Changelog
shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low
* Change the libapache2-mod-shib2 section to httpd, matching override.
* Add a NEWS.Debian entry for libapache2-mod-shib2 that explains the
recommended configuration update for the 2.2 version. Thanks, Scott
Cantor and Kristof BAJNOK.
shibboleth-sp2 (2.2.1+dfsg-1) unstable; urgency=high
* New upstream release.
- SECURITY: Fix improper handling of certificate names containing nul
characters.
- SECURITY: Correctly validate the use attribute of KeyDescriptors,
preventing use of a key for signing or for encryption if its use
field says it may not be used for that purpose.
- New shib-metagen script for generating Shibboleth SP metadata.
- Support preserving form data across user authentication.
- Support internal server redirection while maintaining protection.
- Fix incompatibility between lazy sessions and servlet containers.
- Fix some problems with dynamic metadata resolution.
- Fix incompatibility with mod_include.
- Fix single logout via SOAP.
- Fix shibd crash with invalid metadata.
- Fix crash in chaining attribute resolver.
- Avoid infinite loop on empty attribute mapped to REMOTE_USER.
- Fix handling of some Unicode data in relaystate data in URLs.
- Correctly return Success to LogoutRequest where appropriate.
- Avoid chunked encoding in back-channel calls.
- Correctly check Recipient values in assertions.
- Fix attributePrefix handling in some contexts.
- Fix generated metadata DiscoveryResponse.
- Fix handling of unsigned responses with encryption.
- Fix handling of InProcess property.
* Rename library package for upstream SONAME bump.
* Tighten build dependencies and schema package dependencies on
opensaml2 and xmltooling.
* Build against Xerces-C 3.0.
* Dynamically determine the Debian and upstream package versions for
get-orig-source from debian/changelog.
* Update libapache2-mod-shib2's README.Debian for changes to the
TestShib web pages.
* Use the automatically-extracted package version as the version number
for the man pages.
* Update standards version to 3.8.3.
- Create /var/run/shibboleth in the init script if it doesn't exist.
- Don't ship /var/run/shibboleth in the package.
- Remove /var/run/shibboleth in postrm if it exists.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 06 Nov 2009 10:34:47 +0000