Hi Jason,
Thanks for the report. I've been pretty busy with other tasks, but I'll
check this out as soon as possible, your report isn't forgotten. I ask
for you patience till then.
--
Regards,
Feri
Michail Bachmann writes:
> # apt install libapache2-mod-shib2
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unst
Salvatore Bonaccorso writes:
> Thanks, need to check why my mail for 881857 did not went trough
> (since I retitled both with the CVE assignments).
I think you used the same bug number in both.
Now, this is still ongoing:
https://release.debian.org/transitions/html/auto-xerces-c.html
The upstre
"Cantor, Scott" writes:
> On 11/17/17, 11:48 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner"
> behalf of wf...@niif.hu> wrote:
>
>> Now, this is still ongoing:
>> https://release.debian.org/transitions/html/auto-xerces-c.html
>> The u
Dimitri John Ledkov writes:
> xml-security-c-2.0 is out and appears to compile fine against openssl
> 1.1. Is that the upstream release we were waiting to package?
Yes. Actually, the full SP3 stack was released almost two weeks ago, so
the lights are green, we're figuring out the transition now
Control: severity -1 normal
Control: tag -1 + upstream
Valentin Vidic writes:
> On Fri, Jul 06, 2018 at 12:50:42PM +0200, Ferenc Wágner wrote:
>
>> Thanks for the report. I've been pretty busy with other tasks, but I'll
>> check this out as soon as possible, your re
Hi Patrick,
Please provide a little more detail, I haven't got the IRC logs. Is
this a fundamental incompatibility between Heartbeat and systemd, or a
missing dependency between some units? The v1 style is indeed
deprecated due to its serious limitations (AFAIK: two nodes only, node
level failur
Hi Salvatore,
According to Pacemaker upstream, they sent forward notice about this
vulnerability to the Debian Security Team a couple of weeks before the
disclosure. Did you get it? I'm the primary maintainer of the
pacemaker package in Debian, but I only learnt about the issue fr
Control: tags -1 - patch
Adrian Bunk writes:
> Not a perfect solution but sufficient for stretch is the patch below to
> use OpenSSL 1.0.2
> [...]
> libcurl4-openssl-dev,
> liblog4shib-dev,
> - libssl-dev,
> + libssl1.0-dev | libssl-dev (<< 1.1.0~),
As previously established in this bug re
Control: tags -1 + patch
Adrian Bunk writes:
> On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote:
>
>> Adrian Bunk writes:
>>
>>> Not a perfect solution but sufficient for stretch is the patch below to
>>> use OpenSSL 1.0.2
>>> [...]
Hi,
I switched xmltooling to libssl1.0-dev just like I switched
xml-security-c beforehand. I got the following warnings:
libtool: link: g++ -Wall -g -O2 -fdebug-prefix-map=/<>=.
-fstack-protector-strong -Wformat -Werror=format-security -O2 -DNDEBUG -Wl,-z
-Wl,relro -Wl,-z -Wl,now -o .libs/xmlt
wf...@niif.hu (Ferenc Wágner) writes:
> Can you recommend a reliable way to decide whether there really are any
> conflicts between the different OpenSSL libraries used by libcurl and
> xmltooling?
I've found two code fragments which pass OpenSSL structures between curl
(Op
Russ Allbery writes:
> Bernd Zeimetz writes:
>
>> unfortunately your decision to depend on libssl1.0-dev breaks the build
>> open-vm-tools as most other build-dependencies decided to migrate to
>> the new openssl version.
>
>> I know that shibboleth is the issue, but the current situation breaks
Valentin Vidic writes:
> Seems to be related to binutils 2.29 problem reported here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1477354
Absolutely, thanks for this very good find, Valentin! These symbols
caused problems on non-x86 architectures before, and now libqb is broken
for good (so
Valentin Vidic writes:
> Right, the upstream is having problems with libqb, but maybe they don't
> see the problem with pacemaker libs if they are not checking the
> exported symbols.
There's no problem with the Pacemaker libs, the "missing" symbols are a
manifestation of the binutils incompatib
Hi Kurt,
Unfortunately it doesn't look like we could switch to OpenSSL 1.1 in the
full Shibboleth stack for stretch. For upstream's take on the matter see
https://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/2016-October/004315.html.
I hope you can keep 1.0 in some form for now.
--
Tha
Source: libqb
Version: 1.0.3-2
Severity: grave
Tags: patch upstream security
Justification: user security hole
Forwarded: https://github.com/ClusterLabs/libqb/issues/338
Control: found -1 0.11.1-2
Libqb creates files in world-writable directories (/dev/shm, /tmp) with
rather predictable file names
Source: libqb
Version: 1.0.4-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Forwarded: https://github.com/ClusterLabs/libqb/issues/338
IPC connection setup is aborted if the application is unable to chown()
the temporary communication directory under /dev/shm to the cred
Package: coturn
Version: 4.3.1.2-1
Severity: critical
Justification: causes serious data loss
Dear Misi,
The coturn package ships /var/lib/turn/turndb as an empty SQLite
database template, thus unexpectedly overwrites it without warning on
upgrade or reinstall, destroying any data the user might
Package: openssl
Version: 1.1.1c-1
Severity: serious
(You seem to use the serious severity for such reports.)
Dear OpenSSL Maintainers,
Please see https://github.com/kronosnet/kronosnet/issues/226: the
Kronosnet upstream CI started to fail in the Valgrind memory checks
after the libssl upgrade f
close 945741 0.1.20171010-2
thanks
Christian Fischer writes:
> On Fri, 03 Aug 2018 14:42:16 +0200 wf...@niif.hu (Ferenc Wágner) wrote:
>
>> Unfortunately the CVE hasn't arrived yet; I'll
>> forward it to you once it does. My acknowledgement mail is of
>> subject "CVE Request 5480
wagner.fer...@kifu.gov.hu (Ferenc Wágner) writes:
> Christian Fischer writes:
>
>> On Fri, 03 Aug 2018 14:42:16 +0200 wf...@niif.hu (Ferenc Wágner) wrote:
>>
>>> Unfortunately the CVE hasn't arrived yet; I'll
>>> forward it to you once it does.
peter green writes:
> I then had a poke around and noticed that an "opensaml" source package
> had recently been uploaded that seems to have taken over most of the
> binary package names from opensaml2. If the intention is for opensaml
> to replace opensaml2 can you file a removal request?
Hi,
Andreas Beckmann writes:
> shibboleth-resolver FTBFS everywhere:
>
> checking for pkg-config... no
It's just pkg-config missing from Build-Depends.
Sam, are you around to fix this?
--
Thanks,
Feri
Sebastian Andrzej Siewior writes:
> this is a remainder about the openssl transition [0]. We really want to
> remove libssl1.0-dev from unstable for Buster. I will raise the severity
> of this bug to serious in a month. Please react before that happens.
Sorry, we can't do much until new major ve
Andreas Beckmann writes:
> Unpacking cluster-glue-dev (1.0.12-9) ...
> dpkg: error processing archive
> /tmp/apt-dpkg-install-iCxNhp/11-cluster-glue-dev_1.0.12-9_amd64.deb
> (--unpack):
>trying to overwrite '/usr/lib/heartbeat/plugins/compress/bz2.a', which is
> also in package cluster
wf...@niif.hu (Ferenc Wágner) writes:
> Nobody objected, so let's hold out until libcurl breaks us for good or
> OpenSSL 1.1 support emerges...
According to the latest comment on
https://issues.shibboleth.net/jira/browse/CPPXT-110
upstream support is getting there.
Scott, have you pe
Unfortunately the Alioth list migration delayed this mail long enough to
let me do the security upload without closing this bug in the changelog.
You may want to fill that in during the DSA workflow (if possible).
--
Regards,
Feri
Nobody objected, so let's hold out until libcurl breaks us for good or
OpenSSL 1.1 support emerges...
Control: fixed 869986 1.1.18~rc3-1
Control: done 869986
Pacemaker builds again for some time, looks like the new upload was
enough to fix this breakage after all.
--
Feri
close 869986
thanks
Control: found -1 3:5.39-2
On Mon, 06 Apr 2015 19:16:24 +0200 Tollef Fog Heen wrote:
> Nothing here ensures the daemons have actually exited before it tries to
> start the new daemon.
>
> There's a variant of the same bug in that the init script will return on
> stop before the daemon has actua
Package: stunnel4
Followup-For: Bug #782030
Here's a patch adding systemd Type=notify support:
--- a/src/ui_unix.c
+++ b/src/ui_unix.c
@@ -107,6 +107,9 @@
if(signal(SIGINT, SIG_IGN)!=SIG_IGN)
signal(SIGINT, signal_handler); /* fatal */
#endif
+#ifdef USE_SYSTEMD
+sd
I'm still behind with backports due to the recent security release.
When keeping the stack in testing starts blocking independent work,
please notify me and I'll switch to asking for backports exceptions.
--
Feri
fixed 895653 2.4.2-3+deb9u1~bpo8+1
close 895653
thanks
--
Feri
No news yet.
--
Feri
I'd like to keep the current Shibboleth stack in testing at least until
I manage to upload the last backports.
--
Feri
Package: wordpress-shibboleth
Severity: serious
Dear Maintainer,
The Shibboleth SP package migrated from providing libapache2-mod-shib2
to libapache2-mod-shib; the former is already transitional in buster.
Please switch to using the new package name to keep wordpress-shibboleth
installable.
--
T
This is already fixed in unstable, waiting for pacemaker to migrate.
reassign 1077353 src:cluster-glue 1.0.12-23
affects 1077353 src:heartbeat
thanks
Both ipc_set_pollfunc() and cl_poll() are defined in libplumb2t64, so
this is an internal inconsistency of cluster-glue.
Control: tags -1 + pending
On Tue, 5 Mar 2024 12:29:36 +0100 Guillem Jover wrote:
> the package is already explicitly linking against -laio (which I guess
> also means there's a missing Build-Depends here)
Hi Guillem,
libaio-dev is already in Build-Depends, so I think we're fine here.
> it mi
favor of HTTP-POST in any published metadata
+is an option of course.
+Full advisory:
+https://shibboleth.net/community/advisories/secadv_20250313.txt
+Thanks to Scott Cantor (Closes: #1100464)
+
+ -- Ferenc Wágner Fri, 14 Mar 2025 21:47:50 +0100
+
opensaml (3.2.1-3) unstable; urgen
Control: reassign -1 src:crmsh
The three cibtests fail due to the unexpected ordering between the
and the members of the testfs
primitive in the resulting CIB. I'm pretty sure this ordering is
inconsequential, so the tests should not depend on it. The
elements were put into the expectation fi
Moritz Mühlenhoff writes:
> On Fri, Mar 14, 2025 at 10:12:36PM +0100, Ferenc Wágner wrote:
>
>> Please review the following source debdiff:
>
> Thanks, the debdiff looks good. Please build with -sa (since this is the
> first upload on security-master for opensaml in boo
45 matches
Mail list logo
