[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, master, updated. debian/2.5.1+dfsg-1-7-gbb96e1f

Tue Jun 18 23:57:02 UTC 2013

The following commit has been merged in the master branch:
commit 5c6141bff267a43d327e31fc40298aabb774ca53
Author: Russ Allbery <rra at debian.org>
Date:   Tue Jun 18 15:08:18 2013 -0700

    Add changelog, NEWS, and doc updates for 2.5.2 release
    
    Add upstream changes for 2.5.2.
    
    Add NEWS entry for the authentication directive changes.
    
    Update README.Debian instructions to add AuthType None to the URLs
    that have to be available to everyone and to use Require shib-session
    instead of Require valid-user.

diff --git a/debian/changelog b/debian/changelog
index d2d2c06..cac8c50 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,26 @@
 shibboleth-sp2 (2.5.2+dfsg-1) UNRELEASED; urgency=low
 
   * New upstream release.
+    - New shib-session and shib-user Require authentication types added,
+      which should be used in preference to Require valid-user or Require
+      user with Shibboleth authentication is desired.
+    - New ShibCompatValidUser Apache directive, which works around the way
+      that Shibboleth hooks into Require valid-user and Require user so
+      that those directives will continue to work with non-Shibboleth
+      authentication types.  This directive will be needed for servers
+      that use Shibboleth and other authentication methods and want to use
+      Require valid-user or Require user with non-Shibboleth methods.
+    - Fix implementation of shib-metagen -l.
+    - Fix AttributeExtractor handling of multiple logos.
+    - Fix metadata attribute extraction with non-ASCII characters.
+    - Fix problems with Apache subrequests during server-side include
+      handling of unprotected pages.
+    - Add character set to DiscoFeed page header.
+    - Avoid leaking shibd sockets to child processes.
+  * Add NEWS entry for the authentication directive changes.
+  * Update README.Debian instructions to add AuthType None to the URLs
+    that have to be available to everyone and to use Require shib-session
+    instead of Require valid-user.
 
  -- Russ Allbery <rra at debian.org>  Tue, 18 Jun 2013 11:13:01 -0700
 
diff --git a/debian/libapache2-mod-shib2.NEWS b/debian/libapache2-mod-shib2.NEWS
index 1ff4483..cea6b95 100644
--- a/debian/libapache2-mod-shib2.NEWS
+++ b/debian/libapache2-mod-shib2.NEWS
@@ -1,3 +1,22 @@
+shibboleth-sp2 (2.5.2+dfsg-1) experimental; urgency=low
+
+  Shibboleth has added new Require shib-session and Require shib-user
+  directives, which will replace use of Require valid-user and Require
+  user with Shibboleth authentication.  If you are currently using
+  valid-user or user restrictions with Shibboleth, consider switching to
+  shib-session and shib-user, respectively.
+
+  If you are using both Shibboleth and another authentication method, such
+  as basic auth, on the same Apache server and want to use Require
+  valid-user or Require user with the non-Shibboleth authentication
+  method, you will need to add:
+
+      ShibCompatValidUser On
+
+  to your server or virtual host configuration.
+  
+ -- Russ Allbery <rra at debian.org>  Tue, 18 Jun 2013 14:47:40 -0700
+
 shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high
 
   As of this release, running shibd as a non-root user is supported and
diff --git a/debian/libapache2-mod-shib2.README.Debian b/debian/libapache2-mod-shib2.README.Debian
index 6ac5d32..982a736 100644
--- a/debian/libapache2-mod-shib2.README.Debian
+++ b/debian/libapache2-mod-shib2.README.Debian
@@ -33,6 +33,7 @@ Installation and Configuration
   Shibboleth client to the /Shibboleth.sso URL.  For example:
 
     <Location "/Shibboleth.sso">
+        AuthType None
         Require all granted
     </Location>
 
@@ -46,6 +47,7 @@ Installation and Configuration
   /shibboleth-sp), add this to your Apache configuration:
 
     <Location /shibboleth-sp>
+        AuthType None
         Require all granted
     </Location>
     Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
@@ -64,7 +66,7 @@ Installation and Configuration
     <Location /secure>
         AuthType shibboleth
         ShibRequestSetting requireSession 1
-        require valid-user
+        Require shib-session
     </Location>
 
   for some <Location>, <Directory>, or <Files> block.  You can also put
@@ -152,4 +154,4 @@ Further Information
 
     https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfiguration
 
- -- Russ Allbery <rra at debian.org>, Fri, 31 May 2013 15:52:13 -0700
+ -- Russ Allbery <rra at debian.org>, Tue, 18 Jun 2013 14:50:43 -0700

-- 
Debian packaging for the 2.0 Apache Shibboleth SP

