py-defusedxml XML bomb protection for Python stdlib modules

0.5.0 devel =0 0.5.0Version of this port present on the latest quarterly branch.

Maintainer: wg@FreeBSD.org

Port Added: 2013-08-04 13:40:26

Last Update: 2018-03-20 22:36:15

SVN Revision: 465132

Also Listed In: python textproc

License: PSFL

Description:

Defusing XML bombs and other exploits The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred Bytes of XML data an attacker can occupy several Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. This library prevents such issues. WWW: https://bitbucket.org/tiran/defusedxml

SVNWeb : Homepage

There is no configure plist information for this port.

Dependency lines:

• py27-defusedxml>0:devel/py-defusedxml

To install the port: cd /usr/ports/devel/py-defusedxml/ && make install clean

To add the package: pkg install py27-defusedxml

PKGNAME: py27-defusedxml

Flavors: there is no flavor information for this port.

distinfo:

TIMESTAMP = 1521472409 SHA256 (defusedxml-0.5.0.tar.gz) = 24d7f2f94f7f3cb6061acb215685e5125fbcdc40a857eff9de22518820b0a4f4 SIZE (defusedxml-0.5.0.tar.gz) = 60405

Dependencies

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

1. py27-setuptools>0 : devel/py-setuptools@py27
2. python2.7 : lang/python27

Runtime dependencies:

1. py27-setuptools>0 : devel/py-setuptools@py27
2. python2.7 : lang/python27

This port is required by:

for Build

1. www/py-wsgidav

Deleted ports which required this port:

Expand this list of 2 deleted ports

1. misc/py-glance^*
2. net/s3ql^*
3. Collapse this list of deleted ports.

for Run

1. devel/py-grab
2. devel/py-nbconvert
3. devel/py-odfpy
4. graphics/py-cairosvg
5. misc/py-cinder
6. net/py-zeep
7. security/py-ospd

Expand this list (20 items / 13 hidden)

8. security/py-plaso
9. security/py-pysaml2
10. security/py-pysaml24
11. security/py-python3-openid
12. security/py-python3-saml
13. security/py-social-auth-core
14. www/py-seafdav
15. www/py-wsgidav
16. Collapse this list.

Deleted ports which required this port:

Expand this list of 5 deleted ports

1. devel/py-zeep^*
2. misc/py-glance^*
3. net/py-soappy^*
4. net/s3ql^*
5. security/py-crits^*
6. Collapse this list of deleted ports.

* - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

Configuration Options

===> The following configuration options are available for py27-defusedxml-0.5.0: DOCS=on: Build and/or install documentation ===> Use 'make config' to modify these settings

USES:

python

Master Sites:

1. https://files.pythonhosted.org/packages/source/d/defusedxml/
2. https://pypi.python.org/packages/source/d/defusedxml/

• 2017-11-30

  Affects: */py*

  Author: mat@FreeBSD.org

  Reason: 
    Ports using Python via USES=python are now flavored.  All the py3-* ports
    have been removed and folded into their py-* master ports.
  
    People using Poudriere 3.2+ and binary packages do not have to do anything.
  
    For other people, to build the Python 3.6 version of, for example,
    databases/py-gdbm, you need to run:
  
      # make FLAVOR=py36 install
  
  

Update to 0.5.0

- Add LICENSE_FILE
- Add NO_ARCH
- Allow concurrent installation (USE_PYTHON=concurrent)

Changes:	https://github.com/tiran/defusedxml/releases
PR:		226750
Submitted by:	sunpoet (myself)
Approved by:	wg (maintainer)

Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).

Convert Python ports to FLAVORS.

  Ports using USE_PYTHON=distutils are now flavored.  They will
  automatically get flavors (py27, py34, py35, py36) depending on what
  versions they support.

  There is also a USE_PYTHON=flavors for ports that do not use distutils
  but need FLAVORS to be set.  A USE_PYTHON=noflavors can be set if
  using distutils but flavors are not wanted.

  A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
  added to cope with Python ports that did not have the Python
  PKGNAMEPREFIX but are flavored.

  USES=python now also exports a PY_FLAVOR variable that contains the

devel/py-defusedxml: Allow overriding USES

- Convert ports of devel/ to USES=python

Approved by:	portmgr (implicit)

devel/py-defusedxml: use auto plist and remove py3k hack

devel/py-defusedxml: allow staging

- Allow staging

Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 3)

devel/py-defusedxml: Defusing XML bombs and other exploits

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds. An attacker can also keep CPUs busy for
a long time with a small to medium size request.  This library prevents
such issues.

WWW: https://bitbucket.org/tiran/defusedxml

16 vulnerabilities affecting 84 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2020-06-04 15:25:41