shibboleth repository for SLES 12 SP5

Wed Feb 19 04:56:06 EST 2020

> To those with ready access to this OS, you might try installing the built-in shibboleth RPM and trying

Good hint! And it looks good - a few people from SuSE seem to be active on the shibboleth-sp package (I anonymized the names - if you need a direct contact I could send you the mail addresses, but I don't want to publish them on this list open without the permission of their owners). Are these all security relevant patches since 2.5.5?


rpm -q --changelog shibboleth-sp

* Mo Dez 02 2019 k***
- remove fixing of the ownership of log files and the key as this
  allows shibd to escalate to root [bsc#1157471] [CVE-2019-19191]

* Di Nov 21 2017 k***
- add shibboleth-sp-2.5.5-CVE-2017-16852.patch to fix a critical
  security issue when shibsp/metadata/DynamicMetadataProvider.cpp
  in the Dynamic MetadataProvider plugin in Shibboleth Service
  Provider before 2.6.1 fails to properly configure itself with the
  MetadataFilter plugins and does not perform critical security
  checks [bsc#1068689] [CVE-2017-16852]

* Di Dez 06 2016 m2***
- buildrequire libmemcache-devel to ship the memcache-store plugin
  (fate#320800, bsc#1014173)

* Di Sep 08 2015 k***
- sync Apache:Shibboleth packages with SLE12SP1 [bnc#944796]

* Mi Aug 05 2015 m***
- Add gpg signature

* Do Jul 30 2015 k***
- fix some warnings
- add service as a separate file
- remove command line switches for conditional package builds
- remove *.dist files and unused *.config files
- remove unused conditionals
- move libraries to the subpackages

* Mo Jul 27 2015 k***
- use spec-cleaner
- package cleaning
- add shibboleth-sp-2.5.5-doxygen_timestamp.patch to remove
  timestamps in a documentation generated by Doxygen and avoid
  RPMLINT warnings (file-contains-date-and-time).
- add the macro %{realname} and change a name to "shibboleth-sp"
- fix Source address

* Fr Jul 24 2015 k***
- initial revision

More information about the users mailing list