diff options
| author | pettai <pettai@pkgsrc.org> | 2013-09-21 22:16:41 +0000 |
|---|---|---|
| committer | pettai <pettai@pkgsrc.org> | 2013-09-21 22:16:41 +0000 |
| commit | f9672b1c28cd93df53d2a302eccc0ff44dd9a697 (patch) | |
| tree | b1f0850cbc35c437260865bf08c350b43248e39a /www | |
| parent | 89518084cb889e4c667c3883f0ec93fdfef385bb (diff) | |
| download | pkgsrc-f9672b1c28cd93df53d2a302eccc0ff44dd9a697.tar.gz | |
2.5.2:
Bugfixes
[SSPCPP-543] - AttributeExtractor fails to deal with multiple Logos
[SSPCPP-547] - Encoding problem with Metadata Attribute Extractor
[SSPCPP-549] - Shiboleth SP 2.5.1 breaks Apache 2.4.3's error pages
[SSPCPP-550] - Problems with native.log file rotation
[SSPCPP-551] - DiscoFeed Content-Type header lacks charset
[SSPCPP-552] - Solaris TCP Listener code is broken
[SSPCPP-568] - Unattended install pegs the CPU and never completes
[SSPCPP-569] - native log files not closed at/before CGI exec
[SSPCPP-570] - mod_shib takes over valid-user for entire server
[SSPCPP-573] - ShibDisable on breaks basic auth valid user
[SSPCPP-575] - Source build w/memcached and/or fastcgi support fails
[SSPCPP-579] - Internal stack overflow in log4shib
Improvements
[SSPCPP-493] - Default allow access to Shibboleth.sso by default in shibd.conf
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
2.5.1:
Bugfixes
[SSPCPP-409] - Shibboleth2.xml - undefined InProcess/OutOfProcess means no shibd.log/native.log
[SSPCPP-490] - CLang build issue with stream operator overload
[SSPCPP-492] - SP Release 2.5.0 does not compile with xml-security-c versions prior to 1.7.0
[SSPCPP-495] - Warning Shibboleth.PropertySet : load() skipping duplicate property set:
[SSPCPP-499] - Fresh Installation on Windows XP fails after service daemon fails to start
[SSPCPP-500] - configure fails against Apache 2.4
[SSPCPP-502] - Apache 2.4 post_read hook isn't run on subrequests, breaks module
[SSPCPP-504] - ScopedAttributeDecoder fails on non-ascii chars?
[SSPCPP-505] - shibd on Windows missing a version option
[SSPCPP-507] - Insert record failed Violation of PRIMARY KEY constraint with ODBC plugin
[SSPCPP-510] - Installer scripts (particularly the uninstall ones) should fail safe
[SSPCPP-514] - FCGI responder stdin buffer missing termination
[SSPCPP-516] - apache24.config missing from makefile target
[SSPCPP-518] - Incorrect requireLogoutWith redirection if the original URL has query string
[SSPCPP-519] - Shorthand SSO/Logout syntax not working with policyId setting
[SSPCPP-521] - Schemas are not being edited on Windows Installation
[SSPCPP-522] - Transform resolver echoes source string when match fails
[SSPCPP-526] - Transaction log crashes on SOAP-based logout
[SSPCPP-527] - Add ignoreNoPassive attribute to SSO element
[SSPCPP-540] - ISAPI header detection code is prone to false alarms
Improvements
[SSPCPP-402] - Support front-channel SLO without cookies
[SSPCPP-447] - Extension of consistentAddress for IPv6
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
[SSPCPP-517] - Windows SP installer should not always roll back when shibd fails to start
New Feature
[SSPCPP-515] - Make /Status handler report SessionCache
2.5.0:
Bugfixes
[SSPCPP-344] - Version strings in various spots are wired at compile time
[SSPCPP-345] - Split "package-level" and "user-level" settings in shib.conf to limit effect of RPM upgrades.
[SSPCPP-365] - Support for binary attributes in resolver
[SSPCPP-382] - Correct date format in Expires headers
[SSPCPP-383] - Tag entityID not usable in error templates
[SSPCPP-387] - Cryptographic nameID is longer than key length that memcache can handle
[SSPCPP-391] - Generation of keys for relay state is not strongly random
[SSPCPP-392] - Valgrind detects memory leaks
[SSPCPP-393] - Setting session timeout="0" creates infinite loop between SP and IDP
[SSPCPP-400] - NameID lookup for logout ignores logical SP boundaries
[SSPCPP-401] - IIS App Pool Crash
[SSPCPP-406] - Should check for cross platform previous versions?
[SSPCPP-408] - ECP flow fails for Session configured inside of ApplicationOverride
[SSPCPP-411] - openSUSE 12.1 erases /var/run at each reboot, so shibd fails to start
[SSPCPP-413] - Schema catalogs should be set after XMLTooling init.
[SSPCPP-416] - IIS breaks with error "isapi_shib: Attempted to insert duplicate storage key." Server restart required to fix
[SSPCPP-417] - redirectErrors configuration attribute does not handle relative URLs
[SSPCPP-419] - ExtensibleAttribute internal marshalling doesn't handle attribute naming correctly
[SSPCPP-423] - After upgrading SP to Alpha SP 2.5 RPM from previous version of SP, shibd does not start.
[SSPCPP-431] - Change links of https://spaces.inetrnet2.edu to wiki.shibboleth.net
[SSPCPP-438] - Artifact resolver code doesn't use EndpointIndex in 2.0 artifacts
[SSPCPP-439] - Auto-generated ACS endpoints improperly tracked by index
[SSPCPP-443] - SP not signing ECP AuthnRequests
[SSPCPP-444] - Multiple shib_state cookies get set -> server chokes on header field size
[SSPCPP-445] - RequestInitiator metadata generated in a case where it shouldn't be
[SSPCPP-448] - setting relayState to use ODBC storage service results in attempted redirects to an invalid URL
[SSPCPP-449] - RequestMap not normalizing hostname for comparison
[SSPCPP-459] - redirectLimit parser typo
[SSPCPP-460] - A spelling error in the configure file
[SSPCPP-461] - caching DiscoFeed fails b/c cache directory does not exist
[SSPCPP-465] - CLONE - Tag entityID not usable in error templates
[SSPCPP-467] - Cross-contamination from conflicting @relayState settings
[SSPCPP-468] - Aliases support in XML Attribute Extractor no longer working in 2.5.0 Beta 1
[SSPCPP-487] - relayStateLimitWhitelist parameter is being changed inadvertently by limitRelayState method
[SSPCPP-488] - No way to get client address set for ExternalAuth sessions
[SSPCPP-489] - Windows installer (tries to) install a 64 bit path into IIS
[SSPCPP-498] - Hardcoded path in XMLTooling is invalid on localized WinXP/2003
Improvements
[SSPCPP-319] - Augment XMLAccessControl for time based access control.
[SSPCPP-326] - Abbreviated IPv6 address format and CIDR support for acl
[SSPCPP-332] - Session cache slows down if large numbers of sessions with a single NameID are created
[SSPCPP-335] - Handle query strings on POST and avoid unintended POST data consumption
[SSPCPP-352] - Expose RelayState limiter as a public API and revisit default setting
[SSPCPP-353] - Package the SP to run as non-root user
[SSPCPP-361] - Session handler with better parseable and accessable (X)HTML code
[SSPCPP-362] - add 'metadata last refresh' to SP's status page
[SSPCPP-366] - generated metadata should include cryptographic algorithms
[SSPCPP-375] - Add httpOnly to cookieProps in the shibboleth2.xml config
[SSPCPP-376] - Add a post-filtering hashing feature to shorten long attributes, namely ePTIDs
[SSPCPP-394] - Support multiple authn context references in requests
[SSPCPP-399] - SImple Aggregation plugin should allow "prefixing" of attributes or dedicated extractors
[SSPCPP-403] - Facilitate signing Logout messages
[SSPCPP-404] - Log entry for failed consistentAddress="true" check
[SSPCPP-405] - CRIT Shibboleth.Application : no MetadataProvider available should be a warning not CRIT
[SSPCPP-407] - Improve logging on invalid XML in shibboleth2.xml configuration file
[SSPCPP-418] - Incorporating Boost libraries into code base
[SSPCPP-420] - Memcache build on RH6 and error handling fixes
[SSPCPP-425] - ShibAccessControl Relative Paths to user web content
[SSPCPP-436] - Log on DEBUG when a shibsession cookie is being cleared because no corresponding session is found by Shibboleth
[SSPCPP-446] - Try moving child_init hooks in Apache 2.x modules to post_config
[SSPCPP-458] - Unprecise error message when wrong certificate is used for SAML2 encryption
[SSPCPP-464] - Provide Logging to Recommend Production Settings
[SSPCPP-470] - Identify deprecated features or suboptimal settings and add warnings
[SSPCPP-472] - AttributeExtractor: remove leading/trailing whitespace created by formatter
New Features
[SSPCPP-245] - Support for attribute requirements in the SP
[SSPCPP-339] - Extraction of contacts and other built-in metadata information
[SSPCPP-341] - AttributeResolver plugin(s) for regexp or template-based transformation of values
[SSPCPP-342] - Metadata / Attribute filtering based on EntityAttributes
[SSPCPP-343] - Add support for capturing AuthenticatingAuthority
[SSPCPP-349] - Parseable audit logs for SP
[SSPCPP-389] - Add option to shibd to set uid and gid at startup
[SSPCPP-390] - Multiple language versions for the same attribute
[SSPCPP-396] - Simplify logout support for Native SP
[SSPCPP-410] - add support for the 'policy' query string parameter
[SSPCPP-421] - Extraction of consent attribute from SAML 2 responses
[SSPCPP-430] - Apache 2.4 support
[SSPCPP-437] - Add artifact binding for resolving artifacts via file system
[SSPCPP-440] - Loopback handler to exchange an assertion for a session
[SSPCPP-469] - Logout request extension to specify no response
[SSPCPP-471] - Shorthand settings for manipulating cookie properties
[SSPCPP-486] - Add automatic algorithm blacklist
Diffstat (limited to 'www')
| -rw-r--r-- | www/shibboleth-sp/Makefile | 10 | ||||
| -rw-r--r-- | www/shibboleth-sp/PLIST | 33 | ||||
| -rw-r--r-- | www/shibboleth-sp/distinfo | 10 | ||||
| -rw-r--r-- | www/shibboleth-sp/patches/patch-configs_Makefile.in (renamed from www/shibboleth-sp/patches/patch-aa) | 41 |
4 files changed, 54 insertions, 40 deletions
diff --git a/www/shibboleth-sp/Makefile b/www/shibboleth-sp/Makefile index f175a3daa92..9d064f26195 100644 --- a/www/shibboleth-sp/Makefile +++ b/www/shibboleth-sp/Makefile @@ -1,13 +1,12 @@ -# $NetBSD: Makefile,v 1.10 2013/09/20 23:11:01 joerg Exp $ +# $NetBSD: Makefile,v 1.11 2013/09/21 22:16:41 pettai Exp $ # -DISTNAME= shibboleth-sp-2.4.3 -PKGREVISION= 3 +DISTNAME= shibboleth-sp-2.5.2 CATEGORIES= www MASTER_SITES= http://www.shibboleth.net/downloads/service-provider/${PKGVERSION_NOREV}/ MAINTAINER= pettai@NetBSD.org -HOMEPAGE= http://shibboleth.internet2.edu/ +HOMEPAGE= http://shibboleth.net/ COMMENT= Shibboleth2 Service Provider LICENSE= apache-2.0 @@ -17,7 +16,6 @@ GNU_CONFIGURE= yes CONFIGURE_ARGS+= --with-xmltooling=${PREFIX} CONFIGURE_ARGS+= --localstatedir=${VARBASE} -WRKSRC= ${WRKDIR}/shibboleth-${PKGVERSION_NOREV} EGDIR= ${PREFIX}/share/examples/shibboleth SHIB_CONFDIR= ${PKG_SYSCONFDIR}/shibboleth @@ -35,6 +33,7 @@ SUBST_STAGE.paths= post-patch SUBST_SED.paths= -e 's,@EGDIR@,${EGDIR},' SUBST_SED.paths+= -e 's,@SHIB_CONFDIR@,${SHIB_CONFDIR},' +REPLACE_BASH= configs/metagen.sh CONF_FILES= ${EGDIR}/console.logger \ ${SHIB_CONFDIR}/console.logger @@ -98,6 +97,7 @@ post-install: ${INSTALL} ${WRKSRC}/configs/metagen.sh \ ${DESTDIR}${PREFIX}/bin/shib-metagen +.include "../../devel/boost-libs/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" .include "../../devel/boost-headers/buildlink3.mk" .include "../../devel/log4shib/buildlink3.mk" diff --git a/www/shibboleth-sp/PLIST b/www/shibboleth-sp/PLIST index 4bebb2d0cc4..093c4c2fce6 100644 --- a/www/shibboleth-sp/PLIST +++ b/www/shibboleth-sp/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2011/07/28 23:16:24 pettai Exp $ +@comment $NetBSD: PLIST,v 1.3 2013/09/21 22:16:41 pettai Exp $ bin/mdquery bin/resolvertest bin/shib-metagen @@ -15,6 +15,7 @@ include/shibsp/SessionCacheEx.h include/shibsp/TransactionLog.h include/shibsp/attribute/Attribute.h include/shibsp/attribute/AttributeDecoder.h +include/shibsp/attribute/BinaryAttribute.h include/shibsp/attribute/ExtensibleAttribute.h include/shibsp/attribute/NameIDAttribute.h include/shibsp/attribute/ScopedAttribute.h @@ -40,6 +41,7 @@ include/shibsp/handler/Handler.h include/shibsp/handler/LogoutHandler.h include/shibsp/handler/LogoutInitiator.h include/shibsp/handler/RemotedHandler.h +include/shibsp/handler/SecuredHandler.h include/shibsp/handler/SessionInitiator.h include/shibsp/lite/CommonDomainCookie.h include/shibsp/lite/SAMLConstants.h @@ -53,21 +55,29 @@ include/shibsp/security/SecurityPolicy.h include/shibsp/security/SecurityPolicyProvider.h include/shibsp/util/CGIParser.h include/shibsp/util/DOMPropertySet.h +include/shibsp/util/IPRange.h include/shibsp/util/PropertySet.h include/shibsp/util/SPConstants.h include/shibsp/util/TemplateParameters.h include/shibsp/version.h lib/libshibsp-lite.a lib/libshibsp-lite.so -lib/libshibsp-lite.so.5 -lib/libshibsp-lite.so.5.0.3 +lib/libshibsp-lite.so.6 +lib/libshibsp-lite.so.6.0.2 lib/libshibsp.a lib/libshibsp.so -lib/libshibsp.so.5 -lib/libshibsp.so.5.0.3 -lib/shibboleth/adfs-lite.la -lib/shibboleth/adfs.la -lib/shibboleth/mod_shib_22.la +lib/libshibsp.so.6 +lib/libshibsp.so.6.0.2 +lib/shibboleth/adfs-lite.a +lib/shibboleth/adfs-lite.so +lib/shibboleth/adfs.a +lib/shibboleth/adfs.so +lib/shibboleth/mod_shib_22.a +lib/shibboleth/mod_shib_22.so +lib/shibboleth/plugins-lite.a +lib/shibboleth/plugins-lite.so +lib/shibboleth/plugins.a +lib/shibboleth/plugins.so sbin/shib-keygen sbin/shibd share/doc/shibboleth-${PKGVERSION}/CREDITS.txt @@ -78,14 +88,15 @@ share/doc/shibboleth-${PKGVERSION}/NOTICE.txt share/doc/shibboleth-${PKGVERSION}/OPENSSL.LICENSE share/doc/shibboleth-${PKGVERSION}/README.txt share/doc/shibboleth-${PKGVERSION}/RELEASE.txt -share/doc/shibboleth-${PKGVERSION}/logo.jpg -share/doc/shibboleth-${PKGVERSION}/main.css share/examples/rc.d/shibd share/examples/shibboleth/accessError.html share/examples/shibboleth/accessError.html.dist share/examples/shibboleth/apache.config share/examples/shibboleth/apache2.config share/examples/shibboleth/apache22.config +share/examples/shibboleth/apache24.config +share/examples/shibboleth/attrChecker.html +share/examples/shibboleth/attrChecker.html.dist share/examples/shibboleth/attribute-map.xml share/examples/shibboleth/attribute-map.xml.dist share/examples/shibboleth/attribute-policy.xml @@ -120,7 +131,6 @@ share/examples/shibboleth/sessionError.html share/examples/shibboleth/sessionError.html.dist share/examples/shibboleth/shibboleth2.xml share/examples/shibboleth/shibboleth2.xml.dist -share/examples/shibboleth/shibd-osx.plist share/examples/shibboleth/shibd.logger share/examples/shibboleth/shibd.logger.dist share/examples/shibboleth/sslError.html @@ -128,6 +138,7 @@ share/examples/shibboleth/sslError.html.dist share/examples/shibboleth/syslog.logger share/examples/shibboleth/syslog.logger.dist share/examples/shibboleth/upgrade.xsl +share/shibboleth/main.css share/xml/shibboleth/WS-Trust.xsd share/xml/shibboleth/catalog.xml share/xml/shibboleth/shibboleth-2.0-afp-mf-basic.xsd diff --git a/www/shibboleth-sp/distinfo b/www/shibboleth-sp/distinfo index ff9368666e4..0973082ef5a 100644 --- a/www/shibboleth-sp/distinfo +++ b/www/shibboleth-sp/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.3 2013/09/20 23:11:01 joerg Exp $ +$NetBSD: distinfo,v 1.4 2013/09/21 22:16:41 pettai Exp $ -SHA1 (shibboleth-sp-2.4.3.tar.gz) = f7cff91740ba61a4e537924b7572bd4faa204132 -RMD160 (shibboleth-sp-2.4.3.tar.gz) = e2a909f5ea49d6c295056cc3530708fc5534eb63 -Size (shibboleth-sp-2.4.3.tar.gz) = 854326 bytes -SHA1 (patch-aa) = 904faee5523244854bb792b41719ec76adfe8558 +SHA1 (shibboleth-sp-2.5.2.tar.gz) = a9b42cc7c1d401bb217c94c11aef06ce7d21265c +RMD160 (shibboleth-sp-2.5.2.tar.gz) = 8b37921bf16488dc4f3890abf09e7cb44c16367f +Size (shibboleth-sp-2.5.2.tar.gz) = 949163 bytes SHA1 (patch-ab) = f667e876e1ebd84e706433156eed2cd60e905372 +SHA1 (patch-configs_Makefile.in) = 9601da9a6aadc2bbc8abef7b1008782d4dcda2e8 SHA1 (patch-shibsp_base.h) = c1b6d2598afdff067990224d1202c5e10ae0259a diff --git a/www/shibboleth-sp/patches/patch-aa b/www/shibboleth-sp/patches/patch-configs_Makefile.in index 377e9ebecd4..c0e21c3a580 100644 --- a/www/shibboleth-sp/patches/patch-aa +++ b/www/shibboleth-sp/patches/patch-configs_Makefile.in @@ -1,35 +1,38 @@ -$NetBSD: patch-aa,v 1.1.1.1 2011/03/15 13:15:37 pettai Exp $ +$NetBSD: patch-configs_Makefile.in,v 1.1 2013/09/21 22:16:41 pettai Exp $ -Remove uneccesary config, handle it from pkgsrc instead +Install config and example pkgsrc-ish ---- configs/Makefile.in.orig 2011-02-18 04:44:04.000000000 +0000 +--- configs/Makefile.in.orig 2013-06-16 22:06:20.000000000 +0000 +++ configs/Makefile.in -@@ -260,16 +260,12 @@ pkgxmldir = $(datadir)/xml/@PACKAGE@ - pkgrundir = $(localstatedir)/run/@PACKAGE@ - pkgsysconfdir = $(sysconfdir)/@PACKAGE@ +@@ -296,18 +296,13 @@ pkgrundir = $(localstatedir)/run/@PACKAG + pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ + pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ pkgsysconf_DATA = \ - shibd-redhat \ - shibd-suse \ - shibd-debian \ - shibd-osx.plist \ +- shibd-osx.plist \ apache.config \ apache2.config \ apache22.config \ + apache24.config \ - keygen.sh \ - metagen.sh \ upgrade.xsl -+EGDIR = @EGDIR@ ++EGDIR = @EGDIR@ # The config files are installed "special". Unlike the entries in -@@ -373,15 +369,15 @@ clean-libtool: - -rm -rf .libs _libs - install-pkgsysconfDATA: $(pkgsysconf_DATA) + # pkgsysconf_DATA, these files are installed as "foo.dist" and only +@@ -417,16 +412,16 @@ install-pkgsysconfDATA: $(pkgsysconf_DAT @$(NORMAL_INSTALL) -- test -z "$(pkgsysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgsysconfdir)" -- @list='$(pkgsysconf_DATA)'; test -n "$(pkgsysconfdir)" || list=; \ -+ test -z "$(EGDIR)" || $(MKDIR_P) "$(DESTDIR)$(EGDIR)" -+ @list='$(pkgsysconf_DATA)'; test -n "$(EGDIR)" || list=; \ + @list='$(pkgsysconf_DATA)'; test -n "$(pkgsysconfdir)" || list=; \ + if test -n "$$list"; then \ +- echo " $(MKDIR_P) '$(DESTDIR)$(pkgsysconfdir)'"; \ +- $(MKDIR_P) "$(DESTDIR)$(pkgsysconfdir)" || exit 1; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(EGDIR)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(EGDIR)" || exit 1; \ + fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ @@ -42,7 +45,7 @@ Remove uneccesary config, handle it from pkgsrc instead done uninstall-pkgsysconfDATA: -@@ -432,7 +428,7 @@ check-am: all-am +@@ -477,7 +472,7 @@ check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: @@ -51,7 +54,7 @@ Remove uneccesary config, handle it from pkgsrc instead test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am -@@ -483,7 +479,6 @@ info-am: +@@ -533,7 +528,6 @@ info-am: install-data-am: install-data-local install-pkgsysconfDATA @$(NORMAL_INSTALL) @@ -59,9 +62,9 @@ Remove uneccesary config, handle it from pkgsrc instead install-dvi: install-dvi-am install-dvi-am: -@@ -596,18 +591,18 @@ install-data-local: all-data-local - $(mkinstalldirs) $(DESTDIR)$(shirelogdir) +@@ -649,18 +643,18 @@ install-data-local: all-data-local $(mkinstalldirs) $(DESTDIR)$(pkgrundir) + $(mkinstalldirs) $(DESTDIR)$(pkgcachedir) $(mkinstalldirs) $(DESTDIR)$(pkgxmldir) - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir) + $(mkinstalldirs) $(DESTDIR)$(EGDIR) |