FTBFS: missing strl* symbols fail the build

Checking if outside the package these symbols are being used by other shared libraries:

* For libkafs0-heimdal: None

libroken19-heimdal: /usr/lib/x86_64-linux-gnu/libroken.so.19.0.0
root@Nheimdal:~# for s in $(for p in $(apt-cache rdepends libkafs0-heimdal | grep -v heimdal | cut -d':' -f2 | xargs); do for l in $(apt-file list ${p} | grep '.so' | grep lib | cut -d':' -f2| xargs); do readlink -f ${l} ; done; done | sort -u); do nm -D ${s} | grep strlc && apt-file search ${s}; done
root@Nheimdal:~#

* For libroken19-heimdal: libafsauthent2 and libafsrpc2, both form src:openafs

root@Nheimdal:~# for s in $(for p in $(apt-cache rdepends libroken19-heimdal | grep -v heimdal | cut -d':' -f2 | xargs); do for l in $(apt-file list ${p} | grep '.so' | grep lib | cut -d':' -f2| xargs); do readlink -f ${l} ; done; done | sort -u); do nm -D ${s} | grep strlc && apt-file search ${s}; done
                 U rk_strlcat@HEIMDAL_ROKEN_1.0
                 U rk_strlcpy@HEIMDAL_ROKEN_1.0
libafsauthent2: /usr/lib/libafsauthent.so.2.0.0
                 U rk_strlcat@HEIMDAL_ROKEN_1.0
                 U rk_strlcpy@HEIMDAL_ROKEN_1.0
libafsrpc2: /usr/lib/libafsrpc.so.2.0.0

I will follow the same approach that in [1], for krb5.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043184#30

P.S. Sorry for the ugly and no-efficient inline bash, but for the purpose of the fixing I think is OK, and I promise I'll do a pretty script after Xmas (in case that doesn't exist yet, which I couldn't say). for sure).

Mmm... checking Steve's patch, he is including all the binaries packages from/inside krb5 with affected libraries (It makes sense, as a library is using a symbol from other, no matter who is the parent src...).

I let myself be carried away by the comment on the heimdal's Debian bug that coincides mainly with the results on my previous comment.

I drop the 'grep -v heimdal' and I'll use the resulting list then.

both sponsored after some nitpicks changed

Miriam, please adapt the bug description to follow the SRU bug template
https://wiki.ubuntu.com/StableReleaseUpdates

While preparing SRU paperwork and test cases, checking that binaries using those symbols work ok ( beyond the installation and the built that was OK), I found problems like this:

root@Nheimdal:~# aklog --help
aklog: symbol lookup error: aklog: undefined symbol: rk_strlcat, version HEIMDAL_ROKEN_1.0

so a rebuild against this heimdal libraries of the binaries that uses those symbols is needed.

This bug was fixed in the package heimdal - 7.8.git20221117.28daf24+dfsg-3ubuntu2

---------------
heimdal (7.8.git20221117.28daf24+dfsg-3ubuntu2) noble; urgency=medium

  * d/lib{kafs0,roken19}-heimdal.symbols:
    - _{kafs,rk}_strl{cat,cpy} are made optional symbols, since they
      are not needed when built against glibc 2.38 (LP: #2036253).
    - Make symbol dependencies on libroken19-heimdal and libkafs0-heimdal
      strict to avoid future symbol skew.
  * d/control: Declare Breaks: against older packages using these symbols.

 -- Miriam España Acebal <email address hidden> Wed, 29 Nov 2023 12:55:12 +0100

Testing the rebuilding of openafs for the possible-not-SRU (but at least is resulting in a lot of polishing for Noble :), because openafs tools is FTBFS in Noble for other causes [1] ), getting the list of binaries (not only shared libraries):

for d in $(apt-cache rdepends libroken19-heimdal | cut -d':' -f2 | xargs); do for b in $(apt-file list ${d} | grep bin | cut -d' ' -f2); do objdump -T ${b}| grep ROKEN | grep strlc && echo ${b} && echo ${d} && apt-cache show ${d} | grep ^Source ; done; done

So, needed action:

* those have to be added to the Breaks.
* hitting an unmet dependencies when installing openafs-krb5, because the Depends: ${shlibs:Depends}, ${misc:Depends} is converted on Depends: libroken19-heimdal (= 1.8.10-1ubuntu2.1) but that version number is from openafs version, not from heimdal: need to check if that comes from the following change in symbols file (it looks like it, to me):
     - libroken.so.19 #PACKAGE# #MINVER#
     + libroken.so.19 #PACKAGE# (= ${binary:Version})

[1] https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/2033754 , and unsuccessful build on ppa [2]
[2] https://launchpad.net/~mirespace/+archive/ubuntu/heimdal-ftbfs-lp2036253/+sourcepub/15537670/+listing-archive-extra

Attached diff for proposing a new noble package that fix the issues presented in the above comment

See https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/2046441/comments/1 for testing against the rebuilt of openafs

Hello, this is probably what we should do for mantic release?field.comment=Hello, this is probably what we should do for mantic release?

--- 7.8.git20221117.28daf24+dfsg-3/debian/patches/0022-Always-build-rk_strlcat-and-rk_strlcpy-symbols.patch 1970-01-01 00:00:00.000000000 +0000
+++ 7.8.git20221117.28daf24+dfsg-4/debian/patches/0022-Always-build-rk_strlcat-and-rk_strlcpy-symbols.patch 2024-01-03 00:43:26.000000000 +0000
@@ -0,0 +1,31 @@
+From: Brian May <email address hidden>
+Date: Fri, 22 Dec 2023 11:45:55 +1100
+Subject: Always build rk_strlcat and rk_strlcpy symbols
+
+---
+ cf/roken-frag.m4 | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/cf/roken-frag.m4 b/cf/roken-frag.m4
+index f1f2dbf..a9d1e1d 100644
+--- a/cf/roken-frag.m4
++++ b/cf/roken-frag.m4
+@@ -371,8 +371,6 @@ AC_BROKEN([ \
+ strdup \
+ strerror \
+ strftime \
+- strlcat \
+- strlcpy \
+ strlwr \
+ strncasecmp \
+ strndup \
+@@ -398,6 +396,9 @@ AC_BROKEN([ \
+ writev \
+ ])
+
++rk_LIBOBJ(strlcpy)
++rk_LIBOBJ(strlcat)
++
+ AM_CONDITIONAL(have_fnmatch_h,
+ test "$ac_cv_header_fnmatch_h" = yes -a "$ac_cv_func_fnmatch" = yes)
+

Uploaded on mantic queue

This fixes a build failure but has no user-facing impact, it does not need to be released to -updates. Setting block-proposed tag.

Hello Andreas, or anyone else affected,

Accepted heimdal into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/heimdal/7.8.git20221117.28daf24+dfsg-3ubuntu1.23.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

it builds, so we are fine :)