pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc
Module Name: pkgsrc
Committed By: manu
Date: Wed Aug 12 14:15:34 UTC 2020
Modified Files:
pkgsrc/doc: CHANGES-2020
pkgsrc/security/lasso: Makefile Makefile.common distinfo
Added Files:
pkgsrc/security/lasso/patches: patch-45581
Removed Files:
pkgsrc/security/lasso/patches: patch-18771 patch-configure
patch-lasso_xml_tools.c
Log Message:
Updated security/lasso to 2.6.1
Changes since previous pkgsrc version 2.5.1, from the NEWS file
Also add a fix for proper escape single quotes in RelayState
>From upstream https://dev.entrouvert.org/issues/45581
2.6.1 - Aptil 22th 2019
----------------------
42 commits, 425 files changed, 3894 insertions, 795 deletions
- Keep order of SessionIndexes
- Clear SessionIndex when private SessionIndexes is empty (#41950)
- misc: clear warnings about class_init signature using coccinelle
- tests: fix compilation with check>0.12 (#39101)
- Sort input file lists to make build deterministic (#40454)
- debian: disable php7 (#28608)
- Modify .gitignore for PHP 7 binding (#28608)
- Add PHP 7 binding (#28608)
- Fix tests broken by new DEBUG logs (#12829)
- Improve error logging during node parsing (#12829)
- Improve configure compatibility (#32425)
- Improve compatibility with Solaris (#32425)
- Fix reference count in lasso_server_add_provider2 (fixes #35061)
- Fix python multi-version builds on jessie and stretch
- docs: do not use Internet to fetch DTDs, entities or documents (#35590)
- fix missing include <strings.h> for index() (fixes #33791)
- PAOS: Do not populate "Destination" attribute (Dmitrii Shcherbakov)
- export symbol lasso_log (#33784)
- Do not ignore WantAuthnRequestSigned value with hint MAYBE (#33354)
- Use io.open(encoding=utf8) in extract_symbols/sections.py (#33360)
- xml: adapt schema in saml2:AuthnContext (#29340)
- Fix ECP signature not found error when only assertion is signed (#26828)
- autoconf: search python interpreters by versions (John Dennis)
- python: make tools compatible with Py3 (John Dennis)
- python: run tests and tools with same interpreter as binding target (John Dennis)
- improve resiliency of lasso_inflate (#24853)
- fix segfault in lasso_get_saml_message (#24830)
- python: add classmethod Profile.getIssuer (#24831)
- website: add news about 2.6.0 release
- debian: sync with debian package (#24595)
- faq: fix references to lasso.profileGetIssuer (#24832)
- python: add a classmethod for lasso.profileGetIssuer (#24831)
- tools: fix segfault in lasso_get_saml_message (fixes #24830)
- jenkins.sh: add a make clean to prevent previous build to break new ones
- tools: set output buffer size in lasso_inflate to 20 times the input size (fixes #24853)
- Use python interpreter specified configure script
- Make Python scripts compatible with both Py2 and Py3
- fix duplicate definition of LogoutTestCase and logoutSuite
- Downcase UTF-8 file encoding name
- Make more Python scripts compatible with both Py2 and Py3
- Configure should search for versioned Python interpreter.
- Clean python cache when building python3 binding
- Move AC_SUBST declaration for AM_CFLAGS with alike (#24771)
- Remove -Werror from --enable-debugging (fixes #24771)
- xml: fix parsing of saml:AuthnContext (fixes #25640)
2.6.0 - June 1st 2018
---------------------
32 commits, 73 files changed, 1920 insertions, 696 deletions
- add inline implementation of lasso_log
- Choose the Reference transform based on the chosen Signature transform (fixes #10155)
- add support for C14N 1.1 methods and C14N withComments methods (fixes #4863)
- remove DGME specific commented out code
- add docstring on SHA-2 signature method enum
- tests: silence unused variable warning
- check node names in lasso_node_impl_init_from_xml() (fixes #47)
- fix segfault when parsed node has no namespace (#47)
- do not call xmlSecKeyDuplicate is source key is NULL
- enable user supplied CFLAGS
- Fix ecp test validate_idp_list() (fixes #11421)
- tests: convert log level as string
- fix definitions of error, critical and warning macros (fixes #12830)
- jenkins.sh: add V=1
- add defined for the XML namespace
- ignore unknown attributes from the xsi: namespace
- saml-2.0: improve support for free content inside samlp2:Extensions (fixes #18581)
- debian: initialize stretch packaging with a copy of upstream debian (#21772)
- replace use of <xmlsec/soap.h> which is deprecated (fixes #18771)
- fix get_issuer and get_in_response_to
- route logs from libxml2 and libxmlsec through GLib logging
- tests: prevent crash in glib caused by abort on recursive logging
- java: stop setting a bytecode version target
- add xmlsec_soap.h to Makefile
- python: route logs for libxml2 and libxmlsec2 to their own logger
- perl: force use of the in-tree lasso when running tests (fixes #23276)
- perl: set DESTDIR and PREFIX at Makefile's creation
- Replace xmlSecSoap functions with lasso implementations
- add a pem-public-key runtime flag
- deprecate loading PEM formatted public keys in lasso_xmlsec_load_key_info
- perl/tests: build Makefile.perl before running the tests
To generate a diff of this commit:
cvs rdiff -u -r1.4418 -r1.4419 pkgsrc/doc/CHANGES-2020
cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/lasso/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/security/lasso/Makefile.common
cvs rdiff -u -r1.24 -r1.25 pkgsrc/security/lasso/distinfo
cvs rdiff -u -r1.2 -r0 pkgsrc/security/lasso/patches/patch-18771
cvs rdiff -u -r0 -r1.1 pkgsrc/security/lasso/patches/patch-45581
cvs rdiff -u -r1.4 -r0 pkgsrc/security/lasso/patches/patch-configure
cvs rdiff -u -r1.1 -r0 pkgsrc/security/lasso/patches/patch-lasso_xml_tools.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/CHANGES-2020
diff -u pkgsrc/doc/CHANGES-2020:1.4418 pkgsrc/doc/CHANGES-2020:1.4419
--- pkgsrc/doc/CHANGES-2020:1.4418 Wed Aug 12 12:17:05 2020
+++ pkgsrc/doc/CHANGES-2020 Wed Aug 12 14:15:33 2020
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2020,v 1.4418 2020/08/12 12:17:05 leot Exp $
+$NetBSD: CHANGES-2020,v 1.4419 2020/08/12 14:15:33 manu Exp $
Changes to the packages collection and infrastructure in 2020:
@@ -6925,3 +6925,4 @@ Changes to the packages collection and i
Updated lang/openjdk11 to 1.11.0.8.10 [ryoon 2020-08-12]
Updated net/minitube to 3.5 [ryoon 2020-08-12]
Updated time/todotxt to 2.12.0 [leot 2020-08-12]
+ Updated security/lasso to 2.6.1 [manu 2020-08-12]
Index: pkgsrc/security/lasso/Makefile
diff -u pkgsrc/security/lasso/Makefile:1.42 pkgsrc/security/lasso/Makefile:1.43
--- pkgsrc/security/lasso/Makefile:1.42 Tue Jun 2 08:22:54 2020
+++ pkgsrc/security/lasso/Makefile Wed Aug 12 14:15:33 2020
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.42 2020/06/02 08:22:54 adam Exp $
+# $NetBSD: Makefile,v 1.43 2020/08/12 14:15:33 manu Exp $
CONFIGURE_ARGS+= --disable-python
CONFIGURE_ARGS+= --disable-php5
@@ -9,5 +9,5 @@ PYTHON_FOR_BUILD_ONLY= yes
EXTRACT_USING= bsdtar
-PKGREVISION= 6
+#PKGREVISION= 1
.include "../../security/lasso/Makefile.common"
Index: pkgsrc/security/lasso/Makefile.common
diff -u pkgsrc/security/lasso/Makefile.common:1.15 pkgsrc/security/lasso/Makefile.common:1.16
--- pkgsrc/security/lasso/Makefile.common:1.15 Sun Jan 26 17:32:03 2020
+++ pkgsrc/security/lasso/Makefile.common Wed Aug 12 14:15:33 2020
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.15 2020/01/26 17:32:03 rillig Exp $
+# $NetBSD: Makefile.common,v 1.16 2020/08/12 14:15:33 manu Exp $
#
# used by security/lasso/Makefile
# used by security/py-lasso/Makefile
-DISTNAME= lasso-2.5.1
+DISTNAME= lasso-2.6.1
CATEGORIES= security
MASTER_SITES= https://dev.entrouvert.org/lasso/
Index: pkgsrc/security/lasso/distinfo
diff -u pkgsrc/security/lasso/distinfo:1.24 pkgsrc/security/lasso/distinfo:1.25
--- pkgsrc/security/lasso/distinfo:1.24 Tue Jul 31 12:39:34 2018
+++ pkgsrc/security/lasso/distinfo Wed Aug 12 14:15:33 2020
@@ -1,9 +1,7 @@
-$NetBSD: distinfo,v 1.24 2018/07/31 12:39:34 jperkin Exp $
+$NetBSD: distinfo,v 1.25 2020/08/12 14:15:33 manu Exp $
-SHA1 (lasso-2.5.1.tar.gz) = fe0e68010bab6e11383003b5cf869c0447ed7a6e
-RMD160 (lasso-2.5.1.tar.gz) = 8cc0506fe8cbac770e952fdb0f067c7e58f5bb43
-SHA512 (lasso-2.5.1.tar.gz) = f20bea62c04f3082d5c423f658bafe1bdde0012321c43092ed5d5a2c3ec7b21ec27d88d9fc630743fd7c99e767d9fd92b98de5d4f7d98c3a9e680717483daae1
-Size (lasso-2.5.1.tar.gz) = 4552152 bytes
-SHA1 (patch-18771) = 66897d88283c28557eb4a58507db48a42df93b5d
-SHA1 (patch-configure) = aa34dcb7a86b6ece774fb230ac092bdd7d8e278c
-SHA1 (patch-lasso_xml_tools.c) = 0172915c1654192e3d1eebf89d57d29dd61cef38
+SHA1 (lasso-2.6.1.tar.gz) = 0ab89b159d52cd503182cbbeff0327c80e3ed93d
+RMD160 (lasso-2.6.1.tar.gz) = 775d74fccf62afea9f8d587a1a7801e15ad7d986
+SHA512 (lasso-2.6.1.tar.gz) = 768e577ccf650d61305cbb2d8be0d3e13a5c8b6b05f6b0a8419fcd23030eb7530740e8ca785f0279331d7e31743b2e0ab234de50eb87d41cfda5d692a1583d4b
+Size (lasso-2.6.1.tar.gz) = 4514418 bytes
+SHA1 (patch-45581) = ea1a3c47ed61cce376d3998cdc195dfcfc881061
Added files:
Index: pkgsrc/security/lasso/patches/patch-45581
diff -u /dev/null pkgsrc/security/lasso/patches/patch-45581:1.1
--- /dev/null Wed Aug 12 14:15:34 2020
+++ pkgsrc/security/lasso/patches/patch-45581 Wed Aug 12 14:15:33 2020
@@ -0,0 +1,189 @@
+$NetBSD: patch-45581,v 1.1 2020/08/12 14:15:33 manu Exp $
+
+Fix lasso fail to properly escape single quotes in RelayState
+From upstream https://dev.entrouvert.org/issues/45581
+
+diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
+index 0f4e8926..68693ffe 100644
+--- lasso/id-ff/login.c
++++ lasso/id-ff/login.c
+@@ -988,11 +988,11 @@ lasso_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_method)
+ }
+
+ b64_samlArt = xmlStrdup((xmlChar*)login->assertionArtifact);
+- relayState = xmlURIEscapeStr(
++ relayState = lasso_xmlURIEscapeStr(
+ (xmlChar*)LASSO_LIB_AUTHN_REQUEST(profile->request)->RelayState, NULL);
+
+ if (http_method == LASSO_HTTP_METHOD_REDIRECT) {
+- xmlChar *escaped_artifact = xmlURIEscapeStr(b64_samlArt, NULL);
++ xmlChar *escaped_artifact = lasso_xmlURIEscapeStr(b64_samlArt, NULL);
+ gchar *query = NULL;
+
+ if (relayState == NULL) {
+diff --git a/lasso/xml/private.h b/lasso/xml/private.h
+index 52a21e56..a2b47aa4 100644
+--- lasso/xml/private.h
++++ lasso/xml/private.h
+@@ -287,6 +287,7 @@ gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *e
+
+ char * lasso_get_relaystate_from_query(const char *query);
+ char * lasso_url_add_parameters(char *url, gboolean free, ...);
++xmlChar * lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list);
+ xmlSecKey* lasso_xmlsec_load_private_key_from_buffer(const char *buffer, size_t length, const char *password, LassoSignatureMethod signature_method, const char *certificate);
+ xmlSecKey* lasso_xmlsec_load_private_key(const char *filename_or_buffer, const char *password,
+ LassoSignatureMethod signature_method, const char *certificate);
+diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
+index 53d7d37b..589a795d 100644
+--- lasso/xml/tools.c
++++ lasso/xml/tools.c
+@@ -36,6 +36,7 @@
+ #define _BSD_SOURCE
+ #include "private.h"
+ #include <string.h>
++#include <strings.h>
+ #include <time.h>
+ #include <ctype.h>
+ #include <stdarg.h>
+@@ -540,7 +541,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
+ }
+
+ {
+- const char *t = (char*)xmlURIEscapeStr(algo_href, NULL);
++ const char *t = (char*)lasso_xmlURIEscapeStr(algo_href, NULL);
+ new_query = g_strdup_printf("%s&SigAlg=%s", query, t);
+ xmlFree(BAD_CAST t);
+ }
+@@ -662,7 +663,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
+ /* Base64 encode the signature value */
+ b64_sigret = xmlSecBase64Encode(sigret, sigret_size, 0);
+ /* escape b64_sigret */
+- e_b64_sigret = xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
++ e_b64_sigret = lasso_xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
+
+ /* add signature */
+ switch (sign_method) {
+@@ -1307,7 +1308,7 @@ lasso_xmlnode_build_deflated_query(xmlNode *xmlnode)
+ b64_ret = xmlSecBase64Encode(ret, stream.total_out, 0);
+ lasso_release(ret);
+
+- ret = xmlURIEscapeStr(b64_ret, NULL);
++ ret = lasso_xmlURIEscapeStr(b64_ret, NULL);
+ rret = g_strdup((char*)ret);
+ xmlFree(b64_ret);
+ xmlFree(ret);
+@@ -2329,7 +2330,7 @@ lasso_url_add_parameters(char *url,
+ if (! key) {
+ break;
+ }
+- encoded_key = xmlURIEscapeStr((xmlChar*)key, NULL);
++ encoded_key = lasso_xmlURIEscapeStr((xmlChar*)key, NULL);
+ goto_cleanup_if_fail(encoded_key);
+
+ value = va_arg(ap, char*);
+@@ -2337,7 +2338,7 @@ lasso_url_add_parameters(char *url,
+ message(G_LOG_LEVEL_CRITICAL, "lasso_url_add_parameter: key without a value !!");
+ break;
+ }
+- encoded_value = xmlURIEscapeStr((xmlChar*)value, NULL);
++ encoded_value = lasso_xmlURIEscapeStr((xmlChar*)value, NULL);
+ goto_cleanup_if_fail(encoded_value);
+
+ if (old_url) {
+@@ -2480,6 +2481,56 @@ lasso_base64_decode(const char *from, char **buffer, int *buffer_len)
+ return TRUE;
+ }
+
++/**
++ * lasso_xmlURIEscapeStr:
++ * @from: the source URI string
++ * @list: optional list of characters not to escape
++ *
++ * Drop-in replacement for libxml2 xmlURIEscapeStr(), but encoding
++ * everything but [A-Za-z0-9._~-] which are the unreserved chartacters
++ * for RFC3986 section 2.3
++ *
++ * Return value: a buffer containing the URL-encoded string or NULL on error
++ */
++xmlChar *
++lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list)
++{
++ size_t len = 0;
++ const xmlChar *fp;
++ xmlChar *result;
++ int ri;
++
++ if (list == NULL)
++ list = "";
++
++ for (fp = from; *fp; fp++) {
++ if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp))
++ len++;
++ else
++ len += 3;
++ }
++
++ result = g_malloc0(len + 1);
++ ri = 0;
++
++ for (fp = from; *fp; fp++) {
++ if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp)) {
++ result[ri++] = *fp;
++ } else {
++ int msb = (*fp & 0xf0) >> 4;
++ int lsb = *fp & 0x0f;
++
++ result[ri++] = '%';
++ result[ri++] = (msb > 9) ? 'A' + msb - 10 : '0' + msb;
++ result[ri++] = (lsb > 9) ? 'A' + lsb - 10 : '0' + lsb;
++ }
++ }
++
++ result[ri++] = '\0';
++
++ return result;
++}
++
+ /**
+ * lasso_xmlsec_load_private_key_from_buffer:
+ * @buffer: a buffer containing a key in any format
+diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
+index 565172e1..938844ba 100644
+--- lasso/xml/xml.c
++++ lasso/xml/xml.c
+@@ -3120,7 +3120,7 @@ get_value_by_path(LassoNode *node, char *path, struct XmlSnippet *xml_snippet)
+ s = xmlGetProp(t, a->name);
+ g_string_append(result, a->name);
+ g_string_append(result, "=");
+- s2 = xmlURIEscapeStr(s, NULL);
++ s2 = lasso_xmlURIEscapeStr(s, NULL);
+ g_string_append(result, s2);
+ xmlFree(s2);
+ xmlFree(s);
+@@ -3140,7 +3140,7 @@ get_value_by_path(LassoNode *node, char *path, struct XmlSnippet *xml_snippet)
+ g_string_append(result, (char*)c->name);
+ g_string_append(result, "=");
+ s = xmlNodeGetContent(c);
+- s2 = xmlURIEscapeStr(s, NULL);
++ s2 = lasso_xmlURIEscapeStr(s, NULL);
+ g_string_append(result, (char*)s2);
+ xmlFree(s2);
+ xmlFree(s);
+@@ -3263,7 +3263,7 @@ lasso_node_build_query_from_snippets(LassoNode *node)
+ g_string_append(s, "&");
+ g_string_append(s, field_name);
+ g_string_append(s, "=");
+- t = xmlURIEscapeStr((xmlChar*)v, NULL);
++ t = lasso_xmlURIEscapeStr((xmlChar*)v, NULL);
+ g_string_append(s, (char*)t);
+ xmlFree(t);
+ }
+@@ -3634,7 +3634,7 @@ lasso_node_export_to_saml2_query(LassoNode *node, const char *param_name, const
+ value = lasso_node_build_deflated_query(node);
+ if (! value)
+ goto cleanup;
+- encoded_param = xmlURIEscapeStr(BAD_CAST param_name, NULL);
++ encoded_param = lasso_xmlURIEscapeStr(BAD_CAST param_name, NULL);
+ if (! encoded_param)
+ goto cleanup;
+ query = g_strdup_printf("%s=%s", encoded_param, value);
Home |
Main Index |
Thread Index |
Old Index