[php-maint] krb5: ABI Issue--confirm your packages work against 1.4.3 in experimental (fwd)

Tomas Pospisek tpo_deb at sourcepole.ch
Tue Nov 22 12:43:30 UTC 2005

Since libkrb sneaks into mailsync via libc-client I have forwareded your 
mail to all the packages that use libc-client, which did not seem to be 
included in the recipients below. Sorry in case this would generate a 

---------- Forwarded message ----------
Date: Sat, 19 Nov 2005 23:33:40 -0500
From: Sam Hartman <hartmans at mit.edu>
To: aolserver4-nsimap at packages.debian.org, balsa at packages.debian.org,
     bzflag at packages.debian.org, curl at packages.debian.org,
     libapache2-mod-auth-kerb at packages.debian.org,
     libapache2-mod-php5 at packages.debian.org, evolution at packages.debian.org,
     freeradius at packages.debian.org, icecast2 at packages.debian.org,
     kstart at packages.debian.org, kftgt at packages.debian.org,
     kdelibs4c2 at packages.debian.org, ipopd at packages.debian.org,
     libwebauth1 at packages.debian.org, mapserver-bin at packages.debian.org,
     samba at packages.debian.org, sidentd at packages.debian.org,
     libecpg5 at packages.debian.org, postgresql-8.1 at packages.debian.org,
     mailsync at packages.debian.org, mutt at packages.debian.org,
     lprng at packages.debian.org, openssh at packages.debian.org,
     mozilla-firefox at packages.debian.org, nfs-utils at packages.debian.org
Cc: debian-devel at lists.debian.org
Subject: krb5: ABI Issue--confirm your packages work against 1.4.3 in

Hi folks.  I've just uploaded Mit Kerberos 1.4.3-1 to experimental.

I'm writing to you because your package links against the main
kerberos library (libkrb53) and I'd like you to confirm that the
Kerberos support in your package still works against this version.

The public ABI and API of MIt Kerberos has been stable since before
Woody was released.  However MIT reserves the right to change symbols
not mentioned in krb5.h (or mentioned only when KRB5_PRIVATE is
defined) at any point in time. New symbols are not added to
KRB5_PRIVATE without an ABI bump.

Unfortunately, some packages end up calling symbols that are private
such as krb5_init_ets().  Many years ago--before krb5 was introduced
into Debian--this was actually a good idea.  however it has been
unnecessary and incorrect for any version of kerberos in Debian.

MIt Kerberos 1.4 apparently marks the first time when MIT has removed
any such symbol.  This can cause packages calling such a symbol to
break at runtime.  That's not good.

The solution to this problem is to remove the call to the private
symbol.  In the case of krb5_init_ets (the common problem), just
remove the call.  In the case of any other symbols, fix the problem if
it is obvious, or ask krbdev at mit.edu for help if it is not.  (I'm on
that list; you could just ask me, but you will be better off asking a
larger list).

I'd appreciate it if you would take the time to see if your package
works against the new Kerberos library.  The easiest way to do this is
to build your package or at least the kerberos using parts of your
package against the new libkrb5-dev package and confirm there are no
warnings about missing prototypes and that your package can
successfully link to libkrb5.

If you do find problems, please upload a version of your package that
fixes the problem (built against the old library) to unstable.  Open a
serious bug tagged as experimental against the krb5 package asking me
to conflict with broken versions of your package.  Be sure to include
the version of your package that has the fix in the bug description.

The above procedure assumes that you don't need functionality from
krb5 1.4 to work around private symbols you are using.  If that ends
up not being the case then talk to me and we'll work something out.

Also, if your package is involved in some sort of transition and has
limited uploading,we'll need to work on timing with the release team.
If for this or any other reason you cannot upload a fix please still
open a bug so I'll know that krb5 1.4 will break your package.

Thanks for your cooperation in making Debian better and helping me
with this transition.

Finally, great thanks to Russ Allbery my co-maintainer for all his
work on the package.

More information about the pkg-php-maint mailing list