"Cantor, Scott" <canto...@osu.edu> writes: > On 11/17/17, 11:48 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner" > <pkg-shibboleth-devel-bounces+cantor.2=osu....@lists.alioth.debian.org on > behalf of wf...@niif.hu> wrote: > >> Now, this is still ongoing: >> https://release.debian.org/transitions/html/auto-xerces-c.html >> The upstream fixes for this issue appeared as new patch level releases >> for XMLTooling (1.6.2), OpenSAML (2.6.1) and the SP (2.6.1). Shall I >> wait for the transition to finish before uploading them? > > Sorry if I'm misinterpreting, but is this a source level issue or just > a question of ABI/build decision? SP 2.6.0/etc. definitely should > build against Xerces 3.2, and probably many older SP versions would > also. But if you're just referring to what they were built with in > Debian packaging cases to date, disregard.
There are no known source-level problems here, it's just that Xerces 3.2 recently replaced 3.1 in Debian unstable, and now all packages using Xerces are being rebuilt for the new ABI. Any errors you see there should be gone once the necessary rebuilds are triggered in the proper order. I checked manually that XMLTooling 1.6 in unstable now already builds with Xerces 3.2 without any changes. But uploading new versions can be disruptive during such periods, that's why I asked the security team about the best course of action. -- Regards, Feri