Bug#549936: breaks Shibboleth SPs: IdPs with KeyDescriptor use="signing" are broken

Russ Allbery rra at stanford.edu
Tue Oct 6 21:22:08 UTC 2009

----- "Scott Cantor" <cantor.2 at osu.edu> wrote:

> I can confirm that this would break in the manner described if you
> patch
> xmltooling but NOT opensaml with the related fix.
> It sounds like the opensaml patch and the SP rebuild didn't make it in
> yet.
> My apologies if this wasn't clear to the packagers or if I caused a
> problem
> with the way the fix was implemented.

Ack, I'm sorry.  I didn't realize that, so yes, that will indeed be a

Unfortunately, I'm both sick at the moment and my main computer is
dead with hardware failure, so I can't easily pursue it at the moment.
If someone else could, that would be great.  I had proposed the needed
changes for opensaml2 for the next stable update, but didn't get a reply
from the bug filed against release.debian.org.  In this case, it may be
best to ask team at security.debian.org whether this update should instead
be done via the security queue since having the xmltooling fix without
the opensaml2 fix breaks the package.

More information about the Pkg-shibboleth-devel mailing list