Security fix diffs for 1.3.x

Scott Cantor cantor.2 at osu.edu
Fri Nov 6 21:56:23 UTC 2009


The diffs related to the security fix for v1.3.5 of the SP should be
captured by these two sets:

http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=3142
http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=3184

The former change isn't part of the fix per se, but is a change required to
ensure the SP doesn't generate any redirects that the fix would reject, so
has to be included.

The general model for this fix is a partial template for what might be done
to the 2.x SP to avoid the soname changes, namely duplicating a checking
function across every module/filter.

-- Scott





More information about the Pkg-shibboleth-devel mailing list