git: 19889886e54f - main - security/shibboleth-sp: Update to 3.2.2

Palle Girgensohn girgen at FreeBSD.org
Mon Apr 26 08:51:25 UTC 2021 

The branch main has been updated by girgen:

URL: https://cgit.FreeBSD.org/ports/commit/?id=19889886e54f734191490f09765d631b9b67f0a7

commit 19889886e54f734191490f09765d631b9b67f0a7
Author:     Palle Girgensohn <girgen at FreeBSD.org>
AuthorDate: 2021-04-26 08:46:07 +0000
Commit:     Palle Girgensohn <girgen at FreeBSD.org>
CommitDate: 2021-04-26 08:51:17 +0000

    security/shibboleth-sp: Update to 3.2.2
    
    This is a security fix for an issue that has not yet been disclosed. The
    vuxml entry will be updated once the CVE is available.
    
    The patch to mitigate the vulnerability was introduced already on
    2021-04-23 in the FreeBSD port as 3.2.1_1.
    
    Security:       e4403051-a667-11eb-b9c9-6cc21735f730
---
 security/shibboleth-sp/Makefile                    |  3 +--
 security/shibboleth-sp/distinfo                    |  6 ++---
 ...atch-shibsp_impl_StorageServiceSessionCache.cpp | 31 ----------------------
 security/shibboleth-sp/pkg-plist                   |  4 +--
 4 files changed, 6 insertions(+), 38 deletions(-)

diff --git a/security/shibboleth-sp/Makefile b/security/shibboleth-sp/Makefile
index 1fe26dee2eaa..fe8a495afcff 100644
--- a/security/shibboleth-sp/Makefile
+++ b/security/shibboleth-sp/Makefile
@@ -1,8 +1,7 @@
 # Created by: Janos Mohacsi <janos.mohacsi at bsd.hu>
 
 PORTNAME=	shibboleth-sp
-PORTVERSION=	3.2.1
-PORTREVISION=	1
+PORTVERSION=	3.2.2
 CATEGORIES=	security www
 MASTER_SITES=	http://shibboleth.net/downloads/service-provider/${PORTVERSION}/
 
diff --git a/security/shibboleth-sp/distinfo b/security/shibboleth-sp/distinfo
index 5732cc0e1343..ef9bd0881c4a 100644
--- a/security/shibboleth-sp/distinfo
+++ b/security/shibboleth-sp/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1615929563
-SHA256 (shibboleth-sp-3.2.1.tar.bz2) = 8acde18566bbf987c4022a6f19d0c2df0d306e9344810aec1b6b8b9100d271ef
-SIZE (shibboleth-sp-3.2.1.tar.bz2) = 811714
+TIMESTAMP = 1619424965
+SHA256 (shibboleth-sp-3.2.2.tar.bz2) = e5db65b39cd3f078ff683c792558aa549d46ffc627a70faf3ef4637b2892e767
+SIZE (shibboleth-sp-3.2.2.tar.bz2) = 816128
diff --git a/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp b/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp
deleted file mode 100644
index 7cb55f5f16d5..000000000000
--- a/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp
+++ /dev/null
@@ -1,31 +0,0 @@
-From 5a47c3b9378f4c49392dd4d15189b70956f9f2ec Mon Sep 17 00:00:00 2001
-From: Scott Cantor <cantor.2 at osu.edu>
-Date: Thu, 22 Apr 2021 15:58:43 -0400
-Subject: [PATCH] SSPCPP-927 - Check for missing DataSealer during cookie recovery
-
-https://issues.shibboleth.net/jira/browse/SSPCPP-927
-
---- shibsp/impl/StorageServiceSessionCache.cpp.orig	2020-12-07 20:51:12.000000000 +0000
-+++ shibsp/impl/StorageServiceSessionCache.cpp	2021-04-23 16:17:00.398821000 +0000
-@@ -1148,6 +1148,12 @@
-     else {
-         // We're out of process, so we can recover the session.
- #ifndef SHIBSP_LITE
-+        const DataSealer* sealer = XMLToolingConfig::getConfig().getDataSealer();
-+        if (!sealer) {
-+            m_log.warn("can't attempt recovery of session (%s), no DataSealer configured", key);
-+            return false;
-+        }
-+
-         m_log.debug("checking for revocation of session (%s)", key);
-         try {
-             if (m_storage_lite->readString("Revoked", key) > 0) {
-@@ -1174,7 +1180,7 @@
-         try {
-             dup = strdup(data);
-             XMLToolingConfig::getConfig().getURLEncoder()->decode(dup);
--            unwrapped = XMLToolingConfig::getConfig().getDataSealer()->unwrap(dup);
-+            unwrapped = sealer->unwrap(dup);
-             free(dup);
- 
-             stringstream str(unwrapped);
diff --git a/security/shibboleth-sp/pkg-plist b/security/shibboleth-sp/pkg-plist
index 80a2af88d06a..d1fd2aeab2ac 100644
--- a/security/shibboleth-sp/pkg-plist
+++ b/security/shibboleth-sp/pkg-plist
@@ -92,7 +92,7 @@ include/shibsp/util/TemplateParameters.h
 include/shibsp/version.h
 lib/libshibsp.so
 lib/libshibsp.so.10
-lib/libshibsp.so.10.0.0
+lib/libshibsp.so.10.0.1
 lib/shibboleth/adfs.so
 lib/shibboleth/adfs-lite.so
 %%MEMCACHED%%lib/shibboleth/memcache-store.so
@@ -104,7 +104,7 @@ lib/shibboleth/plugins.so
 %%FASTCGI%%lib/shibboleth/shibresponder
 lib/libshibsp-lite.so
 lib/libshibsp-lite.so.10
-lib/libshibsp-lite.so.10.0.0
+lib/libshibsp-lite.so.10.0.1
 libdata/pkgconfig/shibsp-lite.pc
 libdata/pkgconfig/shibsp.pc
 sbin/shibd

More information about the dev-commits-ports-all mailing list