Debian Bug report logs - #784009
Lack of versioned symbols in nettle causes segfault

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: 積丹尼 Dan Jacobson <jidanni@jidanni.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Segmentation fault

Date: Sat, 02 May 2015 11:05:03 +0800

Package: wget
Version: 1.16.3-2
Severity: grave

$ wget
Segmentation fault

Message #16 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@bebt.de>

To: 積丹尼 Dan Jacobson <jidanni@jidanni.org>, 784009@bugs.debian.org

Cc: nettle@packages.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Sat, 2 May 2015 09:11:40 +0200

retitle 784009 [experimental] Lack of versioned symbols in nettle causes segfault
severity 784009 serious
thanks

On 2015-05-02 積丹尼 Dan Jacobson <jidanni@jidanni.org> wrote:
> Package: wget
> Version: 1.16.3-2
> Severity: grave

> $ wget
> Segmentation fault

Hello,

thanks for the report. wget links both directly and indirectly against
nettle (direct: libnettle4, indirect via gnutls: libnettle4 in
unstable, libnettle5 in experimental). Since nettle < 3.1 does not use
versioned symbols this causes a segfault.

nettle 3.1 provides versioned symbols but that does not help for
the pending transition. A wget binary linked directly against
libnettle4 (unversioned) and indirectly (via gnutls) against
libnettle6 (versioned) still crashes.

This needs changes on the nettle side of things, but I will keep the
bug-report open here.

Looks like we need a two-step transition: nettle 2.7 -> nettle
2.7+versioned_symbols , nettle 2.7+versioned_symbols -> nettle 3.1.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Message #25 received at 784009@bugs.debian.org (full text, mbox, reply):

From: nisse@lysator.liu.se (Niels Möller)

To: Andreas Metzler <ametzler@bebt.de>

Cc: 積丹尼 Dan Jacobson <jidanni@jidanni.org>, 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Sat, 02 May 2015 10:58:03 +0200

Andreas Metzler <ametzler@bebt.de> writes:

> Looks like we need a two-step transition: nettle 2.7 -> nettle
> 2.7+versioned_symbols , nettle 2.7+versioned_symbols -> nettle 3.1.

I'm considering making a nettle-2.7.2 release with version symbols. The
version string would simply be derived from the version in the soname,
"NETTLE_4" and "HOGWEED_2". Would that help?

Also see
http://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003383.html (not
sure crossposting between the nettle list and debbugs is a good idea).

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

Message #30 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@bebt.de>

To: Niels Möller <nisse@lysator.liu.se>, 784009@bugs.debian.org

Cc: nettle@packages.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Sat, 2 May 2015 17:47:21 +0200

On 2015-05-02 Niels Möller <nisse@lysator.liu.se> wrote:
> Andreas Metzler <ametzler@bebt.de> writes:

>> Looks like we need a two-step transition: nettle 2.7 -> nettle
>> 2.7+versioned_symbols , nettle 2.7+versioned_symbols -> nettle 3.1.

> I'm considering making a nettle-2.7.2 release with version symbols. The
> version string would simply be derived from the version in the soname,
> "NETTLE_4" and "HOGWEED_2". Would that help?
[...]

Hello Niels,

/I/ think that would help, afaict we would need to either package a
nettle-2.7 with versioned symbols or patch Debian's version.

But let's wait for Magnus' opinion on this.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Message #37 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Magnus Holmgren <holmgren@debian.org>

To: Andreas Metzler <ametzler@bebt.de>

Cc: Niels Möller <nisse@lysator.liu.se>, 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Sun, 03 May 2015 18:59:02 +0200

[Message part 1 (text/plain, inline)]

lördagen den 2 maj 2015 17.47.21 skrev  Andreas Metzler:
> On 2015-05-02 Niels Möller <nisse@lysator.liu.se> wrote:
> > Andreas Metzler <ametzler@bebt.de> writes:
> >> Looks like we need a two-step transition: nettle 2.7 -> nettle
> >> 2.7+versioned_symbols , nettle 2.7+versioned_symbols -> nettle 3.1.
> > 
> > I'm considering making a nettle-2.7.2 release with version symbols. The
> > version string would simply be derived from the version in the soname,
> > "NETTLE_4" and "HOGWEED_2". Would that help?
> 
> [...]
> 
> /I/ think that would help, afaict we would need to either package a
> nettle-2.7 with versioned symbols or patch Debian's version.

Not sure how this situation is normally handled, but when Nettle 3.1 is 
uploaded to sid, new versions of GnuTLS and other packages linking against it 
should follow soon after [1], so the problem is temporary. In testing there 
should never be more than one version as there's only one source package. I'm 
not aware of any special provisions for transitions of libraries *without* 
symbol versions, but since Nettle does now. A 2.7.x with symbol versions might 
still be helpful to some if you meant for it to be uploaded to jessie (and 
stable point releases of various Debian derivatives).

[1] That is, Nettle 3.1 will be uploaded to sid when the current upload to 
experimental has been cleared by the FTP masters and GnuTLS is ready to 
follow, which I guess is after the guile-1.8 transition, but perhaps an upload 
of 3.4.0 to experimental is in order before then? Last I checked, all other 
packages linking against nettle needed no code changes.

-- 
Magnus Holmgren        holmgren@debian.org
Debian Developer 

[signature.asc (application/pgp-signature, inline)]

Message #42 received at 784009@bugs.debian.org (full text, mbox, reply):

From: nisse@lysator.liu.se (Niels Möller)

To: Magnus Holmgren <holmgren@debian.org>

Cc: Andreas Metzler <ametzler@bebt.de>, 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Sun, 03 May 2015 21:03:56 +0200

Magnus Holmgren <holmgren@debian.org> writes:

> Not sure how this situation is normally handled, but when Nettle 3.1 is 
> uploaded to sid, new versions of GnuTLS and other packages linking against it 
> should follow soon after [1], so the problem is temporary.

As I understand it, the problem is applications like wget which link
explicitly with both gnutls and nettle (and this is the usecase I had in
mind when I at last decided to do symbol versioning in nettle). To be
able to install new nettle and gnutls without crashing wget, either wget
has to be relinked first, or we need some magic packaging dance.

> [1] That is, Nettle 3.1 will be uploaded to sid when the current upload to 
> experimental has been cleared by the FTP masters and GnuTLS is ready to 
> follow,

The question is, when will an updated version of wget (and other
applications) follow?

I don't fully understand debian transitions either, but to be able to
get a smooth upgrade to nettle-3.x in the next release (and for users
that mix wget from jessie and nettle from testing), I suspect one has to
do something like:

1. Package a new "libnettle4" package which is a nettle-2.7.x with
   versioned symbols. For now, let's call it nettle-2.7.2.

2. Get this package into jessie as an update.

3. Package nettle-3.x (x >= 1) as "libnettle5", and declare some kind of
   package conflict with libnettle4 versions earlier than the one
   prepared in (1).

Now, it's still a bit unclear to me how versioned symbols really work.
Is it still necessary to relink the wget executable? Or will the
combination of

* Current wget package, linking to gnutls and libnettle4.so,

* a new gnutls package, linking to a libnettle5-package containing
  nettle-3.1

* libnettle4.so from the nettle-2.7.2 release under consideration, i.e.,
  with versioned symbols,

work and resolve all symbols correctly? I.e., all direct references to
nettle symbols in wget should get definitions in libnettle4.so, and all
references via gnutls should get definitions in libnettle5.so.

BTW, Magnus, are you subscribed to the nettle-bugs list? Some of this
discussion belongs there.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

Message #47 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@bebt.de>

To: 784009@bugs.debian.org

Cc: nettle@packages.debian.org, Niels Möller <nisse@lysator.liu.se>

Subject: Re: Bug#784009: Segmentation fault

Date: Mon, 4 May 2015 19:32:52 +0200

On 2015-05-03 Magnus Holmgren <holmgren@debian.org> wrote:
> lördagen den 2 maj 2015 17.47.21 skrev  Andreas Metzler:
> > On 2015-05-02 Niels Möller <nisse@lysator.liu.se> wrote:
[...]
>> /I/ think that would help, afaict we would need to either package a
>> nettle-2.7 with versioned symbols or patch Debian's version.

> Not sure how this situation is normally handled, but when Nettle 3.1
> is uploaded to sid, new versions of GnuTLS and other packages
> linking against it should follow soon after [1], so the problem is
> temporary.

Hello,
"temporary" can take surprisingly long if one of the linking packages
suddenly develops a build error. ;-)
And one can get a surising amount of bug reports from people doing
partial ugrades, too.

> In testing there should never be more than one version as
> there's only one source package. 

I somehow missed that fact in my considerations. (I think that at some
point the RM considered changing the testing migration infrastructure
to allow keeping old, "orphaned" binaries around to simplify
transitions. - I am not sure whether this was ever implemented.)

> I'm not aware of any special
> provisions for transitions of libraries *without* symbol versions,
> but since Nettle does now. A 2.7.x with symbol versions might 
> still be helpful to some if you meant for it to be uploaded to jessie (and 
> stable point releases of various Debian derivatives).

I do not think we have ever done that, making a stable-update just to
introduce versioned symbols. - Needs doublechecking with -release.

> [1] That is, Nettle 3.1 will be uploaded to sid when the current
> upload to experimental has been cleared by the FTP masters and
> GnuTLS is ready to follow, which I guess is after the guile-1.8
> transition, but perhaps an upload of 3.4.0 to experimental is in
> order before then? Last I checked, all other packages linking
> against nettle needed no code changes.

I think GnuTLS being listed as part of the guile-1.8 removal is an
error in the reporting script, GnuTLS has moved to guile-2.0 in 2013.
OTOH I hope we can have gnutls linked against nettle 3.x without
needing to update to 3.4.x. (Which would couple together two
transitions. And 3.4 ist still a development release.)
<http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007583.html>

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Message #52 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@bebt.de>

To: Niels Möller <nisse@lysator.liu.se>, 784009@bugs.debian.org

Cc: nettle@packages.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Wed, 6 May 2015 19:54:19 +0200

On 2015-05-03 Niels Möller <nisse@lysator.liu.se> wrote:
[...]
> Now, it's still a bit unclear to me how versioned symbols really work.
> Is it still necessary to relink the wget executable? Or will the
> combination of

> * Current wget package, linking to gnutls and libnettle4.so,

> * a new gnutls package, linking to a libnettle5-package containing
>   nettle-3.1

> * libnettle4.so from the nettle-2.7.2 release under consideration, i.e.,
>   with versioned symbols,

> work and resolve all symbols correctly? I.e., all direct references to
> nettle symbols in wget should get definitions in libnettle4.so, and all
> references via gnutls should get definitions in libnettle5.so.
[...]

No, that does not work. wget would be looking for unversioned
references to nettle-symbols, and given the choice ot two differently
versioned ones it will not prefer either over the other.

This one crashes:

 current wget binary built against libnettle4.so
 combined with
 gnutls, built against a nettle with versioned symbols (tested with
 either 3.1 or a patched 3.0)

even if libnettle4.so is also replaced with a patched version using
versioned symbols.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Message #57 received at 784009@bugs.debian.org (full text, mbox, reply):

From: nisse@lysator.liu.se (Niels Möller)

To: Andreas Metzler <ametzler@bebt.de>

Cc: 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Wed, 06 May 2015 21:22:37 +0200

Andreas Metzler <ametzler@bebt.de> writes:

> No, that does not work. wget would be looking for unversioned
> references to nettle-symbols, and given the choice ot two differently
> versioned ones it will not prefer either over the other.

I see. So for a really smooth transition from jessie and up, including
partial upgrades, one would need an update with nettle-2.7.x with
versioned symbols, and all packages linking explicitly with nettle
rebuilt against that version (about 30 packages, if apt-cache rdepends
libnettle4 is a good way to list them). And try to ensure all of these
packages are upgraded *before* the packages with nettle-3.1 and current
gnutls are installed.

Maybe too complicated to be worth the effort?

Are there any shortcuts, which improve the situation over the status
quo?

For clarity, I'm the "upstream" here. I'm a also debian user, but not
very familiar with debian packaging.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

Message #62 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@bebt.de>

To: Niels Möller <nisse@lysator.liu.se>, 784009@bugs.debian.org

Cc: nettle@packages.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Thu, 7 May 2015 19:27:09 +0200

On 2015-05-06 Niels Möller <nisse@lysator.liu.se> wrote:
> Andreas Metzler <ametzler@bebt.de> writes:
>> No, that does not work. wget would be looking for unversioned
>> references to nettle-symbols, and given the choice ot two differently
>> versioned ones it will not prefer either over the other.

> I see. So for a really smooth transition from jessie and up, including
> partial upgrades, one would need an update with nettle-2.7.x with
> versioned symbols, and all packages linking explicitly with nettle
> rebuilt against that version (about 30 packages, if apt-cache rdepends
> libnettle4 is a good way to list them). And try to ensure all of these
> packages are upgraded *before* the packages with nettle-3.1 and current
> gnutls are installed.

> Maybe too complicated to be worth the effort?

> Are there any shortcuts, which improve the situation over the status
> quo?
[...]

Hello,

What I originally  had in mind was a a part of things listed above:
1. Update nettle-2.7.x to versioned symbols.
2. Let it propagate to sid (unstable) from testing.
3. Trigger rebuild of all rdepends, they will quickly propagate to
testing, too.

At this point both sid and testing ("stretch") would be ready for a
painless upgrade to nettle3, with no breakage in any system upgraded
to this point. (And for sid/testing users imho one can expect systems
being kept reasonably up to date.)

1. Upload nettle3. *Optionally* the nettle3 library packages could
temporarily  have a Breaks: on the list of binaries that were built
against unversioned nettle-2.7.x, enforcing an upgrade to the rebuilt
versions.
2. Trigger rebuild of all rdepends.
3. Wait for propagation to testing. Some months later the Breaks: can
be dropped.
---------------

This would not improve the jessie->stretch upgrade in two years.
However I do not think that is that big of an issue. I guess almost
all crash-candidates (direct link against a nettle library, and
indirect link via another library) will involve gnutls as the library
bringing in the second indirect link to nettle. jessie-->stretch will
include a gnutls soname change (3.4.x), which afaict solves the issue
as a side-effect:

Package release  Depends
wget    jessie   libgnutls-deb0-28->libnettle4 / libnettle4
wget    stretch  libgnutls30->libnettle6 / libnettle6

So there is no mixup of different nettle versions in the wget linkage
possible.

The effort involved would not be two bad, imho. However I am not
totally sure it is worth it. Since nettle2 and nettle3 will use the
same source package upgrading stretch to nettle3 will need to happen
by
a) rebuild everything in sid against nettle3,
b) Only when all rdeps are ready to propagate at the same time to
stretch (old enough, no new rc-bugs), all of them go into stretch at
the same time.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Message #67 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Magnus Holmgren <holmgren@debian.org>

To: Andreas Metzler <ametzler@bebt.de>

Cc: 784009@bugs.debian.org, nettle@packages.debian.org, Niels Möller <nisse@lysator.liu.se>

Subject: Re: Bug#784009: Segmentation fault

Date: Sun, 10 May 2015 19:06:48 +0200

måndagen den 4 maj 2015 19.32.52 skrev  Andreas Metzler:
> On 2015-05-03 Magnus Holmgren <holmgren@debian.org> wrote:
> > lördagen den 2 maj 2015 17.47.21 skrev  Andreas Metzler:
> > > On 2015-05-02 Niels Möller <nisse@lysator.liu.se> wrote:
> [...]
> 
> >> /I/ think that would help, afaict we would need to either package a
> >> nettle-2.7 with versioned symbols or patch Debian's version.
> > 
> > Not sure how this situation is normally handled, but when Nettle 3.1
> > is uploaded to sid, new versions of GnuTLS and other packages
> > linking against it should follow soon after [1], so the problem is
> > temporary.
> 
> Hello,
> "temporary" can take surprisingly long if one of the linking packages
> suddenly develops a build error. ;-)
> And one can get a surising amount of bug reports from people doing
> partial ugrades, too.

Yeah, some additional testing and some coordination and/or swift (bin)NMUing 
may be in order, but I say let's get this over with. :-)

> > In testing there should never be more than one version as
> > there's only one source package.
> 
> I somehow missed that fact in my considerations. (I think that at some
> point the RM considered changing the testing migration infrastructure
> to allow keeping old, "orphaned" binaries around to simplify
> transitions. - I am not sure whether this was ever implemented.)

You may be right. We should keep in mind that all binary packages need to be 
accompanied in the archive by the corresponding sources, but that's not 
impossible to do.

> > I'm not aware of any special
> > provisions for transitions of libraries *without* symbol versions,
> > but since Nettle does now. A 2.7.x with symbol versions might
> > still be helpful to some if you meant for it to be uploaded to jessie (and
> > stable point releases of various Debian derivatives).
> 
> I do not think we have ever done that, making a stable-update just to
> introduce versioned symbols. - Needs doublechecking with -release.

No, I don't think that's an accepted cause for a stable update. All depending 
packages would need to be rebuilt and re-uploaded as well for it to be 
meaningful.

> > [1] That is, Nettle 3.1 will be uploaded to sid when the current
> > upload to experimental has been cleared by the FTP masters and
> > GnuTLS is ready to follow, which I guess is after the guile-1.8
> > transition, but perhaps an upload of 3.4.0 to experimental is in
> > order before then? Last I checked, all other packages linking
> > against nettle needed no code changes.
> 
> I think GnuTLS being listed as part of the guile-1.8 removal is an
> error in the reporting script, GnuTLS has moved to guile-2.0 in 2013.
> OTOH I hope we can have gnutls linked against nettle 3.x without
> needing to update to 3.4.x. (Which would couple together two
> transitions. And 3.4 ist still a development release.)
> <http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007583.html>

A rather significant patch, but since someone has already done it, will you 
use it? 3.1-1 has entered experimental, as you may have seen. Should I upload 
3.1.1-1 to unstable or to experimental for now?

-- 
Magnus Holmgren        holmgren@debian.org
Debian Developer

Message #72 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@bebt.de>

To: 784009@bugs.debian.org

Cc: nettle@packages.debian.org, Niels Möller <nisse@lysator.liu.se>

Subject: Re: Bug#784009: Segmentation fault

Date: Thu, 14 May 2015 07:56:56 +0200

On 2015-05-10 Magnus Holmgren <holmgren@debian.org> wrote:
> måndagen den 4 maj 2015 19.32.52 skrev  Andreas Metzler:
[...] 
>> I think GnuTLS being listed as part of the guile-1.8 removal is an
>> error in the reporting script, GnuTLS has moved to guile-2.0 in 2013.
>> OTOH I hope we can have gnutls linked against nettle 3.x without
>> needing to update to 3.4.x. (Which would couple together two
>> transitions. And 3.4 ist still a development release.)
>> <http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007583.html>

> A rather significant patch, but since someone has already done it,
> will you use it? 3.1-1 has entered experimental, as you may have
> seen. Should I upload 3.1.1-1 to unstable or to experimental for
> now?

Given that it originates from GnuTLS' author I will try to use it.
Could you upload 3.1.1-1 to experimental? Have you already opened a
transition tracker, BTW?

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Message #77 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Magnus Holmgren <holmgren@debian.org>

To: Andreas Metzler <ametzler@bebt.de>

Cc: 784009@bugs.debian.org, nettle@packages.debian.org, Niels Möller <nisse@lysator.liu.se>

Subject: Re: Bug#784009: Segmentation fault

Date: Thu, 14 May 2015 22:15:30 +0200

torsdagen den 14 maj 2015 07.56.56 skrev  Andreas Metzler:
> On 2015-05-10 Magnus Holmgren <holmgren@debian.org> wrote:
> > måndagen den 4 maj 2015 19.32.52 skrev  Andreas Metzler:
> [...]
> 
> >> I think GnuTLS being listed as part of the guile-1.8 removal is an
> >> error in the reporting script, GnuTLS has moved to guile-2.0 in 2013.
> >> OTOH I hope we can have gnutls linked against nettle 3.x without
> >> needing to update to 3.4.x. (Which would couple together two
> >> transitions. And 3.4 ist still a development release.)
> >> <http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007583.html>
> > 
> > A rather significant patch, but since someone has already done it,
> > will you use it? 3.1-1 has entered experimental, as you may have
> > seen. Should I upload 3.1.1-1 to unstable or to experimental for
> > now?
> 
> Given that it originates from GnuTLS' author I will try to use it.
> Could you upload 3.1.1-1 to experimental? 

I have done so.

> Have you already opened a transition tracker, BTW?

Not yet. I've been testing building depending packages all day, and most 
builds cleanly although some failed for other reasons, but lsh-utils needs 
some work. I'd like to see if I can patch it or have to ask upstream.

-- 
Magnus Holmgren        holmgren@debian.org
Debian Developer

Message #82 received at 784009@bugs.debian.org (full text, mbox, reply):

From: 積丹尼 Dan Jacobson <jidanni@jidanni.org>

To: Andreas Metzler <ametzler@bebt.de>, Magnus Holmgren <holmgren@debian.org>

Cc: 784009@bugs.debian.org, nettle@packages.debian.org, Niels Möller <nisse@lysator.liu.se>

Subject: want to back out to get wget working again

Date: Sat, 16 May 2015 08:54:14 +0800

I don't know how to get wget 1.16.3-2 working again.

It is not clear which dpkg -i actions I should do.

Debian Release: stretch/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: i386 (i686)

Versions of packages wget depends on:
ii  libc6              2.21-0experimental0
ii  libgnutls-deb0-28  3.3.15-3
ii  libidn11           1.30-1
ii  libnettle4         2.7.1-5
ii  libpcre3           2:8.35-4
ii  libpsl0            0.5.1-1
ii  libuuid1           2.26.2-3
ii  zlib1g             1:1.2.8.dfsg-2+b1

Message #91 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@bebt.de>

To: 積丹尼 Dan Jacobson <jidanni@jidanni.org>, 784009@bugs.debian.org

Cc: nettle@packages.debian.org

Subject: Re: Bug#784009: want to back out to get wget working again

Date: Sat, 16 May 2015 07:55:34 +0200

On 2015-05-16 積丹尼 Dan Jacobson <jidanni@jidanni.org> wrote:
> I don't know how to get wget 1.16.3-2 working again.

> It is not clear which dpkg -i actions I should do.
[...]

Downgrading libgnutls-deb0-28 (and if they are installed
libgnutls-openssl27, gnutls-bin and libgnutlsxx28) to 3.3.15-2 should
be enough.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Message #96 received at 784009@bugs.debian.org (full text, mbox, reply):

From: 積丹尼 Dan Jacobson <jidanni@jidanni.org>

To: Andreas Metzler <ametzler@bebt.de>

Cc: 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#784009: want to back out to get wget working again

Date: Sat, 16 May 2015 16:01:53 +0800

OK thanks. This worked, /var/log/aptitude:
[REMOVE, NOT USED] libhogweed3:i386
[REMOVE, NOT USED] libnettle5:i386
[DOWNGRADE] libgnutls-deb0-28:i386 3.3.15-3 -> 3.3.15-2
[DOWNGRADE] libgnutls-openssl27:i386 3.3.15-3 -> 3.3.15-2

Message #101 received at 784009@bugs.debian.org (full text, mbox, reply):

From: 積丹尼 Dan Jacobson <jidanni@jidanni.org>

To: Andreas Metzler <ametzler@bebt.de>

Cc: 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#784009: want to back out to get wget working again

Date: Sun, 17 May 2015 05:43:26 +0800

[DOWNGRADE] libgnutls-deb0-28:i386 3.3.15-3 -> 3.3.15-2
Working! Then today:
[UPGRADE] libgnutls-deb0-28:i386 3.3.15-2 -> 3.3.15-4
Broken AGAIN!
I guess aptitude forbid-version is not strong enough.
Looks like I will need aptitude hold.

Message #106 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org>

To: 784009@bugs.debian.org

Cc: 積丹尼 Dan Jacobson <jidanni@jidanni.org>

Subject: Documenting which version works

Date: Mon, 18 May 2015 22:32:33 +0200

[Message part 1 (text/plain, inline)]

Control: fixed -1 gnutls28/3.3.15-2



Hello,
if I understand correctly, libgnutls-deb0-28/3.3.15-2 is not affected
by this bug.

I am hence documenting this, by adding a fixed version to the BTS
tracking info. This should help apt-listbugs users to avoid buggy
versions, until this issue is completely solved.

Bye.

-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

[Message part 2 (application/pgp-signature, inline)]

Message #113 received at 784009@bugs.debian.org (full text, mbox, reply):

From: 積丹尼 Dan Jacobson <jidanni@jidanni.org>

To: Francesco Poli <invernomuto@paranoici.org>

Cc: 784009@bugs.debian.org

Subject: Re: Documenting which version works

Date: Tue, 19 May 2015 07:20:31 +0800

Yes, anything after 3.3.15-2 is broken.

>>>>> "FP" == Francesco Poli <invernomuto@paranoici.org> writes:

FP> Hello,
FP> if I understand correctly, libgnutls-deb0-28/3.3.15-2 is not affected
FP> by this bug.

FP> I am hence documenting this, by adding a fixed version to the BTS
FP> tracking info. This should help apt-listbugs users to avoid buggy
FP> versions, until this issue is completely solved.

Message #118 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Magnus Holmgren <holmgren@debian.org>

To: Emilio Pozuelo Monfort <pochu@debian.org>, 785376@bugs.debian.org

Cc: 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#785376: transition: nettle

Date: Mon, 01 Jun 2015 20:26:11 +0200

[Message part 1 (text/plain, inline)]

fredagen den 15 maj 2015 16.09.20 skrev  Emilio Pozuelo Monfort:
> On 15/05/15 14:43, Magnus Holmgren wrote:
> > There's a new major release of the GNU Nettle cryptolibrary (stabilized at
> > version 3.1.1) that I'd like to upload to unstable.
> 
> Please fix the nettle arm64 build in experimental first.

The bug in gcc that caused the tests to fail on arm64 has been patched now. OK 
to upload? (gcc-4.9 4.9.2-20 has been built and installed on arm64 but not all 
other architectures yet).

-- 
Magnus Holmgren        holmgren@debian.org
Debian Developer 

[signature.asc (application/pgp-signature, inline)]

Message #123 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: Magnus Holmgren <holmgren@debian.org>, 785376@bugs.debian.org

Cc: 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#785376: transition: nettle

Date: Mon, 1 Jun 2015 20:29:21 +0100

[Message part 1 (text/plain, inline)]

Control: tag -1 confirmed - moreinfo

On Mon, Jun 01, 2015 at 08:26:11PM +0200, Magnus Holmgren wrote:
> fredagen den 15 maj 2015 16.09.20 skrev  Emilio Pozuelo Monfort:
> > On 15/05/15 14:43, Magnus Holmgren wrote:
> > > There's a new major release of the GNU Nettle cryptolibrary (stabilized at
> > > version 3.1.1) that I'd like to upload to unstable.
> > 
> > Please fix the nettle arm64 build in experimental first.
> 
> The bug in gcc that caused the tests to fail on arm64 has been patched now. OK 
> to upload? (gcc-4.9 4.9.2-20 has been built and installed on arm64 but not all 
> other architectures yet).

Yes please.

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

[signature.asc (application/pgp-signature, inline)]

Message #130 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: Magnus Holmgren <holmgren@debian.org>, 785376@bugs.debian.org

Cc: 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#785376: transition: nettle

Date: Tue, 2 Jun 2015 07:53:51 +0100

Well that didn't appear to go so well on arm64 after all... could you look
at the build log and check the version of gcc was correct please?

https://buildd.debian.org/status/fetch.php?pkg=nettle&arch=arm64&ver=3.1.1-3&stamp=1433198670

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Message #135 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Emilio Pozuelo Monfort <pochu@debian.org>

To: Jonathan Wiltshire <jmw@debian.org>, 785376@bugs.debian.org, Magnus Holmgren <holmgren@debian.org>

Cc: 784009@bugs.debian.org, nettle@packages.debian.org

Subject: Re: Bug#785376: transition: nettle

Date: Tue, 02 Jun 2015 10:08:56 +0200

On 02/06/15 08:53, Jonathan Wiltshire wrote:
> Well that didn't appear to go so well on arm64 after all... could you look
> at the build log and check the version of gcc was correct please?
> 
> https://buildd.debian.org/status/fetch.php?pkg=nettle&arch=arm64&ver=3.1.1-3&stamp=1433198670

I've given it back with the gcc-4.9 b-d bumped and it has built fine.

We can start with the binNMUs soon.

Cheers,
Emilio

Message #148 received at 784009@bugs.debian.org (full text, mbox, reply):

From: Magnus Holmgren <holmgren@debian.org>

To: 784009@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Wed, 10 Jun 2015 20:47:47 +0200

[Message part 1 (text/plain, inline)]

fixed 784009 gnutls28/3.3.15-5
thanks

We can probably close this bug now. We should at least get the fixed version 
right so the package can migrate.

-- 
Magnus Holmgren        holmgren@debian.org
Debian Developer 

[signature.asc (application/pgp-signature, inline)]

Message #159 received at 784009-done@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@bebt.de>

To: 784009-done@bugs.debian.org

Subject: Re: Bug#784009: Segmentation fault

Date: Sat, 13 Jun 2015 18:08:58 +0200

Version: 3.3.15-5

On 2015-06-10 Magnus Holmgren <holmgren@debian.org> wrote:
> fixed 784009 gnutls28/3.3.15-5
> thanks

> We can probably close this bug now. We should at least get the fixed version 
> right so the package can migrate.

Agreed, closing.

Dear bug-submitters,

these isses where caused by upgrading nettle to 3.1. While the
transition was ungoing, some packages ended up linking against two
different versions of nettle at the same time (once directly and a
second time via gnutls), which caused crashes. To fix this the
packages needed to be rebuilt against nettle 3.1. The respective
binNMUs have been triggered and up to date sid should be reasonable
fine now.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Send a report that this bug log contains spam.