Lasso 2.7.0

Resolves: rhbz#1966606: CVE-2021-28091 lasso: XML signature wrapping
                          vulnerability when parsing SAML responses
Remove java bindings

.gitignore

@@ -5,3 +5,4 @@
 /lasso-2.5.1.tar.gz
 /lasso-2.6.0.tar.gz
 /lasso-2.6.1.tar.gz
+/lasso-2.7.0.tar.gz

lasso.spec

@@ -1,4 +1,4 @@
-%global with_java 1
+%global with_java 0
 %global with_php 0
 %global with_perl 1
 # The Lasso build system requires python, especially the binding generators
@@ -58,8 +58,8 @@
 
 Summary: Liberty Alliance Single Sign On
 Name: lasso
-Version: 2.6.1
+Version: 2.7.0
-Release: 9%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://lasso.entrouvert.org/
 Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
@@ -83,6 +83,11 @@ BuildRequires: cyrus-sasl-devel
 
 Requires: xmlsec1
 
+# lasso upstream no longer supports java bindings
+# see https://dev.entrouvert.org/issues/45876#change-289747
+# and https://dev.entrouvert.org/issues/51418
+Obsoletes: java-lasso < %{version}-%{release}
+
 %description
 Lasso is a library that implements the Liberty Alliance Single Sign On
 standards, including the SAML and SAML2 specifications. It allows to handle
@@ -308,6 +313,12 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
 %endif
 
 %changelog
+* Wed Jun  2 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-1
+- Lasso 2.7.0
+- Resolves: rhbz#1966606: CVE-2021-28091 lasso: XML signature wrapping
+                          vulnerability when parsing SAML responses
+- Remove java bindings
+
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.1-9
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 

sources

@@ -1 +1 @@
-SHA512 (lasso-2.6.1.tar.gz) = 768e577ccf650d61305cbb2d8be0d3e13a5c8b6b05f6b0a8419fcd23030eb7530740e8ca785f0279331d7e31743b2e0ab234de50eb87d41cfda5d692a1583d4b
+SHA512 (lasso-2.7.0.tar.gz) = 98615d6166cdec52abef4f5346119040f310dbee624c2cd168d2f95b5fe3e0e1437ec6bfc2cd8b680044438afa15770402f5aef87d1885f7bc61528617c17a74