Add a NEWS.Debian entry for shibboleth2.xml updates

* Add a NEWS.Debian entry for libapache2-mod-shib2 that explains the
  recommended configuration update for the 2.2 version.  Thanks, Scott
  Cantor and Kristof BAJNOK.

diff --git a/debian/changelog b/debian/changelog
index 316ec69..c3f2f84 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
-shibboleth-sp2 (2.2.1+dfsg-2) UNRELEASED; urgency=low
+shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low
 
   * Change the libapache2-mod-shib2 section to httpd, matching override.
+  * Add a NEWS.Debian entry for libapache2-mod-shib2 that explains the
+    recommended configuration update for the 2.2 version.  Thanks, Scott
+    Cantor and Kristof BAJNOK.
 
  -- Russ Allbery <rra@debian.org>  Wed, 09 Sep 2009 12:15:08 -0700
 

diff --git a/debian/libapache2-mod-shib2.NEWS b/debian/libapache2-mod-shib2.NEWS
index d6ddedf..7a44615 100644 (file)
--- a/debian/libapache2-mod-shib2.NEWS
+++ b/debian/libapache2-mod-shib2.NEWS
@@ -1,3 +1,26 @@
+shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low
+
+  There are several changes to the configuration syntax and defaults in
+  Shibboleth 2.2, one of which produce deprecation warnings on startup
+  until /etc/shibboleth/shibboleth2.xml is updated.
+
+  The most significant change is that <Rule> tags in the <Policy> element
+  should be changed to <PolicyRule> and a new policy rule added:
+
+      <PolicyRule type="Conditions">
+          <PolicyRule type="Audience"/>
+          <!-- Enable Delegation rule to permit delegated access. -->
+          <!-- <PolicyRule type="Delegation"/> -->
+      </PolicyRule>
+
+  See:
+
+  https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationChanges
+
+  for all the details and further explanation.
+
+ -- Russ Allbery <rra@debian.org>  Tue, 15 Sep 2009 20:44:26 -0700
+
 shibboleth-sp2 (2.0.dfsg1-4) unstable; urgency=low
 
   With this release, the Apache module configuration fragments in