Bug#926162: marked as done (unblock: opensaml/3.0.1-1)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 02 Apr 2019 17:28:00 +0000
with message-id <03607093-bf4b-8049-3a10-42ac49d40c84@thykier.net>
and subject line Re: Bug#926162: unblock: opensaml/3.0.1-1
has caused the Debian Bug report #926162,
regarding unblock: opensaml/3.0.1-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
926162: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926162
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: opensaml/3.0.1-1
• From: Ferenc Wágner <wferi@debian.org>
• Date: Mon, 01 Apr 2019 13:07:05 +0200
• Message-id: <[🔎] 155411682586.2927.18332038511546383702.reportbug@lant.ki.iif.hu>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package opensaml

Dear Release Team,

To fix their latest security bug, Shibboleth upstream made a coordinated
patch release of the full stack, as usual.  You already unblocked the
critical part of this (xmltooling and shibboleth-sp) and they even
reached testing, so we're good.  OpenSAML, the middle component also
gained a small patch, and I'm asking you about that now.  It isn't
critical at all, just a tuning down of a handful or error messages to
warn level.  As upstream put it: "The goal of those changes was to reach
a state in which any ERROR in the log requires a necessary operational
response." I think eliminating this deviation would improve the
administration experience and the upstream support opportunities for the
users of buster, thus I ask you to consider accepting it.

The debdiff below does not convey properly how small this change really
is, because the current 3.0.0-2 package carries a forward ported
upstream patch CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch,
which was released with 3.0.1 and thus removed from the Debian patch
queue.  So the biggest part of this diff does not appear if you compare
the patched trees.

The result of dh_auto_test was ignored in 3.0.0-1 waiting for the above
patch, and that should have already been reverted in 3.0.0-2, because
all tests succeed again with the patch (I checked the buildd logs
manually now).  So they're safe to reenable and have no effect on the
binary packages.

Finally, the path change in HTTPMetadataProvider.xml fixes a unit test
which requires network access and is skipped during the package build
anyway.  (But also succeeds after the necessary URL configuration now.)

If you're fine with this, I'm ready to upload opensaml/3.0.1-1 to
unstable.

Thanks,
Feri.

diff -Nru opensaml-3.0.0/configure opensaml-3.0.1/configure
--- opensaml-3.0.0/configure	2018-07-10 03:09:31.000000000 +0200
+++ opensaml-3.0.1/configure	2019-03-08 16:01:45.000000000 +0100
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for opensaml 3.0.0.
+# Generated by GNU Autoconf 2.69 for opensaml 3.0.1.
 #
 # Report bugs to <https://issues.shibboleth.net/>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='opensaml'
 PACKAGE_TARNAME='opensaml'
-PACKAGE_VERSION='3.0.0'
-PACKAGE_STRING='opensaml 3.0.0'
+PACKAGE_VERSION='3.0.1'
+PACKAGE_STRING='opensaml 3.0.1'
 PACKAGE_BUGREPORT='https://issues.shibboleth.net/'
 PACKAGE_URL=''
 
@@ -1430,7 +1430,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures opensaml 3.0.0 to adapt to many kinds of systems.
+\`configure' configures opensaml 3.0.1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1500,7 +1500,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of opensaml 3.0.0:";;
+     short | recursive ) echo "Configuration of opensaml 3.0.1:";;
    esac
   cat <<\_ACEOF
 
@@ -1658,7 +1658,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-opensaml configure 3.0.0
+opensaml configure 3.0.1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2202,7 +2202,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by opensaml $as_me 3.0.0, which was
+It was created by opensaml $as_me 3.0.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3067,7 +3067,7 @@
 
 # Define the identity of the package.
  PACKAGE='opensaml'
- VERSION='3.0.0'
+ VERSION='3.0.1'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -21436,7 +21436,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by opensaml $as_me 3.0.0, which was
+This file was extended by opensaml $as_me 3.0.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -21502,7 +21502,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-opensaml config.status 3.0.0
+opensaml config.status 3.0.1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -Nru opensaml-3.0.0/configure.ac opensaml-3.0.1/configure.ac
--- opensaml-3.0.0/configure.ac	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/configure.ac	2019-02-21 21:05:56.000000000 +0100
@@ -1,5 +1,5 @@
 AC_PREREQ([2.50])
-AC_INIT([opensaml],[3.0.0],[https://issues.shibboleth.net/],[opensaml])
+AC_INIT([opensaml],[3.0.1],[https://issues.shibboleth.net/],[opensaml])
 AC_CONFIG_SRCDIR(saml)
 AC_CONFIG_AUX_DIR(build-aux)
 AC_CONFIG_MACRO_DIR(m4)
diff -Nru opensaml-3.0.0/config_win32.h opensaml-3.0.1/config_win32.h
--- opensaml-3.0.0/config_win32.h	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/config_win32.h	2019-02-21 21:06:18.000000000 +0100
@@ -81,13 +81,13 @@
 #define PACKAGE_NAME "opensaml"
 
 /* Define to the full name and version of this package. */
-#define PACKAGE_STRING "opensaml 3.0.0"
+#define PACKAGE_STRING "opensaml 3.0.1"
 
 /* Define to the one symbol short name of this package. */
 #define PACKAGE_TARNAME "opensaml"
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION "3.0.0"
+#define PACKAGE_VERSION "3.0.1"
 
 /* Define to the necessary symbol if this constant uses a non-standard name on
    your system. */
@@ -100,7 +100,7 @@
 /* #undef TM_IN_SYS_TIME */
 
 /* Version number of package */
-#define VERSION "3.0.0"
+#define VERSION "3.0.1"
 
 /* Define to empty if `const' does not conform to ANSI C. */
 /* #undef const */
diff -Nru opensaml-3.0.0/debian/changelog opensaml-3.0.1/debian/changelog
--- opensaml-3.0.0/debian/changelog	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/changelog	2019-03-16 20:36:55.000000000 +0100
@@ -1,3 +1,13 @@
+opensaml (3.0.1-1) unstable; urgency=medium
+
+  * [d1daef5] Revert "Temporarily ignore build test failures"
+  * [792ec83] New upstream release: 3.0.1
+  * [dd69be3] Delete released patch fixing the tests, refresh the rest
+  * [5ec41bf] Update Standards-Version to 4.3.0 (no changes required)
+  * [38ff832] Update library version number in Lintian override
+
+ -- Ferenc Wágner <wferi@debian.org>  Sat, 16 Mar 2019 20:36:55 +0100
+
 opensaml (3.0.0-2) unstable; urgency=medium
 
   * [eb1b88f] New patch: CPPOST-110 Rebenchmark tests with SHA256 disgest.
diff -Nru opensaml-3.0.0/debian/control opensaml-3.0.1/debian/control
--- opensaml-3.0.0/debian/control	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/control	2019-03-16 20:24:09.000000000 +0100
@@ -18,7 +18,7 @@
 Build-Depends-Indep:
  doxygen,
  graphviz,
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
 Homepage: https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
 Vcs-Git: https://salsa.debian.org/shib-team/opensaml2.git
 Vcs-Browser: https://salsa.debian.org/shib-team/opensaml2
diff -Nru opensaml-3.0.0/debian/libsaml10.lintian-overrides opensaml-3.0.1/debian/libsaml10.lintian-overrides
--- opensaml-3.0.0/debian/libsaml10.lintian-overrides	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/libsaml10.lintian-overrides	2019-03-16 20:36:41.000000000 +0100
@@ -1,4 +1,4 @@
 # See https://wiki.debian.org/UsingSymbolsFiles and follow to
 # https://www.eyrie.org/~eagle/journal/2012-02/001.html.
 # In short: symbols files are not worth providing for Shibboleth.
-no-symbols-control-file usr/lib/x86_64-linux-gnu/libsaml.so.10.0.0
+no-symbols-control-file usr/lib/x86_64-linux-gnu/libsaml.so.10.0.1
diff -Nru opensaml-3.0.0/debian/patches/CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch opensaml-3.0.1/debian/patches/CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch
--- opensaml-3.0.0/debian/patches/CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,182 +0,0 @@
-From: Rod Widdowson <rdw@steadingsoftware.com>
-Date: Fri, 10 Aug 2018 14:32:50 +0100
-Subject: CPPOST-110 Rebenchmark tests with SHA256 disgest
-
-https://issues.shibboleth.net/jira/browse/CPPOST-110
----
- samltest/data/signature/SAML1Assertion.xml | 16 ++++++----------
- samltest/data/signature/SAML1Request.xml   | 15 +++++++--------
- samltest/data/signature/SAML1Response.xml  | 28 ++++++++++++----------------
- samltest/data/signature/SAML2Assertion.xml | 16 +++++++---------
- 4 files changed, 32 insertions(+), 43 deletions(-)
-
-diff --git a/samltest/data/signature/SAML1Assertion.xml b/samltest/data/signature/SAML1Assertion.xml
-index 8e9f950..87edf51 100644
---- a/samltest/data/signature/SAML1Assertion.xml
-+++ b/samltest/data/signature/SAML1Assertion.xml
-@@ -1,8 +1,4 @@
--<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ident"
--IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer"
--MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z"
--AuthenticationMethod="method"
--><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
-+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z" AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -11,13 +7,13 @@ AuthenticationMethod="method"
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>j2GRm2UDOBvxwlzvX0fjXYeAGIA=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>wc8nsN/vydGVRrRESM4J9A/3wAy/oIWTmCaOtFJPk9c=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>AA5098JC4gfdAf2bvPQRZ9Ld/VehXAB3uhp0r4js4i6fMB3hGMs4VnE9iEJEsPDD
--0Kj4cfewxHij/kHrWcxpKMMqIgGlqKYZhuQHfFt8GzDeeFIgu1R675jcN4uCOoWl
--3aRVd9hgPRsXzf7/RkMiXHIsU/NjUPRKf7GjNt2jNT0=</ds:SignatureValue>
-+<ds:SignatureValue>S+dC36V+L4yYAOobK3LABIM8XmpCecuZx6xwmk4BMRinuUNCJpowt5YM7EGwY2lT
-+qpBp5A35/c60ShDSXlIthOP+0FvLp8uSMbw8QMnU2/wdLfFq/2imGYsjjt3IMw2s
-+A1BQ2l8hU8uPPNXXCOW6bO1MRPbwXM9Aaj6Jhr25e48=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-diff --git a/samltest/data/signature/SAML1Request.xml b/samltest/data/signature/SAML1Request.xml
-index 86dfe43..09f4c25 100644
---- a/samltest/data/signature/SAML1Request.xml
-+++ b/samltest/data/signature/SAML1Request.xml
-@@ -1,5 +1,4 @@
--<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z"
--MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
-+<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -8,13 +7,13 @@ MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>pqhIt8nUldh3KVL6IEewRxKXYhM=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>lPzigs+xAxljZ6FiItmyiMBZwBrFk9UM+FNk69PmrY0=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>UE5p832pLFYvMloRofN3y0rrFY7B8zOcF7+CHYyxFn6pqgPeEYGqkbUWlV15/tJ5
--wXJ3LiLQroYQI3XHPvKRSV4OtF9ZFm4QDK7RNd6gnUmHed6Zje//e6z2ekA0UzTl
--IeWCuD84mWemMJzRAhSFKcnqJDBHA61Krvg1kf/2c2E=</ds:SignatureValue>
-+<ds:SignatureValue>1VME3lZuPgLki6ly93Hg6x37dZJRI3jVOXTZPxbGWrlPeENHA+8E0hVUycQ2xJNv
-+TR/V+90WKaEv1LyF9o4oaLv7XLi8DwfXyQiDpCJ46oiSO9MxNcC4M8VaNmSkRVP6
-+otJ5PG+ac8Ydq7Ocru2nbJZ4p8XuzeFVeaWpzmzaq0k=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-@@ -29,4 +28,4 @@ cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
- gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
- LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
- gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
--</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:AuthenticationQuery AuthenticationMethod="method"><saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></samlp:AuthenticationQuery></samlp:Request>
-+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:AuthenticationQuery AuthenticationMethod="method"><saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></samlp:AuthenticationQuery></samlp:Request>
-\ No newline at end of file
-diff --git a/samltest/data/signature/SAML1Response.xml b/samltest/data/signature/SAML1Response.xml
-index 2ddcaa7..ff542b7 100644
---- a/samltest/data/signature/SAML1Response.xml
-+++ b/samltest/data/signature/SAML1Response.xml
-@@ -1,4 +1,4 @@
--<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:shib="urn:mace:shibboleth" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" ResponseID="rident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
-+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" ResponseID="rident" xmlns:shib="urn:mace:shibboleth"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -9,13 +9,13 @@
- <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="shib"/>
- </ds:Transform>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>9sBlLRUZWT199jgSaCfzqSRWMTc=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>/4Pgha71hsJVzrYT1Hy1x7l9m04kkQEnKhCyEMzwxUE=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>BpkmYve9GGRwMOUpRRnINKGhAK2mmZZSFFTImpxzD62++Kbzygg4+T6OP+5cs1BR
--wf/Ca+uuEHIeo/1MHpmqVASMfDPMY3L1M7JzZ+kAbmnywohhwtj7zMSQ8kOFRVDo
--mEbY9lFSfb7VRDMKWOGZPRAj7ezZdeXmGpdrHobrY5s=</ds:SignatureValue>
-+<ds:SignatureValue>Gt/2YBwmZY2J6Odf8VkYbRVlTwO3D+smn6zZ7YQMXtG2P1rEl+fQP+QSWaU6ZqA5
-+27Oad3MSe/T2BlMOHa7V90RNCkFTJHQa7fBK13+CPVkhmLfLuHhpy0sX89r22e0q
-+S7f1I27KSZq7BlHhzhBPDoFbXsdgNQFNjBG0RjVrqYU=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-@@ -30,11 +30,7 @@ cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
- gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
- LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
- gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
--</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode
--Value="samlp:Success"><samlp:StatusCode Value="shib:NoReally"/></samlp:StatusCode></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="aident"
--IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement
--AuthenticationInstant="1970-01-02T01:01:02.100Z"
--AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
-+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="samlp:Success"><samlp:StatusCode Value="shib:NoReally"/></samlp:StatusCode></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="aident" IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z" AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -43,13 +39,13 @@ AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>/owFROXYYru5+/j0TpHEz+hjXqY=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>9NYMsHLRPcafmjoRnggkvUuzMnFE9mzlWdLHzJL/y7Y=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>d4SsRgDSjboTRA2YUD68TPp+17AqRmxbY/LrWJhueIC/JY+Ct7+Fd6bugUXliIeD
--NVRDACsEB7PqYWZ99+Ecf8XAmQYCw5elj8mWxPp0o+UVHtBZOR2bC+/YjNitSM+x
--G/F3JgZqfunUcg7mcj6WEAUt4pjKhjaTY8Z7QJltdKc=</ds:SignatureValue>
-+<ds:SignatureValue>Fk4s35idW+0Vm/XfMgH+a04XqcrX4jiCYZ0aRdkKEpZcO75EetZxtuLdg8c57yO3
-+tCPzkDFRaeFzI23/SciGlk+nhl+s+5iNysFY/iEG174tzgFHtBbcEjGjw3c6YUd8
-+GmcaJ7cuV+iv8rCUpLu0NxQ9jSEOCshX5ZIKglddiMI=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-diff --git a/samltest/data/signature/SAML2Assertion.xml b/samltest/data/signature/SAML2Assertion.xml
-index 9f409c3..6e2d16a 100644
---- a/samltest/data/signature/SAML2Assertion.xml
-+++ b/samltest/data/signature/SAML2Assertion.xml
-@@ -1,5 +1,4 @@
--<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z"
--Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
-+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-@@ -8,13 +7,13 @@ Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://ww
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </ds:Transforms>
--<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
--<ds:DigestValue>8DSEsWJl4wOiwY15f7fAurDWpbo=</ds:DigestValue>
-+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-+<ds:DigestValue>AQGLm1KiW4D78s+fxQ2UPZHwwXR7CPKDIvkgzNDFzbU=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
--<ds:SignatureValue>zgKU42nQKyB9m8RkDz1I2r7h0N9pc5ys9kve7oN9/Dugrn583/3bMgQBfk1rw4Pq
--BfztAZNcf2lstzvgpVB9fVTsTUuEDtT0mhc+f5t8kbCkABGu0SrfCnDjbYpmEeLC
--j8rJO4aSZIV4tN21aAkQyys28l4oB3KGTTDASjEPVgQ=</ds:SignatureValue>
-+<ds:SignatureValue>jLLZZQ6cty2FcjsGn/zuzfjXQqyMNMkbdw+wJXXTS1YmnKVYtE9H7skjU9bcj4Lo
-+MpRXQlJLtX1sIgpTQS2pSh4kkwE+Z7yO/SDaM5qcVawH5zI3C03s3ty0xGQx9SzW
-+1TTK4vgfWLOh5NQzDt2WhZPGSS3H1hpxS+MlbnflPTU=</ds:SignatureValue>
- <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
- BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
- b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-@@ -29,5 +28,4 @@ cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
- gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
- LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
- gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
--</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement
--AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
-\ No newline at end of file
-+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
-\ No newline at end of file
diff -Nru opensaml-3.0.0/debian/patches/Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch opensaml-3.0.1/debian/patches/Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch
--- opensaml-3.0.0/debian/patches/Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch	2019-03-16 20:18:27.000000000 +0100
@@ -7,7 +7,7 @@
  1 file changed, 3 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 3031b8d..8d84fde 100644
+index fba976c..314f6ee 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -53,11 +53,8 @@ if test "$GCC" = "yes" ; then
diff -Nru opensaml-3.0.0/debian/patches/Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch opensaml-3.0.1/debian/patches/Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch
--- opensaml-3.0.0/debian/patches/Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch	2019-03-16 20:18:27.000000000 +0100
@@ -14,7 +14,7 @@
  4 files changed, 11 insertions(+), 25 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 08409f4..ed65267 100644
+index b804344..e311a4a 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -19,15 +19,12 @@ DX_PS_FEATURE(OFF)
@@ -70,7 +70,7 @@
  LT_INIT([disable-static])
  
 diff --git a/saml/Makefile.am b/saml/Makefile.am
-index 09457db..68be1f4 100644
+index 88276be..f7aa95c 100644
 --- a/saml/Makefile.am
 +++ b/saml/Makefile.am
 @@ -74,7 +74,7 @@ saml2bindinclude_HEADERS = \
@@ -82,7 +82,7 @@
  saml2mdinclude_HEADERS = \
  	saml2/metadata/AbstractMetadataProvider.h \
  	saml2/metadata/DiscoverableMetadataProvider.h \
-@@ -183,6 +183,7 @@ libsaml_la_LDFLAGS = -version-info 10:0:0
+@@ -183,6 +183,7 @@ libsaml_la_LDFLAGS = -version-info 10:1:0
  libsaml_la_CPPFLAGS = \
      $(BOOST_CPPFLAGS)
  libsaml_la_CXXFLAGS = \
diff -Nru opensaml-3.0.0/debian/patches/Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch opensaml-3.0.1/debian/patches/Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch
--- opensaml-3.0.0/debian/patches/Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch	2019-03-16 20:18:27.000000000 +0100
@@ -10,7 +10,7 @@
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 8d84fde..08409f4 100644
+index 314f6ee..b804344 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -4,8 +4,6 @@ AC_CONFIG_SRCDIR(saml)
diff -Nru opensaml-3.0.0/debian/patches/Remove-.pl-extension-of-cxxtestgen.patch opensaml-3.0.1/debian/patches/Remove-.pl-extension-of-cxxtestgen.patch
--- opensaml-3.0.0/debian/patches/Remove-.pl-extension-of-cxxtestgen.patch	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/Remove-.pl-extension-of-cxxtestgen.patch	2019-03-16 20:18:27.000000000 +0100
@@ -7,7 +7,7 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index c3842ba..3031b8d 100644
+index f052688..fba976c 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -101,7 +101,7 @@ AX_PKG_CHECK_MODULES([xmltooling],,[xmltooling >= 3])
diff -Nru opensaml-3.0.0/debian/patches/series opensaml-3.0.1/debian/patches/series
--- opensaml-3.0.0/debian/patches/series	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/patches/series	2019-03-16 20:18:27.000000000 +0100
@@ -2,5 +2,4 @@
 Current-AX_PTHREAD-knows-about-the-necessary-Solaris-defi.patch
 Initialize-Libtool-in-the-modern-way-and-after-the-compil.patch
 Don-t-change-the-C-XX-FLAGS-provided-by-the-user.patch
-CPPOST-110-Rebenchmark-tests-with-SHA256-disgest.patch
 testBadSig-requires-fresh-InCommon-metadata.patch
diff -Nru opensaml-3.0.0/debian/rules opensaml-3.0.1/debian/rules
--- opensaml-3.0.0/debian/rules	2018-11-25 11:26:24.000000000 +0100
+++ opensaml-3.0.1/debian/rules	2019-03-16 20:01:23.000000000 +0100
@@ -7,8 +7,7 @@
 	dh $@
 
 override_dh_auto_test:
-	# Test failures are expected in 3.0.0, see CPPOST-110
-	-dh_auto_test -- SAMLTEST_SKIP_NETWORKED=1
+	dh_auto_test -- SAMLTEST_SKIP_NETWORKED=1
 
 docdir = debian/tmp/usr/share/doc/opensaml-*
 override_dh_install:
diff -Nru opensaml-3.0.0/Makefile.in opensaml-3.0.1/Makefile.in
--- opensaml-3.0.0/Makefile.in	2018-07-10 03:09:33.000000000 +0200
+++ opensaml-3.0.1/Makefile.in	2019-03-08 16:01:44.000000000 +0100
@@ -232,7 +232,7 @@
 	$(top_srcdir)/build-aux/install-sh \
 	$(top_srcdir)/build-aux/ltmain.sh \
 	$(top_srcdir)/build-aux/missing build-aux/compile \
-	build-aux/config.guess build-aux/config.sub \
+	build-aux/config.guess build-aux/config.sub build-aux/depcomp \
 	build-aux/install-sh build-aux/ltmain.sh build-aux/missing
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
diff -Nru opensaml-3.0.0/opensaml.spec opensaml-3.0.1/opensaml.spec
--- opensaml-3.0.0/opensaml.spec	2018-07-10 03:10:00.000000000 +0200
+++ opensaml-3.0.1/opensaml.spec	2019-03-08 16:02:01.000000000 +0100
@@ -1,5 +1,5 @@
 Name:		opensaml
-Version:	3.0.0
+Version:	3.0.1
 Release:	1
 Summary:	OpenSAML SAML library
 Group:		Development/Libraries/C and C++
diff -Nru opensaml-3.0.0/saml/binding/impl/ClientCertAuthRule.cpp opensaml-3.0.1/saml/binding/impl/ClientCertAuthRule.cpp
--- opensaml-3.0.0/saml/binding/impl/ClientCertAuthRule.cpp	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/binding/impl/ClientCertAuthRule.cpp	2019-02-21 20:50:27.000000000 +0100
@@ -103,7 +103,7 @@
     if (!x509trust->validate(chain.front(), chain, *(policy.getMetadataProvider()), &cc)) {
         if (m_errorFatal)
             throw SecurityPolicyException("Client certificate supplied, but could not be verified.");
-        log.error("unable to verify certificate chain with supplied trust engine");
+        log.warn("unable to verify certificate chain with supplied trust engine");
         return false;
     }
     
diff -Nru opensaml-3.0.0/saml/binding/impl/MessageFlowRule.cpp opensaml-3.0.1/saml/binding/impl/MessageFlowRule.cpp
--- opensaml-3.0.0/saml/binding/impl/MessageFlowRule.cpp	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/binding/impl/MessageFlowRule.cpp	2019-02-21 20:45:47.000000000 +0100
@@ -85,12 +85,12 @@
     }
     else {
         if (issueInstant > now + skew) {
-            log.errorStream() << "rejected not-yet-valid message, timestamp (" << issueInstant <<
+            log.warnStream() << "rejected not-yet-valid message, timestamp (" << issueInstant <<
                 "), newest allowed (" << now + skew << ")" << logging::eol;
             throw SecurityPolicyException("Message rejected, was issued in the future.");
         }
         else if (issueInstant < now - skew - m_expires) {
-            log.errorStream() << "rejected expired message, timestamp (" << issueInstant <<
+            log.warnStream() << "rejected expired message, timestamp (" << issueInstant <<
                 "), oldest allowed (" << (now - skew - m_expires) << ")" << logging::eol;
             throw SecurityPolicyException("Message expired, was issued too long ago.");
         }
diff -Nru opensaml-3.0.0/saml/binding/impl/SimpleSigningRule.cpp opensaml-3.0.1/saml/binding/impl/SimpleSigningRule.cpp
--- opensaml-3.0.0/saml/binding/impl/SimpleSigningRule.cpp	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/binding/impl/SimpleSigningRule.cpp	2019-02-21 20:50:57.000000000 +0100
@@ -123,7 +123,7 @@
     
     const char* sigAlgorithm = request->getParameter("SigAlg");
     if (!sigAlgorithm) {
-        log.error("SigAlg parameter not found, no way to verify the signature");
+        log.warn("SigAlg parameter not found, no way to verify the signature");
         return false;
     }
 
@@ -214,7 +214,7 @@
     cc.setXMLAlgorithm(alg.get());
 
     if (!sigtrust->validate(alg.get(), signature, keyInfo, input.c_str(), input.length(), *(policy.getMetadataProvider()), &cc)) {
-        log.error("unable to verify message signature with supplied trust engine");
+        log.warn("unable to verify message signature with supplied trust engine");
         if (m_errorFatal)
             throw SecurityPolicyException("Message was signed, but signature could not be verified.");
         return false;
diff -Nru opensaml-3.0.0/saml/binding/impl/XMLSigningRule.cpp opensaml-3.0.1/saml/binding/impl/XMLSigningRule.cpp
--- opensaml-3.0.0/saml/binding/impl/XMLSigningRule.cpp	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/binding/impl/XMLSigningRule.cpp	2019-02-21 20:51:19.000000000 +0100
@@ -99,7 +99,7 @@
         sigval.validateSignature(*(signable->getSignature()));
     }
     catch (ValidationException& ve) {
-        log.error("signature profile failed to validate: %s", ve.what());
+        log.warn("signature profile failed to validate: %s", ve.what());
         if (m_errorFatal)
             throw;
         return false;
@@ -109,7 +109,7 @@
     MetadataCredentialCriteria cc(*(policy.getIssuerMetadata()));
 
     if (!sigtrust->validate(*(signable->getSignature()), *(policy.getMetadataProvider()), &cc)) {
-        log.error("unable to verify message signature with supplied trust engine");
+        log.warn("unable to verify message signature with supplied trust engine");
         if (m_errorFatal)
             throw SecurityPolicyException("Message was signed, but signature could not be verified.");
         return false;
diff -Nru opensaml-3.0.0/saml/Makefile.am opensaml-3.0.1/saml/Makefile.am
--- opensaml-3.0.0/saml/Makefile.am	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/Makefile.am	2019-02-21 21:07:18.000000000 +0100
@@ -179,7 +179,7 @@
 
 # this is different from the project version
 # http://sources.redhat.com/autobook/autobook/autobook_91.html
-libsaml_la_LDFLAGS = -version-info 10:0:0
+libsaml_la_LDFLAGS = -version-info 10:1:0
 libsaml_la_CPPFLAGS = \
     $(BOOST_CPPFLAGS)
 libsaml_la_CXXFLAGS = \
diff -Nru opensaml-3.0.0/saml/Makefile.in opensaml-3.0.1/saml/Makefile.in
--- opensaml-3.0.0/saml/Makefile.in	2018-07-10 03:09:33.000000000 +0200
+++ opensaml-3.0.1/saml/Makefile.in	2019-03-08 16:01:44.000000000 +0100
@@ -731,7 +731,7 @@
 
 # this is different from the project version
 # http://sources.redhat.com/autobook/autobook/autobook_91.html
-libsaml_la_LDFLAGS = -version-info 10:0:0
+libsaml_la_LDFLAGS = -version-info 10:1:0
 libsaml_la_CPPFLAGS = \
     $(BOOST_CPPFLAGS)
 
diff -Nru opensaml-3.0.0/saml/profile/impl/AudienceRestrictionRule.cpp opensaml-3.0.1/saml/profile/impl/AudienceRestrictionRule.cpp
--- opensaml-3.0.0/saml/profile/impl/AudienceRestrictionRule.cpp	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/profile/impl/AudienceRestrictionRule.cpp	2019-02-21 20:55:00.000000000 +0100
@@ -100,7 +100,7 @@
 
         ostringstream os;
         os << *ac2;
-        Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").error(
+        Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").warn(
             "unacceptable AudienceRestriction in assertion (%s)", os.str().c_str()
             );
         throw SecurityPolicyException("Assertion contains an unacceptable AudienceRestriction.");
@@ -129,7 +129,7 @@
 
         ostringstream os;
         os << *ac1;
-        Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").error(
+        Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.AudienceRestriction").warn(
             "unacceptable AudienceRestrictionCondition in assertion (%s)", os.str().c_str()
             );
         throw SecurityPolicyException("Assertion contains an unacceptable AudienceRestrictionCondition.");
diff -Nru opensaml-3.0.0/saml/saml2/profile/impl/BearerConfirmationRule.cpp opensaml-3.0.1/saml/saml2/profile/impl/BearerConfirmationRule.cpp
--- opensaml-3.0.0/saml/saml2/profile/impl/BearerConfirmationRule.cpp	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/saml2/profile/impl/BearerConfirmationRule.cpp	2019-02-21 20:53:28.000000000 +0100
@@ -139,7 +139,7 @@
         }
     }
 
-    log.error(msg ? msg : "no error message");
+    log.warn(msg ? msg : "no error message");
     if (m_fatal)
         throw SecurityPolicyException("Unable to locate satisfiable bearer SubjectConfirmation in assertion.");
     return false;
diff -Nru opensaml-3.0.0/saml/saml.rc opensaml-3.0.1/saml/saml.rc
--- opensaml-3.0.0/saml/saml.rc	2018-07-12 00:28:04.000000000 +0200
+++ opensaml-3.0.1/saml/saml.rc	2019-02-21 21:06:52.000000000 +0100
@@ -28,8 +28,8 @@
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,0,0,1
- PRODUCTVERSION 3,0,0,0
+ FILEVERSION 3,0,1,0
+ PRODUCTVERSION 3,0,1,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -47,13 +47,13 @@
             VALUE "Comments", "\0"
             VALUE "CompanyName", "Shibboleth Consortium\0"
             VALUE "FileDescription", "OpenSAML Library\0"
-            VALUE "FileVersion", "3, 0, 0, 1\0"
+            VALUE "FileVersion", "3, 0, 1, 0\0"
 #ifdef _DEBUG
             VALUE "InternalName", "saml3_0D\0"
 #else
             VALUE "InternalName", "saml3_0\0"
 #endif
-            VALUE "LegalCopyright", "Copyright © 2018 UCAID\0"
+            VALUE "LegalCopyright", "Copyright � 2018 UCAID\0"
             VALUE "LegalTrademarks", "\0"
 #ifdef _DEBUG
             VALUE "OriginalFilename", "saml3_0D.dll\0"
@@ -61,8 +61,8 @@
             VALUE "OriginalFilename", "saml3_0.dll\0"
 #endif
             VALUE "PrivateBuild", "\0"
-            VALUE "ProductName", "OpenSAML 3.0.0\0"
-            VALUE "ProductVersion", "3, 0, 0, 0\0"
+            VALUE "ProductName", "OpenSAML 3.0.1\0"
+            VALUE "ProductVersion", "3, 0, 1, 0\0"
             VALUE "SpecialBuild", "\0"
         END
     END
diff -Nru opensaml-3.0.0/saml/version.h opensaml-3.0.1/saml/version.h
--- opensaml-3.0.0/saml/version.h	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/saml/version.h	2019-02-21 21:07:05.000000000 +0100
@@ -44,7 +44,7 @@
 
 #define OPENSAML_VERSION_MAJOR 3
 #define OPENSAML_VERSION_MINOR 0
-#define OPENSAML_VERSION_REVISION 0
+#define OPENSAML_VERSION_REVISION 1
 
 /** DO NOT MODIFY BELOW THIS LINE */
 
diff -Nru opensaml-3.0.0/samlsign/samlsign.rc opensaml-3.0.1/samlsign/samlsign.rc
--- opensaml-3.0.0/samlsign/samlsign.rc	2018-07-10 03:09:09.000000000 +0200
+++ opensaml-3.0.1/samlsign/samlsign.rc	2019-02-21 21:08:26.000000000 +0100
@@ -28,8 +28,8 @@
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 2,7,0,0
- PRODUCTVERSION 2,7,0,0
+ FILEVERSION 3,0,1,0
+ PRODUCTVERSION 3,0,1,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -47,14 +47,14 @@
             VALUE "Comments", "\0"
             VALUE "CompanyName", "Shibboleth Consortium\0"
             VALUE "FileDescription", "OpenSAML Signature Utility\0"
-            VALUE "FileVersion", "2, 7, 0, 0\0"
+            VALUE "FileVersion", "3, 0, 1, 0\0"
             VALUE "InternalName", "samlsign\0"
-            VALUE "LegalCopyright", "Copyright © 2017 UCAID\0"
+            VALUE "LegalCopyright", "Copyright � 2018 UCAID\0"
             VALUE "LegalTrademarks", "\0"
             VALUE "OriginalFilename", "samlsign.exe\0"
             VALUE "PrivateBuild", "\0"
-            VALUE "ProductName", "OpenSAML 2.7.0\0"
-            VALUE "ProductVersion", "2, 7, 0, 0\0"
+            VALUE "ProductName", "OpenSAML 3.0.1\0"
+            VALUE "ProductVersion", "3, 0, 1, 0\0"
             VALUE "SpecialBuild", "\0"
         END
     END
diff -Nru opensaml-3.0.0/samltest/data/saml2/metadata/HTTPMetadataProvider.xml opensaml-3.0.1/samltest/data/saml2/metadata/HTTPMetadataProvider.xml
--- opensaml-3.0.0/samltest/data/saml2/metadata/HTTPMetadataProvider.xml	2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/saml2/metadata/HTTPMetadataProvider.xml	2018-11-01 15:09:08.000000000 +0100
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <MetadataProvider type="XML" url="http://URL.TO.EXAMPLE/ORG/InCommon-metadata.xml"; backingFilePath="../samltest/data/saml2/metadata/InCommon-metadata.xml.bck" validate="0">
-    <MetadataFilter type="Signature" certificate="../../../samltest/data/incommon.pem" />
+    <MetadataFilter type="Signature" certificate="../samltest/data/incommon.pem" />
 </MetadataProvider>
diff -Nru opensaml-3.0.0/samltest/data/signature/SAML1Assertion.xml opensaml-3.0.1/samltest/data/signature/SAML1Assertion.xml
--- opensaml-3.0.0/samltest/data/signature/SAML1Assertion.xml	2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/signature/SAML1Assertion.xml	2018-11-01 15:09:08.000000000 +0100
@@ -1,8 +1,4 @@
-<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ident"
-IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer"
-MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z"
-AuthenticationMethod="method"
-><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z" AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -11,13 +7,13 @@
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>j2GRm2UDOBvxwlzvX0fjXYeAGIA=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>wc8nsN/vydGVRrRESM4J9A/3wAy/oIWTmCaOtFJPk9c=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>AA5098JC4gfdAf2bvPQRZ9Ld/VehXAB3uhp0r4js4i6fMB3hGMs4VnE9iEJEsPDD
-0Kj4cfewxHij/kHrWcxpKMMqIgGlqKYZhuQHfFt8GzDeeFIgu1R675jcN4uCOoWl
-3aRVd9hgPRsXzf7/RkMiXHIsU/NjUPRKf7GjNt2jNT0=</ds:SignatureValue>
+<ds:SignatureValue>S+dC36V+L4yYAOobK3LABIM8XmpCecuZx6xwmk4BMRinuUNCJpowt5YM7EGwY2lT
+qpBp5A35/c60ShDSXlIthOP+0FvLp8uSMbw8QMnU2/wdLfFq/2imGYsjjt3IMw2s
+A1BQ2l8hU8uPPNXXCOW6bO1MRPbwXM9Aaj6Jhr25e48=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
diff -Nru opensaml-3.0.0/samltest/data/signature/SAML1Request.xml opensaml-3.0.1/samltest/data/signature/SAML1Request.xml
--- opensaml-3.0.0/samltest/data/signature/SAML1Request.xml	2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/signature/SAML1Request.xml	2018-11-01 15:09:08.000000000 +0100
@@ -1,5 +1,4 @@
-<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z"
-MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
+<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -8,13 +7,13 @@
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>pqhIt8nUldh3KVL6IEewRxKXYhM=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>lPzigs+xAxljZ6FiItmyiMBZwBrFk9UM+FNk69PmrY0=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>UE5p832pLFYvMloRofN3y0rrFY7B8zOcF7+CHYyxFn6pqgPeEYGqkbUWlV15/tJ5
-wXJ3LiLQroYQI3XHPvKRSV4OtF9ZFm4QDK7RNd6gnUmHed6Zje//e6z2ekA0UzTl
-IeWCuD84mWemMJzRAhSFKcnqJDBHA61Krvg1kf/2c2E=</ds:SignatureValue>
+<ds:SignatureValue>1VME3lZuPgLki6ly93Hg6x37dZJRI3jVOXTZPxbGWrlPeENHA+8E0hVUycQ2xJNv
+TR/V+90WKaEv1LyF9o4oaLv7XLi8DwfXyQiDpCJ46oiSO9MxNcC4M8VaNmSkRVP6
+otJ5PG+ac8Ydq7Ocru2nbJZ4p8XuzeFVeaWpzmzaq0k=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
@@ -29,4 +28,4 @@
 gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
 LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
 gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
-</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:AuthenticationQuery AuthenticationMethod="method"><saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></samlp:AuthenticationQuery></samlp:Request>
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:AuthenticationQuery AuthenticationMethod="method"><saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></samlp:AuthenticationQuery></samlp:Request>
\ No newline at end of file
diff -Nru opensaml-3.0.0/samltest/data/signature/SAML1Response.xml opensaml-3.0.1/samltest/data/signature/SAML1Response.xml
--- opensaml-3.0.0/samltest/data/signature/SAML1Response.xml	2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/signature/SAML1Response.xml	2018-11-01 15:09:08.000000000 +0100
@@ -1,4 +1,4 @@
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:shib="urn:mace:shibboleth" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" ResponseID="rident"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="1970-01-02T01:01:02.100Z" MajorVersion="1" MinorVersion="1" ResponseID="rident" xmlns:shib="urn:mace:shibboleth"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -9,13 +9,13 @@
 <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="shib"/>
 </ds:Transform>
 </ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>9sBlLRUZWT199jgSaCfzqSRWMTc=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>/4Pgha71hsJVzrYT1Hy1x7l9m04kkQEnKhCyEMzwxUE=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>BpkmYve9GGRwMOUpRRnINKGhAK2mmZZSFFTImpxzD62++Kbzygg4+T6OP+5cs1BR
-wf/Ca+uuEHIeo/1MHpmqVASMfDPMY3L1M7JzZ+kAbmnywohhwtj7zMSQ8kOFRVDo
-mEbY9lFSfb7VRDMKWOGZPRAj7ezZdeXmGpdrHobrY5s=</ds:SignatureValue>
+<ds:SignatureValue>Gt/2YBwmZY2J6Odf8VkYbRVlTwO3D+smn6zZ7YQMXtG2P1rEl+fQP+QSWaU6ZqA5
+27Oad3MSe/T2BlMOHa7V90RNCkFTJHQa7fBK13+CPVkhmLfLuHhpy0sX89r22e0q
+S7f1I27KSZq7BlHhzhBPDoFbXsdgNQFNjBG0RjVrqYU=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
@@ -30,11 +30,7 @@
 gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
 LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
 gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
-</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode
-Value="samlp:Success"><samlp:StatusCode Value="shib:NoReally"/></samlp:StatusCode></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="aident"
-IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement
-AuthenticationInstant="1970-01-02T01:01:02.100Z"
-AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="samlp:Success"><samlp:StatusCode Value="shib:NoReally"/></samlp:StatusCode></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="aident" IssueInstant="1970-01-02T01:01:02.100Z" Issuer="issuer" MajorVersion="1" MinorVersion="1"><saml:AuthenticationStatement AuthenticationInstant="1970-01-02T01:01:02.100Z" AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -43,13 +39,13 @@
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>/owFROXYYru5+/j0TpHEz+hjXqY=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>9NYMsHLRPcafmjoRnggkvUuzMnFE9mzlWdLHzJL/y7Y=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>d4SsRgDSjboTRA2YUD68TPp+17AqRmxbY/LrWJhueIC/JY+Ct7+Fd6bugUXliIeD
-NVRDACsEB7PqYWZ99+Ecf8XAmQYCw5elj8mWxPp0o+UVHtBZOR2bC+/YjNitSM+x
-G/F3JgZqfunUcg7mcj6WEAUt4pjKhjaTY8Z7QJltdKc=</ds:SignatureValue>
+<ds:SignatureValue>Fk4s35idW+0Vm/XfMgH+a04XqcrX4jiCYZ0aRdkKEpZcO75EetZxtuLdg8c57yO3
+tCPzkDFRaeFzI23/SciGlk+nhl+s+5iNysFY/iEG174tzgFHtBbcEjGjw3c6YUd8
+GmcaJ7cuV+iv8rCUpLu0NxQ9jSEOCshX5ZIKglddiMI=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
diff -Nru opensaml-3.0.0/samltest/data/signature/SAML2Assertion.xml opensaml-3.0.1/samltest/data/signature/SAML2Assertion.xml
--- opensaml-3.0.0/samltest/data/signature/SAML2Assertion.xml	2018-07-10 03:09:10.000000000 +0200
+++ opensaml-3.0.1/samltest/data/signature/SAML2Assertion.xml	2018-11-01 15:09:08.000000000 +0100
@@ -1,5 +1,4 @@
-<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z"
-Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
@@ -8,13 +7,13 @@
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>8DSEsWJl4wOiwY15f7fAurDWpbo=</ds:DigestValue>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>AQGLm1KiW4D78s+fxQ2UPZHwwXR7CPKDIvkgzNDFzbU=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>zgKU42nQKyB9m8RkDz1I2r7h0N9pc5ys9kve7oN9/Dugrn583/3bMgQBfk1rw4Pq
-BfztAZNcf2lstzvgpVB9fVTsTUuEDtT0mhc+f5t8kbCkABGu0SrfCnDjbYpmEeLC
-j8rJO4aSZIV4tN21aAkQyys28l4oB3KGTTDASjEPVgQ=</ds:SignatureValue>
+<ds:SignatureValue>jLLZZQ6cty2FcjsGn/zuzfjXQqyMNMkbdw+wJXXTS1YmnKVYtE9H7skjU9bcj4Lo
+MpRXQlJLtX1sIgpTQS2pSh4kkwE+Z7yO/SDaM5qcVawH5zI3C03s3ty0xGQx9SzW
+1TTK4vgfWLOh5NQzDt2WhZPGSS3H1hpxS+MlbnflPTU=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
@@ -29,5 +28,4 @@
 gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
 LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
 gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=
-</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement
-AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
\ No newline at end of file
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
\ No newline at end of file

unblock opensaml/3.0.1-1

--- End Message ---

--- Begin Message ---

• To: wferi@niif.hu, 926162-done@bugs.debian.org
• Subject: Re: Bug#926162: unblock: opensaml/3.0.1-1
• From: Niels Thykier <niels@thykier.net>
• Date: Tue, 02 Apr 2019 17:28:00 +0000
• Message-id: <03607093-bf4b-8049-3a10-42ac49d40c84@thykier.net>
• In-reply-to: <[🔎] 87h8bghpgk.fsf@lant.ki.iif.hu>
• References: <[🔎] 155411682586.2927.18332038511546383702.reportbug@lant.ki.iif.hu> <[🔎] e58ad2ea-52e7-d02f-3a6e-0faea0545081@thykier.net> <[🔎] 155411682586.2927.18332038511546383702.reportbug@lant.ki.iif.hu> <[🔎] 87h8bghpgk.fsf@lant.ki.iif.hu>

wferi@niif.hu:
> Control: tags -1 - moreinfo
> 
> Niels Thykier <niels@thykier.net> writes:
> 
>> Please go ahead with the upload and remove the moreinfo tag when it is
>> ready for unblocking.
> 
> Hi, opensaml 3.0.1-1 is already in unstable, ready for unblocking.
> 

Unblocked, thanks.
~Niels

--- End Message ---