Received: by mail.netbsd.org (Postfix, from userid 605) id E0BDB84DC6; Wed, 18 Mar 2020 10:08:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 67CFD84DB5 for ; Wed, 18 Mar 2020 10:08:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id wS_MyRYAfE7J for ; Wed, 18 Mar 2020 10:08:16 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 7298084D3C for ; Wed, 18 Mar 2020 10:08:16 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 6656AFB27; Wed, 18 Mar 2020 10:08:16 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1584526096136930" MIME-Version: 1.0 Date: Wed, 18 Mar 2020 10:08:16 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/www/py-bleach To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20200318100816.6656AFB27@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1584526096136930 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: adam Date: Wed Mar 18 10:08:16 UTC 2020 Modified Files: pkgsrc/www/py-bleach: Makefile distinfo Log Message: py-bleach: updated to 3.1.3 Version 3.1.3: **Features** * Add relative link to code of conduct. * Drop deprecated 'setup.py test' support. * Fix typo: curren -> current in tests/test_clean.py * Test on PyPy 7 * Drop test support for end of life Python 3.4 Version 3.1.2: **Security fixes** * ``bleach.clean`` behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or ``svg`` tags and one or more of the RCDATA tags ``script``, ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or ``xmp`` in the allowed tags whitelist were vulnerable to a mutation XSS. This security issue was confirmed in Bleach version v3.1.1. Earlier versions are likely affected too. Version 3.1.1: **Security fixes** * ``bleach.clean`` behavior parsing ``noscript`` tags did not match browser behavior. Calls to ``bleach.clean`` allowing ``noscript`` and one or more of the raw text tags (``title``, ``textarea``, ``script``, ``style``, ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable to a mutation XSS. This security issue was confirmed in Bleach versions v2.1.4, v3.0.2, and v3.1.0. Earlier versions are probably affected too. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/py-bleach/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/py-bleach/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1584526096136930 Content-Disposition: inline Content-Length: 1837 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/py-bleach/Makefile diff -u pkgsrc/www/py-bleach/Makefile:1.13 pkgsrc/www/py-bleach/Makefile:1.14 --- pkgsrc/www/py-bleach/Makefile:1.13 Mon Jan 21 12:23:39 2019 +++ pkgsrc/www/py-bleach/Makefile Wed Mar 18 10:08:16 2020 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.13 2019/01/21 12:23:39 adam Exp $ +# $NetBSD: Makefile,v 1.14 2020/03/18 10:08:16 adam Exp $ -DISTNAME= bleach-3.1.0 +DISTNAME= bleach-3.1.3 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} CATEGORIES= www python MASTER_SITES= ${MASTER_SITE_PYPI:=b/bleach/} @@ -19,5 +19,8 @@ USE_LANGUAGES= # none REPLACE_SH+= bleach/_vendor/pip_install_vendor.sh +do-test: + cd ${WRKSRC} && pytest-${PYVERSSUFFIX} tests + .include "../../lang/python/egg.mk" .include "../../mk/bsd.pkg.mk" Index: pkgsrc/www/py-bleach/distinfo diff -u pkgsrc/www/py-bleach/distinfo:1.11 pkgsrc/www/py-bleach/distinfo:1.12 --- pkgsrc/www/py-bleach/distinfo:1.11 Mon Jan 21 12:23:39 2019 +++ pkgsrc/www/py-bleach/distinfo Wed Mar 18 10:08:16 2020 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.11 2019/01/21 12:23:39 adam Exp $ +$NetBSD: distinfo,v 1.12 2020/03/18 10:08:16 adam Exp $ -SHA1 (bleach-3.1.0.tar.gz) = b44b7705a1425338cf429d66f009aa15d09b768d -RMD160 (bleach-3.1.0.tar.gz) = aa1bda9144a52123e900452e78325da2090cbded -SHA512 (bleach-3.1.0.tar.gz) = 8db3a54b68fa66a07a3b4b90481557aac06e7783f9c72035a6f037909017354718b67b64153e1cd50cb2c821174b8282837c4c3e667878041a68703b141b2969 -Size (bleach-3.1.0.tar.gz) = 167814 bytes +SHA1 (bleach-3.1.3.tar.gz) = 09306029c815f77e7685bacfbc01228e80d9b76d +RMD160 (bleach-3.1.3.tar.gz) = 6033fa4236a6c51ad107dae858a092dee88a15fb +SHA512 (bleach-3.1.3.tar.gz) = 6c46504833ac9aa83ea056b6a2970aa539774301b14b5f0d7ae5abb9576ace56b7e027b718159c8ed83d37ae78b4db1083eb12b1cafcff10429399025fb5ab4e +Size (bleach-3.1.3.tar.gz) = 176601 bytes --_----------=_1584526096136930--