- SECURITY: Correctly validate the use attribute of KeyDescriptors,
preventing use of a key for signing or for encryption if its use
field says it may not be used for that purpose.
+ - New shib-metagen script for generating Shibboleth SP metadata.
- Support preserving form data across user authentication.
- Support internal server redirection while maintaining protection.
- Fix incompatibility between lazy sessions and servlet containers.
- Fix generated metadata DiscoveryResponse.
- Fix handling of unsigned responses with encryption.
- Fix handling of InProcess property.
+ * Rename library package for upstream SONAME bump.
+ * Tighten build dependencies and schema package dependencies on
+ opensaml2 and xmltooling.
+ * Build against Xerces-C 3.0.
* Dynamically determine the Debian and upstream package versions for
get-orig-source from debian/changelog.
* Update libapache2-mod-shib2's README.Debian for changes to the
TestShib web pages.
+ * Use the automatically-extracted package version as the version number
+ for the man pages.
+ * Update standards version to 3.8.3.
+ - Create /var/run/shibboleth in the init script if it doesn't exist.
+ - Don't ship /var/run/shibboleth in the package.
+ - Remove /var/run/shibboleth in postrm if it exists.
-- Russ Allbery <rra@debian.org> Fri, 24 Jul 2009 15:29:01 -0700