1 opensaml2 (2.4.1-1) UNRELEASED; urgency=low
3 * New upstream release.
4 - Don't download remote metadata if it hasn't changed
5 - Verify that fetched metadata is valid, even after filters, before
6 overwriting the previous metadata. Improve metadata downloads.
7 - Logging improvements for OpenSAML.MetadataProvider.XML
8 - Add keywords/tags element to UIInfo extension and disco feed
9 - Fix overuse of InclusivePrefixes list when signing
10 - Do not use cacheDuration for validity
12 - Fix crash when encrypting unmarshalled object
13 - Resolve sibling EncryptedKey element for decryption
14 - Add xml prefix on newly-created xml:lang attributes
15 - Duplication and line feed fixes for DiscoFeed.
16 - Fix reload interval backoff after reload failures
17 - Strip whitespace from SAMLRequest URL parameter values
19 -- Russ Allbery <rra@debian.org> Sun, 03 Apr 2011 17:59:57 -0700
21 opensaml2 (2.3-2) unstable; urgency=low
23 * Force source format 1.0 for now since it makes backporting easier.
24 * Add ${misc:Depends} to all package dependencies.
25 * Update debhelper compatibility level to V7.
26 - Use dh_prep instead of dh_clean -k.
27 * Update standards version to 3.8.4 (no changes required).
29 -- Russ Allbery <rra@debian.org> Thu, 13 May 2010 10:21:12 -0700
31 opensaml2 (2.3-1) unstable; urgency=high
33 * Urgency set to high for security fix.
34 * New upstream release.
35 - SECURITY: Partial fix for improper handling of URLs that could be
36 abused for script injection and other cross-site scripting attacks.
37 The complete fix also requires newer xmltooling and shibboleth-sp2
38 packages. (CVE-2009-3300)
39 - Fix crash on assertions with missing SubjectConfirmation.
40 - Remove inline functions except for templates or RAII patterns.
41 - Remove xml from the inclusive prefix list to avoid bugs in Apache
43 - Honor digest algorithm in whole document signing with empty URI.
44 * Rename library package for upstream SONAME bump.
45 * Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
46 depend on libxmltooling-dev 1.3 or later for the fixes for URL
48 * Build-depend on libxml-security-c-dev 1.5 or later to ensure
49 that all builds are consistent.
51 -- Russ Allbery <rra@debian.org> Fri, 06 Nov 2009 15:09:04 -0800
53 opensaml2 (2.2.1-1) unstable; urgency=low
55 * New upstream release.
56 - Fix crash when generating unsigned ECP AuthnRequest.
57 - Correct check of key usage against KeyDescriptor use.
58 * Remove temporary build-depend on libicu-dev and tighten the build
59 dependency on libxerces-c-dev to require the fixed version.
61 -- Russ Allbery <rra@debian.org> Mon, 07 Sep 2009 18:35:47 -0700
63 opensaml2 (2.2-1) unstable; urgency=low
65 * New upstream release.
66 - Use CRLs in the metadata signature during PKIX path validation.
67 - Fix cacheDuration handling in metadata parsing.
68 - Set HTTP no-cache headers when redirecting client to IdP via POST.
69 - Allow verbs for GET-based bindings to be overridden.
70 * Rename library package for upstream SONAME bump.
71 * Build against Xerces-C 3.0.
72 * Build-depend and depend on xmltooling 1.2 or later.
73 * Temporarily add libicu-dev to Build-Depends to work around Bug#540964
75 * Update standards version to 3.8.3 (no changes required).
77 -- Russ Allbery <rra@debian.org> Tue, 18 Aug 2009 16:36:16 -0700
79 opensaml2 (2.1-1) unstable; urgency=low
82 * New upstream bug-fix release.
83 * Bump SONAME of libsaml following upstream's versioning. The names of
84 libsaml2-dev and libsaml2-doc have not changed; the "2" in those names
85 refers to the major version of the package, not to the SONAME of the
87 * Build-depend on libxmtooling-dev >= 1.1 following the upstream spec
89 * Flesh out debian/copyright with entries for build system files and
90 convert to the latest draft of the copyright format proposal.
91 * Remove duplicated Section header in the libsaml3 control stanza.
94 * Fix watch file for upstream directory structure.
96 -- Russ Allbery <rra@debian.org> Sun, 22 Feb 2009 13:16:05 -0800
98 opensaml2 (2.0-2) unstable; urgency=low
100 * Include fix for https://bugs.internet2.edu/jira/browse/CPPOST-7
101 (Metadata with EncryptionMethod elements fails to load)
102 * Include fix for https://bugs.internet2.edu/jira/browse/CPPOST-11
103 (SignatureMetadataFilter fails to validate signed EntityDescriptor)
105 -- Ferenc Wagner <wferi@niif.hu> Wed, 21 Jan 2009 16:30:46 +0100
107 opensaml2 (2.0-1) unstable; urgency=low
110 * Initial release (Closes: #480289)
112 -- Russ Allbery <rra@debian.org> Mon, 16 Jun 2008 21:28:28 -0700