File: changelog

package info (click to toggle)
simplesamlphp 1.13.1-2
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 11,092 kB
  • sloc: php: 65,106; xml: 629; python: 376; sh: 193; perl: 185; makefile: 43
file content (239 lines) | stat: -rw-r--r-- 8,107 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
 
simplesamlphp (1.13.1-2) unstable; urgency=medium

  * Add xmlc14n.patch fixing extreme resource consumption when processing
    large metadata files (closes: #772121).
    See: https://simplesamlphp.org/metaprocessing 

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 05 Dec 2014 10:13:00 +0000

simplesamlphp (1.13.1-1) unstable; urgency=medium

  * New upstream bugfix release.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 27 Oct 2014 19:23:35 +0000

simplesamlphp (1.13.0-1) unstable; urgency=medium

  * New upstream release.

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 25 Sep 2014 18:26:11 +0000

simplesamlphp (1.12.0-1) unstable; urgency=medium

  * New upstream release.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 24 Mar 2014 17:53:33 +0100

simplesamlphp (1.12.0~rc2-1) unstable; urgency=medium

  * New upstream release candidate.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 05 Mar 2014 14:18:31 +0100

simplesamlphp (1.12.0~rc1-1) unstable; urgency=medium

  * New upstream release candidate.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 26 Feb 2014 16:15:51 +0100

simplesamlphp (1.11.0-1) unstable; urgency=low

  * New upstream release.
  * Add php5-json to Recommends.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 05 Jun 2013 14:25:32 +0200

simplesamlphp (1.11.0~rc1-1) unstable; urgency=low

  * New upstream release candidate.
    - Sanitycheck now works out of the box (closes: #695147).

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 24 May 2013 16:12:45 +0200

simplesamlphp (1.10.0-1) unstable; urgency=low

  * New upstream release.
  * Update packaging to debhelper 9, policy 3.9.4.

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 04 Oct 2012 15:17:07 +0200

simplesamlphp (1.9.2-1) unstable; urgency=medium

  * New upstream security release:
    Fix possible issue in PKCS 1.5 encryption when a key is
    correctly decrypted but its length is not the one expected.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 29 Aug 2012 15:43:31 +0000

simplesamlphp (1.9.1-1) unstable; urgency=medium

  * New upstream security release:
    Fix for an attack against PKCS 1.5 in XML encryption.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 06 Aug 2012 12:57:02 +0000

simplesamlphp (1.9.0-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 13 Jun 2012 12:38:09 +0200

simplesamlphp (1.9.0~rc2-1) unstable; urgency=low

  * New upstream release candidate.

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 19 May 2012 16:00:48 +0200

simplesamlphp (1.9.0~rc1-1) unstable; urgency=low

  * New upstream release candidate.
    - Addresses PHP 5.4 compatibility (closes: #658875).
  * Update for Apache 2.4 (closes: #669795).
  * Checked for policy 3.9.3.

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 21 Apr 2012 17:13:15 +0200

simplesamlphp (1.8.2-1) unstable; urgency=high

  * New upstream release, fixes cross site scripting.
    [CVE-2012-0040 CVE-2012-0908]

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 11 Jan 2012 11:19:37 +0100

simplesamlphp (1.8.1-1) unstable; urgency=high

  * New upstream release. Fixes security issues:
    - It may be possible to use an SP as a oracle to decrypt
      encrypted messages sent to that SP. This is the attack
      described in the paper "How to break XML encryption":
      http://dx.doi.org/10.1145/2046707.2046756
    - It may be possible to use the SP as a key oracle which
      can be used to  forge messages from that SP by issuing
      300000-2000000 queries to the SP. This mainly affects
      SPs that use signed authentication requests. The attack
      is described in "Chosen Ciphertext Attacks Against
      Protocols Based on the RSA Encryption Standard PKCS #1.":
      http://www.iacr.org/cryptodb/data/paper.php?pubkey=1037

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 27 Oct 2011 14:19:20 +0200

simplesamlphp (1.8.0-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs@debian.org>  Mon, 11 Apr 2011 14:14:34 +0200

simplesamlphp (1.7.0-2) unstable; urgency=low

  * Install all config files that simpleSAMLphp ships in config/ under
    our /etc/simplesamlphp/ (closes: #610973).

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 08 Feb 2011 20:39:44 +0100

simplesamlphp (1.7.0-1) experimental; urgency=low

  * New upstream release.
  * Move php5-cli from depends to recommends (closes: #609256).
  * Install example apache.conf.
  * Remove obsolete /usr/share/doc/simplesamlphp/source/*.
  * Set default baseurlpath to 'simplesamlphp/'.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 11 Jan 2011 16:16:59 +0100

simplesamlphp (1.7.0~rc1-1) UNRELEASED; urgency=low

  * New upstream release candidate.

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 24 Dec 2010 16:52:56 +0100

simplesamlphp (1.6.3-1+uvt1) unstable; urgency=low

  * Apply disco_scope.patch: allow the scopedIDPlist to be passed in a
    POST request to avoid running into browser request length limitations.
    Needed for Confusa 0.7. Patch accepted upstream.

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 17 Dec 2010 14:26:05 +0100

simplesamlphp (1.6.3-1) unstable; urgency=high

  * New upstream release fixing XSS security bug.

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 17 Dec 2010 14:16:25 +0100

simplesamlphp (1.6.2-1) unstable; urgency=high

  * New upstream release.
  * Includes security fixes: XSS possible in certain circumstances.
  * Checked for policy 3.9.1, no changes necessary.

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 29 Jul 2010 14:47:21 +0200

simplesamlphp (1.6.1-1) unstable; urgency=low

  * New upstream release.
  * Remove version specifiers from dependencies where these are
    satisfied even in oldstable. Besides cleanup this solves an
    issue with php5-mhash, which is a virtual package in squeeze
    and up, and dependencies on virtual packages may not be
    versioned per Debian Policy.
  * Checked for policy 3.9.0, no changes necessary.
  * Install changelog in expected location.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 30 Jun 2010 18:38:40 +0200

simplesamlphp (1.6.0-1) unstable; urgency=low

  * New upstream release.
  * Initial Debian upload (closes: #557514).
  * Depend on php-openid and do not ship code contained theirin.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 01 Jun 2010 23:32:02 +0200

simplesamlphp (1.6.0~rc1-1) unstable; urgency=low

  * New upstream release candidate.
  * Make packaging conform better to Debian policy.
  * Switch to dpkg-source 3.0 (quilt) format.

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 25 May 2010 16:54:59 +0200

simplesamlphp (1.5.1-1) unstable; urgency=low

  * Fix security vulnerability due to insecure temp file creation:
  - statistics: The logcleaner script outputs to a file in /tmp.
  -  InfoCard: Saves state directly in /tmp. Changed to the simpleSAMLphp
     temp directory.
  - openidProvider: Default configuration saves state information in /tmp.
    Changed to '/var/lib/simplesamlphp-openid-provider'.
  - SAML 1 artifact support: Saves certificates temporarily in
    '/tmp/simplesaml', but directory creation was insecure.
 
  * statistics: Handle new year wraparound.
  * Dictionary updates.
  * Fix bridged logout.
  * Some documentation updates.
  * Fix all metadata to use assignments to arrays.
  * Fix $session->getIdP().
  * Support AuthnContextClassRef in saml-module.
  * Do not attempt to send logout request to an IdP that does not support
    logout.
  * LDAP: Disallow bind with empty password.
  * LDAP: Assume that LDAP_NO_SUCH_OBJECT is an error due to invalid
    username/password.
  * statistics: Fix configuration template.
  * Handle missing authority in idp-hosted metadata better.

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Mon, 11 Jan 2010 13:51:28 +0100

simplesamlphp (1.5.1~rc1-1) unstable; urgency=low

  * Include possibility to the Identity provider using session->getIdP()

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 04 Dec 2009 15:00:00 +0100

simplesamlphp (1.5.0~rc1-1) unstable; urgency=low

  * Move to new modularized SAML provider for authN

 -- Thomas Zangerl <tzangerl@pdc.kth.se>  Fri, 30 Oct 2009 11:21:04 +0100