devel/xmltooling: update to 3.3.0

This is a library used by Shibboleth-SP and they are upgraded in sync.

Release notes:	https://shibboleth.atlassian.net/wiki/x/jYUaew

devel/xmltooling: Fix build with llvm16

Approved by:	portmgr (blanket)
Sponsored by:	The FreeBSD Foundation

devel/xmltooling: update to 3.2.4

An updated version of the XMLTooling library that is part of the
OpenSAML and Shibboleth Service Provider software is now available
which corrects a server-side request forgery (SSRF) vulnerability.

Security:	f7e9a1cc-0931-11ee-94b4-6cc21735f730

shibboleth-sp: Update to 3.4.1

A patch release of the Service Provider, V3.4.1, is now available. This
release fixes a couple of small bugs and adds a warning requested by one
of our member organizations in the absence of the redirectLimit setting,
which leads to SPs being abused as open redirectors.

Notably, this release includes an update to the xmltooling library that
hardens the code base against the sorts of attacks reported against the
IdP in the recent advisory. The SP is, as far as can be determined, not
impacted directly by that vulnerability, but this is a precautionary
change.

Release
notes:	https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335693/ReleaseNotes

security/shibboleth-sp: update to 3.4.0

This is a minor update containing a new setting suggested by a
contributor (thus the unplanned minor version change) controlling
retries when TCP connections to shibd are used. The other changes are
minimal in nature.

Update the toolchain as well:

devel/xmltooling
textproc/xerces-c3

and bump PORTREVISION for security/opensaml due to dependencies'
updates.

Release notes:	https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

*/*: bump all consumers after recent boost upgrade

devel: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  "Waitman Gobble" <uzimac@da3m0n8t3r.com>
  *  <jkoshy@FreeBSD.org>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Aaron Dalton <aaron@daltons.ca>
  *  Aaron H. K. Diep <ahkdiep@gmail.com>
  *  Aaron Hurt <ahurt@anbcs.com>
  *  Abel Chow <abel_chow@yahoo.com>
  *  Adam McLaurin
  *  Adam Saponara <as@php.net>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>

devel/xmltooling: update to 3.2.1

devel/xmltooling: Add CPE information

Approved by:	portmgr (blanket)

Remove # $FreeBSD$ from Makefiles.

Update xmltooling to 3.2.0

Bump dependant ports. xmltooling is only used as a dependency for
security/shibboleth-sp.

Release notes:	https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes

The Shibboleth Project has released V3.1.0 of the Service Provider software.

Release notes:	https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes

devel/boost-*: update to 1.72.0

Changes:	http://www.boost.org/users/history/version_1_72_0.html
PR:		241449
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D22136

devel/boost-*: update to 1.71.0

Changes:	http://www.boost.org/users/history/version_1_71_0.html
PR:		238827
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D20774

devel/boost-*: update to 1.70.0

Changes:	http://www.boost.org/users/history/version_1_70_0.html
PR:		235956
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D19303

Update Shibboleth and its tool chain to 3.0.4

The security problem was patched alreadyin 3.0.3p1, but all users are
recommended to update to the latest version at next service window.

Security:	CVE-2019-9628
		https://shibboleth.net/community/advisories/secadv_20190311.txt
Release notes:	https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes

Pull upstreams fix from upcoming release

This fixes a DoS scenario. The commit message from the original commit is

	CPPXT - Crash due to uncaught DOMException

Update to version 3.0.3

The update corrects a denial of service vulnerability.

Security:	4f8665d0-0465-11e9-b77a-6cc21735f730

devel/boost-*: update to 1.69.0

Changes:	http://www.boost.org/users/history/version_1_69_0.html
PR:		232525
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D17645

Fix build problem with OpenSSL-1.1.1

devel/boost-*: update to 1.68.0

- Switch to C++14 for libboost_system to support C++14 consumers

Changes:	http://www.boost.org/users/history/version_1_68_0.html
PR:		229569
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D16165

Update Shibboleth to 3.0.2

Also update the toolchain to latest versions. This includes a security fix for
apache-xml-security-c.

Releaseinfo:    https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes
Security:       5786185a-9a43-11e8-b34b-6cc21735f730
Security:       https://shibboleth.net/community/advisories/secadv_20180803.txt

devel/boost-*: update to 1.67.0

Changes:	http://www.boost.org/users/history/version_1_67_0.html
PR:		227427
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D15030

Shibboleth SP software vulnerable to additional data forgery flaws

The XML processing performed by the Service Provider software has been
found to be vulnerable to new flaws similar in nature to the one
addressed in an advisory last month.

Security:	22438240-1bd0-11e8-a2ec-6cc21735f730
URL:		https://shibboleth.net/community/advisories/secadv_20180227.txt

devel/boost-*: update to 1.66.0

Changes:	http://www.boost.org/users/history/version_1_66_0.html
PR:		223922
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D13279

Update to version 1.6.3

Shibboleth SP software vulnerable to forged user attribute data
====================================================================
The Service Provider software relies on a generic XML parser to process
SAML responses and there are limitations in older versions of the parser
that make it impossible to fully disable Document Type Definition (DTD)
processing.

Through addition/manipulation of a DTD, it's possible to make changes
to an XML document that do not break a digital signature but are
mishandled by the SP and its libraries. These manipulations can alter
the user data passed through to applications behind the SP and result
in impersonation attacks and exposure of protected information.

Update to latest version

This is a fix for a regression in the latest security fix for
security/shibboleth2-sp.

Security:	b4b7ec7d-ca27-11e7-a12d-6cc21735f730

devel/boost-*: update to 1.65.1

Changes:	http://www.boost.org/users/history/version_1_65_1.html
PR:		218835
Approved by:	maintainer timeout (1.65.1: 2 weeks; 1.65.0: 1 month)
Tested by:	jhibbits (on powerpc64, earlier version)
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D11582

devel/boost-*: enable C++11 features

PR:		218835
Obtained from:	https://github.com/DragonFlyBSD/DeltaPorts/pull/690
Approved by:	maintainer timeout (2 months)
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D11582

devel/boost-*: update to 1.64.0

Changes:	http://www.boost.org/users/history/version_1_64_0.html
PR:		218835
Approved by:	office (bapt)
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D10472

Remove all USE_OPENSSL occurrences.

Sponsored by:	Absolight

devel/boost-*: update to 1.63.0

Changes:	http://www.boost.org/users/history/version_1_63_0.html
PR:		215598
Exp-run by:	antoine
Approved by:	office (bapt)
MFH:		2017Q1

devel/boost-*: update to 1.62.0

- Enable `long double` C99 math usage
- Switch 9.x back to building with GCC

Changes:	http://www.boost.org/users/history/
PR:		199601
Submitted by:	Chen Xu, bapt, amdmi3, truckman (based on)
Reviewed by:	rakuco (kde) (earlier version)
Exp-run by:	antoine (3 tries), truckman (consumers only, earlier versions)
Approved by:	bapt (office)

Upgrade shibboleth-sp 2.6 and its tool chain

Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight

- Switch to options helpers
- While here, add some NO_ARCHes

Approved by:	portmgr blanket

Shibboleth SP software crashes on well-formed but invalid XML.

The Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.

You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
The easiest way to do so is to update the whole chain including
shibboleth-2.5.5 an opensaml2.5.5.

URL:    	http://shibboleth.net/community/advisories/secadv_20150721.txt
Security:	CVE-2015-2684

Add USES=libtool

Cleanup plist

Remove NOPORTDOCS and NOPORTEXAMPLES.

Approved by:	portmgr (blanket)

- Use new LIB_DEPENDS syntax
- Remove redundant docs plist entries (handled by PORTDOCS=*)

Approved by:	portmgr blanket

- Stage support

Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 4)

Remove USE_GCC=any the port fail at building with gcc 4.6 while is builds
properly with clang

Add an expicit dependency on pkgconf

- Update to 7.31.0
- Bump PORTREVISION for ftp/curl shlib change
- Add TEST_DEPENDS
- Convert to new options framework
- Adjust options:
  - Add COOKIES
  - Add CYASSL, NSS, POLARSSL, THREADED_RESOLVER, TLS_SRP [1]
  - Add GSSAPI and SPNEGO [2]
  - Remove KERBEROS4
  - Rename LIBIDN to IDN
  - Remove TRACKMEMORY [1]
- Sort option handler
- Add SLAVEDIRS: ftp/curl-hiphop
- Cosmetic change
- Cleanup Makefile header
- While I'm here, fix typo (PORTREVSION) in x11-wm/ede/Makefile

Changes:	http://curl.haxx.se/changes.html
PR:		ports/172325 (-exp run), ports/177369 (based on) [1]
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> [1], hrs (via email) [2]
Exp run by:	miwi

Security update for apache-xml-security-c.
Dependant ports, especially shibboleth2-sp, opensaml2, xmltooling
and log4shib should all be updated.

Security: CVE-2013-2156

Update Shibboleth-sp and its tool chain to 2.5.1.

Note that from 2.5, shibd is run as the user shibd.  The port tries to fix the
key file ownership but if you have changed the file name of the key from the
default sp-key.pem, make sure you chown your key file(s) to user shibd.

Also, take maintainership of the entire tool chain (approved by all previous
maintainers).

Incorporates the ideas suggested by Craig Leres [177668], making sure that the
ssl key is not added to the package.

PR:	177668, 178694

- Change MAINTAINER address
- Trim headers while I am here
- Clean up some trailing whitespace

Force numerous ports that fail to build with clang over to instead always
rely on gcc.  The patch uses the new USE_GCC=any code in Mk/bsd.gcc.mk to
accomplish this.

The ports chosen were ports that blocked 2 or more ports from building with
clang.  (There are several hundred other ports that still fail to build with
clang, even with this patch.  This is merely one step along the way.)

Those interested in fixing these ports with clang, and have clang as their
default compiler, can simply set FORCE_BASE_CC_FOR_TESTING=yes.

For those who have gcc as their default compiler, this change is believed
to cause no change.

Hat:		portmgr
Tested with:	multiple runs on amd64-8-exp-bcm and 9-exp-clang, with various
		combinations of patch/no-patch and flag settings.

- Use xerces-c 3 [1]
- Pass maintainership back to Janos Mohacsi <janos.mohacsi@bsd.hu> [2]

PR:             ports/159714 [1]
Submitted by:   Janos Mohacsi <janos.mohacsi@bsd.hu> [1]
Approved by:    maintainer (me) [2]

- Update to 1.4.2
- Update home page while here
- Take maintainership

PR:             ports/159195
Approved by:    linimon

- Oops, forgot to cvs add this patch

Reported by:    pavmail

- Update to latest versions

PR:             ports/157822
Submited by:    Palle Girgensohn <girgen@FreeBSD.org>
Approved by:    maintainer timeout

- Fix pkg-plist in NOPORTDOCS case

Reported by:    QAT

Chase the ftp/curl shlib version bump.

- s/ /\t/g
- 'Fix' make index

- Update to 2.3

PR:             ports/142324
Submitted by:   Steve Wills <steve@mouf.net>
Approved by:    Mohacsi Janos <janos.mohacsi@bsd.hu> (maintainer)

- Update to 1.2

PR:             ports/136033
Submitted by:   Steve Wills <steve@mouf.net>
Approved by:    maintainer

Bump the version of the curl shared library after the ftp/curl update
to 7.19.2.
Bump PORTREVISION, even on the ports that do not have a versioned
dependency, since the binaries will most probably still stop working.

Shibboleth 2.x relies on OpenSAML 2, which in turn requires this
lower-level library that provides a higher level interface to XML
processing, particularly in light of signing and encryption.

WWW: https://spaces.internet2.edu/display/OpenSAML/XMLTooling-C

PR:             ports/127326
Submitted by:   Janos Mohacsi