-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 08 Sep 2013 10:51:03 -0700 Source: webauth Binary: libapache2-mod-webauth libapache2-mod-webauthldap libapache2-mod-webkdc libapache2-webauth libapache2-webkdc libwebauth-perl libwebauth10 libwebauth-dev libwebkdc-perl webauth-tests webauth-utils webauth-weblogin Architecture: source i386 all Version: 4.5.5-2 Distribution: unstable Urgency: low Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libapache2-mod-webauth - Apache module for WebAuth authentication libapache2-mod-webauthldap - Apache module for WebAuth LDAP lookup and authorization libapache2-mod-webkdc - Apache modules for a WebAuth authentication KDC libapache2-webauth - Transitional package for WebAuth Apache modules libapache2-webkdc - Transitional package for WebAuth authentication KDC libwebauth-dev - Development files for WebAuth authentication libwebauth-perl - Perl library for WebAuth authentication libwebauth10 - Shared libraries for WebAuth authentication libwebkdc-perl - Perl libraries for WebAuth central login server webauth-tests - Tests for the WebAuth authentication modules webauth-utils - Command-line utilities for WebAuth authentication webauth-weblogin - Central login server for WebAuth authentication Changes: webauth (4.5.5-2) unstable; urgency=low . * Upload to unstable. . webauth (4.5.5-1) experimental; urgency=low . * New upstream release. - Warn about mismatched webkdc-proxy tokens but no longer treat them as a fatal error. - Fix handling of non-password session factor requirements. - Improve handling of initial factor requirements when users have a way to establish initial credentials that don't include a password factor. - Improve handling of a Kerberos webkdc-proxy token requirement during a multifactor authentication. - Retry WebLogin posts to the WebKDC once to be more robust against interruptions by signals (such as from the FastCGI process manager). - Produce more succinct and hopefully better error messages when WebLogin cannot post to the WebKDC. - Ignore SIGPIPE signals in WebLogin scripts. - Require the return URL be absolute and not contain non-ASCII characters in mod_webkdc processing. - Fix WebLogin replay detection logic to not trigger on password changes. - Work around problems in WebLogin caused by the WebKDC returning error messages that contain undeclared non-UTF-8 characters in violation of the XML standard. - Improve error reporting of unparsable XML received by the WebLogin server from the WebKDC. - Fix logging of mod_webkdc <requestTokenRequest> failures. - Fix the prototype attributes for webauth_user_validate. - Log when mod_webkdc ignores expired tokens. - Display more correct errors after some failures during the second step of a multifactor authentication. - Correctly diagnose a missing service token in a WebLogin request and report the correct error instead of an internal error. - Make the version of all Perl modules match the WebAuth release. - Better error display for logins rejected by the user information service. - Better error display for multifactor authentication errors. - Rate limiting and replay detection are now also applied to the multifactor login page. - Fix replay detection by correcting choice of memcached keys. - Support staying on the code entry page after an error when using an SMS method for multifactor. Local template changes are required to take advantage of this feature. Checksums-Sha1: 30e8f18e1333fdf98b890d696c633bcf67f6ba45 2622 webauth_4.5.5-2.dsc 5a215baa8ed44f5f6a9111f76b4e1e3b9301ee2c 27840 webauth_4.5.5-2.debian.tar.xz 440f3515a4215239df138fd3adad0bd79c52803c 224884 libapache2-mod-webauth_4.5.5-2_i386.deb 0e4526c8d93a18a9222116e6a3279d222f29a04e 90702 libapache2-mod-webauthldap_4.5.5-2_i386.deb 36309ef5f152083895f42a6c974e5b3c1b86b1f1 110364 libapache2-mod-webkdc_4.5.5-2_i386.deb aad09605606f818ccf442727e22e067df2765c5c 52360 libapache2-webauth_4.5.5-2_all.deb 7ade57ccb0dfc142dcae511761c3363d838fcf76 51616 libapache2-webkdc_4.5.5-2_all.deb f9fb7c315ea406254f3edd2c6e521ee696a346f0 146320 libwebauth-perl_4.5.5-2_i386.deb 774337242658f07b7136c1f1e958d1dca124f5a1 84898 libwebauth10_4.5.5-2_i386.deb 6b3bc5d8192e2195ce026aa7ebbb4fa938dfcb7d 100706 libwebauth-dev_4.5.5-2_i386.deb 6093b01124a36701432881bce4390d992434f97b 120776 libwebkdc-perl_4.5.5-2_all.deb b2dd69059f649279137e40528ede93bd3c463aa0 62456 webauth-tests_4.5.5-2_all.deb b40f6cfe6ec01446e2a634345cbf62840a355949 60614 webauth-utils_4.5.5-2_i386.deb a7ee4d3cc18a4ab0d3c64c40d0216af644db1e2a 120926 webauth-weblogin_4.5.5-2_all.deb Checksums-Sha256: 36b81c79447c712bdff051a1fc02b697e1864e3597eb59d5705872ca74584991 2622 webauth_4.5.5-2.dsc d981bc12feae1c1a28d71b4dec4384f56275332d14763534cbf51933ee30b7ad 27840 webauth_4.5.5-2.debian.tar.xz f5f2809e9f372e8b66622475d35c13f68c61850174b6eea5f7e79db935cf578d 224884 libapache2-mod-webauth_4.5.5-2_i386.deb aada4fafb36c39a0bab57c01fc1cc0ab94854bd6b56f82bc529ca4538737de0c 90702 libapache2-mod-webauthldap_4.5.5-2_i386.deb 6143be73c7830eddddec6d7d2534d6a6e820cf26a8bf1cc812fb36fd4fbd11fd 110364 libapache2-mod-webkdc_4.5.5-2_i386.deb 5f61f62e758074fb0aa22a640b83efa70ba4f93c288e2ec0b2eacf4bc8c7f324 52360 libapache2-webauth_4.5.5-2_all.deb a6591bc14c1612150edcc3f0ae7a6b720a5af7ad3a1ce4ccda19b9fc2f8b7ee3 51616 libapache2-webkdc_4.5.5-2_all.deb 54e796e8de72e987af1ac1258f34c41723c30fe6e6cfca3ba1dafc4593439c69 146320 libwebauth-perl_4.5.5-2_i386.deb c1e1c0d64a20db7f222b9b5179d8957c926418bd448738489f7593ce97b84b65 84898 libwebauth10_4.5.5-2_i386.deb ae3f9423a9ad687fb20396186a565d8760c121c03ba47bd4cd544b8743c80742 100706 libwebauth-dev_4.5.5-2_i386.deb d7465ed6f5d7f9099a7590004f6977ccb0156b04b3bb226c582bf59d196477f3 120776 libwebkdc-perl_4.5.5-2_all.deb 169b5fc90592de2f4facec45903cf04fdefbb5ecf2607f4e1cd66589730d0a63 62456 webauth-tests_4.5.5-2_all.deb 07d2377814105b741cf9e62e56188dc87a562ce8cd3181f960126a6ecdc93361 60614 webauth-utils_4.5.5-2_i386.deb 808a2e368b036af8894e61d4fb13b3c940e6909a8addb70dbc7c09154de7eacd 120926 webauth-weblogin_4.5.5-2_all.deb Files: 5a48928414bec82a1d36c85e73ff4cf8 2622 web optional webauth_4.5.5-2.dsc 4c331226b4987a589ac6b603013614ee 27840 web optional webauth_4.5.5-2.debian.tar.xz b5415158020389c926f29e1a1430b621 224884 httpd optional libapache2-mod-webauth_4.5.5-2_i386.deb 7e156ef68fd3e33b73b8aff1f48940fd 90702 httpd optional libapache2-mod-webauthldap_4.5.5-2_i386.deb 6d181855982d60beab53db5a74fd8acc 110364 httpd optional libapache2-mod-webkdc_4.5.5-2_i386.deb aee34c74e3d33c4453f5f0639032a0f4 52360 oldlibs extra libapache2-webauth_4.5.5-2_all.deb 18bf82ba9b349d4a402e25f1d0fbfb0f 51616 oldlibs extra libapache2-webkdc_4.5.5-2_all.deb 72f3f0cb814c66fa0bfc3637dc233ede 146320 perl optional libwebauth-perl_4.5.5-2_i386.deb ce039c69e3e0fbac17f3e3a0823bc54b 84898 libs optional libwebauth10_4.5.5-2_i386.deb 0ba80f2b216f3559a4ee3ca7e7e9cfe1 100706 libdevel extra libwebauth-dev_4.5.5-2_i386.deb 6129d4988d6dcb9ea059a53f42adf838 120776 perl optional libwebkdc-perl_4.5.5-2_all.deb ad8469fd86b6a7eec3eb03b9f2f9fddc 62456 web optional webauth-tests_4.5.5-2_all.deb eb90d67fe92088ae9dea1ad3c5b0378b 60614 web optional webauth-utils_4.5.5-2_i386.deb 6abf46630ae3f522c309d1cf79fe725f 120926 web optional webauth-weblogin_4.5.5-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBCAAGBQJSLL0wAAoJEH2AMVxXNt51whIH/26ddMuKzwXX4CSKK8/wSuet Ati6KY2CrBvyKp4towkQe2YuSgTwP8y0FF/EYvYleERDK5kBIbOudf2LHa+tKzxV VD8TTWlvhq98BwzHK0iQma+k1buUjx4Cbzxc0v9BqENcYWvzALgE5unF1FKcAEBs mBkDTMSpOdWrVUFOZXp/gTHqe/gh4IV46HPYeZQHfjQIXFGCh4ludWEgTaxEgWQ4 P/dXdTnIALvWZVnParT2tG4+qkcxGLNloQMApMUMpXp9Hgr0VJQmHR2aByCh5kM6 XpTFvCQkG1jx2lXjV5iMo7h7aD3He2zkzPyw16K0DI9Ys0TM8A0v/wkNI4FBCKQ= =MP/5 -----END PGP SIGNATURE-----