FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

non port: head/devel/xmltooling/distinfo
SVNWeb

Number of commits found: 8

Thu, 23 Jul 2015
[ 13:21 girgen ] Original commit 
392720 devel/xmltooling/Makefile
392720 devel/xmltooling/distinfo
392720 devel/xmltooling/files/patch-doc_Makefile.in
392720 devel/xmltooling/pkg-plist
392720 security/opensaml2/Makefile
392720 security/opensaml2/distinfo
392720 security/opensaml2/files/patch-doc_Makefile.in
392720 security/opensaml2/pkg-plist
392720 security/shibboleth2-sp/Makefile
392720 security/shibboleth2-sp/distinfo

(Only the first 10 of 12 ports in this commit are shown above. View all ports for this commit)
Shibboleth SP software crashes on well-formed but invalid XML.

The Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.

You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
The easiest way to do so is to update the whole chain including
shibboleth-2.5.5 an opensaml2.5.5.

URL:    	http://shibboleth.net/community/advisories/secadv_20150721.txt
Security:	CVE-2015-2684
Tue, 18 Jun 2013
[ 15:15 girgen ] Original commit 
321194 devel/xmltooling/Makefile
321194 devel/xmltooling/distinfo
321194 security/apache-xml-security-c/Makefile
321194 security/apache-xml-security-c/distinfo
321194 security/opensaml2/Makefile
321194 security/opensaml2/distinfo
321194 security/shibboleth2-sp/Makefile
321194 security/shibboleth2-sp/distinfo
321194 security/vuxml/vuln.xml
Security update for apache-xml-security-c.
Dependant ports, especially shibboleth2-sp, opensaml2, xmltooling
and log4shib should all be updated.

Security: CVE-2013-2156
Tue, 4 Jun 2013
[ 17:29 girgen ] Original commit 
319885 GIDs
319885 UIDs
319885 devel/log4shib/Makefile
319885 devel/log4shib/distinfo
319885 devel/xmltooling/Makefile
319885 devel/xmltooling/distinfo
319885 devel/xmltooling/pkg-plist
319885 security/apache-xml-security-c/Makefile
319885 security/apache-xml-security-c/distinfo
319885 security/apache-xml-security-c/pkg-plist

(Only the first 10 of 21 ports in this commit are shown above. View all ports for this commit)
Update Shibboleth-sp and its tool chain to 2.5.1.

Note that from 2.5, shibd is run as the user shibd.  The port tries to fix the
key file ownership but if you have changed the file name of the key from the
default sp-key.pem, make sure you chown your key file(s) to user shibd.

Also, take maintainership of the entire tool chain (approved by all previous
maintainers).

Incorporates the ideas suggested by Craig Leres [177668], making sure that the
ssl key is not added to the package.

PR:	177668, 178694
Thu, 28 Jul 2011
[ 11:53 swills ] Original commit 
1.8 devel/xmltooling/Makefile
1.5 devel/xmltooling/distinfo
1.3 devel/xmltooling/files/patch-doc_Makefile.in
1.2 devel/xmltooling/pkg-descr
- Update to 1.4.2
- Update home page while here
- Take maintainership

PR:             ports/159195
Approved by:    linimon
Mon, 27 Jun 2011
[ 02:57 swills ] Original commit 
1.7 devel/xmltooling/Makefile
1.4 devel/xmltooling/distinfo
1.2 devel/xmltooling/files/patch-doc_Makefile.in
1.5 devel/xmltooling/pkg-plist
1.6 security/apache-xml-security-c/Makefile
1.3 security/apache-xml-security-c/distinfo
1.3 security/apache-xml-security-c/pkg-plist
1.12 security/opensaml2/Makefile
1.8 security/opensaml2/distinfo
1.7 security/opensaml2/pkg-plist

(Only the first 10 of 13 ports in this commit are shown above. View all ports for this commit)
- Update to latest versions

PR:             ports/157822
Submited by:    Palle Girgensohn <girgen@FreeBSD.org>
Approved by:    maintainer timeout
Fri, 8 Jan 2010
[ 01:24 pgollucci ] Original commit 
1.4 devel/xmltooling/Makefile
1.3 devel/xmltooling/distinfo
1.1 devel/xmltooling/files/patch-doc_Makefile.in
1.3 devel/xmltooling/pkg-plist
- Update to 2.3

PR:             ports/142324
Submitted by:   Steve Wills <steve@mouf.net>
Approved by:    Mohacsi Janos <janos.mohacsi@bsd.hu> (maintainer)
Fri, 10 Jul 2009
[ 01:15 wxs ] Original commit 
1.3 devel/xmltooling/Makefile
1.2 devel/xmltooling/distinfo
1.2 devel/xmltooling/pkg-plist
- Update to 1.2

PR:             ports/136033
Submitted by:   Steve Wills <steve@mouf.net>
Approved by:    maintainer
Sat, 22 Nov 2008
[ 15:15 miwi ] Original commit 
1.3264 devel/Makefile
1.1 devel/xmltooling/Makefile
1.1 devel/xmltooling/distinfo
1.1 devel/xmltooling/pkg-descr
1.1 devel/xmltooling/pkg-plist
Shibboleth 2.x relies on OpenSAML 2, which in turn requires this
lower-level library that provides a higher level interface to XML
processing, particularly in light of signing and encryption.

WWW: https://spaces.internet2.edu/display/OpenSAML/XMLTooling-C

PR:             ports/127326
Submitted by:   Janos Mohacsi

Number of commits found: 8

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
openvswitchMay 29
cactiMay 28
chromiumMay 28
chromiumMay 28
chromiumMay 28
php55May 28
php55-gdMay 28
php55-pharMay 28
php56May 28
php56-gdMay 28
php70-gdMay 28
php70-intlMay 28
mediawiki123May 24
mediawiki124May 24
mediawiki125May 24

10 vulnerabilities affecting 20 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 26089
Broken 286
Deprecated 58
Ignore 551
Forbidden 0
Restricted 202
No CDROM 85
Vulnerable 53
Expired 15
Set to expire 46
Interactive 0
new 24 hours 5
new 48 hours11
new 7 days36
new fortnight60
new month128

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.