This is already fixed in unstable, waiting for pacemaker to migrate.
Control: tags -1 + pending
On Tue, 5 Mar 2024 12:29:36 +0100 Guillem Jover wrote:
> the package is already explicitly linking against -laio (which I guess
> also means there's a missing Build-Depends here)
Hi Guillem,
libaio-dev is already in Build-Depends, so I think we're fine here.
> it
Package: wordpress-shibboleth
Severity: serious
Dear Maintainer,
The Shibboleth SP package migrated from providing libapache2-mod-shib2
to libapache2-mod-shib; the former is already transitional in buster.
Please switch to using the new package name to keep wordpress-shibboleth
installable.
--
close 945741 0.1.20171010-2
thanks
Package: openssl
Version: 1.1.1c-1
Severity: serious
(You seem to use the serious severity for such reports.)
Dear OpenSSL Maintainers,
Please see https://github.com/kronosnet/kronosnet/issues/226: the
Kronosnet upstream CI started to fail in the Valgrind memory checks
after the libssl upgrade
Package: coturn
Version: 4.3.1.2-1
Severity: critical
Justification: causes serious data loss
Dear Misi,
The coturn package ships /var/lib/turn/turndb as an empty SQLite
database template, thus unexpectedly overwrites it without warning on
upgrade or reinstall, destroying any data the user might
Source: libqb
Version: 1.0.4-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Forwarded: https://github.com/ClusterLabs/libqb/issues/338
IPC connection setup is aborted if the application is unable to chown()
the temporary communication directory under /dev/shm to the
Source: libqb
Version: 1.0.3-2
Severity: grave
Tags: patch upstream security
Justification: user security hole
Forwarded: https://github.com/ClusterLabs/libqb/issues/338
Control: found -1 0.11.1-2
Libqb creates files in world-writable directories (/dev/shm, /tmp) with
rather predictable file
Andreas Beckmann writes:
> shibboleth-resolver FTBFS everywhere:
>
> checking for pkg-config... no
It's just pkg-config missing from Build-Depends.
Sam, are you around to fix this?
--
Thanks,
Feri
peter green writes:
> I then had a poke around and noticed that an "opensaml" source package
> had recently been uploaded that seems to have taken over most of the
> binary package names from opensaml2. If the intention is for opensaml
> to replace opensaml2 can you file a removal request?
Hi,
wagner.fer...@kifu.gov.hu (Ferenc Wágner) writes:
> Christian Fischer writes:
>
>> On Fri, 03 Aug 2018 14:42:16 +0200 wf...@niif.hu (Ferenc Wágner) wrote:
>>
>>> Unfortunately the CVE hasn't arrived yet; I'll
>>> forward it to you once it does. My acknowl
Christian Fischer writes:
> On Fri, 03 Aug 2018 14:42:16 +0200 wf...@niif.hu (Ferenc Wágner) wrote:
>
>> Unfortunately the CVE hasn't arrived yet; I'll
>> forward it to you once it does. My acknowledgement mail is of
>> subject "CVE Request 548000 for CVE
Michail Bachmann writes:
> # apt install libapache2-mod-shib2
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the
Control: severity -1 normal
Control: tag -1 + upstream
Valentin Vidic writes:
> On Fri, Jul 06, 2018 at 12:50:42PM +0200, Ferenc Wágner wrote:
>
>> Thanks for the report. I've been pretty busy with other tasks, but I'll
>> check this out as soon as possible, your report isn't
Dimitri John Ledkov writes:
> xml-security-c-2.0 is out and appears to compile fine against openssl
> 1.1. Is that the upstream release we were waiting to package?
Yes. Actually, the full SP3 stack was released almost two weeks ago, so
the lights are green, we're figuring out the transition
Hi Jason,
Thanks for the report. I've been pretty busy with other tasks, but I'll
check this out as soon as possible, your report isn't forgotten. I ask
for you patience till then.
--
Regards,
Feri
Andreas Beckmann writes:
> Unpacking cluster-glue-dev (1.0.12-9) ...
> dpkg: error processing archive
> /tmp/apt-dpkg-install-iCxNhp/11-cluster-glue-dev_1.0.12-9_amd64.deb
> (--unpack):
>trying to overwrite '/usr/lib/heartbeat/plugins/compress/bz2.a', which is
> also in package
No news yet.
--
Feri
fixed 895653 2.4.2-3+deb9u1~bpo8+1
close 895653
thanks
--
Feri
Unfortunately the Alioth list migration delayed this mail long enough to
let me do the security upload without closing this bug in the changelog.
You may want to fill that in during the DSA workflow (if possible).
--
Regards,
Feri
wf...@niif.hu (Ferenc Wágner) writes:
> Nobody objected, so let's hold out until libcurl breaks us for good or
> OpenSSL 1.1 support emerges...
According to the latest comment on
https://issues.shibboleth.net/jira/browse/CPPXT-110
upstream support is getting there.
Scott, have you perha
close 869986
thanks
Control: fixed 869986 1.1.18~rc3-1
Control: done 869986
Pacemaker builds again for some time, looks like the new upload was
enough to fix this breakage after all.
--
Feri
Nobody objected, so let's hold out until libcurl breaks us for good or
OpenSSL 1.1 support emerges...
I'm still behind with backports due to the recent security release.
When keeping the stack in testing starts blocking independent work,
please notify me and I'll switch to asking for backports exceptions.
--
Feri
I'd like to keep the current Shibboleth stack in testing at least until
I manage to upload the last backports.
--
Feri
Sebastian Andrzej Siewior writes:
> this is a remainder about the openssl transition [0]. We really want to
> remove libssl1.0-dev from unstable for Buster. I will raise the severity
> of this bug to serious in a month. Please react before that happens.
Sorry, we can't
"Cantor, Scott" <canto...@osu.edu> writes:
> On 11/17/17, 11:48 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner"
> <pkg-shibboleth-devel-bounces+cantor.2=osu@lists.alioth.debian.org on
> behalf of wf...@niif.hu> wrote:
>
>> Now, th
Salvatore Bonaccorso writes:
> Thanks, need to check why my mail for 881857 did not went trough
> (since I retitled both with the CVE assignments).
I think you used the same bug number in both.
Now, this is still ongoing:
Valentin Vidic writes:
> Right, the upstream is having problems with libqb, but maybe they don't
> see the problem with pacemaker libs if they are not checking the
> exported symbols.
There's no problem with the Pacemaker libs, the "missing" symbols are a
manifestation
Valentin Vidic writes:
> Seems to be related to binutils 2.29 problem reported here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1477354
Absolutely, thanks for this very good find, Valentin! These symbols
caused problems on non-x86 architectures before, and now
Package: stunnel4
Followup-For: Bug #782030
Here's a patch adding systemd Type=notify support:
--- a/src/ui_unix.c
+++ b/src/ui_unix.c
@@ -107,6 +107,9 @@
if(signal(SIGINT, SIG_IGN)!=SIG_IGN)
signal(SIGINT, signal_handler); /* fatal */
#endif
+#ifdef USE_SYSTEMD
+
Control: found -1 3:5.39-2
On Mon, 06 Apr 2015 19:16:24 +0200 Tollef Fog Heen wrote:
> Nothing here ensures the daemons have actually exited before it tries to
> start the new daemon.
>
> There's a variant of the same bug in that the init script will return on
> stop before
Hi Patrick,
Please provide a little more detail, I haven't got the IRC logs. Is
this a fundamental incompatibility between Heartbeat and systemd, or a
missing dependency between some units? The v1 style is indeed
deprecated due to its serious limitations (AFAIK: two nodes only, node
level
Control: tags -1 + patch
Adrian Bunk <b...@stusta.de> writes:
> On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote:
>
>> Adrian Bunk <b...@stusta.de> writes:
>>
>>> Not a perfect solution but sufficient for stretch is the patch below to
>>
Control: tags -1 - patch
Adrian Bunk writes:
> Not a perfect solution but sufficient for stretch is the patch below to
> use OpenSSL 1.0.2
> [...]
> libcurl4-openssl-dev,
> liblog4shib-dev,
> - libssl-dev,
> + libssl1.0-dev | libssl-dev (<< 1.1.0~),
As previously
Hi Salvatore,
According to Pacemaker upstream, they sent forward notice about this
vulnerability to the Debian Security Team a couple of weeks before the
disclosure. Did you get it? I'm the primary maintainer of the
pacemaker package in Debian, but I only learnt about the issue
Russ Allbery writes:
> Bernd Zeimetz writes:
>
>> unfortunately your decision to depend on libssl1.0-dev breaks the build
>> open-vm-tools as most other build-dependencies decided to migrate to
>> the new openssl version.
>
>> I know that shibboleth is the
wf...@niif.hu (Ferenc Wágner) writes:
> Can you recommend a reliable way to decide whether there really are any
> conflicts between the different OpenSSL libraries used by libcurl and
> xmltooling?
I've found two code fragments which pass OpenSSL structures between curl
(Op
Hi,
I switched xmltooling to libssl1.0-dev just like I switched
xml-security-c beforehand. I got the following warnings:
libtool: link: g++ -Wall -g -O2 -fdebug-prefix-map=/<>=.
-fstack-protector-strong -Wformat -Werror=format-security -O2 -DNDEBUG -Wl,-z
-Wl,relro -Wl,-z -Wl,now -o
Hi Kurt,
Unfortunately it doesn't look like we could switch to OpenSSL 1.1 in the
full Shibboleth stack for stretch. For upstream's take on the matter see
https://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/2016-October/004315.html.
I hope you can keep 1.0 in some form for now.
--
41 matches
Mail list logo