Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
I would like to upload simplesamlphp/1.9.1-1: an upstream security release
that only fixes a security issue and adds some minor documentation fixes.
The debdiff is attached.
The security issue is described here:
http://www.nds.rub.de/research/publications/breaking-xml-encryption-pkcs15/
Please let me know if I can upload this to unstable so it will end up in
wheezy.
thanks,
Thijs
-- System Information:
Debian Release: 6.0.5
APT prefers stable
APT policy: (500, 'stable'), (400, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
diff -Nru simplesamlphp-1.9.0/debian/changelog simplesamlphp-1.9.1/debian/changelog
--- simplesamlphp-1.9.0/debian/changelog 2012-06-13 12:38:24.0 +0200
+++ simplesamlphp-1.9.1/debian/changelog 2012-08-06 14:58:01.0 +0200
@@ -1,3 +1,10 @@
+simplesamlphp (1.9.1-1) unstable; urgency=medium
+
+ * New upstream security release:
+Fix for an attack against PKCS 1.5 in XML encryption.
+
+ -- Thijs Kinkhorst th...@debian.org Mon, 06 Aug 2012 12:57:02 +
+
simplesamlphp (1.9.0-1) unstable; urgency=low
* New upstream release.
diff -Nru simplesamlphp-1.9.0/docs/simplesamlphp-changelog.txt simplesamlphp-1.9.1/docs/simplesamlphp-changelog.txt
--- simplesamlphp-1.9.0/docs/simplesamlphp-changelog.txt 2012-06-13 08:30:49.0 +0200
+++ simplesamlphp-1.9.1/docs/simplesamlphp-changelog.txt 2012-08-02 08:25:33.0 +0200
@@ -6,6 +6,12 @@
This document lists the changes between versions of simpleSAMLphp.
See the upgrade notes for specific information about upgrading.
+## Version 1.9.1
+
+Released 2012-08-02.
+
+ * Fix for a new attack against PKCS 1.5 in XML encryption.
+
## Version 1.9
Released 2012-06-13.
@@ -170,6 +176,7 @@
* Allow ISO8601 durations with subsecond precision.
* Add support for parsing and serializing the lt;mdrpi:PublicationInfo metadata extension.
* Ignore cacheDuration when validating metadata.
+ * Add support for the Holder-of-Key profile, on both the [SP](./simplesamlphp-hok-sp) and [IdP](./simplesamlphp-hok-idp).
* Better error handling when receiving a SAML 2.0 artifact from an unknown entity.
* Fix parsing of lt;md:AssertionIDRequestService metadata elements.
* IdP: Do not always trigger reauthentication when the authentication request contains a IdPList-element.
diff -Nru simplesamlphp-1.9.0/docs/simplesamlphp-reference-idp-hosted.txt simplesamlphp-1.9.1/docs/simplesamlphp-reference-idp-hosted.txt
--- simplesamlphp-1.9.0/docs/simplesamlphp-reference-idp-hosted.txt 2012-04-12 14:40:08.0 +0200
+++ simplesamlphp-1.9.1/docs/simplesamlphp-reference-idp-hosted.txt 2012-06-18 14:01:46.0 +0200
@@ -293,6 +293,16 @@
metadata overrides the one configured in the IdP metadata.
+Metadata extensions
+---
+
+SimpleSAMLphp supports generating metadata with the MDUI and EntityAttributes metadata extensions.
+See the documentation for those extensions for more details:
+
+ * [MDUI extension](./simplesamlphp-metadata-extensions-ui)
+ * [EntityAttributes](./simplesamlphp-metadata-extensions-attributes)
+
+
Examples
diff -Nru simplesamlphp-1.9.0/docs/simplesamlphp-ukaccess.txt simplesamlphp-1.9.1/docs/simplesamlphp-ukaccess.txt
--- simplesamlphp-1.9.0/docs/simplesamlphp-ukaccess.txt 2011-01-12 15:25:46.0 +0100
+++ simplesamlphp-1.9.1/docs/simplesamlphp-ukaccess.txt 2012-06-28 10:40:27.0 +0200
@@ -7,7 +7,7 @@
http://daringfireball.net/projects/markdown/syntax
--
- * Version: `$Id: simplesamlphp-ukaccess.txt 2711 2011-01-12 14:25:46Z olavmrk $`
+ * Version: `$Id: simplesamlphp-ukaccess.txt 3127 2012-06-28 08:40:27Z olavmrk $`
!-- {{TOC}} --
@@ -26,7 +26,7 @@
* [Service Provider QuickStart](simplesamlphp-sp)
* [Configuration Reference](./saml:sp)
-### Enablig a certificate for your Service Provider
+### Enabling a certificate for your Service Provider
UK Access Federation and InCommon probably requires that you enable a certificate for your SP. Other federations do not always require that you do.
@@ -51,7 +51,7 @@
Consuming Federation Metadata
-
-In order to enable the functionality to automatically download and parse metadata from a remtote URL, enable the `metarefresh` and `cron` modules:
+In order to enable the functionality to automatically download and parse metadata from a remote URL, enable the `metarefresh` and `cron` modules:
touch modules/metarefresh/enable
cp modules/metarefresh/config-templates/*.php config/
@@ -86,7 +86,7 @@
),
);
-The example above is from **UK Acces Federation**. If you instead would like to get metadata from **InCommon**, use the following URL and fingerprint:
+The example above is from **UK Access