[shibboleth-sp2] annotated tag debian/2.5.2+dfsg-2_bpo70+1 created (now 3a906dc)

Russ Allbery rra at stanford.edu
Mon Apr 7 01:51:58 UTC 2014

This is an automated email from the git hooks/post-receive script.

rra pushed a change to annotated tag debian/2.5.2+dfsg-2_bpo70+1
in repository shibboleth-sp2.

        at  3a906dc   (tag)
   tagging  d1ac1f3b015d6b08d5e1708e58e86f51b43816ee (commit)
  replaces  debian/2.5.2+dfsg-2
 tagged by  Russ Allbery
        on  Sun Apr 6 18:50:45 2014 -0700

- Log -----------------------------------------------------------------
Debian release 2.5.2+dfsg-2~bpo70+1

Format: 1.8
Date: Sun, 06 Apr 2014 18:23:31 -0700
Source: shibboleth-sp2
Binary: libapache2-mod-shib2 libshibsp6 libshibsp-dev libshibsp-doc shibboleth-sp2-schemas
Architecture: source amd64 all
Version: 2.5.2+dfsg-2~bpo70+1
Distribution: wheezy-backports
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
 libapache2-mod-shib2 - Federated web single sign-on system (Apache module)
 libshibsp-dev - Federated web single sign-on system (development)
 libshibsp-doc - Federated web single sign-on system (API docs)
 libshibsp6 - Federated web single sign-on system (runtime)
 shibboleth-sp2-schemas - Federated web single sign-on system (schemas)
Closes: 666804 685069
 shibboleth-sp2 (2.5.2+dfsg-2~bpo70+1) wheezy-backports; urgency=medium
   * Backport to wheezy.
   * Revert the changes to build against Apache 2.4 and use dh_apache2, but
     keep the change to enable the module by default on new installs.
 shibboleth-sp2 (2.5.2+dfsg-2) unstable; urgency=low
   * Upload to unstable.
 shibboleth-sp2 (2.5.2+dfsg-1) experimental; urgency=low
   * New upstream release.
     - New shib-session and shib-user Require authentication types added,
       which should be used in preference to Require valid-user or Require
       user with Shibboleth authentication is desired.
     - New ShibCompatValidUser Apache directive, which works around the way
       that Shibboleth hooks into Require valid-user and Require user so
       that those directives will continue to work with non-Shibboleth
       authentication types.  This directive will be needed for servers
       that use Shibboleth and other authentication methods and want to use
       Require valid-user or Require user with non-Shibboleth methods.
     - Fix implementation of shib-metagen -l.
     - Fix AttributeExtractor handling of multiple logos.
     - Fix metadata attribute extraction with non-ASCII characters.
     - Fix problems with Apache subrequests during server-side include
       handling of unprotected pages.
     - Add character set to DiscoFeed page header.
     - Avoid leaking shibd sockets to child processes.
   * Add NEWS entry for the authentication directive changes.
   * Update README.Debian instructions to add AuthType None to the URLs
     that have to be available to everyone and to use Require shib-session
     instead of Require valid-user.
   * Create /var/cache/shibboleth on install and remove it on purge.
   * Link the FastCGI programs with libxmltooling-lite since they call one
     of its interfaces directly.  (This shows up as a build failure
     otherwise due to the Debian build rules use of --as-needed.)
 shibboleth-sp2 (2.5.1+dfsg-1) experimental; urgency=low
   * New upstream release.  (Closes: #685069)
     - Support for Apache 2.4.  Please note there are some configuration
       incompabilities between Apache 2.4 and Apache 2.2.  See the upstream
       documentation at
       for more information.  (Closes: #666804)
     - Disable the PKCS 1.5 algorithm for SAML assertion encryption by
       default for security reasons.  This can be re-enabled if necessary
       in the security-policy.xml configuration file.
     - The protocol between the Apache module and shibd has changed.  shibd
       will be restarted during upgrades, but if the module is configured
       to talk to a remote shibd over TCP, both the module and shibd must
       be upgraded at the same time.
     - Settings to limit redirections have been renamed from
       relayStateLimit and relayStateWhitelist to redirectLimit and
       redirectWhitelist respectively and the old names are deprecated (but
       still supported).
     - cookieProps has been simplified and warnings introduced if SSL
       restrictions are not enabled.
     - The <AttributeExtractor> element that loads the attribute-map.xml
       file now defaults to reloadChanges="false".  Restarting the SP when
       this file changes is recommended for security reasons.
     - Logging properties have been removed from the default configuration
       file and the absence of properties now indicates use of the default
       logging configuration files (shibd.logger and native.logger).
     - The native.log file is now created as root before Apache child
       initialization to minimize permission issues.
     - Files that persist across server restarts have been moved to
     - The example style sheet for error templates has been moved to a
       version-independent location in /usr/share/shibboleth.  A logo file
       is no longer included in the package to avoid accidental use of the
       Shibboleth logo on production sites.  If your existing error
       templates reference these files, you should correct this by copying
       files that you need to locations that you control.
     - The module should now be referenced as mod_shib.cpp in conditionals
       that want to reference a source file name.
     - Clients that bounce between IPv4 and IPv6 addresses should now be
       handled more smoothly.
     - SP initialization now fails if an external session cache is
       configured but cannot be opened.
   * Update libapache2-mod-shib2's README.Debian:
     - Use the Apache 2.4 authorization syntax.
     - Mention possibly having to grant access to /Shibboleth.sso.
     - The module is now enabled by default but still needs configuration.
     - Update the upstream configuration documentation URL.
     - The reason for switching native.logger to syslog is now obsolete
       (but the package still does that, possibly to be reconsidered
   * Remove the (undefined) warn_log destination from the default
     native.logger configuration file, restoring consistency with the
     Debian modification to log to syslog.  Since all native logs go to
     syslog, there's no need to have differentiated log destinations based
     on threshold.  The previous version of the file referenced a
     commented-out warn_log destination, which caused errors to be spammed
     to syslog.
   * Build with GSS-API support.
   * Build and install FastCGI programs in /usr/lib/<triplet>/shibboleth.
     For right now, these are still included in libapache2-mod-shib2, which
     makes them substantially less useful than they would be in their own
     package.  Further work is required to allow the FastCGI programs plus
     shibd to be installed independent of the Apache module.
   * Add build dependency on libboost-dev.
   * Use log4shib instead of log4cpp.
   * Force build dependencies and package dependencies on xml-security-c
     1.7 or later, xmltooling 1.5 or later, and opensaml2 2.5 or later to
     ensure everything is consistent.
   * Remove explicit build dependency on libtool.  This is now handled by
   * Add Multi-Arch: same to libshibsp-dev and Multi-Arch: foreign to
     libshibsp-doc and shibboleth-sp2-schemas.
   * Remove Conflicts with libapache2-mod-shib.  lenny is dead.
   * Fix the libshibsp-doc package name in the Suggests on libshibsp-dev
     and remove the nonstandard version constraint.
   * Install the upstream doc/RELEASE.txt file as the upstream changelog.
     It's not exactly a changelog, but it has pointers to the upstream web
     documentation of changes, which is probably what people are looking for.
   * Drop postinst code to handle upgrades from the Shibboleth 1.x module,
     which was last included in lenny.
   * Switch to xz compression for the repackaged upstream
     source, *.debian.tar, and the *.deb packages.
   * Update upstream Homepage.
   * Canonicalize the URLs in the Vcs-Git and Vcs-Browser control fields.
   * Update standards version to 3.9.4.
     - Update debian/copyright to specify copyright-format 1.0.
 0be4d8fd16fa7e9d07862a3ae489002ff7351bd5 1749 shibboleth-sp2_2.5.2+dfsg-2~bpo70+1.dsc
 cf2eeec82133559f48cb56244f11f0be5a157332 567568 shibboleth-sp2_2.5.2+dfsg.orig.tar.xz
 4c7dd3e0541e0be6514be6ae1001ba1f45b53334 23792 shibboleth-sp2_2.5.2+dfsg-2~bpo70+1.debian.tar.xz
 66b08badf2e2eb5d8e2e129b23712198254b132c 270690 libapache2-mod-shib2_2.5.2+dfsg-2~bpo70+1_amd64.deb
 df82c7c62dc9767e51af1a26a20e307147f0f4e6 842064 libshibsp6_2.5.2+dfsg-2~bpo70+1_amd64.deb
 fd67f2018a1080a5186aa24b85d1747a6f97aff1 50794 libshibsp-dev_2.5.2+dfsg-2~bpo70+1_amd64.deb
 4380980aa2f88e6289f18172690aa2f7e1141a41 259252 libshibsp-doc_2.5.2+dfsg-2~bpo70+1_all.deb
 d929746c9596845695945cf87bb6a2c8a5fe3f23 26056 shibboleth-sp2-schemas_2.5.2+dfsg-2~bpo70+1_all.deb
 84ca9016b7c008349647821301cd4ff24c662c7b8452f4d71019cf0d4f3e8f3a 1749 shibboleth-sp2_2.5.2+dfsg-2~bpo70+1.dsc
 a6052082a34e825cf3e8952bb84098b6f9df05316dc571fe232aba920c74493e 567568 shibboleth-sp2_2.5.2+dfsg.orig.tar.xz
 e4258dab1017a97cdc211dcecfc57e723f0c5033b5c264333f85c20bd24f2d89 23792 shibboleth-sp2_2.5.2+dfsg-2~bpo70+1.debian.tar.xz
 8ac031a7b32eb5c651c82dec25b6d39463add0605c958cc0de83a6570ff9cb53 270690 libapache2-mod-shib2_2.5.2+dfsg-2~bpo70+1_amd64.deb
 2d294e52752348014f61822ba05094550543c41fe8d0445cc5216952ff60b8d3 842064 libshibsp6_2.5.2+dfsg-2~bpo70+1_amd64.deb
 d307c579b3cc0ffd134f5701292150a591d1cd4db83721bec0bef43ee3273acb 50794 libshibsp-dev_2.5.2+dfsg-2~bpo70+1_amd64.deb
 8ef3e3ec598cf5ca00d1f0dd57c275bc916d7e6b9d7b9e6fd5a8333557dc49a7 259252 libshibsp-doc_2.5.2+dfsg-2~bpo70+1_all.deb
 8e72c9352a50374a65e5120e779f6ceec63d45849c7a16cf4406ad7204d7d5cf 26056 shibboleth-sp2-schemas_2.5.2+dfsg-2~bpo70+1_all.deb
 80bbe55a675c0f4b831b909edc555444 1749 web extra shibboleth-sp2_2.5.2+dfsg-2~bpo70+1.dsc
 98edbfbb63ef36bc732c79ebb4a65313 567568 web extra shibboleth-sp2_2.5.2+dfsg.orig.tar.xz
 40a2362716db24ee3ce67a48f68e1bf7 23792 web extra shibboleth-sp2_2.5.2+dfsg-2~bpo70+1.debian.tar.xz
 dc6026032d60d66b071d370d27b068c6 270690 httpd extra libapache2-mod-shib2_2.5.2+dfsg-2~bpo70+1_amd64.deb
 f2387868733e3bf23843ea88505e2f3f 842064 libs extra libshibsp6_2.5.2+dfsg-2~bpo70+1_amd64.deb
 0a3bccd1d690c0a6d6cc19db40f9578b 50794 libdevel extra libshibsp-dev_2.5.2+dfsg-2~bpo70+1_amd64.deb
 d7fe7cbe146b0dcbc905972e1fd1ccf5 259252 doc extra libshibsp-doc_2.5.2+dfsg-2~bpo70+1_all.deb
 944e481fb9dd7d0995dcc6dd2dfab128 26056 text extra shibboleth-sp2-schemas_2.5.2+dfsg-2~bpo70+1_all.deb
Version: GnuPG v1


Russ Allbery (3):
      Revert packaging changes for Apache 2.4
      Enable the module by default on new installs
      Add changelog for the wheezy backport


No new revisions were added by this update.

Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list