shibboleth-sp2 (2.4.3+dfsg-5+deb7u1) wheezy-security; urgency=high

  * Backport security fix from V2.5.4 for CVE-2015-2684: authenticated
    denial of service vulnerability that results in a crash on certain
    kinds of malformed SAML messages.

 -- Ferenc Wagner <wferi@niif.hu>  Tue, 24 Mar 2015 08:14:42 +0100

shibboleth-sp2 (2.4.3+dfsg-5) unstable; urgency=low

  * Fix syntax error in the update-rc.d invocation for shibd, which was
    not visible on most Debian systems because of dependency-based boot.
    Thanks to Evan Broder and Steve Langasek for pointing me in the right
    direction.  (LP: #884402)
  * Add PIE to the hardening flags for the shibd binary.
  * Use memcached_last_error_message instead of the cached_errno member of
    the memcached_st struct, since the latter was removed in 1.0.  Thanks
    to Michael Fladischer for the patch.  Bump Build-Depends to require
    1.0 or later of libmemcached-dev.  (Closes: #658408)
  * Move single-debian-patch to local-options and patch-header to
    local-patch-header so that they only apply to the packages the team
    builds, and NMUs get regular version-numbered patches.

 -- Russ Allbery <rra@debian.org>  Thu, 16 Feb 2012 11:26:14 -0800

shibboleth-sp2 (2.4.3+dfsg-4) unstable; urgency=low

  * Update to debhelper compatibility level V9.
    - Enable hardening build flags.  (Closes: #656006)
    - Enable multiarch support.
  * Tighten shlibs for libshibsp5 since the plugin directory changed due
    to multiarch.
  * Rebuild the Autotools build system using dh-autoreconf instead of
    rolling our own version of the same thing.
  * Rewrite the shibd init script to use the LSB init script functions and
    implement the status action.

 -- Russ Allbery <rra@debian.org>  Thu, 02 Feb 2012 00:05:55 -0800

shibboleth-sp2 (2.4.3+dfsg-3) unstable; urgency=low

  * Remove the armel build dependency on g++-4.4 and the code in
    debian/rules to use it, since the g++ bug has been fixed.
    (Closes: #654745)

 -- Russ Allbery <rra@debian.org>  Thu, 05 Jan 2012 10:18:47 -0800

shibboleth-sp2 (2.4.3+dfsg-2) unstable; urgency=low

  * Build-depend on g++-4.4 on armel and build with that compiler since
    g++ 4.5 and 4.6 die with an internal compiler error even with no
    optimization.  Patch from Peter Green.  (Closes: #623263)
  * Change the default native.logger facility to 3 from 3 << 3, since the
    current log4cpp does indeed do the facility shift.  Thanks to Jeremy
    Maryott for the report.  (Closes: #638594)
  * Update the upstream download location in debian/copyright.
  * Fix some formatting issues in debian/copyright caught by Lintian.

 -- Russ Allbery <rra@debian.org>  Sun, 25 Sep 2011 14:44:15 -0700

shibboleth-sp2 (2.4.3+dfsg-1) unstable; urgency=low

  * New upstream release.
    - Expire redirects by default so that the browser doesn't cache them
      (turn off with ShibExpireRedirects off)
    - Make library init routines idempotent
    - <SSO>SAML2</SSO> now enables ECP support
    - Fix SELECT query in ODBC storage service plugin
    - Fix metagen to only create PAOS ACS elements once
    - Fix XML namespace in metagen-generated XML for HOSTS
    - DiscoFeed with no metadata provider returns an empty feed instead of
      throwing an exception
    - Fix calculation of time interval when maxTimeSinceAuthn is used and
      IdP time is ahead of SP time
    - Improve the IdP example metadata
  * Change update-rc.d invocation for the shibd init script to use the
    same run levels as the LSB headers, removing a warning during package
    installation.
  * Update debian/watch and debian/rules for the new upstream distribution
    location.

 -- Russ Allbery <rra@debian.org>  Mon, 25 Jul 2011 17:27:23 -0700

shibboleth-sp2 (2.4.2+dfsg-2) unstable; urgency=low

  * Include stddef.h for offsetof in apache/mod_apache.cpp, fixing FTBFS
    with g++ 4.6.  (Closes: #624877)
  * Remove ${shlibs:Depends} from libshibsp-dev, which doesn't contain any
    binaries.
  * Update standards version to 3.9.2 (no changes required).

 -- Russ Allbery <rra@debian.org>  Sun, 15 May 2011 20:07:24 -0700

shibboleth-sp2 (2.4.2+dfsg-1) unstable; urgency=low

  [ Ferenc Wagner ]
  * Fix watch file.  The 2.4 prerelease broke it.

  [ Faidon Liambotis ]
  * Enable and ship memcache-store.

  [ Russ Allbery ]
  * New upstream release.
    - Move <SecurityPolicies> default to a separate configuration file
    - Allow hard-coding the return URL after authentication
    - Allow restrictions on signing/digest algorithms to accept
    - New -o, -u, and -g flags to keygen
    - Add SessionIndex of an AuthnStatement to environment variables
    - Support for metadata extensions for algorithm support
    - New extension for decoding base64 encoded attributes
    - Allow configuration of XMLAccessControl rules in .htaccess
    - Support explicit filtering of NameID by qualifiers
    - New simplified configuration mechanism
    - Allow inheritance of RelyingParty definitions in ApplicationOverride
    - Provide more information in the status handler
    - New endpoint producing JSON data for Discovery Service
    - Generate the EntityDescriptor/ID via hashing for stability
    - Allow using a regex to generate a URL from the entityID in dynamic
      metadata plugin
    - Support for multibyte request paths
    - New session cache option to avoid storing complete assertions
    - Support MDX-style artifact lookup in dynamic MD plugin
    - Allow storing and retrieving the session key from an HTTP header
    - Support "unspecified" NameFormat without special configuration
    - Allow overriding listener details to permit use of a shared config
    - Add error information to attribute ResolutionContext
    - Set the correct variables for log4cpp libraries (Closes: #606489)
    - Multiple bug fixes
  * Rebuild with OpenSSL 1.0.0.  (Closes: #620774)
  * Change package names for the upstream SONAME change.
  * Update Debian man pages for upstream utility changes.
  * Build-depend on xmltooling 1.4 or later and OpenSAML 2.4 or later, and
    also update schema and development package dependencies.
  * Force build dependency on xml-security-c 1.6 or later for consistent
    build results.
  * Add build dependency on pkg-config, which upstream now uses to find
    the SSL libraries.
  * Add build dependency on graphviz for better API documentation.
  * Replace the version of jQuery installed by Doxygen in the
    documentation package with a symlink to the version supplied by the
    Debian package and add a dependency.
  * Drop the *.la files from /usr/lib/shibboleth.  Upstream does loading
    by *.so files and doesn't use libltdl, and Debian is dropping *.la
    files where possible.
  * Fix LSB Description keyword formatting in the shibd init script.
  * Empty the Default-Stop setting for the shibd init script.  Just
    killing the daemon as part of shutdown should be fine.
  * Ignore the plugins in /usr/lib/shibboleth when running dh_makeshlibs.
    They have SONAMEs but aren't actually libraries.
  * Update to debhelper compatibility level V8.
    - Use debhelper rule minimization.
  * Update debian/copyright to the current DEP-5 specification.
  * Change to Debian source format 3.0 (quilt).  Force a single Debian
    patch for simplicity since the packaging is maintained in Git using
    branches, and include a patch header explaining why.
  * Update standards version to 3.9.1 (no changes required).

 -- Russ Allbery <rra@debian.org>  Fri, 08 Apr 2011 13:01:21 -0700

shibboleth-sp2 (2.3.1+dfsg-5) unstable; urgency=high

  * Merge the forgotten pidfile fix from branch bug/unlink-pidfile after
    merging upstream/2.3.1+dfsg into that.  Original changlog entry:

    Apply upstream fix for shibd removing the PID file when called with
    the -F option.  This prevents the check of certificate permissions in
    the init script from removing the PID file of a running shibd.

    (Closes: 611614)

 -- Ferenc Wagner <wferi@niif.hu>  Tue, 01 Feb 2011 16:44:15 +0100

shibboleth-sp2 (2.3.1+dfsg-4) unstable; urgency=low

  * Only restart Apache if it is running.  Thanks, Mehdi Dogguy, Michael
    Biebl, and Ferenc Wagner.

 -- Russ Allbery <rra@debian.org>  Mon, 29 Nov 2010 14:29:42 -0800

shibboleth-sp2 (2.3.1+dfsg-3) unstable; urgency=low

  [ Ferenc Wagner ]
  * Restart Apache from the postinst script if the shib2 module is enabled
    to avoid communication errors with the upgraded shibd.  (Closes: #602328)

  [ Faidon Liambotis ]
  * Add myself to Uploaders.
  * Enable and ship memcache-store.

 -- Ferenc Wagner <wferi@niif.hu>  Mon, 22 Nov 2010 22:17:57 +0100

shibboleth-sp2 (2.3.1+dfsg-2) unstable; urgency=low

  * Modify shib-keygen to create the new certificate key group-readable by
    _shibd and not world-readable.  (Closes: #571631, CVE-2010-2450)
  * Force source format 1.0 for now since it makes backporting easier.
  * Update debhelper compatibility level to V7.
    - Use dh_prep instead of dh_clean -k.
  * Update standards version to 3.8.4 (no changes required).

 -- Russ Allbery <rra@debian.org>  Sat, 15 May 2010 15:25:12 -0700

shibboleth-sp2 (2.3.1+dfsg-1) unstable; urgency=low

  * New upstream release.
    - Don't sign messages for SOAP requests twice.
    - Correctly generate metadata in the artifact resolution handler.
    - Artifact resolution should return empty success on errors.
    - Fixed crash in backchannel global logout.
    - Fix duplicate indexes in metadata generation when multiple base URLs
      are supplied.
    - Correctly decrypt assertions in attribute responses.
  * Apply upstream fix for shibd removing the PID file when called with
    the -F option.  This prevents the check of certificate permissions in
    the init script from removing the PID file of a running shibd.
  * Add ${shlibs:Depends} to the libshibsp-dev package dependencies.
  * Add ${misc:Depends} to all package dependencies.

 -- Russ Allbery <rra@debian.org>  Sun, 03 Jan 2010 13:54:55 -0800

shibboleth-sp2 (2.3+dfsg-1) unstable; urgency=high

  [ Russ Allbery ]
  * Urgency set to high for security fix.
  * New upstream release.
    - SECURITY: Partial fix for improper handling of URLs that could be
      abused for script injection and other cross-site scripting attacks.
      The complete fix also requires newer xmltooling and opensaml2
      packages.  (Closes: #555608, CVE-2009-3300)
    - Avoid shibd crash on dead memcache server.
    - Pass the affiliation name to the session initiator.
    - Correctly handle a bogus ACS.
    - Allow overriding the URL that's passed to the DS.
    - Add schema types for new attribute decoders introduced in 2.2.
    - Handle success with partial logout in the logout UI code.
    - Fix POST data preservation with empty parameters and empty forms.
    - Fix SAML 1 specification of attributes in the query plugin.
    - Shorten ePTId-type persistent identifiers.
    - Use an ID rather than a whole doc reference for generated metadata.
    - Fix spelling of scopeDelimiter in the configuration parser, making
      the code and documentation match the schema.
  * Rename library package for upstream SONAME bump.
  * Tighten build and package dependencies on xmltooling and opensaml2 to
    require the versions with the security fix.
  * Fix watch file for the new version mangling.
  * Improve documentation of DAEMON_OPTS in /etc/default/shibd.
  * Remove unnecessary patches to upstream files regenerated during the
    build from the source package diff.

  [ Faidon Liambotis ]
  * Run make install with NOKEYGEN=1 and stop rm-ing generated
    certificates.  Fixes FTBFS.

  [ Ferenc Wagner ]
  * Run shibd as non-root.

 -- Russ Allbery <rra@debian.org>  Wed, 11 Nov 2009 14:39:44 -0800

shibboleth-sp2 (2.2.1+dfsg-2) unstable; urgency=low

  * Change the libapache2-mod-shib2 section to httpd, matching override.
  * Add a NEWS.Debian entry for libapache2-mod-shib2 that explains the
    recommended configuration update for the 2.2 version.  Thanks, Scott
    Cantor and Kristof BAJNOK.

 -- Russ Allbery <rra@debian.org>  Wed, 09 Sep 2009 12:15:08 -0700

shibboleth-sp2 (2.2.1+dfsg-1) unstable; urgency=high

  * New upstream release.
    - SECURITY: Fix improper handling of certificate names containing nul
      characters.
    - SECURITY: Correctly validate the use attribute of KeyDescriptors,
      preventing use of a key for signing or for encryption if its use
      field says it may not be used for that purpose.
    - New shib-metagen script for generating Shibboleth SP metadata.
    - Support preserving form data across user authentication.
    - Support internal server redirection while maintaining protection.
    - Fix incompatibility between lazy sessions and servlet containers.
    - Fix some problems with dynamic metadata resolution.
    - Fix incompatibility with mod_include.
    - Fix single logout via SOAP.
    - Fix shibd crash with invalid metadata.
    - Fix crash in chaining attribute resolver.
    - Avoid infinite loop on empty attribute mapped to REMOTE_USER.
    - Fix handling of some Unicode data in relaystate data in URLs.
    - Correctly return Success to LogoutRequest where appropriate.
    - Avoid chunked encoding in back-channel calls.
    - Correctly check Recipient values in assertions.
    - Fix attributePrefix handling in some contexts.
    - Fix generated metadata DiscoveryResponse.
    - Fix handling of unsigned responses with encryption.
    - Fix handling of InProcess property.
  * Rename library package for upstream SONAME bump.
  * Tighten build dependencies and schema package dependencies on
    opensaml2 and xmltooling.
  * Build against Xerces-C 3.0.
  * Dynamically determine the Debian and upstream package versions for
    get-orig-source from debian/changelog.
  * Update libapache2-mod-shib2's README.Debian for changes to the
    TestShib web pages.
  * Use the automatically-extracted package version as the version number
    for the man pages.
  * Update standards version to 3.8.3.
    - Create /var/run/shibboleth in the init script if it doesn't exist.
    - Don't ship /var/run/shibboleth in the package.
    - Remove /var/run/shibboleth in postrm if it exists.

 -- Russ Allbery <rra@debian.org>  Mon, 07 Sep 2009 16:14:29 -0700

shibboleth-sp2 (2.1.dfsg1-2) unstable; urgency=low

  * Redo the variable quoting in doxygen.m4 so that configure can be
    rebuilt with Autoconf 2.63.  (Closes: #518039)

 -- Russ Allbery <rra@debian.org>  Tue, 03 Mar 2009 15:03:10 -0800

shibboleth-sp2 (2.1.dfsg1-1) unstable; urgency=low

  [ Russ Allbery ]
  * New upstream version.
    - New memory cache storage backend.
    - Schema validation is now optional.
    - Many bug fixes.
  * Bump SONAME of libshibsp following upstream's versioning.
  * Build-depend on libsaml2-dev >= 2.1 following the upstream spec file
    and libxmltooling-dev 1.1 just in case (required by OpenSAML 2.1).
  * Fix the name of the tarball created by get-orig-source.
  * Logcheck rules.
  * Tighten the dependency versioning; the 2.1 SP library requires the
    2.1 schemas from the Shibboleth SP and OpenSAML and the 1.1 schemas
    from XMLTooling.
  * Remove duplicate Section field for libapache2-mod-shib2.

  [ Ferenc Wagner ]
  * Follow the libshibsp1->2 package rename in the dh_makeshlibs invocation.
  * Remove the Shibboleth minor version number from README.Debian.
  * Comment out the reference to WS-Trust.xsd from the catalog.xml file in
    shibboleth-sp2-schemas and document how to enable it again.

 -- Russ Allbery <rra@debian.org>  Fri, 27 Feb 2009 20:54:51 -0800

shibboleth-sp2 (2.0.dfsg1-4) unstable; urgency=low

  [ Ferenc Wagner ]
  * Rename debian/shib.load to debian/shib2.load to avoid clashing with the
    libapache2-mod-shib package.  Otherwise its Apache config file breaks our
    module.
  * Add directory /var/log/shibboleth to libapache2-mod-shib2 (thanks to Peter
    Schober for noticing)

  [ Russ Allbery ]
  * Add a postinst to disable the old configuration on upgrade and enable
    the module if it had been enabled under the old configuration name.
  * Wait for shibd to exit on stop or restart.  This fixes a bug in
    restart that could lead to no new shibd being started because the old
    one had not yet exited.
  * Fix a syntax error in the shibd man page.

 -- Russ Allbery <rra@debian.org>  Tue, 14 Oct 2008 21:47:36 -0700

shibboleth-sp2 (2.0.dfsg1-3) unstable; urgency=low

  [ Ferenc Wagner ]
  * Avoid brace expansion in debian/rules, dash does not like it.
    (Closes: #493408)

  [ Russ Allbery ]
  * Add logcheck rules to ignore some of the routine messages from the
    Apache module.  This only covers startup and teardown; more will
    need to be added.
  * Fix watch file for new upstream tarball naming.

 -- Russ Allbery <rra@debian.org>  Tue, 19 Aug 2008 19:04:35 -0700

shibboleth-sp2 (2.0.dfsg1-2) unstable; urgency=low

  * Apply upstream fix for variable sizes in the ODBC code.  Fixes a
    FTBFS on 64-bit platforms.  (Closes: #492101)

 -- Russ Allbery <rra@debian.org>  Thu, 24 Jul 2008 08:44:50 -0700

shibboleth-sp2 (2.0.dfsg1-1) unstable; urgency=low

  [ Ferenc Wágner ]
  * Initial release (Closes: #480290)

 -- Russ Allbery <rra@debian.org>  Wed, 25 Jun 2008 20:06:10 -0700

