Problem/Motivation

The dvd_digid module uses the SimpleSAMLphp library version 1.11.0. This release was tagged on Nov 19, 2013 and has received several updates since, including several security releases.

Proposed resolution

Update the SimpleSAMLphp library to 1.14.11, so DigiD uses the most secure code.

Remaining tasks

  1. Write a patch
  2. Review
  3. Commit

User interface changes

Hopefully none.

API changes

Notable changes in the library:

Data model changes

None.

CommentFileSizeAuthor
#4 dvg-simplesamlphp_digid_fix-2857549-2.patch607 bytesidebr
#3 dvg-simplesamlphp_update-2857549-3.patch1.34 KBidebr
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

idebr created an issue. See original summary.

idebr’s picture

idebr CreditAttribution: idebr at ezCompany commented
Issue summary: View changes

Added notable change: Remove "override.host" config option (https://github.com/simplesamlphp/simplesamlphp/issues/2)

idebr’s picture

idebr CreditAttribution: idebr at ezCompany commented
Status: Active » Needs review
FileSize
dvg-simplesamlphp_update-2857549-3.patch1.34 KB

Important release notes for the upgrade path:

  • The 'override.host' option has been removed from config.php
  • config.php and idp metadata used to be stored without a subdirectory of simplesamlphp. The library now supports a different config directory through the PHP environment variable SIMPLESAMLPHP_CONFIG_DIR
  • The directory for metadata can be configured through the 'metadatadir' key in config.php
  • The preferred file path for these files is outside the webserver docroot, similar to how private files are stored.
idebr’s picture

idebr CreditAttribution: idebr at ezCompany commented
FileSize
dvg-simplesamlphp_digid_fix-2857549-2.patch607 bytes

Uploaded 'dvg-simplesamlphp_digid_fix-2857549-2.patch'

  • ralphvdhoudt committed a99fb97 on 7.x-1.x authored by idebr 
    Issue #2857549 by idebr: Update SimpleSAMLphp library to 1.14.11
ralphvdhoudt’s picture

ralphvdhoudt CreditAttribution: ralphvdhoudt at ezCompany commented
Status: Needs review » Fixed

Committed added info about update in #2831698: Release 1.1

ralphvdhoudt’s picture

ralphvdhoudt CreditAttribution: ralphvdhoudt at ezCompany commented
Title: Update SimpleSAMLphp library to 1.14.11 » Update SimpleSAMLphp library to 1.14.12

  • ralphvdhoudt committed fd88981 on 7.x-1.x authored by idebr 
    Issue #2857549 by idebr: Update SimpleSAMLphp library to 1.14.12

  • ralphvdhoudt committed 47ba7d8 on 7.x-1.x authored by idebr 
    Issue #2857549 by idebr: Update SimpleSAMLphp library to 1.14.12

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.