diff -Nru glewlwyd-2.5.2/debian/changelog glewlwyd-2.5.2/debian/changelog --- glewlwyd-2.5.2/debian/changelog 2021-09-07 23:00:32.000000000 +0000 +++ glewlwyd-2.5.2/debian/changelog 2021-11-23 19:15:42.000000000 +0000 @@ -1,3 +1,9 @@ +glewlwyd (2.5.2-3+rpi1) bookworm-staging; urgency=medium + + * Apply upstream patches for new iddwac and rhonabwy function names. + + -- Peter Michael Green Tue, 23 Nov 2021 19:15:42 +0000 + glewlwyd (2.5.2-3) unstable; urgency=medium * d/postinst: Run pgsql script on $dbc_server diff -Nru glewlwyd-2.5.2/debian/patches/series glewlwyd-2.5.2/debian/patches/series --- glewlwyd-2.5.2/debian/patches/series 2021-09-07 11:26:22.000000000 +0000 +++ glewlwyd-2.5.2/debian/patches/series 2021-11-23 19:14:38.000000000 +0000 @@ -1,2 +1,4 @@ #webpack.patch webauthn.patch +use-new-iddawc-function-names.patch +use-new-rhonabwy-function-names.patch diff -Nru glewlwyd-2.5.2/debian/patches/use-new-iddawc-function-names.patch glewlwyd-2.5.2/debian/patches/use-new-iddawc-function-names.patch --- glewlwyd-2.5.2/debian/patches/use-new-iddawc-function-names.patch 1970-01-01 00:00:00.000000000 +0000 +++ glewlwyd-2.5.2/debian/patches/use-new-iddawc-function-names.patch 2021-11-23 19:10:11.000000000 +0000 @@ -0,0 +1,91 @@ +commit bb51945a21d7a3572c8f690a9e6b3fe50f13111e +Author: babelouest +Date: Tue Mar 23 07:51:12 2021 -0400 + + Use new iddawc function names + +diff --git a/src/scheme/oauth2.c b/src/scheme/oauth2.c +index 56893dfd..5bd3d7e4 100644 +--- a/src/scheme/oauth2.c ++++ b/src/scheme/oauth2.c +@@ -262,7 +262,7 @@ static json_t * complete_session_identify(struct config_module * config, struct + ret = G_ERROR_PARAM; + } + } else { +- if ((res = i_load_userinfo(&i_session)) == I_OK && i_session.j_userinfo != NULL) { ++ if ((res = i_get_userinfo(&i_session, 0)) == I_OK && i_session.j_userinfo != NULL) { + if (json_string_length((json_object_get(i_session.j_userinfo, json_string_value(json_object_get(j_provider, "userid_property")))))) { + sub = o_strdup(json_string_value(json_object_get(i_session.j_userinfo, json_string_value(json_object_get(j_provider, "userid_property"))))); + ret = o_strlen(sub)?G_OK:G_ERROR_PARAM; +@@ -276,7 +276,7 @@ static json_t * complete_session_identify(struct config_module * config, struct + } else if (res == I_ERROR_PARAM || res == I_ERROR_SERVER || res == I_ERROR_UNAUTHORIZED || i_session.j_userinfo == NULL) { + ret = G_ERROR_PARAM; + } else { +- y_log_message(Y_LOG_LEVEL_ERROR, "complete_session_identify - Error i_load_userinfo (1)"); ++ y_log_message(Y_LOG_LEVEL_ERROR, "complete_session_identify - Error i_get_userinfo (1)"); + ret = G_ERROR; + } + } +@@ -288,7 +288,7 @@ static json_t * complete_session_identify(struct config_module * config, struct + } + break; + case I_RESPONSE_TYPE_TOKEN: +- if ((res = i_load_userinfo(&i_session)) == I_OK && i_session.j_userinfo != NULL) { ++ if ((res = i_get_userinfo(&i_session, 0)) == I_OK && i_session.j_userinfo != NULL) { + if (json_string_length(json_object_get(i_session.j_userinfo, json_string_value(json_object_get(j_provider, "userid_property"))))) { + sub = o_strdup(json_string_value(json_object_get(i_session.j_userinfo, json_string_value(json_object_get(j_provider, "userid_property"))))); + ret = o_strlen(sub)?G_OK:G_ERROR_PARAM; +@@ -302,7 +302,7 @@ static json_t * complete_session_identify(struct config_module * config, struct + } else if (res == I_ERROR_PARAM || res == I_ERROR_SERVER || res == I_ERROR_UNAUTHORIZED || i_session.j_userinfo == NULL) { + ret = G_ERROR_PARAM; + } else { +- y_log_message(Y_LOG_LEVEL_ERROR, "complete_session_identify - Error i_load_userinfo (2)"); ++ y_log_message(Y_LOG_LEVEL_ERROR, "complete_session_identify - Error i_get_userinfo (2)"); + ret = G_ERROR; + } + break; +@@ -910,7 +910,7 @@ static int complete_session_for_user(struct config_module * config, const char * + ret = G_ERROR_PARAM; + } + } else { +- if ((res = i_load_userinfo(&i_session)) == I_OK && i_session.j_userinfo != NULL) { ++ if ((res = i_get_userinfo(&i_session, 0)) == I_OK && i_session.j_userinfo != NULL) { + if (json_string_length((json_object_get(i_session.j_userinfo, json_string_value(json_object_get(j_provider, "userid_property")))))) { + sub = o_strdup(json_string_value(json_object_get(i_session.j_userinfo, json_string_value(json_object_get(j_provider, "userid_property"))))); + ret = o_strlen(sub)?G_OK:G_ERROR_PARAM; +@@ -924,7 +924,7 @@ static int complete_session_for_user(struct config_module * config, const char * + } else if (res == I_ERROR_PARAM || res == I_ERROR_SERVER || res == I_ERROR_UNAUTHORIZED || i_session.j_userinfo == NULL) { + ret = G_ERROR_PARAM; + } else { +- y_log_message(Y_LOG_LEVEL_ERROR, "complete_session_for_user - Error i_load_userinfo (1)"); ++ y_log_message(Y_LOG_LEVEL_ERROR, "complete_session_for_user - Error i_get_userinfo (1)"); + ret = G_ERROR; + } + } +@@ -936,7 +936,7 @@ static int complete_session_for_user(struct config_module * config, const char * + } + break; + case I_RESPONSE_TYPE_TOKEN: +- if ((res = i_load_userinfo(&i_session)) == I_OK && i_session.j_userinfo != NULL) { ++ if ((res = i_get_userinfo(&i_session, 0)) == I_OK && i_session.j_userinfo != NULL) { + if (json_string_length(json_object_get(i_session.j_userinfo, json_string_value(json_object_get(j_provider, "userid_property"))))) { + sub = o_strdup(json_string_value(json_object_get(i_session.j_userinfo, json_string_value(json_object_get(j_provider, "userid_property"))))); + ret = o_strlen(sub)?G_OK:G_ERROR_PARAM; +@@ -950,7 +950,7 @@ static int complete_session_for_user(struct config_module * config, const char * + } else if (res == I_ERROR_PARAM || res == I_ERROR_SERVER || res == I_ERROR_UNAUTHORIZED || i_session.j_userinfo == NULL) { + ret = G_ERROR_PARAM; + } else { +- y_log_message(Y_LOG_LEVEL_ERROR, "complete_session_for_user - Error i_load_userinfo (2)"); ++ y_log_message(Y_LOG_LEVEL_ERROR, "complete_session_for_user - Error i_get_userinfo (2)"); + ret = G_ERROR; + } + break; +@@ -1194,7 +1194,7 @@ json_t * user_auth_scheme_module_init(struct config_module * config, json_t * j_ + I_OPT_SCOPE, is_oidc?"openid":json_string_value(json_object_get(j_element, "scope")), + I_OPT_NONE) != I_OK) { + y_log_message(Y_LOG_LEVEL_ERROR, "user_auth_scheme_module_init oauth2 - Error setting parameters for provider %s", json_string_value(json_object_get(j_element, "name"))); +- } else if (i_load_openid_config(&i_session) != I_OK) { ++ } else if (i_get_openid_config(&i_session) != I_OK) { + y_log_message(Y_LOG_LEVEL_ERROR, "user_auth_scheme_module_init oauth2 - Error loading openid-configuration for provider %s", json_string_value(json_object_get(j_element, "name"))); + } else if ((j_export = i_export_session_json_t(&i_session)) == NULL) { + y_log_message(Y_LOG_LEVEL_ERROR, "user_auth_scheme_module_init oauth2 - Error exporting session for provider %s", json_string_value(json_object_get(j_element, "name"))); diff -Nru glewlwyd-2.5.2/debian/patches/use-new-rhonabwy-function-names.patch glewlwyd-2.5.2/debian/patches/use-new-rhonabwy-function-names.patch --- glewlwyd-2.5.2/debian/patches/use-new-rhonabwy-function-names.patch 1970-01-01 00:00:00.000000000 +0000 +++ glewlwyd-2.5.2/debian/patches/use-new-rhonabwy-function-names.patch 2021-11-23 19:15:31.000000000 +0000 @@ -0,0 +1,60 @@ +This patch is based on the upstream commit described below, defuzzed +in the context of the Debian package. + +commit 31d4ecd016712f04710f1fc8e2ee178e25b7358f +Author: babelouest +Date: Thu Aug 5 16:27:58 2021 -0400 + + Use new rhonabwy function names + +Index: glewlwyd-2.5.2/src/plugin/protocol_oidc.c +=================================================================== +--- glewlwyd-2.5.2.orig/src/plugin/protocol_oidc.c ++++ glewlwyd-2.5.2/src/plugin/protocol_oidc.c +@@ -269,7 +269,7 @@ static json_t * check_parameters (json_t + } + r_jwks_free(jwks); + } else { +- if (r_jwks_init(&jwks) != RHN_OK || r_jwks_import_from_str(jwks, json_string_value(json_object_get(j_params, "jwks-public"))) != RHN_OK) { ++ if (r_jwks_init(&jwks) != RHN_OK || r_jwks_import_from_json_str(jwks, json_string_value(json_object_get(j_params, "jwks-public"))) != RHN_OK) { + json_array_append_new(j_error, json_string("jwks-public is an invalid jwks")); + ret = G_ERROR_PARAM; + } +@@ -292,7 +292,7 @@ static json_t * check_parameters (json_t + } + r_jwks_free(jwks); + } else { +- if (r_jwks_init(&jwks) != RHN_OK || r_jwks_import_from_str(jwks, json_string_value(json_object_get(j_params, "jwks-private"))) != RHN_OK) { ++ if (r_jwks_init(&jwks) != RHN_OK || r_jwks_import_from_json_str(jwks, json_string_value(json_object_get(j_params, "jwks-private"))) != RHN_OK) { + json_array_append_new(j_error, json_string("jwks-private is an invalid jwks")); + ret = G_ERROR_PARAM; + } +@@ -4339,7 +4339,7 @@ static json_t * validate_jwt_auth_reques + jwt_t * jwt = NULL; + + if (jwt_request != NULL) { +- if (r_jwt_init(&jwt) == RHN_OK && r_jwt_parse(jwt, jwt_request, 0) == RHN_OK && decrypt_request_token(config, jwt) == G_OK) { ++ if (r_jwt_init(&jwt) == RHN_OK && r_jwt_parse_unsecure(jwt, jwt_request, 0) == RHN_OK && decrypt_request_token(config, jwt) == G_OK) { + // request or request_uri must not be present in the payload + if (r_jwt_get_claim_str_value(jwt, "request") == NULL && r_jwt_get_claim_str_value(jwt, "request_uri") == NULL) { + j_result = verify_request_signature(config, jwt, r_jwt_get_claim_str_value(jwt, "client_id"), ip_source); +@@ -11491,7 +11491,7 @@ json_t * plugin_module_init(struct confi + p_config->jwks_str = r_jwks_export_to_json_str(jwks_specified, 0); + } + } else { +- if (r_jwks_init(&jwks_specified) != RHN_OK || r_jwks_import_from_str(jwks_specified, json_string_value(json_object_get(p_config->j_params, "jwks-public"))) != RHN_OK) { ++ if (r_jwks_init(&jwks_specified) != RHN_OK || r_jwks_import_from_json_str(jwks_specified, json_string_value(json_object_get(p_config->j_params, "jwks-public"))) != RHN_OK) { + y_log_message(Y_LOG_LEVEL_ERROR, "protocol_init - oidc - Error importing jwks-public from data"); + j_return = json_pack("{si}", "result", G_ERROR); + break; +@@ -11522,8 +11522,8 @@ json_t * plugin_module_init(struct confi + break; + } + } else { +- if (r_jwks_import_from_str(jwks_privkey, json_string_value(json_object_get(p_config->j_params, "jwks-private"))) != RHN_OK) { +- y_log_message(Y_LOG_LEVEL_ERROR, "protocol_init - oidc - Error r_jwks_import_from_str"); ++ if (r_jwks_import_from_json_str(jwks_privkey, json_string_value(json_object_get(p_config->j_params, "jwks-private"))) != RHN_OK) { ++ y_log_message(Y_LOG_LEVEL_ERROR, "protocol_init - oidc - Error r_jwks_import_from_json_str"); + j_return = json_pack("{sis[s]}", "result", G_ERROR_PARAM, "error", "invalid jwks cntent"); + break; + }