Bug#684045: pre-approval simplesamlphp/1.9.1-1

2012-08-08 Thread Thijs Kinkhorst 
On Wed, August 8, 2012 01:15, Cyril Brulebois wrote:
 Thijs Kinkhorst th...@debian.org (07/08/2012):
 On Tue, August 7, 2012 01:44, Cyril Brulebois wrote:
  while I have only glanced at it, that doesn't look bad at all,
  please go ahead and ping us once it's accepted.

 It has now been accepted.

 Thanks. Now that I have a little more time, finally looking at it for
 real.

 OK for doc changes, and $Id$ noise (…).

 I think I can see what the key dance part of the patch does, too.

 That is totally obscure to me though:
 - if (!$newDoc-loadXML($xml)) {
 + if (!@$newDoc-loadXML($xml)) {

 What does that do? Fix a bug, silence a language warning, or anything
 else?

It silences a language warning: if the loadXML call fails the interpreter
would output a warning, but this is handled more gracefully already by
throwing an exception straight below it.


Cheers,
Thijs


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684045: pre-approval simplesamlphp/1.9.1-1

2012-08-07 Thread Thijs Kinkhorst 
On Tue, August 7, 2012 01:44, Cyril Brulebois wrote:
 Hello Thijs,

 Thijs Kinkhorst th...@debian.org (06/08/2012):
 I would like to upload simplesamlphp/1.9.1-1: an upstream security
 release that only fixes a security issue and adds some minor
 documentation fixes.  The debdiff is attached.

 while I have only glanced at it, that doesn't look bad at all, please go
 ahead and ping us once it's accepted.

It has now been accepted.

Thanks,
Thijs


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684045: pre-approval simplesamlphp/1.9.1-1

2012-08-07 Thread Cyril Brulebois 
Thijs Kinkhorst th...@debian.org (07/08/2012):
 On Tue, August 7, 2012 01:44, Cyril Brulebois wrote:
  while I have only glanced at it, that doesn't look bad at all,
  please go ahead and ping us once it's accepted.
 
 It has now been accepted.

Thanks. Now that I have a little more time, finally looking at it for
real.

OK for doc changes, and $Id$ noise (…).

I think I can see what the key dance part of the patch does, too.

That is totally obscure to me though:
- if (!$newDoc-loadXML($xml)) {
+ if (!@$newDoc-loadXML($xml)) {

What does that do? Fix a bug, silence a language warning, or anything
else?

Mraw,
KiBi.


signature.asc
Description: Digital signature

Bug#684045: pre-approval simplesamlphp/1.9.1-1

2012-08-06 Thread Thijs Kinkhorst 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

I would like to upload simplesamlphp/1.9.1-1: an upstream security release
that only fixes a security issue and adds some minor documentation fixes.
The debdiff is attached.

The security issue is described here:
http://www.nds.rub.de/research/publications/breaking-xml-encryption-pkcs15/

Please let me know if I can upload this to unstable so it will end up in
wheezy.


thanks,
Thijs

-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (500, 'stable'), (400, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
diff -Nru simplesamlphp-1.9.0/debian/changelog simplesamlphp-1.9.1/debian/changelog
--- simplesamlphp-1.9.0/debian/changelog	2012-06-13 12:38:24.0 +0200
+++ simplesamlphp-1.9.1/debian/changelog	2012-08-06 14:58:01.0 +0200
@@ -1,3 +1,10 @@
+simplesamlphp (1.9.1-1) unstable; urgency=medium
+
+  * New upstream security release:
+Fix for an attack against PKCS 1.5 in XML encryption.
+
+ -- Thijs Kinkhorst th...@debian.org  Mon, 06 Aug 2012 12:57:02 +
+
 simplesamlphp (1.9.0-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru simplesamlphp-1.9.0/docs/simplesamlphp-changelog.txt simplesamlphp-1.9.1/docs/simplesamlphp-changelog.txt
--- simplesamlphp-1.9.0/docs/simplesamlphp-changelog.txt	2012-06-13 08:30:49.0 +0200
+++ simplesamlphp-1.9.1/docs/simplesamlphp-changelog.txt	2012-08-02 08:25:33.0 +0200
@@ -6,6 +6,12 @@
 This document lists the changes between versions of simpleSAMLphp.
 See the upgrade notes for specific information about upgrading.
 
+## Version 1.9.1
+
+Released 2012-08-02.
+
+  * Fix for a new attack against PKCS 1.5 in XML encryption.
+
 ## Version 1.9
 
 Released 2012-06-13.
@@ -170,6 +176,7 @@
   * Allow ISO8601 durations with subsecond precision.
   * Add support for parsing and serializing the lt;mdrpi:PublicationInfo metadata extension.
   * Ignore cacheDuration when validating metadata.
+  * Add support for the Holder-of-Key profile, on both the [SP](./simplesamlphp-hok-sp) and [IdP](./simplesamlphp-hok-idp).
   * Better error handling when receiving a SAML 2.0 artifact from an unknown entity.
   * Fix parsing of lt;md:AssertionIDRequestService metadata elements.
   * IdP: Do not always trigger reauthentication when the authentication request contains a IdPList-element.
diff -Nru simplesamlphp-1.9.0/docs/simplesamlphp-reference-idp-hosted.txt simplesamlphp-1.9.1/docs/simplesamlphp-reference-idp-hosted.txt
--- simplesamlphp-1.9.0/docs/simplesamlphp-reference-idp-hosted.txt	2012-04-12 14:40:08.0 +0200
+++ simplesamlphp-1.9.1/docs/simplesamlphp-reference-idp-hosted.txt	2012-06-18 14:01:46.0 +0200
@@ -293,6 +293,16 @@
 metadata overrides the one configured in the IdP metadata.
 
 
+Metadata extensions
+---
+
+SimpleSAMLphp supports generating metadata with the MDUI and EntityAttributes metadata extensions.
+See the documentation for those extensions for more details:
+
+  * [MDUI extension](./simplesamlphp-metadata-extensions-ui)
+  * [EntityAttributes](./simplesamlphp-metadata-extensions-attributes)
+
+
 Examples
 
 
diff -Nru simplesamlphp-1.9.0/docs/simplesamlphp-ukaccess.txt simplesamlphp-1.9.1/docs/simplesamlphp-ukaccess.txt
--- simplesamlphp-1.9.0/docs/simplesamlphp-ukaccess.txt	2011-01-12 15:25:46.0 +0100
+++ simplesamlphp-1.9.1/docs/simplesamlphp-ukaccess.txt	2012-06-28 10:40:27.0 +0200
@@ -7,7 +7,7 @@
 	http://daringfireball.net/projects/markdown/syntax
 --
 
-  * Version: `$Id: simplesamlphp-ukaccess.txt 2711 2011-01-12 14:25:46Z olavmrk $`
+  * Version: `$Id: simplesamlphp-ukaccess.txt 3127 2012-06-28 08:40:27Z olavmrk $`
 
 !-- {{TOC}} --
 
@@ -26,7 +26,7 @@
   * [Service Provider QuickStart](simplesamlphp-sp)
   * [Configuration Reference](./saml:sp)
 
-### Enablig a certificate for your Service Provider
+### Enabling a certificate for your Service Provider
 
 UK Access Federation and InCommon probably requires that you enable a certificate for your SP. Other federations do not always require that you do.
 
@@ -51,7 +51,7 @@
 Consuming Federation Metadata
 -
 
-In order to enable the functionality to automatically download and parse metadata from a remtote URL, enable the `metarefresh` and `cron` modules:
+In order to enable the functionality to automatically download and parse metadata from a remote URL, enable the `metarefresh` and `cron` modules:
 
 	touch modules/metarefresh/enable
 	cp modules/metarefresh/config-templates/*.php config/
@@ -86,7 +86,7 @@
 		),
 	);
 
-The example above is from **UK Acces Federation**. If you instead would like to get metadata from **InCommon**, use the following URL and fingerprint:
+The example above is from **UK Access

Bug#684045: pre-approval simplesamlphp/1.9.1-1

2012-08-06 Thread Cyril Brulebois 
Hello Thijs,

Thijs Kinkhorst th...@debian.org (06/08/2012):
 I would like to upload simplesamlphp/1.9.1-1: an upstream security
 release that only fixes a security issue and adds some minor
 documentation fixes.  The debdiff is attached.

while I have only glanced at it, that doesn't look bad at all, please go
ahead and ping us once it's accepted.

Mraw,
KiBi.


signature.asc
Description: Digital signature