-opensaml2 (2.1-1) UNRELEASED; urgency=low
+opensaml2 (2.5+dfsg~moonshot2-1) unstable; urgency=low
+
+ * New upstream
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 13 Dec 2011 15:28:33 -0500
+
+opensaml2 (2.5+dfsg~moonshot1-2) unstable; urgency=low
+
+ * Update to libsaml8
+
+ -- Sam Hartman <hartmans@project-moonshot.org> Wed, 07 Dec 2011 11:54:44 -0500
+
+opensaml2 (2.5+dfsg~moonshot1-1) unstable; urgency=low
+
+ * New upstream prerelease
+
+ -- Russ Allbery <hartmans@project-moonshot.org> Tue, 09 Aug 2011 16:37:46 -0400
+
+opensaml2 (2.4.1-1) unstable; urgency=low
+
+ * New upstream release.
+ - Don't download remote metadata if it hasn't changed
+ - Verify that fetched metadata is valid, even after filters, before
+ overwriting the previous metadata. Improve metadata downloads.
+ - Logging improvements for OpenSAML.MetadataProvider.XML
+ - Add keywords/tags element to UIInfo extension and disco feed
+ - Fix overuse of InclusivePrefixes list when signing
+ - Do not use cacheDuration for validity
+ - Fix memory leaks
+ - Fix crash when encrypting unmarshalled object
+ - Resolve sibling EncryptedKey element for decryption
+ - Add xml prefix on newly-created xml:lang attributes
+ - Duplication and line feed fixes for DiscoFeed.
+ - Fix reload interval backoff after reload failures
+ - Strip whitespace from SAMLRequest URL parameter values
+ * Change package names for the upstream SONAME change.
+ * Install the new upstream pkg-config file in libsaml2-dev.
+ * Build-depend on xmltooling 1.4 or later.
+ * Force build dependency on xml-security-c 1.6 or later for consistent
+ build results.
+ * Add build dependency on pkg-config, which upstream now uses to find
+ the SSL libraries.
+ * Add build dependency on graphviz for better API documentation.
+ * Replace the version of jQuery installed by Doxygen in the
+ documentation package with a symlink to the version supplied by the
+ Debian package and add a dependency.
+ * Update to debhelper compatibility level V8.
+ - Use the autotools-dev debhelper module for config.{sub,guess}.
+ - Use debhelper rule minimization.
+ * Update debian/copyright to the current DEP-5 specification.
+ * Change to Debian source format 3.0 (quilt). Force a single Debian
+ patch for simplicity since the packaging is maintained in Git using
+ branches, and include a patch header explaining why.
+ * Update standards version to 3.9.1 (no changes required).
+
+ -- Russ Allbery <rra@debian.org> Sun, 03 Apr 2011 18:57:10 -0700
+
+opensaml2 (2.3-2) unstable; urgency=low
+
+ * Force source format 1.0 for now since it makes backporting easier.
+ * Add ${misc:Depends} to all package dependencies.
+ * Update debhelper compatibility level to V7.
+ - Use dh_prep instead of dh_clean -k.
+ * Update standards version to 3.8.4 (no changes required).
+
+ -- Russ Allbery <rra@debian.org> Thu, 13 May 2010 10:21:12 -0700
+
+opensaml2 (2.3-1) unstable; urgency=high
+
+ * Urgency set to high for security fix.
+ * New upstream release.
+ - SECURITY: Partial fix for improper handling of URLs that could be
+ abused for script injection and other cross-site scripting attacks.
+ The complete fix also requires newer xmltooling and shibboleth-sp2
+ packages. (CVE-2009-3300)
+ - Fix crash on assertions with missing SubjectConfirmation.
+ - Remove inline functions except for templates or RAII patterns.
+ - Remove xml from the inclusive prefix list to avoid bugs in Apache
+ Java xmlsec.
+ - Honor digest algorithm in whole document signing with empty URI.
+ * Rename library package for upstream SONAME bump.
+ * Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
+ depend on libxmltooling-dev 1.3 or later for the fixes for URL
+ sanitization.
+ * Build-depend on libxml-security-c-dev 1.5 or later to ensure
+ that all builds are consistent.
+
+ -- Russ Allbery <rra@debian.org> Fri, 06 Nov 2009 15:09:04 -0800
+
+opensaml2 (2.2.1-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fix crash when generating unsigned ECP AuthnRequest.
+ - Correct check of key usage against KeyDescriptor use.
+ * Remove temporary build-depend on libicu-dev and tighten the build
+ dependency on libxerces-c-dev to require the fixed version.
+
+ -- Russ Allbery <rra@debian.org> Mon, 07 Sep 2009 18:35:47 -0700
+
+opensaml2 (2.2-1) unstable; urgency=low
+
+ * New upstream release.
+ - Use CRLs in the metadata signature during PKIX path validation.
+ - Fix cacheDuration handling in metadata parsing.
+ - Set HTTP no-cache headers when redirecting client to IdP via POST.
+ - Allow verbs for GET-based bindings to be overridden.
+ * Rename library package for upstream SONAME bump.
+ * Build against Xerces-C 3.0.
+ * Build-depend and depend on xmltooling 1.2 or later.
+ * Temporarily add libicu-dev to Build-Depends to work around Bug#540964
+ in libxerces-c-dev.
+ * Update standards version to 3.8.3 (no changes required).
+
+ -- Russ Allbery <rra@debian.org> Tue, 18 Aug 2009 16:36:16 -0700
+
+opensaml2 (2.1-1) unstable; urgency=low
[ Russ Allbery ]
* New upstream bug-fix release.
[ Ferenc Wagner ]
* Fix watch file for upstream directory structure.
- -- Ferenc Wagner <wferi@niif.hu> Fri, 22 Aug 2008 15:06:19 +0200
+ -- Russ Allbery <rra@debian.org> Sun, 22 Feb 2009 13:16:05 -0800
opensaml2 (2.0-2) unstable; urgency=low