-shibboleth-sp2 (2.3+dfsg-1) UNRELEASED; urgency=low
+shibboleth-sp2 (2.3+dfsg-1) UNRELEASED; urgency=high
[ Russ Allbery ]
+ * Urgency set to high for security fix.
* New upstream release.
- SECURITY: Partial fix for improper handling of URLs that could be
abused for script injection and other cross-site scripting attacks.
- Use an ID rather than a whole doc reference for generated metadata.
- Fix spelling of scopeDelimiter in the configuration parser, making
the code and documentation match the schema.
+ * Rename library package for upstream SONAME bump.
* Tighten build and package dependencies on xmltooling and opensaml2 to
require the versions with the security fix.
* Fix watch file for the new version mangling.
+ * Remove unnecessary patches to upstream files regenerated during the
+ build from the source package diff.
+
+ [ Faidon Liambotis ]
+ * Run make install with NOKEYGEN=1 and stop rm-ing generated
+ certificates. Fixes FTBFS.
[ Ferenc Wagner ]
* Run shibd as non-root.