Package: shibboleth-sp2 | Debian Sources

Package: shibboleth-sp2 / 2.5.3+dfsg-2~bpo70+1

Metadata

Package	Version	Patches format
shibboleth-sp2	2.5.3+dfsg-2~bpo70+1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 Improve shibd init script.patch \| (download)	configs/shibd-debian.in \| 143 115 + 28 - 0 ! 1 file changed, 115 insertions(+), 28 deletions(-)	improve shibd init script Convert to use the LSB functions and be more formally correct about exit status, startup and shutdown checking, and so forth. Run shibd as the _shibd user and group if they can read the local private key. Add a status command.
0002 keygen improvements for Debian.patch \| (download)	configs/keygen.sh \| 9 8 + 1 - 0 ! 1 file changed, 8 insertions(+), 1 deletion(-)	keygen improvements for debian Generate the key owned by _shibd to work with the Debian user configuration for the shibd daemon. Pass --fqdn to the hostname command when determining the default identity for better certificate names.
0003 Avoid libtool silent flag.patch \| (download)	configure.ac \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	avoid libtool --silent flag For Debian builds, we want to see all the compiler flags so that build log analysis has all available data. Disable adding --silent to the libtool flags in configure.ac.
0004 Shire log path for Debian.patch \| (download)	configs/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	shire log path for debian Change the Apache module log path to /var/log/apache2, used on Debian, from the Red Hat /var/log/httpd.
0005 Default native logger to syslog.patch \| (download)	configs/native.logger.in \| 44 30 + 14 - 0 ! 1 file changed, 30 insertions(+), 14 deletions(-)	default native logger to syslog Rather than generating a separate log in /var/log/apache2 by default, which needs permissions and rotation management, default the native.logger configuration to using syslog.
0006 Remove WSTrust schema references.patch \| (download)	schemas/Makefile.am \| 3 1 + 2 - 0 ! schemas/catalog.xml.in \| 2 2 + 0 - 0 ! 2 files changed, 3 insertions(+), 2 deletions(-)	remove wstrust schema references The WSTrust schema is under a non-DFSG license and therefore isn't installed in the Debian package or included in the source package. Remove the references to it in the build system and schema catalog.
0007 Security fix from V2.5.4 for CVE 2015 2684.patch \| (download)	shibsp/handler/impl/SAML2Consumer.cpp \| 4 4 + 0 - 0 ! shibsp/impl/StorageServiceSessionCache.cpp \| 3 2 + 1 - 0 ! 2 files changed, 6 insertions(+), 1 deletion(-)	security fix from v2.5.4 for cve-2015-2684 Shibboleth SP software crashes on malformed input messages =============================================================== The SP software includes an authenticated denial of service vulnerability that results in a crash on certain kinds of malformed SAML messages. The vulnerability is only triggered when special conditions are met and after a message or assertion signature has been verified, so exploitation requires a message produced under a trusted key, limiting the impact. URL for the full Security Advisory: https://shibboleth.net/community/advisories/secadv_20150319.txt

1