py-defusedxml XML bomb protection for Python stdlib modules

0.6.0 devel =0 0.5.0Version of this port present on the latest quarterly branch.

Maintainer: wg@FreeBSD.org

Port Added: 2013-08-04 13:40:26

Last Update: 2021-01-07 02:13:09

SVN Revision: 560666

Also Listed In: python textproc

License: PSFL

Description:

Defusing XML bombs and other exploits The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred Bytes of XML data an attacker can occupy several Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. This library prevents such issues. WWW: https://bitbucket.org/tiran/defusedxml

SVNWeb : Homepage

There is no configure plist information for this port.

Dependency lines:

• ${PYTHON_PKGNAMEPREFIX}defusedxml>0:devel/py-defusedxml

To install the port: cd /usr/ports/devel/py-defusedxml/ && make install clean

To add the package: pkg install py37-defusedxml

PKGNAME: py37-defusedxml

Package flavors (<flavor>: <package>)

• py37: py37-defusedxml

distinfo:

TIMESTAMP = 1609580851 SHA256 (defusedxml-0.6.0.tar.gz) = f684034d135af4c6cbb949b8a4d2ed61634515257a67299e5f940fbaa34377f5 SIZE (defusedxml-0.6.0.tar.gz) = 62670

Dependencies

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

1. py37-setuptools>0 : devel/py-setuptools@py37
2. python3.7 : lang/python37

Runtime dependencies:

1. py37-setuptools>0 : devel/py-setuptools@py37
2. python3.7 : lang/python37

This port is required by:

for Build

1. math/sage
2. www/py-wsgidav

Deleted ports which required this port:

Expand this list of 2 deleted ports

1. misc/py-glance^*
2. net/s3ql^*
3. Collapse this list of deleted ports.

for Run

1. devel/py-grab
2. devel/py-nbconvert
3. devel/py-odfpy
4. graphics/py-cairosvg
5. math/sage
6. misc/py-cinder
7. net/py-zeep

Expand this list (23 items / 16 hidden)

8. Collapse this list.
9. security/py-ospd
10. security/py-ospd-openvas
11. security/py-plaso
12. security/py-pysaml2
13. security/py-pysaml24
14. security/py-python3-openid
15. security/py-python3-saml
16. security/py-social-auth-core
17. www/py-seafdav
18. www/py-wsgidav
19. www/radicale
20. Collapse this list.

Deleted ports which required this port:

Expand this list of 5 deleted ports

1. devel/py-zeep^*
2. misc/py-glance^*
3. net/py-soappy^*
4. net/s3ql^*
5. security/py-crits^*
6. Collapse this list of deleted ports.

* - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

Configuration Options

===> The following configuration options are available for py37-defusedxml-0.6.0: DOCS=on: Build and/or install documentation ===> Use 'make config' to modify these settings

USES:

python:3.6+

Master Sites:

Expand this list (2 items)

Collapse this list.
1. https://files.pythonhosted.org/packages/source/d/defusedxml/
2. https://pypi.org/packages/source/d/defusedxml/
Collapse this list.

• 2017-11-30

  Affects: */py*

  Author: mat@FreeBSD.org

  Reason: 
    Ports using Python via USES=python are now flavored.  All the py3-* ports
    have been removed and folded into their py-* master ports.
  
    People using Poudriere 3.2+ and binary packages do not have to do anything.
  
    For other people, to build the Python 3.6 version of, for example,
    databases/py-gdbm, you need to run:
  
      # make FLAVOR=py36 install
  
  

- Update to 0.6.0

PR:		251825
Submitted by:	rozhuk.im at gmail.com
Approved by:	wg (maintainer timeout)

Drop python 2.7 support from a few ports

With hat:	portmgr

Update to 0.5.0

- Add LICENSE_FILE
- Add NO_ARCH
- Allow concurrent installation (USE_PYTHON=concurrent)

Changes:	https://github.com/tiran/defusedxml/releases
PR:		226750
Submitted by:	sunpoet (myself)
Approved by:	wg (maintainer)

Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).

Convert Python ports to FLAVORS.

  Ports using USE_PYTHON=distutils are now flavored.  They will
  automatically get flavors (py27, py34, py35, py36) depending on what
  versions they support.

  There is also a USE_PYTHON=flavors for ports that do not use distutils
  but need FLAVORS to be set.  A USE_PYTHON=noflavors can be set if
  using distutils but flavors are not wanted.

  A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
  added to cope with Python ports that did not have the Python
  PKGNAMEPREFIX but are flavored.

  USES=python now also exports a PY_FLAVOR variable that contains the

devel/py-defusedxml: Allow overriding USES

- Convert ports of devel/ to USES=python

Approved by:	portmgr (implicit)

devel/py-defusedxml: use auto plist and remove py3k hack

devel/py-defusedxml: allow staging

- Allow staging

Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 3)

devel/py-defusedxml: Defusing XML bombs and other exploits

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds. An attacker can also keep CPUs busy for
a long time with a small to medium size request.  This library prevents
such issues.

WWW: https://bitbucket.org/tiran/defusedxml

12 vulnerabilities affecting 113 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2021-01-14 20:39:03