lp:ubuntu/utopic/opensaml2

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Russ Allbery on 2013-07-13

Upload to unstable.

14. By Russ Allbery on 2012-01-31

* Revert changes to add symbols file. Due to churn in weak symbols for
  inlined functions, it doesn't appear maintainanable with existing
  tools, and for this library the shlibs behavior seems sufficient.
* Force linking with -lpthread, working around a bug in libtool that
  drops the linkage because it uses -nostdlib. See #468555.
* Pass --as-needed to the linker to reduce unnecessary shared library
  dependencies.
* Enable PIE for the opensaml2-tools binaries.
* Strip all of the build flags added by Debian from the pkgconfig
  configuration file installed by the package.

13. By Russ Allbery on 2012-01-27

* Update symbols file from the failed build logs of the remaining
  supported Debian architectures.
* Build-Depend on pkg-kde-tools and use its symbolhelper plugin so that
  the package can use the output of pkgkde-symbolshelper.

12. By Russ Allbery on 2012-01-27

* Update to debhelper compatibility level V9.
  - Enable hardening build flags. (Closes: #656006)
  - Enable multiarch support.
* Add symbols file constructed with pkgkde-symbolshelper. Add a
  README.source file with a pointer to the documentation.
* Use dh_autoreconf to regenerate the build system. This was being done
  already, but not in a controlled way, due to timestamp issues, so just
  do it on every build.
* Make removal of the Doxygen-installed jquery.js file conditional on
  its existence, since some versions of Doxygen don't install it.
* Use the latest directory in debian/watch instead of the versioned
  directories.
* Update the upstream homepage.
* Update the upstream download location in debian/copyright.
* Minor format updates to debian/copyright for the new DEP-5.

11. By Russ Allbery on 2011-07-25

* Set urgency to high for security fix.
* New upstream release.
  - SECURITY: Fix vulnerability to a "wrapping attack" that could allow
    a remote, unauthenticated attacker to craft messages that can be
    successfully verified but contain arbitrary content. This may allow
    an attacker to subvert the security of software using OpenSAML and
    supply an unauthenticated login identity and data under the guise of
    a trusted issuer. (CVE-2011-1411)
  - Fix unmarshalling of RespondWith element
  - Make library init routines idempotent
* Update the Debian-provided samlsign.1 man page for new flags supported
  by the upstream utility.
* Update debian/watch for the new upstream distribution location.
* Update standards version to 3.9.2 (no changes required).

10. By Russ Allbery on 2011-04-03

* New upstream release.
  - Don't download remote metadata if it hasn't changed
  - Verify that fetched metadata is valid, even after filters, before
    overwriting the previous metadata. Improve metadata downloads.
  - Logging improvements for OpenSAML.MetadataProvider.XML
  - Add keywords/tags element to UIInfo extension and disco feed
  - Fix overuse of InclusivePrefixes list when signing
  - Do not use cacheDuration for validity
  - Fix memory leaks
  - Fix crash when encrypting unmarshalled object
  - Resolve sibling EncryptedKey element for decryption
  - Add xml prefix on newly-created xml:lang attributes
  - Duplication and line feed fixes for DiscoFeed.
  - Fix reload interval backoff after reload failures
  - Strip whitespace from SAMLRequest URL parameter values
* Change package names for the upstream SONAME change.
* Install the new upstream pkg-config file in libsaml2-dev.
* Build-depend on xmltooling 1.4 or later.
* Force build dependency on xml-security-c 1.6 or later for consistent
  build results.
* Add build dependency on pkg-config, which upstream now uses to find
  the SSL libraries.
* Add build dependency on graphviz for better API documentation.
* Replace the version of jQuery installed by Doxygen in the
  documentation package with a symlink to the version supplied by the
  Debian package and add a dependency.
* Update to debhelper compatibility level V8.
  - Use the autotools-dev debhelper module for config.{sub,guess}.
  - Use debhelper rule minimization.
* Update debian/copyright to the current DEP-5 specification.
* Change to Debian source format 3.0 (quilt). Force a single Debian
  patch for simplicity since the packaging is maintained in Git using
  branches, and include a patch header explaining why.
* Update standards version to 3.9.1 (no changes required).

9. By Russ Allbery on 2010-05-13

* Force source format 1.0 for now since it makes backporting easier.
* Add ${misc:Depends} to all package dependencies.
* Update debhelper compatibility level to V7.
  - Use dh_prep instead of dh_clean -k.
* Update standards version to 3.8.4 (no changes required).

8. By Ilya Barygin on 2010-03-22

No-change rebuild for libxerces-c3.0 -> libxerces-c3.1 transition.

7. By Emmet Hikory on 2010-01-15

Rebuild for the libxmltooling transition

6. By Russ Allbery on 2009-11-06

* Urgency set to high for security fix.
* New upstream release.
  - SECURITY: Partial fix for improper handling of URLs that could be
    abused for script injection and other cross-site scripting attacks.
    The complete fix also requires newer xmltooling and shibboleth-sp2
    packages. (CVE-2009-3300)
  - Fix crash on assertions with missing SubjectConfirmation.
  - Remove inline functions except for templates or RAII patterns.
  - Remove xml from the inclusive prefix list to avoid bugs in Apache
    Java xmlsec.
  - Honor digest algorithm in whole document signing with empty URI.
* Rename library package for upstream SONAME bump.
* Build-depend on libxmltooling-dev 1.3 or later and make libsaml2-dev
  depend on libxmltooling-dev 1.3 or later for the fixes for URL
  sanitization.
* Build-depend on libxml-security-c-dev 1.5 or later to ensure
  that all builds are consistent.