notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Port details
py-defusedxml XML bomb protection for Python stdlib modules
0.5.0 devel on this many watch lists=0 search for ports that depend on this port Find issues related to this port Report an issue related to this port
0.5.0Version of this port present on the latest quarterly branch.
Maintainer: wg@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2013-08-04 13:40:26
Last Update: 2018-03-20 22:36:15
SVN Revision: 465132
Also Listed In: python textproc
License: PSFL
Defusing XML bombs and other exploits

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds. An attacker can also keep CPUs busy for
a long time with a small to medium size request.  This library prevents
such issues.

WWW: https://bitbucket.org/tiran/defusedxml
SVNWeb : Homepage

There is no configure plist information for this port.

Dependency lines:
  • py27-defusedxml>0:devel/py-defusedxml

To install the port: cd /usr/ports/devel/py-defusedxml/ && make install clean
To add the package: pkg install py27-defusedxml

PKGNAME: py27-defusedxml

There is no flavor information for this port.

distinfo:

TIMESTAMP = 1521472409
SHA256 (defusedxml-0.5.0.tar.gz) = 24d7f2f94f7f3cb6061acb215685e5125fbcdc40a857eff9de22518820b0a4f4
SIZE (defusedxml-0.5.0.tar.gz) = 60405


NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. py27-setuptools>0 : devel/py-setuptools@py27
  2. python2.7 : lang/python27
Runtime dependencies:
  1. py27-setuptools>0 : devel/py-setuptools@py27
  2. python2.7 : lang/python27

This port is required by:

for Build for Run * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...
Configuration Options
===> The following configuration options are available for py27-defusedxml-0.5.0:
     DOCS=on: Build and/or install documentation
===> Use 'make config' to modify these settings

USES:
python

Master Sites:
  1. https://files.pythonhosted.org/packages/source/d/defusedxml/
  2. https://pypi.python.org/packages/source/d/defusedxml/
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2017-11-30
    Affects: */py*
    Author: mat@FreeBSD.org
    Reason: 
      Ports using Python via USES=python are now flavored.  All the py3-* ports
      have been removed and folded into their py-* master ports.
    
      People using Poudriere 3.2+ and binary packages do not have to do anything.
    
      For other people, to build the Python 3.6 version of, for example,
      databases/py-gdbm, you need to run:
    
        # make FLAVOR=py36 install
    
    

Number of commits found: 9

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
20 Mar 2018 22:36:15
Original commit files touched by this commit  0.5.0
Revision:465132
sunpoet search for other commits by this committer
Update to 0.5.0

- Add LICENSE_FILE
- Add NO_ARCH
- Allow concurrent installation (USE_PYTHON=concurrent)

Changes:	https://github.com/tiran/defusedxml/releases
PR:		226750
Submitted by:	sunpoet (myself)
Approved by:	wg (maintainer)
11 Jan 2018 14:18:01
Original commit files touched by this commit  0.4.1
Revision:458739
danfe search for other commits by this committer
Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).
30 Nov 2017 15:50:34
Original commit files touched by this commit  0.4.1
Revision:455210  Sanity Test Failure
mat search for other commits by this committer
Convert Python ports to FLAVORS.

  Ports using USE_PYTHON=distutils are now flavored.  They will
  automatically get flavors (py27, py34, py35, py36) depending on what
  versions they support.

  There is also a USE_PYTHON=flavors for ports that do not use distutils
  but need FLAVORS to be set.  A USE_PYTHON=noflavors can be set if
  using distutils but flavors are not wanted.

  A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
  added to cope with Python ports that did not have the Python
  PKGNAMEPREFIX but are flavored.

  USES=python now also exports a PY_FLAVOR variable that contains the
(Only the first 15 lines of the commit message are shown above View all of this commit message)
14 Apr 2017 18:42:32
Original commit files touched by this commit  0.4.1
Revision:438535
swills search for other commits by this committer
devel/py-defusedxml: Allow overriding USES
20 Oct 2014 16:04:14
Original commit files touched by this commit  0.4.1
Revision:371280
mva search for other commits by this committer
- Convert ports of devel/ to USES=python

Approved by:	portmgr (implicit)
17 Dec 2013 14:29:42
Original commit files touched by this commit  0.4.1
Revision:336729
wg search for other commits by this committer
devel/py-defusedxml: use auto plist and remove py3k hack
25 Sep 2013 14:33:23
Original commit files touched by this commit  0.4.1
Revision:328296
wg search for other commits by this committer
devel/py-defusedxml: allow staging

- Allow staging
20 Sep 2013 17:13:47
Original commit files touched by this commit  0.4.1
Revision:327724
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 3)
04 Aug 2013 13:40:12
Original commit files touched by this commit  0.4.1
Revision:324232
wg search for other commits by this committer
devel/py-defusedxml: Defusing XML bombs and other exploits

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds. An attacker can also keep CPUs busy for
a long time with a small to medium size request.  This library prevents
such issues.

WWW: https://bitbucket.org/tiran/defusedxml

Number of commits found: 9

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
ImageMagick6*Jun 17
ImageMagick6-nox11*Jun 17
ImageMagick7*Jun 17
ImageMagick7-nox11*Jun 17
GraphicsMagickJun 16
netatalk3Jun 16
chromiumJun 15
neovimJun 13
phpmyadminJun 13
vimJun 13
vim-consoleJun 13
vim-tinyJun 13
mybbJun 12
linux-flashplayerJun 11
drupal7Jun 08

12 vulnerabilities affecting 80 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last updated:
2019-06-17 06:25:27


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 36694
Broken 81
Deprecated 120
Ignore 303
Forbidden 3
Restricted 162
No CDROM 74
Vulnerable 33
Expired 14
Set to expire 91
Interactive 0
new 24 hours 5
new 48 hours13
new 7 days36
new fortnight64
new month200

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2019 Dan Langille. All rights reserved.