Date: Fri, 23 Apr 2021 19:04:48 GMT From: Palle Girgensohn <girgen@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: ff87b2584732 - main - security/shibboleth-sp: Reintroduce direct dependencies to silent Q/A. Message-ID: <202104231904.13NJ4mUM042473@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by girgen: URL: https://cgit.FreeBSD.org/ports/commit/?id=ff87b258473211ee848d3aba7bea1246fcf44f3c commit ff87b258473211ee848d3aba7bea1246fcf44f3c Author: Palle Girgensohn <girgen@FreeBSD.org> AuthorDate: 2021-04-23 16:42:28 +0000 Commit: Palle Girgensohn <girgen@FreeBSD.org> CommitDate: 2021-04-23 19:04:42 +0000 security/shibboleth-sp: Reintroduce direct dependencies to silent Q/A. The dependencies where previously added indirectly through the dependency chain via opensaml, bust the Q/A disapproved of that. Add patch to check for missing DataSealer during cookie recovery. --- security/shibboleth-sp/Makefile | 14 +++++++--- ...atch-shibsp_impl_StorageServiceSessionCache.cpp | 31 ++++++++++++++++++++++ 2 files changed, 42 insertions(+), 3 deletions(-) diff --git a/security/shibboleth-sp/Makefile b/security/shibboleth-sp/Makefile index 35d763f065d2..1fe26dee2eaa 100644 --- a/security/shibboleth-sp/Makefile +++ b/security/shibboleth-sp/Makefile @@ -2,6 +2,7 @@ PORTNAME= shibboleth-sp PORTVERSION= 3.2.1 +PORTREVISION= 1 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ @@ -11,9 +12,16 @@ COMMENT= C++ Shibboleth Service Provider (Internet2) for Apache LICENSE= APACHE20 BUILD_DEPENDS= boost-libs>=0:devel/boost-libs -LIB_DEPENDS= libsaml.so:security/opensaml - -USES= gmake tar:bzip2 cpe pkgconfig libtool +LIB_DEPENDS= libsaml.so:security/opensaml \ + liblog4shib.so:devel/log4shib \ + libxerces-c-3.2.so:textproc/xerces-c3 \ + libxml-security-c.so:security/apache-xml-security-c \ + libxmltooling.so:devel/xmltooling \ + libapr-1.so:devel/apr1 \ + libgdbm.so:databases/gdbm \ + libexpat.so:textproc/expat2 + +USES= gmake tar:bzip2 cpe pkgconfig libtool bdb GNU_CONFIGURE= yes MAKE_ENV= NOKEYGEN=YES USE_LDCONFIG= yes diff --git a/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp b/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp new file mode 100644 index 000000000000..7cb55f5f16d5 --- /dev/null +++ b/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp @@ -0,0 +1,31 @@ +From 5a47c3b9378f4c49392dd4d15189b70956f9f2ec Mon Sep 17 00:00:00 2001 +From: Scott Cantor <cantor.2@osu.edu> +Date: Thu, 22 Apr 2021 15:58:43 -0400 +Subject: [PATCH] SSPCPP-927 - Check for missing DataSealer during cookie recovery + +https://issues.shibboleth.net/jira/browse/SSPCPP-927 + +--- shibsp/impl/StorageServiceSessionCache.cpp.orig 2020-12-07 20:51:12.000000000 +0000 ++++ shibsp/impl/StorageServiceSessionCache.cpp 2021-04-23 16:17:00.398821000 +0000 +@@ -1148,6 +1148,12 @@ + else { + // We're out of process, so we can recover the session. + #ifndef SHIBSP_LITE ++ const DataSealer* sealer = XMLToolingConfig::getConfig().getDataSealer(); ++ if (!sealer) { ++ m_log.warn("can't attempt recovery of session (%s), no DataSealer configured", key); ++ return false; ++ } ++ + m_log.debug("checking for revocation of session (%s)", key); + try { + if (m_storage_lite->readString("Revoked", key) > 0) { +@@ -1174,7 +1180,7 @@ + try { + dup = strdup(data); + XMLToolingConfig::getConfig().getURLEncoder()->decode(dup); +- unwrapped = XMLToolingConfig::getConfig().getDataSealer()->unwrap(dup); ++ unwrapped = sealer->unwrap(dup); + free(dup); + + stringstream str(unwrapped);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104231904.13NJ4mUM042473>