diff -Nru python-pysaml2-3.0.0/debian/changelog python-pysaml2-3.0.0/debian/changelog --- python-pysaml2-3.0.0/debian/changelog 2018-01-05 14:17:21.000000000 +0000 +++ python-pysaml2-3.0.0/debian/changelog 2018-01-05 14:17:21.000000000 +0000 @@ -1,4 +1,4 @@ -python-pysaml2 (3.0.0-3ubuntu2.1) artful-security; urgency=medium +python-pysaml2 (3.0.0-3ubuntu2.2) artful-security; urgency=medium * SECURITY UPDATE: Any password can be used if optimizations are enabled - debian/patches/CVE-2017-1000433.patch: fixes authentication bypass due diff -Nru python-pysaml2-3.0.0/debian/patches/fix-test-41-response.patch python-pysaml2-3.0.0/debian/patches/fix-test-41-response.patch --- python-pysaml2-3.0.0/debian/patches/fix-test-41-response.patch 2018-01-05 14:17:21.000000000 +0000 +++ python-pysaml2-3.0.0/debian/patches/fix-test-41-response.patch 2018-01-05 14:17:21.000000000 +0000 @@ -9,43 +9,43 @@ tests/test_41_response.py | 2 +- 2 files changed, 6 insertions(+), 22 deletions(-) -Index: python-pysaml2-3.0.0/src/saml2/sigver.py -=================================================================== ---- python-pysaml2-3.0.0.orig/src/saml2/sigver.py -+++ python-pysaml2-3.0.0/src/saml2/sigver.py -@@ -1466,27 +1466,11 @@ class SecurityContext(object): - for _, pem_file in certs: - try: - last_pem_file = pem_file -- if origdoc is not None: -- try: -- if self.verify_signature(origdoc, pem_file, -- node_name=node_name, -- node_id=item.id, -- id_attr=id_attr): -- verified = True -- break -- except Exception: -- if self.verify_signature(decoded_xml, pem_file, -- node_name=node_name, -- node_id=item.id, -- id_attr=id_attr): -- verified = True -- break -- else: -- if self.verify_signature(decoded_xml, pem_file, -- node_name=node_name, -- node_id=item.id, id_attr=id_attr): -- verified = True -- break -+ if self.verify_signature(decoded_xml, pem_file, -+ node_name=node_name, -+ node_id=item.id, id_attr=id_attr): -+ verified = True -+ break - except XmlsecError as exc: - logger.error("check_sig: %s" % exc) - pass +#Index: python-pysaml2-3.0.0/src/saml2/sigver.py +#=================================================================== +#--- python-pysaml2-3.0.0.orig/src/saml2/sigver.py +#+++ python-pysaml2-3.0.0/src/saml2/sigver.py +#@@ -1466,27 +1466,11 @@ class SecurityContext(object): +# for _, pem_file in certs: +# try: +# last_pem_file = pem_file +#- if origdoc is not None: +#- try: +#- if self.verify_signature(origdoc, pem_file, +#- node_name=node_name, +#- node_id=item.id, +#- id_attr=id_attr): +#- verified = True +#- break +#- except Exception: +#- if self.verify_signature(decoded_xml, pem_file, +#- node_name=node_name, +#- node_id=item.id, +#- id_attr=id_attr): +#- verified = True +#- break +#- else: +#- if self.verify_signature(decoded_xml, pem_file, +#- node_name=node_name, +#- node_id=item.id, id_attr=id_attr): +#- verified = True +#- break +#+ if self.verify_signature(decoded_xml, pem_file, +#+ node_name=node_name, +#+ node_id=item.id, id_attr=id_attr): +#+ verified = True +#+ break +# except XmlsecError as exc: +# logger.error("check_sig: %s" % exc) +# pass Index: python-pysaml2-3.0.0/tests/test_41_response.py =================================================================== --- python-pysaml2-3.0.0.orig/tests/test_41_response.py