Hi Joost, Defintily helps a lot, thanks for the testing!
I've also set up a testing envioronment (two VMs, one as IDP, one as SP) and also tested the areas where the patch touch the code and I think everything is working fine, so I think the package is ready for LTS. I'll finish testing and add some polish where required and will then do the upload. -- cheers, tobi On Fri, May 09, 2025 at 10:06:50AM +0200, Joost van Baal-Ilić wrote: > Hi Tobias, > > I managed to perform a (somewhat shallow) test of > https://people.debian.org/~tobi/simplesamlphp/simplesamlphp_1.19.0-1+deb11u2~_all.deb > ; all results look good to me: I can do a saml login using that package. And > the "SimpleSAMLphp installation page" looks good to me too. > > Since I do have some test setup now (on a Debian 11 (bullseye) machine), I > might be able to perform more tests. Let me know. > > Anyway: hope this helps! > > Bye, > > Joost > > > On Sun, May 04, 2025 at 04:35:51PM +0200, Tobias Frost wrote: > > Hi Joost, > > > > If you'd like to test the simplesamlphp packages for bullsyes, I've > > prepared packages and placed them for your convenience here: > > > > https://people.debian.org/~tobi/simplesamlphp/ > > > > -- > > Cheers, > > tobi > > > > > > On Mon, 28 Apr 2025 13:50:24 +0000 Tobias Frost <t...@sviech.de> wrote: > > > Hi Joost, > > > > > > I've been woking on simplesmalphp yesterday, and the current status of > > my backport of the patch for CVE-2025-27773 is in the lts team repo [1] > > > > > > [1] > > https://salsa.debian.org/lts-team/packages/simplesamlphp/-/tree/debian/bullseye/ > > > > > > Help in testing the changes would be very helpful, so if you can > > assist in testing the changes, this would be very appreciated. > > > > > > Cheers, > > > tobi > > > > > > > > > "Joost van Baal-Ilić" joostvb+deb...@uvt.nl – April 28, 2025 9:30 AM > > > > Hi, > > > > > > > > As you're probably aware, issue > > > > https://security-tracker.debian.org/tracker/CVE-2025-27773 has been > > open since > > > > March 11, 2025. Is anybody working on fixing this? I could probably > > help out > > > > with testing prereleases for Debian bullseye. > > > > > > > > Thanks, Bye, > > > > > > > > Joost > > > > > > > > > > > > On Thu, Feb 06, 2025 at 11:56:41AM -0300, Santiago Ruano Rincón > > wrote: > > > > > Control: User -1 debian-...@lists.debian.org > > > > > Control: Usertag -1 + upstream-trixie > > > > > > > > > > Hello Thijs and LTS team, > > > > > > > > > > El 01/12/24 a las 17:38, Thijs Kinkhorst escribió: > > > > > > Package: simplesamlphp > > > > > > Severity: grave > > > > > > Tags: trixie sid > > > > > > > > > > > > The current package in testing and unstable is version 1.19. > > Upstream no > > > > > > longer supports this version. There's a 2.x series which should > > be > > > > > > packaged. > > > > > > > > > > > > There are a number of changes required for packaging 2.x. Most > > notably > > > > > > the list of shipped modules is much smaller, which needs some > > > > > > consideration. > > > > > > > > > > > > In any case Debian should not ship a 1.19 package in trixie, > > hence > > > > > > this bug which can be closed if a 2.x version is packaged at > > some > > > > > > point. > > > > > > > > > > This is just a heads-up about the status of simplesamlphp in > > trixie, > > > > > which is currently missing. > > > > > > > > > > Thijs, could we interpret the above as you are OK with a "Team- > > upload" > > > > > (as the package is in salsa.d.o/debian), or an NMU to package > > > > > simplesamlphp 2.x? > > > > > Please, don't hesitate to tell me if that is wrong. > > > > > > > > > > Someone from the LTS team, may be interested in contributing > > (CC'ing > > > > > debian-lts). > > > > > > > > > > Best regards, > -- > ✉ Joost van Baal-Ilić <joos...@uvt.nl> ☎ (013-466-)3519 > kamer G 231 ✉ TiU LIS Infra Unix <lis-u...@uvt.nl> > irc://irc.uvt.nl/#infra 🌍 https://go.uvt.nl/unix
