[opensaml2] 02/02: Import Debian changes 2.4.3-4+deb7u2
Ferenc Wágner
wferi at moszumanska.debian.org
Tue Nov 21 12:40:36 UTC 2017
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch debian/wheezy
in repository opensaml2.
commit 7bf5f8a1ddc563d6772ac420e8714dd0e82b3c3e
Author: Markus Koschany <apo at debian.org>
Date: Sat Nov 18 20:07:17 2017 +0100
Import Debian changes 2.4.3-4+deb7u2
opensaml2 (2.4.3-4+deb7u2) wheezy-security; urgency=high
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-16853:
Rod Widdowson of Steading System Software LLP discovered a coding error in
the OpenSAML library, causing the DynamicMetadataProvider class to fail
configuring itself with the filters provided and omitting whatever checks
they are intended to perform.
---
debian/changelog | 11 +++++++++++
debian/patches/CVE-2017-16853.patch | 32 ++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 44 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 08f8c38..3e3fe05 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+opensaml2 (2.4.3-4+deb7u2) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the LTS team.
+ * Fix CVE-2017-16853:
+ Rod Widdowson of Steading System Software LLP discovered a coding error in
+ the OpenSAML library, causing the DynamicMetadataProvider class to fail
+ configuring itself with the filters provided and omitting whatever checks
+ they are intended to perform.
+
+ -- Markus Koschany <apo at debian.org> Sat, 18 Nov 2017 20:07:17 +0100
+
opensaml2 (2.4.3-4+deb7u1) wheezy-security; urgency=high
* Rebuild against fixed xmltooling for DSA 3321-1
diff --git a/debian/patches/CVE-2017-16853.patch b/debian/patches/CVE-2017-16853.patch
new file mode 100644
index 0000000..5d68e00
--- /dev/null
+++ b/debian/patches/CVE-2017-16853.patch
@@ -0,0 +1,32 @@
+From: Markus Koschany <apo at debian.org>
+Date: Sat, 18 Nov 2017 19:51:48 +0100
+Subject: CVE-2017-16853
+
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881856
+Origin: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
+---
+ saml/saml2/metadata/impl/DynamicMetadataProvider.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
+index a6af29e..97e5e23 100644
+--- a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
++++ b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
+@@ -62,7 +62,7 @@ namespace opensaml {
+ };
+
+ DynamicMetadataProvider::DynamicMetadataProvider(const DOMElement* e)
+- : AbstractMetadataProvider(e),
++ : AbstractMetadataProvider(e), MetadataProvider(e),
+ m_validate(XMLHelper::getAttrBool(e, false, validate)),
+ m_lock(RWLock::create()),
+ m_refreshDelayFactor(0.75),
+@@ -70,7 +70,7 @@ DynamicMetadataProvider::DynamicMetadataProvider(const DOMElement* e)
+ m_maxCacheDuration(XMLHelper::getAttrInt(e, 28800, maxCacheDuration))
+ {
+ if (m_minCacheDuration > m_maxCacheDuration) {
+- Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
++ Category::getInstance(SAML_LOGCAT".Metadata.Dynamic").error(
+ "minCacheDuration setting exceeds maxCacheDuration setting, lowering to match it"
+ );
+ m_minCacheDuration = m_maxCacheDuration;
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..d39e000
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2017-16853.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/opensaml2.git
More information about the Pkg-shibboleth-devel
mailing list