shibboleth-sp2_2.3+dfsg-1_i386.changes is NEW

Archive Administrator installer at
Wed Nov 18 21:44:58 UTC 2009

  to main/s/shibboleth-sp2/libapache2-mod-shib2_2.3+dfsg-1_i386.deb
  to main/s/shibboleth-sp2/libshibsp-dev_2.3+dfsg-1_i386.deb
  to main/s/shibboleth-sp2/libshibsp-doc_2.3+dfsg-1_all.deb
(new) libshibsp4_2.3+dfsg-1_i386.deb extra libs
Federated web single sign-on system (runtime)
 The Shibboleth System is a standards based software package for web
 single sign-on across or within organizational boundaries.  It supports
 authorization and attribute exchange using the OASIS SAML 2.0 protocol.
 Shibboleth allows sites to make informed authorization decisions for
 individual access of protected online resources while allowing users to
 establish their identities with their local authentication systems.
 This package contains the Shibboleth SP runtime library.
  to main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.3+dfsg-1_all.deb
  to main/s/shibboleth-sp2/shibboleth-sp2_2.3+dfsg-1.diff.gz
  to main/s/shibboleth-sp2/shibboleth-sp2_2.3+dfsg-1.dsc
  to main/s/shibboleth-sp2/shibboleth-sp2_2.3+dfsg.orig.tar.gz
Changes: shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high
  [ Russ Allbery ]
  * Urgency set to high for security fix.
  * New upstream release.
    - SECURITY: Partial fix for improper handling of URLs that could be
      abused for script injection and other cross-site scripting attacks.
      The complete fix also requires newer xmltooling and opensaml2
      packages.  (Closes: #555608, CVE-2009-3300)
    - Avoid shibd crash on dead memcache server.
    - Pass the affiliation name to the session initiator.
    - Correctly handle a bogus ACS.
    - Allow overriding the URL that's passed to the DS.
    - Add schema types for new attribute decoders introduced in 2.2.
    - Handle success with partial logout in the logout UI code.
    - Fix POST data preservation with empty parameters and empty forms.
    - Fix SAML 1 specification of attributes in the query plugin.
    - Shorten ePTId-type persistent identifiers.
    - Use an ID rather than a whole doc reference for generated metadata.
    - Fix spelling of scopeDelimiter in the configuration parser, making
      the code and documentation match the schema.
  * Rename library package for upstream SONAME bump.
  * Tighten build and package dependencies on xmltooling and opensaml2 to
    require the versions with the security fix.
  * Fix watch file for the new version mangling.
  * Improve documentation of DAEMON_OPTS in /etc/default/shibd.
  * Remove unnecessary patches to upstream files regenerated during the
    build from the source package diff.
  [ Faidon Liambotis ]
  * Run make install with NOKEYGEN=1 and stop rm-ing generated
    certificates.  Fixes FTBFS.
  [ Ferenc Wagner ]
  * Run shibd as non-root.

Override entries for your package:
libapache2-mod-shib2_2.3+dfsg-1_i386.deb - extra httpd
libshibsp-dev_2.3+dfsg-1_i386.deb - extra libdevel
libshibsp-doc_2.3+dfsg-1_all.deb - extra doc
shibboleth-sp2-schemas_2.3+dfsg-1_all.deb - extra text
shibboleth-sp2_2.3+dfsg-1.dsc - source web

Announcing to debian-devel-changes at
Closing bugs: 555608 

Your package contains new components which requires manual editing of
the override file.  It is ok otherwise, so please be patient.  New
packages are usually added to the override file about once a week.

You may have gotten the distribution wrong.  You'll get warnings above
if files already exist in other distributions.

More information about the Pkg-shibboleth-devel mailing list