head 1.73;
access;
symbols
pkgsrc-2026Q1:1.71.0.2
pkgsrc-2026Q1-base:1.71
pkgsrc-2025Q4:1.68.0.2
pkgsrc-2025Q4-base:1.68
pkgsrc-2025Q3:1.65.0.4
pkgsrc-2025Q3-base:1.65
pkgsrc-2025Q2:1.65.0.2
pkgsrc-2025Q2-base:1.65
pkgsrc-2025Q1:1.61.0.2
pkgsrc-2025Q1-base:1.61
pkgsrc-2024Q4:1.59.0.2
pkgsrc-2024Q4-base:1.59
pkgsrc-2024Q3:1.55.0.4
pkgsrc-2024Q3-base:1.55
pkgsrc-2024Q2:1.55.0.2
pkgsrc-2024Q2-base:1.55
pkgsrc-2024Q1:1.53.0.2
pkgsrc-2024Q1-base:1.53
pkgsrc-2023Q4:1.52.0.2
pkgsrc-2023Q4-base:1.52
pkgsrc-2023Q3:1.50.0.4
pkgsrc-2023Q3-base:1.50
pkgsrc-2023Q2:1.50.0.2
pkgsrc-2023Q2-base:1.50
pkgsrc-2023Q1:1.48.0.2
pkgsrc-2023Q1-base:1.48
pkgsrc-2022Q4:1.47.0.2
pkgsrc-2022Q4-base:1.47
pkgsrc-2022Q3:1.46.0.6
pkgsrc-2022Q3-base:1.46
pkgsrc-2022Q2:1.46.0.4
pkgsrc-2022Q2-base:1.46
pkgsrc-2022Q1:1.46.0.2
pkgsrc-2022Q1-base:1.46
pkgsrc-2021Q4:1.45.0.2
pkgsrc-2021Q4-base:1.45
pkgsrc-2021Q3:1.43.0.4
pkgsrc-2021Q3-base:1.43
pkgsrc-2021Q2:1.43.0.2
pkgsrc-2021Q2-base:1.43
pkgsrc-2021Q1:1.42.0.2
pkgsrc-2021Q1-base:1.42
pkgsrc-2020Q4:1.41.0.4
pkgsrc-2020Q4-base:1.41
pkgsrc-2020Q3:1.41.0.2
pkgsrc-2020Q3-base:1.41
pkgsrc-2020Q2:1.40.0.2
pkgsrc-2020Q2-base:1.40
pkgsrc-2020Q1:1.38.0.2
pkgsrc-2020Q1-base:1.38
pkgsrc-2019Q4:1.35.0.4
pkgsrc-2019Q4-base:1.35
pkgsrc-2019Q3:1.34.0.2
pkgsrc-2019Q3-base:1.34
pkgsrc-2019Q2:1.31.0.2
pkgsrc-2019Q2-base:1.31
pkgsrc-2019Q1:1.30.0.2
pkgsrc-2019Q1-base:1.30
pkgsrc-2018Q4:1.29.0.2
pkgsrc-2018Q4-base:1.29
pkgsrc-2018Q3:1.28.0.2
pkgsrc-2018Q3-base:1.28
pkgsrc-2018Q2:1.26.0.2
pkgsrc-2018Q2-base:1.26
pkgsrc-2018Q1:1.25.0.2
pkgsrc-2018Q1-base:1.25
pkgsrc-2017Q4:1.24.0.6
pkgsrc-2017Q4-base:1.24
pkgsrc-2017Q3:1.24.0.4
pkgsrc-2017Q3-base:1.24
pkgsrc-2017Q2:1.23.0.2
pkgsrc-2017Q2-base:1.23
pkgsrc-2017Q1:1.22.0.2
pkgsrc-2017Q1-base:1.22
pkgsrc-2016Q4:1.20.0.2
pkgsrc-2016Q4-base:1.20
pkgsrc-2016Q3:1.19.0.6
pkgsrc-2016Q3-base:1.19
pkgsrc-2016Q2:1.19.0.4
pkgsrc-2016Q2-base:1.19
pkgsrc-2016Q1:1.19.0.2
pkgsrc-2016Q1-base:1.19
pkgsrc-2015Q4:1.18.0.2
pkgsrc-2015Q4-base:1.18
pkgsrc-2015Q3:1.17.0.4
pkgsrc-2015Q3-base:1.17
pkgsrc-2015Q2:1.17.0.2
pkgsrc-2015Q2-base:1.17
pkgsrc-2015Q1:1.16.0.4
pkgsrc-2015Q1-base:1.16
pkgsrc-2014Q4:1.16.0.2
pkgsrc-2014Q4-base:1.16
pkgsrc-2014Q3:1.15.0.2
pkgsrc-2014Q3-base:1.15
pkgsrc-2014Q2:1.14.0.4
pkgsrc-2014Q2-base:1.14
pkgsrc-2014Q1:1.14.0.2
pkgsrc-2014Q1-base:1.14
pkgsrc-2013Q4:1.13.0.2
pkgsrc-2013Q4-base:1.13
pkgsrc-2013Q3:1.11.0.2
pkgsrc-2013Q3-base:1.11
pkgsrc-2013Q2:1.8.0.4
pkgsrc-2013Q2-base:1.8
pkgsrc-2013Q1:1.8.0.2
pkgsrc-2013Q1-base:1.8
pkgsrc-2012Q4:1.7.0.2
pkgsrc-2012Q4-base:1.7
pkgsrc-2012Q3:1.5.0.2
pkgsrc-2012Q3-base:1.5
pkgsrc-2012Q2:1.4.0.8
pkgsrc-2012Q2-base:1.4
pkgsrc-2012Q1:1.4.0.6
pkgsrc-2012Q1-base:1.4
pkgsrc-2011Q4:1.4.0.4
pkgsrc-2011Q4-base:1.4
pkgsrc-2011Q3:1.4.0.2
pkgsrc-2011Q3-base:1.4
pkgsrc-2011Q2:1.2.0.2
pkgsrc-2011Q2-base:1.2
pkgsrc-2011Q1:1.1.1.1.0.2
pkgsrc-2011Q1-base:1.1.1.1
pkgsrc-base:1.1.1.1
TNF:1.1.1;
locks; strict;
comment @# @;
1.73
date 2026.05.15.09.59.02; author adam; state Exp;
branches;
next 1.72;
commitid AbaMQjZsFUtxxTFG;
1.72
date 2026.05.14.16.42.23; author ryoon; state Exp;
branches;
next 1.71;
commitid tKipFjQKzke3NNFG;
1.71
date 2026.02.06.10.06.11; author wiz; state Exp;
branches;
next 1.70;
commitid MwQEYCXeWSFvIitG;
1.70
date 2026.02.05.01.30.50; author perseant; state Exp;
branches;
next 1.69;
commitid YIoAQDg9jeMnT7tG;
1.69
date 2026.01.07.08.49.25; author wiz; state Exp;
branches;
next 1.68;
commitid 1wQ3ICD8eebefrpG;
1.68
date 2025.12.18.00.19.07; author wiz; state Exp;
branches;
next 1.67;
commitid jRNA3UnEwaWC5PmG;
1.67
date 2025.10.05.19.26.28; author js; state Exp;
branches;
next 1.66;
commitid U70EDQkwOmfbOpdG;
1.66
date 2025.09.27.09.57.39; author wiz; state Exp;
branches;
next 1.65;
commitid GSXfRJoW2938VkcG;
1.65
date 2025.04.23.18.55.16; author perseant; state Exp;
branches;
next 1.64;
commitid xEX0nnK7BxzGWcSF;
1.64
date 2025.04.21.21.10.48; author perseant; state Exp;
branches;
next 1.63;
commitid J6mlZQD2nn9eLXRF;
1.63
date 2025.04.19.07.58.34; author wiz; state Exp;
branches;
next 1.62;
commitid 8J0gu7BGAw8XqDRF;
1.62
date 2025.04.17.21.52.52; author wiz; state Exp;
branches;
next 1.61;
commitid xcIXAVA292fk6sRF;
1.61
date 2025.03.03.20.29.32; author wiz; state Exp;
branches;
next 1.60;
commitid jA9ydR42LZwJ6FLF;
1.60
date 2024.12.29.15.10.01; author adam; state Exp;
branches;
next 1.59;
commitid oeKjyQMgtu2FopDF;
1.59
date 2024.11.14.22.22.11; author wiz; state Exp;
branches;
next 1.58;
commitid JmuDYqwL4erbdFxF;
1.58
date 2024.11.01.12.54.56; author wiz; state Exp;
branches;
next 1.57;
commitid QB4Wk02mZPuBuWvF;
1.57
date 2024.11.01.00.54.09; author wiz; state Exp;
branches;
next 1.56;
commitid QT27BdVP362gvSvF;
1.56
date 2024.10.04.03.49.36; author ryoon; state Exp;
branches;
next 1.55;
commitid W6qyL3zvAllroisF;
1.55
date 2024.05.29.16.34.56; author adam; state Exp;
branches;
next 1.54;
commitid n8aFyEjEVZA0JUbF;
1.54
date 2024.05.16.06.15.43; author wiz; state Exp;
branches;
next 1.53;
commitid kYKPUni8AkogJbaF;
1.53
date 2023.12.29.18.25.00; author adam; state Exp;
branches;
next 1.52;
commitid CbzM4kTH4d8WeoSE;
1.52
date 2023.11.08.13.21.23; author wiz; state Exp;
branches;
next 1.51;
commitid PsuHTklAIsF4bOLE;
1.51
date 2023.10.24.22.11.33; author wiz; state Exp;
branches;
next 1.50;
commitid MTsrqKm6aGrQAVJE;
1.50
date 2023.04.23.14.26.33; author adam; state Exp;
branches;
next 1.49;
commitid Laj8GRA8jxylXemE;
1.49
date 2023.04.19.08.11.51; author adam; state Exp;
branches;
next 1.48;
commitid B8gCWhWtMX9vZGlE;
1.48
date 2023.01.22.16.28.39; author ryoon; state Exp;
branches;
next 1.47;
commitid aiP40A5zgFwvyyaE;
1.47
date 2022.10.26.10.32.06; author wiz; state Exp;
branches;
next 1.46;
commitid PVFjlIYUKslkpdZD;
1.46
date 2022.01.10.01.46.46; author ryoon; state Exp;
branches;
next 1.45;
commitid Cj0KeHK24VPiN1oD;
1.45
date 2021.12.08.16.07.00; author adam; state Exp;
branches;
next 1.44;
commitid 2PyWjHx5T8rqARjD;
1.44
date 2021.09.29.19.01.29; author adam; state Exp;
branches;
next 1.43;
commitid WsBUbBM52TSePSaD;
1.43
date 2021.04.21.13.25.31; author adam; state Exp;
branches;
next 1.42;
commitid RAyVO2K5RkoQ8aQC;
1.42
date 2021.01.01.08.24.58; author ryoon; state Exp;
branches;
next 1.41;
commitid slfyvXkOfADi10CC;
1.41
date 2020.07.16.14.49.13; author perseant; state Exp;
branches;
next 1.40;
commitid V0c8umcmon2izjgC;
1.40
date 2020.05.22.10.56.46; author adam; state Exp;
branches;
next 1.39;
commitid m1Z0QPvTTTWz3e9C;
1.39
date 2020.05.06.14.05.07; author adam; state Exp;
branches;
next 1.38;
commitid dLR3o37Fk2B5Cb7C;
1.38
date 2020.03.08.16.51.39; author wiz; state Exp;
branches;
next 1.37;
commitid rcNYzTQo8icypCZB;
1.37
date 2020.01.18.21.51.11; author jperkin; state Exp;
branches;
next 1.36;
commitid JW4hJgY8ZdoTFdTB;
1.36
date 2020.01.12.20.20.49; author ryoon; state Exp;
branches;
next 1.35;
commitid 5tyaDUwPevcZnrSB;
1.35
date 2019.11.04.22.10.15; author rillig; state Exp;
branches;
next 1.34;
commitid 3HKsGoZT17shdAJB;
1.34
date 2019.08.22.12.23.55; author ryoon; state Exp;
branches;
next 1.33;
commitid UuiyQ10Dn9Rtl1AB;
1.33
date 2019.07.20.22.46.56; author wiz; state Exp;
branches;
next 1.32;
commitid dMrQLvIeoazTQPvB;
1.32
date 2019.07.01.04.08.54; author ryoon; state Exp;
branches;
next 1.31;
commitid qsMjwmrvOSh6hitB;
1.31
date 2019.05.23.19.23.21; author rillig; state Exp;
branches;
next 1.30;
commitid aWlQW8HYUUFCAmoB;
1.30
date 2019.01.24.16.46.21; author perseant; state Exp;
branches;
next 1.29;
commitid Gd8QS2dAuevfy39B;
1.29
date 2018.12.13.19.52.26; author adam; state Exp;
branches;
next 1.28;
commitid XjJhLcEnCzYFVF3B;
1.28
date 2018.08.16.18.55.16; author adam; state Exp;
branches;
next 1.27;
commitid myXuojHMA7ifrnOA;
1.27
date 2018.07.04.13.40.42; author jperkin; state Exp;
branches;
next 1.26;
commitid NnIyRkdX3Lbg3PIA;
1.26
date 2018.04.29.21.32.08; author adam; state Exp;
branches;
next 1.25;
commitid QKwzJtFzAE0cOnAA;
1.25
date 2018.01.01.21.18.56; author adam; state Exp;
branches;
next 1.24;
commitid VDVceOVT4khVwdlA;
1.24
date 2017.08.24.20.03.43; author adam; state Exp;
branches;
next 1.23;
commitid SAladHuASDqXhv4A;
1.23
date 2017.04.30.01.22.03; author ryoon; state Exp;
branches;
next 1.22;
commitid 1A40BlmMDYkiOuPz;
1.22
date 2017.01.20.16.01.32; author jperkin; state Exp;
branches;
next 1.21;
commitid fwhGxaeIBBuRTICz;
1.21
date 2017.01.01.16.06.39; author adam; state Exp;
branches;
next 1.20;
commitid jkBZ9Kd0NEyexhAz;
1.20
date 2016.10.07.18.26.13; author adam; state Exp;
branches;
next 1.19;
commitid WWBLkSP9Isuv4fpz;
1.19
date 2016.03.05.11.29.39; author jperkin; state Exp;
branches;
next 1.18;
commitid 1LoxeQftu903HrXy;
1.18
date 2015.10.23.07.35.07; author pettai; state Exp;
branches;
next 1.17;
commitid exDx4yoYwWSiHcGy;
1.17
date 2015.04.17.15.53.16; author adam; state Exp;
branches;
next 1.16;
commitid kz5n0nxJowLkyXhy;
1.16
date 2014.11.07.19.39.42; author adam; state Exp;
branches;
next 1.15;
commitid pQm2t4q4dGiUYhXx;
1.15
date 2014.08.13.10.57.38; author adam; state Exp;
branches;
next 1.14;
commitid gRbzkcFp9YSgRbMx;
1.14
date 2014.02.12.23.18.47; author tron; state Exp;
branches;
next 1.13;
commitid dfJj7CwMMWJzNRox;
1.13
date 2013.11.20.20.04.40; author adam; state Exp;
branches;
next 1.12;
commitid Gauqi3E52ih3r3ex;
1.12
date 2013.11.20.13.23.46; author obache; state Exp;
branches;
next 1.11;
commitid 0PfSIScIfaHid1ex;
1.11
date 2013.09.21.22.16.41; author pettai; state Exp;
branches;
next 1.10;
commitid MFqmXSBIr5Mi4m6x;
1.10
date 2013.09.20.23.11.01; author joerg; state Exp;
branches;
next 1.9;
commitid Jp5mYu0D7Ykwqe6x;
1.9
date 2013.09.10.11.44.15; author obache; state Exp;
branches;
next 1.8;
commitid 5HDMIsT1U7BNWS4x;
1.8
date 2013.02.06.23.24.04; author jperkin; state Exp;
branches;
next 1.7;
1.7
date 2012.12.16.01.52.39; author obache; state Exp;
branches;
next 1.6;
1.6
date 2012.10.28.06.31.04; author asau; state Exp;
branches;
next 1.5;
1.5
date 2012.07.01.01.33.13; author dholland; state Exp;
branches;
next 1.4;
1.4
date 2011.07.28.23.16.24; author pettai; state Exp;
branches;
next 1.3;
1.3
date 2011.07.27.22.33.26; author pettai; state Exp;
branches;
next 1.2;
1.2
date 2011.04.22.13.45.00; author obache; state Exp;
branches;
next 1.1;
1.1
date 2011.03.15.13.15.37; author pettai; state Exp;
branches
1.1.1.1;
next ;
1.1.1.1
date 2011.03.15.13.15.37; author pettai; state Exp;
branches;
next ;
desc
@@
1.73
log
@revbump for boost-libs
@
text
@# $NetBSD: Makefile,v 1.72 2026/05/14 16:42:23 ryoon Exp $
DISTNAME= shibboleth-sp-3.5.2
PKGREVISION=
PKGREVISION= 3
CATEGORIES= www
MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PKGVERSION_NOREV}/
MAINTAINER= pkgsrc-users@@NetBSD.org
HOMEPAGE= http://shibboleth.net/
COMMENT= Shibboleth2 Service Provider
LICENSE= apache-2.0
BUILD_DEFS+= VARBASE
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --with-xmltooling=${PREFIX}
CONFIGURE_ARGS+= --localstatedir=${VARBASE}
CONFIGURE_ARGS+= --with-boost=${BUILDLINK_PREFIX.boost-libs}
USE_TOOLS+= pkg-config
EGDIR= ${PREFIX}/share/examples/shibboleth
SHIB_CONFDIR= ${PKG_SYSCONFDIR}/shibboleth
USE_LIBTOOL= yes
USE_LANGUAGES= c c++11
CFLAGS.SunOS+= -fpermissive
RCD_SCRIPTS= shibd
APACHE_MODULE= YES
PLIST_SUBST+= PKG_APACHE_NUM=${PKG_APACHE:S/apache//}
SUBST_CLASSES+= paths
SUBST_FILES.paths= configs/Makefile.in
SUBST_FILES.paths+= configs/keygen.sh
SUBST_STAGE.paths= pre-configure
SUBST_VARS.paths= EGDIR
SUBST_VARS.paths+= SHIB_CONFDIR
REPLACE_BASH= configs/metagen.sh
CONF_FILES= ${EGDIR}/console.logger \
${SHIB_CONFDIR}/console.logger
CONF_FILES+= ${EGDIR}/native.logger \
${SHIB_CONFDIR}/native.logger
CONF_FILES+= ${EGDIR}/shibd.logger \
${SHIB_CONFDIR}/shibd.logger
CONF_FILES+= ${EGDIR}/shibboleth2.xml \
${SHIB_CONFDIR}/shibboleth2.xml
CONF_FILES+= ${EGDIR}/attribute-map.xml \
${SHIB_CONFDIR}/attribute-map.xml
CONF_FILES+= ${EGDIR}/attribute-policy.xml \
${PKG_SYSCONFDIR}/attribute-policy.xml
CONF_FILES+= ${EGDIR}/protocols.xml \
${SHIB_CONFDIR}/protocols.xml
CONF_FILES+= ${EGDIR}/security-policy.xml \
${SHIB_CONFDIR}/security-policy.xml
CONF_FILES+= ${EGDIR}/sessionError.html \
${SHIB_CONFDIR}/sessionError.html
CONF_FILES+= ${EGDIR}/metadataError.html \
${SHIB_CONFDIR}/metadataError.html
CONF_FILES+= ${EGDIR}/bindingTemplate.html \
${SHIB_CONFDIR}/bindingTemplate.html
CONF_FILES+= ${EGDIR}/discoveryTemplate.html \
${SHIB_CONFDIR}/discoveryTemplate.html
CONF_FILES+= ${EGDIR}/postTemplate.html \
${SHIB_CONFDIR}/postTemplate.html
CONF_FILES+= ${EGDIR}/localLogout.html \
${SHIB_CONFDIR}/localLogout.html
CONF_FILES+= ${EGDIR}/globalLogout.html \
${SHIB_CONFDIR}/globalLogout.html
CONF_FILES+= ${EGDIR}/partialLogout.html \
${SHIB_CONFDIR}/partialLogout.html
CONF_FILES+= ${EGDIR}/sslError.html \
${SHIB_CONFDIR}/sslError.html
INSTALLATION_DIRS+= ${PREFIX}/bin ${PREFIX}/sbin
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/attribute/resolver
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/binding
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/handler
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/lite
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/metadata
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/remoting
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/security
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/util
INSTALLATION_DIRS+= ${PREFIX}/share/doc/shibboleth-${PKGVERSION_NOREV}
INSTALLATION_DIRS+= ${PREFIX}/share/doc/shibboleth-${PKGVERSION_NOREV}/api
INSTALLATION_DIRS+= ${PREFIX}/share/xml/shibboleth
INSTALLATION_DIRS+= ${PREFIX}/lib/shibboleth
INSTALLATION_DIRS+= ${EGDIR} ${SHIB_CONFDIR}
OWN_DIRS+= ${VARBASE}/log/shibboleth
post-install:
${INSTALL} ${WRKSRC}/configs/keygen.sh \
${DESTDIR}${PREFIX}/sbin/shib-keygen
${INSTALL} ${WRKSRC}/configs/metagen.sh \
${DESTDIR}${PREFIX}/bin/shib-metagen
.include "../../devel/boost-libs/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../devel/boost-headers/buildlink3.mk"
.include "../../devel/log4shib/buildlink3.mk"
.include "../../textproc/xerces-c/buildlink3.mk"
.include "../../security/xml-security-c/buildlink3.mk"
.include "../../textproc/xmltooling/buildlink3.mk"
.include "../../security/opensaml/buildlink3.mk"
.include "../../www/curl/buildlink3.mk"
.include "../../mk/apache.mk"
.include "../../mk/bsd.pkg.mk"
@
1.72
log
@*: Recursive revbump from security/nettle-4.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.71 2026/02/06 10:06:11 wiz Exp $
d5 1
a5 1
PKGREVISION= 2
@
1.71
log
@*: recursive bump for nettle 4.0 shlib major bump
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.70 2026/02/05 01:30:50 perseant Exp $
d5 1
a5 1
PKGREVISION= 1
@
1.70
log
@Upgrade the Shibboleth SP software to version 3.5.2.
The Shibboleth release notes, edited to remove references to specific package systems, are as follows:
==============================================================================
3.5.2 (December 16, 2025)
This is a patch release to work around an apparent bug causing instability in the libmemcached library when using the memcache storage feature with keys containing whitespace. There are no other code changes in this release, so those not using the memcache feature (which is rarely part of most modern packages) are not impacted.
3.5.1 (September 3, 2025)
This is a patch release to address a security vulnerability [https://shibboleth.net/community/advisories/secadv_20250903.txt] in the ODBC storage plugin/extension. There are no other intended changes apart from versioning in logs, but an issue that has arisen pertains to how to container deployments.
If your container design does not rely on either systemd or init.d to launch shibd, then your container is responsible for ensuring that certain runtime directories are created. For an RPM install, this is now documented at RPMInstall [https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335566] in the After Installation section.
If you install the SP from source without including any systemd dependencies, then at present you would need to manually create /var/run/shibboleth in your container prior to running shibd.
3.5.0.2 (March 18, 2025)
This is a service release that corrects an oversight that caused the updated OpenSAML library to log the older version when initializing. It is cosmetic/clarifying only and does not otherwise change the fix so updating from 3.5.0.1 is purely optional.
==============================================================================
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.69 2026/01/07 08:49:25 wiz Exp $
d5 1
@
1.69
log
@*: recursive bump for icu 78.1
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.68 2025/12/18 00:19:07 wiz Exp $
d3 2
a4 2
DISTNAME= shibboleth-sp-3.5.0
PKGREVISION= 4
@
1.68
log
@shibboleth-sp: fix build with NetBSD 11's sh(1)
Fix some pkglint while here.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.67 2025/10/05 19:26:28 js Exp $
d4 1
a4 1
PKGREVISION= 3
@
1.67
log
@*: rev bump for curl
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.66 2025/09/27 09:57:39 wiz Exp $
d18 1
d36 2
a37 2
SUBST_FILES.paths= ${WRKSRC}/configs/Makefile.in
SUBST_FILES.paths+= ${WRKSRC}/configs/keygen.sh
@
1.66
log
@*: recursive bump for boost 1.89
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.65 2025/04/23 18:55:16 perseant Exp $
d4 1
a4 1
PKGREVISION= 2
@
1.65
log
@Version bump for textproc/xmltoolong-3.3.0.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.64 2025/04/21 21:10:48 perseant Exp $
d4 1
a4 1
PKGREVISION= 1
@
1.64
log
@Upgrade the Shibboleth SP software to version 3.5.0[.1], to address the recent
critical security issue in the OpenSAML library. The Shibboleth release notes,
edited to remove references to specific package systems, are as follows:
========================================================================
3.5.0.1 (March 13, 2025)
This is a service release to deliver the OpenSAML 3.3.1 library update, which addresses a critical vulnerability in the SP software. [ https://shibboleth.net/community/advisories/secadv_20250313.txt ]
3.5.0 (October 16, 2024)
This is a small update to address a few bugs, update a number of libraries, and implement a correction to the default signing algorithm used when issuing signed requests via the SAML POST binding. This was inadvertently still defaulting to RSA-SHA1 and should have been using RSA-SHA256. There is the unlikely possibility of this causing interoperability issues with badly out of date Identity Providers, so is another reason for releasing it as a minor update. Those impacted are free to override the signing algorithm as documented.
This release is accompanied by an update to Xerces-C V3.3.0, OpenSAML V3.3.0, and a new fork of the now-retired Santuatio XML-Security library which has been maintained by the project for many years and is now a local fork of that code with large portions removed, released as V3.0.0.
3.4.1 (January 10, 2023)
This is a small patch to address a few bugs, in particular:
Reinforcing the xmltooling library (V3.2.3, included in this Windows release) to block an unnecessary XML Encryption construct, related to the advisory issued for the IdP recently. The SP is not believed to be vulnerable, but this is a defensive measure.
A warning has been added to the log when systems do not configure an explicit value for the redirectLimit setting. The default for this setting remains liberal for compatibility, so the warning was requested to highlight that fact.
3.4.0 (November 3, 2022)
This is a minor update containing a new setting suggested by a contributor (thus the unplanned minor version change) controlling retries when TCP connections to shibd are used. The other changes are minimal in nature.
3.3.0 (November 30, 2021)
This is a minor update that contains a small number of fixes, one small feature addition, and a number of additional deprecation warnings for at risk features. This version also introduces changes to the supported platforms and to the packaging process.
This is expected to be the final feature update to the SP in its current form with the project's focus shifting to radical redesign.
Deprecations
Deprecations are now handled with a common "Shibboleth.DEPRECATION" logging category for easier identification.
While deprecating a feature does not guarantee it will be removed and not deprecating something does not guarantee its continued support, we have tried to identify the most likely features that are at risk during the redesign process that will occur before a V4 is available.
3.2.3 (July 6, 2021)
This is a patch update that fixes a regression in the RequestMap implementation introduced in V3.2.0. Earlier versions are not impacted by this bug but are of course subject to critical vulnerabilities so this is now the only safe version to use.
3.2.2 (April 25, 2021)
This is a patch update that fixes a couple of bugs and addresses the security vulnerability described in this advisory. [ https://shibboleth.net/community/advisories/secadv_20210426.txt ]
3.2.1 (March 16, 2021)
This is a patch update that fixes a couple of bugs and addresses the security vulnerability described in this advisory. [ https://shibboleth.net/community/advisories/secadv_20210317.txt ]
3.2.0 (December 14, 2020)
This is a minor update that includes some minimal new functionality and addresses some bugs.
Changes to Defaults
The shipped default for the handlerSSL and cookieProps settings (see Sessions) is now to assume use of TLS because of the problems combining use of insecure cookies with SameSite. Upgrades are not impacted by this change, but all deployments will encounter problems going forward without TLS due to browser changes.
A few configuration settings have been renamed as part of the project's broader push to eliminate insensitive language from the code and some new deprecation warnings may be observed.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.63 2025/04/19 07:58:34 wiz Exp $
d4 1
a4 1
PKGREVISION=
@
1.63
log
@*: recursive bump for default Kerberos implementation switch
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.62 2025/04/17 21:52:52 wiz Exp $
d3 2
a4 2
DISTNAME= shibboleth-sp-3.1.0
PKGREVISION= 21
@
1.62
log
@*: recursive bump for icu 77 and libxml2 2.14
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.61 2025/03/03 20:29:32 wiz Exp $
d4 1
a4 1
PKGREVISION= 20
@
1.61
log
@*: reset MAINTAINER
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.60 2024/12/29 15:10:01 adam Exp $
d4 1
a4 1
PKGREVISION= 19
@
1.60
log
@revbump after updating boost
@
text
@d1 1
a1 2
# $NetBSD: Makefile,v 1.59 2024/11/14 22:22:11 wiz Exp $
#
a3 1
PKGREVISION=
d8 1
a8 1
MAINTAINER= pettai@@NetBSD.org
@
1.59
log
@*: recursive bump for icu 76 shlib major version bump
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.58 2024/11/01 12:54:56 wiz Exp $
d6 1
a6 1
PKGREVISION= 18
@
1.58
log
@*: revbump for icu downgrade
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.57 2024/11/01 00:54:09 wiz Exp $
d6 1
a6 1
PKGREVISION= 17
@
1.57
log
@*: recursive bump for icu 76.1 shlib bump
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.56 2024/10/04 03:49:36 ryoon Exp $
d6 1
a6 1
PKGREVISION= 16
@
1.56
log
@*: Recursive revbump from Boost 1.86.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.55 2024/05/29 16:34:56 adam Exp $
d6 1
a6 1
PKGREVISION= 15
@
1.55
log
@revbump after icu and protobuf updates
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.54 2024/05/16 06:15:43 wiz Exp $
d6 1
a6 1
PKGREVISION= 14
@
1.54
log
@*: recursive bump for gnutls p11-kit option
(existing installations need the bl3.mk included, but it's now only
optionally included)
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.53 2023/12/29 18:25:00 adam Exp $
d6 1
a6 1
PKGREVISION= 13
@
1.53
log
@revbump for boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.52 2023/11/08 13:21:23 wiz Exp $
d6 1
a6 1
PKGREVISION= 12
@
1.52
log
@*: recursive bump for icu 74.1
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.51 2023/10/24 22:11:33 wiz Exp $
d6 1
a6 1
PKGREVISION= 11
@
1.51
log
@*: bump for openssl 3
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.50 2023/04/23 14:26:33 adam Exp $
d6 1
a6 1
PKGREVISION= 10
@
1.50
log
@revbump for boost
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.49 2023/04/19 08:11:51 adam Exp $
d6 1
a6 1
PKGREVISION= 9
@
1.49
log
@revbump after textproc/icu update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.48 2023/01/22 16:28:39 ryoon Exp $
d6 1
a6 1
PKGREVISION= 8
@
1.48
log
@*: Recursive revbump from Boost 1.81.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.47 2022/10/26 10:32:06 wiz Exp $
d6 1
a6 1
PKGREVISION= 7
@
1.47
log
@*: bump PKGREVISION for libunistring shlib major bump
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.46 2022/01/10 01:46:46 ryoon Exp $
d6 1
a6 1
PKGREVISION= 6
@
1.46
log
@*: Recursive revbump from boost 1.78.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.45 2021/12/08 16:07:00 adam Exp $
d6 1
a6 1
PKGREVISION= 5
@
1.45
log
@revbump for icu and libffi
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.44 2021/09/29 19:01:29 adam Exp $
d6 1
a6 1
PKGREVISION= 4
@
1.44
log
@revbump for boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.43 2021/04/21 13:25:31 adam Exp $
d6 1
a6 1
PKGREVISION= 3
@
1.43
log
@revbump for boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.42 2021/01/01 08:24:58 ryoon Exp $
d6 1
a6 1
PKGREVISION= 2
@
1.42
log
@*: Recursive revbump from boost-1.75.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.41 2020/07/16 14:49:13 perseant Exp $
d6 1
a6 1
PKGREVISION= 1
@
1.41
log
@Update to Shibboleth SP 3.1.0. Fixes PR pkg/54639.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.40 2020/05/22 10:56:46 adam Exp $
d6 1
@
1.40
log
@revbump after updating security/nettle
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.39 2020/05/06 14:05:07 adam Exp $
d4 2
a5 2
DISTNAME= shibboleth-sp-2.5.5
PKGREVISION= 17
d7 1
a7 1
MASTER_SITES= http://www.shibboleth.net/downloads/service-provider/${PKGVERSION_NOREV}/
d19 1
a49 2
CONF_FILES+= ${EGDIR}/syslog.logger \
${SHIB_CONFDIR}/syslog.logger
a59 2
CONF_FILES+= ${EGDIR}/accessError.html \
${SHIB_CONFDIR}/accessError.html
@
1.39
log
@revbump after boost update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.38 2020/03/08 16:51:39 wiz Exp $
d5 1
a5 1
PKGREVISION= 16
@
1.38
log
@*: recursive bump for libffi
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.37 2020/01/18 21:51:11 jperkin Exp $
d5 1
a5 1
PKGREVISION= 15
@
1.37
log
@*: Recursive revision bump for openssl 1.1.1.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.36 2020/01/12 20:20:49 ryoon Exp $
d5 1
a5 1
PKGREVISION= 14
@
1.36
log
@*: Recursive revbump from devel/boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.35 2019/11/04 22:10:15 rillig Exp $
d5 1
a5 1
PKGREVISION= 13
@
1.35
log
@www: align variable assignments
pkglint -Wall -F --only aligned --only indent -r
Manually excluded phraseanet since pkglint got the indentation wrong.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.34 2019/08/22 12:23:55 ryoon Exp $
d5 1
a5 1
PKGREVISION= 12
@
1.34
log
@Recursive revbump from boost-1.71.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.33 2019/07/20 22:46:56 wiz Exp $
d16 1
a16 1
GNU_CONFIGURE= yes
@
1.33
log
@*: recursive bump for nettle 3.5.1
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.32 2019/07/01 04:08:54 ryoon Exp $
d5 1
a5 1
PKGREVISION= 11
@
1.32
log
@Recursive revbump from boost-1.70.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.31 2019/05/23 19:23:21 rillig Exp $
d5 1
a5 1
PKGREVISION= 10
@
1.31
log
@all: replace SUBST_SED with the simpler SUBST_VARS
pkglint -Wall -r --only "substitution command" -F
With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.30 2019/01/24 16:46:21 perseant Exp $
d5 1
a5 1
PKGREVISION= 9
@
1.30
log
@Make packages build again. Partially addresses PR pkg/52851.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.29 2018/12/13 19:52:26 adam Exp $
d38 2
a39 2
SUBST_SED.paths= -e 's,@@EGDIR@@,${EGDIR},'
SUBST_SED.paths+= -e 's,@@SHIB_CONFDIR@@,${SHIB_CONFDIR},'
@
1.29
log
@revbump for boost 1.69.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.28 2018/08/16 18:55:16 adam Exp $
d24 1
a24 1
USE_LANGUAGES= c c++
@
1.28
log
@revbump after boost-libs update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.27 2018/07/04 13:40:42 jperkin Exp $
d5 1
a5 1
PKGREVISION= 8
@
1.27
log
@*: Move SUBST_STAGE from post-patch to pre-configure
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.26 2018/04/29 21:32:08 adam Exp $
d5 1
a5 1
PKGREVISION= 7
@
1.26
log
@revbump for boost-libs update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.25 2018/01/01 21:18:56 adam Exp $
d37 1
a37 1
SUBST_STAGE.paths= post-patch
@
1.25
log
@Revbump after boost update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.24 2017/08/24 20:03:43 adam Exp $
d5 1
a5 1
PKGREVISION= 6
@
1.24
log
@Revbump for boost update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.23 2017/04/30 01:22:03 ryoon Exp $
d5 1
a5 1
PKGREVISION= 5
@
1.23
log
@Recursive revbump from boost update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.22 2017/01/20 16:01:32 jperkin Exp $
d5 1
a5 1
PKGREVISION= 4
@
1.22
log
@Fix build on SunOS.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.21 2017/01/01 16:06:39 adam Exp $
d5 1
a5 1
PKGREVISION= 3
@
1.21
log
@Revbump after boost update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.20 2016/10/07 18:26:13 adam Exp $
d26 2
@
1.20
log
@Revbump post boost update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.19 2016/03/05 11:29:39 jperkin Exp $
d5 1
a5 1
PKGREVISION= 2
@
1.19
log
@Bump PKGREVISION for security/openssl ABI bump.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.18 2015/10/23 07:35:07 pettai Exp $
d5 1
a5 1
PKGREVISION= 1
@
1.18
log
@Version 2.5.5
Bug:
* [SSPCPP-656] - NameID insert logic appears wrong for ODBC Session store
* [SSPCPP-657] - Update Windows libraries
* [SSPCPP-663] - BOOST autoconf macros break with gcc5
* [SSPCPP-665] - Use of systemd breaks on reboot due to disappearance of /run/shibboleth
Improvement:
* [SSPCPP-654] - Move fork wait timeout from init script to sysconfig
Task:
* [SSPCPP-661] - Preparation of 2.5.5 release
* [SSPCPP-662] - Set AllowSameVersionUpgrades to 'yes'
Version 2.5.4
Bug:
* [SSPCPP-612] - Old DiscoveryFeed cache files are not correctly removed
* [SSPCPP-616] - SP does not build with C++11
* [SSPCPP-621] - log4shib. RemoteSyslogAppender doesn't work in debian.
* [SSPCPP-623] - Attribute mapper interprets attribute name with leading/trailing whitespace
* [SSPCPP-624] - Trailing whitespace in authnContextClassRef attribute parsed incorrectly
* [SSPCPP-627] - SyslogAppender is not working on windows
* [SSPCPP-646] - When triggered by file size limit, native.log does not rotate correctly and logs are missing
Improvement:
* [SSPCPP-618] - Add support for Amazon Linux 2014.3 via attached patch
* [SSPCPP-629] - attribute-map.xml missing "uid" attribute (eduPerson)
* [SSPCPP-645] - Adjust ownership of /var/cache/shibboleth in the init script of RPM-based Linux distributions
* [SSPCPP-647] - consider not permitting RC4 on back channel queries
Task:
* [SSPCPP-644] - Release log4shib 1.0.9
* [SSPCPP-648] - Release process for 2.5.4
Version 2.5.3
Bug:
* [SSPCPP-578] - Example Apache config uses require valid-user
* [SSPCPP-580] - FastCGI programs use libxmltooling but don't link with it
* [SSPCPP-584] - Limit on preserved POST data size is not enforced
* [SSPCPP-585] - POST data replay in Firefox fails if data contains key "submit"
* [SSPCPP-589] - Relative paths in Shibboleth XML catalogs are resolved against /usr/share/xml/opensaml
* [SSPCPP-595] - postTemplat.html form submission bug
* [SSPCPP-596] - Red Hat init script produces spurious restorecon warning at startup
* [SSPCPP-603] - Directory Indexes don't work when using file-based basic auth (ShibCompatValidUser is On)
Documentation:
* [SSPCPP-591] - Errors partialLogout attribute not documented
Improvement:
* [SSPCPP-598] - Dynamic metadata provider in SP should avoid unmarshalling non-EntityDescriptor results
* [SSPCPP-605] - Rephrase error log lines for AuthnFailed responses
Task:
* [SSPCPP-609] - Release of 2.5.3
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.17 2015/04/17 15:53:16 adam Exp $
d5 1
@
1.17
log
@Revbump after updating devel/boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.16 2014/11/07 19:39:42 adam Exp $
d4 1
a4 2
DISTNAME= shibboleth-sp-2.5.2
PKGREVISION= 6
d29 2
@
1.16
log
@Revbump after updating boost
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.15 2014/08/13 10:57:38 adam Exp $
d5 1
a5 1
PKGREVISION= 5
@
1.15
log
@Revbump after boost-libs update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.14 2014/02/12 23:18:47 tron Exp $
d5 1
a5 1
PKGREVISION= 4
@
1.14
log
@Recursive PKGREVISION bump for OpenSSL API version bump.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.13 2013/11/20 20:04:40 adam Exp $
d5 1
a5 1
PKGREVISION= 3
@
1.13
log
@Revbump after updating devel/boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.12 2013/11/20 13:23:46 obache Exp $
d5 1
a5 1
PKGREVISION= 2
@
1.12
log
@recursive bump from boost-lib shlib major bump.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.11 2013/09/21 22:16:41 pettai Exp $
d5 1
a5 1
PKGREVISION= 1
@
1.11
log
@2.5.2:
Bugfixes
[SSPCPP-543] - AttributeExtractor fails to deal with multiple Logos
[SSPCPP-547] - Encoding problem with Metadata Attribute Extractor
[SSPCPP-549] - Shiboleth SP 2.5.1 breaks Apache 2.4.3's error pages
[SSPCPP-550] - Problems with native.log file rotation
[SSPCPP-551] - DiscoFeed Content-Type header lacks charset
[SSPCPP-552] - Solaris TCP Listener code is broken
[SSPCPP-568] - Unattended install pegs the CPU and never completes
[SSPCPP-569] - native log files not closed at/before CGI exec
[SSPCPP-570] - mod_shib takes over valid-user for entire server
[SSPCPP-573] - ShibDisable on breaks basic auth valid user
[SSPCPP-575] - Source build w/memcached and/or fastcgi support fails
[SSPCPP-579] - Internal stack overflow in log4shib
Improvements
[SSPCPP-493] - Default allow access to Shibboleth.sso by default in shibd.conf
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
2.5.1:
Bugfixes
[SSPCPP-409] - Shibboleth2.xml - undefined InProcess/OutOfProcess means no shibd.log/native.log
[SSPCPP-490] - CLang build issue with stream operator overload
[SSPCPP-492] - SP Release 2.5.0 does not compile with xml-security-c versions prior to 1.7.0
[SSPCPP-495] - Warning Shibboleth.PropertySet : load() skipping duplicate property set:
[SSPCPP-499] - Fresh Installation on Windows XP fails after service daemon fails to start
[SSPCPP-500] - configure fails against Apache 2.4
[SSPCPP-502] - Apache 2.4 post_read hook isn't run on subrequests, breaks module
[SSPCPP-504] - ScopedAttributeDecoder fails on non-ascii chars?
[SSPCPP-505] - shibd on Windows missing a version option
[SSPCPP-507] - Insert record failed Violation of PRIMARY KEY constraint with ODBC plugin
[SSPCPP-510] - Installer scripts (particularly the uninstall ones) should fail safe
[SSPCPP-514] - FCGI responder stdin buffer missing termination
[SSPCPP-516] - apache24.config missing from makefile target
[SSPCPP-518] - Incorrect requireLogoutWith redirection if the original URL has query string
[SSPCPP-519] - Shorthand SSO/Logout syntax not working with policyId setting
[SSPCPP-521] - Schemas are not being edited on Windows Installation
[SSPCPP-522] - Transform resolver echoes source string when match fails
[SSPCPP-526] - Transaction log crashes on SOAP-based logout
[SSPCPP-527] - Add ignoreNoPassive attribute to SSO element
[SSPCPP-540] - ISAPI header detection code is prone to false alarms
Improvements
[SSPCPP-402] - Support front-channel SLO without cookies
[SSPCPP-447] - Extension of consistentAddress for IPv6
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
[SSPCPP-517] - Windows SP installer should not always roll back when shibd fails to start
New Feature
[SSPCPP-515] - Make /Status handler report SessionCache
2.5.0:
Bugfixes
[SSPCPP-344] - Version strings in various spots are wired at compile time
[SSPCPP-345] - Split "package-level" and "user-level" settings in shib.conf to limit effect of RPM upgrades.
[SSPCPP-365] - Support for binary attributes in resolver
[SSPCPP-382] - Correct date format in Expires headers
[SSPCPP-383] - Tag entityID not usable in error templates
[SSPCPP-387] - Cryptographic nameID is longer than key length that memcache can handle
[SSPCPP-391] - Generation of keys for relay state is not strongly random
[SSPCPP-392] - Valgrind detects memory leaks
[SSPCPP-393] - Setting session timeout="0" creates infinite loop between SP and IDP
[SSPCPP-400] - NameID lookup for logout ignores logical SP boundaries
[SSPCPP-401] - IIS App Pool Crash
[SSPCPP-406] - Should check for cross platform previous versions?
[SSPCPP-408] - ECP flow fails for Session configured inside of ApplicationOverride
[SSPCPP-411] - openSUSE 12.1 erases /var/run at each reboot, so shibd fails to start
[SSPCPP-413] - Schema catalogs should be set after XMLTooling init.
[SSPCPP-416] - IIS breaks with error "isapi_shib: Attempted to insert duplicate storage key." Server restart required to fix
[SSPCPP-417] - redirectErrors configuration attribute does not handle relative URLs
[SSPCPP-419] - ExtensibleAttribute internal marshalling doesn't handle attribute naming correctly
[SSPCPP-423] - After upgrading SP to Alpha SP 2.5 RPM from previous version of SP, shibd does not start.
[SSPCPP-431] - Change links of https://spaces.inetrnet2.edu to wiki.shibboleth.net
[SSPCPP-438] - Artifact resolver code doesn't use EndpointIndex in 2.0 artifacts
[SSPCPP-439] - Auto-generated ACS endpoints improperly tracked by index
[SSPCPP-443] - SP not signing ECP AuthnRequests
[SSPCPP-444] - Multiple shib_state cookies get set -> server chokes on header field size
[SSPCPP-445] - RequestInitiator metadata generated in a case where it shouldn't be
[SSPCPP-448] - setting relayState to use ODBC storage service results in attempted redirects to an invalid URL
[SSPCPP-449] - RequestMap not normalizing hostname for comparison
[SSPCPP-459] - redirectLimit parser typo
[SSPCPP-460] - A spelling error in the configure file
[SSPCPP-461] - caching DiscoFeed fails b/c cache directory does not exist
[SSPCPP-465] - CLONE - Tag entityID not usable in error templates
[SSPCPP-467] - Cross-contamination from conflicting @@relayState settings
[SSPCPP-468] - Aliases support in XML Attribute Extractor no longer working in 2.5.0 Beta 1
[SSPCPP-487] - relayStateLimitWhitelist parameter is being changed inadvertently by limitRelayState method
[SSPCPP-488] - No way to get client address set for ExternalAuth sessions
[SSPCPP-489] - Windows installer (tries to) install a 64 bit path into IIS
[SSPCPP-498] - Hardcoded path in XMLTooling is invalid on localized WinXP/2003
Improvements
[SSPCPP-319] - Augment XMLAccessControl for time based access control.
[SSPCPP-326] - Abbreviated IPv6 address format and CIDR support for acl
[SSPCPP-332] - Session cache slows down if large numbers of sessions with a single NameID are created
[SSPCPP-335] - Handle query strings on POST and avoid unintended POST data consumption
[SSPCPP-352] - Expose RelayState limiter as a public API and revisit default setting
[SSPCPP-353] - Package the SP to run as non-root user
[SSPCPP-361] - Session handler with better parseable and accessable (X)HTML code
[SSPCPP-362] - add 'metadata last refresh' to SP's status page
[SSPCPP-366] - generated metadata should include cryptographic algorithms
[SSPCPP-375] - Add httpOnly to cookieProps in the shibboleth2.xml config
[SSPCPP-376] - Add a post-filtering hashing feature to shorten long attributes, namely ePTIDs
[SSPCPP-394] - Support multiple authn context references in requests
[SSPCPP-399] - SImple Aggregation plugin should allow "prefixing" of attributes or dedicated extractors
[SSPCPP-403] - Facilitate signing Logout messages
[SSPCPP-404] - Log entry for failed consistentAddress="true" check
[SSPCPP-405] - CRIT Shibboleth.Application : no MetadataProvider available should be a warning not CRIT
[SSPCPP-407] - Improve logging on invalid XML in shibboleth2.xml configuration file
[SSPCPP-418] - Incorporating Boost libraries into code base
[SSPCPP-420] - Memcache build on RH6 and error handling fixes
[SSPCPP-425] - ShibAccessControl Relative Paths to user web content
[SSPCPP-436] - Log on DEBUG when a shibsession cookie is being cleared because no corresponding session is found by Shibboleth
[SSPCPP-446] - Try moving child_init hooks in Apache 2.x modules to post_config
[SSPCPP-458] - Unprecise error message when wrong certificate is used for SAML2 encryption
[SSPCPP-464] - Provide Logging to Recommend Production Settings
[SSPCPP-470] - Identify deprecated features or suboptimal settings and add warnings
[SSPCPP-472] - AttributeExtractor: remove leading/trailing whitespace created by formatter
New Features
[SSPCPP-245] - Support for attribute requirements in the SP
[SSPCPP-339] - Extraction of contacts and other built-in metadata information
[SSPCPP-341] - AttributeResolver plugin(s) for regexp or template-based transformation of values
[SSPCPP-342] - Metadata / Attribute filtering based on EntityAttributes
[SSPCPP-343] - Add support for capturing AuthenticatingAuthority
[SSPCPP-349] - Parseable audit logs for SP
[SSPCPP-389] - Add option to shibd to set uid and gid at startup
[SSPCPP-390] - Multiple language versions for the same attribute
[SSPCPP-396] - Simplify logout support for Native SP
[SSPCPP-410] - add support for the 'policy' query string parameter
[SSPCPP-421] - Extraction of consent attribute from SAML 2 responses
[SSPCPP-430] - Apache 2.4 support
[SSPCPP-437] - Add artifact binding for resolving artifacts via file system
[SSPCPP-440] - Loopback handler to exchange an assertion for a session
[SSPCPP-469] - Logout request extension to specify no response
[SSPCPP-471] - Shorthand settings for manipulating cookie properties
[SSPCPP-486] - Add automatic algorithm blacklist
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.10 2013/09/20 23:11:01 joerg Exp $
d5 1
@
1.10
log
@Add boost header required by parts of xmltooling.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.9 2013/09/10 11:44:15 obache Exp $
d4 1
a4 2
DISTNAME= shibboleth-sp-2.4.3
PKGREVISION= 3
d9 1
a9 1
HOMEPAGE= http://shibboleth.internet2.edu/
a18 1
WRKSRC= ${WRKDIR}/shibboleth-${PKGVERSION_NOREV}
d36 1
d100 1
@
1.9
log
@Bump PKGREVISION from xml-security-c shlib major bump
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.8 2013/02/06 23:24:04 jperkin Exp $
d102 1
@
1.8
log
@PKGREVISION bumps for the security/openssl 1.0.1d update.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.7 2012/12/16 01:52:39 obache Exp $
d5 1
a5 1
PKGREVISION= 2
@
1.7
log
@recursive bump from cyrus-sasl libsasl2 shlib major bump.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.6 2012/10/28 06:31:04 asau Exp $
d5 1
a5 1
PKGREVISION= 1
@
1.6
log
@Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.5 2012/07/01 01:33:13 dholland Exp $
d5 1
@
1.5
log
@Fix some pkglint, mostly whitespace.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.4 2011/07/28 23:16:24 pettai Exp $
a12 2
PKG_DESTDIR_SUPPORT= user-destdir
@
1.4
log
@2.4.3:
Bug:
* [SSPCPP-357] - Library init routines should be idempotent
* [SSPCPP-358] - OpenSUSE 11.4 RPM build can't handle warnings during mod_shib build
* [SSPCPP-363] - Windows Installer loops infinitely if the SP is deinstalled from the Control Panel
* [SSPCPP-368] - Fails to build with g++ 4.6 (missing stddef.h)
* [SSPCPP-370] - SSL_CHECK_SERVERHELLO_TLSEXT
* [SSPCPP-371] - SAML2 does not enable ECP support
* [SSPCPP-372] - Bug in query in ODBC storage service plugin
* [SSPCPP-374] - metagen.sh creates PAOS ACS elements twice
* [SSPCPP-379] - DiscoFeed should return empty feed with no metadata provider
* [SSPCPP-380] - When maxTimeSinceAuthn is used, valid time interval is miscalculated when IdP time is a few seconds ahead of SP time
Improvement:
* [SSPCPP-359] - metagen.sh includes xmlns for NAKEDHOSTS
* [SSPCPP-381] - Option to expire redirects on Apache
New Feature:
* [SSPCPP-364] - Add examples into the example metadata shipped with the SP
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.3 2011/07/27 22:33:26 pettai Exp $
d18 1
a18 1
CONFIGURE_ARGS+= --with-xmltooling=${PREFIX:Q}
d84 1
a84 1
INSTALLATION_DIRS+= ${PREFIX}/include/shibsp/metadata
d89 3
a91 3
INSTALLATION_DIRS+= ${PREFIX}/share/doc/shibboleth-${PKGVERSION_NOREV}/api
INSTALLATION_DIRS+= ${PREFIX}/share/xml/shibboleth
INSTALLATION_DIRS+= ${PREFIX}/lib/shibboleth
@
1.3
log
@Change MASTER_SITES to the new distribution point
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.2 2011/04/22 13:45:00 obache Exp $
d4 1
a4 2
DISTNAME= shibboleth-sp-2.4.2
PKGREVISION= 1
d6 1
a6 1
MASTER_SITES= http://www.shibboleth.net/downloads/service-provider/2.4.2/
@
1.2
log
@recursive bump from gettext-lib shlib bump.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.1.1.1 2011/03/15 13:15:37 pettai Exp $
d7 1
a7 1
MASTER_SITES= http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/latest/
@
1.1
log
@Initial revision
@
text
@d1 1
a1 1
# $NetBSD$
d4 2
a5 2
DISTNAME= shibboleth-sp-${PKGVERSION}
PKGVERSION= 2.4.2
d22 1
a22 1
WRKSRC= ${WRKDIR}/shibboleth-2.4.2
d89 2
a90 2
INSTALLATION_DIRS+= ${PREFIX}/share/doc/shibboleth-${PKGVERSION}
INSTALLATION_DIRS+= ${PREFIX}/share/doc/shibboleth-${PKGVERSION}/api
@
1.1.1.1
log
@Import the latest shibboleth-sp from pkgsrc-wip.
@
text
@@