1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
|
shibboleth-sp2 (2.0.dfsg1-4+lenny2) stable-security; urgency=high
* SECURITY: Partial fix for improper handling of URLs that could be
abused for script injection and other cross-site scripting attacks.
The complete fix also requires a newer opensaml2 package.
(Closes: #555608, CVE-2009-3300)
-- Ferenc Wagner <wferi@niif.hu> Tue, 24 Nov 2009 16:02:12 +0100
shibboleth-sp2 (2.0.dfsg1-4+lenny1) stable-security; urgency=high
* Non-maintainer upload.
* Rebuild against opensaml2 2.0-2+lenny1, which includes a fix for a security
vulnerability in a header that is included here.
* Run make install with NOKEYGEN=1 and stop rm-ing generated certificates.
Fixes FTBFS.
-- Faidon Liambotis <paravoid@debian.org> Thu, 08 Oct 2009 12:07:32 +0000
shibboleth-sp2 (2.0.dfsg1-4) unstable; urgency=low
[ Ferenc Wagner ]
* Rename debian/shib.load to debian/shib2.load to avoid clashing with the
libapache2-mod-shib package. Otherwise its Apache config file breaks our
module.
* Add directory /var/log/shibboleth to libapache2-mod-shib2 (thanks to Peter
Schober for noticing).
[ Russ Allbery ]
* Add a postinst to disable the old configuration on upgrade and enable
the module if it had been enabled under the old configuration name.
* Wait for shibd to exit on stop or restart. This fixes a bug in
restart that could lead to no new shibd being started because the old
one had not yet exited.
* Fix a syntax error in the shibd man page.
-- Russ Allbery <rra@debian.org> Tue, 14 Oct 2008 21:47:36 -0700
shibboleth-sp2 (2.0.dfsg1-3) unstable; urgency=low
[ Ferenc Wagner ]
* Avoid brace expansion in debian/rules, dash does not like it.
(Closes: #493408)
[ Russ Allbery ]
* Add logcheck rules to ignore some of the routine messages from the
Apache module. This only covers startup and teardown; more will
need to be added.
* Fix watch file for new upstream tarball naming.
-- Russ Allbery <rra@debian.org> Tue, 19 Aug 2008 19:04:35 -0700
shibboleth-sp2 (2.0.dfsg1-2) unstable; urgency=low
* Apply upstream fix for variable sizes in the ODBC code. Fixes a
FTBFS on 64-bit platforms. (Closes: #492101)
-- Russ Allbery <rra@debian.org> Thu, 24 Jul 2008 08:44:50 -0700
shibboleth-sp2 (2.0.dfsg1-1) unstable; urgency=low
[ Ferenc Wágner ]
* Initial release (Closes: #480290)
-- Russ Allbery <rra@debian.org> Wed, 25 Jun 2008 20:06:10 -0700
|