Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package shibboleth-sp Dear Release Team, When upstream fixed #924346 in xmltooling, they also fixed the same problem (uncaught parser exceptions) in shibboleth-sp to prevent DoS crashes that haven't been identified yet. The fixes were published together in new patch-level upstream releases for the whole Shibboleth Service Provider stack: xmltooling, opensaml and shibboleth-sp. Beyond the DoS prevention, shibboleth-sp 3.0.4 consists of three other bugfixes: * incorrect C++ code usage pattern invoking undefined behavior via boost::bind (https://issues.shibboleth.net/jira/browse/SSPCPP-847, already mentioned in unblock request #924577); * certain web applications provoking unbounded cookie data growth (https://issues.shibboleth.net/jira/browse/SSPCPP-851); and * documented configuration settings being ignored in some contexts (https://issues.shibboleth.net/jira/browse/SSPCPP-848). This last one can be worked around by verbosely expanding the affected configuration constructs, so it can be considered a minor issue. But the other three are major or potentially serious, so I ask for your permission to to upload 3.0.4+dfsg1-1 to unstable with a future unblock. Thanks, Feri. diff -Nru shibboleth-sp-3.0.3+dfsg1/configure shibboleth-sp-3.0.4+dfsg1/configure --- shibboleth-sp-3.0.3+dfsg1/configure 2018-12-12 20:16:00.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/configure 2019-03-08 16:15:39.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for shibboleth 3.0.3. +# Generated by GNU Autoconf 2.69 for shibboleth 3.0.4. # # Report bugs to <https://issues.shibboleth.net/>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='shibboleth' PACKAGE_TARNAME='shibboleth-sp' -PACKAGE_VERSION='3.0.3' -PACKAGE_STRING='shibboleth 3.0.3' +PACKAGE_VERSION='3.0.4' +PACKAGE_STRING='shibboleth 3.0.4' PACKAGE_BUGREPORT='https://issues.shibboleth.net/' PACKAGE_URL='' @@ -1522,7 +1522,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures shibboleth 3.0.3 to adapt to many kinds of systems. +\`configure' configures shibboleth 3.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1592,7 +1592,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of shibboleth 3.0.3:";; + short | recursive ) echo "Configuration of shibboleth 3.0.4:";; esac cat <<\_ACEOF @@ -1792,7 +1792,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -shibboleth configure 3.0.3 +shibboleth configure 3.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2670,7 +2670,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by shibboleth $as_me 3.0.3, which was +It was created by shibboleth $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3535,7 +3535,7 @@ # Define the identity of the package. PACKAGE='shibboleth-sp' - VERSION='3.0.3' + VERSION='3.0.4' cat >>confdefs.h <<_ACEOF @@ -24198,7 +24198,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by shibboleth $as_me 3.0.3, which was +This file was extended by shibboleth $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24264,7 +24264,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -shibboleth config.status 3.0.3 +shibboleth config.status 3.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru shibboleth-sp-3.0.3+dfsg1/configure.ac shibboleth-sp-3.0.4+dfsg1/configure.ac --- shibboleth-sp-3.0.3+dfsg1/configure.ac 2018-10-12 20:06:42.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/configure.ac 2019-03-08 16:09:43.000000000 +0100 @@ -1,5 +1,5 @@ AC_PREREQ([2.50]) -AC_INIT([shibboleth],[3.0.3],[https://issues.shibboleth.net/],[shibboleth-sp]) +AC_INIT([shibboleth],[3.0.4],[https://issues.shibboleth.net/],[shibboleth-sp]) AC_CONFIG_SRCDIR(shibsp) AC_CONFIG_AUX_DIR(build-aux) AC_CONFIG_MACRO_DIR(m4) diff -Nru shibboleth-sp-3.0.3+dfsg1/config_win32.h shibboleth-sp-3.0.4+dfsg1/config_win32.h --- shibboleth-sp-3.0.3+dfsg1/config_win32.h 2018-10-12 20:06:42.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/config_win32.h 2019-03-08 16:09:43.000000000 +0100 @@ -121,13 +121,13 @@ #define PACKAGE_NAME "shibboleth" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "shibboleth 3.0.3" +#define PACKAGE_STRING "shibboleth 3.0.4" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "shibboleth-sp" /* Define to the version of this package. */ -#define PACKAGE_VERSION "3.0.3" +#define PACKAGE_VERSION "3.0.4" /* Define to the necessary symbol if this constant uses a non-standard name on your system. */ @@ -140,7 +140,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "3.0.3" +#define VERSION "3.0.4" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ diff -Nru shibboleth-sp-3.0.3+dfsg1/debian/changelog shibboleth-sp-3.0.4+dfsg1/debian/changelog --- shibboleth-sp-3.0.3+dfsg1/debian/changelog 2018-12-21 02:15:22.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/debian/changelog 2019-03-16 20:51:16.000000000 +0100 @@ -1,3 +1,11 @@ +shibboleth-sp (3.0.4+dfsg1-1) unstable; urgency=medium + + * [f284741] New upstream release: 3.0.4 + * [095e478] Refresh our patches + * [129417f] Update Standards-Version to 4.3.0 (no changes required) + + -- Ferenc Wágner <wf...@debian.org> Sat, 16 Mar 2019 20:51:16 +0100 + shibboleth-sp (3.0.3+dfsg1-1) unstable; urgency=medium * [5ff63ef] New upstream release: 3.0.3 diff -Nru shibboleth-sp-3.0.3+dfsg1/debian/control shibboleth-sp-3.0.4+dfsg1/debian/control --- shibboleth-sp-3.0.3+dfsg1/debian/control 2018-10-30 20:04:46.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/debian/control 2019-03-16 20:51:06.000000000 +0100 @@ -27,7 +27,7 @@ Build-Depends-Indep: doxygen, graphviz, -Standards-Version: 4.2.1 +Standards-Version: 4.3.0 Homepage: http://shibboleth.net/ Vcs-Git: https://salsa.debian.org/shib-team/shibboleth-sp2.git Vcs-Browser: https://salsa.debian.org/shib-team/shibboleth-sp2 diff -Nru shibboleth-sp-3.0.3+dfsg1/debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch shibboleth-sp-3.0.4+dfsg1/debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch --- shibboleth-sp-3.0.3+dfsg1/debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch 2018-12-21 02:12:57.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/debian/patches/Use-runstatedir-from-future-Autoconf-2.70.patch 2019-03-16 20:48:54.000000000 +0100 @@ -37,7 +37,7 @@ # If $DAEMON_USER is set, try to run shibd as that user. However, diff --git a/shibsp/Makefile.am b/shibsp/Makefile.am -index 2a5b61d..eb0d9e9 100644 +index eb7a70c..5b8a1a1 100644 --- a/shibsp/Makefile.am +++ b/shibsp/Makefile.am @@ -281,7 +281,7 @@ libshibsp_lite_la_LIBADD = \ diff -Nru shibboleth-sp-3.0.3+dfsg1/isapi_shib/isapi_shib.rc shibboleth-sp-3.0.4+dfsg1/isapi_shib/isapi_shib.rc --- shibboleth-sp-3.0.3+dfsg1/isapi_shib/isapi_shib.rc 2018-07-10 03:17:23.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/isapi_shib/isapi_shib.rc 2019-03-08 16:09:43.000000000 +0100 @@ -25,8 +25,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION RC_FILE_VERSION ,1 - PRODUCTVERSION RC_PRODUCT_VERSION,1 + FILEVERSION RC_FILE_VERSION,0 + PRODUCTVERSION RC_PRODUCT_VERSION,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L diff -Nru shibboleth-sp-3.0.3+dfsg1/shibboleth.spec shibboleth-sp-3.0.4+dfsg1/shibboleth.spec --- shibboleth-sp-3.0.3+dfsg1/shibboleth.spec 2018-12-12 20:16:24.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/shibboleth.spec 2019-03-08 16:16:06.000000000 +0100 @@ -1,5 +1,5 @@ Name: shibboleth -Version: 3.0.3 +Version: 3.0.4 Release: 1 Summary: Open source system for attribute-based Web SSO Group: Productivity/Networking/Security diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/Application.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/Application.cpp --- shibboleth-sp-3.0.3+dfsg1/shibsp/Application.cpp 2018-07-10 03:17:23.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/Application.cpp 2019-01-14 20:22:42.000000000 +0100 @@ -109,15 +109,9 @@ void Application::clearAttributeHeaders(SPRequest& request) const { if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) { - for_each( - m_unsetHeaders.begin(), m_unsetHeaders.end(), - boost::bind( - &SPRequest::clearHeader, - boost::ref(request), - boost::bind(&string::c_str, boost::bind(&pair<string,string>::first, _1)), - boost::bind(&string::c_str, boost::bind(&pair<string,string>::second, _1)) - ) - ); + for (vector< pair<string,string> >::const_iterator i = m_unsetHeaders.begin(); i != m_unsetHeaders.end(); ++i) { + request.clearHeader(i->first.c_str(), i->second.c_str()); + } return; } @@ -148,15 +142,9 @@ // Now holding read lock. SharedLock unsetLock(m_lock, false); - for_each( - m_unsetHeaders.begin(), m_unsetHeaders.end(), - boost::bind( - &SPRequest::clearHeader, - boost::ref(request), - boost::bind(&string::c_str, boost::bind(&pair<string,string>::first, _1)), - boost::bind(&string::c_str, boost::bind(&pair<string,string>::second, _1)) - ) - ); + for (vector< pair<string,string> >::const_iterator i = m_unsetHeaders.begin(); i != m_unsetHeaders.end(); ++i) { + request.clearHeader(i->first.c_str(), i->second.c_str()); + } } void Application::limitRedirect(const GenericRequest& request, const char* url) const diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/handler/impl/AbstractHandler.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/handler/impl/AbstractHandler.cpp --- shibboleth-sp-3.0.3+dfsg1/shibsp/handler/impl/AbstractHandler.cpp 2018-08-01 19:56:31.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/handler/impl/AbstractHandler.cpp 2019-03-08 16:09:43.000000000 +0100 @@ -646,8 +646,35 @@ postkey = string(mech.second-3) + ':' + out.string(); } - // Set a cookie with key info. pair<string,const char*> shib_cookie = getPostCookieNameProps(application, relayState); + + // Purge any cookies in excess of 25. + int maxCookies = 25,purgedCookies = 0; + string exp; + + // Walk the list of cookies backwards by name. + const map<string,string>& cookies = request.getCookies(); + for (map<string,string>::const_reverse_iterator i = cookies.rbegin(); i != cookies.rend(); ++i) { + // Process post data cookies only. + if (starts_with(i->first, "_shibpost_")) { + if (maxCookies > 0) { + // Keep it, but count it against the limit. + --maxCookies; + } + else { + // We're over the limit, so everything here and older gets cleaned up. + if (exp.empty()) + exp = string(shib_cookie.second) + "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; + response.setCookie(i->first.c_str(), exp.c_str()); + ++purgedCookies; + } + } + } + + if (purgedCookies > 0) + log(SPRequest::SPDebug, string("purged ") + lexical_cast<string>(purgedCookies) + " stale POST preservation cookie(s) from client"); + + // Set a cookie with key info. postkey += shib_cookie.second; response.setCookie(shib_cookie.first.c_str(), postkey.c_str()); } diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp --- shibboleth-sp-3.0.3+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp 2018-07-10 03:17:23.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp 2019-03-08 16:09:43.000000000 +0100 @@ -1402,7 +1402,9 @@ pcache->m_log.info("purging %d old sessions", stale_keys.size()); // Pass 2: walk through the list of stale entries and remove them from the cache - for_each(stale_keys.begin(), stale_keys.end(), boost::bind(&SSCache::dormant, pcache, boost::bind(&string::c_str, _1))); + for (vector<string>::const_iterator i = stale_keys.begin(); i != stale_keys.end(); ++i) { + pcache->dormant(i->c_str()); + } } pcache->m_log.debug("cleanup thread completed"); diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/impl/XMLApplication.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/impl/XMLApplication.cpp --- shibboleth-sp-3.0.3+dfsg1/shibsp/impl/XMLApplication.cpp 2018-10-12 19:42:15.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/impl/XMLApplication.cpp 2019-03-08 16:09:43.000000000 +0100 @@ -716,6 +716,21 @@ if (!hasChildElements) { // Append a session initiator element of the designated type to the root element. DOMElement* sidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _SessionInitiator); + + // Copy in any attributes from the <SSO> element so they can be accessed as properties in the SI handler + // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware. + // The property-based lookups will walk up the DOM tree but the DOM-only code won't. + for (XMLSize_t p = 0; p < ssopropslen; ++p) { + DOMNode* ssoprop = ssoprops->item(p); + if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) { + sidom->setAttributeNS( + ((DOMAttr*)ssoprop)->getNamespaceURI(), + ((DOMAttr*)ssoprop)->getLocalName(), + ((DOMAttr*)ssoprop)->getValue() + ); + } + } + sidom->setAttributeNS(nullptr, _type, inittype.second); e->appendChild(sidom); log.info("adding SessionInitiator of type (%s) to chain (/Login)", initiator->getString("id").second); @@ -740,7 +755,8 @@ if (idprop.first && pathprop.first) { DOMElement* acsdom = e->getOwnerDocument()->createElementNS(samlconstants::SAML20MD_NS, _AssertionConsumerService); - // Copy in any attributes from the <SSO> element so they can be accessed as properties in the ACS handler. + // Copy in any attributes from the <SSO> element so they can be accessed as properties in the ACS handler, + // since the handlers aren't attached to the SSO element. for (XMLSize_t p = 0; p < ssopropslen; ++p) { DOMNode* ssoprop = ssoprops->item(p); if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) { @@ -806,6 +822,21 @@ if (discou && *discou) { // Append a session initiator element of the designated type to the root element. DOMElement* sidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _SessionInitiator); + + // Copy in any attributes from the <SSO> element so they can be accessed as properties in the SI handler + // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware. + // The property-based lookups will walk up the DOM tree but the DOM-only code won't. + for (XMLSize_t p = 0; p < ssopropslen; ++p) { + DOMNode* ssoprop = ssoprops->item(p); + if (ssoprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) { + sidom->setAttributeNS( + ((DOMAttr*)ssoprop)->getNamespaceURI(), + ((DOMAttr*)ssoprop)->getLocalName(), + ((DOMAttr*)ssoprop)->getValue() + ); + } + } + sidom->setAttributeNS(nullptr, _type, discop); sidom->setAttributeNS(nullptr, _URL, discou); e->appendChild(sidom); @@ -862,6 +893,21 @@ if (!hasChildElements) { // Append a logout initiator element of the designated type to the root element. DOMElement* lidom = e->getOwnerDocument()->createElementNS(e->getNamespaceURI(), _LogoutInitiator); + + // Copy in any attributes from the <Logout> element so they can be accessed as properties in the LI handler + // but more importantly the MessageEncoders, which are DOM-aware only, not SP property-aware. + // The property-based lookups will walk up the DOM tree but the DOM-only code won't. + for (XMLSize_t p = 0; p < slopropslen; ++p) { + DOMNode* sloprop = sloprops->item(p); + if (sloprop->getNodeType() == DOMNode::ATTRIBUTE_NODE) { + lidom->setAttributeNS( + ((DOMAttr*)sloprop)->getNamespaceURI(), + ((DOMAttr*)sloprop)->getLocalName(), + ((DOMAttr*)sloprop)->getValue() + ); + } + } + lidom->setAttributeNS(nullptr, _type, inittype.second); e->appendChild(lidom); log.info("adding LogoutInitiator of type (%s) to chain (/Logout)", initiator->getString("id").second); @@ -1499,14 +1545,20 @@ whitelist.push_back(string("http://";) + request.getHostname() + ':'); } - static bool (*startsWithI)(const char*,const char*) = XMLString::startsWithI; - if (!whitelist.empty() && find_if(whitelist.begin(), whitelist.end(), - boost::bind(startsWithI, url, boost::bind(&string::c_str, _1))) != whitelist.end()) { - return; - } - else if (!m_redirectWhitelist.empty() && find_if(m_redirectWhitelist.begin(), m_redirectWhitelist.end(), - boost::bind(startsWithI, url, boost::bind(&string::c_str, _1))) != m_redirectWhitelist.end()) { - return; + if (!whitelist.empty()) { + for (vector<string>::const_iterator i = whitelist.begin(); i != whitelist.end(); ++i) { + if (XMLString::startsWithI(url, i->c_str())) { + return; + } + } + } + + if (!m_redirectWhitelist.empty()) { + for (vector<string>::const_iterator i = m_redirectWhitelist.begin(); i != m_redirectWhitelist.end(); ++i) { + if (XMLString::startsWithI(url, i->c_str())) { + return; + } + } } Category::getInstance(SHIBSP_LOGCAT ".Application").warn("redirectLimit policy enforced, blocked redirect to (%s)", url); throw opensaml::SecurityPolicyException("Blocked unacceptable redirect location."); diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/Makefile.am shibboleth-sp-3.0.4+dfsg1/shibsp/Makefile.am --- shibboleth-sp-3.0.3+dfsg1/shibsp/Makefile.am 2018-10-12 20:09:40.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/Makefile.am 2019-03-08 16:09:43.000000000 +0100 @@ -243,7 +243,7 @@ # this is different from the project version # http://sources.redhat.com/autobook/autobook/autobook_91.html -libshibsp_la_LDFLAGS = -version-info 8:3:0 +libshibsp_la_LDFLAGS = -version-info 8:4:0 libshibsp_la_CXXFLAGS = \ $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ @@ -262,7 +262,7 @@ $(xerces_LIBS) \ $(xmlsec_LIBS) \ $(xmltooling_LIBS) -libshibsp_lite_la_LDFLAGS = -version-info 8:3:0 +libshibsp_lite_la_LDFLAGS = -version-info 8:4:0 libshibsp_lite_la_CXXFLAGS = -DSHIBSP_LITE \ $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/Makefile.in shibboleth-sp-3.0.4+dfsg1/shibsp/Makefile.in --- shibboleth-sp-3.0.3+dfsg1/shibsp/Makefile.in 2018-12-12 20:15:59.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/Makefile.in 2019-03-08 16:15:39.000000000 +0100 @@ -1053,7 +1053,7 @@ # this is different from the project version # http://sources.redhat.com/autobook/autobook/autobook_91.html -libshibsp_la_LDFLAGS = -version-info 8:3:0 +libshibsp_la_LDFLAGS = -version-info 8:4:0 libshibsp_la_CXXFLAGS = \ $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ @@ -1074,7 +1074,7 @@ $(xmlsec_LIBS) \ $(xmltooling_LIBS) -libshibsp_lite_la_LDFLAGS = -version-info 8:3:0 +libshibsp_lite_la_LDFLAGS = -version-info 8:4:0 libshibsp_lite_la_CXXFLAGS = -DSHIBSP_LITE \ $(AM_CXXFLAGS) \ $(BOOST_CPPFLAGS) \ diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/remoting/impl/SocketListener.cpp shibboleth-sp-3.0.4+dfsg1/shibsp/remoting/impl/SocketListener.cpp --- shibboleth-sp-3.0.3+dfsg1/shibsp/remoting/impl/SocketListener.cpp 2018-12-13 16:31:25.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/remoting/impl/SocketListener.cpp 2019-03-08 16:09:43.000000000 +0100 @@ -34,7 +34,9 @@ #include <stack> #include <sstream> #include <boost/lexical_cast.hpp> +#include <xercesc/sax/SAXException.hpp> #include <xercesc/util/XMLUniDefs.hpp> +#include <xercesc/util/OutOfMemoryException.hpp> #include <xmltooling/util/NDC.h> #include <xmltooling/util/XMLHelper.h> @@ -560,6 +562,24 @@ // Dispatch the message. m_listener->receive(in, sink); } + catch (const xercesc::DOMException& e) { + auto_ptr_char temp(e.getMessage()); + if (incomingError) + log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message"); + XMLParserException ex(string("DOM error: ") + (temp.get() ? temp.get() : "no message")); + DDF out=DDF("exception").string(ex.toString().c_str()); + DDFJanitor jout(out); + sink << out; + } + catch (const xercesc::SAXException& e) { + auto_ptr_char temp(e.getMessage()); + if (incomingError) + log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message"); + XMLParserException ex(string("SAX error: ") + (temp.get() ? temp.get() : "no message")); + DDF out=DDF("exception").string(ex.toString().c_str()); + DDFJanitor jout(out); + sink << out; + } catch (const xercesc::XMLException& e) { auto_ptr_char temp(e.getMessage()); if (incomingError) @@ -568,6 +588,15 @@ DDF out=DDF("exception").string(ex.toString().c_str()); DDFJanitor jout(out); sink << out; + } + catch (const xercesc::OutOfMemoryException& e) { + auto_ptr_char temp(e.getMessage()); + if (incomingError) + log.error("error processing incoming message: %s", temp.get() ? temp.get() : "no message"); + XMLParserException ex(string("Out of memory error: ") + (temp.get() ? temp.get() : "no message")); + DDF out=DDF("exception").string(ex.toString().c_str()); + DDFJanitor jout(out); + sink << out; } catch (const XMLToolingException& e) { if (incomingError) diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/shibsp.rc shibboleth-sp-3.0.4+dfsg1/shibsp/shibsp.rc --- shibboleth-sp-3.0.3+dfsg1/shibsp/shibsp.rc 2018-11-01 15:09:17.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/shibsp.rc 2019-03-08 16:09:43.000000000 +0100 @@ -64,7 +64,7 @@ VALUE "InternalName", "shibsp3_0\0" #endif #endif - VALUE "LegalCopyright", "Copyright © 2018 UCAID\0" + VALUE "LegalCopyright", "Copyright 2019 UCAID\0" VALUE "LegalTrademarks", "\0" #ifdef SHIBSP_LITE #ifdef _DEBUG @@ -80,8 +80,8 @@ #endif #endif VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 3.0.3\0" - VALUE "ProductVersion", "3, 0, 3, 0\0" + VALUE "ProductName", "Shibboleth 3.0.4\0" + VALUE "ProductVersion", "3, 0, 4, 0\0" VALUE "SpecialBuild", "\0" END END diff -Nru shibboleth-sp-3.0.3+dfsg1/shibsp/version.h shibboleth-sp-3.0.4+dfsg1/shibsp/version.h --- shibboleth-sp-3.0.3+dfsg1/shibsp/version.h 2018-10-12 20:06:42.000000000 +0200 +++ shibboleth-sp-3.0.4+dfsg1/shibsp/version.h 2019-03-08 16:09:43.000000000 +0100 @@ -44,7 +44,7 @@ #define SHIBSP_VERSION_MAJOR 3 #define SHIBSP_VERSION_MINOR 0 -#define SHIBSP_VERSION_REVISION 3 +#define SHIBSP_VERSION_REVISION 4 /** DO NOT MODIFY BELOW THIS LINE */ unblock shibboleth-sp/3.0.4+dfsg1-1
