Hi Joost,
Defintily helps a lot, thanks for the testing!
I've also set up a testing envioronment (two VMs, one as IDP, one as SP)
and also tested the areas where the patch touch the code and I think
everything is working fine, so I think the package is ready for LTS.
I'll finish testing and add some polish where required and will then do
the upload.
--
cheers,
tobi
On Fri, May 09, 2025 at 10:06:50AM +0200, Joost van Baal-Ilić wrote:
Hi Tobias,
I managed to perform a (somewhat shallow) test of https://people.debian.org/~tobi/simplesamlphp/simplesamlphp_1.19.0-1+deb11u2~_all.deb
; all results look good to me: I can do a saml login using that package. And the "SimpleSAMLphp installation page" looks good to me too.
Since I do have some test setup now (on a Debian 11 (bullseye) machine), I might be able to perform more tests. Let me know.
Anyway: hope this helps!
Bye,
Joost
On Sun, May 04, 2025 at 04:35:51PM +0200, Tobias Frost wrote:
Hi Joost,
If you'd like to test the simplesamlphp packages for bullsyes, I've prepared packages and placed them for your convenience here:
https://people.debian.org/~tobi/simplesamlphp/
--
Cheers,
tobi
On Mon, 28 Apr 2025 13:50:24 +0000 Tobias Frost <tobi@sviech.de> wrote:
Hi Joost,
I've been woking on simplesmalphp yesterday, and the current status of
my backport of the patch for CVE-2025-27773 is in the lts team repo [1]
[1]
https://salsa.debian.org/lts-team/packages/simplesamlphp/-/tree/debian/bullseye/
Help in testing the changes would be very helpful, so if you can
assist in testing the changes, this would be very appreciated.
Cheers,
tobi
"Joost van Baal-Ilić" joostvb+debian@uvt.nl – April 28, 2025 9:30 AM
Hi,
As you're probably aware, issue https://security-tracker.debian.org/tracker/CVE-2025-27773 has been
open since
March 11, 2025. Is anybody working on fixing this? I could probably
help out
with testing prereleases for Debian bullseye.
Thanks, Bye,
Joost
On Thu, Feb 06, 2025 at 11:56:41AM -0300, Santiago Ruano Rincón
wrote:
Control: User -1 debian-lts@lists.debian.org
Control: Usertag -1 + upstream-trixie
Hello Thijs and LTS team,
El 01/12/24 a las 17:38, Thijs Kinkhorst escribió:
Package: simplesamlphp
Severity: grave
Tags: trixie sid
The current package in testing and unstable is version 1.19.
Upstream no
longer supports this version. There's a 2.x series which should
be
packaged.
There are a number of changes required for packaging 2.x. Most
notably
the list of shipped modules is much smaller, which needs some consideration.
In any case Debian should not ship a 1.19 package in trixie,
hence
this bug which can be closed if a 2.x version is packaged at
some
point.
This is just a heads-up about the status of simplesamlphp in
trixie,
which is currently missing.
Thijs, could we interpret the above as you are OK with a "Team-
upload"
(as the package is in salsa.d.o/debian), or an NMU to package simplesamlphp 2.x?
Please, don't hesitate to tell me if that is wrong.
Someone from the LTS team, may be interested in contributing
(CC'ing
debian-lts).
Best regards,
--
✉ Joost van Baal-Ilić <joostvb@uvt.nl> ☎ (013-466-)3519 kamer G 231 ✉ TiU LIS Infra Unix <lis-unix@uvt.nl> irc://irc.uvt.nl/#infra 🌍 https://go.uvt.nl/unix
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)