shibboleth-sp2_2.5.2+dfsg-2_i386.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sun Jul 14 18:48:46 UTC 2013
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 14 Jul 2013 11:27:40 -0700
Source: shibboleth-sp2
Binary: libapache2-mod-shib2 libshibsp6 libshibsp-dev libshibsp-doc shibboleth-sp2-schemas
Architecture: source i386 all
Version: 2.5.2+dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
libapache2-mod-shib2 - Federated web single sign-on system (Apache module)
libshibsp-dev - Federated web single sign-on system (development)
libshibsp-doc - Federated web single sign-on system (API docs)
libshibsp6 - Federated web single sign-on system (runtime)
shibboleth-sp2-schemas - Federated web single sign-on system (schemas)
Closes: 666804 685069
Changes:
shibboleth-sp2 (2.5.2+dfsg-2) unstable; urgency=low
.
* Upload to unstable.
.
shibboleth-sp2 (2.5.2+dfsg-1) experimental; urgency=low
.
* New upstream release.
- New shib-session and shib-user Require authentication types added,
which should be used in preference to Require valid-user or Require
user with Shibboleth authentication is desired.
- New ShibCompatValidUser Apache directive, which works around the way
that Shibboleth hooks into Require valid-user and Require user so
that those directives will continue to work with non-Shibboleth
authentication types. This directive will be needed for servers
that use Shibboleth and other authentication methods and want to use
Require valid-user or Require user with non-Shibboleth methods.
- Fix implementation of shib-metagen -l.
- Fix AttributeExtractor handling of multiple logos.
- Fix metadata attribute extraction with non-ASCII characters.
- Fix problems with Apache subrequests during server-side include
handling of unprotected pages.
- Add character set to DiscoFeed page header.
- Avoid leaking shibd sockets to child processes.
* Add NEWS entry for the authentication directive changes.
* Update README.Debian instructions to add AuthType None to the URLs
that have to be available to everyone and to use Require shib-session
instead of Require valid-user.
* Create /var/cache/shibboleth on install and remove it on purge.
* Link the FastCGI programs with libxmltooling-lite since they call one
of its interfaces directly. (This shows up as a build failure
otherwise due to the Debian build rules use of --as-needed.)
.
shibboleth-sp2 (2.5.1+dfsg-1) experimental; urgency=low
.
* New upstream release. (Closes: #685069)
- Support for Apache 2.4. Please note there are some configuration
incompabilities between Apache 2.4 and Apache 2.2. See the upstream
documentation at
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
for more information. (Closes: #666804)
- Disable the PKCS 1.5 algorithm for SAML assertion encryption by
default for security reasons. This can be re-enabled if necessary
in the security-policy.xml configuration file.
- The protocol between the Apache module and shibd has changed. shibd
will be restarted during upgrades, but if the module is configured
to talk to a remote shibd over TCP, both the module and shibd must
be upgraded at the same time.
- Settings to limit redirections have been renamed from
relayStateLimit and relayStateWhitelist to redirectLimit and
redirectWhitelist respectively and the old names are deprecated (but
still supported).
- cookieProps has been simplified and warnings introduced if SSL
restrictions are not enabled.
- The <AttributeExtractor> element that loads the attribute-map.xml
file now defaults to reloadChanges="false". Restarting the SP when
this file changes is recommended for security reasons.
- Logging properties have been removed from the default configuration
file and the absence of properties now indicates use of the default
logging configuration files (shibd.logger and native.logger).
- The native.log file is now created as root before Apache child
initialization to minimize permission issues.
- Files that persist across server restarts have been moved to
/var/cache/shibboleth.
- The example style sheet for error templates has been moved to a
version-independent location in /usr/share/shibboleth. A logo file
is no longer included in the package to avoid accidental use of the
Shibboleth logo on production sites. If your existing error
templates reference these files, you should correct this by copying
files that you need to locations that you control.
- The module should now be referenced as mod_shib.cpp in conditionals
that want to reference a source file name.
- Clients that bounce between IPv4 and IPv6 addresses should now be
handled more smoothly.
- SP initialization now fails if an external session cache is
configured but cannot be opened.
* Update libapache2-mod-shib2's README.Debian:
- Use the Apache 2.4 authorization syntax.
- Mention possibly having to grant access to /Shibboleth.sso.
- The module is now enabled by default but still needs configuration.
- Update the upstream configuration documentation URL.
- The reason for switching native.logger to syslog is now obsolete
(but the package still does that, possibly to be reconsidered
later).
* Remove the (undefined) warn_log destination from the default
native.logger configuration file, restoring consistency with the
Debian modification to log to syslog. Since all native logs go to
syslog, there's no need to have differentiated log destinations based
on threshold. The previous version of the file referenced a
commented-out warn_log destination, which caused errors to be spammed
to syslog.
* Build with GSS-API support.
* Build and install FastCGI programs in /usr/lib/<triplet>/shibboleth.
For right now, these are still included in libapache2-mod-shib2, which
makes them substantially less useful than they would be in their own
package. Further work is required to allow the FastCGI programs plus
shibd to be installed independent of the Apache module.
* Add build dependency on libboost-dev.
* Use log4shib instead of log4cpp.
* Force build dependencies and package dependencies on xml-security-c
1.7 or later, xmltooling 1.5 or later, and opensaml2 2.5 or later to
ensure everything is consistent.
* Remove explicit build dependency on libtool. This is now handled by
dh-autoreconf.
* Add Multi-Arch: same to libshibsp-dev and Multi-Arch: foreign to
libshibsp-doc and shibboleth-sp2-schemas.
* Remove Conflicts with libapache2-mod-shib. lenny is dead.
* Fix the libshibsp-doc package name in the Suggests on libshibsp-dev
and remove the nonstandard version constraint.
* Install the upstream doc/RELEASE.txt file as the upstream changelog.
It's not exactly a changelog, but it has pointers to the upstream web
documentation of changes, which is probably what people are looking for.
* Drop postinst code to handle upgrades from the Shibboleth 1.x module,
which was last included in lenny.
* Switch to xz compression for the repackaged upstream
source, *.debian.tar, and the *.deb packages.
* Update upstream Homepage.
* Canonicalize the URLs in the Vcs-Git and Vcs-Browser control fields.
* Update standards version to 3.9.4.
- Update debian/copyright to specify copyright-format 1.0.
Checksums-Sha1:
d4d8303c0db3f76fc4ca5a0e5a826eb21e9ed81c 2271 shibboleth-sp2_2.5.2+dfsg-2.dsc
d6ca8b3a54bf11783f36a4a553b7f3f34b345329 23580 shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz
cfa304c26e1417a1383d0e75316d2d575f4ce8f5 257168 libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb
0201b4fa2ad839b525491de5a12f252b58280596 800358 libshibsp6_2.5.2+dfsg-2_i386.deb
4ab8b5f9c7bb19ec19b11f9f6b329207488ac24f 50814 libshibsp-dev_2.5.2+dfsg-2_i386.deb
174e1a37bf41e7e404b9c80a70323b025a00579a 269288 libshibsp-doc_2.5.2+dfsg-2_all.deb
178753de0788f788cae69f11f592bb46d9c25025 26110 shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb
Checksums-Sha256:
7ea696ae85b2673aa283749797d438d5f4018250147c2f22001f4519f98dcad5 2271 shibboleth-sp2_2.5.2+dfsg-2.dsc
b046d837b2b2019fcc18fe7bd4a7d4689d6804e9340426be4e56b88f482607cd 23580 shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz
e7927a6685d5ed0b876ac9891479ac7a9ecf4eb928b437497d17fecd55ba9fe1 257168 libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb
2237ddfafca9ca35cfbcab577c0cecb6c1362b7abb206f7727114996045e5770 800358 libshibsp6_2.5.2+dfsg-2_i386.deb
68b2aef543297ceb183d947fa579746335457b7529b91adcdacb7e1466a23c3f 50814 libshibsp-dev_2.5.2+dfsg-2_i386.deb
5a23c9308b0624bc06359b897cf282aab04d02e9866263320b966a94b997fd1c 269288 libshibsp-doc_2.5.2+dfsg-2_all.deb
d6f6aa4042b6c6271a80600994b8bc428b3959029f56efacda32e2c790342d96 26110 shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb
Files:
2266bd670664360d378ba53462c40d1e 2271 web extra shibboleth-sp2_2.5.2+dfsg-2.dsc
0774fbc4eac15bd1b12fcd7a3d1a0f9e 23580 web extra shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz
e701c682c1828c05d0ffc952e416f7f1 257168 httpd extra libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb
20417ca3cf5a3a4d2e343d38a14b1549 800358 libs extra libshibsp6_2.5.2+dfsg-2_i386.deb
144b1df7b9cddccab61073685031e326 50814 libdevel extra libshibsp-dev_2.5.2+dfsg-2_i386.deb
9cae7984447c9e40beb5eeda84150dc7 269288 doc extra libshibsp-doc_2.5.2+dfsg-2_all.deb
954d3d44618aa6d3a35a5aca2d958288 26110 text extra shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJR4vE1AAoJEH2AMVxXNt51cOkH/A8K9JEj4mkyKjZkzEFzICi+
D/rGSDkSm/dibp+4pJIMYXhUjAeVUen3IPAM2oQSixBE1OiiJKR2iwGdtEd2XGSm
mcLaDzm1q87d8AXYMdtDGIHdA7LJjsAcI+JVnLUx2fhyO5mgv7MCMgFI6OagITWj
VzBn81rmt6LYH4iqCEsjOX91AjGNoQsVMkkP8FHEV+9wm2zjrkBw8NluvHcGK/TP
sspSiepL3D5V6mj9ZKoCotjLSkO5Igukv8a7GvIGx/IYtXXbJSRHTu4dRrK0uCVW
He7D82KoQfXdG4bhXdXI8OPbygCxsQR2n8P/410bMxNYQnP0uRgnyh34chMtjHU=
=tZkE
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-shibboleth-devel
mailing list