Blob Blame History Raw
%global with_java 0
%global with_php 0
%global with_perl 0
%global with_python 1
%global with_wsf 0

%if %{with_php}
%if "%{php_version}" < "5.6"
%global ini_name     %{name}.ini
%else
%global ini_name     40-%{name}.ini
%endif
%endif

Summary: Liberty Alliance Single Sign On
Name: lasso
Version: 2.5.1
Release: 8%{?dist}
License: GPLv2+
Group: System Environment/Libraries
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
%if %{with_wsf}
BuildRequires: cyrus-sasl-devel
%endif
BuildRequires: gtk-doc, libtool-ltdl-devel
BuildRequires: glib2-devel >= 2.42, swig
Requires: glib2 >= 2.42
BuildRequires: libxml2-devel, xmlsec1-devel, openssl-devel, xmlsec1-openssl-devel
BuildRequires: zlib-devel, check-devel
BuildRequires: libtool autoconf automake
BuildRequires: python-six
Url: http://lasso.entrouvert.org/

patch1: cflags.patch
patch2: validate_idp_list_test.patch
patch3: 0003-Choose-the-Reference-transform-based-on-the-chosen-S.patch
patch4: 0004-Fix-ECP-signature-not-found-error-when-only-assertio.patch
patch5: 0005-PAOS-Do-not-populate-Destination-attribute.patch
patch6: 0006-tests-use-self-generated-certificate-to-sign-federat.patch
patch7: 0007-Fix-signature-checking-on-unsigned-response-with-mul.patch
patch8: 0008-lasso_saml20_login_process_response_status_and_asser.patch

%description
Lasso is a library that implements the Liberty Alliance Single Sign On
standards, including the SAML and SAML2 specifications. It allows to handle
the whole life-cycle of SAML based Federations, and provides bindings
for multiple languages.

%package devel
Summary: Lasso development headers and documentation
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}

%description devel
This package contains the header files, static libraries and development
documentation for Lasso.

%if %{with_perl}
%package perl
Summary: Liberty Alliance Single Sign On (lasso) Perl bindings
Group: Development/Libraries
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(Test::More)
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: %{name}%{?_isa} = %{version}-%{release}

%description perl
Perl language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif

%if %{with_java}
%package java
Summary: Liberty Alliance Single Sign On (lasso) Java bindings
Group: Development/Libraries
BuildRequires: java-devel
BuildRequires: jpackage-utils
Requires: java-headless
Requires: jpackage-utils
Requires: %{name}%{?_isa} = %{version}-%{release}

%description java
Java language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif

%if %{with_php}
%package php
Summary: Liberty Alliance Single Sign On (lasso) PHP bindings
Group: Development/Libraries
BuildRequires: php-devel, expat-devel
BuildRequires: python2
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: php(zend-abi) = %{php_zend_api}
Requires: php(api) = %{php_core_api}
Provides: php-lasso = %{version}-%{release}
Provides: php-lasso%{?_isa} = %{version}-%{release}

%description php
PHP language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif

%if %{with_python}
%package python
Summary: Liberty Alliance Single Sign On (lasso) Python bindings
Group: Development/Libraries
BuildRequires: python2-devel
BuildRequires: python-lxml
Requires: python
Requires: %{name}%{?_isa} = %{version}-%{release}

%description python
Python language bindings for the lasso (Liberty Alliance Single Sign On)
library.
%endif

%prep
%setup -q -n %{name}-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1

%build
autoreconf -vif
%configure --prefix=%{_prefix} \
%if !%{with_java}
           --disable-java \
%endif
%if !%{with_python}
           --disable-python \
%endif
%if !%{with_perl}
           --disable-perl \
%endif
%if %{with_php}
           --enable-php5=yes \
           --with-php5-config-dir=%{php_inidir} \
%else
           --enable-php5=no \
%endif
%if %{with_wsf}
           --enable-wsf \
           --with-sasl2=%{_prefix}/sasl2 \
%endif
#           --with-html-dir=%{_datadir}/gtk-doc/html

make %{?_smp_mflags} CFLAGS="%{optflags}"

%check
make check

%install
#install -m 755 -d %{buildroot}%{_datadir}/gtk-doc/html

make install exec_prefix=%{_prefix} DESTDIR=%{buildroot}
find %{buildroot} -type f -name '*.la' -exec rm -f {} \;
find %{buildroot} -type f -name '*.a' -exec rm -f {} \;

# Perl subpackage
%if %{with_perl}
find %{buildroot} \( -name perllocal.pod -o -name .packlist \) -exec rm -v {} \;

find %{buildroot}/usr/lib*/perl5 -type f -print |
        sed "s@^%{buildroot}@@g" > %{name}-perl-filelist
if [ "$(cat %{name}-perl-filelist)X" = "X" ] ; then
    echo "ERROR: EMPTY FILE LIST"
    exit -1
fi
%endif

# PHP subpackage
%if %{with_php}
install -m 755 -d %{buildroot}%{_datadir}/php/%{name}
mv %{buildroot}%{_datadir}/php/lasso.php %{buildroot}%{_datadir}/php/%{name}

# rename the PHP config file when needed (PHP 5.6+)
if [ "%{name}.ini" != "%{ini_name}" ]; then
  mv %{buildroot}%{php_inidir}/%{name}.ini \
     %{buildroot}%{php_inidir}/%{ini_name}
fi
%endif

# Remove bogus doc files
rm -fr %{buildroot}%{_defaultdocdir}/%{name}

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files
%defattr(-,root,root)
%{_libdir}/liblasso.so.*
%doc AUTHORS COPYING NEWS README

%files devel
%defattr(-,root,root)
%{_libdir}/liblasso.so
%{_libdir}/pkgconfig/lasso.pc
%{_includedir}/%{name}

%if %{with_perl}
%files perl -f %{name}-perl-filelist
%defattr(-,root,root)
%endif

%if %{with_java}
%files java
%defattr(-,root,root)
%{_libdir}/java/libjnilasso.so
%{_javadir}/lasso.jar
%endif

%if %{with_php}
%files php
%defattr(-,root,root)
%attr(755,root,root) %{php_extdir}/lasso.so
%config(noreplace) %attr(644,root,root) %{php_inidir}/%{ini_name}
%attr(755,root,root) %dir %{_datadir}/php/%{name}
%attr(644,root,root) %{_datadir}/php/%{name}/lasso.php
%endif

%if %{with_python}
%files python
%defattr(-,root,root)
%{python_sitearch}/lasso.py*
%{python_sitearch}/_lasso.so
%endif

%changelog
* Wed Jun  2 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.5.1-8
- Fix Coverity warning introduced by the previous patch
- Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
                      vulnerability when parsing SAML responses

* Wed Jun  2 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.5.1-7
- Fix Coverity warning introduced by the previous patch
- Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
                      vulnerability when parsing SAML responses

* Wed Jun  2 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.5.1-6
- Resolves: #1963855 - CVE-2021-28091 lasso: XML signature wrapping
                       vulnerability when parsing SAML responses

* Tue Aug  6 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.5.1-5
- Resolves: #1719014 - Expired certificate prevents tests from running
- Actually apply the patch file for the previous build
- Related: #1730009 - lasso includes "Destination" attribute in SAML
                       AuthnRequest populated with SP
                       AssertionConsumerServiceURL when ECP workflow
                       is used which leads to IdP-side errors

* Tue Jul 23 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.5.1-4
- Resolves: #1730009 - lasso includes "Destination" attribute in SAML
                       AuthnRequest populated with SP
                       AssertionConsumerServiceURL when ECP workflow
                       is used which leads to IdP-side errors

* Sun Feb 10 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.5.1-3
- Resolves: #1634267 - ECP signature check fails with
                       LASSO_DS_ERROR_SIGNATURE_NOT_FOUND when assertion signed
                       instead of response

* Fri Jun 17 2016 John Dennis <jdennis@redhat.com> - 2.5.1-2
- Rebase to upstream 2.5.1
  Resolves: #1310860
- add validate_idp_list_test patch

* Thu Jun  9 2016 John Dennis <jdennis@redhat.com> - 2.5.1-1
- Rebase to upstream 2.5.1
  Resolves: #1310860

* Thu Sep  3 2015 John Dennis <jdennis@redhat.com> - 2.5.0-1
- Rebase to upstream, now includes our ECP patches, no need to patch any more
  Resolves: #1205342

* Tue Sep  1 2015 John Dennis <jdennis@redhat.com> - 2.4.1-8
- Add explicit minimum dependency on glib2 2.42,
  for some reason RPM is not automatically detecting the dependency
  Resolves: #1254989

* Wed Aug 19 2015 John Dennis <jdennis@redhat.com> - 2.4.1-7
- Add ECP support, brings Lasso up to current upstream tip + revised ECP patches
  Resolves: #1205342

* Mon Jun 22 2015 John Dennis <jdennis@redhat.com> - 2.4.1-6
- Add ECP support, brings Lasso up to current upstream tip + ECP patches
  Resolves: #1205342

* Fri Dec  5 2014 Simo Sorce <simo@redhat.com> - 2.4.1-5
- Add support for ADFS interoperability
- Resolves: #1160803

* Thu Sep 11 2014 Simo Sorce <simo@redhat.com> - 2.4.1-4
- Add missing covscan related patches previously sent upstream
- Related: #1120360

* Thu Sep 11 2014 Simo Sorce <simo@redhat.com> - 2.4.1-3
- ppc4le fails to build without autoreconf being run first
- Resolves: #1140419

* Fri Sep  5 2014 Simo Sorce <simo@redhat.com> - 2.4.1-2
- Import packge in RHEL7
- Resolves: #1120360

* Thu Aug 28 2014 Simo Sorce <simo@redhat.com> - 2.4.1-1
- New upstream relase 2.4.1
- Drop patches as they have all been integrated upstream

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Fri Jun 20 2014 Remi Collet <rcollet@redhat.com> - 2.4.0-4
- rebuild for https://fedoraproject.org/wiki/Changes/Php56
- add numerical prefix to extension configuration file
- drop unneeded dependency on pecl
- add provides php-lasso

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Fri Apr 25 2014 Simo Sorce <simo@redhat.com> - 2.4.0-2
- Fixes for arches where pointers and integers do not have the same size
  (ppc64, s390, etc..)

* Mon Apr 14 2014 Stanislav Ochotnicky <sochotnicky@redhat.com> - 2.4.0-1
- Use OpenJDK instead of GCJ for java bindings

* Sat Jan 11 2014 Simo Sorce <simo@redhat.com> 2.4.0-0
- Update to final 2.4.0 version
- Drop all patches, they are now included in 2.4.0
- Change Source URI

* Mon Dec  9 2013 Simo Sorce <simo@redhat.com> 2.3.6-0.20131125.5
- Add patches to fix rpmlint license issues
- Add upstream patches to fix some build issues

* Thu Dec  5 2013 Simo Sorce <simo@redhat.com> 2.3.6-0.20131125.4
- Add patch to support automake-1.14 for rawhide

* Mon Nov 25 2013 Simo Sorce <simo@redhat.com> 2.3.6-0.20131125.3
- Initial packaging
- Based on the spec file by Jean-Marc Liger <jmliger@siris.sorbonne.fr>
- Code is updated to latest master via a jumbo patch while waiting for
  official upstream release.
- Jumbo patch includes also additional patches sent to upstream list)
  to build on Fedora 20
- Perl bindings are disabled as they fail to build
- Disable doc building as it doesn't ork correctly for now