[SCM] Debian packaging for the 2.0 Apache Shibboleth SP annotated tag, debian/2.5.2+dfsg-2, created. debian/2.5.2+dfsg-2

Russ Allbery rra at debian.org
Sun Jul 14 18:42:58 UTC 2013

The annotated tag, debian/2.5.2+dfsg-2 has been created
        at  e03de0d599d4841e682969c2b2f01e1f5a90bfb9 (tag)
   tagging  fa17c56cfe60b70cf0751d5b5670a9a14e1109df (commit)
  replaces  debian/2.5.2+dfsg-1
 tagged by  Russ Allbery
        on  Sun Jul 14 11:42:18 2013 -0700

- Shortlog ------------------------------------------------------------
Debian release 2.5.2+dfsg-2

Format: 1.8
Date: Sun, 14 Jul 2013 11:27:40 -0700
Source: shibboleth-sp2
Binary: libapache2-mod-shib2 libshibsp6 libshibsp-dev libshibsp-doc shibboleth-sp2-schemas
Architecture: source i386 all
Version: 2.5.2+dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
 libapache2-mod-shib2 - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp6 - Federated web single sign-on system (runtime)
 shibboleth-sp2-schemas - Federated web single sign-on system (schemas)
Closes: 666804 685069
 shibboleth-sp2 (2.5.2+dfsg-2) unstable; urgency=low
   * Upload to unstable.
 shibboleth-sp2 (2.5.2+dfsg-1) experimental; urgency=low
   * New upstream release.
     - New shib-session and shib-user Require authentication types added,
       which should be used in preference to Require valid-user or Require
       user with Shibboleth authentication is desired.
     - New ShibCompatValidUser Apache directive, which works around the way
       that Shibboleth hooks into Require valid-user and Require user so
       that those directives will continue to work with non-Shibboleth
       authentication types.  This directive will be needed for servers
       that use Shibboleth and other authentication methods and want to use
       Require valid-user or Require user with non-Shibboleth methods.
     - Fix implementation of shib-metagen -l.
     - Fix AttributeExtractor handling of multiple logos.
     - Fix metadata attribute extraction with non-ASCII characters.
     - Fix problems with Apache subrequests during server-side include
       handling of unprotected pages.
     - Add character set to DiscoFeed page header.
     - Avoid leaking shibd sockets to child processes.
   * Add NEWS entry for the authentication directive changes.
   * Update README.Debian instructions to add AuthType None to the URLs
     that have to be available to everyone and to use Require shib-session
     instead of Require valid-user.
   * Create /var/cache/shibboleth on install and remove it on purge.
   * Link the FastCGI programs with libxmltooling-lite since they call one
     of its interfaces directly.  (This shows up as a build failure
     otherwise due to the Debian build rules use of --as-needed.)
 shibboleth-sp2 (2.5.1+dfsg-1) experimental; urgency=low
   * New upstream release.  (Closes: #685069)
     - Support for Apache 2.4.  Please note there are some configuration
       incompabilities between Apache 2.4 and Apache 2.2.  See the upstream
       documentation at
       for more information.  (Closes: #666804)
     - Disable the PKCS 1.5 algorithm for SAML assertion encryption by
       default for security reasons.  This can be re-enabled if necessary
       in the security-policy.xml configuration file.
     - The protocol between the Apache module and shibd has changed.  shibd
       will be restarted during upgrades, but if the module is configured
       to talk to a remote shibd over TCP, both the module and shibd must
       be upgraded at the same time.
     - Settings to limit redirections have been renamed from
       relayStateLimit and relayStateWhitelist to redirectLimit and
       redirectWhitelist respectively and the old names are deprecated (but
       still supported).
     - cookieProps has been simplified and warnings introduced if SSL
       restrictions are not enabled.
     - The <AttributeExtractor> element that loads the attribute-map.xml
       file now defaults to reloadChanges="false".  Restarting the SP when
       this file changes is recommended for security reasons.
     - Logging properties have been removed from the default configuration
       file and the absence of properties now indicates use of the default
       logging configuration files (shibd.logger and native.logger).
     - The native.log file is now created as root before Apache child
       initialization to minimize permission issues.
     - Files that persist across server restarts have been moved to
     - The example style sheet for error templates has been moved to a
       version-independent location in /usr/share/shibboleth.  A logo file
       is no longer included in the package to avoid accidental use of the
       Shibboleth logo on production sites.  If your existing error
       templates reference these files, you should correct this by copying
       files that you need to locations that you control.
     - The module should now be referenced as mod_shib.cpp in conditionals
       that want to reference a source file name.
     - Clients that bounce between IPv4 and IPv6 addresses should now be
       handled more smoothly.
     - SP initialization now fails if an external session cache is
       configured but cannot be opened.
   * Update libapache2-mod-shib2's README.Debian:
     - Use the Apache 2.4 authorization syntax.
     - Mention possibly having to grant access to /Shibboleth.sso.
     - The module is now enabled by default but still needs configuration.
     - Update the upstream configuration documentation URL.
     - The reason for switching native.logger to syslog is now obsolete
       (but the package still does that, possibly to be reconsidered
   * Remove the (undefined) warn_log destination from the default
     native.logger configuration file, restoring consistency with the
     Debian modification to log to syslog.  Since all native logs go to
     syslog, there's no need to have differentiated log destinations based
     on threshold.  The previous version of the file referenced a
     commented-out warn_log destination, which caused errors to be spammed
     to syslog.
   * Build with GSS-API support.
   * Build and install FastCGI programs in /usr/lib/<triplet>/shibboleth.
     For right now, these are still included in libapache2-mod-shib2, which
     makes them substantially less useful than they would be in their own
     package.  Further work is required to allow the FastCGI programs plus
     shibd to be installed independent of the Apache module.
   * Add build dependency on libboost-dev.
   * Use log4shib instead of log4cpp.
   * Force build dependencies and package dependencies on xml-security-c
     1.7 or later, xmltooling 1.5 or later, and opensaml2 2.5 or later to
     ensure everything is consistent.
   * Remove explicit build dependency on libtool.  This is now handled by
   * Add Multi-Arch: same to libshibsp-dev and Multi-Arch: foreign to
     libshibsp-doc and shibboleth-sp2-schemas.
   * Remove Conflicts with libapache2-mod-shib.  lenny is dead.
   * Fix the libshibsp-doc package name in the Suggests on libshibsp-dev
     and remove the nonstandard version constraint.
   * Install the upstream doc/RELEASE.txt file as the upstream changelog.
     It's not exactly a changelog, but it has pointers to the upstream web
     documentation of changes, which is probably what people are looking for.
   * Drop postinst code to handle upgrades from the Shibboleth 1.x module,
     which was last included in lenny.
   * Switch to xz compression for the repackaged upstream
     source, *.debian.tar, and the *.deb packages.
   * Update upstream Homepage.
   * Canonicalize the URLs in the Vcs-Git and Vcs-Browser control fields.
   * Update standards version to 3.9.4.
     - Update debian/copyright to specify copyright-format 1.0.
 a300530d8c04353b0563ac9d8beeec1892d6f401 1731 shibboleth-sp2_2.5.2+dfsg-2.dsc
 d6ca8b3a54bf11783f36a4a553b7f3f34b345329 23580 shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz
 cfa304c26e1417a1383d0e75316d2d575f4ce8f5 257168 libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb
 0201b4fa2ad839b525491de5a12f252b58280596 800358 libshibsp6_2.5.2+dfsg-2_i386.deb
 4ab8b5f9c7bb19ec19b11f9f6b329207488ac24f 50814 libshibsp-dev_2.5.2+dfsg-2_i386.deb
 174e1a37bf41e7e404b9c80a70323b025a00579a 269288 libshibsp-doc_2.5.2+dfsg-2_all.deb
 178753de0788f788cae69f11f592bb46d9c25025 26110 shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb
 f779657c6f54a72ce6d05f20980fb51e36c3fc2bb94ffb54a32b56df85cac471 1731 shibboleth-sp2_2.5.2+dfsg-2.dsc
 b046d837b2b2019fcc18fe7bd4a7d4689d6804e9340426be4e56b88f482607cd 23580 shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz
 e7927a6685d5ed0b876ac9891479ac7a9ecf4eb928b437497d17fecd55ba9fe1 257168 libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb
 2237ddfafca9ca35cfbcab577c0cecb6c1362b7abb206f7727114996045e5770 800358 libshibsp6_2.5.2+dfsg-2_i386.deb
 68b2aef543297ceb183d947fa579746335457b7529b91adcdacb7e1466a23c3f 50814 libshibsp-dev_2.5.2+dfsg-2_i386.deb
 5a23c9308b0624bc06359b897cf282aab04d02e9866263320b966a94b997fd1c 269288 libshibsp-doc_2.5.2+dfsg-2_all.deb
 d6f6aa4042b6c6271a80600994b8bc428b3959029f56efacda32e2c790342d96 26110 shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb
 9f5f32cbe93713f57efc7a13009bbada 1731 web extra shibboleth-sp2_2.5.2+dfsg-2.dsc
 0774fbc4eac15bd1b12fcd7a3d1a0f9e 23580 web extra shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz
 e701c682c1828c05d0ffc952e416f7f1 257168 httpd extra libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb
 20417ca3cf5a3a4d2e343d38a14b1549 800358 libs extra libshibsp6_2.5.2+dfsg-2_i386.deb
 144b1df7b9cddccab61073685031e326 50814 libdevel extra libshibsp-dev_2.5.2+dfsg-2_i386.deb
 9cae7984447c9e40beb5eeda84150dc7 269288 doc extra libshibsp-doc_2.5.2+dfsg-2_all.deb
 954d3d44618aa6d3a35a5aca2d958288 26110 text extra shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb
Version: GnuPG v1.4.12 (GNU/Linux)


Russ Allbery (1):
      Upload 2.5.2+dfsg-2 to unstable


Debian packaging for the 2.0 Apache Shibboleth SP

More information about the Pkg-shibboleth-devel mailing list