Hello community, here is the log from the commit of package shibboleth-sp for openSUSE:Factory checked in at 2019-03-26 15:44:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shibboleth-sp (Old) and /work/SRC/openSUSE:Factory/.shibboleth-sp.new.25356 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shibboleth-sp" Tue Mar 26 15:44:22 2019 rev:12 rq:688165 version:3.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/shibboleth-sp/shibboleth-sp.changes 2019-02-24 17:18:30.504417334 +0100 +++ /work/SRC/openSUSE:Factory/.shibboleth-sp.new.25356/shibboleth-sp.changes 2019-03-26 15:44:37.148135976 +0100 @@ -1,0 +2,8 @@ +Wed Mar 20 13:06:50 UTC 2019 - Kristýna Streitová <[email protected]> + +- update to 3.0.4 + * list of fixes and enhancements + https://issues.shibboleth.net/jira/browse/SSPCPP-851?filter=12771 +- update xmltooling and opensaml versions in "Requires" + +------------------------------------------------------------------- Old: ---- shibboleth-sp-3.0.3.tar.bz2 shibboleth-sp-3.0.3.tar.bz2.asc New: ---- shibboleth-sp-3.0.4.tar.bz2 shibboleth-sp-3.0.4.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shibboleth-sp.spec ++++++ --- /var/tmp/diff_new_pack.dXUAkp/_old 2019-03-26 15:44:38.044134926 +0100 +++ /var/tmp/diff_new_pack.dXUAkp/_new 2019-03-26 15:44:38.044134926 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -28,7 +28,7 @@ %define realname shibboleth %define pkgdocdir %{_docdir}/%{realname} Name: shibboleth-sp -Version: 3.0.3 +Version: 3.0.4 Release: 0 Summary: System for attribute-based Web Single Sign On License: Apache-2.0 @@ -47,19 +47,19 @@ BuildRequires: krb5-devel BuildRequires: liblog4shib-devel >= 2 BuildRequires: libmemcached-devel -BuildRequires: libsaml-devel >= 3.0.0 +BuildRequires: libsaml-devel >= 3.0.1 BuildRequires: libtool BuildRequires: libxerces-c-devel >= 3.2 BuildRequires: libxml-security-c-devel >= 2.0.0 -BuildRequires: libxmltooling-devel >= 3.0.0 +BuildRequires: libxmltooling-devel >= 3.0.4 BuildRequires: pkgconfig BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros BuildRequires: unixODBC-devel BuildRequires: zlib-devel Requires: openssl -PreReq: opensaml-schemas >= 3.0.0 -PreReq: xmltooling-schemas >= 3.0.0 +PreReq: opensaml-schemas >= 3.0.1 +PreReq: xmltooling-schemas >= 3.0.4 Requires(pre): pwdutils Obsoletes: shibboleth-sp = 2.5.0 %{?systemd_requires} @@ -104,12 +104,12 @@ Group: Development/Libraries/C and C++ Requires: %{name} = %{version}-%{release} Requires: liblog4shib-devel >= 2 -Requires: libsaml-devel >= 3.0.0 +Requires: libsaml-devel >= 3.0.1 Requires: libshibsp%{libvers} = %{version}-%{release} Requires: libshibsp-lite%{libvers} = %{version}-%{release} Requires: libxerces-c-devel >= 3.2 Requires: libxml-security-c-devel >= 2.0.0 -Requires: libxmltooling-devel >= 3.0.0 +Requires: libxmltooling-devel >= 3.0.4 Obsoletes: shibboleth-sp-devel = 2.5.0 %description devel ++++++ shibboleth-sp-3.0.3.tar.bz2 -> shibboleth-sp-3.0.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/config_win32.h new/shibboleth-sp-3.0.4/config_win32.h --- old/shibboleth-sp-3.0.3/config_win32.h 2018-10-12 20:06:42.000000000 +0200 +++ new/shibboleth-sp-3.0.4/config_win32.h 2019-03-08 16:09:43.000000000 +0100 @@ -121,13 +121,13 @@ #define PACKAGE_NAME "shibboleth" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "shibboleth 3.0.3" +#define PACKAGE_STRING "shibboleth 3.0.4" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "shibboleth-sp" /* Define to the version of this package. */ -#define PACKAGE_VERSION "3.0.3" +#define PACKAGE_VERSION "3.0.4" /* Define to the necessary symbol if this constant uses a non-standard name on your system. */ @@ -140,7 +140,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "3.0.3" +#define VERSION "3.0.4" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/configure new/shibboleth-sp-3.0.4/configure --- old/shibboleth-sp-3.0.3/configure 2018-12-12 20:16:00.000000000 +0100 +++ new/shibboleth-sp-3.0.4/configure 2019-03-08 16:15:39.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for shibboleth 3.0.3. +# Generated by GNU Autoconf 2.69 for shibboleth 3.0.4. # # Report bugs to <https://issues.shibboleth.net/>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='shibboleth' PACKAGE_TARNAME='shibboleth-sp' -PACKAGE_VERSION='3.0.3' -PACKAGE_STRING='shibboleth 3.0.3' +PACKAGE_VERSION='3.0.4' +PACKAGE_STRING='shibboleth 3.0.4' PACKAGE_BUGREPORT='https://issues.shibboleth.net/' PACKAGE_URL='' @@ -1522,7 +1522,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures shibboleth 3.0.3 to adapt to many kinds of systems. +\`configure' configures shibboleth 3.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1592,7 +1592,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of shibboleth 3.0.3:";; + short | recursive ) echo "Configuration of shibboleth 3.0.4:";; esac cat <<\_ACEOF @@ -1792,7 +1792,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -shibboleth configure 3.0.3 +shibboleth configure 3.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2670,7 +2670,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by shibboleth $as_me 3.0.3, which was +It was created by shibboleth $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3535,7 +3535,7 @@ # Define the identity of the package. PACKAGE='shibboleth-sp' - VERSION='3.0.3' + VERSION='3.0.4' cat >>confdefs.h <<_ACEOF @@ -24198,7 +24198,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by shibboleth $as_me 3.0.3, which was +This file was extended by shibboleth $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24264,7 +24264,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -shibboleth config.status 3.0.3 +shibboleth config.status 3.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/configure.ac new/shibboleth-sp-3.0.4/configure.ac --- old/shibboleth-sp-3.0.3/configure.ac 2018-10-12 20:06:42.000000000 +0200 +++ new/shibboleth-sp-3.0.4/configure.ac 2019-03-08 16:09:43.000000000 +0100 @@ -1,5 +1,5 @@ AC_PREREQ([2.50]) -AC_INIT([shibboleth],[3.0.3],[https://issues.shibboleth.net/],[shibboleth-sp]) +AC_INIT([shibboleth],[3.0.4],[https://issues.shibboleth.net/],[shibboleth-sp]) AC_CONFIG_SRCDIR(shibsp) AC_CONFIG_AUX_DIR(build-aux) AC_CONFIG_MACRO_DIR(m4) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/isapi_shib/isapi_shib.rc new/shibboleth-sp-3.0.4/isapi_shib/isapi_shib.rc --- old/shibboleth-sp-3.0.3/isapi_shib/isapi_shib.rc 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.4/isapi_shib/isapi_shib.rc 2019-03-08 16:09:43.000000000 +0100 @@ -25,8 +25,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION RC_FILE_VERSION ,1 - PRODUCTVERSION RC_PRODUCT_VERSION,1 + FILEVERSION RC_FILE_VERSION,0 + PRODUCTVERSION RC_PRODUCT_VERSION,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibboleth.spec new/shibboleth-sp-3.0.4/shibboleth.spec --- old/shibboleth-sp-3.0.3/shibboleth.spec 2018-12-12 20:16:24.000000000 +0100 +++ new/shibboleth-sp-3.0.4/shibboleth.spec 2019-03-08 16:16:06.000000000 +0100 @@ -1,5 +1,5 @@ Name: shibboleth -Version: 3.0.3 +Version: 3.0.4 Release: 1 Summary: Open source system for attribute-based Web SSO Group: Productivity/Networking/Security diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/Application.cpp new/shibboleth-sp-3.0.4/shibsp/Application.cpp --- old/shibboleth-sp-3.0.3/shibsp/Application.cpp 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.4/shibsp/Application.cpp 2019-01-14 20:22:42.000000000 +0100 @@ -109,15 +109,9 @@ void Application::clearAttributeHeaders(SPRequest& request) const { if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) { - for_each( - m_unsetHeaders.begin(), m_unsetHeaders.end(), - boost::bind( - &SPRequest::clearHeader, - boost::ref(request), - boost::bind(&string::c_str, boost::bind(&pair<string,string>::first, _1)), - boost::bind(&string::c_str, boost::bind(&pair<string,string>::second, _1)) - ) - ); + for (vector< pair<string,string> >::const_iterator i = m_unsetHeaders.begin(); i != m_unsetHeaders.end(); ++i) { + request.clearHeader(i->first.c_str(), i->second.c_str()); + } return; } @@ -148,15 +142,9 @@ // Now holding read lock. SharedLock unsetLock(m_lock, false); - for_each( - m_unsetHeaders.begin(), m_unsetHeaders.end(), - boost::bind( - &SPRequest::clearHeader, - boost::ref(request), - boost::bind(&string::c_str, boost::bind(&pair<string,string>::first, _1)), - boost::bind(&string::c_str, boost::bind(&pair<string,string>::second, _1)) - ) - ); + for (vector< pair<string,string> >::const_iterator i = m_unsetHeaders.begin(); i != m_unsetHeaders.end(); ++i) { + request.clearHeader(i->first.c_str(), i->second.c_str()); + } } void Application::limitRedirect(const GenericRequest& request, const char* url) const diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/Makefile.am new/shibboleth-sp-3.0.4/shibsp/Makefile.am --- old/shibboleth-sp-3.0.3/shibsp/Makefile.am 2018-10-12 20:09:40.000000000 +0200 +++ new/shibboleth-sp-3.0.4/shibsp/Makefile.am 2019-03-08 16:09:43.000000000 +0100 @@ -243,7 +243,7 @@ # this is different from the project version # http://sources.redhat.com/autobook/autobook/autobook_91.html -libshibsp_la_LDFLAGS = -version-info 8:3:0 +libshibsp_la_LDFLAGS = -version-info 8:4:0 libshibsp_la_CXXFLAGS = \ $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ @@ -262,7 +262,7 @@ $(xerces_LIBS) \ $(xmlsec_LIBS) \ $(xmltooling_LIBS) -libshibsp_lite_la_LDFLAGS = -version-info 8:3:0 +libshibsp_lite_la_LDFLAGS = -version-info 8:4:0 libshibsp_lite_la_CXXFLAGS = -DSHIBSP_LITE \ $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/Makefile.in new/shibboleth-sp-3.0.4/shibsp/Makefile.in --- old/shibboleth-sp-3.0.3/shibsp/Makefile.in 2018-12-12 20:15:59.000000000 +0100 +++ new/shibboleth-sp-3.0.4/shibsp/Makefile.in 2019-03-08 16:15:39.000000000 +0100 @@ -1053,7 +1053,7 @@ # this is different from the project version # http://sources.redhat.com/autobook/autobook/autobook_91.html -libshibsp_la_LDFLAGS = -version-info 8:3:0 +libshibsp_la_LDFLAGS = -version-info 8:4:0 libshibsp_la_CXXFLAGS = \ $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ @@ -1074,7 +1074,7 @@ $(xmlsec_LIBS) \ $(xmltooling_LIBS) -libshibsp_lite_la_LDFLAGS = -version-info 8:3:0 +libshibsp_lite_la_LDFLAGS = -version-info 8:4:0 libshibsp_lite_la_CXXFLAGS = -DSHIBSP_LITE \ $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/handler/impl/AbstractHandler.cpp new/shibboleth-sp-3.0.4/shibsp/handler/impl/AbstractHandler.cpp --- old/shibboleth-sp-3.0.3/shibsp/handler/impl/AbstractHandler.cpp 2018-08-01 19:56:31.000000000 +0200 +++ new/shibboleth-sp-3.0.4/shibsp/handler/impl/AbstractHandler.cpp 2019-03-08 16:09:43.000000000 +0100 @@ -646,8 +646,35 @@ postkey = string(mech.second-3) + ':' + out.string(); } - // Set a cookie with key info. pair<string,const char*> shib_cookie = getPostCookieNameProps(application, relayState); + + // Purge any cookies in excess of 25. + int maxCookies = 25,purgedCookies = 0; + string exp; + + // Walk the list of cookies backwards by name. + const map<string,string>& cookies = request.getCookies(); + for (map<string,string>::const_reverse_iterator i = cookies.rbegin(); i != cookies.rend(); ++i) { + // Process post data cookies only. + if (starts_with(i->first, "_shibpost_")) { + if (maxCookies > 0) { + // Keep it, but count it against the limit. + --maxCookies; + } + else { + // We're over the limit, so everything here and older gets cleaned up. + if (exp.empty()) + exp = string(shib_cookie.second) + "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; + response.setCookie(i->first.c_str(), exp.c_str()); + ++purgedCookies; + } + } + } + + if (purgedCookies > 0) + log(SPRequest::SPDebug, string("purged ") + lexical_cast<string>(purgedCookies) + " stale POST preservation cookie(s) from client"); + + // Set a cookie with key info. postkey += shib_cookie.second; response.setCookie(shib_cookie.first.c_str(), postkey.c_str()); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/impl/StorageServiceSessionCache.cpp new/shibboleth-sp-3.0.4/shibsp/impl/StorageServiceSessionCache.cpp --- old/shibboleth-sp-3.0.3/shibsp/impl/StorageServiceSessionCache.cpp 2018-07-10 03:17:23.000000000 +0200 +++ new/shibboleth-sp-3.0.4/shibsp/impl/StorageServiceSessionCache.cpp 2019-03-08 16:09:43.000000000 +0100 @@ -1402,7 +1402,9 @@ pcache->m_log.info("purging %d old sessions", stale_keys.size()); // Pass 2: walk through the list of stale entries and remove them from the cache - for_each(stale_keys.begin(), stale_keys.end(), boost::bind(&SSCache::dormant, pcache, boost::bind(&string::c_str, _1))); + for (vector<string>::const_iterator i = stale_keys.begin(); i != stale_keys.end(); ++i) { + pcache->dormant(i->c_str()); + } } pcache->m_log.debug("cleanup thread completed"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/impl/XMLApplication.cpp new/shibboleth-sp-3.0.4/shibsp/impl/XMLApplication.cpp --- old/shibboleth-sp-3.0.3/shibsp/impl/XMLApplication.cpp 2018-10-12 19:42:15.000000000 +0200 +++ new/shibboleth-sp-3.0.4/shibsp/impl/XMLApplication.cpp 2019-03-08 16:09:43.000000000 +0100 @@ -716,6 +716,21 @@ if (!hasChildElements) { // Append a session initiator element of the designated type to the root element. DOMElement* sidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _SessionInitiator); + + // Copy in any attributes from the <SSO> element so they can be accessed as properties in the SI handler + // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware. + // The property-based lookups will walk up the DOM tree but the DOM-only code won't. + for (XMLSize_t p = 0; p < ssopropslen; ++p) { + DOMNode* ssoprop = ssoprops->item(p); + if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) { + sidom->setAttributeNS( + ((DOMAttr*)ssoprop)->getNamespaceURI(), + ((DOMAttr*)ssoprop)->getLocalName(), + ((DOMAttr*)ssoprop)->getValue() + ); + } + } + sidom->setAttributeNS(nullptr, _type, inittype.second); e->appendChild(sidom); log.info("adding SessionInitiator of type (%s) to chain (/Login)", initiator->getString("id").second); @@ -740,7 +755,8 @@ if (idprop.first && pathprop.first) { DOMElement* acsdom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _AssertionConsumerService); - // Copy in any attributes from the <SSO> element so they can be accessed as properties in the ACS handler. + // Copy in any attributes from the <SSO> element so they can be accessed as properties in the ACS handler, + // since the handlers aren't attached to the SSO element. for (XMLSize_t p = 0; p < ssopropslen; ++p) { DOMNode* ssoprop = ssoprops->item(p); if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) { @@ -806,6 +822,21 @@ if (discou && *discou) { // Append a session initiator element of the designated type to the root element. DOMElement* sidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _SessionInitiator); + + // Copy in any attributes from the <SSO> element so they can be accessed as properties in the SI handler + // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware. + // The property-based lookups will walk up the DOM tree but the DOM-only code won't. + for (XMLSize_t p = 0; p < ssopropslen; ++p) { + DOMNode* ssoprop = ssoprops->item(p); + if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) { + sidom->setAttributeNS( + ((DOMAttr*)ssoprop)->getNamespaceURI(), + ((DOMAttr*)ssoprop)->getLocalName(), + ((DOMAttr*)ssoprop)->getValue() + ); + } + } + sidom->setAttributeNS(nullptr, _type, discop); sidom->setAttributeNS(nullptr, _URL, discou); e->appendChild(sidom); @@ -862,6 +893,21 @@ if (!hasChildElements) { // Append a logout initiator element of the designated type to the root element. DOMElement* lidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _LogoutInitiator); + + // Copy in any attributes from the <Logout> element so they can be accessed as properties in the LI handler + // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware. + // The property-based lookups will walk up the DOM tree but the DOM-only code won't. + for (XMLSize_t p = 0; p < slopropslen; ++p) { + DOMNode* sloprop = sloprops->item(p); + if (sloprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) { + lidom->setAttributeNS( + ((DOMAttr*)sloprop)->getNamespaceURI(), + ((DOMAttr*)sloprop)->getLocalName(), + ((DOMAttr*)sloprop)->getValue() + ); + } + } + lidom->setAttributeNS(nullptr, _type, inittype.second); e->appendChild(lidom); log.info("adding LogoutInitiator of type (%s) to chain (/Logout)", initiator->getString("id").second); @@ -1499,14 +1545,20 @@ whitelist.push_back(string("http://";) + request.getHostname() + ':'); } - static bool (*startsWithI)(const char*,const char*) = XMLString::startsWithI; - if (!whitelist.empty() && find_if(whitelist.begin(), whitelist.end(), - boost::bind(startsWithI, url, boost::bind(&string::c_str, _1))) != whitelist.end()) { - return; - } - else if (!m_redirectWhitelist.empty() && find_if(m_redirectWhitelist.begin(), m_redirectWhitelist.end(), - boost::bind(startsWithI, url, boost::bind(&string::c_str, _1))) != m_redirectWhitelist.end()) { - return; + if (!whitelist.empty()) { + for (vector<string>::const_iterator i = whitelist.begin(); i != whitelist.end(); ++i) { + if (XMLString::startsWithI(url, i->c_str())) { + return; + } + } + } + + if (!m_redirectWhitelist.empty()) { + for (vector<string>::const_iterator i = m_redirectWhitelist.begin(); i != m_redirectWhitelist.end(); ++i) { + if (XMLString::startsWithI(url, i->c_str())) { + return; + } + } } Category::getInstance(SHIBSP_LOGCAT ".Application").warn("redirectLimit policy enforced, blocked redirect to (%s)", url); throw opensaml::SecurityPolicyException("Blocked unacceptable redirect location."); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/remoting/impl/SocketListener.cpp new/shibboleth-sp-3.0.4/shibsp/remoting/impl/SocketListener.cpp --- old/shibboleth-sp-3.0.3/shibsp/remoting/impl/SocketListener.cpp 2018-12-13 16:31:25.000000000 +0100 +++ new/shibboleth-sp-3.0.4/shibsp/remoting/impl/SocketListener.cpp 2019-03-08 16:09:43.000000000 +0100 @@ -34,7 +34,9 @@ #include <stack> #include <sstream> #include <boost/lexical_cast.hpp> +#include <xercesc/sax/SAXException.hpp> #include <xercesc/util/XMLUniDefs.hpp> +#include <xercesc/util/OutOfMemoryException.hpp> #include <xmltooling/util/NDC.h> #include <xmltooling/util/XMLHelper.h> @@ -560,6 +562,24 @@ // Dispatch the message. m_listener->receive(in, sink); } + catch (const xercesc::DOMException& e) { + auto_ptr_char temp(e.getMessage()); + if (incomingError) + log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message"); + XMLParserException ex(string("DOM error: ") + (temp.get() ? temp.get() : "no message")); + DDF out=DDF("exception").string(ex.toString().c_str()); + DDFJanitor jout(out); + sink << out; + } + catch (const xercesc::SAXException& e) { + auto_ptr_char temp(e.getMessage()); + if (incomingError) + log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message"); + XMLParserException ex(string("SAX error: ") + (temp.get() ? temp.get() : "no message")); + DDF out=DDF("exception").string(ex.toString().c_str()); + DDFJanitor jout(out); + sink << out; + } catch (const xercesc::XMLException& e) { auto_ptr_char temp(e.getMessage()); if (incomingError) @@ -568,6 +588,15 @@ DDF out=DDF("exception").string(ex.toString().c_str()); DDFJanitor jout(out); sink << out; + } + catch (const xercesc::OutOfMemoryException& e) { + auto_ptr_char temp(e.getMessage()); + if (incomingError) + log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message"); + XMLParserException ex(string("Out of memory error: ") + (temp.get() ? temp.get() : "no message")); + DDF out=DDF("exception").string(ex.toString().c_str()); + DDFJanitor jout(out); + sink << out; } catch (const XMLToolingException& e) { if (incomingError) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/shibsp.rc new/shibboleth-sp-3.0.4/shibsp/shibsp.rc --- old/shibboleth-sp-3.0.3/shibsp/shibsp.rc 2018-11-01 15:09:17.000000000 +0100 +++ new/shibboleth-sp-3.0.4/shibsp/shibsp.rc 2019-03-08 16:09:43.000000000 +0100 @@ -64,7 +64,7 @@ VALUE "InternalName", "shibsp3_0\0" #endif #endif - VALUE "LegalCopyright", "Copyright � 2018 UCAID\0" + VALUE "LegalCopyright", "Copyright 2019 UCAID\0" VALUE "LegalTrademarks", "\0" #ifdef SHIBSP_LITE #ifdef _DEBUG @@ -80,8 +80,8 @@ #endif #endif VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 3.0.3\0" - VALUE "ProductVersion", "3, 0, 3, 0\0" + VALUE "ProductName", "Shibboleth 3.0.4\0" + VALUE "ProductVersion", "3, 0, 4, 0\0" VALUE "SpecialBuild", "\0" END END diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shibboleth-sp-3.0.3/shibsp/version.h new/shibboleth-sp-3.0.4/shibsp/version.h --- old/shibboleth-sp-3.0.3/shibsp/version.h 2018-10-12 20:06:42.000000000 +0200 +++ new/shibboleth-sp-3.0.4/shibsp/version.h 2019-03-08 16:09:43.000000000 +0100 @@ -44,7 +44,7 @@ #define SHIBSP_VERSION_MAJOR 3 #define SHIBSP_VERSION_MINOR 0 -#define SHIBSP_VERSION_REVISION 3 +#define SHIBSP_VERSION_REVISION 4 /** DO NOT MODIFY BELOW THIS LINE */
