pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc Update lasso to 2.7.0
details: https://anonhg.NetBSD.org/pkgsrc/rev/aa3e87eff9bd
branches: trunk
changeset: 454284:aa3e87eff9bd
user: manu <manu%pkgsrc.org@localhost>
date: Tue Jun 08 07:34:47 2021 +0000
description:
Update lasso to 2.7.0
Changes from 2.6.1, from the NEWS file
2.7.0 - June 1st 2021
----------------------
36 commits, 45 files changed, 1945 insertions, 177 deletions
* CVE-2021-28091: Fix signature checking on unsigned response with multiple assertions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28091
When AuthnResponse messages are not signed (which is
permitted by the specifiation), all assertion's signatures should be
checked, but currently after the first signed assertion is checked all
following assertions are accepted without checking their signature, and
the last one is considered the main assertion.
This patch :
* check signatures from all assertions if the message is not signed,
* refuse messages with assertion from different issuers than the one on
the message, to prevent assertion bundling event if they are signed.
* Python: improve display of warnings in the binding generator
* replace deprecated index() by strchr() (#51385)
* Fix: new provider reference count is incremented one time too many (#51420)
* docs: update gtk-doc-tools integration (#50441)
* bindings: disable java tests when java is disabled
* Fix: python3 bindings (#51249)
* configure.ac: disable java bindings
* build: update to use origin/main
* debian: add packaging for debian-buster
* jenkins.sh: build against all available python versions (#44287)
* python: do not leak out_pyvalue if method call protocol is not respected (#44287)
* python: do not raise in valid_seq() (#44287)
* python: return NULL if get_list_of_strings() fails (#44287)
* python: return NULL if get_list_of_pygobject fails (#44287)
* python: return NULL if get_list_of_xml_nodes fails (#44287)
* python: return NULL if set_list_of_pygobject fails (#44287)
* python: return NULL if set_list_of_xml_nodes fails (#44287)
* python: return NULL if set_list_of_strings fails (#44287)
* python: return NULL if set_hashtable_of_strings fails (#44287)
* python: return NULL if set_hashtable_of_pygobject fails (#44287)
* python: free internal string buffer if needed in set_list_of_strings (#44287)
* python: check if hashtable is NULL before deallocatio (#44287)n
* python: add a failure label to method wrappers (#44287)
* python: add macro for early return (#44287)
* python: remove newline before method call (#44287)
* python: simplify get_logger_object (#44287)
* python: fix warning about discarded const modifier (#44287)
* python: replace exception by warning on logging path (#44287)
* python: use simpler call format to prevent warning about PY_SSIZE_T_CLEAN (#44287)
* python: remove deprecated PyErr_Warn (#44287)
* python: remove unused PyString_Size (#44287)
* python: Exception.message was removed in python3 (#45995)
* tools: reimplement xmlURIEscapeStr to respect RFC3986 (#45581)
* configure.ac: support php7 interpreter on CentOS 8 (#42299)
diffstat:
doc/CHANGES-2021 | 3 +-
security/lasso/Makefile | 4 +-
security/lasso/Makefile.common | 4 +-
security/lasso/buildlink3.mk | 4 +-
security/lasso/distinfo | 11 +-
security/lasso/patches/patch-45581 | 189 -------------------------------------
6 files changed, 13 insertions(+), 202 deletions(-)
diffs (275 lines):
diff -r 5a08ff7a76dd -r aa3e87eff9bd doc/CHANGES-2021
--- a/doc/CHANGES-2021 Tue Jun 08 07:26:52 2021 +0000
+++ b/doc/CHANGES-2021 Tue Jun 08 07:34:47 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2021,v 1.3309 2021/06/08 07:26:52 manu Exp $
+$NetBSD: CHANGES-2021,v 1.3310 2021/06/08 07:34:47 manu Exp $
Changes to the packages collection and infrastructure in 2021:
@@ -5317,3 +5317,4 @@
Added graphics/R-thematic version 0.1.2 [mef 2021-06-08]
Added www/R-bslib version 0.2.5.1 [mef 2021-06-08]
Updated www/ap2-auth-mellon to 0.17.0 [manu 2021-06-08]
+ Updated security/lasso to 2.7.0 [manu 2021-06-08]
diff -r 5a08ff7a76dd -r aa3e87eff9bd security/lasso/Makefile
--- a/security/lasso/Makefile Tue Jun 08 07:26:52 2021 +0000
+++ b/security/lasso/Makefile Tue Jun 08 07:34:47 2021 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.48 2021/05/24 19:53:52 wiz Exp $
+# $NetBSD: Makefile,v 1.49 2021/06/08 07:34:48 manu Exp $
CONFIGURE_ARGS+= --disable-python
CONFIGURE_ARGS+= --disable-php5
+CONFIGURE_ARGS+= --disable-php7
CONFIGURE_ARGS+= --disable-perl
PYTHON_VERSIONS_ACCEPTED= 27 # not yet ported as of 2.4.1
@@ -10,5 +11,4 @@
EXTRACT_USING= bsdtar
#PKGREVISION= 1
-PKGREVISION= 5
.include "../../security/lasso/Makefile.common"
diff -r 5a08ff7a76dd -r aa3e87eff9bd security/lasso/Makefile.common
--- a/security/lasso/Makefile.common Tue Jun 08 07:26:52 2021 +0000
+++ b/security/lasso/Makefile.common Tue Jun 08 07:34:47 2021 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.16 2020/08/12 14:15:33 manu Exp $
+# $NetBSD: Makefile.common,v 1.17 2021/06/08 07:34:48 manu Exp $
#
# used by security/lasso/Makefile
# used by security/py-lasso/Makefile
-DISTNAME= lasso-2.6.1
+DISTNAME= lasso-2.7.0
CATEGORIES= security
MASTER_SITES= https://dev.entrouvert.org/lasso/
diff -r 5a08ff7a76dd -r aa3e87eff9bd security/lasso/buildlink3.mk
--- a/security/lasso/buildlink3.mk Tue Jun 08 07:26:52 2021 +0000
+++ b/security/lasso/buildlink3.mk Tue Jun 08 07:34:47 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.19 2021/04/21 11:40:37 adam Exp $
+# $NetBSD: buildlink3.mk,v 1.20 2021/06/08 07:34:48 manu Exp $
BUILDLINK_TREE+= lasso
@@ -6,7 +6,7 @@
LASSO_BUILDLINK3_MK:=
BUILDLINK_API_DEPENDS.lasso+= lasso>=2.2.1
-BUILDLINK_ABI_DEPENDS.lasso+= lasso>=2.6.1nb4
+BUILDLINK_ABI_DEPENDS.lasso+= lasso>=2.5.1nb6
BUILDLINK_PKGSRCDIR.lasso?= ../../security/lasso
.include "../../security/xmlsec1/buildlink3.mk"
diff -r 5a08ff7a76dd -r aa3e87eff9bd security/lasso/distinfo
--- a/security/lasso/distinfo Tue Jun 08 07:26:52 2021 +0000
+++ b/security/lasso/distinfo Tue Jun 08 07:34:47 2021 +0000
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.25 2020/08/12 14:15:33 manu Exp $
+$NetBSD: distinfo,v 1.26 2021/06/08 07:34:48 manu Exp $
-SHA1 (lasso-2.6.1.tar.gz) = 0ab89b159d52cd503182cbbeff0327c80e3ed93d
-RMD160 (lasso-2.6.1.tar.gz) = 775d74fccf62afea9f8d587a1a7801e15ad7d986
-SHA512 (lasso-2.6.1.tar.gz) = 768e577ccf650d61305cbb2d8be0d3e13a5c8b6b05f6b0a8419fcd23030eb7530740e8ca785f0279331d7e31743b2e0ab234de50eb87d41cfda5d692a1583d4b
-Size (lasso-2.6.1.tar.gz) = 4514418 bytes
-SHA1 (patch-45581) = ea1a3c47ed61cce376d3998cdc195dfcfc881061
+SHA1 (lasso-2.7.0.tar.gz) = 7a4175eb925427504ac5d42bb3644a97fc188409
+RMD160 (lasso-2.7.0.tar.gz) = 6660050075bdd4c7dc64ed7a1f5203ca84097d20
+SHA512 (lasso-2.7.0.tar.gz) = 98615d6166cdec52abef4f5346119040f310dbee624c2cd168d2f95b5fe3e0e1437ec6bfc2cd8b680044438afa15770402f5aef87d1885f7bc61528617c17a74
+Size (lasso-2.7.0.tar.gz) = 6332202 bytes
diff -r 5a08ff7a76dd -r aa3e87eff9bd security/lasso/patches/patch-45581
--- a/security/lasso/patches/patch-45581 Tue Jun 08 07:26:52 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,189 +0,0 @@
-$NetBSD: patch-45581,v 1.1 2020/08/12 14:15:33 manu Exp $
-
-Fix lasso fail to properly escape single quotes in RelayState
-From upstream https://dev.entrouvert.org/issues/45581
-
-diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
-index 0f4e8926..68693ffe 100644
---- lasso/id-ff/login.c
-+++ lasso/id-ff/login.c
-@@ -988,11 +988,11 @@ lasso_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_method)
- }
-
- b64_samlArt = xmlStrdup((xmlChar*)login->assertionArtifact);
-- relayState = xmlURIEscapeStr(
-+ relayState = lasso_xmlURIEscapeStr(
- (xmlChar*)LASSO_LIB_AUTHN_REQUEST(profile->request)->RelayState, NULL);
-
- if (http_method == LASSO_HTTP_METHOD_REDIRECT) {
-- xmlChar *escaped_artifact = xmlURIEscapeStr(b64_samlArt, NULL);
-+ xmlChar *escaped_artifact = lasso_xmlURIEscapeStr(b64_samlArt, NULL);
- gchar *query = NULL;
-
- if (relayState == NULL) {
-diff --git a/lasso/xml/private.h b/lasso/xml/private.h
-index 52a21e56..a2b47aa4 100644
---- lasso/xml/private.h
-+++ lasso/xml/private.h
-@@ -287,6 +287,7 @@ gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *e
-
- char * lasso_get_relaystate_from_query(const char *query);
- char * lasso_url_add_parameters(char *url, gboolean free, ...);
-+xmlChar * lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list);
- xmlSecKey* lasso_xmlsec_load_private_key_from_buffer(const char *buffer, size_t length, const char *password, LassoSignatureMethod signature_method, const char *certificate);
- xmlSecKey* lasso_xmlsec_load_private_key(const char *filename_or_buffer, const char *password,
- LassoSignatureMethod signature_method, const char *certificate);
-diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
-index 53d7d37b..589a795d 100644
---- lasso/xml/tools.c
-+++ lasso/xml/tools.c
-@@ -36,6 +36,7 @@
- #define _BSD_SOURCE
- #include "private.h"
- #include <string.h>
-+#include <strings.h>
- #include <time.h>
- #include <ctype.h>
- #include <stdarg.h>
-@@ -540,7 +541,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
- }
-
- {
-- const char *t = (char*)xmlURIEscapeStr(algo_href, NULL);
-+ const char *t = (char*)lasso_xmlURIEscapeStr(algo_href, NULL);
- new_query = g_strdup_printf("%s&SigAlg=%s", query, t);
- xmlFree(BAD_CAST t);
- }
-@@ -662,7 +663,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
- /* Base64 encode the signature value */
- b64_sigret = xmlSecBase64Encode(sigret, sigret_size, 0);
- /* escape b64_sigret */
-- e_b64_sigret = xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
-+ e_b64_sigret = lasso_xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
-
- /* add signature */
- switch (sign_method) {
-@@ -1307,7 +1308,7 @@ lasso_xmlnode_build_deflated_query(xmlNode *xmlnode)
- b64_ret = xmlSecBase64Encode(ret, stream.total_out, 0);
- lasso_release(ret);
-
-- ret = xmlURIEscapeStr(b64_ret, NULL);
-+ ret = lasso_xmlURIEscapeStr(b64_ret, NULL);
- rret = g_strdup((char*)ret);
- xmlFree(b64_ret);
- xmlFree(ret);
-@@ -2329,7 +2330,7 @@ lasso_url_add_parameters(char *url,
- if (! key) {
- break;
- }
-- encoded_key = xmlURIEscapeStr((xmlChar*)key, NULL);
-+ encoded_key = lasso_xmlURIEscapeStr((xmlChar*)key, NULL);
- goto_cleanup_if_fail(encoded_key);
-
- value = va_arg(ap, char*);
-@@ -2337,7 +2338,7 @@ lasso_url_add_parameters(char *url,
- message(G_LOG_LEVEL_CRITICAL, "lasso_url_add_parameter: key without a value !!");
- break;
- }
-- encoded_value = xmlURIEscapeStr((xmlChar*)value, NULL);
-+ encoded_value = lasso_xmlURIEscapeStr((xmlChar*)value, NULL);
- goto_cleanup_if_fail(encoded_value);
-
- if (old_url) {
-@@ -2480,6 +2481,56 @@ lasso_base64_decode(const char *from, char **buffer, int *buffer_len)
- return TRUE;
- }
-
-+/**
-+ * lasso_xmlURIEscapeStr:
-+ * @from: the source URI string
-+ * @list: optional list of characters not to escape
-+ *
-+ * Drop-in replacement for libxml2 xmlURIEscapeStr(), but encoding
-+ * everything but [A-Za-z0-9._~-] which are the unreserved chartacters
-+ * for RFC3986 section 2.3
-+ *
-+ * Return value: a buffer containing the URL-encoded string or NULL on error
-+ */
-+xmlChar *
-+lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list)
-+{
-+ size_t len = 0;
-+ const xmlChar *fp;
-+ xmlChar *result;
-+ int ri;
-+
-+ if (list == NULL)
-+ list = "";
-+
-+ for (fp = from; *fp; fp++) {
-+ if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp))
-+ len++;
-+ else
-+ len += 3;
-+ }
-+
-+ result = g_malloc0(len + 1);
-+ ri = 0;
-+
-+ for (fp = from; *fp; fp++) {
-+ if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp)) {
-+ result[ri++] = *fp;
-+ } else {
-+ int msb = (*fp & 0xf0) >> 4;
-+ int lsb = *fp & 0x0f;
-+
-+ result[ri++] = '%';
-+ result[ri++] = (msb > 9) ? 'A' + msb - 10 : '0' + msb;
-+ result[ri++] = (lsb > 9) ? 'A' + lsb - 10 : '0' + lsb;
-+ }
-+ }
-+
-+ result[ri++] = '\0';
-+
-+ return result;
-+}
-+
- /**
- * lasso_xmlsec_load_private_key_from_buffer:
- * @buffer: a buffer containing a key in any format
-diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
-index 565172e1..938844ba 100644
---- lasso/xml/xml.c
-+++ lasso/xml/xml.c
-@@ -3120,7 +3120,7 @@ get_value_by_path(LassoNode *node, char *path, struct XmlSnippet *xml_snippet)
- s = xmlGetProp(t, a->name);
- g_string_append(result, a->name);
- g_string_append(result, "=");
-- s2 = xmlURIEscapeStr(s, NULL);
-+ s2 = lasso_xmlURIEscapeStr(s, NULL);
- g_string_append(result, s2);
- xmlFree(s2);
- xmlFree(s);
-@@ -3140,7 +3140,7 @@ get_value_by_path(LassoNode *node, char *path, struct XmlSnippet *xml_snippet)
- g_string_append(result, (char*)c->name);
- g_string_append(result, "=");
- s = xmlNodeGetContent(c);
-- s2 = xmlURIEscapeStr(s, NULL);
-+ s2 = lasso_xmlURIEscapeStr(s, NULL);
- g_string_append(result, (char*)s2);
- xmlFree(s2);
- xmlFree(s);
-@@ -3263,7 +3263,7 @@ lasso_node_build_query_from_snippets(LassoNode *node)
- g_string_append(s, "&");
- g_string_append(s, field_name);
- g_string_append(s, "=");
-- t = xmlURIEscapeStr((xmlChar*)v, NULL);
-+ t = lasso_xmlURIEscapeStr((xmlChar*)v, NULL);
- g_string_append(s, (char*)t);
- xmlFree(t);
- }
-@@ -3634,7 +3634,7 @@ lasso_node_export_to_saml2_query(LassoNode *node, const char *param_name, const
- value = lasso_node_build_deflated_query(node);
- if (! value)
- goto cleanup;
-- encoded_param = xmlURIEscapeStr(BAD_CAST param_name, NULL);
-+ encoded_param = lasso_xmlURIEscapeStr(BAD_CAST param_name, NULL);
- if (! encoded_param)
- goto cleanup;
- query = g_strdup_printf("%s=%s", encoded_param, value);
Home |
Main Index |
Thread Index |
Old Index