary compatibility. The source compatibility tab there
> does indeed show a time_t change, but I didn't think that was cause for
> a SONAME change as long as it doesn't affect libfido2's own exported
> symbols - am I missing something here?
The thing is, the way in which we're driving a-c-c doesn't actually inspect
the .so's because it's non-trivial to map these from headers, so the "binary
compatibility" table is always a no-op unfortunately.
I've checked libfido2.so.1 and confirmed that these functions are not
exported and therefore this is a false positive. I've updated the tooling
to exclude libfido2-dev, and am closing this bug report. The NMU to
experimental can be ignored / superseded / removed at your discretion.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature
--- End Message ---
