[removing -release and the closed bug report]
Florian Weimer wrote:
>> Right. Please upload opensaml2 first (after sending in a source
>> debdiff for review), and then wait with uploading shibboleth-sp2 until
>> we tell you it's okay to do so.
>
> It's now possible to upload shibboleth-sp2 to security-master. Thanks
> for your assistance.
Thanks.
I've now verified via objdump that the relevant opensaml2 function is
indeed embedded into shibboleth-sp2; I'm not sure if and when it is used
(as I said before, just upgrading libsaml2 worked here) but I'd vote
that we shouldn't risk it.
Attached is the debdiff for shibboleth-sp2 2.0.dfsg1-4+lenny1.
Please approve.
Thanks,
Faidon
diff -u shibboleth-sp2-2.0.dfsg1/debian/changelog
shibboleth-sp2-2.0.dfsg1/debian/changelog
--- shibboleth-sp2-2.0.dfsg1/debian/changelog
+++ shibboleth-sp2-2.0.dfsg1/debian/changelog
@@ -1,3 +1,13 @@
+shibboleth-sp2 (2.0.dfsg1-4+lenny1) stable-security; urgency=high
+
+ * Non-maintainer upload.
+ * Rebuild against opensaml2 2.0-2+lenny1, which includes a fix for a security
+ vulnerability in a header that is included here.
+ * Run make install with NOKEYGEN=1 and stop rm-ing generated certificates.
+ Fixes FTBFS.
+
+ -- Faidon Liambotis <parav...@debian.org> Thu, 08 Oct 2009 12:07:32 +0000
+
shibboleth-sp2 (2.0.dfsg1-4) unstable; urgency=low
[ Ferenc Wagner ]
diff -u shibboleth-sp2-2.0.dfsg1/debian/control
shibboleth-sp2-2.0.dfsg1/debian/control
--- shibboleth-sp2-2.0.dfsg1/debian/control
+++ shibboleth-sp2-2.0.dfsg1/debian/control
@@ -4,7 +4,7 @@
Maintainer: Debian Shib Team <pkg-shibboleth-de...@lists.alioth.debian.org>
Uploaders: Russ Allbery <r...@debian.org>, Ferenc Wagner <wf...@niif.hu>
Build-Depends: debhelper (>= 5), autotools-dev, autoconf, automake,
- libtool, apache2-threaded-dev, doxygen, liblog4cpp5-dev, libsaml2-dev,
+ libtool, apache2-threaded-dev, doxygen, liblog4cpp5-dev, libsaml2-dev (>=
2.0-2+lenny1),
libssl-dev, libxerces-c2-dev, libxml-security-c-dev (>= 1.4),
libxmltooling-dev, opensaml2-schemas, unixodbc-dev, xmltooling-schemas
Standards-Version: 3.8.0
diff -u shibboleth-sp2-2.0.dfsg1/debian/rules
shibboleth-sp2-2.0.dfsg1/debian/rules
--- shibboleth-sp2-2.0.dfsg1/debian/rules
+++ shibboleth-sp2-2.0.dfsg1/debian/rules
@@ -82,13 +82,12 @@
dh_testdir
dh_testroot
dh_clean -k
- $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+ $(MAKE) NOKEYGEN=1 DESTDIR=$(CURDIR)/debian/tmp install
rm -r $(CURDIR)/debian/tmp/usr/share/doc/shibboleth
rm $(CURDIR)/debian/tmp/etc/shibboleth/*.dist
rm $(CURDIR)/debian/tmp/etc/shibboleth/*.config
rm $(CURDIR)/debian/tmp/etc/shibboleth/shibd-osx.plist
rm $(CURDIR)/debian/tmp/etc/shibboleth/shibd-redhat
- rm $(CURDIR)/debian/tmp/etc/shibboleth/sp-*.pem
chmod +x $(CURDIR)/debian/tmp/etc/shibboleth/keygen.sh
mv $(CURDIR)/debian/tmp/etc/shibboleth/keygen.sh \
$(CURDIR)/debian/tmp/usr/sbin/shib-keygen
