The NetBSD Project

CVS log for pkgsrc/security/lasso/PLIST

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / lasso

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.10 / (download) - annotate - [select for diffs], Mon Mar 14 09:43:42 2016 UTC (3 years, 3 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-, HEAD
Changes since 1.9: +6 -1 lines
Diff to previous 1.9 (unified)

Update lasso to 2.5.1

Changes since 2.4.1 from NEWS file:

2.5.1 - February 19th 2016
---------------------------
17 commits, 16 files changed, 1096 insertions, 42 deletions

 - Add missing urn constants used in PAOS HTTP header
 - Set NotBefore in SAML 2.0 login assertions
 - tests: fix leak in test test16_test_get_issuer
 - id-ff: fix leak of profile->private_data->message_id
 - saml-2.0: fix leak of message_id in
   lasso_profile_saml20_build_paos_request_msg
 - tests: fix leaks in test_ecp
 - xml: fix wrong termination of comment
 - xml: fix leak in lasso_soap_envelope_new_full
 - profile: fix leak of private idp_list field
 - saml-2.0: fix leaks of url
 - tests: fix leak
 - tests: update valgrind suppressions
 - perl: remove quotes from $PERL -V::ccflags: output (#9572)
 - Fix wrong snippet type (fixes #9616). Thanks to Brett Gardner for the patch.
 - tools.c: use correct NID and digest length when building RSA signature
   using SHA-2 digest
   (fixes #10019) Thanks to Brett Gardner for the patch.
 - bindings/php5: fix enum getters and setters (fixes #10032). Thanks to
   Brett Gardner for the bug report.
 - fix warning about INCLUDES directive

2.5.0 - September 2nd 2015
--------------------------
151 commits, 180 files changed, 8391 insertions, 1339 deletions

 - lots of bugfixes (reported by static analysis tools like clang,
   coverity and manual inspection) thanks to Simo Sorce and John Dennis from
   RedHat
 - xsd:choices are now parsed correctly by implementing a real finite automata
   for parsing XML documents. New flag for jumping forward and backward in
   schema snippets have been added. It fixes parsing of message from third
   party not following the ordre from the schema (they are entitled to do it but
   most SAML implementations do not)
 - added C CGI examples for SP and IdP side
 - removed the _POSIX_SOURCE declaration
 - added support for the SHA-2 family of hash functions
 - fixed protocol profile selection when parsing AuthnRequest
 - added support for Python 3, thanks to Houzefa Abbasbhay from
   XCG Consulting
 - fixed default value of WantAuthnRequestSigned in metadata parsing
 - SAML 2.0 ECP is now functionnal, thanks to John Dennis from RedHat
 - added two new API function to LassoProfile to extract the Issuer and
   InResponseTo attribute of messages, allowing pre-treatment before parsing
   the message, to load the metadata of the remote provider, or find the request
   which the response matches.
 - fixed segfault when parsing HTTP-Redirect marlformed base64 content
 - added support for automake 1.15 (jdennis)

Revision 1.9 / (download) - annotate - [select for diffs], Wed Apr 1 14:05:02 2015 UTC (4 years, 2 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.8: +11 -370 lines
Diff to previous 1.8 (unified)

Upgrade lasso to 2.4.1 to fix CVE-2015-1783, approved by wiz@

NEWS from last pkgsrc version:

2.4.1 - Septembre 28th 2014
---------------------------
56 commits, 35 files changed, 12590 insertions(+), 31117 deletions(-)

 - fix bug #4455 runtime bug in perl binding on debian wheezy 32bits #
 - fix warning on g_type_init() on GLib > 2.36
 - lot of null pointer, boundary checks, and dead code removal after validation
	 using Coverity and Clang static analyzer (Simo Sorce)
 - always set NotOnOrAfter on the Condition element
 - fix pkg-config typo (Simon Josefsson)
 - Python binding now conserve the order of session indexes values
 - fix memory leaks
 - Python bindings now automatically convert unicode values to UTF-8

2.4.0 - January 7th 2014
------------------------
281 commits, 933 files changed, 45384 insertions, 6313 deletions

Minor version number increase since ABI was extended (new methods).

 - Key rollover support:
   Lasso is now able to accept messages signed by any key declared as a signing
   key in a metadata and not just the last one. You can also decrypt encrypted
   nodes using any of a list of private keys, allowing roll-over of encryption
   certificates. Signing key roll-over is automatic, your provider just have to
   provide the new signing key in their metadata. For multiple-encryption key
   you can load another private key than the one loaded in the LassoServer
   constuctor with code like that:

      >>> import lasso
      >>> server = lasso.Server(our_metadata, first_private_key_path)
      >>> server.setEncryptionPrivateKey(second_private_key_path)

   See the FAQ file for the workflow of a proper key roll-over.

 - Partial logout response now produces a specific error code when parsed by
   lasso_logout_process_response_msg()
 - Bugs in lasso_assertion_query_build_request_msg() were fixed
 - Processing of assertions is not stopped when checking that first level
   status code is not success, so that later code can check the second level
   status code.
 - A new generic error for denied request was added,
   LASSO_PROFILE_ERROR_REQUEST_DENIED
 - A new API lasso_server_load_metadata() was added to load federation files
   (XML files containing metadata from multiple providers) and to check
   signatures on them.
 - Better warning and errors are reported in logs when failing to load a
   metadata file.
 - Bugs around missing namespace declaration for dump file were fixed, it
   prevented reloading dumped object (like LassoLogin).
 - lasso_node_get_xml_node_for_any_type() must be able to copy the content of
   an XML node to another (namespace, attribute and children). It did not, now
   it is fixed. It can be used for example to add specific attribute like
   xsi:type="string" to a Saml2AttributeValue. Here is a python snippet to do that:

      >>> import lasso
      >>> a = lasso.Saml2AttributeValue()
      >>> a.setOriginalXmlnode('<Dummy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="string">Value</Dummy>')
      >>> print a.debug(0)
      <saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="string">Value</saml:AttributeValue>
 - support for symetric keys signatures: for a long time XMLDsig standard has
   supported HMAC signature, or signature based on a shared secret key an hash
   algorithm. Lasso now supports to share a key with another Lasso using
   service or identity provider and to verify and sign SAML exchange using this
   key. Performance can be 100 times more than with assymetric cryptography,
   i.e. RSA.
 - nodes able to hold any XML attribyte (like saml:AttributeValue) contains a
   hashtable to for holding those attributes, those hashtable have a new syntax
   for attributes of another namespace than the current node namespace,
   inspired by the Python ElementTree library:

    {the_namespace}the_attribute_name

   ex:

    {http://www.w3.org/2001/XMLSchema-instance}type

   for the classic xsi:type attribute.
 - xmldsig:X509Data node now possess a binding as a Lasso object. You can use
   it combined with the new class LassoSaml2KeyInformationDataType to use the
   holder-of-key subject confirmation method.
 - The perfs benchmarking tools now allows to select a different metadata set
   (for example to test with different public key sizes).
 - Perl minimal version for the binding was downgraded to 5
 - pseudo-XSchema validation: the new XML deserializer does more to enforce
   constraints of the schema defining SAML messages. It means Lasso is less
   forgiving with non-conform implementation of SAML.
 - thin-sessions mode: A new flag was added named thin-session, you can set it
   using lasso_set_flag("thin-sessions") or by setting the LASSO_FLAG
   environement variable to the string "thin-sessions". The effect of this flag
   is to remove complete storage of assertions in the LassoSession object,
   which was made mainly to support logout and the artifact binding for ID-FF
   1.2. A new thinner structure is used for supporting logout, and ID-FF 1.2
   can now use the same storage mechanism as the SAML 2 implementation for the
   artifact binding (i.e. using lasso_profile_get_artifact_message after
   artifact generation and lasso_profile_set_artifact_message before artifact
   retrieval).
 - better initialization and access to SessionIndex in logout requests:
   LassoSession now store all generated SessionIndex for a session using a
   small structure, using it the LassoLogout profile can now initialize
   LassoLogout message with all of them. It's not necessary to implement this
   functionnalitin your service or identity provider anymore.
 - new LassoKey object: this new class was introduced to simplify management of
   keys when using shared key signature. But you can also use it to load
   assymetric keys. In the future it should gain API to do XML signature and
   encryptiong independently of any SAML 2.0 or ID-FF 1.2 exchange. Providing
   the first simple binding of libxmlsec to Python.
 - Improvements to autoconf and automake files to compile under Darwin (Mac Os
   X) and Fedora.
 - a FAQ file was started.
 - added API:
	LASSO_LOGOUT_ERROR_PARTIAL_LOGOUT
	LASSO_PROFILE_ERROR_ENDPOINT_INDEX_NOT_FOUND
	LASSO_PROFILE_ERROR_REQUEST_DENIED
	LASSO_PROVIDER_ROLE_ALL
	LASSO_SERVER_ERROR_NO_PROVIDER_LOADED
	LASSO_SERVER_LOAD_METADATA_FLAG_CHECK_ENTITIES_DESCRIPTOR_SIGNATURE
	LASSO_SERVER_LOAD_METADATA_FLAG_CHECK_ENTITY_DESCRIPTOR_SIGNATURE
	LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT
	LASSO_SERVER_LOAD_METADATA_FLAG_INHERIT_SIGNATURE
	LASSO_SIGNATURE_METHOD_HMAC_SHA1
	LASSO_SIGNATURE_METHOD_NONE
	LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA
	LASSO_XMLENC_HREF
	LASSO_XMLENC_PREFIX
	struct LassoDsX509Data {  LassoDsX509DataPrivate* private_data  }
	struct LassoKey {  LassoKeyPrivate* private_data  }
	struct LassoSaml2KeyInfoConfirmationDataType {  LassoSaml2KeyInfoConfirmationDataTypePrivate* private_data  }
	LassoServerLoadMetadataFlag
	LassoDsX509Data*   lasso_ds_key_value_get_x509_data ( LassoDsKeyValue* key_value )
	None   lasso_ds_key_value_set_x509_data ( LassoDsKeyValue* key_value, LassoDsX509Data* x509_data )
	const char*   lasso_ds_x509_data_get_certificate ( LassoDsX509Data* x509_data )
	const char*   lasso_ds_x509_data_get_crl ( LassoDsX509Data* x509_data )
	const char*   lasso_ds_x509_data_get_subject_name ( LassoDsX509Data* x509_data )
	GType   lasso_ds_x509_data_get_type (  )
	LassoDsX509Data*   lasso_ds_x509_data_new (  )
	None   lasso_ds_x509_data_set_certificate ( LassoDsX509Data* x509_data, const char* certificate )
	None   lasso_ds_x509_data_set_crl ( LassoDsX509Data* x509_data, const char* crl )
	None   lasso_ds_x509_data_set_subject_name ( LassoDsX509Data* x509_data, const char* subject_name )
	GType   lasso_key_get_type (  )
	LassoKey*   lasso_key_new_for_signature_from_base64_string ( char* base64_string, char* password, LassoSignatureMethod signature_method, char* certificate )
	LassoKey*   lasso_key_new_for_signature_from_file ( char* filename_or_buffer, char* password, LassoSignatureMethod signature_method, char* certificate )
	char*   lasso_key_query_sign ( LassoKey* key, const char* query )
	lasso_error_t   lasso_key_query_verify ( LassoKey* key, const char* query )
	xmlNode*   lasso_key_saml2_xml_sign ( LassoKey* key, const char* id, xmlNode* document )
	lasso_error_t   lasso_key_saml2_xml_verify ( LassoKey* key, char* id, xmlNode* document )
	GList*   lasso_lib_logout_request_get_session_indexes ( LassoLibLogoutRequest* lib_logout_request )
	None   lasso_lib_logout_request_set_session_indexes ( LassoLibLogoutRequest* lib_logout_request, GList* session_indexes )
	lasso_error_t   lasso_provider_add_key ( LassoProvider* provider, LassoKey* key, gboolean after )
	lasso_error_t   lasso_provider_set_server_signing_key ( LassoProvider* provider, LassoKey* key )
	int   lasso_provider_verify_signature ( LassoProvider* provider, const char* message, const char* id_attr_name, LassoMessageFormat format )
	GList*   lasso_saml2_key_info_confirmation_data_type_get_key_info ( LassoSaml2KeyInfoConfirmationDataType* kicdt )
	GType   lasso_saml2_key_info_confirmation_data_type_get_type (  )
	LassoNode*   lasso_saml2_key_info_confirmation_data_type_new (  )
	None   lasso_saml2_key_info_confirmation_data_type_set_key_info ( LassoSaml2KeyInfoConfirmationDataType* kicdt, GList* key_infos )
	gboolean   lasso_saml_name_identifier_equals ( LassoSamlNameIdentifier* a, LassoSamlNameIdentifier* b )
	lasso_error_t   lasso_server_add_provider2 ( LassoServer* server, LassoProvider* provider )
	lasso_error_t   lasso_server_load_metadata ( LassoServer* server, LassoProviderRole role, const gchar* federation_file, const gchar* trusted_roots, GList* blacklisted_entity_ids, GList** loaded_entity_ids, LassoServerLoadMetadataFlag flags )
	GList*   lasso_session_get_assertion_ids ( LassoSession* session, const gchar* providerID )
	GList*   lasso_session_get_name_ids ( LassoSession* session, const gchar* providerID )
	GList*   lasso_session_get_session_indexes ( LassoSession* session, const gchar* providerID, LassoNode* name_id )

Revision 1.8 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:15 2012 UTC (6 years, 7 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.7: +114 -114 lines
Diff to previous 1.7 (unified)

Upgrade to lasso 2.3.6 in order to completely fix the libxml 2.9 dependency

ChangeLog Since 2.3.5:
 * fix a bug when receiving a signature using the InclusiveNamespaces
   PrefixList by copying namespace declaration from upper level at the level of
   the signed node.
 * fix compilation warning on recent version of GCC

Revision 1.7 / (download) - annotate - [select for diffs], Mon Apr 4 08:30:30 2011 UTC (8 years, 2 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.6: +14 -10 lines
Diff to previous 1.6 (unified)

Major update, with many changes that ould be difficult to sum up. Please
see the NEWS file.

Revision 1.6 / (download) - annotate - [select for diffs], Thu Mar 24 03:04:16 2011 UTC (8 years, 2 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (unified)

Use bsdtar for extract, or result in corrupted file name with certain tar.

Bump PKGREVISION.

Revision 1.5 / (download) - annotate - [select for diffs], Sun Jun 6 11:52:31 2010 UTC (9 years ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.4: +1 -9 lines
Diff to previous 1.4 (unified)

remove obsoleted @dirrm.

Revision 1.4 / (download) - annotate - [select for diffs], Mon May 31 16:44:28 2010 UTC (9 years ago) by manu
Branch: MAIN
Changes since 1.3: +400 -174 lines
Diff to previous 1.3 (unified)

Update to lasso 2.2.91. From the NEWS file:

2.2.91 - January 26th 2010
--------------------------

A new Perl binding, fix for backward compatibility with old versions of glib,
LassoLogout API is more robust since it does not need anymore for all SP logout
to finish to work, new macro lasso_list_add_new_xml_node, add support for
WS-Security UsernameToken (equivalent of poor man HTTP Digest Authentication),
make public internal APIs: lasso_session_add_assertion,
lasso_session_get_assertion and lasso_session_remove_assertion.

2.2.90 - January 18th 2010
--------------------------

Lots of internal changes and some external one too.

There is a new api to force, forbid or let Lasso sign messages, it is called
lasso_profile_set_signature_hint.

Big overhaul of the ID-WSF 1 and 2 codes, and of the SAML 2.0 profiles. Now all
SAML 2.0 profile use common internal functions from the lasso_saml20_profile_
namespace to handle bindings (SOAP,Redirect,POST,Artifact,PAOS). New internal
API to load SSL keys from many more formats from the public API.

In ID-WSF 2.0, Data Service Template has been simplified, we no more try to
apply queries, it is the responsability of the using code to handle them.

In bindings land, the file bindings/utils.py has been stuffed with utility
function to manipulate 'type' tuple, with are now used to transfer argument and
type description, their schema is (name, C-type, { dictionary of options } ),
they are now used everywhere in the different bindings. We support output
argument in PHP5, Python and Java, i.e. pointer of pointer arguments with are
written to in order to return multiple values. For language where the binding
convert error codes to exceptions (all of them now), the ouput value is
returned as the normal return value of the method, so only one output argument
is handled for now.

We now use GObject-introspection annotations in the documentation to transfer
to the binding generator the necessary metadata about the API (content of
lists, hashtables, wheter pointer are caller/callee owned, can be NULL or if
argument have a default value). The file bindings/override.xml is now
deprecated.

In documentation land, the main reference documentation was reorganizaed and
more symbols have been added to it. Many more functions are documented.

There is now tools to control the evolution of the ABI/API of Lasso.

Revision 1.3 / (download) - annotate - [select for diffs], Sun Jun 14 18:13:31 2009 UTC (10 years ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2
Changes since 1.2: +1 -11 lines
Diff to previous 1.2 (unified)

Remove @dirrm entries from PLISTs

Revision 1.2 / (download) - annotate - [select for diffs], Thu Apr 9 03:23:55 2009 UTC (10 years, 2 months ago) by manu
Branch: MAIN
Changes since 1.1: +6 -1 lines
Diff to previous 1.1 (unified)

Upgrade to lasso-2.2.2:

From distribution NEWS file:
Many fixes and improvements to the ID-WSF 1 support, new API to load SSL keys
off memory, documentation for ID-WSF methods, general robustness and memory
leak fixes.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Mar 2 16:46:01 2009 UTC (10 years, 3 months ago) by manu
Branch: TNF
CVS Tags: pkgsrc-base, pkgsrc-2009Q1-base, pkgsrc-2009Q1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (unified)

Lasso is a free software C library aiming to implement the Liberty
Alliance standards: ID-FF, ID-WSF and SAML. It defines processes for
federated identities, single sign-on and related protocols. Lasso is
built on top of libxml2, XMLSec and OpenSSL and is GPL licensed.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Mar 2 16:46:01 2009 UTC (10 years, 3 months ago) by manu
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>