debian/0000755000000000000000000000000012153627664007202 5ustar debian/compat0000644000000000000000000000000212153627062010370 0ustar 9 debian/dirs0000644000000000000000000000017712153627062010063 0ustar etc/simplesamlphp/metadata etc/apache2/conf-available usr/share/simplesamlphp var/lib/simplesamlphp/data var/log/simplesamlphp debian/docs0000644000000000000000000000000712153627062010042 0ustar docs/* debian/examples0000644000000000000000000000007612153627062010736 0ustar config-templates metadata-templates extra/auth_memcookie.conf debian/watch0000644000000000000000000000044112153627062010222 0ustar version=3 opts=downloadurlmangle=s#.*(simplesamlphp-([\d.]+)\.tar\.gz).*#http://simplesamlphp.googlecode.com/files/$1#,filenamemangle=s#.*(simplesamlphp-([\d.]+)\.tar\.gz).*#$1# \ http://code.google.com/p/simplesamlphp/downloads/list ^.*detail\?name=simplesamlphp-([\d.]+)\.tar\.gz.* debian/source/0000755000000000000000000000000012153627062010472 5ustar debian/source/format0000644000000000000000000000001412153627062011700 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000012153627062010621 5ustar debian/patches/series0000644000000000000000000000002412153627062012032 0ustar debian_config.patch debian/patches/debian_config.patch0000644000000000000000000000336412153627062014417 0ustar Description: Debian-specific paths and defaults Forwarded: not-needed Author: Thijs Kinkhorst --- a/config/config.php +++ b/config/config.php @@ -22,10 +22,12 @@ * external url, no matter where you come from (direct access or via the * reverse proxy). */ - 'baseurlpath' => 'simplesaml/', - 'certdir' => 'cert/', - 'loggingdir' => 'log/', - 'datadir' => 'data/', + 'baseurlpath' => 'simplesamlphp/', + 'certdir' => '/etc/ssl/certs/', + 'loggingdir' => '/var/log/simplesamlphp/', + 'datadir' => '/var/lib/simplesamlphp/data/', + 'metadatadir' => '/etc/simplesamlphp/metadata/', + 'attributenamemapdir' => '/etc/simplesamlphp/attributemap/', /* * A directory where simpleSAMLphp can save temporary files. @@ -69,7 +71,8 @@ * metadata listing and diagnostics pages. * You can also put a hash here; run "bin/pwgen.php" to generate one. */ - 'auth.adminpassword' => '123', + // Debian: this password is in /var/lib/simplesamlphp/secrets.inc.php + //'auth.adminpassword' => '123', 'admin.protectindexpage' => false, 'admin.protectmetadata' => false, @@ -81,7 +84,8 @@ * A possible way to generate a random salt is by running the following command from a unix shell: * tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' /dev/null;echo */ - 'secretsalt' => 'defaultsecretsalt', + // Debian: this secret is in /var/lib/simplesamlphp/secrets.inc.php + //'secretsalt' => 'defaultsecretsalt', /* * Some information about the technical persons running this installation. @@ -679,3 +683,5 @@ 'redirect.trustedsites' => NULL, ); + +require_once('/var/lib/simplesamlphp/secrets.inc.php'); debian/postinst0000644000000000000000000000133412153627062011001 0ustar #!/bin/sh set -e if [ "$1" = "configure" ]; then # Generate secrets if [ ! -f /var/lib/simplesamlphp/secrets.inc.php ]; then touch /var/lib/simplesamlphp/secrets.inc.php chgrp www-data /var/lib/simplesamlphp/secrets.inc.php chmod 640 /var/lib/simplesamlphp/secrets.inc.php ADMINP=`tr -c -d '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' /dev/null`; SSALT=`tr -c -d '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' /dev/null`; printf "> /var/lib/simplesamlphp/secrets.inc.php fi fi #DEBHELPER# exit 0 debian/postrm0000644000000000000000000000017312153627062010442 0ustar #!/bin/sh set -e if [ "$1" = "purge" ]; then rm -rf /etc/simplesamlphp /var/lib/simplesamlphp fi #DEBHELPER# exit 0 debian/README.Debian0000644000000000000000000000064612153627062011241 0ustar simpleSAMLphp packaged for Debian --------------------------------- To comply with Debian's policies, simpleSAMLphp's configuration is placed in /etc/simplesamlphp, and the metadata under /etc/simplesamlphp/metadata. Upon initial installation, the administrator password is generated and stored in /var/lib/simplesamlphp/secrets.inc.php. Not all modules have been tested in a Debian context. Feedback is most welcome. debian/links0000644000000000000000000000033212153627062010233 0ustar /etc/simplesamlphp usr/share/simplesamlphp/config /usr/share/php/Auth usr/share/simplesamlphp/lib/Auth /etc/simplesamlphp/apache.conf etc/apache2/conf-available/simplesamlphp.conf debian/copyright0000644000000000000000000001264612153627062011136 0ustar This package was debianized by Thomas Zangerl on Thu, 08 Oct 2009 17:47:18 +0200 and adapted by Thijs Kinkhorst . It was downloaded from http://simplesamlphp.googlecode.com/svn/trunk/ Upstream Authors: Andreas Åkre Solberg Olav Morken Copyright: Copyright (C) 2007-2011 UNINETT AS License: SimpleSAMLphp is licensed under the GNU Lesser General Public License, version 2.1 as published by the Free Software Foundation. On Debian systems, the full license text can be found in the file /usr/share/common-licenses/LGPL-2.1. The Debian packaging is copyright (C) 2009, Thomas Zangerl and copyright (C) 2010-2012 Universiteit van Tilburg and is licensed under the same terms as simpleSAMLphp itself. simpleSAMLphp includes the following code from other copyright holders and in some cases different licenses (see below for license texts): www/resources/jquery.js, www/resources/jquery-16.js: Copyright (c) 2008-2009 John Resig (jquery.com) Dual licensed under the MIT and GPLv2 licenses. Copyright 2009, The Dojo Foundation Released under the MIT, BSD, and GPLv2 Licenses. www/resources/jquery-ui*.js, www/resources/uitheme*: Copyright (c) 2009 AUTHORS.txt (http://ui.jquery.com/about) Dual licensed under the MIT and GPLv2 licenses. www/resources/icons/crystal_project/*: Copyright (c) 2006-2007 Everaldo Coelho. Licensed under the GNU LGPLv2.1. www/resources/icons/experience/*: Copyright David Christian Berg. Licensed under the GNU GPLv2. lib/xmlseclibs.php: Copyright (c) 2007, Robert Richards . Licensed under the BSD License. lib/Auth/Yadis/*, lib/Auth/OpenID*: Copyright 2005-2008 Janrain, Inc. Licensed under the Apache license 2.0. modules/authYubiKey/lib/Auth: Copyright (C) 2009 Simon Josefsson Copyright (C) 2009 Andreas Åkre Solberg Licensed under the same license as simpleSAMLphp itself. modules/authYubiKey/libextinc: Copyright (C) 2007-2009 Simon Josefsson Licensed under the BSD License. modules/InfoCard: Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com) Licensed under the BSD License. modules/discopower/www/js/quicksilver.js: Copyright (c) 2008 Lachie Cox Licensed under the MIT License. modules/authfacebook/extlibinc: Copyright 2011 Facebook. Licensed under the Apache licence 2.0. modules/oauth/extlibinc: Copyright (c) 2007 Andy Smith Licensed under the MIT License. modules/riak: Copyright (c) 2012 The University of Queensland Licensed under the BSD License. On Debian systems, the latest version of the GPL can be found in /usr/share/common-licenses/GPL-2, the Apache 2.0 license in /usr/share/common-licenses/Apache-2.0, and the LGPL license in /usr/share/common-licenses/LGPL-2.1 The full text of the MIT license: Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. The full text of the BSD license: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the organization nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/lintian-overrides0000644000000000000000000000036512153627062012557 0ustar simplesamlphp: non-standard-dir-perm var/lib/simplesamlphp/data/ 0730 != 0755 simplesamlphp: non-standard-dir-perm var/log/simplesamlphp/ 0730 != 0755 simplesamlphp: package-contains-empty-directory usr/share/simplesamlphp/modules/openid/hooks/ debian/apache.conf0000644000000000000000000000070412153627062011263 0ustar # simpleSAMLphp example Apache config snippet. # To include this in your Apache configuration: # Apache 2.2 and earlier: # ln -s /etc/apache2/conf-available/simplesamlphp.conf /etc/apache2/conf.d/simplesamlphp.conf # Apache 2.4 and later: # a2enconf simplesamlphp Alias /simplesamlphp /usr/share/simplesamlphp/www Order allow,deny Allow from all # Apache 2.4-style: # Require all granted debian/rules0000755000000000000000000000213712153627062010255 0ustar #!/usr/bin/make -f clean: dh_testdir dh_testroot dh_clean install: dh_testdir dh_testroot dh_prep dh_installdirs dh_install dh_installdocs dh_installexamples dh_installchangelogs docs/simplesamlphp-changelog.txt rm debian/simplesamlphp/usr/share/doc/simplesamlphp/simplesamlphp-changelog.txt rm -r debian/simplesamlphp/usr/share/simplesamlphp/lib/Auth/ dh_link dh_compress rm debian/simplesamlphp/usr/share/simplesamlphp/modules/InfoCard/lib/RP/LICENSE.txt rm debian/simplesamlphp/usr/share/simplesamlphp/modules/oauth/libextinc/LICENSE.txt find . -type f -executable -not -path '*/bin/*' | xargs chmod -x dh_fixperms chgrp www-data debian/simplesamlphp/var/lib/simplesamlphp/data \ debian/simplesamlphp/var/log/simplesamlphp chmod u=rwx,g=wx,o= debian/simplesamlphp/var/lib/simplesamlphp/data \ debian/simplesamlphp/var/log/simplesamlphp dh_lintian dh_installdeb dh_gencontrol dh_md5sums dh_builddeb build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: binary-indep: install binary: binary-indep binary-arch: binary-indep .PHONY: clean install debian/changelog0000644000000000000000000001555712153627664011071 0ustar simplesamlphp (1.11.0-1) unstable; urgency=low * New upstream release. * Add php5-json to Recommends. -- Thijs Kinkhorst Wed, 05 Jun 2013 14:25:32 +0200 simplesamlphp (1.11.0~rc1-1) unstable; urgency=low * New upstream release candidate. - Sanitycheck now works out of the box (closes: #695147). -- Thijs Kinkhorst Fri, 24 May 2013 16:12:45 +0200 simplesamlphp (1.10.0-1) unstable; urgency=low * New upstream release. * Update packaging to debhelper 9, policy 3.9.4. -- Thijs Kinkhorst Thu, 04 Oct 2012 15:17:07 +0200 simplesamlphp (1.9.2-1) unstable; urgency=medium * New upstream security release: Fix possible issue in PKCS 1.5 encryption when a key is correctly decrypted but its length is not the one expected. -- Thijs Kinkhorst Wed, 29 Aug 2012 15:43:31 +0000 simplesamlphp (1.9.1-1) unstable; urgency=medium * New upstream security release: Fix for an attack against PKCS 1.5 in XML encryption. -- Thijs Kinkhorst Mon, 06 Aug 2012 12:57:02 +0000 simplesamlphp (1.9.0-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Wed, 13 Jun 2012 12:38:09 +0200 simplesamlphp (1.9.0~rc2-1) unstable; urgency=low * New upstream release candidate. -- Thijs Kinkhorst Sat, 19 May 2012 16:00:48 +0200 simplesamlphp (1.9.0~rc1-1) unstable; urgency=low * New upstream release candidate. - Addresses PHP 5.4 compatibility (closes: #658875). * Update for Apache 2.4 (closes: #669795). * Checked for policy 3.9.3. -- Thijs Kinkhorst Sat, 21 Apr 2012 17:13:15 +0200 simplesamlphp (1.8.2-1) unstable; urgency=high * New upstream release, fixes cross site scripting. [CVE-2012-0040 CVE-2012-0908] -- Thijs Kinkhorst Wed, 11 Jan 2012 11:19:37 +0100 simplesamlphp (1.8.1-1) unstable; urgency=high * New upstream release. Fixes security issues: - It may be possible to use an SP as a oracle to decrypt encrypted messages sent to that SP. This is the attack described in the paper "How to break XML encryption": http://dx.doi.org/10.1145/2046707.2046756 - It may be possible to use the SP as a key oracle which can be used to forge messages from that SP by issuing 300000-2000000 queries to the SP. This mainly affects SPs that use signed authentication requests. The attack is described in "Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1.": http://www.iacr.org/cryptodb/data/paper.php?pubkey=1037 -- Thijs Kinkhorst Thu, 27 Oct 2011 14:19:20 +0200 simplesamlphp (1.8.0-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Mon, 11 Apr 2011 14:14:34 +0200 simplesamlphp (1.7.0-2) unstable; urgency=low * Install all config files that simpleSAMLphp ships in config/ under our /etc/simplesamlphp/ (closes: #610973). -- Thijs Kinkhorst Tue, 08 Feb 2011 20:39:44 +0100 simplesamlphp (1.7.0-1) experimental; urgency=low * New upstream release. * Move php5-cli from depends to recommends (closes: #609256). * Install example apache.conf. * Remove obsolete /usr/share/doc/simplesamlphp/source/*. * Set default baseurlpath to 'simplesamlphp/'. -- Thijs Kinkhorst Tue, 11 Jan 2011 16:16:59 +0100 simplesamlphp (1.7.0~rc1-1) UNRELEASED; urgency=low * New upstream release candidate. -- Thijs Kinkhorst Fri, 24 Dec 2010 16:52:56 +0100 simplesamlphp (1.6.3-1+uvt1) unstable; urgency=low * Apply disco_scope.patch: allow the scopedIDPlist to be passed in a POST request to avoid running into browser request length limitations. Needed for Confusa 0.7. Patch accepted upstream. -- Thijs Kinkhorst Fri, 17 Dec 2010 14:26:05 +0100 simplesamlphp (1.6.3-1) unstable; urgency=high * New upstream release fixing XSS security bug. -- Thijs Kinkhorst Fri, 17 Dec 2010 14:16:25 +0100 simplesamlphp (1.6.2-1) unstable; urgency=high * New upstream release. * Includes security fixes: XSS possible in certain circumstances. * Checked for policy 3.9.1, no changes necessary. -- Thijs Kinkhorst Thu, 29 Jul 2010 14:47:21 +0200 simplesamlphp (1.6.1-1) unstable; urgency=low * New upstream release. * Remove version specifiers from dependencies where these are satisfied even in oldstable. Besides cleanup this solves an issue with php5-mhash, which is a virtual package in squeeze and up, and dependencies on virtual packages may not be versioned per Debian Policy. * Checked for policy 3.9.0, no changes necessary. * Install changelog in expected location. -- Thijs Kinkhorst Wed, 30 Jun 2010 18:38:40 +0200 simplesamlphp (1.6.0-1) unstable; urgency=low * New upstream release. * Initial Debian upload (closes: #557514). * Depend on php-openid and do not ship code contained theirin. -- Thijs Kinkhorst Tue, 01 Jun 2010 23:32:02 +0200 simplesamlphp (1.6.0~rc1-1) unstable; urgency=low * New upstream release candidate. * Make packaging conform better to Debian policy. * Switch to dpkg-source 3.0 (quilt) format. -- Thijs Kinkhorst Tue, 25 May 2010 16:54:59 +0200 simplesamlphp (1.5.1-1) unstable; urgency=low * Fix security vulnerability due to insecure temp file creation: - statistics: The logcleaner script outputs to a file in /tmp. - InfoCard: Saves state directly in /tmp. Changed to the simpleSAMLphp temp directory. - openidProvider: Default configuration saves state information in /tmp. Changed to '/var/lib/simplesamlphp-openid-provider'. - SAML 1 artifact support: Saves certificates temporarily in '/tmp/simplesaml', but directory creation was insecure. * statistics: Handle new year wraparound. * Dictionary updates. * Fix bridged logout. * Some documentation updates. * Fix all metadata to use assignments to arrays. * Fix $session->getIdP(). * Support AuthnContextClassRef in saml-module. * Do not attempt to send logout request to an IdP that does not support logout. * LDAP: Disallow bind with empty password. * LDAP: Assume that LDAP_NO_SUCH_OBJECT is an error due to invalid username/password. * statistics: Fix configuration template. * Handle missing authority in idp-hosted metadata better. -- Thomas Zangerl Mon, 11 Jan 2010 13:51:28 +0100 simplesamlphp (1.5.1~rc1-1) unstable; urgency=low * Include possibility to the Identity provider using session->getIdP() -- Thomas Zangerl Fri, 04 Dec 2009 15:00:00 +0100 simplesamlphp (1.5.0~rc1-1) unstable; urgency=low * Move to new modularized SAML provider for authN -- Thomas Zangerl Fri, 30 Oct 2009 11:21:04 +0100 debian/install0000644000000000000000000000054212153627062010564 0ustar bin usr/share/simplesamlphp dictionaries usr/share/simplesamlphp lib usr/share/simplesamlphp modules usr/share/simplesamlphp schemas usr/share/simplesamlphp templates usr/share/simplesamlphp www usr/share/simplesamlphp attributemap etc/simplesamlphp config/* etc/simplesamlphp debian/apache.conf etc/simplesamlphp debian/control0000644000000000000000000000263312153627621010602 0ustar Source: simplesamlphp Section: web Priority: extra Maintainer: Thijs Kinkhorst Uploaders: Thomas Zangerl Build-Depends: debhelper (>= 9) Homepage: http://simplesamlphp.org/ Vcs-Git: git://git.assembla.com/confusa_packaging Vcs-Browser: http://www.assembla.com/code/confusa_packaging/git/nodes Standards-Version: 3.9.4 Package: simplesamlphp Architecture: all Depends: php5, libapache2-mod-php5 | php5-cgi, openssl (>= 0.9.8g), php-xml-parser (>= 1.2.8), zlib1g, php5-mhash, php5-mcrypt, php-openid, apache2 | httpd, ${misc:Depends} Recommends: php5-cli, php5-json Suggests: mysql-server (>= 5), php5-ldap, php5-radius, php5-mysql Description: Authentication and federation application supporting several protocols simpleSAMLphp, with its support for several authentication mechanisms and federation protocols, can be used for local authentication, as a service provider or identity provider. It currently supports the following protocols: . * SAML 2.0 as a Service or Identity Provider. * Shiboleth 1.3 as a Service or Identity Provider. * A-Select as a Service or Identity Provider * CAS for remote authentication * OpenID as a Provider or Consumer * WS-Federation as a Service Provider . Further authentication providers can be added in form of modules. Other features are protocol bridging, eduGAIN compatibility, attribute mapping and attribute release consent.