From cfc56dae55c35a0e6e4020c7a7361d66f6d83895 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 2 Jun 2021 12:57:41 +0200
Subject: [PATCH] Lasso 2.7.0 Resolves: rhbz#1966606: CVE-2021-28091 lasso: XML
 signature wrapping                           vulnerability when parsing SAML
 responses Remove java bindings

---
 .gitignore |  1 +
 lasso.spec | 17 ++++++++++++++---
 sources    |  2 +-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index 5e69122..adb3efe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@
 /lasso-2.5.1.tar.gz
 /lasso-2.6.0.tar.gz
 /lasso-2.6.1.tar.gz
+/lasso-2.7.0.tar.gz
diff --git a/lasso.spec b/lasso.spec
index d855905..2a0fc7a 100644
--- a/lasso.spec
+++ b/lasso.spec
@@ -1,4 +1,4 @@
-%global with_java 1
+%global with_java 0
 %global with_php 0
 %global with_perl 1
 # The Lasso build system requires python, especially the binding generators
@@ -58,8 +58,8 @@
 
 Summary: Liberty Alliance Single Sign On
 Name: lasso
-Version: 2.6.1
-Release: 9%{?dist}
+Version: 2.7.0
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://lasso.entrouvert.org/
 Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
@@ -83,6 +83,11 @@ BuildRequires: cyrus-sasl-devel
 
 Requires: xmlsec1
 
+# lasso upstream no longer supports java bindings
+# see https://dev.entrouvert.org/issues/45876#change-289747
+# and https://dev.entrouvert.org/issues/51418
+Obsoletes: java-lasso < %{version}-%{release}
+
 %description
 Lasso is a library that implements the Liberty Alliance Single Sign On
 standards, including the SAML and SAML2 specifications. It allows to handle
@@ -308,6 +313,12 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
 %endif
 
 %changelog
+* Wed Jun  2 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-1
+- Lasso 2.7.0
+- Resolves: rhbz#1966606: CVE-2021-28091 lasso: XML signature wrapping
+                          vulnerability when parsing SAML responses
+- Remove java bindings
+
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.1-9
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
diff --git a/sources b/sources
index af20a32..9a4b4c8 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (lasso-2.6.1.tar.gz) = 768e577ccf650d61305cbb2d8be0d3e13a5c8b6b05f6b0a8419fcd23030eb7530740e8ca785f0279331d7e31743b2e0ab234de50eb87d41cfda5d692a1583d4b
+SHA512 (lasso-2.7.0.tar.gz) = 98615d6166cdec52abef4f5346119040f310dbee624c2cd168d2f95b5fe3e0e1437ec6bfc2cd8b680044438afa15770402f5aef87d1885f7bc61528617c17a74