| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Fix CVE-2025-46404 (bsc#1253092) - Denial of service in Entr'ouvert Lasso * CVE-2025-46404.patch - Fix CVE-2025-46705 (bsc#1253093) - Denial of service in Entr'ouvert Lasso * CVE-2025-46705.patch - Fix CVE-2025-47151 (bsc#1253095) - type confusion vulnerability in the lasso_node_impl_init_from_xml functionality * CVE-2025-47151.patch
- Update to 2.8.2:
* Compatibility with EVP API of openssl 1.x
- Changes from 2.8.1:
* Major overhaul of OpenSSL API usage by using only the EVP API
as the low level API (RSA*, HMAC*) is deprecated.
* Fix wrong parsing of Count attribute on saml:ProxyRestriction.
* Perl: pass LDFLAGS to Makefile.PL
* Replace use of deprecated xmlSecBase64Decode by
xmlSecBase64Decode_ex.
* Fix overwrite of profile.signature_status in
lasso_saml20_login_process_response_status_and_assertion.
* Fix lot of GCC warnings
- Updaet to 2.8.0:
* Improve choice of signature method and of allowed signature method (by Jakub
Hrozek <jhrozek@redhat.com>), it's now possible to completely forbid SHA1 for
example
* Change default RSA encryption padding to OAEP
* Fix: HMAC signature other than SHA1 (jhrozek@redhat.com)
* Fix: prevent multiple OneTimeUse elements
- the required of xmlsec1 (which only has the commandline binariy) in the library package seems unnecessary. - some pkgconfig buildrequires conversion
- Update to 2.7.0
* CVE-2021-28091 (boo#1186768):
Fix signature checking on unsigned response with multiple assertions
* Jenkinsfile: update name of main branch
* Python: improve display of warnings in the binding generator
* replace deprecated index() by strchr() (#51385)
* Fix: new provider reference count is incremented one time too many (#51420)
* docs: update gtk-doc-tools integration (#50441)
* Using reference documentation on https://developer.gnome.org/gtk-doc-manual/stable/index.html.en
* bindings: disable java tests when java is disabled
* Fix: RecursionError in python3 bindings (#51249)
* configure.ac: disable java bindings
* build: update to use origin/main
* debian: add packaging for debian-buster
* jenkins.sh: build against all available python versions (#44287)
* python: do not leak out_pyvalue if method call protocol is not respected (#44287)
* python: do not raise in valid_seq() (#44287)
* python: return NULL if get_list_of_strings() fails (#44287)
* python: return NULL if get_list_of_pygobject fails (#44287)
* python: return NULL if get_list_of_xml_nodes fails (#44287)
* python: return NULL if set_list_of_pygobject fails (#44287)
* python: return NULL if set_list_of_xml_nodes fails (#44287)
* python: return NULL if set_list_of_strings fails (#44287)
* python: return NULL if set_hashtable_of_strings fails (#44287)
* python: return NULL if set_hashtable_of_pygobject fails (#44287)
* python: free internal string buffer if needed in set_list_of_strings (#44287)
* python: check if hashtable is NULL before deallocatio (#44287)n
* python: add a failure label to method wrappers (#44287)
* python: add macro for early return (#44287)
* python: remove newline before method call (#44287)
* python: simplify get_logger_object (#44287)
* python: fix warning about discarded const modifier (#44287)
* python: replace exception by warning on logging path (#44287)
* python: use simpler call format to prevent warning about PY_SSIZE_T_CLEAN (#44287)
* python: remove deprecated PyErr_Warn (#44287)
* python: remove unused PyString_Size (#44287)
* python: Exception.message was removed in python3 (#45995)
* tools: reimplement xmlURIEscapeStr to respect RFC3986 (#45581)
* configure.ac: support php7 interpreter on CentOS 8 (#42299)
- Update to 2.6.1 * Keep order of SessionIndexes * Clear SessionIndex when private SessionIndexes is empty * misc: clear warnings about class_init signature using coccinelle * tests: fix compilation with check>0.12 * Sort input file lists to make build deterministic * Modify .gitignore for PHP 7 binding * Add PHP 7 binding * Fix tests broken by new DEBUG logs * Improve error logging during node parsing * Improve configure compatibility * Improve compatibility with Solaris * Fix reference count in lasso_server_add_provider2 * Fix python multi-version builds on jessie and stretch * docs: do not use Internet to fetch DTDs, entities or documents * fix missing include <strings.h> for index() * PAOS: Do not populate "Destination" attribute * export symbol lasso_log * Do not ignore WantAuthnRequestSigned value with hint MAYBE * Use io.open(encoding=utf8) in extract_symbols/sections.py * xml: adapt schema in saml2:AuthnContext * Fix ECP signature not found error when only assertion is signed * autoconf: search python interpreters by versions * python: make tools compatible with Py3 * python: run tests and tools with same interpreter as binding target * improve resiliency of lasso_inflate * fix segfault in lasso_get_saml_message * python: add classmethod Profile.getIssuer * website: add news about 2.6.0 release * faq: fix references to lasso.profileGetIssuer * python: add a classmethod for lasso.profileGetIssuer * tools: fix segfault in lasso_get_saml_message * jenkins.sh: add a make clean to prevent previous build to break new ones * tools: set output buffer size in lasso_inflate to 20 times the input size * Use python interpreter specified configure script * Make Python scripts compatible with both Py2 and Py3 * fix duplicate definition of LogoutTestCase and logoutSuite * Downcase UTF-8 file encoding name * Make more Python scripts compatible with both Py2 and Py3 * Configure should search for versioned Python interpreter. * Clean python cache when building python3 binding * Move AC_SUBST declaration for AM_CFLAGS with alike * Remove -Werror from --enable-debugging * xml: fix parsing of saml:AuthnContext - Remove upstreamed patches: * use-specified-python-interpreter.patch * duplicate-python-LogoutTestCase.patch * versioned-python-configure.patch * build-scripts-py3-compatible.patch * 0005-tests-use-self-generated-certificate-to-sign-federat.patch * 0006-Fix-ECP-signature-not-found-error-when-only-assertio.patch * 0007-PAOS-Do-not-populate-Destination-attribute.patch * 0008-Explicitly-define-tests-cases-and-add-them-to-tests.patch
- remove .la and .a files in a consistent way
- remove automake-version.patch that is not needed - run spec-cleaner
- Sync more patches from Fedora * 0007-PAOS-Do-not-populate-Destination-attribute.patch * 0008-Explicitly-define-tests-cases-and-add-them-to-tests.patch
- Simplify the packaging and drop all unused sections and subpackages
- Initial packaging based on Fedora spec
- Fix for bsc#1205335, segmentation fault was causing the test suite to fail, and thus the build was failing for SLE 15 SP5. Patch written by Petr Gajdos, but reviewed, approved and merged upstream. - Add fix-bsc-1205335.patch.
- Fix CVE-2021-28091 XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091, bsc#1186768) * fix-CVE-2021-28091.patch
- Update to 2.6.1 * Keep order of SessionIndexes * Clear SessionIndex when private SessionIndexes is empty * misc: clear warnings about class_init signature using coccinelle * tests: fix compilation with check>0.12 * Sort input file lists to make build deterministic * Modify .gitignore for PHP 7 binding * Add PHP 7 binding * Fix tests broken by new DEBUG logs * Improve error logging during node parsing * Improve configure compatibility * Improve compatibility with Solaris * Fix reference count in lasso_server_add_provider2 * Fix python multi-version builds on jessie and stretch * docs: do not use Internet to fetch DTDs, entities or documents * fix missing include <strings.h> for index() * PAOS: Do not populate "Destination" attribute * export symbol lasso_log * Do not ignore WantAuthnRequestSigned value with hint MAYBE * Use io.open(encoding=utf8) in extract_symbols/sections.py * xml: adapt schema in saml2:AuthnContext * Fix ECP signature not found error when only assertion is signed * autoconf: search python interpreters by versions * python: make tools compatible with Py3 * python: run tests and tools with same interpreter as binding target * improve resiliency of lasso_inflate * fix segfault in lasso_get_saml_message * python: add classmethod Profile.getIssuer * website: add news about 2.6.0 release * faq: fix references to lasso.profileGetIssuer * python: add a classmethod for lasso.profileGetIssuer * tools: fix segfault in lasso_get_saml_message * jenkins.sh: add a make clean to prevent previous build to break new ones * tools: set output buffer size in lasso_inflate to 20 times the input size * Use python interpreter specified configure script * Make Python scripts compatible with both Py2 and Py3 * fix duplicate definition of LogoutTestCase and logoutSuite * Downcase UTF-8 file encoding name * Make more Python scripts compatible with both Py2 and Py3 * Configure should search for versioned Python interpreter. * Clean python cache when building python3 binding * Move AC_SUBST declaration for AM_CFLAGS with alike * Remove -Werror from --enable-debugging * xml: fix parsing of saml:AuthnContext - Remove upstreamed patches: * use-specified-python-interpreter.patch * duplicate-python-LogoutTestCase.patch * versioned-python-configure.patch * build-scripts-py3-compatible.patch * 0005-tests-use-self-generated-certificate-to-sign-federat.patch * 0006-Fix-ECP-signature-not-found-error-when-only-assertio.patch * 0007-PAOS-Do-not-populate-Destination-attribute.patch * 0008-Explicitly-define-tests-cases-and-add-them-to-tests.patch
- remove .la and .a files in a consistent way
- remove automake-version.patch that is not needed - run spec-cleaner
- Sync more patches from Fedora * 0007-PAOS-Do-not-populate-Destination-attribute.patch * 0008-Explicitly-define-tests-cases-and-add-them-to-tests.patch
- Simplify the packaging and drop all unused sections and subpackages
- Initial packaging based on Fedora spec