Ubuntu
opensaml2 package

lp:ubuntu/lucid-security/opensaml2

Lucid (10.04)
lucid-security

Created by Ubuntu Package Importer on 2011-08-10 and last modified on 2011-08-10

Get this branch:: bzr branch lp:ubuntu/lucid-security/opensaml2

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

9. By Joshua Daniel Franklin on 2011-07-28

* SECURITY UPDATE: Fix vulnerability to a "wrapping attack" that could
  allow a remote, unauthenticated attacker to craft messages that can be
  successfully verified but contain arbitrary content. This may allow
  an attacker to subvert the security of software using OpenSAML and
  supply an unauthenticated login identity and data under the guise of a
  trusted issuer. (LP: #817199)
  - Patch obtained from Debian (2.3-2+squeeze1)
  - CVE-2011-1411

8. By Ilya Barygin on 2010-03-22

No-change rebuild for libxerces-c3.0 -> libxerces-c3.1 transition.

7. By Emmet Hikory on 2010-01-15

Rebuild for the libxmltooling transition

6. By Russ Allbery on 2009-11-06

* Urgency set to high for security fix.
* New upstream release.
  - SECURITY: Partial fix for improper handling of URLs that could be
    abused for script injection and other cross-site scripting attacks.
    The complete fix also requires newer xmltooling and shibboleth-sp2
    packages. (CVE-2009-3300)
  - Fix crash on assertions with missing SubjectConfirmation.
  - Remove inline functions except for templates or RAII patterns.
  - Remove xml from the inclusive prefix list to avoid bugs in Apache
    Java xmlsec.
  - Honor digest algorithm in whole document signing with empty URI.
* Rename library package for upstream SONAME bump.
* Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
  depend on libxmltooling-dev 1.3 or later for the fixes for URL
  sanitization.
* Build-depend on libxml-security-c-dev 1.5 or later to ensure
  that all builds are consistent.

5. By Russ Allbery on 2009-09-07

* New upstream release.
  - Fix crash when generating unsigned ECP AuthnRequest.
  - Correct check of key usage against KeyDescriptor use.
* Remove temporary build-depend on libicu-dev and tighten the build
  dependency on libxerces-c-dev to require the fixed version.

4. By Russ Allbery on 2009-02-22

[ Russ Allbery ]
* New upstream bug-fix release.
* Bump SONAME of libsaml following upstream's versioning. The names of
  libsaml2-dev and libsaml2-doc have not changed; the "2" in those names
  refers to the major version of the package, not to the SONAME of the
  library.
* Build-depend on libxmtooling-dev >= 1.1 following the upstream spec
  file.
* Flesh out debian/copyright with entries for build system files and
  convert to the latest draft of the copyright format proposal.
* Remove duplicated Section header in the libsaml3 control stanza.

[ Ferenc Wagner ]
* Fix watch file for upstream directory structure.

3. By Ferenc Wágner on 2009-01-21

* Include fix for https://bugs.internet2.edu/jira/browse/CPPOST-7
(Metadata with EncryptionMethod elements fails to load)
* Include fix for https://bugs.internet2.edu/jira/browse/CPPOST-11
(SignatureMetadataFilter fails to validate signed EntityDescriptor)

2. By Russ Allbery on 2008-06-16

[ Ferenc Wagner ]
Initial release (Closes: #480289)

1. By Russ Allbery on 2008-06-16

Import upstream version 2.0

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/oneiric/opensaml2

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntuopensaml2 package