python-pysaml2 (4.0.2-0ubuntu3.2) bionic-security; urgency=medium * SECURITY UPDATE: improper verification of cryptographic signature - debian/patches/CVE-2021-21239.patch: restrict the key data that xmlsec1 accepts to only x509 certs in src/saml2/sigver.py, tests/test_xmlsec1_key_data.py, tests/xmlsec1-keydata/signed-assertion-random-embedded-cert.xml, tests/xmlsec1-keydata/signed-assertion-with-hmac.xml, tests/xmlsec1-keydata/signed-response-with-hmac.xml. - CVE-2021-21239 * debian/patches/update-test-metadata-expiration.patch: update test metadata expiration date in tests/metadata.aaitest.xml. * debian/patches/update-test-metadata-expiration-2.patch: allow tests to pass after 2020 in tests/InCommon-metadata.xml, tests/metadata.xml, tests/swamid-2.0.xml, tests/vo_metadata.xml. -- Marc Deslauriers Tue, 22 Jun 2021 11:16:50 -0400 python-pysaml2 (4.0.2-0ubuntu3.1) bionic-security; urgency=medium * SECURITY UPDATE: Signature in SAML doc not checked properly - debian/patches/CVE-2020-5390.patch: fix XML signature wrapping (XSW) in src/saml2/sigver.py, tests/saml2_response_xsw.xml, tests/test_xsw.py. - CVE-2020-5390 * Fixing test_41_response - debian/patches/Fix-test-41-that-now-depend-on-acual-datetime.patch: Fix test that depended on actual datetime in tests/test_41_response.py. -- Leonidas S. Barbosa Mon, 20 Jan 2020 16:05:35 -0300 python-pysaml2 (4.0.2-0ubuntu3) bionic; urgency=medium * SECURITY UPDATE: Any password can be used if optimizations are enabled - debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due to optimizations in src/saml2/authn.py. - CVE-2017-1000433 * Add a fix patch for test_41_response - debian/patches/fix-test-41-response.patch -- Leonidas S. Barbosa Thu, 22 Feb 2018 11:20:28 -0300 python-pysaml2 (4.0.2-0ubuntu2) bionic; urgency=medium * d/p/skip-online-tests.patch: Skip misc tests that require open access to misc internet resources. -- James Page Wed, 15 Nov 2017 15:57:41 +0000 python-pysaml2 (4.0.2-0ubuntu1) bionic; urgency=medium * New upstream release. * d/rules,control: Add missing BD's on requests, defusedxml and mock, fix execution of unit tests under default py2/3. * d/p/fix-test-pathing.patch: Misc fixes for tests that fail due to expired test data and invalid relative pathing. -- James Page Wed, 15 Nov 2017 13:54:58 +0000 python-pysaml2 (3.0.0-3ubuntu2) artful; urgency=medium * SECURITY UPDATE: External Entity vulnerability - debian/patches/CVE-2016-10149.patch: fixes XXE issues in setupy.py, src/saml2/__init__.py, src/saml2/pack.py, src/saml2/soap.py, tests/test_03_saml2.py, tests/test_43_soap.py, tests/test_51_client.py. - CVE-2016-10149 * Some tests fails in upstream test suite. Adding the corresponding fix. - debian/patches/fix-tests.patch -- Leonidas S. Barbosa Tue, 22 Aug 2017 17:37:33 -0300 python-pysaml2 (3.0.0-3ubuntu1) xenial; urgency=low * Merge from Debian unstable. Remaining changes: - debian/control: Drop runtime dependencies on python{,3}-repoze.who back to a Suggests, remove BD. Depend on pymongo 3.0 and higher. - debian/patches/disable-repoze.who-tests.patch: Skip hard requirement on repoze.who and dependent tests, as repoze.who is unmaintained and out-of-date in Debian and Ubuntu. -- Łukasz 'sil2100' Zemczak Thu, 18 Feb 2016 12:53:50 +0100 python-pysaml2 (3.0.0-3) unstable; urgency=medium * override_dh_python3 to fix Py3 shebang. -- Thomas Goirand Fri, 23 Oct 2015 23:48:31 +0000 python-pysaml2 (3.0.0-2) unstable; urgency=medium * Uploading to unstable. -- Thomas Goirand Fri, 16 Oct 2015 10:34:56 +0000 python-pysaml2 (3.0.0-1) experimental; urgency=medium * New upstream release. * Added Python3 support. * Updated watch file to use github tag and not broken pypi. -- Thomas Goirand Fri, 31 Jul 2015 08:47:57 +0000 python-pysaml2 (2.4.0-2) unstable; urgency=medium * Makes build reproducible thanks to Juan Picca (Closes: #789751). -- Thomas Goirand Fri, 26 Jun 2015 15:41:09 +0200 python-pysaml2 (2.4.0-1) unstable; urgency=medium * New upstream release. * Dropped X-Python-Version: >= 2.7. * Standard-Versions: is now 3.9.6. * Also renames /usr/bin/merge_metadata.py as pysaml2-merge-metadata. -- Thomas Goirand Fri, 15 May 2015 17:48:07 +0200 python-pysaml2 (2.4.0-0ubuntu2) wily; urgency=medium * debian/control: - Depend on python-pymongo versions 3.0 and higher * debian/patches/fix-build-against-new-pymongo.patch: - Cherry-pick fix pysaml2 with python-pymongo 3.0 * debian/patches/fix-test-failures.patch: - Fix the newly failing test failures (LP: #1503698) -- Łukasz 'sil2100' Zemczak Thu, 08 Oct 2015 20:16:42 +0200 python-pysaml2 (2.4.0-0ubuntu1) vivid; urgency=medium * New upstream release, supporting MIR for keystone (LP: #1434526): - d/control: Drop runtime dependency on python-repoze.who back to a Suggests, remove BD. - d/p/disable-repoze.who-tests.patch: Skip hard requirement on repoze.who and dependent tests, as repoze.who is unmaintained and out-of-date in Debian and Ubuntu. - d/p/*: Drop all previous patches, no longer required. -- James Page Mon, 23 Mar 2015 13:33:26 +0000 python-pysaml2 (2.2.0-0ubuntu2) vivid; urgency=medium * d/p/disable-online-tests.patch: Disable tests that require access to online resources. -- James Page Thu, 08 Jan 2015 11:54:09 +0000 python-pysaml2 (2.2.0-0ubuntu1) vivid; urgency=medium * New upstream release. - d/control: Add python-pymongo to BD's. - d/p/disable-failing-tests.patch: Disable two tests that currently fail in the upstream code base. - d/p/fix-error-tests.patch: Fixup problems with lack of full_path use in some test cases. * d/watch: Fix parsing of pypi urls. -- James Page Thu, 08 Jan 2015 11:43:42 +0000 python-pysaml2 (2.0.0-1) unstable; urgency=medium * Initial release. (Closes: #760824) -- Thomas Goirand Mon, 08 Sep 2014 16:11:53 +0800