shibboleth-sp2 (2.4.3+dfsg-5+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2017-16852:
    Rod Widdowson of Steading System Software LLP discovered a coding error in
    the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing
    the plugin to fail configuring itself with the filters provided and
    omitting whatever checks they are intended to perform.

 -- Markus Koschany <apo@debian.org>  Sat, 18 Nov 2017 20:24:54 +0100

shibboleth-sp2 (2.4.3+dfsg-5+deb7u1) wheezy-security; urgency=high

  * Backport security fix from V2.5.4 for CVE-2015-2684: authenticated
    denial of service vulnerability that results in a crash on certain
    kinds of malformed SAML messages.

 -- Ferenc Wagner <wferi@niif.hu>  Tue, 24 Mar 2015 08:14:42 +0100

shibboleth-sp2 (2.4.3+dfsg-5) unstable; urgency=low

  * Fix syntax error in the update-rc.d invocation for shibd, which was
    not visible on most Debian systems because of dependency-based boot.
    Thanks to Evan Broder and Steve Langasek for pointing me in the right
    direction.  (LP: #884402)
  * Add PIE to the hardening flags for the shibd binary.
  * Use memcached_last_error_message instead of the cached_errno member of
    the memcached_st struct, since the latter was removed in 1.0.  Thanks
    to Michael Fladischer for the patch.  Bump Build-Depends to require
    1.0 or later of libmemcached-dev.  (Closes: #658408)
  * Move single-debian-patch to local-options and patch-header to
    local-patch-header so that they only apply to the packages the team
    builds, and NMUs get regular version-numbered patches.

 -- Russ Allbery <rra@debian.org>  Thu, 16 Feb 2012 11:26:14 -0800

shibboleth-sp2 (2.4.3+dfsg-4) unstable; urgency=low

  * Update to debhelper compatibility level V9.
    - Enable hardening build flags.  (Closes: #656006)
    - Enable multiarch support.
  * Tighten shlibs for libshibsp5 since the plugin directory changed due
    to multiarch.
  * Rebuild the Autotools build system using dh-autoreconf instead of
    rolling our own version of the same thing.
  * Rewrite the shibd init script to use the LSB init script functions and
    implement the status action.

 -- Russ Allbery <rra@debian.org>  Thu, 02 Feb 2012 00:05:55 -0800

shibboleth-sp2 (2.4.3+dfsg-3) unstable; urgency=low

  * Remove the armel build dependency on g++-4.4 and the code in
    debian/rules to use it, since the g++ bug has been fixed.
    (Closes: #654745)

 -- Russ Allbery <rra@debian.org>  Thu, 05 Jan 2012 10:18:47 -0800

shibboleth-sp2 (2.4.3+dfsg-2) unstable; urgency=low

  * Build-depend on g++-4.4 on armel and build with that compiler since
    g++ 4.5 and 4.6 die with an internal compiler error even with no
    optimization.  Patch from Peter Green.  (Closes: #623263)
  * Change the default native.logger facility to 3 from 3 << 3, since the
    current log4cpp does indeed do the facility shift.  Thanks to Jeremy
    Maryott for the report.  (Closes: #638594)
  * Update the upstream download location in debian/copyright.
  * Fix some formatting issues in debian/copyright caught by Lintian.

 -- Russ Allbery <rra@debian.org>  Sun, 25 Sep 2011 14:44:15 -0700

shibboleth-sp2 (2.4.3+dfsg-1) unstable; urgency=low

  * New upstream release.
    - Expire redirects by default so that the browser doesn't cache them
      (turn off with ShibExpireRedirects off)
    - Make library init routines idempotent
    - <SSO>SAML2</SSO> now enables ECP support
    - Fix SELECT query in ODBC storage service plugin
    - Fix metagen to only create PAOS ACS elements once
    - Fix XML namespace in metagen-generated XML for HOSTS
    - DiscoFeed with no metadata provider returns an empty feed instead of
      throwing an exception
    - Fix calculation of time interval when maxTimeSinceAuthn is used and
      IdP time is ahead of SP time
    - Improve the IdP example metadata
  * Change update-rc.d invocation for the shibd init script to use the
    same run levels as the LSB headers, removing a warning during package
    installation.
  * Update debian/watch and debian/rules for the new upstream distribution
    location.

 -- Russ Allbery <rra@debian.org>  Mon, 25 Jul 2011 17:27:23 -0700

shibboleth-sp2 (2.4.2+dfsg-2) unstable; urgency=low

  * Include stddef.h for offsetof in apache/mod_apache.cpp, fixing FTBFS
    with g++ 4.6.  (Closes: #624877)
  * Remove ${shlibs:Depends} from libshibsp-dev, which doesn't contain any
    binaries.
  * Update standards version to 3.9.2 (no changes required).

 -- Russ Allbery <rra@debian.org>  Sun, 15 May 2011 20:07:24 -0700

shibboleth-sp2 (2.4.2+dfsg-1) unstable; urgency=low

  [ Ferenc Wagner ]
  * Fix watch file.  The 2.4 prerelease broke it.

  [ Faidon Liambotis ]
  * Enable and ship memcache-store.

  [ Russ Allbery ]
  * New upstream release.
    - Move <SecurityPolicies> default to a separate configuration file
    - Allow hard-coding the return URL after authentication
    - Allow restrictions on signing/digest algorithms to accept
    - New -o, -u, and -g flags to keygen
    - Add SessionIndex of an AuthnStatement to environment variables
    - Support for metadata extensions for algorithm support
    - New extension for decoding base64 encoded attributes
    - Allow configuration of XMLAccessControl rules in .htaccess
    - Support explicit filtering of NameID by qualifiers
    - New simplified configuration mechanism
    - Allow inheritance of RelyingParty definitions in ApplicationOverride
    - Provide more information in the status handler
    - New endpoint producing JSON data for Discovery Service
    - Generate the EntityDescriptor/ID via hashing for stability
    - Allow using a regex to generate a URL from the entityID in dynamic
      metadata plugin
    - Support for multibyte request paths
    - New session cache option to avoid storing complete assertions
    - Support MDX-style artifact lookup in dynamic MD plugin
    - Allow storing and retrieving the session key from an HTTP header
    - Support "unspecified" NameFormat without special configuration
    - Allow overriding listener details to permit use of a shared config
    - Add error information to attribute ResolutionContext
    - Set the correct variables for log4cpp libraries (Closes: #606489)
    - Multiple bug fixes
  * Rebuild with OpenSSL 1.0.0.  (Closes: #620774)
  * Change package names for the upstream SONAME change.
  * Update Debian man pages for upstream utility changes.
  * Build-depend on xmltooling 1.4 or later and OpenSAML 2.4 or later, and
    also update schema and development package dependencies.
  * Force build dependency on xml-security-c 1.6 or later for consistent
    build results.
  * Add build dependency on pkg-config, which upstream now uses to find
    the SSL libraries.
  * Add build dependency on graphviz for better API documentation.
  * Replace the version of jQuery installed by Doxygen in the
    documentation package with a symlink to the version supplied by the
    Debian package and add a dependency.
  * Drop the *.la files from /usr/lib/shibboleth.  Upstream does loading
    by *.so files and doesn't use libltdl, and Debian is dropping *.la
    files where possible.
  * Fix LSB Description keyword formatting in the shibd init script.
  * Empty the Default-Stop setting for the shibd init script.  Just
    killing the daemon as part of shutdown should be fine.
  * Ignore the plugins in /usr/lib/shibboleth when running dh_makeshlibs.
    They have SONAMEs but aren't actually libraries.
  * Update to debhelper compatibility level V8.
    - Use debhelper rule minimization.
  * Update debian/copyright to the current DEP-5 specification.
  * Change to Debian source format 3.0 (quilt).  Force a single Debian
    patch for simplicity since the packaging is maintained in Git using
    branches, and include a patch header explaining why.
  * Update standards version to 3.9.1 (no changes required).

 -- Russ Allbery <rra@debian.org>  Fri, 08 Apr 2011 13:01:21 -0700

shibboleth-sp2 (2.3.1+dfsg-5) unstable; urgency=high

  * Merge the forgotten pidfile fix from branch bug/unlink-pidfile after
    merging upstream/2.3.1+dfsg into that.  Original changlog entry:

    Apply upstream fix for shibd removing the PID file when called with
    the -F option.  This prevents the check of certificate permissions in
    the init script from removing the PID file of a running shibd.

    (Closes: 611614)

 -- Ferenc Wagner <wferi@niif.hu>  Tue, 01 Feb 2011 16:44:15 +0100

shibboleth-sp2 (2.3.1+dfsg-4) unstable; urgency=low

  * Only restart Apache if it is running.  Thanks, Mehdi Dogguy, Michael
    Biebl, and Ferenc Wagner.

 -- Russ Allbery <rra@debian.org>  Mon, 29 Nov 2010 14:29:42 -0800

shibboleth-sp2 (2.3.1+dfsg-3) unstable; urgency=low

  [ Ferenc Wagner ]
  * Restart Apache from the postinst script if the shib2 module is enabled
    to avoid communication errors with the upgraded shibd.  (Closes: #602328)

  [ Faidon Liambotis ]
  * Add myself to Uploaders.
  * Enable and ship memcache-store.

 -- Ferenc Wagner <wferi@niif.hu>  Mon, 22 Nov 2010 22:17:57 +0100

shibboleth-sp2 (2.3.1+dfsg-2) unstable; urgency=low

  * Modify shib-keygen to create the new certificate key group-readable by
    _shibd and not world-readable.  (Closes: #571631, CVE-2010-2450)
  * Force source format 1.0 for now since it makes backporting easier.
  * Update debhelper compatibility level to V7.
    - Use dh_prep instead of dh_clean -k.
  * Update standards version to 3.8.4 (no changes required).

 -- Russ Allbery <rra@debian.org>  Sat, 15 May 2010 15:25:12 -0700

shibboleth-sp2 (2.3.1+dfsg-1) unstable; urgency=low

  * New upstream release.
    - Don't sign messages for SOAP requests twice.
    - Correctly generate metadata in the artifact resolution handler.
    - Artifact resolution should return empty success on errors.
    - Fixed crash in backchannel global logout.
    - Fix duplicate indexes in metadata generation when multiple base URLs
      are supplied.
    - Correctly decrypt assertions in attribute responses.
  * Apply upstream fix for shibd removing the PID file when called with
    the -F option.  This prevents the check of certificate permissions in
    the init script from removing the PID file of a running shibd.
  * Add ${shlibs:Depends} to the libshibsp-dev package dependencies.
  * Add ${misc:Depends} to all package dependencies.

 -- Russ Allbery <rra@debian.org>  Sun, 03 Jan 2010 13:54:55 -0800

shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high

  [ Russ Allbery ]
  * Urgency set to high for security fix.
  * New upstream release.
    - SECURITY: Partial fix for improper handling of URLs that could be
      abused for script injection and other cross-site scripting attacks.
      The complete fix also requires newer xmltooling and opensaml2
      packages.  (Closes: #555608, CVE-2009-3300)
    - Avoid shibd crash on dead memcache server.
    - Pass the affiliation name to the session initiator.
    - Correctly handle a bogus ACS.
    - Allow overriding the URL that's passed to the DS.
    - Add schema types for new attribute decoders introduced in 2.2.
    - Handle success with partial logout in the logout UI code.
    - Fix POST data preservation with empty parameters and empty forms.
    - Fix SAML 1 specification of attributes in the query plugin.
    - Shorten ePTId-type persistent identifiers.
    - Use an ID rather than a whole doc reference for generated metadata.
    - Fix spelling of scopeDelimiter in the configuration parser, making
      the code and documentation match the schema.
  * Rename library package for upstream SONAME bump.
  * Tighten build and package dependencies on xmltooling and opensaml2 to
    require the versions with the security fix.
  * Fix watch file for the new version mangling.
  * Improve documentation of DAEMON_OPTS in /etc/default/shibd.
  * Remove unnecessary patches to upstream files regenerated during the
    build from the source package diff.

  [ Faidon Liambotis ]
  * Run make install with NOKEYGEN=1 and stop rm-ing generated
    certificates.  Fixes FTBFS.

  [ Ferenc Wagner ]
  * Run shibd as non-root.

 -- Russ Allbery <rra@debian.org>  Wed, 11 Nov 2009 14:39:44 -0800

shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low

  * Change the libapache2-mod-shib2 section to httpd, matching override.
  * Add a NEWS.Debian entry for libapache2-mod-shib2 that explains the
    recommended configuration update for the 2.2 version.  Thanks, Scott
    Cantor and Kristof BAJNOK.

 -- Russ Allbery <rra@debian.org>  Wed, 09 Sep 2009 12:15:08 -0700

shibboleth-sp2 (2.2.1+dfsg-1) unstable; urgency=high

  * New upstream release.
    - SECURITY: Fix improper handling of certificate names containing nul
      characters.
    - SECURITY: Correctly validate the use attribute of KeyDescriptors,
      preventing use of a key for signing or for encryption if its use
      field says it may not be used for that purpose.
    - New shib-metagen script for generating Shibboleth SP metadata.
    - Support preserving form data across user authentication.
    - Support internal server redirection while maintaining protection.
    - Fix incompatibility between lazy sessions and servlet containers.
    - Fix some problems with dynamic metadata resolution.
    - Fix incompatibility with mod_include.
    - Fix single logout via SOAP.
    - Fix shibd crash with invalid metadata.
    - Fix crash in chaining attribute resolver.
    - Avoid infinite loop on empty attribute mapped to REMOTE_USER.
    - Fix handling of some Unicode data in relaystate data in URLs.
    - Correctly return Success to LogoutRequest where appropriate.
    - Avoid chunked encoding in back-channel calls.
    - Correctly check Recipient values in assertions.
    - Fix attributePrefix handling in some contexts.
    - Fix generated metadata DiscoveryResponse.
    - Fix handling of unsigned responses with encryption.
    - Fix handling of InProcess property.
  * Rename library package for upstream SONAME bump.
  * Tighten build dependencies and schema package dependencies on
    opensaml2 and xmltooling.
  * Build against Xerces-C 3.0.
  * Dynamically determine the Debian and upstream package versions for
    get-orig-source from debian/changelog.
  * Update libapache2-mod-shib2's README.Debian for changes to the
    TestShib web pages.
  * Use the automatically-extracted package version as the version number
    for the man pages.
  * Update standards version to 3.8.3.
    - Create /var/run/shibboleth in the init script if it doesn't exist.
    - Don't ship /var/run/shibboleth in the package.
    - Remove /var/run/shibboleth in postrm if it exists.

 -- Russ Allbery <rra@debian.org>  Mon, 07 Sep 2009 16:14:29 -0700

shibboleth-sp2 (2.1.dfsg1-2) unstable; urgency=low

  * Redo the variable quoting in doxygen.m4 so that configure can be
    rebuilt with Autoconf 2.63.  (Closes: #518039)

 -- Russ Allbery <rra@debian.org>  Tue, 03 Mar 2009 15:03:10 -0800

shibboleth-sp2 (2.1.dfsg1-1) unstable; urgency=low

  [ Russ Allbery ]
  * New upstream version.
    - New memory cache storage backend.
    - Schema validation is now optional.
    - Many bug fixes.
  * Bump SONAME of libshibsp following upstream's versioning.
  * Build-depend on libsaml2-dev >= 2.1 following the upstream spec file
    and libxmltooling-dev 1.1 just in case (required by OpenSAML 2.1).
  * Fix the name of the tarball created by get-orig-source.
  * Logcheck rules.
  * Tighten the dependency versioning; the 2.1 SP library requires the
    2.1 schemas from the Shibboleth SP and OpenSAML and the 1.1 schemas
    from XMLTooling.
  * Remove duplicate Section field for libapache2-mod-shib2.

  [ Ferenc Wagner ]
  * Follow the libshibsp1->2 package rename in the dh_makeshlibs invocation.
  * Remove the Shibboleth minor version number from README.Debian.
  * Comment out the reference to WS-Trust.xsd from the catalog.xml file in
    shibboleth-sp2-schemas and document how to enable it again.

 -- Russ Allbery <rra@debian.org>  Fri, 27 Feb 2009 20:54:51 -0800

shibboleth-sp2 (2.0.dfsg1-4) unstable; urgency=low

  [ Ferenc Wagner ]
  * Rename debian/shib.load to debian/shib2.load to avoid clashing with the
    libapache2-mod-shib package.  Otherwise its Apache config file breaks our
    module.
  * Add directory /var/log/shibboleth to libapache2-mod-shib2 (thanks to Peter
    Schober for noticing)

  [ Russ Allbery ]
  * Add a postinst to disable the old configuration on upgrade and enable
    the module if it had been enabled under the old configuration name.
  * Wait for shibd to exit on stop or restart.  This fixes a bug in
    restart that could lead to no new shibd being started because the old
    one had not yet exited.
  * Fix a syntax error in the shibd man page.

 -- Russ Allbery <rra@debian.org>  Tue, 14 Oct 2008 21:47:36 -0700

shibboleth-sp2 (2.0.dfsg1-3) unstable; urgency=low

  [ Ferenc Wagner ]
  * Avoid brace expansion in debian/rules, dash does not like it.
    (Closes: #493408)

  [ Russ Allbery ]
  * Add logcheck rules to ignore some of the routine messages from the
    Apache module.  This only covers startup and teardown; more will
    need to be added.
  * Fix watch file for new upstream tarball naming.

 -- Russ Allbery <rra@debian.org>  Tue, 19 Aug 2008 19:04:35 -0700

shibboleth-sp2 (2.0.dfsg1-2) unstable; urgency=low

  * Apply upstream fix for variable sizes in the ODBC code.  Fixes a
    FTBFS on 64-bit platforms.  (Closes: #492101)

 -- Russ Allbery <rra@debian.org>  Thu, 24 Jul 2008 08:44:50 -0700

shibboleth-sp2 (2.0.dfsg1-1) unstable; urgency=low

  [ Ferenc Wágner ]
  * Initial release (Closes: #480290)

 -- Russ Allbery <rra@debian.org>  Wed, 25 Jun 2008 20:06:10 -0700

