17:21 girgen 

Shibboleth Service Provider Security Advisory [15 November 2017]

An updated version of the Shibboleth Service Provider software
is available which corrects a critical security issue in the
"Dynamic" metadata provider plugin.

Deployers making use of the affected feature should apply the
relevant update at the soonest possible moment.

Security:	b4b7ec7d-ca27-11e7-a12d-6cc21735f730

 

21:52 girgen 

Upgrade shibboleth-sp 2.6 and its tool chain

 

13:21 girgen 

Shibboleth SP software crashes on well-formed but invalid XML.

The Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.

You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
The easiest way to do so is to update the whole chain including
shibboleth-2.5.5 an opensaml2.5.5.

URL:    	http://shibboleth.net/community/advisories/secadv_20150721.txt
Security:	CVE-2015-2684

 

22:24 girgen 

Update Shibboleth and opensaml to latest version.

 

15:15 girgen 

Security update for apache-xml-security-c.
Dependant ports, especially shibboleth2-sp, opensaml2, xmltooling
and log4shib should all be updated.

Security: CVE-2013-2156

 

17:29 girgen 

Update Shibboleth-sp and its tool chain to 2.5.1.

Note that from 2.5, shibd is run as the user shibd.  The port tries to fix the
key file ownership but if you have changed the file name of the key from the
default sp-key.pem, make sure you chown your key file(s) to user shibd.

Also, take maintainership of the entire tool chain (approved by all previous
maintainers).

Incorporates the ideas suggested by Craig Leres [177668], making sure that the
ssl key is not added to the package.

PR:	177668, 178694

 

11:50 swills 

- Update to 2.4.3 to fix security issue
- Update home page while here
- Take maintainership while here

Approved by:    linimon
Security:       CVE-2011-1411

02:57 swills 

- Update to latest versions

PR:             ports/157822
Submited by:    Palle Girgensohn <girgen@FreeBSD.org>
Approved by:    maintainer timeout

14:38 wxs 

- Update to 2.3

PR:             ports/142325
Submitted by:   Steve Wills <steve@mouf.net>
Approved by:    maintainer timeout

01:16 wxs 

- Update to 2.2

PR:             ports/136032
Submitted by:   Steve Wills <steve@mouf.net>
Approved by:    maintainer

15:55 miwi 

- Update to 2.1

PR:             127400
Submitted by:   Janos Mohacsi <janos.mohacsi@bsd.hu>

15:54 miwi 

- Force commit
        Repocopy from security/opensaml to security/opensaml2