Lasso 2.7.0
- https://listes.entrouvert.com/arc/lasso/2021-06/msg00000.html - don't package java bindings as they are not maintained upstream anymore and there seem to be no users - Resolves: rhbz#1966607 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses
This commit is contained in:
Jakub Hrozek
parent
395995adfd
commit
3560a4959e
1
.gitignore
vendored
1
.gitignore
vendored
@ -5,3 +5,4 @@
|
||||
/lasso-2.5.1.tar.gz
|
||||
/lasso-2.6.0.tar.gz
|
||||
/lasso-2.6.1.tar.gz
|
||||
/lasso-2.7.0.tar.gz
|
||||
|
||||
19
lasso.spec
19
lasso.spec
@ -1,4 +1,4 @@
|
||||
%global with_java 1
|
||||
%global with_java 0
|
||||
%global with_php 0
|
||||
%global with_perl 1
|
||||
# The Lasso build system requires python, especially the binding generators
|
||||
@ -58,8 +58,8 @@
|
||||
|
||||
Summary: Liberty Alliance Single Sign On
|
||||
Name: lasso
|
||||
Version: 2.6.1
|
||||
Release: 9%{?dist}
|
||||
Version: 2.7.0
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
URL: http://lasso.entrouvert.org/
|
||||
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
|
||||
@ -83,6 +83,11 @@ BuildRequires: cyrus-sasl-devel
|
||||
|
||||
Requires: xmlsec1
|
||||
|
||||
# lasso upstream no longer supports java bindings
|
||||
# see https://dev.entrouvert.org/issues/45876#change-289747
|
||||
# and https://dev.entrouvert.org/issues/51418
|
||||
Obsoletes: java-lasso < %{version}-%{release}
|
||||
|
||||
%description
|
||||
Lasso is a library that implements the Liberty Alliance Single Sign On
|
||||
standards, including the SAML and SAML2 specifications. It allows to handle
|
||||
@ -308,6 +313,14 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jun 2 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0
|
||||
- Lasso 2.7.0
|
||||
- https://listes.entrouvert.com/arc/lasso/2021-06/msg00000.html
|
||||
- don't package java bindings as they are not maintained upstream
|
||||
anymore and there seem to be no users
|
||||
- Resolves: rhbz#1966607 - CVE-2021-28091 lasso: XML signature wrapping
|
||||
vulnerability when parsing SAML responses
|
||||
|
||||
* Sun May 23 2021 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.1-9
|
||||
- Perl 5.34 rebuild
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (lasso-2.6.1.tar.gz) = 768e577ccf650d61305cbb2d8be0d3e13a5c8b6b05f6b0a8419fcd23030eb7530740e8ca785f0279331d7e31743b2e0ab234de50eb87d41cfda5d692a1583d4b
|
||||
SHA512 (lasso-2.7.0.tar.gz) = 98615d6166cdec52abef4f5346119040f310dbee624c2cd168d2f95b5fe3e0e1437ec6bfc2cd8b680044438afa15770402f5aef87d1885f7bc61528617c17a74
|
||||
|
||||
Loading…
Reference in New Issue
Block a user