-shibboleth-sp2 (2.3+dfsg-1) UNRELEASED; urgency=low
+shibboleth-sp2 (2.3.1+dfsg-3) unstable; urgency=low
+
+ [ Ferenc Wagner ]
+ * Restart Apache from the postinst script if the shib2 module is enabled
+ to avoid communication errors with the upgraded shibd. (Closes: #602328)
+ * Fix watch file. The 2.4 prerelease broke it.
+
+ [ Faidon Liambotis ]
+ * Add myself to Uploaders.
+ * Enable and ship memcache-store.
+
+ -- Ferenc Wagner <wferi@niif.hu> Mon, 22 Nov 2010 22:17:57 +0100
+
+shibboleth-sp2 (2.3.1+dfsg-2) unstable; urgency=low
+
+ * Modify shib-keygen to create the new certificate key group-readable by
+ _shibd and not world-readable. (Closes: #571631, CVE-2010-2450)
+ * Force source format 1.0 for now since it makes backporting easier.
+ * Update debhelper compatibility level to V7.
+ - Use dh_prep instead of dh_clean -k.
+ * Update standards version to 3.8.4 (no changes required).
+
+ -- Russ Allbery <rra@debian.org> Sat, 15 May 2010 15:25:12 -0700
+
+shibboleth-sp2 (2.3.1+dfsg-1) unstable; urgency=low
+
+ * New upstream release.
+ - Don't sign messages for SOAP requests twice.
+ - Correctly generate metadata in the artifact resolution handler.
+ - Artifact resolution should return empty success on errors.
+ - Fixed crash in backchannel global logout.
+ - Fix duplicate indexes in metadata generation when multiple base URLs
+ are supplied.
+ - Correctly decrypt assertions in attribute responses.
+ * Apply upstream fix for shibd removing the PID file when called with
+ the -F option. This prevents the check of certificate permissions in
+ the init script from removing the PID file of a running shibd.
+ * Add ${shlibs:Depends} to the libshibsp-dev package dependencies.
+ * Add ${misc:Depends} to all package dependencies.
+
+ -- Russ Allbery <rra@debian.org> Sun, 03 Jan 2010 13:54:55 -0800
+
+shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high
[ Russ Allbery ]
+ * Urgency set to high for security fix.
* New upstream release.
- SECURITY: Partial fix for improper handling of URLs that could be
abused for script injection and other cross-site scripting attacks.
- Use an ID rather than a whole doc reference for generated metadata.
- Fix spelling of scopeDelimiter in the configuration parser, making
the code and documentation match the schema.
+ * Rename library package for upstream SONAME bump.
* Tighten build and package dependencies on xmltooling and opensaml2 to
require the versions with the security fix.
* Fix watch file for the new version mangling.
+ * Improve documentation of DAEMON_OPTS in /etc/default/shibd.
+ * Remove unnecessary patches to upstream files regenerated during the
+ build from the source package diff.
+
+ [ Faidon Liambotis ]
+ * Run make install with NOKEYGEN=1 and stop rm-ing generated
+ certificates. Fixes FTBFS.
[ Ferenc Wagner ]
* Run shibd as non-root.
- -- Russ Allbery <rra@debian.org> Tue, 10 Nov 2009 14:55:56 -0800
+ -- Russ Allbery <rra@debian.org> Wed, 11 Nov 2009 14:39:44 -0800
shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low
projects / shibboleth / sp.git / blobdiff