Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc Updated security/lasso to 2.6.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/ea70400ba1cc
branches: trunk
changeset: 436933:ea70400ba1cc
user: manu <manu%pkgsrc.org@localhost>
date: Wed Aug 12 14:15:33 2020 +0000
description:
Updated security/lasso to 2.6.1
Changes since previous pkgsrc version 2.5.1, from the NEWS file
Also add a fix for proper escape single quotes in RelayState
>From upstream https://dev.entrouvert.org/issues/45581
2.6.1 - Aptil 22th 2019
----------------------
42 commits, 425 files changed, 3894 insertions, 795 deletions
- Keep order of SessionIndexes
- Clear SessionIndex when private SessionIndexes is empty (#41950)
- misc: clear warnings about class_init signature using coccinelle
- tests: fix compilation with check>0.12 (#39101)
- Sort input file lists to make build deterministic (#40454)
- debian: disable php7 (#28608)
- Modify .gitignore for PHP 7 binding (#28608)
- Add PHP 7 binding (#28608)
- Fix tests broken by new DEBUG logs (#12829)
- Improve error logging during node parsing (#12829)
- Improve configure compatibility (#32425)
- Improve compatibility with Solaris (#32425)
- Fix reference count in lasso_server_add_provider2 (fixes #35061)
- Fix python multi-version builds on jessie and stretch
- docs: do not use Internet to fetch DTDs, entities or documents (#35590)
- fix missing include <strings.h> for index() (fixes #33791)
- PAOS: Do not populate "Destination" attribute (Dmitrii Shcherbakov)
- export symbol lasso_log (#33784)
- Do not ignore WantAuthnRequestSigned value with hint MAYBE (#33354)
- Use io.open(encoding=utf8) in extract_symbols/sections.py (#33360)
- xml: adapt schema in saml2:AuthnContext (#29340)
- Fix ECP signature not found error when only assertion is signed (#26828)
- autoconf: search python interpreters by versions (John Dennis)
- python: make tools compatible with Py3 (John Dennis)
- python: run tests and tools with same interpreter as binding target (John Dennis)
- improve resiliency of lasso_inflate (#24853)
- fix segfault in lasso_get_saml_message (#24830)
- python: add classmethod Profile.getIssuer (#24831)
- website: add news about 2.6.0 release
- debian: sync with debian package (#24595)
- faq: fix references to lasso.profileGetIssuer (#24832)
- python: add a classmethod for lasso.profileGetIssuer (#24831)
- tools: fix segfault in lasso_get_saml_message (fixes #24830)
- jenkins.sh: add a make clean to prevent previous build to break new ones
- tools: set output buffer size in lasso_inflate to 20 times the input size (fixes #24853)
- Use python interpreter specified configure script
- Make Python scripts compatible with both Py2 and Py3
- fix duplicate definition of LogoutTestCase and logoutSuite
- Downcase UTF-8 file encoding name
- Make more Python scripts compatible with both Py2 and Py3
- Configure should search for versioned Python interpreter.
- Clean python cache when building python3 binding
- Move AC_SUBST declaration for AM_CFLAGS with alike (#24771)
- Remove -Werror from --enable-debugging (fixes #24771)
- xml: fix parsing of saml:AuthnContext (fixes #25640)
2.6.0 - June 1st 2018
---------------------
32 commits, 73 files changed, 1920 insertions, 696 deletions
- add inline implementation of lasso_log
- Choose the Reference transform based on the chosen Signature transform (fixes #10155)
- add support for C14N 1.1 methods and C14N withComments methods (fixes #4863)
- remove DGME specific commented out code
- add docstring on SHA-2 signature method enum
- tests: silence unused variable warning
- check node names in lasso_node_impl_init_from_xml() (fixes #47)
- fix segfault when parsed node has no namespace (#47)
- do not call xmlSecKeyDuplicate is source key is NULL
- enable user supplied CFLAGS
- Fix ecp test validate_idp_list() (fixes #11421)
- tests: convert log level as string
- fix definitions of error, critical and warning macros (fixes #12830)
- jenkins.sh: add V=1
- add defined for the XML namespace
- ignore unknown attributes from the xsi: namespace
- saml-2.0: improve support for free content inside samlp2:Extensions (fixes #18581)
- debian: initialize stretch packaging with a copy of upstream debian (#21772)
- replace use of <xmlsec/soap.h> which is deprecated (fixes #18771)
- fix get_issuer and get_in_response_to
- route logs from libxml2 and libxmlsec through GLib logging
- tests: prevent crash in glib caused by abort on recursive logging
- java: stop setting a bytecode version target
- add xmlsec_soap.h to Makefile
- python: route logs for libxml2 and libxmlsec2 to their own logger
- perl: force use of the in-tree lasso when running tests (fixes #23276)
- perl: set DESTDIR and PREFIX at Makefile's creation
- Replace xmlSecSoap functions with lasso implementations
- add a pem-public-key runtime flag
- deprecate loading PEM formatted public keys in lasso_xmlsec_load_key_info
- perl/tests: build Makefile.perl before running the tests
diffstat:
doc/CHANGES-2020 | 3 +-
security/lasso/Makefile | 4 +-
security/lasso/Makefile.common | 4 +-
security/lasso/distinfo | 14 +-
security/lasso/patches/patch-18771 | 167 ----------------------
security/lasso/patches/patch-45581 | 189 +++++++++++++++++++++++++
security/lasso/patches/patch-configure | 25 ---
security/lasso/patches/patch-lasso_xml_tools.c | 16 --
8 files changed, 201 insertions(+), 221 deletions(-)
diffs (truncated from 477 to 300 lines):
diff -r 95da1fb45370 -r ea70400ba1cc doc/CHANGES-2020
--- a/doc/CHANGES-2020 Wed Aug 12 14:14:48 2020 +0000
+++ b/doc/CHANGES-2020 Wed Aug 12 14:15:33 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2020,v 1.4418 2020/08/12 12:17:05 leot Exp $
+$NetBSD: CHANGES-2020,v 1.4419 2020/08/12 14:15:33 manu Exp $
Changes to the packages collection and infrastructure in 2020:
@@ -6925,3 +6925,4 @@
Updated lang/openjdk11 to 1.11.0.8.10 [ryoon 2020-08-12]
Updated net/minitube to 3.5 [ryoon 2020-08-12]
Updated time/todotxt to 2.12.0 [leot 2020-08-12]
+ Updated security/lasso to 2.6.1 [manu 2020-08-12]
diff -r 95da1fb45370 -r ea70400ba1cc security/lasso/Makefile
--- a/security/lasso/Makefile Wed Aug 12 14:14:48 2020 +0000
+++ b/security/lasso/Makefile Wed Aug 12 14:15:33 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.42 2020/06/02 08:22:54 adam Exp $
+# $NetBSD: Makefile,v 1.43 2020/08/12 14:15:33 manu Exp $
CONFIGURE_ARGS+= --disable-python
CONFIGURE_ARGS+= --disable-php5
@@ -9,5 +9,5 @@
EXTRACT_USING= bsdtar
-PKGREVISION= 6
+#PKGREVISION= 1
.include "../../security/lasso/Makefile.common"
diff -r 95da1fb45370 -r ea70400ba1cc security/lasso/Makefile.common
--- a/security/lasso/Makefile.common Wed Aug 12 14:14:48 2020 +0000
+++ b/security/lasso/Makefile.common Wed Aug 12 14:15:33 2020 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.15 2020/01/26 17:32:03 rillig Exp $
+# $NetBSD: Makefile.common,v 1.16 2020/08/12 14:15:33 manu Exp $
#
# used by security/lasso/Makefile
# used by security/py-lasso/Makefile
-DISTNAME= lasso-2.5.1
+DISTNAME= lasso-2.6.1
CATEGORIES= security
MASTER_SITES= https://dev.entrouvert.org/lasso/
diff -r 95da1fb45370 -r ea70400ba1cc security/lasso/distinfo
--- a/security/lasso/distinfo Wed Aug 12 14:14:48 2020 +0000
+++ b/security/lasso/distinfo Wed Aug 12 14:15:33 2020 +0000
@@ -1,9 +1,7 @@
-$NetBSD: distinfo,v 1.24 2018/07/31 12:39:34 jperkin Exp $
+$NetBSD: distinfo,v 1.25 2020/08/12 14:15:33 manu Exp $
-SHA1 (lasso-2.5.1.tar.gz) = fe0e68010bab6e11383003b5cf869c0447ed7a6e
-RMD160 (lasso-2.5.1.tar.gz) = 8cc0506fe8cbac770e952fdb0f067c7e58f5bb43
-SHA512 (lasso-2.5.1.tar.gz) = f20bea62c04f3082d5c423f658bafe1bdde0012321c43092ed5d5a2c3ec7b21ec27d88d9fc630743fd7c99e767d9fd92b98de5d4f7d98c3a9e680717483daae1
-Size (lasso-2.5.1.tar.gz) = 4552152 bytes
-SHA1 (patch-18771) = 66897d88283c28557eb4a58507db48a42df93b5d
-SHA1 (patch-configure) = aa34dcb7a86b6ece774fb230ac092bdd7d8e278c
-SHA1 (patch-lasso_xml_tools.c) = 0172915c1654192e3d1eebf89d57d29dd61cef38
+SHA1 (lasso-2.6.1.tar.gz) = 0ab89b159d52cd503182cbbeff0327c80e3ed93d
+RMD160 (lasso-2.6.1.tar.gz) = 775d74fccf62afea9f8d587a1a7801e15ad7d986
+SHA512 (lasso-2.6.1.tar.gz) = 768e577ccf650d61305cbb2d8be0d3e13a5c8b6b05f6b0a8419fcd23030eb7530740e8ca785f0279331d7e31743b2e0ab234de50eb87d41cfda5d692a1583d4b
+Size (lasso-2.6.1.tar.gz) = 4514418 bytes
+SHA1 (patch-45581) = ea1a3c47ed61cce376d3998cdc195dfcfc881061
diff -r 95da1fb45370 -r ea70400ba1cc security/lasso/patches/patch-18771
--- a/security/lasso/patches/patch-18771 Wed Aug 12 14:14:48 2020 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,167 +0,0 @@
-$NetBSD: patch-18771,v 1.2 2018/05/31 07:33:28 wiz Exp $
-
-From upstream: https://dev.entrouvert.org/issues/18771
-
-commit 1d56cd1e31ce993ad17f4b4bbc31c12ffff1311f
-Author: Benjamin Dauvergne <bdauvergne%entrouvert.com@localhost>
-Date: Fri Oct 6 10:28:22 2017 +0200
-
- replace use of <xmlsec/soap.h> which is deprecated (fixes #18771)
-
-diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
-index 8cfe5a2..0aca204 100644
---- ./lasso/id-wsf/wsf_profile.c
-+++ ./lasso/id-wsf/wsf_profile.c
-@@ -29,7 +29,6 @@
- #include <xmlsec/xmldsig.h>
- #include <xmlsec/templates.h>
- #include <xmlsec/crypto.h>
--#include <xmlsec/soap.h>
-
- #include "../utils.h"
-
-@@ -60,6 +59,7 @@
- #include "../id-ff/providerprivate.h"
- #include "../id-ff/sessionprivate.h"
- #include "../xml/misc_text_node.h"
-+#include <../xml/xmlsec_soap.h>
-
- /**
- * SECTION:wsf_profile
-diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
-index ade6d66..81e75b5 100644
---- ./lasso/xml/tools.c
-+++ ./lasso/xml/tools.c
-@@ -57,7 +57,6 @@
- #include <xmlsec/errors.h>
- #include <xmlsec/openssl/x509.h>
- #include <xmlsec/openssl/crypto.h>
--#include <xmlsec/soap.h>
-
- #include <zlib.h>
-
-@@ -71,6 +70,7 @@
- #include <stdarg.h>
- #include <ctype.h>
- #include "../lasso_config.h"
-+#include <lasso/xml/xmlsec_soap.h>
-
- /**
- * SECTION:tools
-diff --git a/lasso/xml/xmlsec_soap.h b/lasso/xml/xmlsec_soap.h
-new file mode 100644
-index 0000000..11fc3db
---- /dev/null
-+++ ./lasso/xml/xmlsec_soap.h
-@@ -0,0 +1,111 @@
-+ /*
-+ * Lasso - A free implementation of the Liberty Alliance specifications.
-+ *
-+ * Copyright (C) 2004-2007 Entr'ouvert
-+ * http://lasso.entrouvert.org
-+ *
-+ * Authors: See AUTHORS file in top-level directory.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#ifndef __LASSO_XMLSEC_SOAP_H__
-+#define __LASSO_XMLSEC_SOAP_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+#include <libxml/tree.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/errors.h>
-+
-+
-+/** Replacement for xmlsec/soap.h */
-+
-+#define xmlSecSoap11Ns ((xmlChar*)"http://schemas.xmlsoap.org/soap/envelope/";)
-+#define xmlSecSoap12Ns ((xmlChar*)"http://www.w3.org/2003/05/soap-envelope";)
-+
-+static inline xmlNodePtr
-+xmlSecSoap11GetHeader(xmlNodePtr envNode) {
-+ xmlNodePtr cur;
-+
-+ xmlSecAssert2(envNode != NULL, NULL);
-+
-+ /* optional Header node is first */
-+ cur = xmlSecGetNextElementNode(envNode->children);
-+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
-+ return(cur);
-+ }
-+
-+ return(NULL);
-+}
-+
-+static inline xmlNodePtr
-+xmlSecSoap11GetBody(xmlNodePtr envNode) {
-+ xmlNodePtr cur;
-+
-+ xmlSecAssert2(envNode != NULL, NULL);
-+
-+ /* optional Header node first */
-+ cur = xmlSecGetNextElementNode(envNode->children);
-+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
-+ cur = xmlSecGetNextElementNode(cur->next);
-+ }
-+
-+ /* Body node is next */
-+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ xmlSecErrorsSafeString(xmlSecNodeBody),
-+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(NULL);
-+ }
-+
-+ return(cur);
-+}
-+
-+static inline xmlNodePtr
-+xmlSecSoap12GetBody(xmlNodePtr envNode) {
-+ xmlNodePtr cur;
-+
-+ xmlSecAssert2(envNode != NULL, NULL);
-+
-+ /* optional Header node first */
-+ cur = xmlSecGetNextElementNode(envNode->children);
-+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) {
-+ cur = xmlSecGetNextElementNode(cur->next);
-+ }
-+
-+ /* Body node is next */
-+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ NULL,
-+ xmlSecErrorsSafeString(xmlSecNodeBody),
-+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(NULL);
-+ }
-+
-+ return(cur);
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __LASSO_XMLSEC_SOAP_H__ */
diff -r 95da1fb45370 -r ea70400ba1cc security/lasso/patches/patch-45581
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/lasso/patches/patch-45581 Wed Aug 12 14:15:33 2020 +0000
@@ -0,0 +1,189 @@
+$NetBSD: patch-45581,v 1.1 2020/08/12 14:15:33 manu Exp $
+
+Fix lasso fail to properly escape single quotes in RelayState
+From upstream https://dev.entrouvert.org/issues/45581
+
+diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
+index 0f4e8926..68693ffe 100644
+--- lasso/id-ff/login.c
++++ lasso/id-ff/login.c
+@@ -988,11 +988,11 @@ lasso_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_method)
+ }
+
+ b64_samlArt = xmlStrdup((xmlChar*)login->assertionArtifact);
+- relayState = xmlURIEscapeStr(
++ relayState = lasso_xmlURIEscapeStr(
+ (xmlChar*)LASSO_LIB_AUTHN_REQUEST(profile->request)->RelayState, NULL);
+
+ if (http_method == LASSO_HTTP_METHOD_REDIRECT) {
+- xmlChar *escaped_artifact = xmlURIEscapeStr(b64_samlArt, NULL);
++ xmlChar *escaped_artifact = lasso_xmlURIEscapeStr(b64_samlArt, NULL);
+ gchar *query = NULL;
+
+ if (relayState == NULL) {
+diff --git a/lasso/xml/private.h b/lasso/xml/private.h
+index 52a21e56..a2b47aa4 100644
+--- lasso/xml/private.h
++++ lasso/xml/private.h
+@@ -287,6 +287,7 @@ gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *e
+
+ char * lasso_get_relaystate_from_query(const char *query);
+ char * lasso_url_add_parameters(char *url, gboolean free, ...);
++xmlChar * lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list);
+ xmlSecKey* lasso_xmlsec_load_private_key_from_buffer(const char *buffer, size_t length, const char *password, LassoSignatureMethod signature_method, const char *certificate);
+ xmlSecKey* lasso_xmlsec_load_private_key(const char *filename_or_buffer, const char *password,
+ LassoSignatureMethod signature_method, const char *certificate);
+diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
+index 53d7d37b..589a795d 100644
+--- lasso/xml/tools.c
++++ lasso/xml/tools.c
+@@ -36,6 +36,7 @@
+ #define _BSD_SOURCE
+ #include "private.h"
+ #include <string.h>
++#include <strings.h>
+ #include <time.h>
+ #include <ctype.h>
+ #include <stdarg.h>
+@@ -540,7 +541,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
+ }
+
+ {
+- const char *t = (char*)xmlURIEscapeStr(algo_href, NULL);
++ const char *t = (char*)lasso_xmlURIEscapeStr(algo_href, NULL);
+ new_query = g_strdup_printf("%s&SigAlg=%s", query, t);
+ xmlFree(BAD_CAST t);
+ }
+@@ -662,7 +663,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
+ /* Base64 encode the signature value */
+ b64_sigret = xmlSecBase64Encode(sigret, sigret_size, 0);
+ /* escape b64_sigret */
+- e_b64_sigret = xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
Home |
Main Index |
Thread Index |
Old Index