* Simon McVittie <s...@debian.org> [200629 17:39]: > On Mon, 29 Jun 2020 at 15:33:48 +0100, Simon McVittie wrote: > > On Sun, 28 Jun 2020 at 15:45:41 +0200, Chris Hofstaedtler wrote: > > > We seem to have multiple problems here: > > > > > > 1) Software that is not shipped by Debian and uses a statically > > > linked or private copy of libssl crashes, because libmount1 pulls > > > in libssl1.1, transitively. > > ... > > > 2) Some part of libmount1 or libcryptsetup1 introduces a memory > > > corruption, which is "found" by libjansson users. > > > > Also json-glib users, probably (all of json-c, jansson and json-glib > > collide at json_object_iter_next()). > > Given the number of moving parts involved in this, and the fact that the > verity feature is specifically described as experimental in the upstream > release notes, would you be willing to consider reverting the enablement > of the cryptsetup feature until there is at least a concrete plan for > a solution?
This is my plan indeed. I'm waiting for bsdmainutils to pass through NEW, as it has a versioned dependency on util-linux 2.35.2-7. > This would reopen #951048, but would at least temporarily > resolve #963721, #963525 and #963933, and would mitigate #963932. Then we > can do a coordinated transition with everything happening in the right > order, when we know what that order is. #951048 is already reopened. > Some possible angles to attack this from: > > - not enabling the feature (Snipped your long list of other options which would need to be done upstream.) > Thanks, > smcv Best, Chris
