shibboleth-sp2_2.3+dfsg-1_i386.changes is NEW
Archive Administrator
installer at ftp-master.debian.org
Wed Nov 18 21:44:58 UTC 2009
libapache2-mod-shib2_2.3+dfsg-1_i386.deb
to main/s/shibboleth-sp2/libapache2-mod-shib2_2.3+dfsg-1_i386.deb
libshibsp-dev_2.3+dfsg-1_i386.deb
to main/s/shibboleth-sp2/libshibsp-dev_2.3+dfsg-1_i386.deb
libshibsp-doc_2.3+dfsg-1_all.deb
to main/s/shibboleth-sp2/libshibsp-doc_2.3+dfsg-1_all.deb
(new) libshibsp4_2.3+dfsg-1_i386.deb extra libs
Federated web single sign-on system (runtime)
The Shibboleth System is a standards based software package for web
single sign-on across or within organizational boundaries. It supports
authorization and attribute exchange using the OASIS SAML 2.0 protocol.
Shibboleth allows sites to make informed authorization decisions for
individual access of protected online resources while allowing users to
establish their identities with their local authentication systems.
.
This package contains the Shibboleth SP runtime library.
shibboleth-sp2-schemas_2.3+dfsg-1_all.deb
to main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.3+dfsg-1_all.deb
shibboleth-sp2_2.3+dfsg-1.diff.gz
to main/s/shibboleth-sp2/shibboleth-sp2_2.3+dfsg-1.diff.gz
shibboleth-sp2_2.3+dfsg-1.dsc
to main/s/shibboleth-sp2/shibboleth-sp2_2.3+dfsg-1.dsc
shibboleth-sp2_2.3+dfsg.orig.tar.gz
to main/s/shibboleth-sp2/shibboleth-sp2_2.3+dfsg.orig.tar.gz
Changes: shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high
.
[ Russ Allbery ]
* Urgency set to high for security fix.
* New upstream release.
- SECURITY: Partial fix for improper handling of URLs that could be
abused for script injection and other cross-site scripting attacks.
The complete fix also requires newer xmltooling and opensaml2
packages. (Closes: #555608, CVE-2009-3300)
- Avoid shibd crash on dead memcache server.
- Pass the affiliation name to the session initiator.
- Correctly handle a bogus ACS.
- Allow overriding the URL that's passed to the DS.
- Add schema types for new attribute decoders introduced in 2.2.
- Handle success with partial logout in the logout UI code.
- Fix POST data preservation with empty parameters and empty forms.
- Fix SAML 1 specification of attributes in the query plugin.
- Shorten ePTId-type persistent identifiers.
- Use an ID rather than a whole doc reference for generated metadata.
- Fix spelling of scopeDelimiter in the configuration parser, making
the code and documentation match the schema.
* Rename library package for upstream SONAME bump.
* Tighten build and package dependencies on xmltooling and opensaml2 to
require the versions with the security fix.
* Fix watch file for the new version mangling.
* Improve documentation of DAEMON_OPTS in /etc/default/shibd.
* Remove unnecessary patches to upstream files regenerated during the
build from the source package diff.
.
[ Faidon Liambotis ]
* Run make install with NOKEYGEN=1 and stop rm-ing generated
certificates. Fixes FTBFS.
.
[ Ferenc Wagner ]
* Run shibd as non-root.
Override entries for your package:
libapache2-mod-shib2_2.3+dfsg-1_i386.deb - extra httpd
libshibsp-dev_2.3+dfsg-1_i386.deb - extra libdevel
libshibsp-doc_2.3+dfsg-1_all.deb - extra doc
shibboleth-sp2-schemas_2.3+dfsg-1_all.deb - extra text
shibboleth-sp2_2.3+dfsg-1.dsc - source web
Announcing to debian-devel-changes at lists.debian.org
Closing bugs: 555608
Your package contains new components which requires manual editing of
the override file. It is ok otherwise, so please be patient. New
packages are usually added to the override file about once a week.
You may have gotten the distribution wrong. You'll get warnings above
if files already exist in other distributions.
More information about the Pkg-shibboleth-devel
mailing list