Hi Tobias, I managed to perform a (somewhat shallow) test of https://people.debian.org/~tobi/simplesamlphp/simplesamlphp_1.19.0-1+deb11u2~_all.deb ; all results look good to me: I can do a saml login using that package. And the "SimpleSAMLphp installation page" looks good to me too.
Since I do have some test setup now (on a Debian 11 (bullseye) machine), I might be able to perform more tests. Let me know. Anyway: hope this helps! Bye, Joost On Sun, May 04, 2025 at 04:35:51PM +0200, Tobias Frost wrote: > Hi Joost, > > If you'd like to test the simplesamlphp packages for bullsyes, I've > prepared packages and placed them for your convenience here: > > https://people.debian.org/~tobi/simplesamlphp/ > > -- > Cheers, > tobi > > > On Mon, 28 Apr 2025 13:50:24 +0000 Tobias Frost <t...@sviech.de> wrote: > > Hi Joost, > > > > I've been woking on simplesmalphp yesterday, and the current status of > my backport of the patch for CVE-2025-27773 is in the lts team repo [1] > > > > [1] > https://salsa.debian.org/lts-team/packages/simplesamlphp/-/tree/debian/bullseye/ > > > > Help in testing the changes would be very helpful, so if you can > assist in testing the changes, this would be very appreciated. > > > > Cheers, > > tobi > > > > > > "Joost van Baal-Ilić" joostvb+deb...@uvt.nl – April 28, 2025 9:30 AM > > > Hi, > > > > > > As you're probably aware, issue > > > https://security-tracker.debian.org/tracker/CVE-2025-27773 has been > open since > > > March 11, 2025. Is anybody working on fixing this? I could probably > help out > > > with testing prereleases for Debian bullseye. > > > > > > Thanks, Bye, > > > > > > Joost > > > > > > > > > On Thu, Feb 06, 2025 at 11:56:41AM -0300, Santiago Ruano Rincón > wrote: > > > > Control: User -1 debian-...@lists.debian.org > > > > Control: Usertag -1 + upstream-trixie > > > > > > > > Hello Thijs and LTS team, > > > > > > > > El 01/12/24 a las 17:38, Thijs Kinkhorst escribió: > > > > > Package: simplesamlphp > > > > > Severity: grave > > > > > Tags: trixie sid > > > > > > > > > > The current package in testing and unstable is version 1.19. > Upstream no > > > > > longer supports this version. There's a 2.x series which should > be > > > > > packaged. > > > > > > > > > > There are a number of changes required for packaging 2.x. Most > notably > > > > > the list of shipped modules is much smaller, which needs some > > > > > consideration. > > > > > > > > > > In any case Debian should not ship a 1.19 package in trixie, > hence > > > > > this bug which can be closed if a 2.x version is packaged at > some > > > > > point. > > > > > > > > This is just a heads-up about the status of simplesamlphp in > trixie, > > > > which is currently missing. > > > > > > > > Thijs, could we interpret the above as you are OK with a "Team- > upload" > > > > (as the package is in salsa.d.o/debian), or an NMU to package > > > > simplesamlphp 2.x? > > > > Please, don't hesitate to tell me if that is wrong. > > > > > > > > Someone from the LTS team, may be interested in contributing > (CC'ing > > > > debian-lts). > > > > > > > > Best regards, -- ✉ Joost van Baal-Ilić <joos...@uvt.nl> ☎ (013-466-)3519 kamer G 231 ✉ TiU LIS Infra Unix <lis-u...@uvt.nl> irc://irc.uvt.nl/#infra 🌍 https://go.uvt.nl/unix
