security/shibboleth-sp: Update to 3.2.2

This is a security fix for an issue that has not yet been disclosed. The vuxml entry will be updated once the CVE is available. The patch to mitigate the vulnerability was introduced already on 2021-04-23 in the FreeBSD port as 3.2.1_1. Security: e4403051-a667-11eb-b9c9-6cc21735f730
2024-12-21 04:06:46 +00:00 · 2021-04-26 10:46:07 +02:00 · 2021-04-26 10:46:07 +02:00 · 19889886e5
commit 19889886e5
parent 73f85df5fe
4 changed files with 6 additions and 38 deletions
--- a/security/shibboleth-sp/Makefile
+++ b/security/shibboleth-sp/Makefile
@ -1,8 +1,7 @@
 # Created by: Janos Mohacsi <janos.mohacsi@bsd.hu>

 PORTNAME=	shibboleth-sp
-PORTVERSION=	3.2.1
-PORTREVISION=	1
+PORTVERSION=	3.2.2
 CATEGORIES=	security www
 MASTER_SITES=	http://shibboleth.net/downloads/service-provider/${PORTVERSION}/

--- a/security/shibboleth-sp/distinfo
+++ b/security/shibboleth-sp/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1615929563
-SHA256 (shibboleth-sp-3.2.1.tar.bz2) = 8acde18566bbf987c4022a6f19d0c2df0d306e9344810aec1b6b8b9100d271ef
-SIZE (shibboleth-sp-3.2.1.tar.bz2) = 811714
+TIMESTAMP = 1619424965
+SHA256 (shibboleth-sp-3.2.2.tar.bz2) = e5db65b39cd3f078ff683c792558aa549d46ffc627a70faf3ef4637b2892e767
+SIZE (shibboleth-sp-3.2.2.tar.bz2) = 816128
--- a/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp
+++ b/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp
@ -1,31 +0,0 @@
-From 5a47c3b9378f4c49392dd4d15189b70956f9f2ec Mon Sep 17 00:00:00 2001
-From: Scott Cantor <cantor.2@osu.edu>
-Date: Thu, 22 Apr 2021 15:58:43 -0400
-Subject: [PATCH] SSPCPP-927 - Check for missing DataSealer during cookie recovery
-
-https://issues.shibboleth.net/jira/browse/SSPCPP-927
-
--- shibsp/impl/StorageServiceSessionCache.cpp.orig	2020-12-07 20:51:12.000000000 +0000
-+++ shibsp/impl/StorageServiceSessionCache.cpp	2021-04-23 16:17:00.398821000 +0000
-@@ -1148,6 +1148,12 @@
-     else {
-         // We're out of process, so we can recover the session.
- #ifndef SHIBSP_LITE
-+        const DataSealer* sealer = XMLToolingConfig::getConfig().getDataSealer();
-+        if (!sealer) {
-+            m_log.warn("can't attempt recovery of session (%s), no DataSealer configured", key);
-+            return false;
-+        }
-+
-         m_log.debug("checking for revocation of session (%s)", key);
-         try {
-             if (m_storage_lite->readString("Revoked", key) > 0) {
-@@ -1174,7 +1180,7 @@
-         try {
-             dup = strdup(data);
-             XMLToolingConfig::getConfig().getURLEncoder()->decode(dup);
-            unwrapped = XMLToolingConfig::getConfig().getDataSealer()->unwrap(dup);
-+            unwrapped = sealer->unwrap(dup);
-             free(dup);
- 
-             stringstream str(unwrapped);
--- a/security/shibboleth-sp/pkg-plist
+++ b/security/shibboleth-sp/pkg-plist
@ -92,7 +92,7 @@ include/shibsp/util/TemplateParameters.h
 include/shibsp/version.h
 lib/libshibsp.so
 lib/libshibsp.so.10
-lib/libshibsp.so.10.0.0
+lib/libshibsp.so.10.0.1
 lib/shibboleth/adfs.so
 lib/shibboleth/adfs-lite.so
 %%MEMCACHED%%lib/shibboleth/memcache-store.so
@ -104,7 +104,7 @@ lib/shibboleth/plugins.so
 %%FASTCGI%%lib/shibboleth/shibresponder
 lib/libshibsp-lite.so
 lib/libshibsp-lite.so.10
-lib/libshibsp-lite.so.10.0.0
+lib/libshibsp-lite.so.10.0.1
 libdata/pkgconfig/shibsp-lite.pc
 libdata/pkgconfig/shibsp.pc
 sbin/shibd