43e9362f36
The Service Provider software contains a code path with an uncaught exception that can be triggered by an unauthenticated attacker by supplying well-formed but schema-invalid XML in the form of SAML metadata or SAML protocol messages. The result is a crash and so causes a denial of service. You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later. The easiest way to do so is to update the whole chain including shibboleth-2.5.5 an opensaml2.5.5. URL: http://shibboleth.net/community/advisories/secadv_20150721.txt Security: CVE-2015-2684
38 lines
1 KiB
Makefile
38 lines
1 KiB
Makefile
# Created by: Janos Mohacsi
|
|
# $FreeBSD$
|
|
|
|
PORTNAME= opensaml2
|
|
PORTVERSION= 2.5.5
|
|
CATEGORIES= security
|
|
MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/
|
|
DISTNAME= opensaml-${PORTVERSION}
|
|
|
|
MAINTAINER= girgen@FreeBSD.org
|
|
COMMENT= Open source implementation of SAML2
|
|
|
|
LIB_DEPENDS= libcurl.so:${PORTSDIR}/ftp/curl \
|
|
liblog4shib.so:${PORTSDIR}/devel/log4shib \
|
|
libxerces-c.so:${PORTSDIR}/textproc/xerces-c3 \
|
|
libxmltooling.so:${PORTSDIR}/devel/xmltooling
|
|
|
|
BUILD_DEPENDS= boost-libs>=0:${PORTSDIR}/devel/boost-libs
|
|
|
|
GNU_CONFIGURE= yes
|
|
CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} \
|
|
--with-xmltooling=${LOCALBASE} --disable-doxygen-doc
|
|
USES= gmake libtool pkgconfig
|
|
USE_LDCONFIG= yes
|
|
|
|
OPTIONS_DEFINE= DOCS
|
|
|
|
.include <bsd.port.options.mk>
|
|
|
|
post-patch:
|
|
@${REINPLACE_CMD} -e 's,^pkgdocdir.*=.*,pkgdocdir = ${DOCSDIR},' \
|
|
${WRKSRC}/doc/Makefile.in
|
|
|
|
.if empty(PORT_OPTIONS:MDOCS)
|
|
@${REINPLACE_CMD} -e '/^SUBDIRS/s,doc ,,' ${WRKSRC}/Makefile.in
|
|
.endif
|
|
|
|
.include <bsd.port.mk>
|