Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package simplesamlphp. This version adds a single patch to address extreme memory consumption when processing large XML files. This has become a significant real world problem because recently many federations have been publishing more entities to e.g. the eduGAIN feed. (Debian bug #772121) The patch is from upstream and has been tested for a few years already at different sites, and part of upstream release 1.13.2 released a month ago with many relieved user reports and no bugs found. unblock simplesamlphp/1.13.1-2 Thanks, Thijs
diff -Nru simplesamlphp-1.13.1/debian/changelog simplesamlphp-1.13.1/debian/changelog --- simplesamlphp-1.13.1/debian/changelog 2014-10-27 19:23:50.000000000 +0000 +++ simplesamlphp-1.13.1/debian/changelog 2014-12-05 10:14:08.000000000 +0000 @@ -1,3 +1,11 @@ +simplesamlphp (1.13.1-2) unstable; urgency=medium + + * Add xmlc14n.patch fixing extreme resource consumption when processing + large metadata files (closes: #772121). + See: https://simplesamlphp.org/metaprocessing + + -- Thijs Kinkhorst <[email protected]> Fri, 05 Dec 2014 10:13:00 +0000 + simplesamlphp (1.13.1-1) unstable; urgency=medium * New upstream bugfix release. diff -Nru simplesamlphp-1.13.1/debian/patches/series simplesamlphp-1.13.1/debian/patches/series --- simplesamlphp-1.13.1/debian/patches/series 2014-08-18 09:11:23.000000000 +0000 +++ simplesamlphp-1.13.1/debian/patches/series 2014-12-05 10:12:56.000000000 +0000 @@ -1 +1,2 @@ debian_config.patch +xmlc14n.patch diff -Nru simplesamlphp-1.13.1/debian/patches/xmlc14n.patch simplesamlphp-1.13.1/debian/patches/xmlc14n.patch --- simplesamlphp-1.13.1/debian/patches/xmlc14n.patch 1970-01-01 00:00:00.000000000 +0000 +++ simplesamlphp-1.13.1/debian/patches/xmlc14n.patch 2014-12-05 10:12:47.000000000 +0000 @@ -0,0 +1,24 @@ +Subject: Add a workaround to canonicalization to address performance + problems in PHP >= 5.2. + https://bugs.php.net/bug.php?id=53655 + https://simplesamlphp.org/metaprocessing +Origin: upstream release 1.13.2 +Bug-Debian: http://bugs.debian.org/772121 + +diff --git a/xmlseclibs.php b/xmlseclibs.php +index 76a14e3..5fc561e 100644 +--- a/vendor/robrichards/xmlseclibs/xmlseclibs.php ++++ b/vendor/robrichards/xmlseclibs/xmlseclibs.php +@@ -792,7 +792,11 @@ private function canonicalizeData($node, $canonicalmethod, $arXPath=NULL, $prefi + } + return C14NGeneral($node, $exclusive, $withComments); + } +- return $node->C14N($exclusive, $withComments, $arXPath, $prefixList); ++ $element = $node; ++ if ($node instanceof DOMNode && $node->ownerDocument !== NULL && $node->isSameNode($node->ownerDocument->documentElement)) { ++ $element = $node->ownerDocument; ++ } ++ return $element->C14N($exclusive, $withComments, $arXPath, $prefixList); + } + + public function canonicalizeSignedInfo() {
