Update Shibboleth to 3.0.2

Also update the toolchain to latest versions. This includes a security fix for
apache-xml-security-c.

Releaseinfo:    https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes
Security:       5786185a-9a43-11e8-b34b-6cc21735f730
Security:       https://shibboleth.net/community/advisories/secadv_20180803.txt

devel/boost-*: update to 1.67.0

Changes:	http://www.boost.org/users/history/version_1_67_0.html
PR:		227427
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D15030

- unbreak INDEX building
   => USES s/=/:/

security/shibboleth-sp: Chase Mk/Uses/apache.mk migration

PR:             226958
With hat:	apache
Submitted by:   David Sieborger <drs-freebsd sieborger nom za>

devel/boost-*: update to 1.66.0

Changes:	http://www.boost.org/users/history/version_1_66_0.html
PR:		223922
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D13279

Shibboleth Service Provider Security Advisory [15 November 2017]

An updated version of the Shibboleth Service Provider software
is available which corrects a critical security issue in the
"Dynamic" metadata provider plugin.

Deployers making use of the affected feature should apply the
relevant update at the soonest possible moment.

Security:	b4b7ec7d-ca27-11e7-a12d-6cc21735f730

security/shibboleth-sp: Fix wrongly placed USE_APACHE=

PR:		222411
Approved by:	maintainter timeout
Differential Revision:	https://reviews.freebsd.org/D12308

devel/boost-*: update to 1.65.1

Changes:	http://www.boost.org/users/history/version_1_65_1.html
PR:		218835
Approved by:	maintainer timeout (1.65.1: 2 weeks; 1.65.0: 1 month)
Tested by:	jhibbits (on powerpc64, earlier version)
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D11582

devel/boost-*: enable C++11 features

PR:		218835
Obtained from:	https://github.com/DragonFlyBSD/DeltaPorts/pull/690
Approved by:	maintainer timeout (2 months)
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D11582

Update to 3.2.0

Changes:	https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12314395

devel/boost-*: update to 1.64.0

Changes:	http://www.boost.org/users/history/version_1_64_0.html
PR:		218835
Approved by:	office (bapt)
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D10472

Add options for fastcgi and memcached and make odbc and apache optional.

Fastcgi allows simple use with NGINX. Memcached is similar to ODBC, in that it
offers another option for more persistent session storage than in-memory.

devel/boost-*: update to 1.63.0

Changes:	http://www.boost.org/users/history/version_1_63_0.html
PR:		215598
Exp-run by:	antoine
Approved by:	office (bapt)
MFH:		2017Q1

devel/boost-*: update to 1.62.0

- Enable `long double` C99 math usage
- Switch 9.x back to building with GCC

Changes:	http://www.boost.org/users/history/
PR:		199601
Submitted by:	Chen Xu, bapt, amdmi3, truckman (based on)
Reviewed by:	rakuco (kde) (earlier version)
Exp-run by:	antoine (3 tries), truckman (consumers only, earlier versions)
Approved by:	bapt (office)

Upgrade shibboleth-sp 2.6 and its tool chain

Missed two occurences of ${PORTSDIR}/.

With hat:	portmgr
Sponsored by:	Absolight

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

Update xerces-c3 and shibboleth to latest versions

The update in xerces fixes a buffer overflow security problem that exposes the
possibility of a denial of service attack, and could conceivably result in
remote code execution.

Users of Shibboleth or any other service usingi the xerces-c3 xml library are
recommended to upgrade promptly.

URL:	http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
Security:	CVE-2016-0729

- Convert to @sample
- Cleanup plist

Remove UNIQUENAME and LATEST_LINK.

UNIQUENAME was never unique, it was only used by USE_LDCONFIG and now,
we won't have conflicts there.

Use PKGBASE instead of LATEST_LINK in PKGLATESTFILE, the *only* consumer
is pkg-devel, and it works just fine without LATEST_LINK as pkg-devel
has the correct PKGNAME anyway.

Now that UNIQUENAME is gone, OPTIONSFILE is too. (it's been called
OPTIONS_FILE now.)

Reviewed by:	antoine, bapt
Exp-run by:	antoine
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D3336

The new shibboleth will refuse to accept -u when it was
already su:ed to that user. Trust shibboleth to change user.

Shibboleth SP software crashes on well-formed but invalid XML.

The Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.

You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
The easiest way to do so is to update the whole chain including
shibboleth-2.5.5 an opensaml2.5.5.

URL:    	http://shibboleth.net/community/advisories/secadv_20150721.txt
Security:	CVE-2015-2684

Update Shibboleth and opensaml to latest version.

Remove $FreeBSD$ from patches files everywhere.

With hat:	portmgr
Sponsored by:	Absolight

into the fire... last commit didnt't really help, it has to be part of SUB_LIST
as well

Spelling error, WWWGROUP is really WWWGRP
PR:	191118

revert r354688 and fix the error instead, it should be @owner, not @user...

remove @user @group since it does not work with old pkg_tools
[https://wiki.freebsd.org/ports/StageDir] recommends using them, but I see no
point in using both
Reported by: Peter Olsson

Update Shibboleth to 2.5.3, a bug fix release.

Change the cache directory back to the built-in default, /var/cache, and
force mode 755 on that directory. (see r258664 in head why this is a good
thing).

Add odbc support as suggested in ports/189410.

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

- Remove MAKE_JOBS_SAFE variable

Approved by:	portmgr (bdrewery)

Move /var/cache/shibboleth to /var/db/shibboleth, since /var/cache has mode 750
and cannot be read by the www user. According to hier(7):
   db/   misc. automatically generated system-specific database files
so /var/db seems like the best choice

- Don't remove directories not created by this port

Reported by:	pkg (DEVELOPER_MODE)

Security update for apache-xml-security-c.
Dependant ports, especially shibboleth2-sp, opensaml2, xmltooling
and log4shib should all be updated.

Security: CVE-2013-2156

Add build dependency on boost for shibboleth and opensaml.
PR:	ports/179431

Don't remove /var/*/shibboleth with rm -rf, so we don't "pull out the carpet
from underneath" a running shibd. Hence allow updating while the old shibd is
still running.

Update Shibboleth-sp and its tool chain to 2.5.1.

Note that from 2.5, shibd is run as the user shibd.  The port tries to fix the
key file ownership but if you have changed the file name of the key from the
default sp-key.pem, make sure you chown your key file(s) to user shibd.

Also, take maintainership of the entire tool chain (approved by all previous
maintainers).

Incorporates the ideas suggested by Craig Leres [177668], making sure that the
ssl key is not added to the package.

PR:	177668, 178694

Convert security to new options framework

- remove www/apache20 and devel/apr0
- s/USE_APACHE= 20+/USE_APACHE= 22+/
- unify s/YES/yes/
- cleanup APACHE_VERSION <= 22 usage
- add entry to MOVED

with hat apache@

- Fix permissions on /var/run/shibboleth

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

- Update to 2.4.3
- Update home page while here
- Take maintainership while here

PR:             ports/159195
Approved by:    linimon

- Update to latest versions

PR:             ports/157822
Submited by:    Palle Girgensohn <girgen@FreeBSD.org>
Approved by:    maintainer timeout

- Don't overwrite/remove config files on package installation/uninstall
- Obey shibboleth_sp_flags, shibboleth_sp_program and shibboleth_sp_pidfile

PR:             ports/155876
Submitted by:   Craig Leres <leres at ee.lbl.gov>
Approved by:    maintainer timeout

Sync to new bsd.autotools.mk

Punt autoconf267->autoconf268

Round one migration of ports from automake{19,110} to automake111

Autotools update.   Read ports/UPDATING 20100915 for details.

Approved by:    portmgr (for Mk/bsd.port.mk part)
Tested by:      Multiple -exp runs

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

- Update to 2.3.1.

PR:             ports/136034
Submitted by:   Steve Wills <steve@mouf.net>
Approved by:    janos.mohacsi@bsd.hu (maintainer timeout)

- forced commit to note repo copy

  security/shibboleth-sp -> security/shibboleth2-sp

Repocopy by:    marcus