py-defusedxml XML bomb protection for Python stdlib modules
0.5.0 devel =0

0.5.0Version of this port present on the latest quarterly branch.

Maintainer: wg@FreeBSD.org
Port Added: 2013-08-04 13:40:26
Last Update: 2018-03-20 22:36:15
SVN Revision: 465132
Also Listed In: python textproc
License: PSFL

Defusing XML bombs and other exploits

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds. An attacker can also keep CPUs busy for
a long time with a small to medium size request.  This library prevents
such issues.

WWW: https://bitbucket.org/tiran/defusedxml

SVNWeb : Homepage

There is no configure plist information for this port.

Dependency lines:

• py27-defusedxml>0:devel/py-defusedxml

---

To install the port: cd /usr/ports/devel/py-defusedxml/ && make install clean
To add the package: pkg install py27-defusedxml

PKGNAME: py27-defusedxml

There is no flavor information for this port.

distinfo:

TIMESTAMP = 1521472409
SHA256 (defusedxml-0.5.0.tar.gz) = 24d7f2f94f7f3cb6061acb215685e5125fbcdc40a857eff9de22518820b0a4f4
SIZE (defusedxml-0.5.0.tar.gz) = 60405

---

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

1. py27-setuptools>0 : devel/py-setuptools@py27
2. python2.7 : lang/python27

Runtime dependencies:

1. py27-setuptools>0 : devel/py-setuptools@py27
2. python2.7 : lang/python27

This port is required by:

for Build

1. misc/py-glance
2. net/s3ql
3. www/py-wsgidav

for Run

1. devel/py-grab
2. devel/py-nbconvert
3. devel/py-odfpy
4. misc/py-cinder
5. misc/py-glance
6. net/py-soappy
7. net/py-zeep
Expand this list (14 items / 7 hidden)
8. net/s3ql
9. security/py-pysaml2
10. security/py-python3-openid
11. security/py-social-auth-core
12. www/py-wsgidav
Collapse this list.

Deleted ports Expand this list of 2 deleted ports
1. devel/py-zeep^*
2. security/py-crits^*
Collapse this list of deleted ports.

* - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

---

Configuration Options

===> The following configuration options are available for py27-defusedxml-0.5.0:
     DOCS=on: Build and/or install documentation
===> Use 'make config' to modify these settings

---

USES:

python

---

Master Sites:

1. https://files.pythonhosted.org/packages/source/d/defusedxml/
2. https://pypi.python.org/packages/source/d/defusedxml/

• 2017-11-30

  Affects: */py*

  Author: mat@FreeBSD.org

  Reason: 
    Ports using Python via USES=python are now flavored.  All the py3-* ports
    have been removed and folded into their py-* master ports.
  
    People using Poudriere 3.2+ and binary packages do not have to do anything.
  
    For other people, to build the Python 3.6 version of, for example,
    databases/py-gdbm, you need to run:
  
      # make FLAVOR=py36 install
  
  

Update to 0.5.0

- Add LICENSE_FILE
- Add NO_ARCH
- Allow concurrent installation (USE_PYTHON=concurrent)

Changes:	https://github.com/tiran/defusedxml/releases
PR:		226750
Submitted by:	sunpoet (myself)
Approved by:	wg (maintainer)

Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).

Convert Python ports to FLAVORS.

  Ports using USE_PYTHON=distutils are now flavored.  They will
  automatically get flavors (py27, py34, py35, py36) depending on what
  versions they support.

  There is also a USE_PYTHON=flavors for ports that do not use distutils
  but need FLAVORS to be set.  A USE_PYTHON=noflavors can be set if
  using distutils but flavors are not wanted.

  A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
  added to cope with Python ports that did not have the Python
  PKGNAMEPREFIX but are flavored.

  USES=python now also exports a PY_FLAVOR variable that contains the

devel/py-defusedxml: Allow overriding USES

- Convert ports of devel/ to USES=python

Approved by:	portmgr (implicit)

devel/py-defusedxml: use auto plist and remove py3k hack

devel/py-defusedxml: allow staging

- Allow staging

Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 3)

devel/py-defusedxml: Defusing XML bombs and other exploits

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds. An attacker can also keep CPUs busy for
a long time with a small to medium size request.  This library prevents
such issues.

WWW: https://bitbucket.org/tiran/defusedxml

12 vulnerabilities affecting 80 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2019-06-17 06:25:27