head 1.3; access; symbols pkgsrc-2020Q2:1.2.0.18 pkgsrc-2020Q2-base:1.2 pkgsrc-2020Q1:1.2.0.14 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.2.0.16 pkgsrc-2019Q4-base:1.2 pkgsrc-2019Q3:1.2.0.12 pkgsrc-2019Q3-base:1.2 pkgsrc-2019Q2:1.2.0.10 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.8 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.2.0.6 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.2.0.4 pkgsrc-2018Q3-base:1.2 pkgsrc-2018Q2:1.2.0.2 pkgsrc-2018Q2-base:1.2; locks; strict; comment @# @; 1.3 date 2020.08.12.14.15.33; author manu; state dead; branches; next 1.2; commitid HHOkgPjQHDIJvMjC; 1.2 date 2018.05.31.07.33.28; author wiz; state Exp; branches; next 1.1; commitid 2TZXzJ2Pt0n29qEA; 1.1 date 2018.05.24.09.27.46; author manu; state Exp; branches; next ; commitid 1NLCyqC4sYJPZwDA; desc @@ 1.3 log @Updated security/lasso to 2.6.1 Changes since previous pkgsrc version 2.5.1, from the NEWS file Also add a fix for proper escape single quotes in RelayState From upstream https://dev.entrouvert.org/issues/45581 2.6.1 - Aptil 22th 2019 ---------------------- 42 commits, 425 files changed, 3894 insertions, 795 deletions - Keep order of SessionIndexes - Clear SessionIndex when private SessionIndexes is empty (#41950) - misc: clear warnings about class_init signature using coccinelle - tests: fix compilation with check>0.12 (#39101) - Sort input file lists to make build deterministic (#40454) - debian: disable php7 (#28608) - Modify .gitignore for PHP 7 binding (#28608) - Add PHP 7 binding (#28608) - Fix tests broken by new DEBUG logs (#12829) - Improve error logging during node parsing (#12829) - Improve configure compatibility (#32425) - Improve compatibility with Solaris (#32425) - Fix reference count in lasso_server_add_provider2 (fixes #35061) - Fix python multi-version builds on jessie and stretch - docs: do not use Internet to fetch DTDs, entities or documents (#35590) - fix missing include for index() (fixes #33791) - PAOS: Do not populate "Destination" attribute (Dmitrii Shcherbakov) - export symbol lasso_log (#33784) - Do not ignore WantAuthnRequestSigned value with hint MAYBE (#33354) - Use io.open(encoding=utf8) in extract_symbols/sections.py (#33360) - xml: adapt schema in saml2:AuthnContext (#29340) - Fix ECP signature not found error when only assertion is signed (#26828) - autoconf: search python interpreters by versions (John Dennis) - python: make tools compatible with Py3 (John Dennis) - python: run tests and tools with same interpreter as binding target (John Dennis) - improve resiliency of lasso_inflate (#24853) - fix segfault in lasso_get_saml_message (#24830) - python: add classmethod Profile.getIssuer (#24831) - website: add news about 2.6.0 release - debian: sync with debian package (#24595) - faq: fix references to lasso.profileGetIssuer (#24832) - python: add a classmethod for lasso.profileGetIssuer (#24831) - tools: fix segfault in lasso_get_saml_message (fixes #24830) - jenkins.sh: add a make clean to prevent previous build to break new ones - tools: set output buffer size in lasso_inflate to 20 times the input size (fixes #24853) - Use python interpreter specified configure script - Make Python scripts compatible with both Py2 and Py3 - fix duplicate definition of LogoutTestCase and logoutSuite - Downcase UTF-8 file encoding name - Make more Python scripts compatible with both Py2 and Py3 - Configure should search for versioned Python interpreter. - Clean python cache when building python3 binding - Move AC_SUBST declaration for AM_CFLAGS with alike (#24771) - Remove -Werror from --enable-debugging (fixes #24771) - xml: fix parsing of saml:AuthnContext (fixes #25640) 2.6.0 - June 1st 2018 --------------------- 32 commits, 73 files changed, 1920 insertions, 696 deletions - add inline implementation of lasso_log - Choose the Reference transform based on the chosen Signature transform (fixes #10155) - add support for C14N 1.1 methods and C14N withComments methods (fixes #4863) - remove DGME specific commented out code - add docstring on SHA-2 signature method enum - tests: silence unused variable warning - check node names in lasso_node_impl_init_from_xml() (fixes #47) - fix segfault when parsed node has no namespace (#47) - do not call xmlSecKeyDuplicate is source key is NULL - enable user supplied CFLAGS - Fix ecp test validate_idp_list() (fixes #11421) - tests: convert log level as string - fix definitions of error, critical and warning macros (fixes #12830) - jenkins.sh: add V=1 - add defined for the XML namespace - ignore unknown attributes from the xsi: namespace - saml-2.0: improve support for free content inside samlp2:Extensions (fixes #18581) - debian: initialize stretch packaging with a copy of upstream debian (#21772) - replace use of which is deprecated (fixes #18771) - fix get_issuer and get_in_response_to - route logs from libxml2 and libxmlsec through GLib logging - tests: prevent crash in glib caused by abort on recursive logging - java: stop setting a bytecode version target - add xmlsec_soap.h to Makefile - python: route logs for libxml2 and libxmlsec2 to their own logger - perl: force use of the in-tree lasso when running tests (fixes #23276) - perl: set DESTDIR and PREFIX at Makefile's creation - Replace xmlSecSoap functions with lasso implementations - add a pem-public-key runtime flag - deprecate loading PEM formatted public keys in lasso_xmlsec_load_key_info - perl/tests: build Makefile.perl before running the tests @ text @$NetBSD: patch-18771,v 1.2 2018/05/31 07:33:28 wiz Exp $ From upstream: https://dev.entrouvert.org/issues/18771 commit 1d56cd1e31ce993ad17f4b4bbc31c12ffff1311f Author: Benjamin Dauvergne Date: Fri Oct 6 10:28:22 2017 +0200 replace use of which is deprecated (fixes #18771) diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c index 8cfe5a2..0aca204 100644 --- ./lasso/id-wsf/wsf_profile.c +++ ./lasso/id-wsf/wsf_profile.c @@@@ -29,7 +29,6 @@@@ #include #include #include -#include #include "../utils.h" @@@@ -60,6 +59,7 @@@@ #include "../id-ff/providerprivate.h" #include "../id-ff/sessionprivate.h" #include "../xml/misc_text_node.h" +#include <../xml/xmlsec_soap.h> /** * SECTION:wsf_profile diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index ade6d66..81e75b5 100644 --- ./lasso/xml/tools.c +++ ./lasso/xml/tools.c @@@@ -57,7 +57,6 @@@@ #include #include #include -#include #include @@@@ -71,6 +70,7 @@@@ #include #include #include "../lasso_config.h" +#include /** * SECTION:tools diff --git a/lasso/xml/xmlsec_soap.h b/lasso/xml/xmlsec_soap.h new file mode 100644 index 0000000..11fc3db --- /dev/null +++ ./lasso/xml/xmlsec_soap.h @@@@ -0,0 +1,111 @@@@ + /* + * Lasso - A free implementation of the Liberty Alliance specifications. + * + * Copyright (C) 2004-2007 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: See AUTHORS file in top-level directory. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef __LASSO_XMLSEC_SOAP_H__ +#define __LASSO_XMLSEC_SOAP_H__ + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#include + +#include +#include +#include + + +/** Replacement for xmlsec/soap.h */ + +#define xmlSecSoap11Ns ((xmlChar*)"http://schemas.xmlsoap.org/soap/envelope/") +#define xmlSecSoap12Ns ((xmlChar*)"http://www.w3.org/2003/05/soap-envelope") + +static inline xmlNodePtr +xmlSecSoap11GetHeader(xmlNodePtr envNode) { + xmlNodePtr cur; + + xmlSecAssert2(envNode != NULL, NULL); + + /* optional Header node is first */ + cur = xmlSecGetNextElementNode(envNode->children); + if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) { + return(cur); + } + + return(NULL); +} + +static inline xmlNodePtr +xmlSecSoap11GetBody(xmlNodePtr envNode) { + xmlNodePtr cur; + + xmlSecAssert2(envNode != NULL, NULL); + + /* optional Header node first */ + cur = xmlSecGetNextElementNode(envNode->children); + if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) { + cur = xmlSecGetNextElementNode(cur->next); + } + + /* Body node is next */ + if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + xmlSecErrorsSafeString(xmlSecNodeBody), + XMLSEC_ERRORS_R_NODE_NOT_FOUND, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + + return(cur); +} + +static inline xmlNodePtr +xmlSecSoap12GetBody(xmlNodePtr envNode) { + xmlNodePtr cur; + + xmlSecAssert2(envNode != NULL, NULL); + + /* optional Header node first */ + cur = xmlSecGetNextElementNode(envNode->children); + if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) { + cur = xmlSecGetNextElementNode(cur->next); + } + + /* Body node is next */ + if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + xmlSecErrorsSafeString(xmlSecNodeBody), + XMLSEC_ERRORS_R_NODE_NOT_FOUND, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + + return(cur); +} + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __LASSO_XMLSEC_SOAP_H__ */ @ 1.2 log @lasso: remove $Id$ from patch to make it applyable @ text @d1 1 a1 1 $NetBSD: patch-18771,v 1.1 2018/05/24 09:27:46 manu Exp $ @ 1.1 log @Build fix from upstream: https://dev.entrouvert.org/issues/18771 replace use of which is deprecated @ text @d1 1 a1 1 $NetBSD$ d56 2 a57 3 @@@@ -0,0 +1,112 @@@@ +/* $Id$ + * @