Package: python-pysaml2 / 4.5.0-4+deb10u1

Metadata

Package Version Patches format
python-pysaml2 4.5.0-4+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
remove failing test.patch | (download)

tests/test_30_mdstore_old.py | 345 0 + 345 - 0 !
tests/test_41_response.py | 19 0 + 19 - 0 !
tests/test_83_md_extensions.py | 27 0 + 27 - 0 !
3 files changed, 391 deletions(-)

 remove failing test
remove network access test.patch | (download)

tests/test_30_mdstore.py | 19 0 + 19 - 0 !
1 file changed, 19 deletions(-)

 remove network access test
 This test is doing network access which is forbidden in Debian.
removed_failing_test_enc1.patch | (download)

tests/test_42_enc.py | 35 0 + 35 - 0 !
1 file changed, 35 deletions(-)

 removed failed test_enc1()
CVE 2017 1000246_Always_generate_a_random_IV_for_AES_operations.patch | (download)

src/saml2/aes.py | 32 11 + 21 - 0 !
src/saml2/authn.py | 2 1 + 1 - 0 !
src/saml2/server.py | 1 0 + 1 - 0 !
3 files changed, 12 insertions(+), 23 deletions(-)

 cve-2017-1000246: always generate a random iv for aes operations
CVE 2020 5390_Fix_XML_Signature_Wrapping_XSW_vulnerabilities.patch | (download)

src/saml2/sigver.py | 49 49 + 0 - 0 !
tests/saml2_response_xsw.xml | 6 6 + 0 - 0 !
tests/test_xsw.py | 44 44 + 0 - 0 !
3 files changed, 99 insertions(+)

 cve-2020-5390: fix xml signature wrapping (xsw) vulnerabilities
 PySAML2 did not check that the signature in a SAML document is enveloped and thus
 XML signature wrapping (XSW) was effective.
 .
remove broken test.patch | (download)

tests/test_82_pefim.py | 52 0 + 52 - 0 !
1 file changed, 52 deletions(-)

 remove broken test
 This test fails after 2020-11-28, and this date is included in the Buster
 lifecycle, so I'm just removing the test.
fix importing mock in py2.7.patch | (download)

tests/test_xsw.py | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 fix importing mock in python 2.7
remove test_switch_1.patch | (download)

tests/test_30_mdstore.py | 28 0 + 28 - 0 !
1 file changed, 28 deletions(-)

 remove test_switch_1
 Looks like this test is now broken, let's remove it.