shibboleth-sp2_2.5.1+dfsg-1_i386.changes ACCEPTED into experimental, experimental

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat Jun 1 10:01:10 UTC 2013 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 31 May 2013 16:09:24 -0700
Source: shibboleth-sp2
Binary: libapache2-mod-shib2 libshibsp6 libshibsp-dev libshibsp-doc shibboleth-sp2-schemas
Architecture: source i386 all
Version: 2.5.1+dfsg-1
Distribution: experimental
Urgency: low
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description: 
 libapache2-mod-shib2 - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp6 - Federated web single sign-on system (runtime)
 shibboleth-sp2-schemas - Federated web single sign-on system (schemas)
Closes: 666804 685069
Changes: 
 shibboleth-sp2 (2.5.1+dfsg-1) experimental; urgency=low
 .
   * New upstream release.  (Closes: #685069)
     - Support for Apache 2.4.  Please note there are some configuration
       incompabilities between Apache 2.4 and Apache 2.2.  See the upstream
       documentation at
       https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
       for more information.  (Closes: #666804)
     - Disable the PKCS 1.5 algorithm for SAML assertion encryption by
       default for security reasons.  This can be re-enabled if necessary
       in the security-policy.xml configuration file.
     - The protocol between the Apache module and shibd has changed.  shibd
       will be restarted during upgrades, but if the module is configured
       to talk to a remote shibd over TCP, both the module and shibd must
       be upgraded at the same time.
     - Settings to limit redirections have been renamed from
       relayStateLimit and relayStateWhitelist to redirectLimit and
       redirectWhitelist respectively and the old names are deprecated (but
       still supported).
     - cookieProps has been simplified and warnings introduced if SSL
       restrictions are not enabled.
     - The <AttributeExtractor> element that loads the attribute-map.xml
       file now defaults to reloadChanges="false".  Restarting the SP when
       this file changes is recommended for security reasons.
     - Logging properties have been removed from the default configuration
       file and the absence of properties now indicates use of the default
       logging configuration files (shibd.logger and native.logger).
     - The native.log file is now created as root before Apache child
       initialization to minimize permission issues.
     - Files that persist across server restarts have been moved to
       /var/cache/shibboleth.
     - The example style sheet for error templates has been moved to a
       version-independent location in /usr/share/shibboleth.  A logo file
       is no longer included in the package to avoid accidental use of the
       Shibboleth logo on production sites.  If your existing error
       templates reference these files, you should correct this by copying
       files that you need to locations that you control.
     - The module should now be referenced as mod_shib.cpp in conditionals
       that want to reference a source file name.
     - Clients that bounce between IPv4 and IPv6 addresses should now be
       handled more smoothly.
     - SP initialization now fails if an external session cache is
       configured but cannot be opened.
   * Update libapache2-mod-shib2's README.Debian:
     - Use the Apache 2.4 authorization syntax.
     - Mention possibly having to grant access to /Shibboleth.sso.
     - The module is now enabled by default but still needs configuration.
     - Update the upstream configuration documentation URL.
     - The reason for switching native.logger to syslog is now obsolete
       (but the package still does that, possibly to be reconsidered
       later).
   * Remove the (undefined) warn_log destination from the default
     native.logger configuration file, restoring consistency with the
     Debian modification to log to syslog.  Since all native logs go to
     syslog, there's no need to have differentiated log destinations based
     on threshold.  The previous version of the file referenced a
     commented-out warn_log destination, which caused errors to be spammed
     to syslog.
   * Build with GSS-API support.
   * Build and install FastCGI programs in /usr/lib/<triplet>/shibboleth.
     For right now, these are still included in libapache2-mod-shib2, which
     makes them substantially less useful than they would be in their own
     package.  Further work is required to allow the FastCGI programs plus
     shibd to be installed independent of the Apache module.
   * Add build dependency on libboost-dev.
   * Use log4shib instead of log4cpp.
   * Force build dependencies and package dependencies on xml-security-c
     1.7 or later, xmltooling 1.5 or later, and opensaml2 2.5 or later to
     ensure everything is consistent.
   * Remove explicit build dependency on libtool.  This is now handled by
     dh-autoreconf.
   * Add Multi-Arch: same to libshibsp-dev and Multi-Arch: foreign to
     libshibsp-doc and shibboleth-sp2-schemas.
   * Remove Conflicts with libapache2-mod-shib.  lenny is dead.
   * Fix the libshibsp-doc package name in the Suggests on libshibsp-dev
     and remove the nonstandard version constraint.
   * Install the upstream doc/RELEASE.txt file as the upstream changelog.
     It's not exactly a changelog, but it has pointers to the upstream web
     documentation of changes, which is probably what people are looking for.
   * Drop postinst code to handle upgrades from the Shibboleth 1.x module,
     which was last included in lenny.
   * Switch to xz compression for the repackaged upstream
     source, *.debian.tar, and the *.deb packages.
   * Update upstream Homepage.
   * Canonicalize the URLs in the Vcs-Git and Vcs-Browser control fields.
   * Update standards version to 3.9.4.
     - Update debian/copyright to specify copyright-format 1.0.
Checksums-Sha1: 
 303c0301495fc5d0114afcb80acb1a1c1b9b0f3d 2271 shibboleth-sp2_2.5.1+dfsg-1.dsc
 87c0a142c73690c78cf9fcb56160b275f68a3e88 570464 shibboleth-sp2_2.5.1+dfsg.orig.tar.xz
 1cf0009c8e038735bce8ea92e61ec93923193fd2 22820 shibboleth-sp2_2.5.1+dfsg-1.debian.tar.xz
 d7f1f196dc5070984217abd7e98eed27865a1d46 260484 libapache2-mod-shib2_2.5.1+dfsg-1_i386.deb
 db6ca0bfd9d6d3bbffac5f1c18e1631daf2122d9 838192 libshibsp6_2.5.1+dfsg-1_i386.deb
 81d10e57bce6db3661724abb3c0c1d7989e61eda 50302 libshibsp-dev_2.5.1+dfsg-1_i386.deb
 c68d2117a3fe50feafb27c55379a9a85abb6f764 258242 libshibsp-doc_2.5.1+dfsg-1_all.deb
 1da92d514487bc11ed766a1e277481514fcf36b0 25592 shibboleth-sp2-schemas_2.5.1+dfsg-1_all.deb
Checksums-Sha256: 
 2e40796602a0b7310c72afb8743652ae702c9ea0f83236d3c6addfe25c63bbc3 2271 shibboleth-sp2_2.5.1+dfsg-1.dsc
 0da5c613b234701d1162940eac64a4c9d0d8b80ffde28d7a5a15502f74d42428 570464 shibboleth-sp2_2.5.1+dfsg.orig.tar.xz
 d5a2927569f884d6f2de2b79034872c551a2c6f7ac18d89f01fa10e47d580b18 22820 shibboleth-sp2_2.5.1+dfsg-1.debian.tar.xz
 c9268f418ebe54a583987d1873ac56beed754f65325f0127a60a6d7bf1426e89 260484 libapache2-mod-shib2_2.5.1+dfsg-1_i386.deb
 39d6fbb506a197b35cadd3228b604cf16aee1f375766caa1af51b940056270e4 838192 libshibsp6_2.5.1+dfsg-1_i386.deb
 cedf20d40f9ffb27c57346e42ab6c6b7f892a37814f5059b40b3df6a80607202 50302 libshibsp-dev_2.5.1+dfsg-1_i386.deb
 5d1c8fb83a134268cb31553b2e5efeb22f01a956f20f15e37f7e222b986d7cbc 258242 libshibsp-doc_2.5.1+dfsg-1_all.deb
 8e3a830e23035d0a2faecfe83e4ef5f0a9de91ac44eb47309a258cf15ba40be8 25592 shibboleth-sp2-schemas_2.5.1+dfsg-1_all.deb
Files: 
 37ca7192535041220ee0163ecd04c347 2271 web extra shibboleth-sp2_2.5.1+dfsg-1.dsc
 c4be5599dfc7d7a6b5206c11e9437762 570464 web extra shibboleth-sp2_2.5.1+dfsg.orig.tar.xz
 33066ec85b723ff9d19b472c1bc4540e 22820 web extra shibboleth-sp2_2.5.1+dfsg-1.debian.tar.xz
 f621eeaae6f0a01414c5efc971cd7687 260484 httpd extra libapache2-mod-shib2_2.5.1+dfsg-1_i386.deb
 d49e2529374b620b68d188ec682c6590 838192 libs extra libshibsp6_2.5.1+dfsg-1_i386.deb
 ba2a21c0018b0a40bcec9b38f5ba7ec8 50302 libdevel extra libshibsp-dev_2.5.1+dfsg-1_i386.deb
 2eca1613dd8638710cd6a5c50aaf0445 258242 doc extra libshibsp-doc_2.5.1+dfsg-1_all.deb
 ec02e1b0b596ed21c014f954f0cf9e9d 25592 text extra shibboleth-sp2-schemas_2.5.1+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJRqTCPAAoJEH2AMVxXNt51xeMH/R4upEl7/FLlP42nf2iyXfYP
RoLg0Vl5Nldd4v0YdL0ZE2xpJwy6T0wHpP568vhvwPM8Dv/whOK1qH5jmJv8s8mw
zJG5jE2mT8wANbJtRMAOLBNAGDk08oTl/dzGj2iL0sAS/KdPDuXbdYXH9jueNEMo
Sf7pVx06G0lJqYvzvxsTH4vpY30D6LW7e7UDVR+ZzkooxwbDPET4Og+Ubm+KTCqP
AnrN7FTmYiRYyjntFZr0WTICwhL28+fYCSq3mkhOfnQHtFsguYd32peogNdB7CCu
+Qi4sYKT1uggPX1GgnJhy3eR1C9mlsPGbYfQYgsaW8jQdDOny1/9UCF6mpxaahw=
=s1Kk
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Pkg-shibboleth-devel mailing list