From owner-svn-ports-head@FreeBSD.ORG Tue Jun 18 15:15:50 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 892B8D94; Tue, 18 Jun 2013 15:15:50 +0000 (UTC) (envelope-from girgen@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 798BF105A; Tue, 18 Jun 2013 15:15:50 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r5IFFoVE000598; Tue, 18 Jun 2013 15:15:50 GMT (envelope-from girgen@svn.freebsd.org) Received: (from girgen@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r5IFFmeW000583; Tue, 18 Jun 2013 15:15:48 GMT (envelope-from girgen@svn.freebsd.org) Message-Id: <201306181515.r5IFFmeW000583@svn.freebsd.org> From: Palle Girgensohn Date: Tue, 18 Jun 2013 15:15:48 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r321194 - in head: devel/xmltooling security/apache-xml-security-c security/opensaml2 security/shibboleth2-sp security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jun 2013 15:15:50 -0000 Author: girgen Date: Tue Jun 18 15:15:48 2013 New Revision: 321194 URL: http://svnweb.freebsd.org/changeset/ports/321194 Log: Security update for apache-xml-security-c. Dependant ports, especially shibboleth2-sp, opensaml2, xmltooling and log4shib should all be updated. Security: CVE-2013-2156 Modified: head/devel/xmltooling/Makefile head/devel/xmltooling/distinfo head/security/apache-xml-security-c/Makefile head/security/apache-xml-security-c/distinfo head/security/opensaml2/Makefile head/security/opensaml2/distinfo head/security/shibboleth2-sp/Makefile head/security/shibboleth2-sp/distinfo head/security/vuxml/vuln.xml Modified: head/devel/xmltooling/Makefile ============================================================================== --- head/devel/xmltooling/Makefile Tue Jun 18 15:12:06 2013 (r321193) +++ head/devel/xmltooling/Makefile Tue Jun 18 15:15:48 2013 (r321194) @@ -2,9 +2,9 @@ # $FreeBSD$ PORTNAME= xmltooling -PORTVERSION= 1.5.2 +PORTVERSION= 1.5.3 CATEGORIES= devel security -MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/2.5.2/ +MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/2.5.3/ MAINTAINER= girgen@FreeBSD.org COMMENT= Low level XML support for SAML Modified: head/devel/xmltooling/distinfo ============================================================================== --- head/devel/xmltooling/distinfo Tue Jun 18 15:12:06 2013 (r321193) +++ head/devel/xmltooling/distinfo Tue Jun 18 15:15:48 2013 (r321194) @@ -1,2 +1,2 @@ -SHA256 (xmltooling-1.5.2.tar.gz) = d43719f8d742d87131ea64f2dbc8f1b366c7f216ac21015090a51693ff11df98 -SIZE (xmltooling-1.5.2.tar.gz) = 679098 +SHA256 (xmltooling-1.5.3.tar.gz) = 90e453deb738574b04f1f1aa08ed7cc9d8746bcbf93eb59f401a6e38f2ec9574 +SIZE (xmltooling-1.5.3.tar.gz) = 675350 Modified: head/security/apache-xml-security-c/Makefile ============================================================================== --- head/security/apache-xml-security-c/Makefile Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/apache-xml-security-c/Makefile Tue Jun 18 15:15:48 2013 (r321194) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= xml-security-c -PORTVERSION= 1.7.0 +PORTVERSION= 1.7.1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_APACHE} MASTER_SITE_SUBDIR=santuario/c-library Modified: head/security/apache-xml-security-c/distinfo ============================================================================== --- head/security/apache-xml-security-c/distinfo Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/apache-xml-security-c/distinfo Tue Jun 18 15:15:48 2013 (r321194) @@ -1,2 +1,2 @@ -SHA256 (xml-security-c-1.7.0.tar.gz) = c8cd6ec3d3b777fcca295cb4b273b08e4cfe37e03fc27131ec079894b9dae87c -SIZE (xml-security-c-1.7.0.tar.gz) = 874025 +SHA256 (xml-security-c-1.7.1.tar.gz) = 3d306660702d620b30605627f970b90667ed967211a8fc26b3243e6d3abeb32e +SIZE (xml-security-c-1.7.1.tar.gz) = 875367 Modified: head/security/opensaml2/Makefile ============================================================================== --- head/security/opensaml2/Makefile Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/opensaml2/Makefile Tue Jun 18 15:15:48 2013 (r321194) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= opensaml2 -PORTVERSION= 2.5.2 +PORTVERSION= 2.5.3 CATEGORIES= security MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ DISTNAME= opensaml-${PORTVERSION} Modified: head/security/opensaml2/distinfo ============================================================================== --- head/security/opensaml2/distinfo Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/opensaml2/distinfo Tue Jun 18 15:15:48 2013 (r321194) @@ -1,2 +1,2 @@ -SHA256 (opensaml-2.5.2.tar.gz) = 5bc3fbe5e789ad7aedfc2919413131400290466ecd2b77b1c3f3dc4c37e6fe54 -SIZE (opensaml-2.5.2.tar.gz) = 707139 +SHA256 (opensaml-2.5.3.tar.gz) = 1ed6a241b2021def6a1af57d3087b697c98b38842e9195e1f3fae194d55c13fb +SIZE (opensaml-2.5.3.tar.gz) = 703021 Modified: head/security/shibboleth2-sp/Makefile ============================================================================== --- head/security/shibboleth2-sp/Makefile Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/shibboleth2-sp/Makefile Tue Jun 18 15:15:48 2013 (r321194) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= shibboleth-sp -PORTVERSION= 2.5.1 -PORTREVISION= 1 +PORTVERSION= 2.5.2 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ Modified: head/security/shibboleth2-sp/distinfo ============================================================================== --- head/security/shibboleth2-sp/distinfo Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/shibboleth2-sp/distinfo Tue Jun 18 15:15:48 2013 (r321194) @@ -1,2 +1,2 @@ -SHA256 (shibboleth-sp-2.5.1.tar.gz) = a697034fe56a170602a3907cde6faf822836b1ba23cdc11af315a81df6102f04 -SIZE (shibboleth-sp-2.5.1.tar.gz) = 952815 +SHA256 (shibboleth-sp-2.5.2.tar.gz) = 1d5c42ea6a6cf5f1ed39101af52a2df2cf7e5e6c086e1081bdf1275f970ba1d5 +SIZE (shibboleth-sp-2.5.2.tar.gz) = 949163 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jun 18 15:12:06 2013 (r321193) +++ head/security/vuxml/vuln.xml Tue Jun 18 15:15:48 2013 (r321194) @@ -51,6 +51,36 @@ Note: Please add new entries to the beg --> + + apache-xml-security-c -- heap overflow + + + apache-xml-security-c + 1.7.1 + + + + +

The Apache Software Foundation reports:

+
+

A heap overflow exists in the processing of the PrefixList + attribute optionally used in conjunction with Exclusive + Canonicalization, potentially allowing arbitary code execution. + If verification of the signature occurs prior to actual evaluation of a + signing key, this could be exploited by an unauthenticated attacker.

+
+ + + + CVE-2013-2156 + http://santuario.apache.org/secadv.data/CVE-2013-2156.txt + + + 2013-06-18 + 2013-06-18 + + + tor -- guard discovery