| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
|
| |
importlib.resources was added to python standard library since python 3.7
[1]. This patch is implementing conditional to use it instead of the
importlib_resources backport when using python 3.7 or newer.
[1] https://docs.python.org/3/whatsnew/3.7.html
|
|
|
|
|
| |
Sandbox mode was adding in 1.2.0 of python-xmlschema and refined in
1.2.1. Its use was added in 3b707723dcf1bf60677b424aac398c0c3557641d.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All users of pysaml2 that use the default `CryptoBackendXmlSec1` backend and need to
verify signed SAML documents are impacted. `pysaml2 <= 6.4.1` does not validate the SAML
document against an XML schema. This allows invalid XML documents to trick the
verification process, by presenting elements with a valid signature inside elements
whose content has been malformed. The verification is offloaded to `xmlsec1` and
`xmlsec1` will not validate every signature in the given document, but only the first it
finds in the given scope.
Credits for the report:
- Victor Schönfelder Garcia (isits AG International School of IT Security)
- Juraj Somorovsky (Paderborn University)
- Vladislav Mladenov (Ruhr University Bochum)
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Otherwise if pysaml is installed with an older release of cryptography package it would fail with
AttributeError: '_RSAPrivateKey' object has no attribute 'sign'
|
|
A bug is blocking setuptools from working with python2 [bug]. Work is on its
way [pr]. Until that is fixed, package_dir should be defined in setup.py to
preserve compatibility of the native str type.
[bug]: https://github.com/pypa/setuptools/issues/1136
[pr]: https://github.com/pypa/setuptools/pull/1180
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|