Date: Mon, 26 Apr 2021 08:51:25 GMT From: Palle Girgensohn <girgen@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 19889886e54f - main - security/shibboleth-sp: Update to 3.2.2 Message-ID: <202104260851.13Q8pPfd060699@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by girgen: URL: https://cgit.FreeBSD.org/ports/commit/?id=19889886e54f734191490f09765d631b9b67f0a7 commit 19889886e54f734191490f09765d631b9b67f0a7 Author: Palle Girgensohn <girgen@FreeBSD.org> AuthorDate: 2021-04-26 08:46:07 +0000 Commit: Palle Girgensohn <girgen@FreeBSD.org> CommitDate: 2021-04-26 08:51:17 +0000 security/shibboleth-sp: Update to 3.2.2 This is a security fix for an issue that has not yet been disclosed. The vuxml entry will be updated once the CVE is available. The patch to mitigate the vulnerability was introduced already on 2021-04-23 in the FreeBSD port as 3.2.1_1. Security: e4403051-a667-11eb-b9c9-6cc21735f730 --- security/shibboleth-sp/Makefile | 3 +-- security/shibboleth-sp/distinfo | 6 ++--- ...atch-shibsp_impl_StorageServiceSessionCache.cpp | 31 ---------------------- security/shibboleth-sp/pkg-plist | 4 +-- 4 files changed, 6 insertions(+), 38 deletions(-) diff --git a/security/shibboleth-sp/Makefile b/security/shibboleth-sp/Makefile index 1fe26dee2eaa..fe8a495afcff 100644 --- a/security/shibboleth-sp/Makefile +++ b/security/shibboleth-sp/Makefile @@ -1,8 +1,7 @@ # Created by: Janos Mohacsi <janos.mohacsi@bsd.hu> PORTNAME= shibboleth-sp -PORTVERSION= 3.2.1 -PORTREVISION= 1 +PORTVERSION= 3.2.2 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ diff --git a/security/shibboleth-sp/distinfo b/security/shibboleth-sp/distinfo index 5732cc0e1343..ef9bd0881c4a 100644 --- a/security/shibboleth-sp/distinfo +++ b/security/shibboleth-sp/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1615929563 -SHA256 (shibboleth-sp-3.2.1.tar.bz2) = 8acde18566bbf987c4022a6f19d0c2df0d306e9344810aec1b6b8b9100d271ef -SIZE (shibboleth-sp-3.2.1.tar.bz2) = 811714 +TIMESTAMP = 1619424965 +SHA256 (shibboleth-sp-3.2.2.tar.bz2) = e5db65b39cd3f078ff683c792558aa549d46ffc627a70faf3ef4637b2892e767 +SIZE (shibboleth-sp-3.2.2.tar.bz2) = 816128 diff --git a/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp b/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp deleted file mode 100644 index 7cb55f5f16d5..000000000000 --- a/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp +++ /dev/null @@ -1,31 +0,0 @@ -From 5a47c3b9378f4c49392dd4d15189b70956f9f2ec Mon Sep 17 00:00:00 2001 -From: Scott Cantor <cantor.2@osu.edu> -Date: Thu, 22 Apr 2021 15:58:43 -0400 -Subject: [PATCH] SSPCPP-927 - Check for missing DataSealer during cookie recovery - -https://issues.shibboleth.net/jira/browse/SSPCPP-927 - ---- shibsp/impl/StorageServiceSessionCache.cpp.orig 2020-12-07 20:51:12.000000000 +0000 -+++ shibsp/impl/StorageServiceSessionCache.cpp 2021-04-23 16:17:00.398821000 +0000 -@@ -1148,6 +1148,12 @@ - else { - // We're out of process, so we can recover the session. - #ifndef SHIBSP_LITE -+ const DataSealer* sealer = XMLToolingConfig::getConfig().getDataSealer(); -+ if (!sealer) { -+ m_log.warn("can't attempt recovery of session (%s), no DataSealer configured", key); -+ return false; -+ } -+ - m_log.debug("checking for revocation of session (%s)", key); - try { - if (m_storage_lite->readString("Revoked", key) > 0) { -@@ -1174,7 +1180,7 @@ - try { - dup = strdup(data); - XMLToolingConfig::getConfig().getURLEncoder()->decode(dup); -- unwrapped = XMLToolingConfig::getConfig().getDataSealer()->unwrap(dup); -+ unwrapped = sealer->unwrap(dup); - free(dup); - - stringstream str(unwrapped); diff --git a/security/shibboleth-sp/pkg-plist b/security/shibboleth-sp/pkg-plist index 80a2af88d06a..d1fd2aeab2ac 100644 --- a/security/shibboleth-sp/pkg-plist +++ b/security/shibboleth-sp/pkg-plist @@ -92,7 +92,7 @@ include/shibsp/util/TemplateParameters.h include/shibsp/version.h lib/libshibsp.so lib/libshibsp.so.10 -lib/libshibsp.so.10.0.0 +lib/libshibsp.so.10.0.1 lib/shibboleth/adfs.so lib/shibboleth/adfs-lite.so %%MEMCACHED%%lib/shibboleth/memcache-store.so @@ -104,7 +104,7 @@ lib/shibboleth/plugins.so %%FASTCGI%%lib/shibboleth/shibresponder lib/libshibsp-lite.so lib/libshibsp-lite.so.10 -lib/libshibsp-lite.so.10.0.0 +lib/libshibsp-lite.so.10.0.1 libdata/pkgconfig/shibsp-lite.pc libdata/pkgconfig/shibsp.pc sbin/shibd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104260851.13Q8pPfd060699>