Your message dated Sun, 02 Feb 2020 13:47:24 +0000
with message-id <[email protected]>
and subject line Bug#950135: fixed in xmltooling 3.0.4-1+deb10u1
has caused the Debian Bug report #950135,
regarding libxmltooling8: Race condition bug in new session cookie feature
leads to SP crash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
950135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950135
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libxmltooling8
Version: 3.0.4-1
Severity: important
Tags: upstream
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Maintainer,
According to an upstream bug report [1], xmltooling versions 3.0.0 to 3.0.4
suffer from a race condition bug that leads to a crash under load. This bug
affects the Shibboleth Service Provider (SP) software (source package:
shibboleth-sp) which is the main user of libxmltooling. The only way to avoid
this crash is to disable the "session recovery" feature which was introduced in
the SP version 3 [2, 3].
Upstream has released xmltooling version 3.0.5 especially to fix that bug.
Since this new release is already in Debian unstable (thanks!), please consider
uploading it to stable as well, so that the new session recovery feature works
without crashing the whole SP.
Sincerely,
Etienne
[1] https://issues.shibboleth.net/jira/browse/CPPXT-145
[2] https://wiki.shibboleth.net/confluence/display/SP3/SessionCache
[3] https://shibboleth.net/pipermail/dev/2019-September/010552.html
- -- System Information:
Debian Release: buster/sid
APT prefers bionic-updates
APT policy: (500, 'bionic-updates'), (500, 'bionic-security'), (500,
'bionic'), (100, 'bionic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.3.0-26-generic (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEELcQv7Fsn8jFmeD9mw2QssxGaOsAFAl4xTwwACgkQw2QssxGa
OsCn5w/9HZRi93Lcgj43qYYx/LxSFRCNMYbRAF5CA0HcrTxuItkbcdUO8BiWGJOF
29fsxkEcNVaDJkPxKS5GiePG6LqcTyTbEy5mf/ib4cQpDB67QrJ+fo18TIOA1H0q
M7DC6PazwrAJg2i4qTiZG+7SO4YXArFktDZRfLM1lwtVpblwG9QUmh5R7JlBLFDN
aX8ou6L+hDMl0pLUCzBYBBve7IxT5Kz7vSNVwTCDLDh9uofXJ3ghVadiRwzJnfHX
wCQ7V3Ghtm0BWe3KZgiutl0SvnQUMAeT4WsGy/BJ/zmz6Qx4N1rm5hSBsDMuPON0
wFR6kzRlBPP0i+AYbs5XGZ10e3R9q75yfAnILxGsuRk7M5EjSFd7lHfroWBuNtQ6
Whx0AFs985HT9Fv+cjAP7Aj3lA3Kw97FX4txyKLVGpoNSwz6/qHEMD+ZcFiZlyuP
MinbAIOzdKwNWO5NJKozLdHI4sOwfjze/RhWtWriUvsLx5+gUDDKsKZH1kVroMz/
C22i4pgDzOYcAd7lFpVPkGKFP6kcGHEqOpFEsvfUs9UFscRM6j5/ChYuc0fE+VVd
MepFqGuaqH4c24A370IBuNHeAPK9wZdVVqmqIipU8136hGu25B37vyG2HpEbkOLM
TQtAezafUtiLphMLKSOlWBq+3S+6LeyhXblaDB+ZRyCvNPV/ZUg=
=sqMu
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: xmltooling
Source-Version: 3.0.4-1+deb10u1
We believe that the bug you reported is fixed in the latest version of
xmltooling, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ferenc Wágner <[email protected]> (supplier of updated xmltooling package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 31 Jan 2020 23:06:07 +0100
Source: xmltooling
Architecture: source
Version: 3.0.4-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Shib Team <[email protected]>
Changed-By: Ferenc Wágner <[email protected]>
Closes: 950135
Changes:
xmltooling (3.0.4-1+deb10u1) buster; urgency=medium
.
* [7c6eb12] This branch is for buster updates
* [97e580e] New patch: CPPXT-145 - DataSealer is sharing non-thread safe
keys.
Thanks to Scott Cantor (Closes: #950135)
Checksums-Sha1:
311f61dc09aa189f576a7e5541afe894db49702b 2709 xmltooling_3.0.4-1+deb10u1.dsc
733a21c1bd4a2d86e94cf0b47390c54bf9aef892 53668
xmltooling_3.0.4-1+deb10u1.debian.tar.xz
046c6308651625c58ed05bd547b498f8148945ad 10037
xmltooling_3.0.4-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
540b660315d2b40b7ab297a1cd588a5d8fdcb8368c358d231e8f3fdc7e23ff13 2709
xmltooling_3.0.4-1+deb10u1.dsc
65a95a4e664afb2b1c5eda1ca9f3bd6e5546dddc0d4bdbb8e0aff52514354fb0 53668
xmltooling_3.0.4-1+deb10u1.debian.tar.xz
15d02c5610e4ac9cddb7578c59a08b8e7ee05a43f71a05dc7eb93d069fd749aa 10037
xmltooling_3.0.4-1+deb10u1_amd64.buildinfo
Files:
9b2f644ace521bb08288eff72d02412b 2709 libs optional
xmltooling_3.0.4-1+deb10u1.dsc
c5b1f9ffcb5a50174622787ae669d3d4 53668 libs optional
xmltooling_3.0.4-1+deb10u1.debian.tar.xz
b983c93c7c68663c1d5c1780401a7126 10037 libs optional
xmltooling_3.0.4-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAl40qMwACgkQOsj3Fkd+
2yNo1g//STH8F+jl3wLqllXMaGn3uTSjW+jHZzGy7dKnRbc3+FqaAQKI3YeaL+m7
LOO1lXPk2ZEWLlIMtVHOkLSI2ksAIqNAhFaakw8PLzZwt1jg1RUVvofAEqUL5tkl
ccXPF9r5EKl8UB+w1/hwS2PQGzCps7szW7CSyWttq6HeglEcrOvgg2B9eMMG5rjK
106ux6/ULu5Qe2Xn8ukR1Bhi22RfxQgo6CynOcUcOermt89CdyaEX9opLI2y3/4L
8wXYo8+tn5Vs3SoBCQK0jB0fMz2HEaTZC1jrpCeiD61k3Bh7xNFo8VAiTi0W57R2
j38YRV4Jg/QRXHZM3yQ7I9yj5HgEI0IJatwRpzmsa9XXeTKRbV5Dkv+b+xHLsag1
llD38FaLHl15rZoPIC5NGduZFV90CoT0HQPs6RVmNtyuSowN0T57rgArhB1KS6cu
n49XNE/o0t8i04FME24wjM9t6mGEBBBPTKnW2MLmlUALA5b9VX9RiJfRCKyMADye
LN23EE12F97k1xs1OT6G2ADPoeC2fsZ34pbdDiIRVYwW4upuGT6DroKR0jtl8/7M
Tt+Lz3iPLxDlgw1TmAnUqQy2I4v5WBrWVlSQuKXajiuRQKtlh1Pm7nKVjIllKf7N
5k1x9B2iY8IEUJo3dLvtCaxB3JDP1w3gzPm3yOlUDOO33Qz/uiY=
=OZqC
-----END PGP SIGNATURE-----
--- End Message ---
