Lenny fixes for opensaml2 and shibboleth-sp2

Ferenc Wagner wferi at niif.hu
Thu Nov 26 16:23:20 UTC 2009

Security team,

I'm backporting the fixes to #555608 (CVE-2009-3300) into Lenny.
Upstream solved the issue by introducing new static class members in
xmltooling, which lies at the bottom of the library stack, and invoking
them from the necessary places.  This resulted in soname changes in
libxmltooling, libsaml and libshibsp, which I'm trying to avoid.  It
seems readily possible in the opensaml library, but not quite in
libshibsp, so I ask for your opinion: may I add two new exported symbols
to libshibsp, or should I add the same function definitions to each
component?  Or even, should I add static functions into header files
(which would mostly go unused, raising warnings from GCC)?

More information about the Pkg-shibboleth-devel mailing list