Hi Frank,
Should be fixed. I upload a new build of libfido2.
There's a bug in the check for -fstack-protector-all: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996428
Dear all,
just upgraded one of my rp3440s (last login was sometime in 2019) and stumbled across an issue with upgrading openssh-* to 8.4 from 8.0 (8.0p1-3).
More recent OpenSSH versions in Debian seem to depend on "libfido2-1",
which itself depends on "libcbor[...]". Now the problem is, that there
is no "libcbor0" (anymore?) in the archive for hppa, there's only a "libcbor0.8", but that does not suffice the "libcbor[...]" dependency of "libfido2-1". Strangely the buildinfo file of "libfido2-1" ([1]) states
it could install a "libcbor0" for hppa:
```
[...]
Installed-Build-Depends:
[...]
libcbor-dev (= 0.5.0+dfsg-2),
libcbor0 (= 0.5.0+dfsg-2),
[...]
```
[1]: http://ftp.ports.debian.org/debian-ports/pool-hppa/main/libf/libfido2/libfido2_1.6.0-2_hppa.buildinfo
According to [2] "libfido2-1" depends on "libcbor0" for "alpha, hppa,
ia64, sparc64" and on "libcbor0.8" for every other arch (i.e. "not
alpha, hppa, ia64, sparc64").
[2]: https://packages.debian.org/sid/libfido2-1
I could solve the issue by installing this "libcbor0" ([3]) from 2018
from snapshots.debian.org and then upgrading the OpenSSH packages.
[3]: http://snapshot.debian.org/archive/debian-ports/20180517T201824Z/pool-hppa/main/libc/libcbor/libcbor0_0.5.0%2Bdfsg-2_hppa.deb
For reference I have:
```
deb http://ftp.ports.debian.org/debian-ports unstable main
deb http://ftp.ports.debian.org/debian-ports unreleased main
deb http://ftp.ports.debian.org/debian-ports experimental main
```
...in my `/etc/apt/sources.list`.
Cheers,
Frank
The problem was the libfido2_1.8.0-1 build previously failed due to the cmake configurationThere's a bug in the check for -fstack-protector-all:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996428
As "libcbor0.8" is existing for hppa, could it be an alternative to
build libfido2 1.8.0 instead of 1.6.0? Or is this version also affected
by this bug?
On 2021-10-13 6:31 p.m., Frank Scheiner wrote:
The problem was the libfido2_1.8.0-1 build previously failed due to theThere's a bug in the check for -fstack-protector-all:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996428
As "libcbor0.8" is existing for hppa, could it be an alternative to
build libfido2 1.8.0 instead of 1.6.0? Or is this version also affected
by this bug?
cmake configuration
bug, and libcbor0 got removed from the archive. This prevented the last build of libfido2
(1.6.0) from being upgraded as it depended on libcbor0. I suspect
openssh was built before libcbor0
was removed.
Dependency problems like this are common on Debian ports and it is often necessary to rebuild
packages to resolve dependencies.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 293 |
Nodes: | 16 (2 / 14) |
Uptime: | 239:25:41 |
Calls: | 6,624 |
Files: | 12,172 |
Messages: | 5,320,000 |