Hello community, here is the log from the commit of package xmltooling for openSUSE:Factory checked in at 2020-12-02 15:05:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xmltooling (Old) and /work/SRC/openSUSE:Factory/.xmltooling.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xmltooling" Wed Dec 2 15:05:47 2020 rev:13 rq:852605 version:3.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/xmltooling/xmltooling.changes 2019-03-22 15:09:12.373399072 +0100 +++ /work/SRC/openSUSE:Factory/.xmltooling.new.5913/xmltooling.changes 2020-12-02 15:05:48.997614645 +0100 @@ -1,0 +2,8 @@ +Tue Dec 1 13:13:07 UTC 2020 - Kristyna Streitova <kstreit...@suse.com> + +- Update to 3.1.0 + * [CPPXT-145] - DataSealer is sharing non-thread safe keys +- update lib version to 9 +- run spec-cleaner + +------------------------------------------------------------------- Old: ---- xmltooling-3.0.4.tar.bz2 xmltooling-3.0.4.tar.bz2.asc New: ---- xmltooling-3.1.0.tar.bz2 xmltooling-3.1.0.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xmltooling.spec ++++++ --- /var/tmp/diff_new_pack.IdCS57/_old 2020-12-02 15:05:49.645615305 +0100 +++ /var/tmp/diff_new_pack.IdCS57/_new 2020-12-02 15:05:49.649615310 +0100 @@ -1,7 +1,7 @@ # # spec file for package xmltooling # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,15 +12,15 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define libvers 8 -%define opensaml_version 3.0.1 +%define libvers 9 +%define opensaml_version 3.1.0 %define pkgdocdir %{_docdir}/%{name} Name: xmltooling -Version: 3.0.4 +Version: 3.1.0 Release: 0 Summary: OpenSAML XML Processing library License: Apache-2.0 @@ -84,7 +84,6 @@ This package contains just the shared library. - %package -n libxmltooling-devel Summary: XMLTooling development Headers Group: Development/Libraries/C and C++ @@ -132,7 +131,7 @@ %build autoreconf -fiv %configure -make %{?_smp_mflags} +%make_build %install make install DESTDIR=%{buildroot} pkgdocdir=%{pkgdocdir} @@ -142,11 +141,10 @@ rm -f %{buildroot}/%{_libdir}/libxmltooling-lite.la %check -make %{?_smp_mflags} check +%make_build check %post -n libxmltooling%{libvers} -p /sbin/ldconfig %post -n libxmltooling-lite%{libvers} -p /sbin/ldconfig - %postun -n libxmltooling%{libvers} -p /sbin/ldconfig %postun -n libxmltooling-lite%{libvers} -p /sbin/ldconfig ++++++ xmltooling-3.0.4.tar.bz2 -> xmltooling-3.1.0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/Projects/vc15/xmltooling/xmltooling-lite.vcxproj new/xmltooling-3.1.0/Projects/vc15/xmltooling/xmltooling-lite.vcxproj --- old/xmltooling-3.0.4/Projects/vc15/xmltooling/xmltooling-lite.vcxproj 2018-11-01 15:08:56.000000000 +0100 +++ new/xmltooling-3.1.0/Projects/vc15/xmltooling/xmltooling-lite.vcxproj 2020-02-06 01:20:34.000000000 +0100 @@ -89,10 +89,10 @@ <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet> <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> - <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(ProjectName)3_0</TargetName> - <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(ProjectName)3_0</TargetName> - <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(ProjectName)3_0D</TargetName> - <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(ProjectName)3_0D</TargetName> + <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(ProjectName)3_1</TargetName> + <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(ProjectName)3_1</TargetName> + <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(ProjectName)3_1D</TargetName> + <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(ProjectName)3_1D</TargetName> </PropertyGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <ClCompile> @@ -161,7 +161,6 @@ <PrecompiledHeaderFile> </PrecompiledHeaderFile> <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> <DisableSpecificWarnings>4275</DisableSpecificWarnings> <ConformanceMode>true</ConformanceMode> </ClCompile> @@ -192,7 +191,6 @@ <PrecompiledHeaderFile> </PrecompiledHeaderFile> <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> <DisableSpecificWarnings>4275</DisableSpecificWarnings> <ConformanceMode>true</ConformanceMode> </ClCompile> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/Projects/vc15/xmltooling/xmltooling.vcxproj new/xmltooling-3.1.0/Projects/vc15/xmltooling/xmltooling.vcxproj --- old/xmltooling-3.0.4/Projects/vc15/xmltooling/xmltooling.vcxproj 2018-11-01 15:08:56.000000000 +0100 +++ new/xmltooling-3.1.0/Projects/vc15/xmltooling/xmltooling.vcxproj 2020-02-06 01:20:34.000000000 +0100 @@ -87,10 +87,10 @@ <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet> <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> - <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(ProjectName)3_0D</TargetName> - <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(ProjectName)3_0D</TargetName> - <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(ProjectName)3_0</TargetName> - <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(ProjectName)3_0</TargetName> + <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(ProjectName)3_1D</TargetName> + <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(ProjectName)3_1D</TargetName> + <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(ProjectName)3_1</TargetName> + <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(ProjectName)3_1</TargetName> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <IntDir>$(SolutionDir)..\..\Build\VC15\$(projectName)\$(Platform)\$(Configuration)\</IntDir> @@ -162,7 +162,6 @@ <PrecompiledHeaderFile> </PrecompiledHeaderFile> <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> <DisableSpecificWarnings>4275</DisableSpecificWarnings> <ConformanceMode>true</ConformanceMode> </ClCompile> @@ -187,7 +186,6 @@ <PrecompiledHeaderFile> </PrecompiledHeaderFile> <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> <DisableSpecificWarnings>4275</DisableSpecificWarnings> <ConformanceMode>true</ConformanceMode> </ClCompile> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/Projects/vc15/xmltoolingtest/xmltoolingtest.vcxproj new/xmltooling-3.1.0/Projects/vc15/xmltoolingtest/xmltoolingtest.vcxproj --- old/xmltooling-3.0.4/Projects/vc15/xmltoolingtest/xmltoolingtest.vcxproj 2018-11-01 15:08:56.000000000 +0100 +++ new/xmltooling-3.1.0/Projects/vc15/xmltoolingtest/xmltoolingtest.vcxproj 2019-09-27 21:29:32.000000000 +0200 @@ -148,7 +148,6 @@ <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>EditAndContinue</DebugInformationFormat> <DisableSpecificWarnings>4275</DisableSpecificWarnings> <ConformanceMode>true</ConformanceMode> </ClCompile> @@ -173,7 +172,6 @@ <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <WarningLevel>Level3</WarningLevel> - <DebugInformationFormat>EditAndContinue</DebugInformationFormat> <DisableSpecificWarnings>4275</DisableSpecificWarnings> <ConformanceMode>true</ConformanceMode> </ClCompile> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/config_win32.h new/xmltooling-3.1.0/config_win32.h --- old/xmltooling-3.0.4/config_win32.h 2019-03-08 15:44:44.000000000 +0100 +++ new/xmltooling-3.1.0/config_win32.h 2020-02-06 01:20:34.000000000 +0100 @@ -106,13 +106,13 @@ #define PACKAGE_NAME "xmltooling" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "xmltooling 3.0.4" +#define PACKAGE_STRING "xmltooling 3.1.0" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "xmltooling" /* Define to the version of this package. */ -#define PACKAGE_VERSION "3.0.4" +#define PACKAGE_VERSION "3.1.0" /* Define to the necessary symbol if this constant uses a non-standard name on your system. */ @@ -125,7 +125,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "3.0.4" +#define VERSION "3.1.0" /* Define if you wish to disable XML-Security-dependent features. */ /* #undef XMLTOOLING_NO_XMLSEC */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/configure new/xmltooling-3.1.0/configure --- old/xmltooling-3.0.4/configure 2019-03-08 15:45:41.000000000 +0100 +++ new/xmltooling-3.1.0/configure 2020-03-06 17:33:38.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for xmltooling 3.0.4. +# Generated by GNU Autoconf 2.69 for xmltooling 3.1.0. # # Report bugs to <https://issues.shibboleth.net/>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='xmltooling' PACKAGE_TARNAME='xmltooling' -PACKAGE_VERSION='3.0.4' -PACKAGE_STRING='xmltooling 3.0.4' +PACKAGE_VERSION='3.1.0' +PACKAGE_STRING='xmltooling 3.1.0' PACKAGE_BUGREPORT='https://issues.shibboleth.net/' PACKAGE_URL='' @@ -1449,7 +1449,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xmltooling 3.0.4 to adapt to many kinds of systems. +\`configure' configures xmltooling 3.1.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1519,7 +1519,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xmltooling 3.0.4:";; + short | recursive ) echo "Configuration of xmltooling 3.1.0:";; esac cat <<\_ACEOF @@ -1687,7 +1687,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xmltooling configure 3.0.4 +xmltooling configure 3.1.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2422,7 +2422,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xmltooling $as_me 3.0.4, which was +It was created by xmltooling $as_me 3.1.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3287,7 +3287,7 @@ # Define the identity of the package. PACKAGE='xmltooling' - VERSION='3.0.4' + VERSION='3.1.0' cat >>confdefs.h <<_ACEOF @@ -21853,7 +21853,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xmltooling $as_me 3.0.4, which was +This file was extended by xmltooling $as_me 3.1.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21919,7 +21919,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xmltooling config.status 3.0.4 +xmltooling config.status 3.1.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/configure.ac new/xmltooling-3.1.0/configure.ac --- old/xmltooling-3.0.4/configure.ac 2019-03-08 15:44:44.000000000 +0100 +++ new/xmltooling-3.1.0/configure.ac 2020-02-06 01:20:34.000000000 +0100 @@ -1,6 +1,6 @@ # Process this file with autoreconf AC_PREREQ([2.50]) -AC_INIT([xmltooling],[3.0.4],[https://issues.shibboleth.net/],[xmltooling]) +AC_INIT([xmltooling],[3.1.0],[https://issues.shibboleth.net/],[xmltooling]) AC_CONFIG_SRCDIR(xmltooling) AC_CONFIG_AUX_DIR(build-aux) AC_CONFIG_MACRO_DIR(m4) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/Makefile.am new/xmltooling-3.1.0/xmltooling/Makefile.am --- old/xmltooling-3.0.4/xmltooling/Makefile.am 2019-03-08 15:44:44.000000000 +0100 +++ new/xmltooling-3.1.0/xmltooling/Makefile.am 2020-02-06 01:20:34.000000000 +0100 @@ -229,7 +229,7 @@ $(PTHREAD_LIBS) \ $(dlopen_LIBS) -AM_LDFLAGS = -version-info 8:4:0 +AM_LDFLAGS = -version-info 9:0:0 libxmltooling_lite_la_SOURCES = \ ${common_sources} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/Makefile.in new/xmltooling-3.1.0/xmltooling/Makefile.in --- old/xmltooling-3.0.4/xmltooling/Makefile.in 2019-03-08 15:45:41.000000000 +0100 +++ new/xmltooling-3.1.0/xmltooling/Makefile.in 2020-03-06 17:33:37.000000000 +0100 @@ -913,7 +913,7 @@ $(PTHREAD_LIBS) \ $(dlopen_LIBS) -AM_LDFLAGS = -version-info 8:4:0 +AM_LDFLAGS = -version-info 9:0:0 libxmltooling_lite_la_SOURCES = \ ${common_sources} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/io/HTTPRequest.cpp new/xmltooling-3.1.0/xmltooling/io/HTTPRequest.cpp --- old/xmltooling-3.0.4/xmltooling/io/HTTPRequest.cpp 2018-07-10 03:00:14.000000000 +0200 +++ new/xmltooling-3.1.0/xmltooling/io/HTTPRequest.cpp 2020-04-02 15:59:58.000000000 +0200 @@ -223,6 +223,9 @@ split(nvpair, s, is_any_of("=")); if (nvpair.size() == 2) { trim(nvpair[0]); + if (ends_with(nvpair[0], "_fgwars")) { + nvpair[0].erase(nvpair[0].end() - 7, nvpair[0].end()); + } cookieMap[nvpair[0]] = nvpair[1]; } } @@ -234,13 +237,26 @@ string cookies=getHeader("Cookie"); vector<string> nvpair; tokenizer< char_separator<char> > nvpairs(cookies, char_separator<char>(";")); - for_each(nvpairs.begin(), nvpairs.end(), boost::bind(handle_cookie_fn, boost::ref(m_cookieMap), boost::ref(nvpair), _1)); + for_each(nvpairs.begin(), nvpairs.end(), + boost::bind(handle_cookie_fn, boost::ref(m_cookieMap), boost::ref(nvpair), _1)); } return m_cookieMap; } const char* HTTPRequest::getCookie(const char* name) const { + return getCookie(name, false); +} + +const char* HTTPRequest::getCookie(const char* name, bool) const +{ + // The fallback support is implemented via the getCookies() load above + // so we ignore it here. + map<string,string>::const_iterator lookup = getCookies().find(name); - return (lookup==m_cookieMap.end()) ? nullptr : lookup->second.c_str(); + if (lookup != m_cookieMap.end()) { + return lookup->second.c_str(); + } + + return nullptr; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/io/HTTPRequest.h new/xmltooling-3.1.0/xmltooling/io/HTTPRequest.h --- old/xmltooling-3.0.4/xmltooling/io/HTTPRequest.h 2018-07-10 03:00:14.000000000 +0200 +++ new/xmltooling-3.1.0/xmltooling/io/HTTPRequest.h 2020-03-06 17:33:23.000000000 +0100 @@ -94,12 +94,25 @@ virtual std::string getHeader(const char* name) const=0; /** + * Get a cookie value supplied by the client. + * + * @param name name of cookie + * @return cookie value or nullptr + */ + virtual const char* getCookie(const char* name) const; + + /** * Get a cookie value supplied by the client. + * + * The boolean flag enables the workaround for older clients with + * broken SameSite support by looking for a second cookie with + * a decorated name that would not carry the SameSite flag. * * @param name name of cookie + * @param sameSiteFallback enables lookaside to fallback cookie name * @return cookie value or nullptr */ - virtual const char* getCookie(const char* name) const; + virtual const char* getCookie(const char* name, bool sameSiteFallback) const; /** * Gets all the cookies supplied by the client. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/io/HTTPResponse.cpp new/xmltooling-3.1.0/xmltooling/io/HTTPResponse.cpp --- old/xmltooling-3.0.4/xmltooling/io/HTTPResponse.cpp 2018-07-10 03:00:14.000000000 +0200 +++ new/xmltooling-3.1.0/xmltooling/io/HTTPResponse.cpp 2020-03-06 17:33:23.000000000 +0100 @@ -86,11 +86,59 @@ setResponseHeader("Content-Type", type); } -void HTTPResponse::setCookie(const char* name, const char* value) +void HTTPResponse::setCookie(const char* name, const char* value, time_t expires, samesite_t sameSiteValue) { - string cookie(name); - cookie = cookie + '=' + value; - setResponseHeader("Set-Cookie", cookie.c_str()); + setCookie(name, value, expires, sameSiteValue, false); +} + +void HTTPResponse::setCookie(const char* name, const char* value, time_t expires, samesite_t sameSiteValue, bool sameSiteFallback) +{ + string decoratedValue; + if (!value) { + decoratedValue += "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; + } + else { + decoratedValue = value; + if (expires > 0) { + expires += time(nullptr); +#ifndef HAVE_GMTIME_R + struct tm* ptime = gmtime(&expires); +#else + struct tm res; + struct tm* ptime = gmtime_r(&expires, &res); +#endif + char cookietimebuf[64]; + strftime(cookietimebuf, 64, "; expires=%a, %d %b %Y %H:%M:%S GMT", ptime); + decoratedValue.append(cookietimebuf); + } + } + + if (sameSiteValue != SAMESITE_ABSENT) { + // Add SameSite to the primary cookie and optionally set a fallback cookie without SameSite. + switch (sameSiteValue) { + case SAMESITE_NONE: + if (sameSiteFallback) { + string hackedName(name); + setResponseHeader("Set-Cookie", hackedName.append("_fgwars=").append(decoratedValue).c_str()); + } + decoratedValue.append("; SameSite=None"); + break; + case SAMESITE_LAX: + decoratedValue.append("; SameSite=Lax"); + break; + case SAMESITE_STRICT: + decoratedValue.append("; SameSite=Strict"); + break; + default: + throw IOException("Invalid SameSite value supplied"); + } + string header(name); + setResponseHeader("Set-Cookie", header.append("=").append(decoratedValue).c_str()); + } + else { + string header(name); + setResponseHeader("Set-Cookie", header.append("=").append(decoratedValue).c_str()); + } } void HTTPResponse::setResponseHeader(const char* name, const char* value, bool replace) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/io/HTTPResponse.h new/xmltooling-3.1.0/xmltooling/io/HTTPResponse.h --- old/xmltooling-3.0.4/xmltooling/io/HTTPResponse.h 2018-07-10 03:00:14.000000000 +0200 +++ new/xmltooling-3.1.0/xmltooling/io/HTTPResponse.h 2020-03-06 17:33:23.000000000 +0100 @@ -65,14 +65,50 @@ */ virtual void setResponseHeader(const char* name, const char* value, bool replace = false); + /** Cookie SameSite values. */ + enum samesite_t { + SAMESITE_ABSENT = 0, + SAMESITE_NONE = 1, + SAMESITE_LAX = 2, + SAMESITE_STRICT = 3 + }; + /** - * Sets a client cookie. - * + * Sets or unsets a client cookie. + * + * <p>The boolean flag enables the workaround for older clients with + * broken SameSite support by setting a second cookie with + * a decorated name that would not carry the SameSite flag.</p> + * + * @param name cookie name + * @param value value to set, or nullptr to clear + * @param expires optional expiration time for the cookie, 0 means session + * @param sameSiteValue the SameSite value to apply to the cookie + * @param sameSiteFallback enables setting of a fallback cookie + */ + virtual void setCookie( + const char* name, + const char* value, + time_t expires, + samesite_t sameSiteValue, + bool sameSiteFallback); + + /** + * Sets or unsets a client cookie. + * + * <p>Now defaults to calling the new version with a false flag.</p> + * * @param name cookie name * @param value value to set, or nullptr to clear + * @param expires optional expiration time for the cookie, 0 means session + * @param sameSiteValue the SameSite value to apply to the cookie */ - virtual void setCookie(const char* name, const char* value); - + virtual void setCookie( + const char* name, + const char* value, + time_t expires = 0, + samesite_t sameSiteValue = SAMESITE_ABSENT); + /** * Redirect the client to the specified URL and complete the response. * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/security/impl/DataSealer.cpp new/xmltooling-3.1.0/xmltooling/security/impl/DataSealer.cpp --- old/xmltooling-3.0.4/xmltooling/security/impl/DataSealer.cpp 2018-11-01 15:08:56.000000000 +0100 +++ new/xmltooling-3.1.0/xmltooling/security/impl/DataSealer.cpp 2020-01-24 14:36:03.000000000 +0100 @@ -156,8 +156,10 @@ safeBuffer ciphertext; try { + // Keys are not threadsafe, use a clone to encrypt. + scoped_ptr<XSECCryptoKey> clonedKey(defaultKey.second->clone()); scoped_ptr<XENCEncryptionMethod> method(XENCEncryptionMethod::create(env.get(), algorithm)); - if (!handler->encryptToSafeBuffer(&tx, method.get(), defaultKey.second, dummydoc, ciphertext)) { + if (!handler->encryptToSafeBuffer(&tx, method.get(), clonedKey.get(), dummydoc, ciphertext)) { throw XMLSecurityException("Data encryption failed."); } } @@ -235,8 +237,10 @@ unsigned int len = 0; safeBuffer plaintext; try { + // Keys are not threadsafe, use a clone to decrypt. + scoped_ptr<XSECCryptoKey> clonedKey(requiredKey.second->clone()); scoped_ptr<XENCEncryptionMethod> method(XENCEncryptionMethod::create(env.get(), algorithm)); - len = handler->decryptToSafeBuffer(&tx, method.get(), requiredKey.second, dummydoc, plaintext); + len = handler->decryptToSafeBuffer(&tx, method.get(), clonedKey.get(), dummydoc, plaintext); } catch (const XSECException& ex) { auto_ptr_char msg(ex.getMsg()); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/version.h new/xmltooling-3.1.0/xmltooling/version.h --- old/xmltooling-3.0.4/xmltooling/version.h 2019-03-08 15:44:44.000000000 +0100 +++ new/xmltooling-3.1.0/xmltooling/version.h 2020-02-06 01:20:34.000000000 +0100 @@ -43,8 +43,8 @@ */ #define XMLTOOLING_VERSION_MAJOR 3 -#define XMLTOOLING_VERSION_MINOR 0 -#define XMLTOOLING_VERSION_REVISION 4 +#define XMLTOOLING_VERSION_MINOR 1 +#define XMLTOOLING_VERSION_REVISION 0 /** DO NOT MODIFY BELOW THIS LINE */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling/xmltooling.rc new/xmltooling-3.1.0/xmltooling/xmltooling.rc --- old/xmltooling-3.0.4/xmltooling/xmltooling.rc 2019-03-08 15:44:44.000000000 +0100 +++ new/xmltooling-3.1.0/xmltooling/xmltooling.rc 2020-02-06 01:20:34.000000000 +0100 @@ -28,8 +28,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 3,0,4,0 - PRODUCTVERSION 3,0,1,0 + FILEVERSION 3,1,0,0 + PRODUCTVERSION 3,1,0,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -51,38 +51,38 @@ #else VALUE "FileDescription", "OpenSAML XMLTooling Library\0" #endif - VALUE "FileVersion", "3, 0, 4, 0\0" + VALUE "FileVersion", "3, 1, 0, 0\0" #ifdef XMLTOOLING_LITE #ifdef _DEBUG - VALUE "InternalName", "xmltooling-lite3_0D\0" + VALUE "InternalName", "xmltooling-lite3_1D\0" #else - VALUE "InternalName", "xmltooling-lite3_0\0" + VALUE "InternalName", "xmltooling-lite3_1\0" #endif #else #ifdef _DEBUG - VALUE "InternalName", "xmltooling3_0D\0" + VALUE "InternalName", "xmltooling3_1D\0" #else - VALUE "InternalName", "xmltooling3_0\0" + VALUE "InternalName", "xmltooling3_1\0" #endif #endif - VALUE "LegalCopyright", "Copyright 2019 UCAID\0" + VALUE "LegalCopyright", "Copyright 2020 Various\0" VALUE "LegalTrademarks", "\0" #ifdef XMLTOOLING_LITE #ifdef _DEBUG - VALUE "OriginalFilename", "xmltooling-lite3_0D.dll\0" + VALUE "OriginalFilename", "xmltooling-lite3_1D.dll\0" #else - VALUE "OriginalFilename", "xmltooling-lite3_0.dll\0" + VALUE "OriginalFilename", "xmltooling-lite3_1.dll\0" #endif #else #ifdef _DEBUG - VALUE "OriginalFilename", "xmltooling3_0.dll\0" + VALUE "OriginalFilename", "xmltooling3_1.dll\0" #else - VALUE "OriginalFilename", "xmltooling3_0.dll\0" + VALUE "OriginalFilename", "xmltooling3_1.dll\0" #endif #endif VALUE "PrivateBuild", "\0" - VALUE "ProductName", "OpenSAML 3.0.1\0" - VALUE "ProductVersion", "3, 0, 1, 0\0" + VALUE "ProductName", "OpenSAML 3.1.0\0" + VALUE "ProductVersion", "3, 1, 0, 0\0" VALUE "SpecialBuild", "\0" END END diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.4/xmltooling.spec.in new/xmltooling-3.1.0/xmltooling.spec.in --- old/xmltooling-3.0.4/xmltooling.spec.in 2018-07-10 03:00:14.000000000 +0200 +++ new/xmltooling-3.1.0/xmltooling.spec.in 2020-04-02 15:47:35.000000000 +0200 @@ -13,7 +13,7 @@ %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0} %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4} BuildRequires: gcc-c++, pkgconfig, zlib-devel, openssl-devel, boost-devel >= 1.32.0 -%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +%if 0%{?rhel} == 6 && 0%{?rhel} == 7 || 0%{?amzn} >= 1 BuildRequires: libcurl-openssl-devel >= 7.21.7 Requires: libcurl-openssl >= 7.21.7 %else @@ -24,6 +24,10 @@ BuildRequires: redhat-rpm-config %endif +%if 0%{?rhel} == 8 +BuildRequires: gdb +%endif + %if "%{_vendor}" == "suse" %define pkgdocdir %{_docdir}/%{name} %else @@ -31,7 +35,7 @@ %endif # Prevent the RHEL/etc 6+ package from requiring a vanilla libcurl. -%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +%if 0%{?rhel} == 6 && 0%{?rhel} == 7 || 0%{?amzn} >= 1 %filter_from_requires /libcurl\.so\..*/d %filter_setup %endif @@ -43,16 +47,16 @@ classes to add value around the DOM, as well as signing and encryption support. -%package -n lib@PACKAGE_NAME@8 +%package -n lib@PACKAGE_NAME@9 Summary: OpenSAML XMLTooling library Group: Development/Libraries/C and C++ Provides: @PACKAGE_NAME@ = %{version}-%{release} Obsoletes: @PACKAGE_NAME@ < %{version}-%{release} -%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +%if 0%{?rhel} == 6 && 0%{?rhel} == 7 || 0%{?amzn} >= 1 Requires: libcurl-openssl >= 7.21.7 %endif -%description -n lib@PACKAGE_NAME@8 +%description -n lib@PACKAGE_NAME@9 The XMLTooling library contains generic XML parsing and processing classes based on the Xerces-C DOM. It adds more powerful facilities for declaring element- and type-specific API and implementation @@ -64,7 +68,7 @@ %package -n lib@PACKAGE_NAME@-devel Summary: XMLTooling development Headers Group: Development/Libraries/C and C++ -Requires: lib@PACKAGE_NAME@8 = %{version}-%{release} +Requires: lib@PACKAGE_NAME@9 = %{version}-%{release} Provides: @PACKAGE_NAME@-devel = %{version}-%{release} Obsoletes: @PACKAGE_NAME@-devel < %{version}-%{release} Requires: libxerces-c-devel >= 3.2 @@ -72,7 +76,7 @@ %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0} %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4} Requires: openssl-devel, boost-devel >= 1.32.0 -%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +%if 0%{?rhel} == 6 && 0%{?rhel} == 7 || 0%{?amzn} >= 1 Requires: libcurl-openssl-devel >= 7.21.7 %else Requires: curl-devel >= 7.10.6 @@ -104,7 +108,7 @@ %setup -q %build -%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +%if 0%{?rhel} == 6 && 0%{?rhel} == 7 || 0%{?amzn} >= 1 %configure %{?@PACKAGE_NAME@_options} %{!?_without_xmlsec: --with-xmlsec} PKG_CONFIG_PATH=/opt/shibboleth/%{_lib}/pkgconfig %else %configure %{?@PACKAGE_NAME@_options} %{!?_without_xmlsec: --with-xmlsec} @@ -122,15 +126,11 @@ %clean [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT -%ifnos solaris2.8 solaris2.9 solaris2.10 -%post -n lib@PACKAGE_NAME@8 -p /sbin/ldconfig -%endif +%post -n lib@PACKAGE_NAME@9 -p /sbin/ldconfig -%ifnos solaris2.8 solaris2.9 solaris2.10 -%postun -n lib@PACKAGE_NAME@8 -p /sbin/ldconfig -%endif +%postun -n lib@PACKAGE_NAME@9 -p /sbin/ldconfig -%files -n lib@PACKAGE_NAME@8 +%files -n lib@PACKAGE_NAME@9 %defattr(-,root,root,-) %{_libdir}/*.so.* %exclude %{_libdir}/*.la @@ -149,6 +149,12 @@ %doc %{pkgdocdir} %changelog +* Mon Feb 3 2020 Scott Cantor <canto...@osu.edu> - 3.1.0-1 +- Version and lib bump + +* Mon Sep 30 2019 Scott Cantor <canto...@osu.edu> - 3.0.4-1 +- CentOS 8 cleanup + * Tue Nov 21 2017 Scott Cantor <canto...@osu.edu> - 3.0.0-1 - Update soname - Require Xerces 3.2 as shipped by me on all platforms _______________________________________________ openSUSE Commits mailing list -- commit@lists.opensuse.org To unsubscribe, email commit-le...@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
