diff --git a/security/shibboleth-sp/Makefile b/security/shibboleth-sp/Makefile index 35d763f065d2..1fe26dee2eaa 100644 --- a/security/shibboleth-sp/Makefile +++ b/security/shibboleth-sp/Makefile @@ -1,83 +1,91 @@ # Created by: Janos Mohacsi PORTNAME= shibboleth-sp PORTVERSION= 3.2.1 +PORTREVISION= 1 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ MAINTAINER= girgen@FreeBSD.org COMMENT= C++ Shibboleth Service Provider (Internet2) for Apache LICENSE= APACHE20 BUILD_DEPENDS= boost-libs>=0:devel/boost-libs -LIB_DEPENDS= libsaml.so:security/opensaml - -USES= gmake tar:bzip2 cpe pkgconfig libtool +LIB_DEPENDS= libsaml.so:security/opensaml \ + liblog4shib.so:devel/log4shib \ + libxerces-c-3.2.so:textproc/xerces-c3 \ + libxml-security-c.so:security/apache-xml-security-c \ + libxmltooling.so:devel/xmltooling \ + libapr-1.so:devel/apr1 \ + libgdbm.so:databases/gdbm \ + libexpat.so:textproc/expat2 + +USES= gmake tar:bzip2 cpe pkgconfig libtool bdb GNU_CONFIGURE= yes MAKE_ENV= NOKEYGEN=YES USE_LDCONFIG= yes USE_RC_SUBR= shibboleth-sp DOCSDIR= ${PREFIX}/share/doc/shibboleth CPE_VENDOR= shibboleth USERS= shibd GROUPS= shibd INSTALL_TARGET= install-strip OPTIONS_GROUP= CONNECT SESSION OPTIONS_GROUP_CONNECT=FASTCGI APACHE CONNECT_DESC= Webserver modules OPTIONS_GROUP_SESSION=ODBC MEMCACHED SESSION_DESC= Optional session storage OPTIONS_DEFAULT=ODBC APACHE # Descriptions ODBC_DESC= ODBC database backend - store sessions in a database MEMCACHED_DESC= Store sessions in memcached FASTCGI_DESC= FastCGI protocol support, e.g. for NGINX APACHE_DESC= Build Apache module APACHE_USES= apache:2.4+ ODBC_CONFIGURE_ENABLE= odbc ODBC_LIB_DEPENDS= libodbc.so:databases/unixODBC FASTCGI_CONFIGURE_WITH= fastcgi=${LOCALBASE} FASTCGI_LIB_DEPENDS= libfcgi++.so:www/fcgi MEMCACHED_CONFIGURE_WITH= memcached=${LOCALBASE} MEMCACHED_LIB_DEPENDS= libmemcached.so:databases/libmemcached OPTIONS_SUB= yes SUB_LIST+= SH=${SH} WWWGRP=${WWWGRP} PLIST_SUB+= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} SUB_LIST+= SHIBD_USER=${USERS} SUB_LIST+= SHIBD_GROUP=${GROUPS} PLIST_SUB+= SHIBD_USER=${USERS} PLIST_SUB+= SHIBD_GROUP=${GROUPS} CONFIGURE_ARGS+=--localstatedir=/var \ --disable-doxygen-doc --disable-dependency-tracking .include .if ${PORT_OPTIONS:MAPACHE} && "${APACHE_VERSION}" == 2.4 CONFIGURE_ARGS+=--disable-apache-22 --enable-apache-24 --with-apxs24=${APXS} PLIST_SUB+= WITH_APACHE_24="" .else CONFIGURE_ARGS+=--disable-apache-24 --disable-apache-22 PLIST_SUB+= WITH_APACHE_24="@comment " .endif post-patch: @${REINPLACE_CMD} -e 's,^pkgdocdir.*=.*,pkgdocdir = ${DOCSDIR},' \ -e 's,^pkgwebdir.*=.*,pkgwebdir = ${DOCSDIR},' \ ${WRKSRC}/doc/Makefile.in ${WRKSRC}/configs/Makefile.in .include diff --git a/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp b/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp new file mode 100644 index 000000000000..7cb55f5f16d5 --- /dev/null +++ b/security/shibboleth-sp/files/patch-shibsp_impl_StorageServiceSessionCache.cpp @@ -0,0 +1,31 @@ +From 5a47c3b9378f4c49392dd4d15189b70956f9f2ec Mon Sep 17 00:00:00 2001 +From: Scott Cantor +Date: Thu, 22 Apr 2021 15:58:43 -0400 +Subject: [PATCH] SSPCPP-927 - Check for missing DataSealer during cookie recovery + +https://issues.shibboleth.net/jira/browse/SSPCPP-927 + +--- shibsp/impl/StorageServiceSessionCache.cpp.orig 2020-12-07 20:51:12.000000000 +0000 ++++ shibsp/impl/StorageServiceSessionCache.cpp 2021-04-23 16:17:00.398821000 +0000 +@@ -1148,6 +1148,12 @@ + else { + // We're out of process, so we can recover the session. + #ifndef SHIBSP_LITE ++ const DataSealer* sealer = XMLToolingConfig::getConfig().getDataSealer(); ++ if (!sealer) { ++ m_log.warn("can't attempt recovery of session (%s), no DataSealer configured", key); ++ return false; ++ } ++ + m_log.debug("checking for revocation of session (%s)", key); + try { + if (m_storage_lite->readString("Revoked", key) > 0) { +@@ -1174,7 +1180,7 @@ + try { + dup = strdup(data); + XMLToolingConfig::getConfig().getURLEncoder()->decode(dup); +- unwrapped = XMLToolingConfig::getConfig().getDataSealer()->unwrap(dup); ++ unwrapped = sealer->unwrap(dup); + free(dup); + + stringstream str(unwrapped);