Updated security/lasso to 2.6.1

Changes since previous pkgsrc version 2.5.1, from the NEWS file

Also add a fix for proper escape single quotes in RelayState
From upstream https://dev.entrouvert.org/issues/45581

2.6.1 - Aptil 22th 2019
----------------------
42 commits, 425 files changed, 3894 insertions, 795 deletions

- Keep order of SessionIndexes
- Clear SessionIndex when private SessionIndexes is empty (#41950)
- misc: clear warnings about class_init signature using coccinelle
- tests: fix compilation with check>0.12 (#39101)
- Sort input file lists to make build deterministic (#40454)
- debian: disable php7 (#28608)
- Modify .gitignore for PHP 7 binding (#28608)
- Add PHP 7 binding (#28608)
- Fix tests broken by new DEBUG logs (#12829)
- Improve error logging during node parsing (#12829)
- Improve configure compatibility (#32425)
- Improve compatibility with Solaris (#32425)
- Fix reference count in lasso_server_add_provider2 (fixes #35061)
- Fix python multi-version builds on jessie and stretch
- docs: do not use Internet to fetch DTDs, entities or documents (#35590)
- fix missing include <strings.h> for index() (fixes #33791)
- PAOS: Do not populate "Destination" attribute (Dmitrii Shcherbakov)
- export symbol lasso_log (#33784)
- Do not ignore WantAuthnRequestSigned value with hint MAYBE (#33354)
- Use io.open(encoding=utf8) in extract_symbols/sections.py (#33360)
- xml: adapt schema in saml2:AuthnContext (#29340)
- Fix ECP signature not found error when only assertion is signed (#26828)
- autoconf: search python interpreters by versions (John Dennis)
- python: make tools compatible with Py3 (John Dennis)
- python: run tests and tools with same interpreter as binding target (John Dennis)
- improve resiliency of lasso_inflate (#24853)
- fix segfault in lasso_get_saml_message (#24830)
- python: add classmethod Profile.getIssuer (#24831)
- website: add news about 2.6.0 release
- debian: sync with debian package (#24595)
- faq: fix references to lasso.profileGetIssuer (#24832)
- python: add a classmethod for lasso.profileGetIssuer (#24831)
- tools: fix segfault in lasso_get_saml_message (fixes #24830)
- jenkins.sh: add a make clean to prevent previous build to break new ones
- tools: set output buffer size in lasso_inflate to 20 times the input size (fixes #24853)
- Use python interpreter specified configure script
- Make Python scripts compatible with both Py2 and Py3
- fix duplicate definition of LogoutTestCase and logoutSuite
- Downcase UTF-8 file encoding name
- Make more Python scripts compatible with both Py2 and Py3
- Configure should search for versioned Python interpreter.
- Clean python cache when building python3 binding
- Move AC_SUBST declaration for AM_CFLAGS with alike (#24771)
- Remove -Werror from --enable-debugging (fixes #24771)
- xml: fix parsing of saml:AuthnContext (fixes #25640)

2.6.0 - June 1st 2018
---------------------
32 commits, 73 files changed, 1920 insertions, 696 deletions

- add inline implementation of lasso_log
- Choose the Reference transform based on the chosen Signature transform (fixes #10155)
- add support for C14N 1.1 methods and C14N withComments methods (fixes #4863)
- remove DGME specific commented out code
- add docstring on SHA-2 signature method enum
- tests: silence unused variable warning
- check node names in lasso_node_impl_init_from_xml() (fixes #47)
- fix segfault when parsed node has no namespace (#47)
- do not call xmlSecKeyDuplicate is source key is NULL
- enable user supplied CFLAGS
- Fix ecp test validate_idp_list() (fixes #11421)
- tests: convert log level as string
- fix definitions of error, critical and warning macros (fixes #12830)
- jenkins.sh: add V=1
- add defined for the XML namespace
- ignore unknown attributes from the xsi: namespace
- saml-2.0: improve support for free content inside samlp2:Extensions (fixes #18581)
- debian: initialize stretch packaging with a copy of upstream debian (#21772)
- replace use of <xmlsec/soap.h> which is deprecated (fixes #18771)
- fix get_issuer and get_in_response_to
- route logs from libxml2 and libxmlsec through GLib logging
- tests: prevent crash in glib caused by abort on recursive logging
- java: stop setting a bytecode version target
- add xmlsec_soap.h to Makefile
- python: route logs for libxml2 and libxmlsec2 to their own logger
- perl: force use of the in-tree lasso when running tests (fixes #23276)
- perl: set DESTDIR and PREFIX at Makefile's creation
- Replace xmlSecSoap functions with lasso implementations
- add a pem-public-key runtime flag
- deprecate loading PEM formatted public keys in lasso_xmlsec_load_key_info
- perl/tests: build Makefile.perl before running the tests

8 files changed, 201 insertions, 221 deletions

diff --git a/doc/CHANGES-2020 b/doc/CHANGES-2020
index d02ce70030c..2face804277 100644
--- a/doc/CHANGES-2020
+++ b/doc/CHANGES-2020
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2020,v 1.4418 2020/08/12 12:17:05 leot Exp $
+$NetBSD: CHANGES-2020,v 1.4419 2020/08/12 14:15:33 manu Exp $
 
 Changes to the packages collection and infrastructure in 2020:
 
@@ -6925,3 +6925,4 @@ Changes to the packages collection and infrastructure in 2020:
 	Updated lang/openjdk11 to 1.11.0.8.10 [ryoon 2020-08-12]
 	Updated net/minitube to 3.5 [ryoon 2020-08-12]
 	Updated time/todotxt to 2.12.0 [leot 2020-08-12]
+	Updated security/lasso to 2.6.1 [manu 2020-08-12]
diff --git a/security/lasso/Makefile b/security/lasso/Makefile
index fb2a33c9593..87ba5887ac3 100644
--- a/security/lasso/Makefile
+++ b/security/lasso/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.42 2020/06/02 08:22:54 adam Exp $
+# $NetBSD: Makefile,v 1.43 2020/08/12 14:15:33 manu Exp $
 
 CONFIGURE_ARGS+=	--disable-python
 CONFIGURE_ARGS+=	--disable-php5
@@ -9,5 +9,5 @@ PYTHON_FOR_BUILD_ONLY=		yes
 
 EXTRACT_USING=		bsdtar
 
-PKGREVISION= 6
+#PKGREVISION= 1
 .include "../../security/lasso/Makefile.common"
diff --git a/security/lasso/Makefile.common b/security/lasso/Makefile.common
index 28af410d5c9..4c957052d20 100644
--- a/security/lasso/Makefile.common
+++ b/security/lasso/Makefile.common
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.15 2020/01/26 17:32:03 rillig Exp $
+# $NetBSD: Makefile.common,v 1.16 2020/08/12 14:15:33 manu Exp $
 #
 # used by security/lasso/Makefile
 # used by security/py-lasso/Makefile
 
-DISTNAME=	lasso-2.5.1
+DISTNAME=	lasso-2.6.1
 CATEGORIES=	security
 MASTER_SITES=	https://dev.entrouvert.org/lasso/
 
diff --git a/security/lasso/distinfo b/security/lasso/distinfo
index cc42bd83a95..9059aa61add 100644
--- a/security/lasso/distinfo
+++ b/security/lasso/distinfo
@@ -1,9 +1,7 @@
-$NetBSD: distinfo,v 1.24 2018/07/31 12:39:34 jperkin Exp $
+$NetBSD: distinfo,v 1.25 2020/08/12 14:15:33 manu Exp $
 
-SHA1 (lasso-2.5.1.tar.gz) = fe0e68010bab6e11383003b5cf869c0447ed7a6e
-RMD160 (lasso-2.5.1.tar.gz) = 8cc0506fe8cbac770e952fdb0f067c7e58f5bb43
-SHA512 (lasso-2.5.1.tar.gz) = f20bea62c04f3082d5c423f658bafe1bdde0012321c43092ed5d5a2c3ec7b21ec27d88d9fc630743fd7c99e767d9fd92b98de5d4f7d98c3a9e680717483daae1
-Size (lasso-2.5.1.tar.gz) = 4552152 bytes
-SHA1 (patch-18771) = 66897d88283c28557eb4a58507db48a42df93b5d
-SHA1 (patch-configure) = aa34dcb7a86b6ece774fb230ac092bdd7d8e278c
-SHA1 (patch-lasso_xml_tools.c) = 0172915c1654192e3d1eebf89d57d29dd61cef38
+SHA1 (lasso-2.6.1.tar.gz) = 0ab89b159d52cd503182cbbeff0327c80e3ed93d
+RMD160 (lasso-2.6.1.tar.gz) = 775d74fccf62afea9f8d587a1a7801e15ad7d986
+SHA512 (lasso-2.6.1.tar.gz) = 768e577ccf650d61305cbb2d8be0d3e13a5c8b6b05f6b0a8419fcd23030eb7530740e8ca785f0279331d7e31743b2e0ab234de50eb87d41cfda5d692a1583d4b
+Size (lasso-2.6.1.tar.gz) = 4514418 bytes
+SHA1 (patch-45581) = ea1a3c47ed61cce376d3998cdc195dfcfc881061
diff --git a/security/lasso/patches/patch-18771 b/security/lasso/patches/patch-18771
deleted file mode 100644
index 51db4cc7e0e..00000000000
--- a/security/lasso/patches/patch-18771
+++ /dev/null
@@ -1,167 +0,0 @@
-$NetBSD: patch-18771,v 1.2 2018/05/31 07:33:28 wiz Exp $
-
-From upstream: https://dev.entrouvert.org/issues/18771
-
-commit 1d56cd1e31ce993ad17f4b4bbc31c12ffff1311f
-Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
-Date:   Fri Oct 6 10:28:22 2017 +0200
-
-    replace use of <xmlsec/soap.h> which is deprecated (fixes #18771)
-
-diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
-index 8cfe5a2..0aca204 100644
---- ./lasso/id-wsf/wsf_profile.c
-+++ ./lasso/id-wsf/wsf_profile.c
-@@ -29,7 +29,6 @@
- #include <xmlsec/xmldsig.h>
- #include <xmlsec/templates.h>
- #include <xmlsec/crypto.h>
--#include <xmlsec/soap.h>
- 
- #include "../utils.h"
- 
-@@ -60,6 +59,7 @@
- #include "../id-ff/providerprivate.h"
- #include "../id-ff/sessionprivate.h"
- #include "../xml/misc_text_node.h"
-+#include <../xml/xmlsec_soap.h>
- 
- /**
-  * SECTION:wsf_profile
-diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
-index ade6d66..81e75b5 100644
---- ./lasso/xml/tools.c
-+++ ./lasso/xml/tools.c
-@@ -57,7 +57,6 @@
- #include <xmlsec/errors.h>
- #include <xmlsec/openssl/x509.h>
- #include <xmlsec/openssl/crypto.h>
--#include <xmlsec/soap.h>
- 
- #include <zlib.h>
- 
-@@ -71,6 +70,7 @@
- #include <stdarg.h>
- #include <ctype.h>
- #include "../lasso_config.h"
-+#include <lasso/xml/xmlsec_soap.h>
- 
- /**
-  * SECTION:tools
-diff --git a/lasso/xml/xmlsec_soap.h b/lasso/xml/xmlsec_soap.h
-new file mode 100644
-index 0000000..11fc3db
---- /dev/null
-+++ ./lasso/xml/xmlsec_soap.h
-@@ -0,0 +1,111 @@
-+ /*
-+ * Lasso - A free implementation of the Liberty Alliance specifications.
-+ *
-+ * Copyright (C) 2004-2007 Entr'ouvert
-+ * http://lasso.entrouvert.org
-+ *
-+ * Authors: See AUTHORS file in top-level directory.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#ifndef __LASSO_XMLSEC_SOAP_H__
-+#define __LASSO_XMLSEC_SOAP_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+#include <libxml/tree.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/xmltree.h>
-+#include <xmlsec/errors.h>
-+
-+
-+/** Replacement for xmlsec/soap.h */
-+
-+#define xmlSecSoap11Ns ((xmlChar*)"http://schemas.xmlsoap.org/soap/envelope/")
-+#define xmlSecSoap12Ns ((xmlChar*)"http://www.w3.org/2003/05/soap-envelope")
-+
-+static inline xmlNodePtr
-+xmlSecSoap11GetHeader(xmlNodePtr envNode) {
-+    xmlNodePtr cur;
-+
-+    xmlSecAssert2(envNode != NULL, NULL);
-+
-+    /* optional Header node is first */
-+    cur = xmlSecGetNextElementNode(envNode->children);
-+    if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
-+        return(cur);
-+    }
-+
-+    return(NULL);
-+}
-+
-+static inline xmlNodePtr
-+xmlSecSoap11GetBody(xmlNodePtr envNode) {
-+    xmlNodePtr cur;
-+
-+    xmlSecAssert2(envNode != NULL, NULL);
-+
-+    /* optional Header node first */
-+    cur = xmlSecGetNextElementNode(envNode->children);
-+    if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
-+        cur = xmlSecGetNextElementNode(cur->next);
-+    }
-+
-+    /* Body node is next */
-+    if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+                    NULL,
-+                    xmlSecErrorsSafeString(xmlSecNodeBody),
-+                    XMLSEC_ERRORS_R_NODE_NOT_FOUND,
-+                    XMLSEC_ERRORS_NO_MESSAGE);
-+        return(NULL);
-+    }
-+
-+    return(cur);
-+}
-+
-+static inline xmlNodePtr
-+xmlSecSoap12GetBody(xmlNodePtr envNode) {
-+    xmlNodePtr cur;
-+
-+    xmlSecAssert2(envNode != NULL, NULL);
-+
-+    /* optional Header node first */
-+    cur = xmlSecGetNextElementNode(envNode->children);
-+    if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) {
-+        cur = xmlSecGetNextElementNode(cur->next);
-+    }
-+
-+    /* Body node is next */
-+    if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+                    NULL,
-+                    xmlSecErrorsSafeString(xmlSecNodeBody),
-+                    XMLSEC_ERRORS_R_NODE_NOT_FOUND,
-+                    XMLSEC_ERRORS_NO_MESSAGE);
-+        return(NULL);
-+    }
-+
-+    return(cur);
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __LASSO_XMLSEC_SOAP_H__ */
diff --git a/security/lasso/patches/patch-45581 b/security/lasso/patches/patch-45581
new file mode 100644
index 00000000000..c76053f606d
--- /dev/null
+++ b/security/lasso/patches/patch-45581
@@ -0,0 +1,189 @@
+$NetBSD: patch-45581,v 1.1 2020/08/12 14:15:33 manu Exp $
+
+Fix lasso fail to properly escape single quotes in RelayState
+From upstream https://dev.entrouvert.org/issues/45581
+
+diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
+index 0f4e8926..68693ffe 100644
+--- lasso/id-ff/login.c
++++ lasso/id-ff/login.c
+@@ -988,11 +988,11 @@ lasso_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_method)
+ 	}
+ 
+ 	b64_samlArt = xmlStrdup((xmlChar*)login->assertionArtifact);
+-	relayState = xmlURIEscapeStr(
++	relayState = lasso_xmlURIEscapeStr(
+ 			(xmlChar*)LASSO_LIB_AUTHN_REQUEST(profile->request)->RelayState, NULL);
+ 
+ 	if (http_method == LASSO_HTTP_METHOD_REDIRECT) {
+-		xmlChar *escaped_artifact = xmlURIEscapeStr(b64_samlArt, NULL);
++		xmlChar *escaped_artifact = lasso_xmlURIEscapeStr(b64_samlArt, NULL);
+ 		gchar *query = NULL;
+ 
+ 		if (relayState == NULL) {
+diff --git a/lasso/xml/private.h b/lasso/xml/private.h
+index 52a21e56..a2b47aa4 100644
+--- lasso/xml/private.h
++++ lasso/xml/private.h
+@@ -287,6 +287,7 @@ gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *e
+ 
+ char * lasso_get_relaystate_from_query(const char *query);
+ char * lasso_url_add_parameters(char *url, gboolean free, ...);
++xmlChar * lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list);
+ xmlSecKey* lasso_xmlsec_load_private_key_from_buffer(const char *buffer, size_t length, const char *password, LassoSignatureMethod signature_method, const char *certificate);
+ xmlSecKey* lasso_xmlsec_load_private_key(const char *filename_or_buffer, const char *password,
+ 		LassoSignatureMethod signature_method, const char *certificate);
+diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
+index 53d7d37b..589a795d 100644
+--- lasso/xml/tools.c
++++ lasso/xml/tools.c
+@@ -36,6 +36,7 @@
+ #define _BSD_SOURCE
+ #include "private.h"
+ #include <string.h>
++#include <strings.h>
+ #include <time.h>
+ #include <ctype.h>
+ #include <stdarg.h>
+@@ -540,7 +541,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
+ 	}
+ 
+ 	{
+-		const char *t = (char*)xmlURIEscapeStr(algo_href, NULL);
++		const char *t = (char*)lasso_xmlURIEscapeStr(algo_href, NULL);
+ 		new_query = g_strdup_printf("%s&SigAlg=%s", query, t);
+ 		xmlFree(BAD_CAST t);
+ 	}
+@@ -662,7 +663,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
+ 	/* Base64 encode the signature value */
+ 	b64_sigret = xmlSecBase64Encode(sigret, sigret_size, 0);
+ 	/* escape b64_sigret */
+-	e_b64_sigret = xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
++	e_b64_sigret = lasso_xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
+ 
+ 	/* add signature */
+ 	switch (sign_method) {
+@@ -1307,7 +1308,7 @@ lasso_xmlnode_build_deflated_query(xmlNode *xmlnode)
+ 	b64_ret = xmlSecBase64Encode(ret, stream.total_out, 0);
+ 	lasso_release(ret);
+ 
+-	ret = xmlURIEscapeStr(b64_ret, NULL);
++	ret = lasso_xmlURIEscapeStr(b64_ret, NULL);
+ 	rret = g_strdup((char*)ret);
+ 	xmlFree(b64_ret);
+ 	xmlFree(ret);
+@@ -2329,7 +2330,7 @@ lasso_url_add_parameters(char *url,
+ 		if (! key) {
+ 			break;
+ 		}
+-		encoded_key = xmlURIEscapeStr((xmlChar*)key, NULL);
++		encoded_key = lasso_xmlURIEscapeStr((xmlChar*)key, NULL);
+ 		goto_cleanup_if_fail(encoded_key);
+ 
+ 		value = va_arg(ap, char*);
+@@ -2337,7 +2338,7 @@ lasso_url_add_parameters(char *url,
+ 			message(G_LOG_LEVEL_CRITICAL, "lasso_url_add_parameter: key without a value !!");
+ 			break;
+ 		}
+-		encoded_value = xmlURIEscapeStr((xmlChar*)value, NULL);
++		encoded_value = lasso_xmlURIEscapeStr((xmlChar*)value, NULL);
+ 		goto_cleanup_if_fail(encoded_value);
+ 
+ 		if (old_url) {
+@@ -2480,6 +2481,56 @@ lasso_base64_decode(const char *from, char **buffer, int *buffer_len)
+ 	return TRUE;
+ }
+ 
++/**
++ * lasso_xmlURIEscapeStr:
++ * @from: the source URI string
++ * @list: optional list of characters not to escape
++ *
++ * Drop-in replacement for libxml2 xmlURIEscapeStr(), but encoding
++ * everything but [A-Za-z0-9._~-] which are the unreserved chartacters
++ * for RFC3986 section 2.3
++ *
++ * Return value: a buffer containing the URL-encoded string or NULL on error
++ */
++xmlChar *
++lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list)
++{
++	size_t len = 0;
++	const xmlChar *fp;
++	xmlChar *result;
++	int ri;
++
++	if (list == NULL)
++		list = "";
++
++	for (fp = from; *fp; fp++) {
++		if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp))
++			len++;
++		else
++			len += 3;
++	}
++
++	result = g_malloc0(len + 1);
++	ri = 0;
++
++	for (fp = from; *fp; fp++) {
++		if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp)) {
++			result[ri++] = *fp;
++		} else {
++			int msb = (*fp & 0xf0) >> 4;
++			int lsb = *fp & 0x0f;
++
++			result[ri++] = '%';
++			result[ri++] = (msb > 9) ? 'A' + msb - 10 : '0' + msb;
++			result[ri++] = (lsb > 9) ? 'A' + lsb - 10 : '0' + lsb;
++		}
++	}
++
++	result[ri++] = '\0';
++
++	return result;
++}
++
+ /**
+  * lasso_xmlsec_load_private_key_from_buffer:
+  * @buffer: a buffer containing a key in any format
+diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
+index 565172e1..938844ba 100644
+--- lasso/xml/xml.c
++++ lasso/xml/xml.c
+@@ -3120,7 +3120,7 @@ get_value_by_path(LassoNode *node, char *path, struct XmlSnippet *xml_snippet)
+ 				s = xmlGetProp(t, a->name);
+ 				g_string_append(result, a->name);
+ 				g_string_append(result, "=");
+-				s2 = xmlURIEscapeStr(s, NULL);
++				s2 = lasso_xmlURIEscapeStr(s, NULL);
+ 				g_string_append(result, s2);
+ 				xmlFree(s2);
+ 				xmlFree(s);
+@@ -3140,7 +3140,7 @@ get_value_by_path(LassoNode *node, char *path, struct XmlSnippet *xml_snippet)
+ 				g_string_append(result, (char*)c->name);
+ 				g_string_append(result, "=");
+ 				s = xmlNodeGetContent(c);
+-				s2 = xmlURIEscapeStr(s, NULL);
++				s2 = lasso_xmlURIEscapeStr(s, NULL);
+ 				g_string_append(result, (char*)s2);
+ 				xmlFree(s2);
+ 				xmlFree(s);
+@@ -3263,7 +3263,7 @@ lasso_node_build_query_from_snippets(LassoNode *node)
+ 				g_string_append(s, "&");
+ 			g_string_append(s, field_name);
+ 			g_string_append(s, "=");
+-			t = xmlURIEscapeStr((xmlChar*)v, NULL);
++			t = lasso_xmlURIEscapeStr((xmlChar*)v, NULL);
+ 			g_string_append(s, (char*)t);
+ 			xmlFree(t);
+ 		}
+@@ -3634,7 +3634,7 @@ lasso_node_export_to_saml2_query(LassoNode *node, const char *param_name, const
+ 	value = lasso_node_build_deflated_query(node);
+ 	if (! value)
+ 		goto cleanup;
+-	encoded_param = xmlURIEscapeStr(BAD_CAST param_name, NULL);
++	encoded_param = lasso_xmlURIEscapeStr(BAD_CAST param_name, NULL);
+ 	if (! encoded_param)
+ 		goto cleanup;
+ 	query = g_strdup_printf("%s=%s", encoded_param, value);
diff --git a/security/lasso/patches/patch-configure b/security/lasso/patches/patch-configure
deleted file mode 100644
index ea78c2755ea..00000000000
--- a/security/lasso/patches/patch-configure
+++ /dev/null
@@ -1,25 +0,0 @@
-$NetBSD: patch-configure,v 1.4 2018/07/31 12:39:34 jperkin Exp $
-
-Use = instead of == for test(1) portability sake.
-
---- configure.orig	2016-02-18 23:11:38.249290059 +0000
-+++ configure
-@@ -4382,9 +4382,6 @@ else
- fi
- 
- 
--CFLAGS=""
--AM_CFLAGS=""
--
- ac_ext=c
- ac_cpp='$CPP $CPPFLAGS'
- ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-@@ -13976,7 +13973,7 @@ else
-   JAVA_VERSION=""
- fi
- 
--if test  "$DARWIN" == 1; then
-+if test  "$DARWIN" = 1; then
-     JNI_EXTRA_LDFLAGS="-shrext .jnilib"
- fi
- 
diff --git a/security/lasso/patches/patch-lasso_xml_tools.c b/security/lasso/patches/patch-lasso_xml_tools.c
deleted file mode 100644
index 20fc46cbb7e..00000000000
--- a/security/lasso/patches/patch-lasso_xml_tools.c
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-lasso_xml_tools.c,v 1.1 2018/07/31 12:39:34 jperkin Exp $
-
-Set _XOPEN_SOURCE correctly.
-
---- lasso/xml/tools.c.orig	2016-02-18 23:11:15.312239445 +0000
-+++ lasso/xml/tools.c
-@@ -28,7 +28,9 @@
-  */
- #define _DEFAULT_SOURCE
- /* permit importation of strptime for glibc2 */
-+#if !defined(__sun)
- #define _XOPEN_SOURCE
-+#endif
- /* permit importation of timegm for glibc2, wait for people to complain it does not work on their
-  * system. */
- #define _BSD_SOURCE