non port: security/shibboleth-sp/pkg-plist |
Number of commits found: 12 |
Wednesday, 11 Jan 2023
|
14:46 Palle Girgensohn (girgen)
shibboleth-sp: Update to 3.4.1
A patch release of the Service Provider, V3.4.1, is now available. This
release fixes a couple of small bugs and adds a warning requested by one
of our member organizations in the absence of the redirectLimit setting,
which leads to SPs being abused as open redirectors.
Notably, this release includes an update to the xmltooling library that
hardens the code base against the sorts of attacks reported against the
IdP in the recent advisory. The SP is, as far as can be determined, not
impacted directly by that vulnerability, but this is a precautionary
change.
Release
notes: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335693/ReleaseNotes
a9e7159 |
Monday, 7 Nov 2022
|
17:03 Palle Girgensohn (girgen)
security/shibboleth-sp: update to 3.4.0
This is a minor update containing a new setting suggested by a
contributor (thus the unplanned minor version change) controlling
retries when TCP connections to shibd are used. The other changes are
minimal in nature.
Update the toolchain as well:
devel/xmltooling
textproc/xerces-c3
and bump PORTREVISION for security/opensaml due to dependencies'
updates.
Release notes: https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes
b4e7dc9 |
Tuesday, 30 Nov 2021
|
14:42 Palle Girgensohn (girgen)
security/shibboleth-sp: update to 3.3.0
1031ca3 |
Thursday, 8 Jul 2021
|
08:26 Palle Girgensohn (girgen)
security/shibboleth-sp: update to 3.2.3
A regression in the RequestMap feature causing random crashes on some
systems was identified, necessitating this patch update. Most uses of
this feature tend to be on Windows, so that's the primary platform
affected but the bug was generic if the feature were to be used on other
systems.
It isn't easily exploitable by specific requests, so it's a borderline
sort of denial of service risk and the Shibboleth project chose not to
do an advisory, and anybody affected won't need much incentive to get
the patch anyway.
ddb9b32 |
Monday, 26 Apr 2021
|
08:51 Palle Girgensohn (girgen)
security/shibboleth-sp: Update to 3.2.2
This is a security fix for an issue that has not yet been disclosed. The
vuxml entry will be updated once the CVE is available.
The patch to mitigate the vulnerability was introduced already on
2021-04-23 in the FreeBSD port as 3.2.1_1.
Security: e4403051-a667-11eb-b9c9-6cc21735f730
1988988 |
Tuesday, 15 Dec 2020
|
20:01 girgen
Upgrade Shibboleth and OpenSAML to 3.2.0
Release
notes: https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes#ReleaseNotes-3.2.0(December14,2020)
|
Monday, 13 Apr 2020
|
22:15 girgen
The Shibboleth Project has released V3.1.0 of the Service Provider software.
Release notes: https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes
|
Monday, 11 Mar 2019
|
17:02 girgen
Update Shibboleth and its tool chain to 3.0.4
The security problem was patched alreadyin 3.0.3p1, but all users are
recommended to update to the latest version at next service window.
Security: CVE-2019-9628
https://shibboleth.net/community/advisories/secadv_20190311.txt
Release notes: https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes
|
Sunday, 23 Dec 2018
|
10:54 girgen
Update to version 3.0.3
The update corrects a denial of service vulnerability.
Security: 4f8665d0-0465-11e9-b77a-6cc21735f730
|
Tuesday, 7 Aug 2018
|
13:24 girgen
Update Shibboleth to 3.0.2
Also update the toolchain to latest versions. This includes a security fix for
apache-xml-security-c.
Releaseinfo: https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes
Security: 5786185a-9a43-11e8-b34b-6cc21735f730
Security: https://shibboleth.net/community/advisories/secadv_20180803.txt
|
Thursday, 28 Jan 2010
|
01:59 miwi
2010-01-08 x11-toolkits/gtkada-gps: has been broken for 3 months
2010-01-08 x11-fm/velocity: has been broken for 7 months
2010-01-08 x11-drivers/xf86-video-nsc: has been broken for 5 months
2010-01-08 www/rubygem-merb: has been broken for 5 months
2010-01-08 security/shibboleth-sp: has been broken for 3 months
|
Friday, 3 Aug 2007
|
23:21 pav
Shibboleth is standards-based, open source middleware software which
provides Web Single SignOn (SSO) across or within organizational
boundaries. It allows sites to make informed authorization decisions
for individual access of protected online resources in a
privacy-preserving manner.
This software is a C++ implementation of the Service Provider
component of the Shibboleth can be used in Apache Web servers. The
service provider manages secured resources. User access to resources
is based on assertions received by the service provider (SP) from
an identity provider.
WWW: http://shibboleth.internet2.edu/
PR: ports/114663
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
|
Number of commits found: 12 |