shibboleth-sp2 2.3+dfsg-1 source package in Ubuntu
Changelog
shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high [ Russ Allbery ] * Urgency set to high for security fix. * New upstream release. - SECURITY: Partial fix for improper handling of URLs that could be abused for script injection and other cross-site scripting attacks. The complete fix also requires newer xmltooling and opensaml2 packages. (Closes: #555608, CVE-2009-3300) - Avoid shibd crash on dead memcache server. - Pass the affiliation name to the session initiator. - Correctly handle a bogus ACS. - Allow overriding the URL that's passed to the DS. - Add schema types for new attribute decoders introduced in 2.2. - Handle success with partial logout in the logout UI code. - Fix POST data preservation with empty parameters and empty forms. - Fix SAML 1 specification of attributes in the query plugin. - Shorten ePTId-type persistent identifiers. - Use an ID rather than a whole doc reference for generated metadata. - Fix spelling of scopeDelimiter in the configuration parser, making the code and documentation match the schema. * Rename library package for upstream SONAME bump. * Tighten build and package dependencies on xmltooling and opensaml2 to require the versions with the security fix. * Fix watch file for the new version mangling. * Improve documentation of DAEMON_OPTS in /etc/default/shibd. * Remove unnecessary patches to upstream files regenerated during the build from the source package diff. [ Faidon Liambotis ] * Run make install with NOKEYGEN=1 and stop rm-ing generated certificates. Fixes FTBFS. [ Ferenc Wagner ] * Run shibd as non-root. -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 05 Dec 2009 21:32:24 +0000
Upload details
- Uploaded by:
- Ubuntu Archive Auto-Sync
- Uploaded to:
- Lucid
- Original maintainer:
- Debian Shib Team
- Architectures:
- any
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
shibboleth-sp2_2.3+dfsg.orig.tar.gz | 788.4 KiB | 5a19c7078dd67d42a97630ea82096bdeb0f09d3a070e67cf7cea9281487e1e88 |
shibboleth-sp2_2.3+dfsg-1.diff.gz | 17.2 KiB | 865c4fdfa67219225efccf3a907c98778e33f4e55fa27ea52e9f944c569fd47e |
shibboleth-sp2_2.3+dfsg-1.dsc | 1.6 KiB | 72e530cd880560a27c1d6f1ed57eacae54693ac0064fae6674e61133e411cfd7 |
Available diffs
- diff from 2.2.1+dfsg-2 to 2.3+dfsg-1 (199.0 KiB)
Binary packages built by this source
- libapache2-mod-shib2: No summary available for libapache2-mod-shib2 in ubuntu lucid.
No description available for libapache2-
mod-shib2 in ubuntu lucid.
- libshibsp-dev: No summary available for libshibsp-dev in ubuntu lucid.
No description available for libshibsp-dev in ubuntu lucid.
- libshibsp4: No summary available for libshibsp4 in ubuntu lucid.
No description available for libshibsp4 in ubuntu lucid.