From owner-svn-ports-head@freebsd.org  Thu Jul 23 13:21:11 2015
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12FDA9A783B;
 Thu, 23 Jul 2015 13:21:11 +0000 (UTC)
 (envelope-from girgen@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 007061CE3;
 Thu, 23 Jul 2015 13:21:11 +0000 (UTC)
 (envelope-from girgen@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6NDLAoX060866;
 Thu, 23 Jul 2015 13:21:10 GMT (envelope-from girgen@FreeBSD.org)
Received: (from girgen@localhost)
 by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6NDL6dE060850;
 Thu, 23 Jul 2015 13:21:06 GMT (envelope-from girgen@FreeBSD.org)
Message-Id: <201507231321.t6NDL6dE060850@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: girgen set sender to
 girgen@FreeBSD.org using -f
From: Palle Girgensohn <girgen@FreeBSD.org>
Date: Thu, 23 Jul 2015 13:21:06 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r392720 - in head: devel/xmltooling
 devel/xmltooling/files security/opensaml2 security/opensaml2/files
 security/shibboleth2-sp security/shibboleth2-sp/files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 13:21:11 -0000

Author: girgen
Date: Thu Jul 23 13:21:05 2015
New Revision: 392720
URL: https://svnweb.freebsd.org/changeset/ports/392720

Log:
  Shibboleth SP software crashes on well-formed but invalid XML.
  
  The Service Provider software contains a code path with an uncaught
  exception that can be triggered by an unauthenticated attacker by
  supplying well-formed but schema-invalid XML in the form of SAML
  metadata or SAML protocol messages. The result is a crash and so
  causes a denial of service.
  
  You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
  The easiest way to do so is to update the whole chain including
  shibboleth-2.5.5 an opensaml2.5.5.
  
  URL:    	http://shibboleth.net/community/advisories/secadv_20150721.txt
  Security:	CVE-2015-2684

Deleted:
  head/security/opensaml2/files/patch-doc_Makefile.in
Modified:
  head/devel/xmltooling/Makefile
  head/devel/xmltooling/distinfo
  head/devel/xmltooling/files/patch-doc_Makefile.in
  head/devel/xmltooling/pkg-plist
  head/security/opensaml2/Makefile
  head/security/opensaml2/distinfo
  head/security/opensaml2/pkg-plist
  head/security/shibboleth2-sp/Makefile
  head/security/shibboleth2-sp/distinfo
  head/security/shibboleth2-sp/files/patch-shibboleth-spec
  head/security/shibboleth2-sp/pkg-plist

Modified: head/devel/xmltooling/Makefile
==============================================================================
--- head/devel/xmltooling/Makefile	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/devel/xmltooling/Makefile	Thu Jul 23 13:21:05 2015	(r392720)
@@ -2,10 +2,9 @@
 # $FreeBSD$
 
 PORTNAME=	xmltooling
-PORTVERSION=	1.5.3
-PORTREVISION=	3
+PORTVERSION=	1.5.5
 CATEGORIES=	devel security
-MASTER_SITES=	http://shibboleth.net/downloads/c++-opensaml/2.5.3/
+MASTER_SITES=	http://shibboleth.net/downloads/c++-opensaml/2.5.5/
 
 MAINTAINER=	girgen@FreeBSD.org
 COMMENT=	Low level XML support for SAML

Modified: head/devel/xmltooling/distinfo
==============================================================================
--- head/devel/xmltooling/distinfo	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/devel/xmltooling/distinfo	Thu Jul 23 13:21:05 2015	(r392720)
@@ -1,2 +1,2 @@
-SHA256 (xmltooling-1.5.3.tar.gz) = 90e453deb738574b04f1f1aa08ed7cc9d8746bcbf93eb59f401a6e38f2ec9574
-SIZE (xmltooling-1.5.3.tar.gz) = 675350
+SHA256 (xmltooling-1.5.5.tar.gz) = 5507332878b1f611efe791c8eeabd9b8327d75602949f0cb189970b8a221333f
+SIZE (xmltooling-1.5.5.tar.gz) = 713161

Modified: head/devel/xmltooling/files/patch-doc_Makefile.in
==============================================================================
--- head/devel/xmltooling/files/patch-doc_Makefile.in	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/devel/xmltooling/files/patch-doc_Makefile.in	Thu Jul 23 13:21:05 2015	(r392720)
@@ -1,6 +1,6 @@
---- doc/Makefile.in.orig	2011-07-25 16:15:04.474558171 -0400
-+++ doc/Makefile.in	2011-07-25 16:16:15.041554095 -0400
-@@ -233,7 +233,7 @@
+--- doc/Makefile.in.orig	2015-07-09 17:28:24.000000000 +0200
++++ doc/Makefile.in	2015-07-21 20:54:22.000000000 +0200
+@@ -317,7 +317,7 @@
  top_builddir = @top_builddir@
  top_srcdir = @top_srcdir@
  AUTOMAKE_OPTIONS = foreign
@@ -9,22 +9,12 @@
  docfiles = \
  	README.txt \
  	LICENSE.txt \
-@@ -243,7 +243,7 @@
- 	CURL.LICENSE
- 
- pkgdoc_DATA = $(docfiles)
--EXTRA_DIST = $(docfiles) api
-+EXTRA_DIST = $(docfiles)
- all: all-am
- 
- .SUFFIXES:
-@@ -455,10 +455,6 @@
+@@ -547,9 +547,6 @@
  
  
  install-data-hook:
 -	if test -d api ; then \
 -		cp -r api $(DESTDIR)$(pkgdocdir); \
--		rm -rf `find $(DESTDIR)$(pkgdocdir)/api -name .svn`; \
 -	fi;
  
  # Tell versions [3.59,3.63) of GNU make to not export all variables.

Modified: head/devel/xmltooling/pkg-plist
==============================================================================
--- head/devel/xmltooling/pkg-plist	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/devel/xmltooling/pkg-plist	Thu Jul 23 13:21:05 2015	(r392720)
@@ -82,10 +82,10 @@ include/xmltooling/validation/ValidatorS
 include/xmltooling/version.h
 lib/libxmltooling-lite.so
 lib/libxmltooling-lite.so.6
-lib/libxmltooling-lite.so.6.0.3
+lib/libxmltooling-lite.so.6.0.5
 lib/libxmltooling.so
 lib/libxmltooling.so.6
-lib/libxmltooling.so.6.0.3
+lib/libxmltooling.so.6.0.5
 libdata/pkgconfig/xmltooling.pc
 share/xml/xmltooling/catalog.xml
 share/xml/xmltooling/soap-envelope.xsd

Modified: head/security/opensaml2/Makefile
==============================================================================
--- head/security/opensaml2/Makefile	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/security/opensaml2/Makefile	Thu Jul 23 13:21:05 2015	(r392720)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	opensaml2
-PORTVERSION=	2.5.4
+PORTVERSION=	2.5.5
 CATEGORIES=	security
 MASTER_SITES=	http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/
 DISTNAME=	opensaml-${PORTVERSION}

Modified: head/security/opensaml2/distinfo
==============================================================================
--- head/security/opensaml2/distinfo	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/security/opensaml2/distinfo	Thu Jul 23 13:21:05 2015	(r392720)
@@ -1,2 +1,2 @@
-SHA256 (opensaml-2.5.4.tar.gz) = 562d3b5fe7b29aefbad9d5910508baf2edcb87327e51a4f239076e54663763e6
-SIZE (opensaml-2.5.4.tar.gz) = 738788
+SHA256 (opensaml-2.5.5.tar.gz) = 133bee4f1cfe79bff33d358391806eaef575cd02db9d3eb532438b24a97b12e0
+SIZE (opensaml-2.5.5.tar.gz) = 739776

Modified: head/security/opensaml2/pkg-plist
==============================================================================
--- head/security/opensaml2/pkg-plist	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/security/opensaml2/pkg-plist	Thu Jul 23 13:21:05 2015	(r392720)
@@ -49,13 +49,12 @@ include/saml/util/CommonDomainCookie.h
 include/saml/util/SAMLConstants.h
 lib/libsaml.so
 lib/libsaml.so.8
-lib/libsaml.so.8.0.4
+lib/libsaml.so.8.0.5
 libdata/pkgconfig/opensaml.pc
 %%PORTDOCS%%%%DOCSDIR%%/README.txt
 %%PORTDOCS%%%%DOCSDIR%%/LICENSE.txt
 %%PORTDOCS%%%%DOCSDIR%%/NOTICE.txt
 %%PORTDOCS%%%%DOCSDIR%%/LOG4CPP.LICENSE
-%%PORTDOCS%%@dir %%DOCSDIR%%/api
 share/xml/opensaml/saml20-catalog.xml
 share/xml/opensaml/saml10-catalog.xml
 share/xml/opensaml/saml11-catalog.xml

Modified: head/security/shibboleth2-sp/Makefile
==============================================================================
--- head/security/shibboleth2-sp/Makefile	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/security/shibboleth2-sp/Makefile	Thu Jul 23 13:21:05 2015	(r392720)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	shibboleth-sp
-PORTVERSION=	2.5.4
+PORTVERSION=	2.5.5
 CATEGORIES=	security www
 MASTER_SITES=	http://shibboleth.net/downloads/service-provider/${PORTVERSION}/
 
@@ -26,6 +26,8 @@ GROUPS=		shibd
 USE_APACHE=	22+
 USE_OPENSSL=	yes
 
+INSTALL_TARGET=	install-strip
+
 .include <bsd.port.pre.mk>
 
 .if ${APACHE_VERSION} == 22

Modified: head/security/shibboleth2-sp/distinfo
==============================================================================
--- head/security/shibboleth2-sp/distinfo	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/security/shibboleth2-sp/distinfo	Thu Jul 23 13:21:05 2015	(r392720)
@@ -1,2 +1,2 @@
-SHA256 (shibboleth-sp-2.5.4.tar.gz) = be0adfb324d1831e55b2ce281c7f8bd27bb9bdd65f1d0e9d8019e4cde1ceb6bb
-SIZE (shibboleth-sp-2.5.4.tar.gz) = 993532
+SHA256 (shibboleth-sp-2.5.5.tar.gz) = 30da36e0bba2ce4606a9effc37c05cd110dafdd6d3141468c4aa0f57ce4d96ce
+SIZE (shibboleth-sp-2.5.5.tar.gz) = 1003433

Modified: head/security/shibboleth2-sp/files/patch-shibboleth-spec
==============================================================================
--- head/security/shibboleth2-sp/files/patch-shibboleth-spec	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/security/shibboleth2-sp/files/patch-shibboleth-spec	Thu Jul 23 13:21:05 2015	(r392720)
@@ -1,6 +1,6 @@
---- shibboleth.spec.in.orig	2013-06-16 21:43:47.000000000 +0200
-+++ shibboleth.spec.in	2013-07-29 14:42:22.887422969 +0200
-@@ -59,7 +59,7 @@
+--- shibboleth.spec.in.orig	2015-07-20 21:31:32.000000000 +0200
++++ shibboleth.spec.in	2015-07-22 17:45:15.000000000 +0200
+@@ -71,7 +71,7 @@
  %if "%{_vendor}" == "suse"
  %define pkgdocdir %{_docdir}/shibboleth
  %else
@@ -9,7 +9,7 @@
  %endif
  
  %description
-@@ -203,14 +203,6 @@
+@@ -275,14 +275,6 @@
  /sbin/ldconfig
  %endif
  
@@ -18,7 +18,7 @@
 -if [ -f sp-key.pem ] ; then
 -	%{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
 -else
--	sh ./keygen.sh -b -u %{runuser} -g %{runuser}
+-	/bin/sh ./keygen.sh -b -u %{runuser} -g %{runuser}
 -fi
 -
  # Fix ownership of log files (even on new installs, if they're left from an older one).

Modified: head/security/shibboleth2-sp/pkg-plist
==============================================================================
--- head/security/shibboleth2-sp/pkg-plist	Thu Jul 23 11:33:00 2015	(r392719)
+++ head/security/shibboleth2-sp/pkg-plist	Thu Jul 23 13:21:05 2015	(r392720)
@@ -136,7 +136,7 @@ include/shibsp/util/PropertySet.h
 include/shibsp/util/SPConstants.h
 include/shibsp/util/TemplateParameters.h
 include/shibsp/version.h
-lib/libshibsp.so.6.0.4
+lib/libshibsp.so.6.0.5
 lib/libshibsp.so.6
 lib/libshibsp.so
 lib/shibboleth/adfs.so
@@ -146,7 +146,7 @@ lib/shibboleth/plugins-lite.so
 lib/shibboleth/plugins.so
 %%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.so
 %%WITH_APACHE_24%%lib/shibboleth/mod_shib_24.so
-lib/libshibsp-lite.so.6.0.4
+lib/libshibsp-lite.so.6.0.5
 lib/libshibsp-lite.so.6
 lib/libshibsp-lite.so
 sbin/shibd
@@ -170,7 +170,6 @@ share/doc/shibboleth/OPENSSL.LICENSE
 share/doc/shibboleth/README.txt
 share/doc/shibboleth/RELEASE.txt
 share/doc/shibboleth/main.css
-@dir share/doc/shibboleth/api
 @dir share/doc/shibboleth
 @dir lib/shibboleth
 @dir share/xml/shibboleth