--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package shibboleth-sp
Dear Release Team,
When upstream fixed #924346 in xmltooling, they also fixed the same
problem (uncaught parser exceptions) in shibboleth-sp to prevent DoS
crashes that haven't been identified yet. The fixes were published
together in new patch-level upstream releases for the whole Shibboleth
Service Provider stack: xmltooling, opensaml and shibboleth-sp. Beyond
the DoS prevention, shibboleth-sp 3.0.4 consists of three other bugfixes:
* incorrect C++ code usage pattern invoking undefined behavior via
boost::bind (https://issues.shibboleth.net/jira/browse/SSPCPP-847,
already mentioned in unblock request #924577);
* certain web applications provoking unbounded cookie data growth
(https://issues.shibboleth.net/jira/browse/SSPCPP-851); and
* documented configuration settings being ignored in some contexts
(https://issues.shibboleth.net/jira/browse/SSPCPP-848).
This last one can be worked around by verbosely expanding the affected
configuration constructs, so it can be considered a minor issue. But
the other three are major or potentially serious, so I ask for your
permission to to upload 3.0.4+dfsg1-1 to unstable with a future unblock.
Thanks,
Feri.
diff -Nru shibboleth-sp-3.0.3+dfsg1/configure shibboleth-sp-3.0.4+dfsg1/configure
--- shibboleth-sp-3.0.3+dfsg1/configure 2018-12-12 20:16:00.000000000 +0100
+++ shibboleth-sp-3.0.4+dfsg1/configure 2019-03-08 16:15:39.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for shibboleth 3.0.3.
+# Generated by GNU Autoconf 2.69 for shibboleth 3.0.4.
#
# Report bugs to <https://issues.shibboleth.net/>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='shibboleth'
PACKAGE_TARNAME='shibboleth-sp'
-PACKAGE_VERSION='3.0.3'
-PACKAGE_STRING='shibboleth 3.0.3'
+PACKAGE_VERSION='3.0.4'
+PACKAGE_STRING='shibboleth 3.0.4'
PACKAGE_BUGREPORT='https://issues.shibboleth.net/'
PACKAGE_URL=''
@@ -1522,7 +1522,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures shibboleth 3.0.3 to adapt to many kinds of systems.
+\`configure' configures shibboleth 3.0.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1592,7 +1592,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of shibboleth 3.0.3:";;
+ short | recursive ) echo "Configuration of shibboleth 3.0.4:";;
esac
cat <<\_ACEOF
@@ -1792,7 +1792,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-shibboleth configure 3.0.3
+shibboleth configure 3.0.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2670,7 +2670,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by shibboleth $as_me 3.0.3, which was
+It was created by shibboleth $as_me 3.0.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3535,7 +3535,7 @@
# Define the identity of the package.
PACKAGE='shibboleth-sp'
- VERSION='3.0.3'
+ VERSION='3.0.4'
cat >>confdefs.h <<_ACEOF
@@ -24198,7 +24198,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by shibboleth $as_me 3.0.3, which was
+This file was extended by shibboleth $as_me 3.0.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -24264,7 +24264,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-shibboleth config.status 3.0.3
+shibboleth config.status 3.0.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru shibboleth-sp-3.0.3+dfsg1/configure.ac shibboleth-sp-3.0.4+dfsg1/configure.ac
--- shibboleth-sp-3.0.3+dfsg1/configure.ac 2018-10-12 20:06:42.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/configure.ac 2019-03-08 16:09:43.000000000 +0100
@@ -1,5 +1,5 @@
AC_PREREQ([2.50])
-AC_INIT([shibboleth],[3.0.3],[https://issues.shibboleth.net/],[shibboleth-sp])
+AC_INIT([shibboleth],[3.0.4],[https://issues.shibboleth.net/],[shibboleth-sp])
AC_CONFIG_SRCDIR(shibsp)
AC_CONFIG_AUX_DIR(build-aux)
AC_CONFIG_MACRO_DIR(m4)
diff -Nru shibboleth-sp-3.0.3+dfsg1/config_win32.h shibboleth-sp-3.0.4+dfsg1/config_win32.h
--- shibboleth-sp-3.0.3+dfsg1/config_win32.h 2018-10-12 20:06:42.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/config_win32.h 2019-03-08 16:09:43.000000000 +0100
@@ -121,13 +121,13 @@
#define PACKAGE_NAME "shibboleth"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "shibboleth 3.0.3"
+#define PACKAGE_STRING "shibboleth 3.0.4"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "shibboleth-sp"
/* Define to the version of this package. */
-#define PACKAGE_VERSION "3.0.3"
+#define PACKAGE_VERSION "3.0.4"
/* Define to the necessary symbol if this constant uses a non-standard name on
your system. */
@@ -140,7 +140,7 @@
/* #undef TM_IN_SYS_TIME */
/* Version number of package */
-#define VERSION "3.0.3"
+#define VERSION "3.0.4"
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
diff -Nru shibboleth-sp-3.0.3+dfsg1/debian/changelog shibboleth-sp-3.0.4+dfsg1/debian/changelog
--- shibboleth-sp-3.0.3+dfsg1/debian/changelog 2018-12-21 02:15:22.000000000 +0100
+++ shibboleth-sp-3.0.4+dfsg1/debian/changelog 2019-03-16 20:51:16.000000000 +0100
@@ -1,3 +1,11 @@
+shibboleth-sp (3.0.4+dfsg1-1) unstable; urgency=medium
+
+ * [f284741] New upstream release: 3.0.4
+ * [095e478] Refresh our patches
+ * [129417f] Update Standards-Version to 4.3.0 (no changes required)
+
+ -- Ferenc Wágner <wferi@debian.org> Sat, 16 Mar 2019 20:51:16 +0100
+
shibboleth-sp (3.0.3+dfsg1-1) unstable; urgency=medium
* [5ff63ef] New upstream release: 3.0.3
diff -Nru shibboleth-sp-3.0.3+dfsg1/debian/control shibboleth-sp-3.0.4+dfsg1/debian/control
--- shibboleth-sp-3.0.3+dfsg1/debian/control 2018-10-30 20:04:46.000000000 +0100
+++ shibboleth-sp-3.0.4+dfsg1/debian/control 2019-03-16 20:51:06.000000000 +0100
@@ -27,7 +27,7 @@
Build-Depends-Indep:
doxygen,
graphviz,
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
Homepage: http://shibboleth.net/
Vcs-Git: https://salsa.debian.org/shib-team/shibboleth-sp2.git
Vcs-Browser: https://salsa.debian.org/shib-team/shibboleth-sp2
diff -Nru shibboleth-sp-3.0.3+dfsg1/debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch shibboleth-sp-3.0.4+dfsg1/debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch
--- shibboleth-sp-3.0.3+dfsg1/debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch 2018-12-21 02:12:57.000000000 +0100
+++ shibboleth-sp-3.0.4+dfsg1/debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch 2019-03-16 20:48:54.000000000 +0100
@@ -37,7 +37,7 @@
# If $DAEMON_USER is set, try to run shibd as that user. However,
diff --git a/shibsp/Makefile.am b/shibsp/Makefile.am
-index 2a5b61d..eb0d9e9 100644
+index eb7a70c..5b8a1a1 100644
--- a/shibsp/Makefile.am
+++ b/shibsp/Makefile.am
@@ -281,7 +281,7 @@ libshibsp_lite_la_LIBADD = \
diff -Nru shibboleth-sp-3.0.3+dfsg1/isapi_shib/isapi_shib.rc shibboleth-sp-3.0.4+dfsg1/isapi_shib/isapi_shib.rc
--- shibboleth-sp-3.0.3+dfsg1/isapi_shib/isapi_shib.rc 2018-07-10 03:17:23.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/isapi_shib/isapi_shib.rc 2019-03-08 16:09:43.000000000 +0100
@@ -25,8 +25,8 @@
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION RC_FILE_VERSION ,1
- PRODUCTVERSION RC_PRODUCT_VERSION,1
+ FILEVERSION RC_FILE_VERSION,0
+ PRODUCTVERSION RC_PRODUCT_VERSION,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibboleth.spec shibboleth-sp-3.0.4+dfsg1/shibboleth.spec
--- shibboleth-sp-3.0.3+dfsg1/shibboleth.spec 2018-12-12 20:16:24.000000000 +0100
+++ shibboleth-sp-3.0.4+dfsg1/shibboleth.spec 2019-03-08 16:16:06.000000000 +0100
@@ -1,5 +1,5 @@
Name: shibboleth
-Version: 3.0.3
+Version: 3.0.4
Release: 1
Summary: Open source system for attribute-based Web SSO
Group: Productivity/Networking/Security
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/Application.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/Application.cpp
--- shibboleth-sp-3.0.3+dfsg1/shibsp/Application.cpp 2018-07-10 03:17:23.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/Application.cpp 2019-01-14 20:22:42.000000000 +0100
@@ -109,15 +109,9 @@
void Application::clearAttributeHeaders(SPRequest& request) const
{
if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) {
- for_each(
- m_unsetHeaders.begin(), m_unsetHeaders.end(),
- boost::bind(
- &SPRequest::clearHeader,
- boost::ref(request),
- boost::bind(&string::c_str, boost::bind(&pair<string,string>::first, _1)),
- boost::bind(&string::c_str, boost::bind(&pair<string,string>::second, _1))
- )
- );
+ for (vector< pair<string,string> >::const_iterator i = m_unsetHeaders.begin(); i != m_unsetHeaders.end(); ++i) {
+ request.clearHeader(i->first.c_str(), i->second.c_str());
+ }
return;
}
@@ -148,15 +142,9 @@
// Now holding read lock.
SharedLock unsetLock(m_lock, false);
- for_each(
- m_unsetHeaders.begin(), m_unsetHeaders.end(),
- boost::bind(
- &SPRequest::clearHeader,
- boost::ref(request),
- boost::bind(&string::c_str, boost::bind(&pair<string,string>::first, _1)),
- boost::bind(&string::c_str, boost::bind(&pair<string,string>::second, _1))
- )
- );
+ for (vector< pair<string,string> >::const_iterator i = m_unsetHeaders.begin(); i != m_unsetHeaders.end(); ++i) {
+ request.clearHeader(i->first.c_str(), i->second.c_str());
+ }
}
void Application::limitRedirect(const GenericRequest& request, const char* url) const
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/handler/impl/AbstractHandler.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/handler/impl/AbstractHandler.cpp
--- shibboleth-sp-3.0.3+dfsg1/shibsp/handler/impl/AbstractHandler.cpp 2018-08-01 19:56:31.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/handler/impl/AbstractHandler.cpp 2019-03-08 16:09:43.000000000 +0100
@@ -646,8 +646,35 @@
postkey = string(mech.second-3) + ':' + out.string();
}
- // Set a cookie with key info.
pair<string,const char*> shib_cookie = getPostCookieNameProps(application, relayState);
+
+ // Purge any cookies in excess of 25.
+ int maxCookies = 25,purgedCookies = 0;
+ string exp;
+
+ // Walk the list of cookies backwards by name.
+ const map<string,string>& cookies = request.getCookies();
+ for (map<string,string>::const_reverse_iterator i = cookies.rbegin(); i != cookies.rend(); ++i) {
+ // Process post data cookies only.
+ if (starts_with(i->first, "_shibpost_")) {
+ if (maxCookies > 0) {
+ // Keep it, but count it against the limit.
+ --maxCookies;
+ }
+ else {
+ // We're over the limit, so everything here and older gets cleaned up.
+ if (exp.empty())
+ exp = string(shib_cookie.second) + "; expires=Mon, 01 Jan 2001 00:00:00 GMT";
+ response.setCookie(i->first.c_str(), exp.c_str());
+ ++purgedCookies;
+ }
+ }
+ }
+
+ if (purgedCookies > 0)
+ log(SPRequest::SPDebug, string("purged ") + lexical_cast<string>(purgedCookies) + " stale POST preservation cookie(s) from client");
+
+ // Set a cookie with key info.
postkey += shib_cookie.second;
response.setCookie(shib_cookie.first.c_str(), postkey.c_str());
}
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp
--- shibboleth-sp-3.0.3+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp 2018-07-10 03:17:23.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp 2019-03-08 16:09:43.000000000 +0100
@@ -1402,7 +1402,9 @@
pcache->m_log.info("purging %d old sessions", stale_keys.size());
// Pass 2: walk through the list of stale entries and remove them from the cache
- for_each(stale_keys.begin(), stale_keys.end(), boost::bind(&SSCache::dormant, pcache, boost::bind(&string::c_str, _1)));
+ for (vector<string>::const_iterator i = stale_keys.begin(); i != stale_keys.end(); ++i) {
+ pcache->dormant(i->c_str());
+ }
}
pcache->m_log.debug("cleanup thread completed");
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/impl/XMLApplication.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/impl/XMLApplication.cpp
--- shibboleth-sp-3.0.3+dfsg1/shibsp/impl/XMLApplication.cpp 2018-10-12 19:42:15.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/impl/XMLApplication.cpp 2019-03-08 16:09:43.000000000 +0100
@@ -716,6 +716,21 @@
if (!hasChildElements) {
// Append a session initiator element of the designated type to the root element.
DOMElement* sidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _SessionInitiator);
+
+ // Copy in any attributes from the <SSO> element so they can be accessed as properties in the SI handler
+ // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware.
+ // The property-based lookups will walk up the DOM tree but the DOM-only code won't.
+ for (XMLSize_t p = 0; p < ssopropslen; ++p) {
+ DOMNode* ssoprop = ssoprops->item(p);
+ if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) {
+ sidom->setAttributeNS(
+ ((DOMAttr*)ssoprop)->getNamespaceURI(),
+ ((DOMAttr*)ssoprop)->getLocalName(),
+ ((DOMAttr*)ssoprop)->getValue()
+ );
+ }
+ }
+
sidom->setAttributeNS(nullptr, _type, inittype.second);
e->appendChild(sidom);
log.info("adding SessionInitiator of type (%s) to chain (/Login)", initiator->getString("id").second);
@@ -740,7 +755,8 @@
if (idprop.first && pathprop.first) {
DOMElement* acsdom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _AssertionConsumerService);
- // Copy in any attributes from the <SSO> element so they can be accessed as properties in the ACS handler.
+ // Copy in any attributes from the <SSO> element so they can be accessed as properties in the ACS handler,
+ // since the handlers aren't attached to the SSO element.
for (XMLSize_t p = 0; p < ssopropslen; ++p) {
DOMNode* ssoprop = ssoprops->item(p);
if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) {
@@ -806,6 +822,21 @@
if (discou && *discou) {
// Append a session initiator element of the designated type to the root element.
DOMElement* sidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _SessionInitiator);
+
+ // Copy in any attributes from the <SSO> element so they can be accessed as properties in the SI handler
+ // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware.
+ // The property-based lookups will walk up the DOM tree but the DOM-only code won't.
+ for (XMLSize_t p = 0; p < ssopropslen; ++p) {
+ DOMNode* ssoprop = ssoprops->item(p);
+ if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) {
+ sidom->setAttributeNS(
+ ((DOMAttr*)ssoprop)->getNamespaceURI(),
+ ((DOMAttr*)ssoprop)->getLocalName(),
+ ((DOMAttr*)ssoprop)->getValue()
+ );
+ }
+ }
+
sidom->setAttributeNS(nullptr, _type, discop);
sidom->setAttributeNS(nullptr, _URL, discou);
e->appendChild(sidom);
@@ -862,6 +893,21 @@
if (!hasChildElements) {
// Append a logout initiator element of the designated type to the root element.
DOMElement* lidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _LogoutInitiator);
+
+ // Copy in any attributes from the <Logout> element so they can be accessed as properties in the LI handler
+ // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware.
+ // The property-based lookups will walk up the DOM tree but the DOM-only code won't.
+ for (XMLSize_t p = 0; p < slopropslen; ++p) {
+ DOMNode* sloprop = sloprops->item(p);
+ if (sloprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) {
+ lidom->setAttributeNS(
+ ((DOMAttr*)sloprop)->getNamespaceURI(),
+ ((DOMAttr*)sloprop)->getLocalName(),
+ ((DOMAttr*)sloprop)->getValue()
+ );
+ }
+ }
+
lidom->setAttributeNS(nullptr, _type, inittype.second);
e->appendChild(lidom);
log.info("adding LogoutInitiator of type (%s) to chain (/Logout)", initiator->getString("id").second);
@@ -1499,14 +1545,20 @@
whitelist.push_back(string("http://";) + request.getHostname() + ':');
}
- static bool (*startsWithI)(const char*,const char*) = XMLString::startsWithI;
- if (!whitelist.empty() && find_if(whitelist.begin(), whitelist.end(),
- boost::bind(startsWithI, url, boost::bind(&string::c_str, _1))) != whitelist.end()) {
- return;
- }
- else if (!m_redirectWhitelist.empty() && find_if(m_redirectWhitelist.begin(), m_redirectWhitelist.end(),
- boost::bind(startsWithI, url, boost::bind(&string::c_str, _1))) != m_redirectWhitelist.end()) {
- return;
+ if (!whitelist.empty()) {
+ for (vector<string>::const_iterator i = whitelist.begin(); i != whitelist.end(); ++i) {
+ if (XMLString::startsWithI(url, i->c_str())) {
+ return;
+ }
+ }
+ }
+
+ if (!m_redirectWhitelist.empty()) {
+ for (vector<string>::const_iterator i = m_redirectWhitelist.begin(); i != m_redirectWhitelist.end(); ++i) {
+ if (XMLString::startsWithI(url, i->c_str())) {
+ return;
+ }
+ }
}
Category::getInstance(SHIBSP_LOGCAT ".Application").warn("redirectLimit policy enforced, blocked redirect to (%s)", url);
throw opensaml::SecurityPolicyException("Blocked unacceptable redirect location.");
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/Makefile.am shibboleth-sp-3.0.4+dfsg1/shibsp/Makefile.am
--- shibboleth-sp-3.0.3+dfsg1/shibsp/Makefile.am 2018-10-12 20:09:40.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/Makefile.am 2019-03-08 16:09:43.000000000 +0100
@@ -243,7 +243,7 @@
# this is different from the project version
# http://sources.redhat.com/autobook/autobook/autobook_91.html
-libshibsp_la_LDFLAGS = -version-info 8:3:0
+libshibsp_la_LDFLAGS = -version-info 8:4:0
libshibsp_la_CXXFLAGS = \
$(AM_CXXFLAGS) \
$(BOOST_CPPFLAGS) \
@@ -262,7 +262,7 @@
$(xerces_LIBS) \
$(xmlsec_LIBS) \
$(xmltooling_LIBS)
-libshibsp_lite_la_LDFLAGS = -version-info 8:3:0
+libshibsp_lite_la_LDFLAGS = -version-info 8:4:0
libshibsp_lite_la_CXXFLAGS = -DSHIBSP_LITE \
$(AM_CXXFLAGS) \
$(BOOST_CPPFLAGS) \
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/Makefile.in shibboleth-sp-3.0.4+dfsg1/shibsp/Makefile.in
--- shibboleth-sp-3.0.3+dfsg1/shibsp/Makefile.in 2018-12-12 20:15:59.000000000 +0100
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/Makefile.in 2019-03-08 16:15:39.000000000 +0100
@@ -1053,7 +1053,7 @@
# this is different from the project version
# http://sources.redhat.com/autobook/autobook/autobook_91.html
-libshibsp_la_LDFLAGS = -version-info 8:3:0
+libshibsp_la_LDFLAGS = -version-info 8:4:0
libshibsp_la_CXXFLAGS = \
$(AM_CXXFLAGS) \
$(BOOST_CPPFLAGS) \
@@ -1074,7 +1074,7 @@
$(xmlsec_LIBS) \
$(xmltooling_LIBS)
-libshibsp_lite_la_LDFLAGS = -version-info 8:3:0
+libshibsp_lite_la_LDFLAGS = -version-info 8:4:0
libshibsp_lite_la_CXXFLAGS = -DSHIBSP_LITE \
$(AM_CXXFLAGS) \
$(BOOST_CPPFLAGS) \
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/remoting/impl/SocketListener.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/remoting/impl/SocketListener.cpp
--- shibboleth-sp-3.0.3+dfsg1/shibsp/remoting/impl/SocketListener.cpp 2018-12-13 16:31:25.000000000 +0100
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/remoting/impl/SocketListener.cpp 2019-03-08 16:09:43.000000000 +0100
@@ -34,7 +34,9 @@
#include <stack>
#include <sstream>
#include <boost/lexical_cast.hpp>
+#include <xercesc/sax/SAXException.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
+#include <xercesc/util/OutOfMemoryException.hpp>
#include <xmltooling/util/NDC.h>
#include <xmltooling/util/XMLHelper.h>
@@ -560,6 +562,24 @@
// Dispatch the message.
m_listener->receive(in, sink);
}
+ catch (const xercesc::DOMException& e) {
+ auto_ptr_char temp(e.getMessage());
+ if (incomingError)
+ log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message");
+ XMLParserException ex(string("DOM error: ") + (temp.get() ? temp.get() : "no message"));
+ DDF out=DDF("exception").string(ex.toString().c_str());
+ DDFJanitor jout(out);
+ sink << out;
+ }
+ catch (const xercesc::SAXException& e) {
+ auto_ptr_char temp(e.getMessage());
+ if (incomingError)
+ log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message");
+ XMLParserException ex(string("SAX error: ") + (temp.get() ? temp.get() : "no message"));
+ DDF out=DDF("exception").string(ex.toString().c_str());
+ DDFJanitor jout(out);
+ sink << out;
+ }
catch (const xercesc::XMLException& e) {
auto_ptr_char temp(e.getMessage());
if (incomingError)
@@ -568,6 +588,15 @@
DDF out=DDF("exception").string(ex.toString().c_str());
DDFJanitor jout(out);
sink << out;
+ }
+ catch (const xercesc::OutOfMemoryException& e) {
+ auto_ptr_char temp(e.getMessage());
+ if (incomingError)
+ log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message");
+ XMLParserException ex(string("Out of memory error: ") + (temp.get() ? temp.get() : "no message"));
+ DDF out=DDF("exception").string(ex.toString().c_str());
+ DDFJanitor jout(out);
+ sink << out;
}
catch (const XMLToolingException& e) {
if (incomingError)
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/shibsp.rc shibboleth-sp-3.0.4+dfsg1/shibsp/shibsp.rc
--- shibboleth-sp-3.0.3+dfsg1/shibsp/shibsp.rc 2018-11-01 15:09:17.000000000 +0100
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/shibsp.rc 2019-03-08 16:09:43.000000000 +0100
@@ -64,7 +64,7 @@
VALUE "InternalName", "shibsp3_0\0"
#endif
#endif
- VALUE "LegalCopyright", "Copyright © 2018 UCAID\0"
+ VALUE "LegalCopyright", "Copyright 2019 UCAID\0"
VALUE "LegalTrademarks", "\0"
#ifdef SHIBSP_LITE
#ifdef _DEBUG
@@ -80,8 +80,8 @@
#endif
#endif
VALUE "PrivateBuild", "\0"
- VALUE "ProductName", "Shibboleth 3.0.3\0"
- VALUE "ProductVersion", "3, 0, 3, 0\0"
+ VALUE "ProductName", "Shibboleth 3.0.4\0"
+ VALUE "ProductVersion", "3, 0, 4, 0\0"
VALUE "SpecialBuild", "\0"
END
END
diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/version.h shibboleth-sp-3.0.4+dfsg1/shibsp/version.h
--- shibboleth-sp-3.0.3+dfsg1/shibsp/version.h 2018-10-12 20:06:42.000000000 +0200
+++ shibboleth-sp-3.0.4+dfsg1/shibsp/version.h 2019-03-08 16:09:43.000000000 +0100
@@ -44,7 +44,7 @@
#define SHIBSP_VERSION_MAJOR 3
#define SHIBSP_VERSION_MINOR 0
-#define SHIBSP_VERSION_REVISION 3
+#define SHIBSP_VERSION_REVISION 4
/** DO NOT MODIFY BELOW THIS LINE */
unblock shibboleth-sp/3.0.4+dfsg1-1
--- End Message ---