Security fix diffs for 1.3.x

Russ Allbery rra at
Fri Nov 6 21:58:57 UTC 2009

"Scott Cantor" <cantor.2 at> writes:

> The diffs related to the security fix for v1.3.5 of the SP should be
> captured by these two sets:


> The former change isn't part of the fix per se, but is a change required to
> ensure the SP doesn't generate any redirects that the fix would reject, so
> has to be included.

> The general model for this fix is a partial template for what might be
> done to the 2.x SP to avoid the soname changes, namely duplicating a
> checking function across every module/filter.

Just to double-check, no changes are required for the opensaml 1.x
library, correct?  The change is only in the shibboleth-sp package?

Russ Allbery (rra at               <>

More information about the Pkg-shibboleth-devel mailing list