simplesamlphp (1.6.3-1) unstable; urgency=high

  * New upstream release fixing XSS security bug.

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 17 Dec 2010 14:16:25 +0100

simplesamlphp (1.6.2-1) unstable; urgency=high

  * New upstream release.
  * Includes security fixes: XSS possible in certain circumstances.
  * Checked for policy 3.9.1, no changes necessary.

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 29 Jul 2010 14:47:21 +0200

simplesamlphp (1.6.1-1) unstable; urgency=low

  * New upstream release.
  * Remove version specifiers from dependencies where these are
    satisfied even in oldstable. Besides cleanup this solves an
    issue with php5-mhash, which is a virtual package in squeeze
    and up, and dependencies on virtual packages may not be
    versioned per Debian Policy.
  * Checked for policy 3.9.0, no changes necessary.
  * Install changelog in expected location.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 30 Jun 2010 18:38:40 +0200

simplesamlphp (1.6.0-1) unstable; urgency=low

  * New upstream release.
  * Initial Debian upload (closes: #557514).
  * Depend on php-openid and do not ship code contained theirin.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 01 Jun 2010 23:32:02 +0200

simplesamlphp (1.6.0~rc1-1) unstable; urgency=low

  * New upstream release candidate.
  * Make packaging conform better to Debian policy.
  * Switch to dpkg-source 3.0 (quilt) format.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 25 May 2010 16:54:59 +0200

simplesamlphp (1.5.1-1) unstable; urgency=low

  * Fix security vulnerability due to insecure temp file creation:
  - statistics: The logcleaner script outputs to a file in /tmp.
  -  InfoCard: Saves state directly in /tmp. Changed to the simpleSAMLphp
     temp directory.
  - openidProvider: Default configuration saves state information in /tmp.
    Changed to '/var/lib/simplesamlphp-openid-provider'.
  - SAML 1 artifact support: Saves certificates temporarily in
    '/tmp/simplesaml', but directory creation was insecure.
 
  * statistics: Handle new year wraparound.
  * Dictionary updates.
  * Fix bridged logout.
  * Some documentation updates.
  * Fix all metadata to use assignments to arrays.
  * Fix $session->getIdP().
  * Support AuthnContextClassRef in saml-module.
  * Do not attempt to send logout request to an IdP that does not support
    logout.
  * LDAP: Disallow bind with empty password.
  * LDAP: Assume that LDAP_NO_SUCH_OBJECT is an error due to invalid
    username/password.
  * statistics: Fix configuration template.
  * Handle missing authority in idp-hosted metadata better.

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Mon, 11 Jan 2010 13:51:28 +0100

simplesamlphp (1.5.1~rc1-1) unstable; urgency=low

  * Include possibility to the Identity provider using session->getIdP()

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 04 Dec 2009 15:00:00 +0100

simplesamlphp (1.5.0~rc1-1) unstable; urgency=low

  * Move to new modularized SAML provider for authN

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 30 Oct 2009 11:21:04 +0100

