Your message dated Sun, 14 Jul 2013 18:48:46 +0000 with message-id <e1uyrli-0003sc...@franck.debian.org> and subject line Bug#666804: fixed in shibboleth-sp2 2.5.2+dfsg-2 has caused the Debian Bug report #666804, regarding shibboleth-sp2: sourceful transition towards Apache 2.4 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 666804: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666804 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: shibboleth-sp2 Severity: important User: debian-apa...@lists.debian.org Usertags: apache24transition Dear maintainer, your package shibboleth-sp2 is provding an Apache2 web server module. We're upgrading Apache to the new upstream version 2.4 [1] (tracked as transition bug #661958). This requires all modules to be rebuilt due to ABI changes. Thus, you need to rebuild and reupload your Apache2 module package in a version compatible to our new package available in experimental [2]. Please note it is not enough to simply rebuild the module - it needs some adaptions in the module package metadata. We have written packaging guidelines for our reverse dependencies [3]. Please read it carefully, it should be able to answer most of your questions. Do also look at dh_apache2 (available through the dh-apache2 package) which can simplify packaging Apache2 modules. In short, we want to highlight these changes you need to be aware of. * APIs changed for some cases [3]. Chances are your module needs some adaptions, please get in touch with upstream or us if you need help to port your module to Apache 2.4. * MPM packages are gone. You cannot depend or conflict with a particular MPM anymore. If your module does not work with a particular module, make sure to make it abort with an error if loaded together with an incompatible MPM. You can use our apache2-maintscript-helper [4] to switch to the MPM of your choice in your maintainer scripts. * Do not build-depend on apache2-threaded-dev or apache2-prefork-dev anymore. Just like MPMs are gone, are our MPM -dev packages as well. All modules need to simply build-depend on apache2-dev. * Do NOT depend on apache2, apache2-common or any other real apache2 package in your binary module package. Depend on our virtual apache2-api-20120211 package only! * Do NOT call a2enmod/a2dismod in your maintainer scripts. Use our apache2-maintscript-helper [3] instead. This is required to get a uniform and stateful handling of all Apache2 modules. You can look at our Apache 2.4 packaging hints [5] for hands-on tutorials. Please note: This bug is filed as "important" for now. As the time goes by we plan make it a release critical severity. In the consequences your module either needs an update or is going to be removed from Wheezy. For the time being please tag the bug as pending as soon as you have a package ready. We strongly recommend that at least maintainers of complex module packages make an upload to experimental as well. Of course, uploading simple modules to experimental is welcome, too. [1] https://lists.debian.org/debian-devel-announce/2012/03/msg00013.html [2] http://packages.debian.org/search?keywords=apache2&searchon=sourcenames&exact=1&suite=all§ion=all [3] http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git;a=blob;f=debian/PACKAGING;hb=next [4] http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html [5] http://wiki.debian.org/Apache/PackagingFor24
--- End Message ---
--- Begin Message ---Source: shibboleth-sp2 Source-Version: 2.5.2+dfsg-2 We believe that the bug you reported is fixed in the latest version of shibboleth-sp2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 666...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Russ Allbery <r...@debian.org> (supplier of updated shibboleth-sp2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 14 Jul 2013 11:27:40 -0700 Source: shibboleth-sp2 Binary: libapache2-mod-shib2 libshibsp6 libshibsp-dev libshibsp-doc shibboleth-sp2-schemas Architecture: source i386 all Version: 2.5.2+dfsg-2 Distribution: unstable Urgency: low Maintainer: Debian Shib Team <pkg-shibboleth-de...@lists.alioth.debian.org> Changed-By: Russ Allbery <r...@debian.org> Description: libapache2-mod-shib2 - Federated web single sign-on system (Apache module) libshibsp-dev - Federated web single sign-on system (development) libshibsp-doc - Federated web single sign-on system (API docs) libshibsp6 - Federated web single sign-on system (runtime) shibboleth-sp2-schemas - Federated web single sign-on system (schemas) Closes: 666804 685069 Changes: shibboleth-sp2 (2.5.2+dfsg-2) unstable; urgency=low . * Upload to unstable. . shibboleth-sp2 (2.5.2+dfsg-1) experimental; urgency=low . * New upstream release. - New shib-session and shib-user Require authentication types added, which should be used in preference to Require valid-user or Require user with Shibboleth authentication is desired. - New ShibCompatValidUser Apache directive, which works around the way that Shibboleth hooks into Require valid-user and Require user so that those directives will continue to work with non-Shibboleth authentication types. This directive will be needed for servers that use Shibboleth and other authentication methods and want to use Require valid-user or Require user with non-Shibboleth methods. - Fix implementation of shib-metagen -l. - Fix AttributeExtractor handling of multiple logos. - Fix metadata attribute extraction with non-ASCII characters. - Fix problems with Apache subrequests during server-side include handling of unprotected pages. - Add character set to DiscoFeed page header. - Avoid leaking shibd sockets to child processes. * Add NEWS entry for the authentication directive changes. * Update README.Debian instructions to add AuthType None to the URLs that have to be available to everyone and to use Require shib-session instead of Require valid-user. * Create /var/cache/shibboleth on install and remove it on purge. * Link the FastCGI programs with libxmltooling-lite since they call one of its interfaces directly. (This shows up as a build failure otherwise due to the Debian build rules use of --as-needed.) . shibboleth-sp2 (2.5.1+dfsg-1) experimental; urgency=low . * New upstream release. (Closes: #685069) - Support for Apache 2.4. Please note there are some configuration incompabilities between Apache 2.4 and Apache 2.2. See the upstream documentation at https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig for more information. (Closes: #666804) - Disable the PKCS 1.5 algorithm for SAML assertion encryption by default for security reasons. This can be re-enabled if necessary in the security-policy.xml configuration file. - The protocol between the Apache module and shibd has changed. shibd will be restarted during upgrades, but if the module is configured to talk to a remote shibd over TCP, both the module and shibd must be upgraded at the same time. - Settings to limit redirections have been renamed from relayStateLimit and relayStateWhitelist to redirectLimit and redirectWhitelist respectively and the old names are deprecated (but still supported). - cookieProps has been simplified and warnings introduced if SSL restrictions are not enabled. - The <AttributeExtractor> element that loads the attribute-map.xml file now defaults to reloadChanges="false". Restarting the SP when this file changes is recommended for security reasons. - Logging properties have been removed from the default configuration file and the absence of properties now indicates use of the default logging configuration files (shibd.logger and native.logger). - The native.log file is now created as root before Apache child initialization to minimize permission issues. - Files that persist across server restarts have been moved to /var/cache/shibboleth. - The example style sheet for error templates has been moved to a version-independent location in /usr/share/shibboleth. A logo file is no longer included in the package to avoid accidental use of the Shibboleth logo on production sites. If your existing error templates reference these files, you should correct this by copying files that you need to locations that you control. - The module should now be referenced as mod_shib.cpp in conditionals that want to reference a source file name. - Clients that bounce between IPv4 and IPv6 addresses should now be handled more smoothly. - SP initialization now fails if an external session cache is configured but cannot be opened. * Update libapache2-mod-shib2's README.Debian: - Use the Apache 2.4 authorization syntax. - Mention possibly having to grant access to /Shibboleth.sso. - The module is now enabled by default but still needs configuration. - Update the upstream configuration documentation URL. - The reason for switching native.logger to syslog is now obsolete (but the package still does that, possibly to be reconsidered later). * Remove the (undefined) warn_log destination from the default native.logger configuration file, restoring consistency with the Debian modification to log to syslog. Since all native logs go to syslog, there's no need to have differentiated log destinations based on threshold. The previous version of the file referenced a commented-out warn_log destination, which caused errors to be spammed to syslog. * Build with GSS-API support. * Build and install FastCGI programs in /usr/lib/<triplet>/shibboleth. For right now, these are still included in libapache2-mod-shib2, which makes them substantially less useful than they would be in their own package. Further work is required to allow the FastCGI programs plus shibd to be installed independent of the Apache module. * Add build dependency on libboost-dev. * Use log4shib instead of log4cpp. * Force build dependencies and package dependencies on xml-security-c 1.7 or later, xmltooling 1.5 or later, and opensaml2 2.5 or later to ensure everything is consistent. * Remove explicit build dependency on libtool. This is now handled by dh-autoreconf. * Add Multi-Arch: same to libshibsp-dev and Multi-Arch: foreign to libshibsp-doc and shibboleth-sp2-schemas. * Remove Conflicts with libapache2-mod-shib. lenny is dead. * Fix the libshibsp-doc package name in the Suggests on libshibsp-dev and remove the nonstandard version constraint. * Install the upstream doc/RELEASE.txt file as the upstream changelog. It's not exactly a changelog, but it has pointers to the upstream web documentation of changes, which is probably what people are looking for. * Drop postinst code to handle upgrades from the Shibboleth 1.x module, which was last included in lenny. * Switch to xz compression for the repackaged upstream source, *.debian.tar, and the *.deb packages. * Update upstream Homepage. * Canonicalize the URLs in the Vcs-Git and Vcs-Browser control fields. * Update standards version to 3.9.4. - Update debian/copyright to specify copyright-format 1.0. Checksums-Sha1: d4d8303c0db3f76fc4ca5a0e5a826eb21e9ed81c 2271 shibboleth-sp2_2.5.2+dfsg-2.dsc d6ca8b3a54bf11783f36a4a553b7f3f34b345329 23580 shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz cfa304c26e1417a1383d0e75316d2d575f4ce8f5 257168 libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb 0201b4fa2ad839b525491de5a12f252b58280596 800358 libshibsp6_2.5.2+dfsg-2_i386.deb 4ab8b5f9c7bb19ec19b11f9f6b329207488ac24f 50814 libshibsp-dev_2.5.2+dfsg-2_i386.deb 174e1a37bf41e7e404b9c80a70323b025a00579a 269288 libshibsp-doc_2.5.2+dfsg-2_all.deb 178753de0788f788cae69f11f592bb46d9c25025 26110 shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb Checksums-Sha256: 7ea696ae85b2673aa283749797d438d5f4018250147c2f22001f4519f98dcad5 2271 shibboleth-sp2_2.5.2+dfsg-2.dsc b046d837b2b2019fcc18fe7bd4a7d4689d6804e9340426be4e56b88f482607cd 23580 shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz e7927a6685d5ed0b876ac9891479ac7a9ecf4eb928b437497d17fecd55ba9fe1 257168 libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb 2237ddfafca9ca35cfbcab577c0cecb6c1362b7abb206f7727114996045e5770 800358 libshibsp6_2.5.2+dfsg-2_i386.deb 68b2aef543297ceb183d947fa579746335457b7529b91adcdacb7e1466a23c3f 50814 libshibsp-dev_2.5.2+dfsg-2_i386.deb 5a23c9308b0624bc06359b897cf282aab04d02e9866263320b966a94b997fd1c 269288 libshibsp-doc_2.5.2+dfsg-2_all.deb d6f6aa4042b6c6271a80600994b8bc428b3959029f56efacda32e2c790342d96 26110 shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb Files: 2266bd670664360d378ba53462c40d1e 2271 web extra shibboleth-sp2_2.5.2+dfsg-2.dsc 0774fbc4eac15bd1b12fcd7a3d1a0f9e 23580 web extra shibboleth-sp2_2.5.2+dfsg-2.debian.tar.xz e701c682c1828c05d0ffc952e416f7f1 257168 httpd extra libapache2-mod-shib2_2.5.2+dfsg-2_i386.deb 20417ca3cf5a3a4d2e343d38a14b1549 800358 libs extra libshibsp6_2.5.2+dfsg-2_i386.deb 144b1df7b9cddccab61073685031e326 50814 libdevel extra libshibsp-dev_2.5.2+dfsg-2_i386.deb 9cae7984447c9e40beb5eeda84150dc7 269288 doc extra libshibsp-doc_2.5.2+dfsg-2_all.deb 954d3d44618aa6d3a35a5aca2d958288 26110 text extra shibboleth-sp2-schemas_2.5.2+dfsg-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJR4vE1AAoJEH2AMVxXNt51cOkH/A8K9JEj4mkyKjZkzEFzICi+ D/rGSDkSm/dibp+4pJIMYXhUjAeVUen3IPAM2oQSixBE1OiiJKR2iwGdtEd2XGSm mcLaDzm1q87d8AXYMdtDGIHdA7LJjsAcI+JVnLUx2fhyO5mgv7MCMgFI6OagITWj VzBn81rmt6LYH4iqCEsjOX91AjGNoQsVMkkP8FHEV+9wm2zjrkBw8NluvHcGK/TP sspSiepL3D5V6mj9ZKoCotjLSkO5Igukv8a7GvIGx/IYtXXbJSRHTu4dRrK0uCVW He7D82KoQfXdG4bhXdXI8OPbygCxsQR2n8P/410bMxNYQnP0uRgnyh34chMtjHU= =tZkE -----END PGP SIGNATURE-----
--- End Message ---
