Bug#1065486: sbd: FTBFS due to hardcoded libaio SONAME used in dlopen()

This is already fixed in unstable, waiting for pacemaker to migrate.

Bug#1065486: sbd: FTBFS due to hardcoded libaio SONAME used in dlopen()

Control: tags -1 + pending On Tue, 5 Mar 2024 12:29:36 +0100 Guillem Jover wrote: > the package is already explicitly linking against -laio (which I guess > also means there's a missing Build-Depends here) Hi Guillem, libaio-dev is already in Build-Depends, so I think we're fine here. > it

Bug#963751: wordpress-shibboleth: Please depend on libapache2-mod-shib (not -shib2)

Package: wordpress-shibboleth Severity: serious Dear Maintainer, The Shibboleth SP package migrated from providing libapache2-mod-shib2 to libapache2-mod-shib; the former is already transitional in buster. Please switch to using the new package name to keep wordpress-shibboleth installable. --

Bug#945741: closing 945741

close 945741 0.1.20171010-2 thanks

Bug#930061: openssl: causes regression in kronosnet memory checks

Package: openssl Version: 1.1.1c-1 Severity: serious (You seem to use the serious severity for such reports.) Dear OpenSSL Maintainers, Please see https://github.com/kronosnet/kronosnet/issues/226: the Kronosnet upstream CI started to fail in the Valgrind memory checks after the libssl upgrade

Bug#929269: coturn: overwrites database file /var/lib/turn/turndb on upgrade or reinstall

Package: coturn Version: 4.3.1.2-1 Severity: critical Justification: causes serious data loss Dear Misi, The coturn package ships /var/lib/turn/turndb as an empty SQLite database template, thus unexpectedly overwrites it without warning on upgrade or reinstall, destroying any data the user might

Bug#927292: libqb: Breaks applications not running as root (for example pacemaker-based AKA cib)

Source: libqb Version: 1.0.4-1 Severity: grave Tags: upstream Justification: renders package unusable Forwarded: https://github.com/ClusterLabs/libqb/issues/338 IPC connection setup is aborted if the application is unable to chown() the temporary communication directory under /dev/shm to the

Bug#927159: libqb: Insecure Temporary Files

Source: libqb Version: 1.0.3-2 Severity: grave Tags: patch upstream security Justification: user security hole Forwarded: https://github.com/ClusterLabs/libqb/issues/338 Control: found -1 0.11.1-2 Libqb creates files in world-writable directories (/dev/shm, /tmp) with rather predictable file

Bug#915639: shibboleth-resolver: FTBFS: missing pkg-config/log4shib/log4cpp

Andreas Beckmann writes: > shibboleth-resolver FTBFS everywhere: > > checking for pkg-config... no It's just pkg-config missing from Build-Depends. Sam, are you around to fix this? -- Thanks, Feri

Bug#915007: opensaml2 FTBFS with xmltooling 3

peter green writes: > I then had a poke around and noticed that an "opensaml" source package > had recently been uploaded that seems to have taken over most of the > binary package names from opensaml2. If the intention is for opensaml > to replace opensaml2 can you file a removal request? Hi,

Bug#905332: debdiff

wagner.fer...@kifu.gov.hu (Ferenc Wágner) writes: > Christian Fischer writes: > >> On Fri, 03 Aug 2018 14:42:16 +0200 wf...@niif.hu (Ferenc Wágner) wrote: >> >>> Unfortunately the CVE hasn't arrived yet; I'll >>> forward it to you once it does. My acknowl

Bug#905332: debdiff

Christian Fischer writes: > On Fri, 03 Aug 2018 14:42:16 +0200 wf...@niif.hu (Ferenc Wágner) wrote: > >> Unfortunately the CVE hasn't arrived yet; I'll >> forward it to you once it does. My acknowledgement mail is of >> subject "CVE Request 548000 for CVE

Bug#909558: libapache2-mod-shib2: Installation fails because of unmet dependencies

Michail Bachmann writes: > # apt install libapache2-mod-shib2 > Reading package lists... Done > Building dependency tree > Reading state information... Done > Some packages could not be installed. This may mean that you have > requested an impossible situation or if you are using the

Bug#902117: [Debian-ha-maintainers] Bug#902117: corosync-qdevice will not daemonize/run

Control: severity -1 normal Control: tag -1 + upstream Valentin Vidic writes: > On Fri, Jul 06, 2018 at 12:50:42PM +0200, Ferenc Wágner wrote: > >> Thanks for the report. I've been pretty busy with other tasks, but I'll >> check this out as soon as possible, your report isn't

Bug#859829: bump

Dimitri John Ledkov writes: > xml-security-c-2.0 is out and appears to compile fine against openssl > 1.1. Is that the upstream release we were waiting to package? Yes. Actually, the full SP3 stack was released almost two weeks ago, so the lights are green, we're figuring out the transition

Bug#902117: corosync-qdevice will not daemonize/run

Hi Jason, Thanks for the report. I've been pretty busy with other tasks, but I'll check this out as soon as possible, your report isn't forgotten. I ask for you patience till then. -- Regards, Feri

Bug#901100: cluster-glue-dev: missing Breaks+Replaces: cluster-glue (<< 1.0.12-8)

Andreas Beckmann writes: > Unpacking cluster-glue-dev (1.0.12-9) ... > dpkg: error processing archive > /tmp/apt-dpkg-install-iCxNhp/11-cluster-glue-dev_1.0.12-9_amd64.deb > (--unpack): >trying to overwrite '/usr/lib/heartbeat/plugins/compress/bz2.a', which is > also in package

Bug#859831: bump

No news yet. -- Feri

Bug#895653: fixed 895653 in 2.4.2-3+deb9u1~bpo8+1, closing 895653

fixed 895653 2.4.2-3+deb9u1~bpo8+1 close 895653 thanks -- Feri

Bug#895653: corosync: CVE-2018-1084: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function

Unfortunately the Alioth list migration delayed this mail long enough to let me do the security upload without closing this bug in the changelog. You may want to fill that in during the DSA workflow (if possible). -- Regards, Feri

Bug#859829: bump

wf...@niif.hu (Ferenc Wágner) writes: > Nobody objected, so let's hold out until libcurl breaks us for good or > OpenSSL 1.1 support emerges... According to the latest comment on https://issues.shibboleth.net/jira/browse/CPPXT-110 upstream support is getting there. Scott, have you perha

Bug#869986: closing 869986

close 869986 thanks

Bug#869986: pacemaker FTBFS: missing symbols

Control: fixed 869986 1.1.18~rc3-1 Control: done 869986 Pacemaker builds again for some time, looks like the new upload was enough to fix this breakage after all. -- Feri

Bug#859829: bump

Nobody objected, so let's hold out until libcurl breaks us for good or OpenSSL 1.1 support emerges...

Bug#859829: bump

I'm still behind with backports due to the recent security release. When keeping the stack in testing starts blocking independent work, please notify me and I'll switch to asking for backports exceptions. -- Feri

Bug#859829: bump

I'd like to keep the current Shibboleth stack in testing at least until I manage to upload the last backports. -- Feri

Bug#859829: Please migrate to openssl1.1 in Buster

Sebastian Andrzej Siewior writes: > this is a remainder about the openssl transition [0]. We really want to > remove libssl1.0-dev from unstable for Buster. I will raise the severity > of this bug to serious in a month. Please react before that happens. Sorry, we can't

Bug#881857: add CVE

"Cantor, Scott" <canto...@osu.edu> writes: > On 11/17/17, 11:48 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner" > <pkg-shibboleth-devel-bounces+cantor.2=osu@lists.alioth.debian.org on > behalf of wf...@niif.hu> wrote: > >> Now, th

Bug#881857: add CVE

Salvatore Bonaccorso writes: > Thanks, need to check why my mail for 881857 did not went trough > (since I retitled both with the CVE assignments). I think you used the same bug number in both. Now, this is still ongoing:

Bug#869986: [Debian-ha-maintainers] Bug#869986: Bug#869986: pacemaker FTBFS: missing symbols

Valentin Vidic writes: > Right, the upstream is having problems with libqb, but maybe they don't > see the problem with pacemaker libs if they are not checking the > exported symbols. There's no problem with the Pacemaker libs, the "missing" symbols are a manifestation

Bug#869986: [Debian-ha-maintainers] Bug#869986: Bug#869986: pacemaker FTBFS: missing symbols

Valentin Vidic writes: > Seems to be related to binutils 2.29 problem reported here: > https://bugzilla.redhat.com/show_bug.cgi?id=1477354 Absolutely, thanks for this very good find, Valentin! These symbols caused problems on non-x86 architectures before, and now

Bug#782030: stunnel4: Fails to restart on slow/loaded systems

Package: stunnel4 Followup-For: Bug #782030 Here's a patch adding systemd Type=notify support: --- a/src/ui_unix.c +++ b/src/ui_unix.c @@ -107,6 +107,9 @@ if(signal(SIGINT, SIG_IGN)!=SIG_IGN) signal(SIGINT, signal_handler); /* fatal */ #endif +#ifdef USE_SYSTEMD +

Bug#782030: stunnel4: Fails to restart on slow/loaded systems

Control: found -1 3:5.39-2 On Mon, 06 Apr 2015 19:16:24 +0200 Tollef Fog Heen wrote: > Nothing here ensures the daemons have actually exited before it tries to > start the new daemon. > > There's a variant of the same bug in that the init script will return on > stop before

Bug#818961: please provide details

Hi Patrick, Please provide a little more detail, I haven't got the IRC logs. Is this a fundamental incompatibility between Heartbeat and systemd, or a missing dependency between some units? The v1 style is indeed deprecated due to its serious limitations (AFAIK: two nodes only, node level

Bug#828608: Building with OpenSSL 1.0.2 is sufficient for stretch

Control: tags -1 + patch Adrian Bunk <b...@stusta.de> writes: > On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote: > >> Adrian Bunk <b...@stusta.de> writes: >> >>> Not a perfect solution but sufficient for stretch is the patch below to >>

Bug#828608: Building with OpenSSL 1.0.2 is sufficient for stretch

Control: tags -1 - patch Adrian Bunk writes: > Not a perfect solution but sufficient for stretch is the patch below to > use OpenSSL 1.0.2 > [...] > libcurl4-openssl-dev, > liblog4shib-dev, > - libssl-dev, > + libssl1.0-dev | libssl-dev (<< 1.1.0~), As previously

Bug#843041: Clarification of conduct

Hi Salvatore, According to Pacemaker upstream, they sent forward notice about this vulnerability to the Debian Security Team a couple of weeks before the disclosure. Did you get it? I'm the primary maintainer of the pacemaker package in Debian, but I only learnt about the issue

Bug#844263: libxml-security-c-dev: depending on libssl1.0-dev breaks open-vm-tools

Russ Allbery writes: > Bernd Zeimetz writes: > >> unfortunately your decision to depend on libssl1.0-dev breaks the build >> open-vm-tools as most other build-dependencies decided to migrate to >> the new openssl version. > >> I know that shibboleth is the

Bug#828608: xmltooling: FTBFS with openssl 1.1.0

wf...@niif.hu (Ferenc Wágner) writes: > Can you recommend a reliable way to decide whether there really are any > conflicts between the different OpenSSL libraries used by libcurl and > xmltooling? I've found two code fragments which pass OpenSSL structures between curl (Op

Bug#828608: xmltooling: FTBFS with openssl 1.1.0

Hi, I switched xmltooling to libssl1.0-dev just like I switched xml-security-c beforehand. I got the following warnings: libtool: link: g++ -Wall -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -DNDEBUG -Wl,-z -Wl,relro -Wl,-z -Wl,now -o

Bug#828607: The Shibboleth stack can't switch to OpenSSL 1.1 yet

Hi Kurt, Unfortunately it doesn't look like we could switch to OpenSSL 1.1 in the full Shibboleth stack for stretch. For upstream's take on the matter see https://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/2016-October/004315.html. I hope you can keep 1.0 in some form for now. --