Hello community, here is the log from the commit of package shibboleth-sp for openSUSE:Factory checked in at 2019-02-11 21:29:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shibboleth-sp (Old) and /work/SRC/openSUSE:Factory/.shibboleth-sp.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shibboleth-sp" Mon Feb 11 21:29:02 2019 rev:10 rq:673397 version:3.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/shibboleth-sp/shibboleth-sp.changes 2018-12-04 20:54:18.588854195 +0100 +++ /work/SRC/openSUSE:Factory/.shibboleth-sp.new.28833/shibboleth-sp.changes 2019-02-11 21:29:04.098961248 +0100 @@ -1,0 +2,7 @@ +Mon Feb 11 13:42:19 UTC 2019 - [email protected] + +- update to 3.0.3 + * list of fixes and enhancements + https://issues.shibboleth.net/jira/browse/SSPCPP-845?filter=12573 + +------------------------------------------------------------------- Old: ---- shibboleth-sp-3.0.2.tar.bz2 shibboleth-sp-3.0.2.tar.bz2.asc New: ---- shibboleth-sp-3.0.3.tar.bz2 shibboleth-sp-3.0.3.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shibboleth-sp.spec ++++++ --- /var/tmp/diff_new_pack.mH9cil/_old 2019-02-11 21:29:05.414960536 +0100 +++ /var/tmp/diff_new_pack.mH9cil/_new 2019-02-11 21:29:05.418960533 +0100 @@ -1,7 +1,7 @@ # # spec file for package shibboleth-sp # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ %define realname shibboleth %define pkgdocdir %{_docdir}/%{realname} Name: shibboleth-sp -Version: 3.0.2 +Version: 3.0.3 Release: 0 Summary: Open source system for attribute-based Web SSO License: Apache-2.0 ++++++ shibboleth-sp-3.0.2.tar.bz2 -> shibboleth-sp-3.0.3.tar.bz2 ++++++ ++++ 8162 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/adfs/Makefile.am new/shibboleth-sp-3.0.3/adfs/Makefile.am --- old/shibboleth-sp-3.0.2/adfs/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/adfs/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -4,6 +4,7 @@ plugin_LTLIBRARIES = adfs.la adfs-lite.la adfs_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(opensaml_CFLAGS) \ @@ -24,6 +25,7 @@ adfs.cpp adfs_lite_la_CXXFLAGS = -DSHIBSP_LITE \ + $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(xmltooling_lite_CFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/apache/Makefile.am new/shibboleth-sp-3.0.3/apache/Makefile.am --- old/shibboleth-sp-3.0.2/apache/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/apache/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -6,6 +6,7 @@ mod_shib_13_la_SOURCES = mod_shib_13.cpp mod_shib_13_la_LDFLAGS = -module -avoid-version mod_shib_13_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(APXS_CFLAGS) -I$(APXS_INCLUDE) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ @@ -24,6 +25,7 @@ mod_shib_20_la_SOURCES = mod_shib_20.cpp mod_shib_20_la_LDFLAGS = -module -avoid-version mod_shib_20_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(APXS2_CFLAGS) -I$(APXS2_INCLUDE) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ @@ -44,6 +46,7 @@ mod_shib_22_la_SOURCES = mod_shib_22.cpp mod_shib_22_la_LDFLAGS = -module -avoid-version mod_shib_22_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(APXS22_CFLAGS) -I$(APXS22_INCLUDE) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ @@ -64,6 +67,7 @@ mod_shib_24_la_SOURCES = mod_shib_24.cpp mod_shib_24_la_LDFLAGS = -module -avoid-version mod_shib_24_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(APXS24_CFLAGS) -I$(APXS24_INCLUDE) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/config_win32.h new/shibboleth-sp-3.0.3/config_win32.h --- old/shibboleth-sp-3.0.2/config_win32.h 2018-08-01 19:56:31.000000000 +0200 +++ new/shibboleth-sp-3.0.3/config_win32.h 2018-10-12 20:06:42.000000000 +0200 @@ -121,13 +121,13 @@ #define PACKAGE_NAME "shibboleth" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "shibboleth 3.0.2" +#define PACKAGE_STRING "shibboleth 3.0.3" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "shibboleth-sp" /* Define to the version of this package. */ -#define PACKAGE_VERSION "3.0.2" +#define PACKAGE_VERSION "3.0.3" /* Define to the necessary symbol if this constant uses a non-standard name on your system. */ @@ -140,7 +140,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "3.0.2" +#define VERSION "3.0.3" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/configs/Makefile.am new/shibboleth-sp-3.0.3/configs/Makefile.am --- old/shibboleth-sp-3.0.2/configs/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/configs/Makefile.am 2018-10-12 20:04:32.000000000 +0200 @@ -126,9 +126,10 @@ install-data-hook: chmod +x $(DESTDIR)$(pkgsysconfdir)/keygen.sh + chmod +x $(DESTDIR)$(pkgsysconfdir)/seckeygen.sh chmod +x $(DESTDIR)$(pkgsysconfdir)/metagen.sh if test -z "$(NOKEYGEN)"; then \ - if test ! -f $(DESTDIR)$(pkgsysconfdir)/sp-key.gen; then \ + if test ! -f $(DESTDIR)$(pkgsysconfdir)/sp-key.pem; then \ cd $(DESTDIR)$(pkgsysconfdir); \ /bin/sh ./keygen.sh -b -n sp-signing ; \ /bin/sh ./keygen.sh -b -n sp-encrypt ; \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/configure.ac new/shibboleth-sp-3.0.3/configure.ac --- old/shibboleth-sp-3.0.2/configure.ac 2018-08-01 19:56:31.000000000 +0200 +++ new/shibboleth-sp-3.0.3/configure.ac 2018-10-12 20:06:42.000000000 +0200 @@ -1,11 +1,9 @@ AC_PREREQ([2.50]) -AC_INIT([shibboleth],[3.0.2],[https://issues.shibboleth.net/],[shibboleth-sp]) +AC_INIT([shibboleth],[3.0.3],[https://issues.shibboleth.net/],[shibboleth-sp]) AC_CONFIG_SRCDIR(shibsp) AC_CONFIG_AUX_DIR(build-aux) AC_CONFIG_MACRO_DIR(m4) AM_INIT_AUTOMAKE -AC_DISABLE_STATIC -AC_PROG_LIBTOOL PKG_INSTALLDIR # Docygen features @@ -22,15 +20,12 @@ DX_INCLUDE= AC_ARG_ENABLE(debug, - AS_HELP_STRING([--enable-debug],[Have GCC compile with symbols (Default = no)]), + AS_HELP_STRING([--enable-debug],[Produce debug variant (Default = no)]), enable_debug=$enableval, enable_debug=no) if test "$enable_debug" = "yes" ; then - GCC_CFLAGS="$CFLAGS -g -D_DEBUG" - GCC_CXXFLAGS="$CXXFLAGS -g -D_DEBUG" -else - GCC_CFLAGS="$CFLAGS -O2 -DNDEBUG" - GCC_CXXFLAGS="$CXXFLAGS -O2 -DNDEBUG" + AM_CFLAGS="-D_DEBUG" + AM_CXXFLAGS="-D_DEBUG" fi AC_CONFIG_HEADERS([config.h shibsp/config_pub.h]) @@ -38,34 +33,16 @@ AC_PROG_CC([gcc gcc3 cc]) AC_PROG_CXX([g++ g++3 c++ CC]) -AC_CANONICAL_HOST if test "$GCC" = "yes" ; then -# AC_HAVE_GCC_VERSION(4,0,0,0, -# [ -# AC_DEFINE(GCC_HASCLASSVISIBILITY,1, -# [Define to enable class visibility control in gcc.]) -# GCC_CFLAGS="$GCC_CFLAGS -fvisibility=hidden -fvisibility-inlines-hidden" -# GCC_CXXFLAGS="$GCC_CXXFLAGS -fvisibility=hidden -fvisibility-inlines-hidden" -# ]) - CFLAGS="-Wall $GCC_CFLAGS" - CXXFLAGS="-Wall $GCC_CXXFLAGS" + AM_CFLAGS="$AM_CFLAGS -Wall -W" + AM_CXXFLAGS="$AM_CXXFLAGS -Wall -W" fi -# Fix for Sun Workshop compiler in debug mode, may be Sun case #6360993 -# Also enables POSIX semantics for some functions. -case "${host_cpu}-${host_os}" in - *solaris*) - CFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS" - CXXFLAGS="$CXXFLAGS -D_POSIX_PTHREAD_SEMANTICS" - if test "$CXX" = "CC" ; then - CXXFLAGS="$CXXFLAGS -Qoption ccfe -stabs=no%dfltlit+no%dflthlp" - fi - ;; - *osf*) - CXXFLAGS="$CXXFLAGS -D_POSIX_PII_SOCKET" - ;; -esac +AC_SUBST([AM_CFLAGS]) +AC_SUBST([AM_CXXFLAGS]) + +LT_INIT([disable-static]) AC_LANG(C) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/fastcgi/Makefile.am new/shibboleth-sp-3.0.3/fastcgi/Makefile.am --- old/shibboleth-sp-3.0.2/fastcgi/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/fastcgi/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -8,6 +8,7 @@ shibauthorizer_SOURCES = shibauthorizer.cpp shibauthorizer_CXXFLAGS = $(FASTCGI_INCLUDE) \ + $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(xerces_CFLAGS) \ @@ -21,6 +22,7 @@ shibresponder_SOURCES = shibresponder.cpp shibresponder_CXXFLAGS = $(FASTCGI_INCLUDE) \ + $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(xerces_CFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/memcache-store/Makefile.am new/shibboleth-sp-3.0.3/memcache-store/Makefile.am --- old/shibboleth-sp-3.0.2/memcache-store/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/memcache-store/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -3,11 +3,10 @@ plugindir = $(libdir)/@PACKAGE_NAME@ plugin_LTLIBRARIES = memcache-store.la -AM_CFLAGS = $(MEMCACHED_INCLUDE) -AM_CXXFLAGS = $(MEMCACHED_INCLUDE) - memcache_store_la_LDFLAGS = $(MEMCACHED_LDFLAGS) -module -avoid-version memcache_store_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ + $(MEMCACHED_INCLUDE) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(opensaml_CFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/nsapi_shib/Makefile.am new/shibboleth-sp-3.0.3/nsapi_shib/Makefile.am --- old/shibboleth-sp-3.0.2/nsapi_shib/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/nsapi_shib/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -5,6 +5,7 @@ nsapi_shib_LTLIBRARIES = nsapi_shib.la nsapi_shib_la_SOURCES = nsapi_shib.cpp nsapi_shib_la_CXXFLAGS = $(NSAPI_INCLUDE) \ + $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(xerces_CFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/odbc-store/Makefile.am new/shibboleth-sp-3.0.3/odbc-store/Makefile.am --- old/shibboleth-sp-3.0.2/odbc-store/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/odbc-store/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -3,10 +3,9 @@ plugindir = $(libdir)/@PACKAGE_NAME@ plugin_LTLIBRARIES = odbc-store.la -AM_CFLAGS = $(ODBC_CFLAGS) -AM_CXXFLAGS = $(ODBC_CFLAGS) - odbc_store_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ + $(ODBC_CFLAGS) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(opensaml_CFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/plugins/AttributeResolverHandler.cpp new/shibboleth-sp-3.0.3/plugins/AttributeResolverHandler.cpp --- old/shibboleth-sp-3.0.2/plugins/AttributeResolverHandler.cpp 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/plugins/AttributeResolverHandler.cpp 2018-10-12 19:42:15.000000000 +0200 @@ -369,7 +369,7 @@ *id = mprefix.second + *id; } } - catch (std::exception& ex) { + catch (const std::exception& ex) { m_log.error("caught exception extracting attributes: %s", ex.what()); } } @@ -396,7 +396,7 @@ try { filter->filterAttributes(fc, resolvedAttributes); } - catch (std::exception& ex) { + catch (const std::exception& ex) { m_log.error("caught exception filtering attributes: %s", ex.what()); m_log.error("dumping extracted attributes due to filtering exception"); for_each(resolvedAttributes.begin(), resolvedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>()); @@ -409,27 +409,35 @@ if (resolver) { m_log.debug("resolving attributes..."); - Locker locker(resolver); - auto_ptr<ResolutionContext> ctx( - resolver->createResolutionContext( - application, - &httpRequest, - issuer ? dynamic_cast<const saml2md::EntityDescriptor*>(issuer->getParent()) : nullptr, - protocol, - nameid, - nullptr, - nullptr, - nullptr, - &resolvedAttributes - ) - ); - resolver->resolveAttributes(*ctx); - // Copy over any pushed attributes. - while (!resolvedAttributes.empty()) { - ctx->getResolvedAttributes().push_back(resolvedAttributes.back()); - resolvedAttributes.pop_back(); + try { + Locker locker(resolver); + auto_ptr<ResolutionContext> ctx( + resolver->createResolutionContext( + application, + &httpRequest, + issuer ? dynamic_cast<const saml2md::EntityDescriptor*>(issuer->getParent()) : nullptr, + protocol, + nameid, + nullptr, + nullptr, + nullptr, + &resolvedAttributes + ) + ); + resolver->resolveAttributes(*ctx); + + // Copy over any previous attributes. + while (!resolvedAttributes.empty()) { + ctx->getResolvedAttributes().push_back(resolvedAttributes.back()); + resolvedAttributes.pop_back(); + } + return ctx.release(); + } + catch (...) { + for_each(resolvedAttributes.begin(), resolvedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>()); + resolvedAttributes.clear(); + throw; } - return ctx.release(); } if (!resolvedAttributes.empty()) { @@ -438,9 +446,11 @@ } catch (...) { for_each(resolvedAttributes.begin(), resolvedAttributes.end(), xmltooling::cleanup<shibsp::Attribute>()); + resolvedAttributes.clear(); throw; } } + return nullptr; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/plugins/Makefile.am new/shibboleth-sp-3.0.3/plugins/Makefile.am --- old/shibboleth-sp-3.0.2/plugins/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/plugins/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -21,6 +21,7 @@ ${common_sources} plugins_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(opensaml_CFLAGS) \ @@ -48,6 +49,7 @@ plugins_la_LDFLAGS = -module -avoid-version plugins_lite_la_LDFLAGS = -module -avoid-version plugins_lite_la_CXXFLAGS = -DSHIBSP_LITE \ + $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ $(PTHREAD_CFLAGS) \ $(xerces_CFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/plugins/TemplateAttributeResolver.cpp new/shibboleth-sp-3.0.3/plugins/TemplateAttributeResolver.cpp --- old/shibboleth-sp-3.0.2/plugins/TemplateAttributeResolver.cpp 2018-07-12 00:28:27.000000000 +0200 +++ new/shibboleth-sp-3.0.3/plugins/TemplateAttributeResolver.cpp 2018-11-01 15:09:17.000000000 +0100 @@ -26,7 +26,6 @@ #include "internal.h" -#include <boost/bind.hpp> #include <boost/algorithm/string.hpp> #include <shibsp/exceptions.h> #include <shibsp/SessionCache.h> @@ -159,9 +158,16 @@ return; map<string,const Attribute*> attrmap; + for (vector<string>::const_iterator a = m_sources.begin(); a != m_sources.end(); ++a) { - static bool (*eq)(const string&, const char*) = operator==; - const Attribute* attr = find_if(*tctx.getInputAttributes(), boost::bind(eq, boost::cref(*a), boost::bind(&Attribute::getId, _1))); + const Attribute* attr = nullptr; + for (vector<Attribute*>::const_iterator b = tctx.getInputAttributes()->begin(); b != tctx.getInputAttributes()->end(); ++b) { + if (*a == (*b)->getId()) { + attr = *b; + break; + } + } + if (!attr) { m_log.warn("source attribute (%s) missing, cannot resolve attribute (%s)", a->c_str(), m_dest.front().c_str()); return; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/plugins/TimeAccessControl.cpp new/shibboleth-sp-3.0.3/plugins/TimeAccessControl.cpp --- old/shibboleth-sp-3.0.2/plugins/TimeAccessControl.cpp 2018-07-12 00:28:27.000000000 +0200 +++ new/shibboleth-sp-3.0.3/plugins/TimeAccessControl.cpp 2018-12-19 16:54:42.000000000 +0100 @@ -106,10 +106,16 @@ { if (XMLString::equals(e->getLocalName(), TimeSinceAuthn)) { m_type = TM_AUTHN; - XMLDateTime dur(XMLHelper::getTextContent(e)); - dur.parseDuration(); - m_value = dur.getEpoch(true); - return; + try { + XMLDateTime dur(XMLHelper::getTextContent(e)); + dur.parseDuration(); + m_value = dur.getEpoch(true); + return; + } + catch (const XMLException& e) { + auto_ptr_char temp(e.getMessage()); + throw ConfigurationException(temp.get() ? temp.get() : "XMLException parsing duration in TimeSinceAuthn rule"); + } } auto_ptr_char temp(XMLHelper::getTextContent(e)); @@ -130,10 +136,16 @@ if (XMLString::equals(e->getLocalName(), Time)) { m_type = TM_TIME; auto_ptr_XMLCh widen(tokens.back().c_str()); - XMLDateTime dt(widen.get()); - dt.parseDateTime(); - m_value = dt.getEpoch(false); - return; + try { + XMLDateTime dt(widen.get()); + dt.parseDateTime(); + m_value = dt.getEpoch(false); + return; + } + catch (const XMLException& e) { + auto_ptr_char temp(e.getMessage()); + throw ConfigurationException(temp.get() ? temp.get() : "XMLException parsing duration in Time rule"); + } } m_value = lexical_cast<time_t>(tokens.back()); @@ -179,8 +191,9 @@ request.log(SPRequest::SPDebug, "elapsed time since authentication exceeds limit"); return shib_acl_false; } - catch (std::exception& e) { - request.log(SPRequest::SPError, e.what()); + catch (const XMLException& e) { + auto_ptr_char temp(e.getMessage()); + request.log(SPRequest::SPError, temp.get() ? temp.get() : "XMLException parsing AuthnInstant from session"); } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibboleth.spec new/shibboleth-sp-3.0.3/shibboleth.spec --- old/shibboleth-sp-3.0.2/shibboleth.spec 2018-08-01 19:57:10.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibboleth.spec 2018-12-12 20:16:24.000000000 +0100 @@ -1,5 +1,5 @@ Name: shibboleth -Version: 3.0.2 +Version: 3.0.3 Release: 1 Summary: Open source system for attribute-based Web SSO Group: Productivity/Networking/Security @@ -426,6 +426,8 @@ %dir %{_libdir}/shibboleth %{_libdir}/shibboleth/*.so %exclude %{_libdir}/shibboleth/*.la +%{?_with_fastcgi:%{_libdir}/shibboleth/shibauthorizer} +%{?_with_fastcgi:%{_libdir}/shibboleth/shibresponder} %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth %if 0%{?suse_version} < 1300 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibboleth.spec.in new/shibboleth-sp-3.0.3/shibboleth.spec.in --- old/shibboleth-sp-3.0.2/shibboleth.spec.in 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibboleth.spec.in 2018-11-01 15:09:17.000000000 +0100 @@ -426,6 +426,8 @@ %dir %{_libdir}/shibboleth %{_libdir}/shibboleth/*.so %exclude %{_libdir}/shibboleth/*.la +%{?_with_fastcgi:%{_libdir}/shibboleth/shibauthorizer} +%{?_with_fastcgi:%{_libdir}/shibboleth/shibresponder} %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth %if 0%{?suse_version} < 1300 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibd/Makefile.am new/shibboleth-sp-3.0.3/shibd/Makefile.am --- old/shibboleth-sp-3.0.2/shibd/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibd/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -5,6 +5,7 @@ shibd_SOURCES = shibd.cpp shibd_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(PTHREAD_CFLAGS) \ $(SYSTEMD_CFLAGS) \ $(opensaml_CFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibsp/Makefile.am new/shibboleth-sp-3.0.3/shibsp/Makefile.am --- old/shibboleth-sp-3.0.2/shibsp/Makefile.am 2018-08-01 19:56:31.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibsp/Makefile.am 2018-10-12 20:09:40.000000000 +0200 @@ -1,309 +1,314 @@ -AUTOMAKE_OPTIONS = foreign subdir-objects - -lib_LTLIBRARIES = libshibsp.la libshibsp-lite.la - -libshibspincludedir = $(includedir)/shibsp - -attrincludedir = $(includedir)/shibsp/attribute - -attrresincludedir = $(includedir)/shibsp/attribute/resolver - -attrfiltincludedir = $(includedir)/shibsp/attribute/filtering - -bindincludedir = $(includedir)/shibsp/binding - -handincludedir = $(includedir)/shibsp/handler - -liteincludedir = $(includedir)/shibsp/lite - -mdincludedir = $(includedir)/shibsp/metadata - -remincludedir = $(includedir)/shibsp/remoting - -secincludedir = $(includedir)/shibsp/security - -utilincludedir = $(includedir)/shibsp/util - -nodist_libshibspinclude_HEADERS = config_pub.h - -libshibspinclude_HEADERS = \ - AbstractSPRequest.h \ - AccessControl.h \ - Application.h \ - base.h \ - exceptions.h \ - paths.h \ - GSSRequest.h \ - RequestMapper.h \ - ServiceProvider.h \ - SessionCache.h \ - SPConfig.h \ - SPRequest.h \ - TransactionLog.h \ - version.h - -attrinclude_HEADERS = \ - attribute/Attribute.h \ - attribute/AttributeDecoder.h \ - attribute/BinaryAttribute.h \ - attribute/ExtensibleAttribute.h \ - attribute/NameIDAttribute.h \ - attribute/ScopedAttribute.h \ - attribute/SimpleAttribute.h \ - attribute/XMLAttribute.h - -attrfiltinclude_HEADERS = \ - attribute/filtering/AttributeFilter.h \ - attribute/filtering/BasicFilteringContext.h \ - attribute/filtering/FilteringContext.h \ - attribute/filtering/FilterPolicyContext.h \ - attribute/filtering/MatchFunctor.h - -attrresinclude_HEADERS = \ - attribute/resolver/AttributeExtractor.h \ - attribute/resolver/AttributeResolver.h \ - attribute/resolver/ResolutionContext.h - -bindinclude_HEADERS = \ - binding/ArtifactResolver.h \ - binding/ProtocolProvider.h \ - binding/SOAPClient.h - -handinclude_HEADERS = \ - handler/AbstractHandler.h \ - handler/AssertionConsumerService.h \ - handler/Handler.h \ - handler/LogoutHandler.h \ - handler/LogoutInitiator.h \ - handler/RemotedHandler.h \ - handler/SecuredHandler.h \ - handler/SessionInitiator.h - -liteinclude_HEADERS = \ - lite/CommonDomainCookie.h \ - lite/SAMLConstants.h - -mdinclude_HEADERS = \ - metadata/MetadataExt.h \ - metadata/MetadataProviderCriteria.h - -reminclude_HEADERS = \ - remoting/ddf.h \ - remoting/ListenerService.h - -secinclude_HEADERS = \ - security/PKIXTrustEngine.h \ - security/SecurityPolicy.h \ - security/SecurityPolicyProvider.h - -utilinclude_HEADERS = \ - util/CGIParser.h \ - util/DOMPropertySet.h \ - util/IPRange.h \ - util/PropertySet.h \ - util/SPConstants.h \ - util/TemplateParameters.h - -noinst_HEADERS = \ - internal.h \ - impl/StoredSession.h \ - impl/StorageServiceSessionCache.h \ - impl/XMLApplication.h \ - impl/XMLServiceProvider.h \ - remoting/impl/SocketListener.h - -common_sources = \ - AbstractSPRequest.cpp \ - Application.cpp \ - ServiceProvider.cpp \ - SPConfig.cpp \ - version.cpp \ - attribute/Attribute.cpp \ - attribute/BinaryAttribute.cpp \ - attribute/ExtensibleAttribute.cpp \ - attribute/NameIDAttribute.cpp \ - attribute/SimpleAttribute.cpp \ - attribute/ScopedAttribute.cpp \ - attribute/XMLAttribute.cpp \ - binding/impl/XMLProtocolProvider.cpp \ - handler/impl/AbstractHandler.cpp \ - handler/impl/AdminLogoutInitiator.cpp \ - handler/impl/AssertionConsumerService.cpp \ - handler/impl/AssertionLookup.cpp \ - handler/impl/AttributeCheckerHandler.cpp \ - handler/impl/ChainingLogoutInitiator.cpp \ - handler/impl/ChainingSessionInitiator.cpp \ - handler/impl/CookieSessionInitiator.cpp \ - handler/impl/DiscoveryFeed.cpp \ - handler/impl/ExternalAuthHandler.cpp \ - handler/impl/FormSessionInitiator.cpp \ - handler/impl/LocalLogoutInitiator.cpp \ - handler/impl/LogoutHandler.cpp \ - handler/impl/LogoutInitiator.cpp \ - handler/impl/MetadataGenerator.cpp \ - handler/impl/RemotedHandler.cpp \ - handler/impl/SAML1Consumer.cpp \ - handler/impl/SAML2Consumer.cpp \ - handler/impl/SAML2ArtifactResolution.cpp \ - handler/impl/SAML2Logout.cpp \ - handler/impl/SAML2LogoutInitiator.cpp \ - handler/impl/SAML2NameIDMgmt.cpp \ - handler/impl/SAML2SessionInitiator.cpp \ - handler/impl/SAMLDSSessionInitiator.cpp \ - handler/impl/SecuredHandler.cpp \ - handler/impl/SessionHandler.cpp \ - handler/impl/SessionInitiator.cpp \ - handler/impl/Shib1SessionInitiator.cpp \ - handler/impl/StatusHandler.cpp \ - handler/impl/TransformSessionInitiator.cpp \ - handler/impl/WAYFSessionInitiator.cpp \ - impl/ChainingAccessControl.cpp \ - impl/StoredSession.cpp \ - impl/StorageServiceSessionCache.cpp \ - impl/XMLAccessControl.cpp \ - impl/XMLApplication.cpp \ - impl/XMLRequestMapper.cpp \ - impl/XMLServiceProvider.cpp \ - remoting/impl/ddf.cpp \ - remoting/impl/ListenerService.cpp \ - remoting/impl/SocketListener.cpp \ - remoting/impl/TCPListener.cpp \ - remoting/impl/UnixListener.cpp \ - util/CGIParser.cpp \ - util/DOMPropertySet.cpp \ - util/IPRange.cpp \ - util/SPConstants.cpp \ - util/TemplateParameters.cpp - -libshibsp_lite_la_SOURCES = \ - ${common_sources} \ - lite/CommonDomainCookie.cpp \ - lite/SAMLConstants.cpp - -libshibsp_la_SOURCES = \ - ${common_sources} \ - attribute/Base64AttributeDecoder.cpp \ - attribute/DOMAttributeDecoder.cpp \ - attribute/KeyInfoAttributeDecoder.cpp \ - attribute/NameIDAttributeDecoder.cpp \ - attribute/NameIDFromScopedAttributeDecoder.cpp \ - attribute/ScopedAttributeDecoder.cpp \ - attribute/StringAttributeDecoder.cpp \ - attribute/XMLAttributeDecoder.cpp \ - attribute/filtering/impl/AttributeFilter.cpp \ - attribute/filtering/impl/ChainingAttributeFilter.cpp \ - attribute/filtering/impl/DummyAttributeFilter.cpp \ - attribute/filtering/impl/XMLAttributeFilter.cpp \ - attribute/filtering/impl/BasicFilteringContext.cpp \ - attribute/filtering/impl/MatchFunctor.cpp \ - attribute/filtering/impl/AndMatchFunctor.cpp \ - attribute/filtering/impl/AnyMatchFunctor.cpp \ - attribute/filtering/impl/NotMatchFunctor.cpp \ - attribute/filtering/impl/OrMatchFunctor.cpp \ - attribute/filtering/impl/AttributeIssuerStringFunctor.cpp \ - attribute/filtering/impl/AttributeRequesterStringFunctor.cpp \ - attribute/filtering/impl/AttributeScopeStringFunctor.cpp \ - attribute/filtering/impl/AttributeValueStringFunctor.cpp \ - attribute/filtering/impl/AuthenticationMethodStringFunctor.cpp \ - attribute/filtering/impl/AttributeIssuerRegexFunctor.cpp \ - attribute/filtering/impl/AttributeRequesterRegexFunctor.cpp \ - attribute/filtering/impl/AttributeScopeRegexFunctor.cpp \ - attribute/filtering/impl/AttributeValueRegexFunctor.cpp \ - attribute/filtering/impl/AuthenticationMethodRegexFunctor.cpp \ - attribute/filtering/impl/NameIDQualifierStringFunctor.cpp \ - attribute/filtering/impl/NumberOfAttributeValuesFunctor.cpp \ - attribute/filtering/impl/AttributeIssuerInEntityGroupFunctor.cpp \ - attribute/filtering/impl/AttributeRequesterInEntityGroupFunctor.cpp \ - attribute/filtering/impl/AttributeIssuerEntityAttributeFunctor.cpp \ - attribute/filtering/impl/AttributeRequesterEntityAttributeFunctor.cpp \ - attribute/filtering/impl/AttributeIssuerEntityMatcherFunctor.cpp \ - attribute/filtering/impl/AttributeRequesterEntityMatcherFunctor.cpp \ - attribute/filtering/impl/AttributeMatchesShibMDScopeFunctor.cpp \ - attribute/filtering/impl/RegistrationAuthorityFunctor.cpp \ - attribute/resolver/impl/ChainingAttributeResolver.cpp \ - attribute/resolver/impl/QueryAttributeResolver.cpp \ - attribute/resolver/impl/SimpleAggregationAttributeResolver.cpp \ - attribute/resolver/impl/AssertionAttributeExtractor.cpp \ - attribute/resolver/impl/ChainingAttributeExtractor.cpp \ - attribute/resolver/impl/DelegationAttributeExtractor.cpp \ - attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp \ - attribute/resolver/impl/MetadataAttributeExtractor.cpp \ - attribute/resolver/impl/XMLAttributeExtractor.cpp \ - binding/impl/ArtifactResolver.cpp \ - binding/impl/SOAPClient.cpp \ - impl/TransactionLog.cpp \ - impl/XMLSecurityPolicyProvider.cpp \ - metadata/DynamicMetadataProvider.cpp \ - metadata/MetadataExtImpl.cpp \ - metadata/MetadataExtSchemaValidators.cpp \ - metadata/MetadataProviderCriteria.cpp \ - security/PKIXTrustEngine.cpp \ - security/SecurityPolicy.cpp - -# this is different from the project version -# http://sources.redhat.com/autobook/autobook/autobook_91.html -libshibsp_la_LDFLAGS = -version-info 8:2:0 -libshibsp_la_CXXFLAGS = \ - $(BOOST_CPPFLAGS) \ - $(PTHREAD_CFLAGS) \ - $(gss_CFLAGS) $(gnu_gss_CFLAGS) \ - $(log4shib_CFLAGS) $(log4cpp_CFLAGS) \ - $(opensaml_CFLAGS) \ - $(xerces_CFLAGS) \ - $(xmlsec_CFLAGS) \ - $(xmltooling_CFLAGS) -libshibsp_la_LIBADD = \ - $(PTHREAD_LIBS) \ - $(gss_LIBS) $(gnu_gss_LIBS) \ - $(log4shib_LIBS) $(log4cpp_LIBS) \ - $(opensaml_LIBS) \ - $(xerces_LIBS) \ - $(xmlsec_LIBS) \ - $(xmltooling_LIBS) -libshibsp_lite_la_LDFLAGS = -version-info 8:2:0 -libshibsp_lite_la_CXXFLAGS = -DSHIBSP_LITE \ - $(BOOST_CPPFLAGS) \ - $(PTHREAD_CFLAGS) \ - $(gss_CFLAGS) $(gnu_gss_CFLAGS) \ - $(log4shib_CFLAGS) $(log4cpp_CFLAGS) \ - $(xerces_CFLAGS) \ - $(xmltooling_lite_CFLAGS) -libshibsp_lite_la_LIBADD = \ - $(PTHREAD_LIBS) \ - $(gss_LIBS) $(gnu_gss_LIBS) \ - $(log4shib_LIBS) $(log4cpp_LIBS) \ - $(xerces_LIBS) \ - $(xmltooling_lite_LIBS) - -pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ -pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ -logdir = ${localstatedir}/log -rundir = $(localstatedir)/run -cachedir = $(localstatedir)/cache -xmldir = $(datadir)/xml - -paths.h: ${srcdir}/paths.h.in Makefile ${top_builddir}/config.status - rm -f [email protected] - sed < ${srcdir}/[email protected] > [email protected] \ - -e 's:@-PREFIX-@:${prefix}:g' \ - -e 's:@-LIBDIR-@:${libdir}:g' \ - -e 's:@-SYSCONFDIR-@:${sysconfdir}:g' \ - -e 's:@-LOGDIR-@:${logdir}:g' \ - -e 's:@-RUNDIR-@:${rundir}:g' \ - -e 's:@-CACHEDIR-@:${cachedir}:g' \ - -e 's:@-XMLDIR-@:${xmldir}:g' \ - -e 's:@-PKGSYSCONFDIR-@:${pkgsysconfdir}:g' \ - -e 's:@-PKGXMLDIR-@:${pkgxmldir}:g' \ - -e 's:@-XMLTOOLINGXMLDIR-@:${XMLTOOLINGXMLDIR}:g' \ - -e 's:@-OPENSAMLXMLDIR-@:${OPENSAMLXMLDIR}:g' - cmp -s $@ [email protected] || mv [email protected] $@ - rm -f [email protected] - -EXTRA_DIST = \ - config_pub.h.in \ - config_pub_win32.h\ - paths.h.in \ - resource.h \ - shibsp.rc - -BUILT_SOURCES = paths.h +AUTOMAKE_OPTIONS = foreign subdir-objects + +lib_LTLIBRARIES = libshibsp.la libshibsp-lite.la + +libshibspincludedir = $(includedir)/shibsp + +attrincludedir = $(includedir)/shibsp/attribute + +attrresincludedir = $(includedir)/shibsp/attribute/resolver + +attrfiltincludedir = $(includedir)/shibsp/attribute/filtering + +bindincludedir = $(includedir)/shibsp/binding + +handincludedir = $(includedir)/shibsp/handler + +liteincludedir = $(includedir)/shibsp/lite + +mdincludedir = $(includedir)/shibsp/metadata + +remincludedir = $(includedir)/shibsp/remoting + +secincludedir = $(includedir)/shibsp/security + +utilincludedir = $(includedir)/shibsp/util + +nodist_libshibspinclude_HEADERS = \ + config_pub.h \ + paths.h + +libshibspinclude_HEADERS = \ + AbstractSPRequest.h \ + AccessControl.h \ + Application.h \ + base.h \ + exceptions.h \ + GSSRequest.h \ + RequestMapper.h \ + ServiceProvider.h \ + SessionCache.h \ + SPConfig.h \ + SPRequest.h \ + TransactionLog.h \ + version.h + +attrinclude_HEADERS = \ + attribute/Attribute.h \ + attribute/AttributeDecoder.h \ + attribute/BinaryAttribute.h \ + attribute/ExtensibleAttribute.h \ + attribute/NameIDAttribute.h \ + attribute/ScopedAttribute.h \ + attribute/SimpleAttribute.h \ + attribute/XMLAttribute.h + +attrfiltinclude_HEADERS = \ + attribute/filtering/AttributeFilter.h \ + attribute/filtering/BasicFilteringContext.h \ + attribute/filtering/FilteringContext.h \ + attribute/filtering/FilterPolicyContext.h \ + attribute/filtering/MatchFunctor.h + +attrresinclude_HEADERS = \ + attribute/resolver/AttributeExtractor.h \ + attribute/resolver/AttributeResolver.h \ + attribute/resolver/ResolutionContext.h + +bindinclude_HEADERS = \ + binding/ArtifactResolver.h \ + binding/ProtocolProvider.h \ + binding/SOAPClient.h + +handinclude_HEADERS = \ + handler/AbstractHandler.h \ + handler/AssertionConsumerService.h \ + handler/Handler.h \ + handler/LogoutHandler.h \ + handler/LogoutInitiator.h \ + handler/RemotedHandler.h \ + handler/SecuredHandler.h \ + handler/SessionInitiator.h + +liteinclude_HEADERS = \ + lite/CommonDomainCookie.h \ + lite/SAMLConstants.h + +mdinclude_HEADERS = \ + metadata/MetadataExt.h \ + metadata/MetadataProviderCriteria.h + +reminclude_HEADERS = \ + remoting/ddf.h \ + remoting/ListenerService.h + +secinclude_HEADERS = \ + security/PKIXTrustEngine.h \ + security/SecurityPolicy.h \ + security/SecurityPolicyProvider.h + +utilinclude_HEADERS = \ + util/CGIParser.h \ + util/DOMPropertySet.h \ + util/IPRange.h \ + util/PropertySet.h \ + util/SPConstants.h \ + util/TemplateParameters.h + +noinst_HEADERS = \ + internal.h \ + impl/StoredSession.h \ + impl/StorageServiceSessionCache.h \ + impl/XMLApplication.h \ + impl/XMLServiceProvider.h \ + remoting/impl/SocketListener.h + +common_sources = \ + AbstractSPRequest.cpp \ + Application.cpp \ + ServiceProvider.cpp \ + SPConfig.cpp \ + version.cpp \ + attribute/Attribute.cpp \ + attribute/BinaryAttribute.cpp \ + attribute/ExtensibleAttribute.cpp \ + attribute/NameIDAttribute.cpp \ + attribute/SimpleAttribute.cpp \ + attribute/ScopedAttribute.cpp \ + attribute/XMLAttribute.cpp \ + binding/impl/XMLProtocolProvider.cpp \ + handler/impl/AbstractHandler.cpp \ + handler/impl/AdminLogoutInitiator.cpp \ + handler/impl/AssertionConsumerService.cpp \ + handler/impl/AssertionLookup.cpp \ + handler/impl/AttributeCheckerHandler.cpp \ + handler/impl/ChainingLogoutInitiator.cpp \ + handler/impl/ChainingSessionInitiator.cpp \ + handler/impl/CookieSessionInitiator.cpp \ + handler/impl/DiscoveryFeed.cpp \ + handler/impl/ExternalAuthHandler.cpp \ + handler/impl/FormSessionInitiator.cpp \ + handler/impl/LocalLogoutInitiator.cpp \ + handler/impl/LogoutHandler.cpp \ + handler/impl/LogoutInitiator.cpp \ + handler/impl/MetadataGenerator.cpp \ + handler/impl/RemotedHandler.cpp \ + handler/impl/SAML1Consumer.cpp \ + handler/impl/SAML2Consumer.cpp \ + handler/impl/SAML2ArtifactResolution.cpp \ + handler/impl/SAML2Logout.cpp \ + handler/impl/SAML2LogoutInitiator.cpp \ + handler/impl/SAML2NameIDMgmt.cpp \ + handler/impl/SAML2SessionInitiator.cpp \ + handler/impl/SAMLDSSessionInitiator.cpp \ + handler/impl/SecuredHandler.cpp \ + handler/impl/SessionHandler.cpp \ + handler/impl/SessionInitiator.cpp \ + handler/impl/Shib1SessionInitiator.cpp \ + handler/impl/StatusHandler.cpp \ + handler/impl/TransformSessionInitiator.cpp \ + handler/impl/WAYFSessionInitiator.cpp \ + impl/ChainingAccessControl.cpp \ + impl/StoredSession.cpp \ + impl/StorageServiceSessionCache.cpp \ + impl/XMLAccessControl.cpp \ + impl/XMLApplication.cpp \ + impl/XMLRequestMapper.cpp \ + impl/XMLServiceProvider.cpp \ + remoting/impl/ddf.cpp \ + remoting/impl/ListenerService.cpp \ + remoting/impl/SocketListener.cpp \ + remoting/impl/TCPListener.cpp \ + remoting/impl/UnixListener.cpp \ + util/CGIParser.cpp \ + util/DOMPropertySet.cpp \ + util/IPRange.cpp \ + util/SPConstants.cpp \ + util/TemplateParameters.cpp + +libshibsp_lite_la_SOURCES = \ + ${common_sources} \ + lite/CommonDomainCookie.cpp \ + lite/SAMLConstants.cpp + +libshibsp_la_SOURCES = \ + ${common_sources} \ + attribute/Base64AttributeDecoder.cpp \ + attribute/DOMAttributeDecoder.cpp \ + attribute/KeyInfoAttributeDecoder.cpp \ + attribute/NameIDAttributeDecoder.cpp \ + attribute/NameIDFromScopedAttributeDecoder.cpp \ + attribute/ScopedAttributeDecoder.cpp \ + attribute/StringAttributeDecoder.cpp \ + attribute/XMLAttributeDecoder.cpp \ + attribute/filtering/impl/AttributeFilter.cpp \ + attribute/filtering/impl/ChainingAttributeFilter.cpp \ + attribute/filtering/impl/DummyAttributeFilter.cpp \ + attribute/filtering/impl/XMLAttributeFilter.cpp \ + attribute/filtering/impl/BasicFilteringContext.cpp \ + attribute/filtering/impl/MatchFunctor.cpp \ + attribute/filtering/impl/AndMatchFunctor.cpp \ + attribute/filtering/impl/AnyMatchFunctor.cpp \ + attribute/filtering/impl/NotMatchFunctor.cpp \ + attribute/filtering/impl/OrMatchFunctor.cpp \ + attribute/filtering/impl/AttributeIssuerStringFunctor.cpp \ + attribute/filtering/impl/AttributeRequesterStringFunctor.cpp \ + attribute/filtering/impl/AttributeScopeStringFunctor.cpp \ + attribute/filtering/impl/AttributeValueStringFunctor.cpp \ + attribute/filtering/impl/AuthenticationMethodStringFunctor.cpp \ + attribute/filtering/impl/AttributeIssuerRegexFunctor.cpp \ + attribute/filtering/impl/AttributeRequesterRegexFunctor.cpp \ + attribute/filtering/impl/AttributeScopeRegexFunctor.cpp \ + attribute/filtering/impl/AttributeValueRegexFunctor.cpp \ + attribute/filtering/impl/AuthenticationMethodRegexFunctor.cpp \ + attribute/filtering/impl/NameIDQualifierStringFunctor.cpp \ + attribute/filtering/impl/NumberOfAttributeValuesFunctor.cpp \ + attribute/filtering/impl/AttributeIssuerInEntityGroupFunctor.cpp \ + attribute/filtering/impl/AttributeRequesterInEntityGroupFunctor.cpp \ + attribute/filtering/impl/AttributeIssuerEntityAttributeFunctor.cpp \ + attribute/filtering/impl/AttributeRequesterEntityAttributeFunctor.cpp \ + attribute/filtering/impl/AttributeIssuerEntityMatcherFunctor.cpp \ + attribute/filtering/impl/AttributeRequesterEntityMatcherFunctor.cpp \ + attribute/filtering/impl/AttributeMatchesShibMDScopeFunctor.cpp \ + attribute/filtering/impl/RegistrationAuthorityFunctor.cpp \ + attribute/resolver/impl/ChainingAttributeResolver.cpp \ + attribute/resolver/impl/QueryAttributeResolver.cpp \ + attribute/resolver/impl/SimpleAggregationAttributeResolver.cpp \ + attribute/resolver/impl/AssertionAttributeExtractor.cpp \ + attribute/resolver/impl/ChainingAttributeExtractor.cpp \ + attribute/resolver/impl/DelegationAttributeExtractor.cpp \ + attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp \ + attribute/resolver/impl/MetadataAttributeExtractor.cpp \ + attribute/resolver/impl/XMLAttributeExtractor.cpp \ + binding/impl/ArtifactResolver.cpp \ + binding/impl/SOAPClient.cpp \ + impl/TransactionLog.cpp \ + impl/XMLSecurityPolicyProvider.cpp \ + metadata/DynamicMetadataProvider.cpp \ + metadata/MetadataExtImpl.cpp \ + metadata/MetadataExtSchemaValidators.cpp \ + metadata/MetadataProviderCriteria.cpp \ + security/PKIXTrustEngine.cpp \ + security/SecurityPolicy.cpp + +# this is different from the project version +# http://sources.redhat.com/autobook/autobook/autobook_91.html +libshibsp_la_LDFLAGS = -version-info 8:3:0 +libshibsp_la_CXXFLAGS = \ + $(AM_CXXFLAGS) \ + $(BOOST_CPPFLAGS) \ + $(PTHREAD_CFLAGS) \ + $(gss_CFLAGS) $(gnu_gss_CFLAGS) \ + $(log4shib_CFLAGS) $(log4cpp_CFLAGS) \ + $(opensaml_CFLAGS) \ + $(xerces_CFLAGS) \ + $(xmlsec_CFLAGS) \ + $(xmltooling_CFLAGS) +libshibsp_la_LIBADD = \ + $(PTHREAD_LIBS) \ + $(gss_LIBS) $(gnu_gss_LIBS) \ + $(log4shib_LIBS) $(log4cpp_LIBS) \ + $(opensaml_LIBS) \ + $(xerces_LIBS) \ + $(xmlsec_LIBS) \ + $(xmltooling_LIBS) +libshibsp_lite_la_LDFLAGS = -version-info 8:3:0 +libshibsp_lite_la_CXXFLAGS = -DSHIBSP_LITE \ + $(AM_CXXFLAGS) \ + $(BOOST_CPPFLAGS) \ + $(PTHREAD_CFLAGS) \ + $(gss_CFLAGS) $(gnu_gss_CFLAGS) \ + $(log4shib_CFLAGS) $(log4cpp_CFLAGS) \ + $(xerces_CFLAGS) \ + $(xmltooling_lite_CFLAGS) +libshibsp_lite_la_LIBADD = \ + $(PTHREAD_LIBS) \ + $(gss_LIBS) $(gnu_gss_LIBS) \ + $(log4shib_LIBS) $(log4cpp_LIBS) \ + $(xerces_LIBS) \ + $(xmltooling_lite_LIBS) + +pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ +pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +logdir = ${localstatedir}/log +rundir = $(localstatedir)/run +cachedir = $(localstatedir)/cache +xmldir = $(datadir)/xml + +paths.h: ${srcdir}/paths.h.in Makefile ${top_builddir}/config.status + rm -f [email protected] + sed < ${srcdir}/[email protected] > [email protected] \ + -e 's:@-PREFIX-@:${prefix}:g' \ + -e 's:@-LIBDIR-@:${libdir}:g' \ + -e 's:@-SYSCONFDIR-@:${sysconfdir}:g' \ + -e 's:@-LOGDIR-@:${logdir}:g' \ + -e 's:@-RUNDIR-@:${rundir}:g' \ + -e 's:@-CACHEDIR-@:${cachedir}:g' \ + -e 's:@-XMLDIR-@:${xmldir}:g' \ + -e 's:@-PKGSYSCONFDIR-@:${pkgsysconfdir}:g' \ + -e 's:@-PKGXMLDIR-@:${pkgxmldir}:g' \ + -e 's:@-XMLTOOLINGXMLDIR-@:${XMLTOOLINGXMLDIR}:g' \ + -e 's:@-OPENSAMLXMLDIR-@:${OPENSAMLXMLDIR}:g' + cmp -s $@ [email protected] || mv [email protected] $@ + rm -f [email protected] + +EXTRA_DIST = \ + config_pub.h.in \ + config_pub_win32.h\ + paths.h.in \ + resource.h \ + shibsp.rc + +BUILT_SOURCES = paths.h + +CLEANFILES = paths.h diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibsp/handler/impl/ExternalAuthHandler.cpp new/shibboleth-sp-3.0.3/shibsp/handler/impl/ExternalAuthHandler.cpp --- old/shibboleth-sp-3.0.2/shibsp/handler/impl/ExternalAuthHandler.cpp 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibsp/handler/impl/ExternalAuthHandler.cpp 2018-12-19 16:54:42.000000000 +0100 @@ -450,8 +450,14 @@ param = httpRequest.getParameter("AuthnInstant"); if (param && *param) { auto_ptr_XMLCh d(param); - authn_instant.reset(new XMLDateTime(d.get())); - authn_instant->parseDateTime(); + try { + authn_instant.reset(new XMLDateTime(d.get())); + authn_instant->parseDateTime(); + } + catch (const XMLException& e) { + auto_ptr_char temp(e.getMessage()); + throw XMLObjectException(temp.get() ? temp.get() : "XMLException parsing date/time value."); + } } auto_ptr_XMLCh session_index(httpRequest.getParameter("SessionIndex")); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibsp/impl/XMLApplication.cpp new/shibboleth-sp-3.0.3/shibsp/impl/XMLApplication.cpp --- old/shibboleth-sp-3.0.2/shibsp/impl/XMLApplication.cpp 2018-07-18 22:09:57.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibsp/impl/XMLApplication.cpp 2018-10-12 19:42:15.000000000 +0200 @@ -527,10 +527,26 @@ while (child) { if (!child->hasAttributeNS(nullptr, Location)) { auto_ptr_char hclass(child->getLocalName()); - log.error("%s handler with no Location property cannot be processed", hclass.get()); + log.error("%s handler with no Location property cannot be processed for application (%s)", + hclass.get(), getId()); child = XMLHelper::getNextSiblingElement(child); continue; } + + auto_ptr_char dupcheck(child->getAttributeNS(nullptr, Location)); + if (dupcheck.get() && *dupcheck.get()) { + string _dupcheck(dupcheck.get()); + if (*_dupcheck.begin() != '/') + _dupcheck.insert(_dupcheck.begin(), '/'); + if (m_handlerMap.find(_dupcheck) != m_handlerMap.end()) { + auto_ptr_char hclass(child->getLocalName()); + log.error("%s handler at duplicate Location (%s) will not be processed for application (%s)", + hclass.get(), _dupcheck.c_str(), getId()); + child = XMLHelper::getNextSiblingElement(child); + continue; + } + } + try { boost::shared_ptr<Handler> handler; if (XMLString::equals(child->getLocalName(), _AssertionConsumerService)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibsp/paths.h new/shibboleth-sp-3.0.3/shibsp/paths.h --- old/shibboleth-sp-3.0.2/shibsp/paths.h 2018-07-10 03:18:48.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibsp/paths.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,54 +0,0 @@ -/** - * Licensed to the University Corporation for Advanced Internet - * Development, Inc. (UCAID) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for - * additional information regarding copyright ownership. - * - * UCAID licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. You may obtain a copy of the - * License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, - * either express or implied. See the License for the specific - * language governing permissions and limitations under the License. - */ - -/** - * @file shibsp/paths.h - * - * Default configuration paths. - */ - -#ifndef __shibsp_paths_h__ -#define __shibsp_paths_h__ - -/** Default schema catalogs. */ -#define SHIBSP_SCHEMAS "/opt/local/share/xml/xmltooling/catalog.xml:/opt/local/share/xml/opensaml/saml20-catalog.xml:/opt/local/share/xml/opensaml/saml11-catalog.xml:/opt/shibboleth-sp/share/xml/shibboleth/catalog.xml" - -/** Default prefix for installation (used to resolve relative paths). */ -#define SHIBSP_PREFIX "/opt/shibboleth-sp" - -/** Library directory for installation (used to resolve relative paths). */ -#define SHIBSP_LIBDIR "/opt/shibboleth-sp/lib" - -/** Log directory for installation (used to resolve relative paths). */ -#define SHIBSP_LOGDIR "/opt/shibboleth-sp/var/log" - -/** Configuration directory for installation (used to resolve relative paths). */ -#define SHIBSP_CFGDIR "/opt/shibboleth-sp/etc" - -/** Runtime state directory for installation (used to resolve relative paths). */ -#define SHIBSP_RUNDIR "/opt/shibboleth-sp/var/run" - -/** Cache directory for installation (used to resolve relative paths). */ -#define SHIBSP_CACHEDIR "/opt/shibboleth-sp/var/cache" - -/** XML directory for installation (used to resolve relative paths). */ -#define SHIBSP_XMLDIR "/opt/shibboleth-sp/share/xml" - -#endif /* __shibsp_paths_h__ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibsp/remoting/impl/SocketListener.cpp new/shibboleth-sp-3.0.3/shibsp/remoting/impl/SocketListener.cpp --- old/shibboleth-sp-3.0.2/shibsp/remoting/impl/SocketListener.cpp 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibsp/remoting/impl/SocketListener.cpp 2018-12-13 16:31:25.000000000 +0100 @@ -376,7 +376,7 @@ except=XMLToolingException::fromString(out.string()); log->error("remoted message returned an error: %s", except->what()); } - catch (XMLToolingException& e) { + catch (const XMLToolingException& e) { log->error("caught XMLToolingException while building the XMLToolingException: %s", e.what()); log->error("XML was: %s", out.string()); throw ListenerException("Remote call failed with an unparsable exception."); @@ -560,6 +560,15 @@ // Dispatch the message. m_listener->receive(in, sink); } + catch (const xercesc::XMLException& e) { + auto_ptr_char temp(e.getMessage()); + if (incomingError) + log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message"); + XMLParserException ex(string("Xerces error: ") + (temp.get() ? temp.get() : "no message")); + DDF out=DDF("exception").string(ex.toString().c_str()); + DDFJanitor jout(out); + sink << out; + } catch (const XMLToolingException& e) { if (incomingError) log.error("error processing incoming message: %s", e.what()); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibsp/shibsp.rc new/shibboleth-sp-3.0.3/shibsp/shibsp.rc --- old/shibboleth-sp-3.0.2/shibsp/shibsp.rc 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibsp/shibsp.rc 2018-11-01 15:09:17.000000000 +0100 @@ -64,7 +64,7 @@ VALUE "InternalName", "shibsp3_0\0" #endif #endif - VALUE "LegalCopyright", "Copyright � 2017 UCAID\0" + VALUE "LegalCopyright", "Copyright � 2018 UCAID\0" VALUE "LegalTrademarks", "\0" #ifdef SHIBSP_LITE #ifdef _DEBUG @@ -80,8 +80,8 @@ #endif #endif VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 3.0.0\0" - VALUE "ProductVersion", "3, 0, 0, 0\0" + VALUE "ProductName", "Shibboleth 3.0.3\0" + VALUE "ProductVersion", "3, 0, 3, 0\0" VALUE "SpecialBuild", "\0" END END diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/shibsp/version.h new/shibboleth-sp-3.0.3/shibsp/version.h --- old/shibboleth-sp-3.0.2/shibsp/version.h 2018-08-01 19:56:31.000000000 +0200 +++ new/shibboleth-sp-3.0.3/shibsp/version.h 2018-10-12 20:06:42.000000000 +0200 @@ -44,7 +44,7 @@ #define SHIBSP_VERSION_MAJOR 3 #define SHIBSP_VERSION_MINOR 0 -#define SHIBSP_VERSION_REVISION 2 +#define SHIBSP_VERSION_REVISION 3 /** DO NOT MODIFY BELOW THIS LINE */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/unittests/Makefile.am new/shibboleth-sp-3.0.3/unittests/Makefile.am --- old/shibboleth-sp-3.0.2/unittests/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/unittests/Makefile.am 2018-10-12 20:04:00.000000000 +0200 @@ -2,7 +2,12 @@ if BUILD_UNITTEST bin_PROGRAMS = shibsptest -shibsptest_CXXFLAGS = $(CXXFLAGS) $(CXXTESTFLAGS) +shibsptest_CXXFLAGS = \ + $(AM_CXXFLAGS) \ + $(CXXTESTFLAGS) \ + $(opensaml_CFLAGS) \ + $(xerces_CFLAGS) \ + $(xmltooling_CFLAGS) else bin_PROGRAMS = endif @@ -33,6 +38,10 @@ $(nodist_shibsptest_SOURCES): %.cpp: %.h $(MAKE) do-cxxtestgen HFILE=$< CPPFILE=$@ -shibsptest_LDADD = $(top_builddir)/shibsp/libshibsp.la +shibsptest_LDADD = \ + $(top_builddir)/shibsp/libshibsp.la \ + $(opensaml_LIBS) \ + $(xerces_LIBS) \ + $(xmltooling_LIBS) EXTRA_DIST = data diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shibboleth-sp-3.0.2/util/Makefile.am new/shibboleth-sp-3.0.3/util/Makefile.am --- old/shibboleth-sp-3.0.2/util/Makefile.am 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.3/util/Makefile.am 2018-10-12 20:03:02.000000000 +0200 @@ -5,6 +5,7 @@ resolvertest_SOURCES = resolvertest.cpp resolvertest_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ $(log4shib_CFLAGS) $(log4cpp_CFLAGS) \ $(opensaml_CFLAGS) \ @@ -25,6 +26,7 @@ resolvertest.rc mdquery_CXXFLAGS = \ + $(AM_CXXFLAGS) \ $(log4shib_CFLAGS) $(log4cpp_CFLAGS) \ $(opensaml_CFLAGS) \ $(xerces_CFLAGS) \
