* Florian Weimer:
Right. Please upload opensaml2 first (after sending in a source
debdiff for review), and then wait with uploading shibboleth-sp2 until
we tell you it's okay to do so.
It's now possible to upload shibboleth-sp2 to security-master. Thanks
for your assistance.
--
To
[removing -release and the closed bug report]
Florian Weimer wrote:
Right. Please upload opensaml2 first (after sending in a source
debdiff for review), and then wait with uploading shibboleth-sp2 until
we tell you it's okay to do so.
It's now possible to upload shibboleth-sp2 to
* Faidon Liambotis:
Attached is the debdiff for shibboleth-sp2 2.0.dfsg1-4+lenny1.
Please approve.
Thanks, please upload. (You need to build the source package with
-sa.) The build will fail on one or two architectures whose buildds
do not satisfy build dependencies from the security queue,
Florian Weimer wrote:
Thanks, please upload. (You need to build the source package with
-sa.)
Yes, of course. Just uploaded to security-master.
(It's odd that the original package FTBFSes, but well...)
It is, I was wondering myself. It had multiple serious bugs actually:
- tries to generate
* Faidon Liambotis:
Florian Weimer wrote:
Thanks, please upload. (You need to build the source package with
-sa.)
Yes, of course. Just uploaded to security-master.
Thanks. Have you verified that the versions you've uploaded, together
with the previous security update, fix the reported
Sorry to have not been able to help with this more. I'm still recovering
from a particularly nasty bout of stomach flu. :/
Faidon Liambotis parav...@debian.org writes:
Florian Weimer wrote:
(It's odd that the original package FTBFSes, but well...)
It is, I was wondering myself. It had
Florian Weimer wrote:
* Faidon Liambotis:
Florian Weimer wrote:
Thanks, please upload. (You need to build the source package with
-sa.)
Yes, of course. Just uploaded to security-master.
Thanks. Have you verified that the versions you've uploaded, together
with the previous security
Faidon Liambotis wrote on 2009-10-08:
Yes, I've verified that they work in my setup. As Scott said before,
there more than a dozen scenarios (literally!) and I'm not able to test
each one of them. However, they work in the couple that I've tried and
the fixes are with upstream's (Scott)
Florian Weimer wrote:
Right. Please upload opensaml2 first (after sending in a source
debdiff for review), and then wait with uploading shibboleth-sp2 until
we tell you it's okay to do so.
OK, will do. How should we handle the fact that the newer xmltooling is
breaking the old (as in, lenny)
* Faidon Liambotis:
Florian Weimer wrote:
Right. Please upload opensaml2 first (after sending in a source
debdiff for review), and then wait with uploading shibboleth-sp2 until
we tell you it's okay to do so.
OK, will do. How should we handle the fact that the newer xmltooling is
breaking
Florian Weimer wrote on 2009-10-07:
OK, will do. How should we handle the fact that the newer xmltooling is
breaking the old (as in, lenny) opensaml2/shibboleth-sp2?
We could theoretically add a Conflicts: to a new upload of xmltooling,
but this is unnecessary. We don't do this for every
Florian Weimer wrote:
Right. Please upload opensaml2 first (after sending in a source
debdiff for review), and then wait with uploading shibboleth-sp2 until
we tell you it's okay to do so.
Scott and Russ, under which conditions did you see the specific opensaml
code to be inlined on
Faidon Liambotis wrote on 2009-10-07:
Scott and Russ, under which conditions did you see the specific opensaml
code to be inlined on shibboleth-sp2?
The version of opensaml released on the Internet2 site, which is 2.2.1,
includes an inline version of the MetadataCredentialCriteria matches
* Faidon Liambotis:
Florian Weimer wrote:
Right. Please upload opensaml2 first (after sending in a source
debdiff for review), and then wait with uploading shibboleth-sp2 until
we tell you it's okay to do so.
Scott and Russ, under which conditions did you see the specific opensaml
code to
Florian Weimer wrote on 2009-10-07:
Scott and Russ, under which conditions did you see the specific opensaml
code to be inlined on shibboleth-sp2?
Does shibboleth-sp2 create invoke a constructor of that class? Do the
compiled binaries contain any reference to the vtable?
There are numerous
Hi,
Russ Allbery wrote:
The Shibboleth suite of software and libraries, which includes xmltooling,
opensmal2, and shibboleth-sp2, has had several vulnerabilities announced
over the past month and a half. Most of those are in xmltooling and are
being handled in conjunction with the Debian
* Faidon Liambotis:
Please note that this fix is in a header file in a function that's
inlined, so after this update is accepted (assuming it's accepted),
shibboleth-sp2 in stable will need to be rebuilt against the new version
of opensaml2. I understand that this can be done via the
17 matches
Mail list logo