Bug#987662: unblock: shibboleth-sp/3.2.2+dfsg1-1
Sebastian Ramacher writes: > Since the new upstream release only fixes the security issue, let's take > 3.2.2+dfsg1-1. Thanks, uploaded. -- Feri
Bug#987662: unblock: shibboleth-sp/3.2.2+dfsg1-1
Control: tags -1 confirmed On 2021-04-27 14:42:49 +0200, Ferenc Wágner wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package shibboleth-sp > > Dear Release Team, > > The recent Shibboleth SP advisory > (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987608) was fixed > upstream by a new patch level release: 3.2.2. The release contains > nothing but two crash fixes: one affecting test setups only and the > remote unauthenticaed DoS fix referenced by the above advisory. > However, upstream upgraded to Autoconf 2.71 meanwhile, so the debdiff is > too big to fit in this bug report. Here's the diffstat instead: > > $ debdiff shibboleth-sp_3.2.1+dfsg1-1.dsc shibboleth-sp_3.2.2+dfsg1-1.dsc | > diffstat > Makefile.in|3 > aclocal.m4 |4 > adfs/Makefile.in |1 > apache/Makefile.in |1 > build-aux/compile |6 > build-aux/config.guess | 620 > build-aux/config.sub | 2585 +- > build-aux/depcomp |2 > build-aux/install-sh | 161 > build-aux/missing |2 > config.h.in| 12 > config_win32.h |6 > configs/Makefile.in|1 > configure | 9133 > +- > configure.ac |2 > debian/changelog |8 > debian/patches/Clean-up-cxxtest-configuration.patch|2 > debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch |2 > doc/Makefile.in|1 > fastcgi/Makefile.in|1 > m4/libtool.m4 | 13 > memcache-store/Makefile.in |1 > nsapi_shib/Makefile.in |1 > odbc-store/Makefile.in |1 > plugins/Makefile.in|1 > schemas/Makefile.in|1 > selinux/Makefile.in|1 > shibboleth.spec|9 > shibboleth.spec.in |7 > shibd/Makefile.in |1 > shibsp/Makefile.am |4 > shibsp/Makefile.in |5 > shibsp/handler/impl/SAML2Logout.cpp|9 > shibsp/handler/impl/SAML2NameIDMgmt.cpp| 10 > shibsp/impl/StorageServiceSessionCache.cpp |8 > shibsp/shibsp.rc |4 > shibsp/version.h |2 > unittests/Makefile.in |1 > util/Makefile.in |1 > 39 files changed, 7044 insertions(+), 5589 deletions(-) > > On the other hand, the shibboleth-sp package builds with Debhelper > compat level 12, which includes autoreconf, so the bulk of this is > inconsequential. The actual code difference is pretty small: > > $ git diff --stat 3.2.1 3.2.2 > config_win32.h | 6 +++--- > configure.ac | 2 +- > shibboleth.spec.in | 7 +-- > shibsp/Makefile.am | 4 ++-- > shibsp/handler/impl/SAML2Logout.cpp| 9 + > shibsp/handler/impl/SAML2NameIDMgmt.cpp| 10 ++ > shibsp/impl/StorageServiceSessionCache.cpp | 8 +++- > shibsp/shibsp.rc | 4 ++-- > shibsp/version.h | 2 +- > util/resourceCommon.rci| 6 +++--- > 10 files changed, 35 insertions(+), 23 deletions(-) > > So here is the debdiff with the Autocruft omitted: > > diff -Nru shibboleth-sp-3.2.1+dfsg1/configure.ac > shibboleth-sp-3.2.2+dfsg1/configure.ac > --- shibboleth-sp-3.2.1+dfsg1/configure.ac2021-03-16 14:33:31.0 > +0100 > +++ shibboleth-sp-3.2.2+dfsg1/configure.ac2021-04-23 00:18:15.0 > +0200 > @@ -1,5 +1,5 @@ >
Bug#987662: unblock: shibboleth-sp/3.2.2+dfsg1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package shibboleth-sp Dear Release Team, The recent Shibboleth SP advisory (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987608) was fixed upstream by a new patch level release: 3.2.2. The release contains nothing but two crash fixes: one affecting test setups only and the remote unauthenticaed DoS fix referenced by the above advisory. However, upstream upgraded to Autoconf 2.71 meanwhile, so the debdiff is too big to fit in this bug report. Here's the diffstat instead: $ debdiff shibboleth-sp_3.2.1+dfsg1-1.dsc shibboleth-sp_3.2.2+dfsg1-1.dsc | diffstat Makefile.in|3 aclocal.m4 |4 adfs/Makefile.in |1 apache/Makefile.in |1 build-aux/compile |6 build-aux/config.guess | 620 build-aux/config.sub | 2585 +- build-aux/depcomp |2 build-aux/install-sh | 161 build-aux/missing |2 config.h.in| 12 config_win32.h |6 configs/Makefile.in|1 configure | 9133 +- configure.ac |2 debian/changelog |8 debian/patches/Clean-up-cxxtest-configuration.patch|2 debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch |2 doc/Makefile.in|1 fastcgi/Makefile.in|1 m4/libtool.m4 | 13 memcache-store/Makefile.in |1 nsapi_shib/Makefile.in |1 odbc-store/Makefile.in |1 plugins/Makefile.in|1 schemas/Makefile.in|1 selinux/Makefile.in|1 shibboleth.spec|9 shibboleth.spec.in |7 shibd/Makefile.in |1 shibsp/Makefile.am |4 shibsp/Makefile.in |5 shibsp/handler/impl/SAML2Logout.cpp|9 shibsp/handler/impl/SAML2NameIDMgmt.cpp| 10 shibsp/impl/StorageServiceSessionCache.cpp |8 shibsp/shibsp.rc |4 shibsp/version.h |2 unittests/Makefile.in |1 util/Makefile.in |1 39 files changed, 7044 insertions(+), 5589 deletions(-) On the other hand, the shibboleth-sp package builds with Debhelper compat level 12, which includes autoreconf, so the bulk of this is inconsequential. The actual code difference is pretty small: $ git diff --stat 3.2.1 3.2.2 config_win32.h | 6 +++--- configure.ac | 2 +- shibboleth.spec.in | 7 +-- shibsp/Makefile.am | 4 ++-- shibsp/handler/impl/SAML2Logout.cpp| 9 + shibsp/handler/impl/SAML2NameIDMgmt.cpp| 10 ++ shibsp/impl/StorageServiceSessionCache.cpp | 8 +++- shibsp/shibsp.rc | 4 ++-- shibsp/version.h | 2 +- util/resourceCommon.rci| 6 +++--- 10 files changed, 35 insertions(+), 23 deletions(-) So here is the debdiff with the Autocruft omitted: diff -Nru shibboleth-sp-3.2.1+dfsg1/configure.ac shibboleth-sp-3.2.2+dfsg1/configure.ac --- shibboleth-sp-3.2.1+dfsg1/configure.ac 2021-03-16 14:33:31.0 +0100 +++ shibboleth-sp-3.2.2+dfsg1/configure.ac 2021-04-23 00:18:15.0 +0200 @@ -1,5 +1,5 @@ AC_PREREQ([2.50]) -AC_INIT([shibboleth],[3.2.1],[https://issues.shibboleth.net/],[shibboleth-sp]) +AC_INIT([shibboleth],[3.2.2],[https://issues.shibboleth.net/],[shibboleth-sp]) AC_CONFIG_SRCDIR(shibsp) AC_CONFIG_AUX_DIR(build-aux)
