[SCM] Debian packaging for the Shibboleth Apache SP annotated tag, debian/1.3f.dfsg1-2+etch1, created. debian/1.3f.dfsg1-2+etch1

Russ Allbery rra at debian.org
Sat Sep 26 23:07:50 UTC 2009 

The annotated tag, debian/1.3f.dfsg1-2+etch1 has been created
        at  b5d6966946b1e90c2ba7a3fc4cadd704755e66af (tag)
   tagging  b18d7f7c2dabfd16cfb0d64585d3948155ac554d (commit)
 tagged by  Russ Allbery
        on  Sat Sep 26 16:07:20 2009 -0700

- Shortlog ------------------------------------------------------------
Debian release 1.3f.dfsg1-2+etch1

Format: 1.7
Date: Thu, 24 Sep 2009 21:11:52 -0700
Source: shibboleth-sp
Binary: libapache2-mod-shib libshib6 libshib-dev libshib-target5
Architecture: source i386
Version: 1.3f.dfsg1-2+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: Quanah Gibson-Mount <quanah at stanford.edu>
Changed-By: Russ Allbery <rra at debian.org>
Description:
 libapache2-mod-shib - Shibboleth implements the OASIS SAML v1.1 specification,
 libshib-dev - Shibboleth federated authorization system (development)
 libshib-target5 - Shibboleth implements the OASIS SAML v1.1 specification,
 libshib6   - Shibboleth federated authorization system (development)
Changes:
 shibboleth-sp (1.3f.dfsg1-2+etch1) oldstable-security; urgency=high
 .
   * SECURITY: Correctly handle decoding of malformed URLs, closing a
     possibly exploitable buffer overflow.
     See <http://shibboleth.internet2.edu/secadv/secadv_20090826.txt>
   * SECURITY: Certificate subject names were incorrectly matched against
     trusted "key names" when they contained nul characters.  This affects
     only Shibboleth deployments relying on the "PKIX" style of trust
     validation, used in the absence of explicit certificate information in
     the SAML metadata provided to the SP and reliance on certificate
     authorities found in the <KeyAuthority> metadata extension element.
     See <http://shibboleth.internet2.edu/secadv/secadv_20090817.txt>
Files:
 dc51ee8bc956d49960ec5c9566cba5c4 956 web optional shibboleth-sp_1.3f.dfsg1-2+etch1.dsc
 7aba8f84ff20013dea55a4a34306791a 731365 web optional shibboleth-sp_1.3f.dfsg1.orig.tar.gz
 3bd951730a7e805ef8b436f785f3cd0f 33253 web optional shibboleth-sp_1.3f.dfsg1-2+etch1.diff.gz
 27fff2e9abffa2b6529ff76a6dc11b27 432572 libdevel extra libshib-dev_1.3f.dfsg1-2+etch1_i386.deb
 6c34f34e98ae20f0a420060066a34e03 76496 libs optional libshib6_1.3f.dfsg1-2+etch1_i386.deb
 0b5a97fd1caaa56b0384a1a069ce158d 200024 libs optional libshib-target5_1.3f.dfsg1-2+etch1_i386.deb
 598dac6ecb406b14898e5fc96704d179 3712852 web optional libapache2-mod-shib_1.3f.dfsg1-2+etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkq+nr4ACgkQ+YXjQAr8dHYiNQCeIg9zVI8QHyhx2+bRLxfzLaSh
pT0An3mElTJrAeLiRY/cqFRWxqPN5Eia
=aFnN
-----END PGP SIGNATURE-----

Quanah Gibson-Mount (69):
      [svn-inject] Installing original source of shibboleth-sp
      [svn-inject] Forking shibboleth-sp source to Trunk
      Load shibboleth-sp-1.3c into shibboleth-sp/trunk.
      Background the process so it starts correctly.
      Drop 01-configure, no longer necessary.
      Don't call autoconf, not necessary anymore.
      No longer depends on automake, auto-tools
      No longer necessary with this release.
      Note updates:
      1.3d import
      purge, so i can readd it as executable.
      Add back in with executable set.
      Fix shibd executability.
      forcefully chmod the shibd script.
      replace spaces with tab, oops.
      Actually, never mind.  We don't actually care about
      Remove the shibboleth provided shibd.
      spaces and tabs again.. sigh.
      Will patch shibd out of the Makefile to get rid of it.
      Don't install /etc/shibboleth/shibd
      shibd updates
      Add 1.3c tagging changelog bit.
      Release is unstable
      remove 1.3c-2 release thing, not a real release.
      Man pages for shibd, siterefresh
      Install shibd.8, siterefresh.1 to /usr/share/man/man{8,1}
      Note man page addtions
      Remove generated man pages, add pod versions
      Add perl to build-depends
      Use pod2man to create the man pages.
      1.3e import
      1.3e import
      Import 1.3e release
      Fix typo (CUREDIR) to (CURDIR), mkdir -p the man page dirs before attempting to install the man pages.
      Note fix to manpage installation.
      build depend on mysql client libs.
      Depend only on the libraries, not the entire client. doh.
      Must build-depend on mysql-common, apparently.
      Must specify libmysqlclient15off as well.
      Change that to libmysqlclient14-dev, and see if that works.
      Fix dh_shlibdeps call
      dh_shlibdeps fix
      Mysql library linking depends on libwrap
      Fix prefix
      Fix logging for Shibboleth to go to /var/log/apache2 on Debian.
      Fix httpd logging to go to /var/log/apache2/
      1.3e-2
      Fix date.
      Fix missing space.
      Fix the datadir
      add --exec-prefix and --include-dir
      Fix typo in datadir
      Disable the shibboleth module when uninstalling.
      Move the mod_shib_20.so library to /usr/lib/apache2/modules, since for some reason it isn't installed there by shibboleth's installation bits.
      var/log/shibboleth is a dir for this module.
      fix /var/log/shibboleth creation.
      Fix daemon startup options.
      Note fix for PID file creation.
      Fix shibd restart bug
      Update with new configure options from Scotty.
      Remote mysql patch
      remote mysql bits.
      Fix typo
      Updated remote mysql patch.
      Update remote mysql patch with Scotty's latest bit.
      Remove IQ-metadata.xml
      fix IQ-metadata.xml, example-metadata.xml
      Create examples dir.
      Fix typo

Russ Allbery (36):
      * Use quilt to manage patches.
      * Rename the Apache 2.x module load file to shib from auth_shib to match
      * Pass -a to debhelper commands so that all packages are built properly.
      * Set up the init script to start shibd by default.
      * Update standards version to 3.7.2 (no changes required).
      * Fix the long descriptions and add homepage links.
      * Update to libmysqlclient15-dev for unstable.
      * Rework the copyright file to use my standard format and include a
      Remove unnecessary comments.
      Cut and paste made some tabs into spaces.
      * The OpenSAML dev package is now libsaml-dev.
      Fix the path to shib.load.
      * Add a section for the source package.
      Fix installation of the documentation.
      More fixes to what documentation we're installing.
      auth_shib for this module.  Also install the rest of the required
      Remove unnecessary patches.  Run automake and aclocal before running
      Add basic information about the MySQL session caching and a pointer to
      * Initial upload to Debian.  (Closes: #390274)
      * New upstream release.
      Document source repackaging.
      * Build against Apache 2.2 rather than Apache 2.0.
      Add documentation for the remote session cache.
      Depend on libtool as well; aclocal needs it.
      The module is named mod_shib_22.so for Apache 2.2.
      Only run dh_makeshlibs on the packages that contain shared libraries to
      * Initial upload to Debian.  (Closes: #390274)
      * Include the Sun RPC and W3C licenses in debian/copyright.  Thanks,
      Remove the build reference to WS-Trust.xsd.
      * Reformat the README.Debian for the Apache module and add detailed
      The last two changelog entries should both be part of -2.
      Redo how the example metadata is installed.
      * Cast Apache configuration data to a long rather than an int, since the
      Backport upstream security fix for certificate names containing nul
      Backport upstream security fix for URL decoding
      Finalize changes for 1.3f.dfsg1-2+etch1

-----------------------------------------------------------------------

-- 
Debian packaging for the Shibboleth Apache SP

More information about the Pkg-shibboleth-devel mailing list