Security fix diffs for 1.3.x
cantor.2 at osu.edu
Thu Nov 12 17:00:08 UTC 2009
Russ Allbery wrote on 2009-11-12:
> I was apparently working on this way too late last night and confused
> myself into thinking fastcgi wasn't in the 1.3.1 tarball, which of course
> it is. I'm updating that now.
Note that NSAPI is too, but I was assuming you were patching only what gets
built. If you want a "consistent" source fix, you should apply the nsapi and
isapi patches also.
> That does do weird things to the schema versioning, though, since the
> resulting schema doesn't match any of your versions. Does that matter?
> Is that something that might upset anything?
Schema versions are totally non-normative, I use them for documentation
purposes. My suggestion is to leave it at 1.3.1, since your fix here is
technically a patch to 1.3.1 rather than the actual upgrade to 1.3.5.
More information about the Pkg-shibboleth-devel