ports/159194: [PATCH] update security/opensaml2 to latest version (2.4.3) to resolve security issue

Tue Jul 26 01:20:06 UTC 2011

>Number:         159194
>Category:       ports
>Synopsis:       [PATCH] update security/opensaml2 to latest version (2.4.3) to resolve security issue
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 26 01:20:05 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Steve Wills
>Release:        
>Organization:
>Environment:
>Description:
security/opensaml2 has a security issue, please see:

http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/vuln.xml.diff?r1=1.2398;r2=1.2399;f=h

and

https://groups.google.com/a/shibboleth.net/group/announce/browse_thread/thread/cf3e0d76afbb57d9#

https://groups.google.com/a/shibboleth.net/group/announce/browse_thread/thread/ab672f278c27bb9b#

The attached patch updates it to the latest version which resolves the issue.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: security/opensaml2/Makefile
===================================================================
RCS file: /home/ncvs/ports/security/opensaml2/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile

--- security/opensaml2/Makefile	27 Jun 2011 02:57:28 -0000	1.12
+++ security/opensaml2/Makefile	26 Jul 2011 01:15:23 -0000
@@ -6,9 +6,9 @@
 #
 
 PORTNAME=	opensaml2
-PORTVERSION=	2.4.1
+PORTVERSION=	2.4.3
 CATEGORIES=	security
-MASTER_SITES=	http://shibboleth.internet2.edu/downloads/opensaml/cpp/${PORTVERSION}/
+MASTER_SITES=	http://www.shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/
 DISTNAME=	opensaml-${PORTVERSION}
 
 MAINTAINER=	janos.mohacsi at bsd.hu
Index: security/opensaml2/distinfo
===================================================================
RCS file: /home/ncvs/ports/security/opensaml2/distinfo,v
retrieving revision 1.8
diff -u -r1.8 distinfo
--- security/opensaml2/distinfo	27 Jun 2011 02:57:28 -0000	1.8
+++ security/opensaml2/distinfo	26 Jul 2011 01:15:23 -0000
@@ -1,2 +1,2 @@
-SHA256 (opensaml-2.4.1.tar.gz) = 89289f882da19bab5d1476943d75c2f7fa97776980bfa86c7395b573603a2ecb
-SIZE (opensaml-2.4.1.tar.gz) = 870509
+SHA256 (opensaml-2.4.3.tar.gz) = 850187c7dd664f9216a387bcc9e08f36643f04ddc08d11551e33a46dd15d2539
+SIZE (opensaml-2.4.3.tar.gz) = 871693
Index: security/opensaml2/pkg-descr
===================================================================
RCS file: /home/ncvs/ports/security/opensaml2/pkg-descr,v
retrieving revision 1.4
diff -u -r1.4 pkg-descr
--- security/opensaml2/pkg-descr	22 Nov 2008 15:55:56 -0000	1.4
+++ security/opensaml2/pkg-descr	26 Jul 2011 01:15:23 -0000
@@ -1,4 +1,4 @@
 OpenSAML 2, a re-rewrite of OpenSAML 1, supports SAML 1.0, 1.1, 2.0 but is 
 not backwards compatible with OpenSAML 1.
 
-WWW: https://spaces.internet2.edu/display/OpenSAML/Home
+WWW: https://wiki.shibboleth.net/confluence/display/OpenSAML/Home


>Release-Note:
>Audit-Trail:
>Unformatted:

