diff --git a/.gitignore b/.gitignore index 98f569b..87674f9 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /lasso-2.4.1.tar.gz /lasso-2.5.0.tar.gz /lasso-2.5.1.tar.gz +/lasso-2.6.0.tar.gz diff --git a/build-scripts-py3-compatible.patch b/build-scripts-py3-compatible.patch new file mode 100644 index 0000000..563ce43 --- /dev/null +++ b/build-scripts-py3-compatible.patch @@ -0,0 +1,255 @@ +commit d526669810e0dc0a454260d5081fc96e16fc9e13 +Author: John Dennis +Date: Mon Jun 25 16:26:24 2018 -0400 + + Make Python scripts compatible with both Py2 and Py3 + + During the build if the Python3 interpreter is used a number of + scripts will fail because they were never ported from Py2 to Py3. In + general we want Python code to be compatible with both Py2 and + Py3. This patch brings the scripts up to date with Py3 but retains + backwards compatibility with Py2 (specifically Py 2.7, the last Py2 + release). + + Examples of the required changes are: + + * Replace use of the built-in function file() with open(). file() + does not exist in Py3, open works in both Py2 and Py3. The code was + also modified to use a file context manager (e.g. with open(xxx) as + f:). This assures open files are properly closed when the code block + using the file goes out of scope. This is a standard modern Python + idiom. + + * Replace all use of the print keyword with the six.print_() + function, which itself is an emulation of Py3's print function. Py3 + no longer has a print keyword, only a print() function. + + * The dict methods .keys(), .values(), .items() no longer return a + list in Py3, instead they return a "view" object which is an + iterator whose result is an unordered set. The most notable + consequence is you cannot index the result of these functions like + your could in Py2 (e.g. dict.keys()[0] will raise a run time + exception). + + * Replace use of StringIO.StringIO and cStringIO with + six.StringIO. Py3 no longer has cStringIO and the six variant + handles the correct import. + + * Py3 no longer allows the "except xxx, variable" syntax, where + variable appering after the comma is assigned the exception object, + you must use the "as" keyword to perform the variable assignment + (e.g. execpt xxx as variable) + + Note: the modifications in this patch are the minimum necessary to get + the build to run with the Py3 interpreter. There are numerous other + Python scripts in the repo which need Py3 porting as well but because + they are not invoked during a build they will be updated in a + subsequent patch. + + License: MIT + Signed-off-by: John Dennis + +diff --git a/bindings/python/examples/get_attributes_from_assertion.py b/bindings/python/examples/get_attributes_from_assertion.py +index 44ceb9e5..8f37a337 100644 +--- a/bindings/python/examples/get_attributes_from_assertion.py ++++ b/bindings/python/examples/get_attributes_from_assertion.py +@@ -1,8 +1,10 @@ + # Example SP Python code to get attributes from an assertion + ++from six import print_ ++ + for attribute in assertion.attributeStatement[0].attribute: + if attribute.name == lasso.SAML2_ATTRIBUTE_NAME_EPR: + continue +- print 'attribute : ' + attribute.name ++ print_('attribute : ' + attribute.name) + for value in attribute.attributeValue: +- print ' value : ' + value.any[0].content ++ print_(' value : ' + value.any[0].content) +diff --git a/bindings/python/tests/binding_tests.py b/bindings/python/tests/binding_tests.py +index 6d8e0dfa..54c3635f 100755 +--- a/bindings/python/tests/binding_tests.py ++++ b/bindings/python/tests/binding_tests.py +@@ -311,8 +311,8 @@ class BindingTestCase(unittest.TestCase): + ''' + node = lasso.Node.newFromXmlNode(content) + assert 'next_url' in node.any[1] +- assert 'huhu' in node.attributes.keys()[0] +- assert node.attributes.values()[0] == 'xxx' ++ assert '{https://www.entrouvert.com/}huhu' in node.attributes.keys() ++ assert 'xxx' in node.attributes.values() + node.any = ('coin',) + node.attributes = {'michou': 'zozo'} + assert 'coin' in node.dump() +diff --git a/bindings/python/tests/idwsf2_tests.py b/bindings/python/tests/idwsf2_tests.py +index 6f80c53d..4e47a4a1 100755 +--- a/bindings/python/tests/idwsf2_tests.py ++++ b/bindings/python/tests/idwsf2_tests.py +@@ -27,7 +27,7 @@ + import os + import unittest + import sys +-from StringIO import StringIO ++from six import StringIO + import logging + + logging.basicConfig() +@@ -310,11 +310,11 @@ class MetadataTestCase(IdWsf2TestCase): + self.failUnless(idp_disco.request.svcMD[0].svcMDID is None) + try: + idp_disco.checkSecurityMechanism() +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + try: + idp_disco.validateRequest() +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + self.failUnless(idp_disco.response is not None) + self.failUnlessEqual(len(idp_disco.metadatas), 1) +@@ -391,16 +391,16 @@ class MetadataTestCase(IdWsf2TestCase): + self.failUnless(idp_disco is not None) + try: + idp_disco.processRequestMsg(wsp_disco.msgBody) +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + self.failUnless(idp_disco.request is not None) + try: + idp_disco.checkSecurityMechanism() +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + try: + idp_disco.failRequest(lasso.IDWSF2_DISCOVERY_STATUS_CODE_FAILED, lasso.IDWSF2_DISCOVERY_STATUS_CODE_FORBIDDEN) +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + self.failUnless(idp_disco.response is not None) + self.failUnless(idp_disco.response.status is not None) +@@ -415,7 +415,7 @@ class MetadataTestCase(IdWsf2TestCase): + wsp_disco.processResponseMsg(idp_disco.msgBody) + except lasso.Idwsf2DiscoveryForbiddenError: + pass +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + + def test03(self): +@@ -475,7 +475,7 @@ class MetadataTestCase(IdWsf2TestCase): + self.failUnless(soap_envelope.getMessageId() is not None) + try: + idp_disco.checkSecurityMechanism() +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + # redirect + interactionUrl = spInteractionUrl +@@ -488,7 +488,7 @@ class MetadataTestCase(IdWsf2TestCase): + self.failUnless(response.detail.any[0].redirectURL.startswith(interactionUrl + '?transactionID=')) + try: + idp_disco.buildResponseMsg() +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + self.failUnless(idp_disco.msgBody is not None) + +@@ -500,7 +500,7 @@ class MetadataTestCase(IdWsf2TestCase): + wsp_disco.processResponseMsg(idp_disco.msgBody) + except lasso.WsfprofileRedirectRequestError: + pass +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + response_envelope = wsp_disco.getSoapEnvelopeResponse() + self.failUnless(response_envelope.sb2GetRedirectRequestUrl().startswith(interactionUrl + '?transactionID=')) +@@ -527,11 +527,11 @@ class MetadataTestCase(IdWsf2TestCase): + self.failUnless(idp_disco.request.svcMD[0].svcMDID is None) + try: + idp_disco.checkSecurityMechanism() +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + try: + idp_disco.validateRequest() +- except lasso.Error, e: ++ except lasso.Error as e: + self.fail(e) + self.failUnless(idp_disco.response is not None) + self.failUnlessEqual(len(idp_disco.metadatas), 1) +diff --git a/lasso/build_strerror.py b/lasso/build_strerror.py +index fca59628..908638d5 100644 +--- a/lasso/build_strerror.py ++++ b/lasso/build_strerror.py +@@ -1,42 +1,42 @@ + #! /usr/bin/env python + +-from cStringIO import StringIO + import glob + import re + import sys + import os ++from six import print_, StringIO + + srcdir = sys.argv[1] + +-hlines = file('%s/errors.h' % srcdir,'r').readlines() + messages = dict() + description = '' + +-for line in hlines: +- m = re.match(r'^ \* LASSO.*ERROR', line) +- if m: +- description = '' +- continue +- m = re.match(r'^ \* (.*[^:])$', line) +- if m: +- description += m.group(1) +- m = re.match(r'#define (LASSO_\w*ERROR\w+)', line) +- if m and description: +- description = re.sub(r'[ \n]+', ' ', description).strip() +- messages[m.group(1)] = description +- description = '' +- else: +- m = re.match(r'#define (LASSO_\w*ERROR\w+)',line) ++with open('%s/errors.h' % srcdir,'r') as f: ++ for line in f: ++ m = re.match(r'^ \* LASSO.*ERROR', line) + if m: +- messages[m.group(1)] = m.group(1) ++ description = '' ++ continue ++ m = re.match(r'^ \* (.*[^:])$', line) ++ if m: ++ description += m.group(1) ++ m = re.match(r'#define (LASSO_\w*ERROR\w+)', line) ++ if m and description: ++ description = re.sub(r'[ \n]+', ' ', description).strip() ++ messages[m.group(1)] = description ++ description = '' ++ else: ++ m = re.match(r'#define (LASSO_\w*ERROR\w+)',line) ++ if m: ++ messages[m.group(1)] = m.group(1) + +-clines = file('%s/errors.c.in' % srcdir,'r').readlines() +-for line in clines: +- if '@ERROR_CASES@' in line: +- keys = messages.keys() +- keys.sort() +- for k in keys: +- print """ case %s: +- return "%s";""" % (k,messages[k].rstrip('\n')) +- else: +- print line, ++with open('%s/errors.c.in' % srcdir,'r') as f: ++ for line in f: ++ if '@ERROR_CASES@' in line: ++ keys = sorted(messages.keys()) ++ for k in keys: ++ print_(' case %s:\n' ++ ' return "%s";' % ++ (k,messages[k].rstrip('\n'))) ++ else: ++ print_(line, end="") diff --git a/cflags.patch b/cflags.patch deleted file mode 100644 index 38df48b..0000000 --- a/cflags.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 629e05d8dc795a70fd2bcd3d0301641105bf0b06 Mon Sep 17 00:00:00 2001 -From: John Dennis -Date: Wed, 15 Jun 2016 11:50:24 -0400 -Subject: [PATCH] enable user supplied CFLAGS -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -CFLAGS is initialized to the empty string in configure.ac, this -effectively turned off user supplied values for CFLAGS preventing site -specific values from being used. A further complicating factor was of -all the user supplied values documented in Automake only CFLAGS was -disabled allowing all other user supplied variables to take -effect. Some variables must be coordinated (e.g. CFLAGS with LDFLAGS), -the fact LDFLAGS was picked up from the environment but CFLAGS was -discarded caused build failures due to incompatible combination of -compiler and linker options. - -The problem was first introduced in commit: 73d9c98f "Reset CFLAGS -when --enable-debugging is used". This patch simply removes hardcoding -CFLAGS to the empty string and appends the debug options -(--enable-debugging) to the existing CFLAGS. - -Proper use of the variables is described in the Automake documentation -in the section "Flag Variables Ordering" -https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html - -Although the Automake documentation claims manipulating CFLAGS -directly is improper use there are many examples of this in the -existing configure.ac, this patch makes no attempt at addressing this -issue, rather it makes existing usage consistent. In the particular -case of debug flags appending to CFLAGS is probably the only valid -solution because the debug flags must appear at the end of the list of -flags in order to override earlier flags, CFLAGS always appears last -in the Makefile (see above Automake doc). - -Signed-off-by: John Dennis -License: MIT ---- - configure.ac | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 7c58870..cf86262 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -91,7 +91,6 @@ dnl - dnl Check for programs - dnl - AC_PROG_CC --CFLAGS="" - AM_CFLAGS="" - AC_HEADER_STDC - LT_AC_PROG_RC -@@ -702,7 +701,7 @@ AC_ARG_ENABLE(debugging, [ --enable-debugging enable debuging optimizati - if test "z$enable_debugging" = "zyes" ; then - enable_debugging=yes - LASSO_DEFINES="$LASSO_DEFINES -DLASSO_DEBUG" -- AM_CFLAGS="-O0 -g -Wall -Wextra -Werror" -+ CFLAGS="$CFLAGS -O0 -g -Wall -Wextra -Werror" - else - enable_debugging=no - fi --- -2.5.5 - diff --git a/duplicate-python-LogoutTestCase.patch b/duplicate-python-LogoutTestCase.patch new file mode 100644 index 0000000..2adea00 --- /dev/null +++ b/duplicate-python-LogoutTestCase.patch @@ -0,0 +1,83 @@ +commit 623d785f957acc9eccb47a9a3f88e5e167a370b6 +Author: John Dennis +Date: Mon Jun 25 17:37:45 2018 -0400 + + fix duplicate definition of LogoutTestCase and logoutSuite + + Commit 6f617027e added a duplicate definition of the LogoutTestCase + class containing only 1 test which shaddowed the original + LogoutTestCase containing 4 tests. The logoutSuite variable was also + shadowed and the allTests variable contained a duplicate of + logoutSuite causing the 2nd definition of LogoutTestCase to be run + twice. + + Not only were the original 4 tests not being run but the entire unit + test in profiles_tests.py was failing under Python3. This is because + the unittest code in Py3 deletes a test from it's list of tests to run + once it's been run. The second time the logoutSuite was invoked it no + longer contained any tests which caused an exception to be raised + because there were no tests to be run. + + License: MIT + Signed-off-by: John Dennis + +diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py +index 547c9e24..0ba1e56e 100755 +--- a/bindings/python/tests/profiles_tests.py ++++ b/bindings/python/tests/profiles_tests.py +@@ -386,6 +386,21 @@ class LogoutTestCase(unittest.TestCase): + else: + self.fail('Logout processResponseMsg should have failed.') + ++ def test05(self): ++ '''Test parsing of a logout request with more than one session index''' ++ content = ''' ++ me ++ coin ++ id1 ++ id2 ++ id3 ++ ''' ++ ++ node = lasso.Samlp2LogoutRequest.newFromXmlNode(content) ++ assert isinstance(node, lasso.Samlp2LogoutRequest) ++ assert node.sessionIndex == 'id1' ++ assert node.sessionIndexes == ('id1', 'id2', 'id3') ++ + class DefederationTestCase(unittest.TestCase): + def test01(self): + """IDP initiated defederation; testing processNotificationMsg with non Liberty query.""" +@@ -478,32 +493,15 @@ class AttributeAuthorityTestCase(unittest.TestCase): + assert aq.response.assertion[0].attributeStatement[0].attribute[0] + assert aq.response.assertion[0].attributeStatement[0].attribute[0].attributeValue[0] + +-class LogoutTestCase(unittest.TestCase): +- def test01(self): +- '''Test parsing of a logout request with more than one session index''' +- content = ''' +- me +- coin +- id1 +- id2 +- id3 +- ''' +- +- node = lasso.Samlp2LogoutRequest.newFromXmlNode(content) +- assert isinstance(node, lasso.Samlp2LogoutRequest) +- assert node.sessionIndex == 'id1' +- assert node.sessionIndexes == ('id1', 'id2', 'id3') +- + serverSuite = unittest.makeSuite(ServerTestCase, 'test') + loginSuite = unittest.makeSuite(LoginTestCase, 'test') + logoutSuite = unittest.makeSuite(LogoutTestCase, 'test') + defederationSuite = unittest.makeSuite(DefederationTestCase, 'test') + identitySuite = unittest.makeSuite(IdentityTestCase, 'test') + attributeSuite = unittest.makeSuite(AttributeAuthorityTestCase, 'test') +-logoutSuite = unittest.makeSuite(LogoutTestCase, 'test') + + allTests = unittest.TestSuite((serverSuite, loginSuite, logoutSuite, defederationSuite, +- identitySuite, attributeSuite, logoutSuite)) ++ identitySuite, attributeSuite)) + + if __name__ == '__main__': + sys.exit(not unittest.TextTestRunner(verbosity = 2).run(allTests).wasSuccessful()) diff --git a/java_binding_lasso_log.patch b/java_binding_lasso_log.patch deleted file mode 100644 index 23f6993..0000000 --- a/java_binding_lasso_log.patch +++ /dev/null @@ -1,51 +0,0 @@ -commit d8e3ae85044a23424e8fcccc4af2ce7ce883ef74 -Author: John Dennis -Date: Tue Feb 23 20:00:45 2016 -0500 - - add inline implementation of lasso_log - - lasso_log is a private function of lasso and as such cannot be - referenced by the loader. - - This is equivalent to commit e0bda691 in the PHP binding which - exhibited the same problem. - - lasso_log is referenced in jobject_to_gobject() because of - lasso_assign_gobject macro, which includes the lasso_release_gobject - macro which invokes the message macro which expands to lasso_log. - - License: MIT - Signed-off-by: John Dennis - -diff --git a/bindings/java/wrapper_top.c b/bindings/java/wrapper_top.c -index 54bdeef..29c2014 100644 ---- a/bindings/java/wrapper_top.c -+++ b/bindings/java/wrapper_top.c -@@ -6,6 +6,27 @@ - #include "com_entrouvert_lasso_LassoJNI.h" - #include - #include "../ghashtable.h" -+ -+#if defined(__GNUC__) -+# define lasso_log(level, filename, line, function, format, args...) \ -+ g_log("Lasso", level, "%s:%i:%s" format, filename, line, function, ##args) -+#elif defined(HAVE_VARIADIC_MACROS) -+# define lasso_log(level, format, line, function, ...) \ -+ g_log("Lasso", leve, "%s:%i:%s" format, filename, line, function, __VA_ARGS__) -+#else -+static inline void lasso_log(GLogLevelFlags level, const char *filename, -+ int line, const char *function, const char *format, ...) -+{ -+ va_list ap; -+ char s[1024]; -+ va_start(ap, format); -+ g_vsnprintf(s, 1024, format, ap); -+ va_end(ap); -+ g_log("Lasso", level, "%s:%i:%s %s", filename, line, function, s); -+} -+#define lasso_log lasso_log -+#endif -+ - #include "../../lasso/utils.h" - #include "../utils.c" - #include "../../lasso/backward_comp.h" diff --git a/lasso.spec b/lasso.spec index 6a51066..4fdab3b 100644 --- a/lasso.spec +++ b/lasso.spec @@ -1,6 +1,6 @@ %global with_java 1 %global with_php 0 -%global with_perl 0 +%global with_perl 1 %global with_python 1 %global with_wsf 0 @@ -12,19 +12,55 @@ %endif %endif +%if %{with_python} + %if 0%{?fedora} < 32 || 0%{?rhel} + %global with_python2 1 + %endif + + %if 0%{?fedora} && ! 0%{?rhel} + %global with_python3 1 + %endif +%endif + +%global configure_args %{nil} +%global configure_args %{configure_args} + +%if !%{with_java} + %global configure_args %{configure_args} --disable-java +%endif + +%if !%{with_perl} + %global configure_args %{configure_args} --disable-perl +%endif + +%if %{with_php} + %global configure_args %{configure_args} --enable-php5=yes --with-php5-config-dir=%{php_inidir} +%else + %global configure_args %{configure_args} --enable-php5=no +%endif + +%if %{with_wsf} + %global configure_args %{configure_args} --enable-wsf --with-sasl2=%{_prefix}/sasl2 +%endif + +%if !%{with_python} + %global configure_args %{configure_args} --disable-python +%endif + + Summary: Liberty Alliance Single Sign On Name: lasso -Version: 2.5.1 -Release: 13%{?dist} +Version: 2.6.0 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Libraries Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz -patch1: java_binding_lasso_log.patch -patch2: cflags.patch -patch3: validate_idp_list_test.patch -patch4: xmlSecSoap.patch -patch5: automake-version.patch +Patch1: use-specified-python-interpreter.patch +Patch2: build-scripts-py3-compatible.patch +Patch3: duplicate-python-LogoutTestCase.patch + +BuildRequires: libtool autoconf automake %if %{with_wsf} BuildRequires: cyrus-sasl-devel @@ -59,6 +95,7 @@ documentation for Lasso. %package perl Summary: Liberty Alliance Single Sign On (lasso) Perl bindings Group: Development/Libraries +BuildRequires: perl-devel BuildRequires: perl(ExtUtils::MakeMaker) BuildRequires: perl(Test::More) BuildRequires: perl(Error) @@ -92,16 +129,16 @@ BuildRequires: python2 Requires: %{name}%{?_isa} = %{version}-%{release} Requires: php(zend-abi) = %{php_zend_api} Requires: php(api) = %{php_core_api} -Provides: php-lasso = %{version}-%{release} -Provides: php-lasso%{?_isa} = %{version}-%{release} +Provides: php-%{name} = %{version}-%{release} +Provides: php-%{name}%{?_isa} = %{version}-%{release} %description php PHP language bindings for the lasso (Liberty Alliance Single Sign On) library. %endif -%if %{with_python} -%package -n python2-lasso -%{?python_provide:%python_provide python2-lasso} +%if %{with_python2} +%package -n python2-%{name} +%{?python_provide:%python_provide python2-%{name}} # Remove before F30 Provides: %{name}-python = %{version}-%{release} Provides: %{name}-python%{?_isa} = %{version}-%{release} @@ -113,50 +150,65 @@ BuildRequires: python2-lxml Requires: python2 Requires: %{name}%{?_isa} = %{version}-%{release} -%description -n python2-lasso +%description -n python2-%{name} +Python language bindings for the lasso (Liberty Alliance Single Sign On) +library. +%endif + +%if %{with_python3} +%package -n python3-%{name} +%{?python_provide:%python_provide python3-%{name}} +# Remove before F30 +Provides: %{name}-python = %{version}-%{release} +Provides: %{name}-python%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python < %{version}-%{release} +Summary: Liberty Alliance Single Sign On (lasso) Python bindings +Group: Development/Libraries +BuildRequires: python3-devel +BuildRequires: python3-lxml +Requires: python3 +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description -n python3-%{name} Python language bindings for the lasso (Liberty Alliance Single Sign On) library. %endif %prep %setup -q -n %{name}-%{version} + %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 + +# Remove any python script shebang lines (unless they refer to python3) +sed -i -E -e '/^#![[:blank:]]*(\/usr\/bin\/env[[:blank:]]+python[^3]?\>)|(\/usr\/bin\/python[^3]?\>)/d' \ + `grep -r -l -E '^#![[:blank:]]*(/usr/bin/python[^3]?)|(/usr/bin/env[[:blank:]]+python[^3]?)' *` %build ./autogen.sh -%configure --prefix=%{_prefix} \ -%if !%{with_java} - --disable-java \ +%if 0%{?with_python2} + %configure %{configure_args} --with-python=%{__python2} + pushd lasso + make %{?_smp_mflags} CFLAGS="%{optflags}" + popd + pushd bindings/python + make %{?_smp_mflags} CFLAGS="%{optflags}" + make check + mkdir py2 + mv lasso.py .libs/_lasso.so py2 + popd + make clean %endif -%if !%{with_python} - --disable-python \ -%endif -%if !%{with_perl} - --disable-perl \ -%endif -%if %{with_php} - --enable-php5=yes \ - --with-php5-config-dir=%{php_inidir} \ -%else - --enable-php5=no \ -%endif -%if %{with_wsf} - --enable-wsf \ - --with-sasl2=%{_prefix}/sasl2 \ -%endif -# --with-html-dir=%{_datadir}/gtk-doc/html +%if 0%{?with_python3} + %configure %{configure_args} --with-python=%{__python3} +%else + %configure %{configure_args} +%endif make %{?_smp_mflags} CFLAGS="%{optflags}" %check -%if %{with_perl} -# This is so the perl test can find the built, but not yet installed library -export LD_LIBRARY_PATH=%{_builddir}/%{buildsubdir}/lasso/.libs -%endif make check %install @@ -166,6 +218,13 @@ make install exec_prefix=%{_prefix} DESTDIR=%{buildroot} find %{buildroot} -type f -name '*.la' -exec rm -f {} \; find %{buildroot} -type f -name '*.a' -exec rm -f {} \; +%if 0%{?with_python2} + # Install Python 2 files saved from first build + install -d -m 0755 %{buildroot}/%{python2_sitearch} + install -m 0644 bindings/python/py2/lasso.py %{buildroot}/%{python2_sitearch} + install -m 0755 bindings/python/py2/_lasso.so %{buildroot}/%{python2_sitearch} +%endif + # Perl subpackage %if %{with_perl} find %{buildroot} \( -name perllocal.pod -o -name .packlist \) -exec rm -v {} \; @@ -229,14 +288,27 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name} %attr(644,root,root) %{_datadir}/php/%{name}/lasso.php %endif -%if %{with_python} -%files -n python2-lasso +%if %{with_python2} +%files -n python2-%{name} %defattr(-,root,root) -%{python_sitearch}/lasso.py* -%{python_sitearch}/_lasso.so +%{python2_sitearch}/lasso.py* +%{python2_sitearch}/_lasso.so +%endif + +%if %{with_python3} +%files -n python3-%{name} +%defattr(-,root,root) +%{python3_sitearch}/lasso.py* +%{python3_sitearch}/_lasso.so +%{python3_sitearch}/__pycache__/* %endif %changelog +* Tue Jun 26 2018 - 2.6.0-1 +- Upgrade to latest upstream +- Build using Python3, add python3 subpackage +- Resolves: rhbz#1592416 Enable perl subpackage + * Wed May 2 2018 John Dennis - 2.5.1-13 - add xmlsec1 version dependency diff --git a/sources b/sources index 2ddb993..4124d23 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f943f3ed67fabad11c6bad1ab615398f lasso-2.5.1.tar.gz +SHA512 (lasso-2.6.0.tar.gz) = bec7ab09f73db01b0a88cd1a7c9e9c8bb6af2e0aeb5e9ece2aa0f2f46e22b6a412990c29971a765a830f0bedf174b7c9d866cae599b81d047d381cf59d844506 diff --git a/use-specified-python-interpreter.patch b/use-specified-python-interpreter.patch new file mode 100644 index 0000000..fcdc360 --- /dev/null +++ b/use-specified-python-interpreter.patch @@ -0,0 +1,80 @@ +commit e3e904af7dd308fe7530773bd9ea136afc90049b +Author: John Dennis +Date: Thu Jun 21 10:49:30 2018 -0400 + + Use python interpreter specified configure script + + The configure script allows you to specify the python interpreter to + use via the --with-python option. There were several places where the + python interpreter was implicity invoked without using the specified + version. This can create a number of problems in an environment with + multiple python versions as is the case during the transition from + Python 2 to Python 3. Python 2 is not compatible with Python + 3. Lasso's Python code is supposed to be compatible with both + versions. But during the build and when running the unit tests it is + essential the same interpreter be used consistently otherwise you can + have problems. + + This patch assures whenever python is invoked it does so via the + $(PYTHON) configuration variable. + + What about shebang lines (e.g #/usr/bin/python) at the top of scripts? + Python PEP 394 (https://www.python.org/dev/peps/pep-0394/) covers + this. Basically it says if a script is compatible only with Py2 the + shebang should be #/usr/bin/python2, if only compatible with Py3 the + shebang should be #/usr/bin/python3. However, if the script is + compatible with both versions it can continue to use the + compatible with both Py2 and Py3. + + License: MIT + Signed-off-by: John Dennis + +diff --git a/bindings/java/Makefile.am b/bindings/java/Makefile.am +index 05e5f9ee..8de0178d 100644 +--- a/bindings/java/Makefile.am ++++ b/bindings/java/Makefile.am +@@ -26,7 +26,7 @@ if WSF_ENABLED + EXTRA_ARGS = --enable-id-wsf + endif + +-java_lasso_source_files := $(shell python $(top_srcdir)/bindings/bindings.py -l java-list --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) ) ++java_lasso_source_files := $(shell $(PYTHON) $(top_srcdir)/bindings/bindings.py -l java-list --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) ) + + lasso_jardir=$(prefix)/share/java + lasso_jar_DATA=lasso.jar +diff --git a/bindings/python/tests/Makefile.am b/bindings/python/tests/Makefile.am +index 205e7613..1305f26f 100644 +--- a/bindings/python/tests/Makefile.am ++++ b/bindings/python/tests/Makefile.am +@@ -11,5 +11,8 @@ if WSF_ENABLED + TESTS += idwsf1_tests.py idwsf2_tests.py + endif + ++TEST_EXTENSIONS = .py ++PY_LOG_COMPILER = $(PYTHON) ++ + EXTRA_DIST = profiles_tests.py binding_tests.py idwsf1_tests.py idwsf2_tests.py \ + tests.py XmlTestRunner.py +diff --git a/lasso/Makefile.am b/lasso/Makefile.am +index 751f9419..49ae88a7 100644 +--- a/lasso/Makefile.am ++++ b/lasso/Makefile.am +@@ -91,7 +91,7 @@ liblasso_la_LDFLAGS = -no-undefined -version-info @LASSO_VERSION_INFO@ \ + endif + + $(srcdir)/errors.c: $(srcdir)/errors.h $(srcdir)/build_strerror.py +- python $(srcdir)/build_strerror.py $(srcdir) >.errors.c.new ++ $(PYTHON) $(srcdir)/build_strerror.py $(srcdir) >.errors.c.new + if ! cmp -s $(srcdir)/errors.c .errors.c.new; then \ + mv -f .errors.c.new $@; else \ + rm .errors.c.new; fi +diff --git a/tools/check-lasso-sections.py b/tools/check-lasso-sections.py +index cb4c39c4..3a6c9880 100755 +--- a/tools/check-lasso-sections.py ++++ b/tools/check-lasso-sections.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/env python + + import sys + import os.path diff --git a/validate_idp_list_test.patch b/validate_idp_list_test.patch deleted file mode 100644 index 9344fea..0000000 --- a/validate_idp_list_test.patch +++ /dev/null @@ -1,71 +0,0 @@ -commit 11ebfeb62148a89e2ebae90d7c70be918cfdc244 -Author: John Dennis -Date: Fri Jun 17 11:58:24 2016 -0400 - - Fix ecp test validate_idp_list() - - validate_idp_list was not using the correct list elements when it - iterated over the known_sp_provided_idp_entries_supporting_ecp list. - It treated them as lists of strings instead of lists of - LassoSamlp2IDPEntry. - - Signed-off-by: John Dennis - License: MIT - -diff --git a/tests/login_tests_saml2.c b/tests/login_tests_saml2.c -index 84011ec..54c7fb6 100644 ---- a/tests/login_tests_saml2.c -+++ b/tests/login_tests_saml2.c -@@ -1245,18 +1245,29 @@ static void validate_idp_list(LassoEcp *ecp, EcpIdpListVariant ecpIDPListVariant - - if (ecpIDPListVariant == ECP_IDP_LIST_ECP) { - check_not_null(ecp->known_sp_provided_idp_entries_supporting_ecp); -+ check_equals(g_list_length(ecp->known_sp_provided_idp_entries_supporting_ecp), -+ g_list_length(idp_list->IDPEntry)); -+ - for (ecp_iter = g_list_first(ecp->known_sp_provided_idp_entries_supporting_ecp), - src_iter = g_list_first(idp_list->IDPEntry); - ecp_iter && src_iter; - ecp_iter = g_list_next(ecp_iter), src_iter = g_list_next(src_iter)) { -- gchar *ecp_item, *src_item; -+ LassoSamlp2IDPEntry *ecp_item, *src_item; -+ -+ ecp_item = LASSO_SAMLP2_IDP_ENTRY(ecp_iter->data); -+ src_item = LASSO_SAMLP2_IDP_ENTRY(src_iter->data); -+ -+ check_not_null(ecp_item->ProviderID); -+ check_not_null(src_item->ProviderID); -+ check_str_equals(ecp_item->ProviderID, src_item->ProviderID); - -- ecp_item = ecp_iter->data; -- src_item = src_iter->data; -+ check_not_null(ecp_item->Name); -+ check_not_null(src_item->Name); -+ check_str_equals(ecp_item->Name, src_item->Name); - -- check_not_null(ecp_item); -- check_not_null(src_item); -- check_str_equals(ecp_item, src_item); -+ check_not_null(ecp_item->Loc); -+ check_not_null(src_item->Loc); -+ check_str_equals(ecp_item->Loc, src_item->Loc); - } - } else { - check_null(ecp->known_sp_provided_idp_entries_supporting_ecp); -@@ -1356,7 +1367,6 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - check_null(LASSO_PROFILE(spLoginContext)->msg_url); - check_not_null(strstr(spPaosRequestMsg, "RelayState")); - -- - /* Finished with SP Login Context, will create new one later */ - lasso_server_destroy(spContext); - spContext = NULL; -@@ -1388,7 +1398,7 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - check_str_equals(ecp->relaystate, relayState); - check_str_equals(ecp->issuer->content, "http://sp5/metadata"); - check_str_equals(ecp->provider_name, provider_name); -- check_equals(ecp->is_passive, is_passive); -+ check_equals(ecp->is_passive, is_passive); - - /* Validate ECP IdP list info & default IdP URL */ - validate_idp_list(ecp, ecpIDPListVariant, idp_list); diff --git a/xmlSecSoap.patch b/xmlSecSoap.patch deleted file mode 100644 index b9b7f4b..0000000 --- a/xmlSecSoap.patch +++ /dev/null @@ -1,265 +0,0 @@ -commit bb8722b1c0e097bde8fd0a54190b13dd5bb8c0a8 -Author: John Dennis -Date: Tue Apr 3 19:49:31 2018 -0400 - - Replace xmlSecSoap functions with lasso implementations - - xmlsec has removed support for SOAP. The missing xmlSecSoap* functions - and their dependent utiliity functions were added to Lasso following - the model of the existing xmlSec implmentations. - - Note: Lasso tried to accommodate both SOAP 1.1 and SOAP 1.2 but SAML2 - *only* uses SOAP 1.1 thus the SOAP 1.2 support was superfluous and - confused matters. Therefire the SOAP 1.2 support was removed. - - The following new functions were added to Lasso to support SOAP: - - * lasso_xml_next_element_node - * lasso_xml_get_node_ns_href - * lasso_xml_is_element_node - * lasso_xml_soap11_get_header - * lasso_xml_soap11_get_body - - The following is the mapping from the deprecated xmlSecSoap symbols - to the new Lasso symbols: - - xmlSecSoap11Ns -> LASSO_SOAP_ENV_HREF - xmlSecGetNextElementNode -> lasso_xml_next_element_node - xmlSecGetNodeNsHref -> lasso_xml_get_node_ns_href - xmlSecCheckNodeName -> lasso_xml_is_element_node - xmlSecSoap11GetHeader -> lasso_xml_soap11_get_header - xmlSecSoap11GetBody -> lasso_xml_soap11_get_body - -diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c -index 8cfe5a27..112dfeeb 100644 ---- a/lasso/id-wsf/wsf_profile.c -+++ b/lasso/id-wsf/wsf_profile.c -@@ -29,7 +29,6 @@ - #include - #include - #include --#include - - #include "../utils.h" - -@@ -1369,7 +1368,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc) - - /* Lookup all referenced node and their Ids */ - envelope = xmlDocGetRootElement(doc); -- header = xmlSecSoap11GetHeader(envelope); -+ header = lasso_xml_soap11_get_header(envelope); - - provider = xmlSecFindNode(header, (xmlChar*) "Provider", - (xmlChar*) LASSO_SOAP_BINDING_HREF); -@@ -1377,7 +1376,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc) - (xmlChar*) LASSO_SOAP_BINDING_HREF); - interaction = xmlSecFindNode(header, (xmlChar*) "UserInteraction", - (xmlChar*) LASSO_IS_HREF); -- body = xmlSecSoap11GetBody(envelope); -+ body = lasso_xml_soap11_get_body(envelope); - xmlSecAddIDs(doc, envelope, ids); - goto_cleanup_if_fail_with_rc(header != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND); - goto_cleanup_if_fail_with_rc(provider != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND); -diff --git a/lasso/xml/private.h b/lasso/xml/private.h -index 6f7d911d..94acd0ed 100644 ---- a/lasso/xml/private.h -+++ b/lasso/xml/private.h -@@ -265,8 +265,19 @@ xmlDocPtr lasso_xml_parse_memory(const char *buffer, int size); - - xmlNode* lasso_xml_get_soap_content(xmlNode *root); - -+xmlNodePtr lasso_xml_next_element_node(xmlNodePtr node); -+ -+const xmlChar* lasso_xml_get_node_ns_href(const xmlNodePtr node); -+ -+gboolean lasso_xml_is_element_node(const xmlNodePtr node, -+ const xmlChar *name, const xmlChar *ns); -+ - gboolean lasso_xml_is_soap(xmlNode *root); - -+xmlNodePtr lasso_xml_soap11_get_header(xmlNodePtr envelope_node); -+ -+xmlNodePtr lasso_xml_soap11_get_body(xmlNodePtr envelope_node); -+ - gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *expression, - xmlXPathObjectPtr *xpath_object_ptr, int *xpath_error_code); - -diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c -index ade6d660..c6d4de4b 100644 ---- a/lasso/xml/tools.c -+++ b/lasso/xml/tools.c -@@ -57,7 +57,6 @@ - #include - #include - #include --#include - - #include - -@@ -1666,30 +1665,156 @@ cleanup: - return rc; - } - -+/** -+ * lasso_xml_next_element_node: -+ * @node: the pointer to an XML node. -+ * -+ * Seraches for the next element node. -+ * -+ * Returns: the pointer to next element node or NULL if it is not found. -+ */ -+xmlNodePtr -+lasso_xml_next_element_node(xmlNodePtr node) -+{ -+ -+ for (; node != NULL && node->type != XML_ELEMENT_NODE; node = node->next); -+ return node; -+} -+ -+/** -+ * lasso_xml_get_node_ns_href: -+ * @node: the pointer to node. -+ * -+ * Get's node's namespace href. -+ * -+ * Returns: node's namespace href. -+ */ -+const xmlChar* -+lasso_xml_get_node_ns_href(const xmlNodePtr node) -+{ -+ xmlNsPtr ns; -+ -+ if (node == NULL) { -+ return NULL; -+ } -+ -+ /* do we have a namespace in the node? */ -+ if (node->ns != NULL) { -+ return node->ns->href; -+ } -+ -+ /* search for default namespace */ -+ ns = xmlSearchNs(node->doc, node, NULL); -+ if (ns != NULL) { -+ return ns->href; -+ } -+ -+ return NULL; -+} -+ -+/** -+ * lasso_xml_is_element_node: -+ * @node: the pointer to an XML node. -+ * @name: the name, -+ * @ns: the namespace href. -+ * -+ * Checks that the node has a given name and a given namespace href. -+ * -+ * Returns: true if the node matches false otherwise. -+ */ -+gboolean -+lasso_xml_is_element_node(const xmlNodePtr node, -+ const xmlChar *name, const xmlChar *ns) -+{ -+ if (node == NULL) { -+ return FALSE; -+ } -+ -+ return (node->type == XML_ELEMENT_NODE && -+ xmlStrEqual(node->name, name) && -+ xmlStrEqual(lasso_xml_get_node_ns_href(node), ns)); -+} -+ - gboolean - lasso_xml_is_soap(xmlNode *root) - { -- return xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns) || -- xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns); -+ return lasso_xml_is_element_node(root, BAD_CAST "Envelope", -+ BAD_CAST LASSO_SOAP_ENV_HREF); -+} -+ -+/** -+ * lasso_xml_soap11_get_header: -+ * @envelope_node: the pointer to node. -+ * -+ * Gets pointer to the node. -+ * -+ * Returns: pointer to node or NULL if an error occurs. -+ */ -+xmlNodePtr -+lasso_xml_soap11_get_header(xmlNodePtr envelope_node) -+{ -+ xmlNodePtr node; -+ -+ if (envelope_node == NULL) { -+ return NULL; -+ } -+ -+ /* optional Header node is first */ -+ node = lasso_xml_next_element_node(envelope_node->children); -+ if (lasso_xml_is_element_node(node, BAD_CAST "Header", -+ BAD_CAST LASSO_SOAP_ENV_HREF)) { -+ return node; -+ } -+ -+ return NULL; -+} -+ -+/** -+ * lasso_xml_soap11_get_body: -+ * @envelope_node: the pointer to node. -+ * -+ * Gets pointer to the node. -+ * -+ * Returns: pointer to node or NULL if an error occurs. -+ */ -+xmlNodePtr -+lasso_xml_soap11_get_body(xmlNodePtr envelope_node) -+{ -+ xmlNodePtr node; -+ -+ if (envelope_node == NULL) { -+ return NULL; -+ } -+ -+ /* optional Header node first */ -+ node = lasso_xml_next_element_node(envelope_node->children); -+ if (lasso_xml_is_element_node(node, BAD_CAST "Header", -+ BAD_CAST LASSO_SOAP_ENV_HREF)) { -+ node = lasso_xml_next_element_node(node->next); -+ } -+ -+ /* Body node is next */ -+ if (!lasso_xml_is_element_node(node, BAD_CAST "Body", -+ BAD_CAST LASSO_SOAP_ENV_HREF)) { -+ return NULL; -+ } -+ -+ return node; - } - - xmlNode* - lasso_xml_get_soap_content(xmlNode *root) - { - gboolean is_soap11 = FALSE; -- gboolean is_soap12 = FALSE; - xmlNode *content = NULL; - -- is_soap11 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns); -- is_soap12 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns); -- -- if (is_soap11 || is_soap12) { -+ is_soap11 = lasso_xml_is_element_node(root, BAD_CAST "Envelope", -+ BAD_CAST LASSO_SOAP_ENV_HREF); -+ if (is_soap11) { - xmlNode *body; - - if (is_soap11) { -- body = xmlSecSoap11GetBody(root); -- } else { -- body = xmlSecSoap12GetBody(root); -+ body = lasso_xml_soap11_get_body(root); - } - if (body) { - content = xmlSecGetNextElementNode(body->children);