Security fix diffs for 1.3.x

Scott Cantor cantor.2 at
Thu Nov 12 17:00:08 UTC 2009

Russ Allbery wrote on 2009-11-12:
> I was apparently working on this way too late last night and confused
> myself into thinking fastcgi wasn't in the 1.3.1 tarball, which of course
> it is.  I'm updating that now.

Note that NSAPI is too, but I was assuming you were patching only what gets
built. If you want a "consistent" source fix, you should apply the nsapi and
isapi patches also.

> That does do weird things to the schema versioning, though, since the
> resulting schema doesn't match any of your versions.  Does that matter?
> Is that something that might upset anything?

Schema versions are totally non-normative, I use them for documentation
purposes. My suggestion is to leave it at 1.3.1, since your fix here is
technically a patch to 1.3.1 rather than the actual upgrade to 1.3.5.

-- Scott

More information about the Pkg-shibboleth-devel mailing list