diff -Nru shibboleth-sp-3.0.4+dfsg1/debian/changelog shibboleth-sp-3.0.4+dfsg1/debian/changelog --- shibboleth-sp-3.0.4+dfsg1/debian/changelog 2021-03-18 12:22:53.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/debian/changelog 2021-06-10 11:30:02.000000000 +0200 @@ -1,3 +1,15 @@ +shibboleth-sp (3.0.4+dfsg1-1ubuntu0.2) focal-security; urgency=high + + * SECURITY UPDATE: Session recovery feature contains a null pointer + deference (LP: #1926250) + - debian/patches/SSPCPP-927-Check-for-missing-DataSealer-during-cookie- + rec.patch: Check for missing DataSealer during cookie recovery + - https://shibboleth.net/community/advisories/secadv_20210426.txt + - https://issues.shibboleth.net/jira/browse/SSPCPP-927 + - CVE-2021-31826 + + -- Etienne Dysli Metref Thu, 10 Jun 2021 11:30:02 +0200 + shibboleth-sp (3.0.4+dfsg1-1ubuntu0.1) focal-security; urgency=high * SECURITY UPDATE: Fix a phishing vulnerability: Template generation diff -Nru shibboleth-sp-3.0.4+dfsg1/debian/patches/series shibboleth-sp-3.0.4+dfsg1/debian/patches/series --- shibboleth-sp-3.0.4+dfsg1/debian/patches/series 2021-03-18 12:22:53.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/debian/patches/series 2021-06-10 11:28:57.000000000 +0200 @@ -4,3 +4,4 @@ seckeygen-defaults-for-Debian.patch Use-runstatedir-from-future-Autoconf-2.70.patch SSPCPP-922-Add-externalParameters-option-to-Errors-element.patch +SSPCPP-927-Check-for-missing-DataSealer-during-cookie-rec.patch diff -Nru shibboleth-sp-3.0.4+dfsg1/debian/patches/SSPCPP-927-Check-for-missing-DataSealer-during-cookie-rec.patch shibboleth-sp-3.0.4+dfsg1/debian/patches/SSPCPP-927-Check-for-missing-DataSealer-during-cookie-rec.patch --- shibboleth-sp-3.0.4+dfsg1/debian/patches/SSPCPP-927-Check-for-missing-DataSealer-during-cookie-rec.patch 1970-01-01 01:00:00.000000000 +0100 +++ shibboleth-sp-3.0.4+dfsg1/debian/patches/SSPCPP-927-Check-for-missing-DataSealer-during-cookie-rec.patch 2021-06-10 11:30:02.000000000 +0200 @@ -0,0 +1,30 @@ +## Description: SSPCPP-927 - Check for missing DataSealer during cookie recovery +## Origin/Author: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec +## Bug: https://issues.shibboleth.net/jira/browse/SSPCPP-927 +## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1926250 +Index: shibboleth-sp-3.0.4+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp +=================================================================== +--- shibboleth-sp-3.0.4+dfsg1.orig/shibsp/impl/StorageServiceSessionCache.cpp ++++ shibboleth-sp-3.0.4+dfsg1/shibsp/impl/StorageServiceSessionCache.cpp +@@ -1130,6 +1130,12 @@ bool SSCache::recover(const Application& + else { + // We're out of process, so we can recover the session. + #ifndef SHIBSP_LITE ++ const DataSealer* sealer = XMLToolingConfig::getConfig().getDataSealer(); ++ if (!sealer) { ++ m_log.warn("can't attempt recovery of session (%s), no DataSealer configured", key); ++ return false; ++ } ++ + m_log.debug("checking for revocation of session (%s)", key); + try { + if (m_storage_lite->readString("Revoked", key) > 0) { +@@ -1156,7 +1162,7 @@ bool SSCache::recover(const Application& + try { + dup = strdup(data); + XMLToolingConfig::getConfig().getURLEncoder()->decode(dup); +- unwrapped = XMLToolingConfig::getConfig().getDataSealer()->unwrap(dup); ++ unwrapped = sealer->unwrap(dup); + free(dup); + + stringstream str(unwrapped);