Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=0wDUwHU2; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=kVTC9TqM Received: by mail.netbsd.org (Postfix, from userid 605) id 79E1C84D1B; Wed, 10 Apr 2024 12:51:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712753495; bh=a2aUOD9qrKYWASVSIB9jujEMwWlhnoQn43q9X3TRsBw=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=0wDUwHU2tMZ1mXwgHbskC4UglOThw7oUHj6c8PXZn+uouYn0KHGhckd+1lG5hhi21 qU8rbIE+GWSbQ0lRFN9H4iOr0BfFinQZzUaaTKV1f4kLViCwkcfeGPjBZGwsKD27Ud lTVK9gqSwAlBpXMEluuOf9XeWH1AEUSL93SDwhoQ= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6B85284CF7 for ; Wed, 10 Apr 2024 12:51:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 3Z4tYn4nrRld for ; Wed, 10 Apr 2024 12:51:33 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 7BF1D84CD5 for ; Wed, 10 Apr 2024 12:51:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712753493; bh=a2aUOD9qrKYWASVSIB9jujEMwWlhnoQn43q9X3TRsBw=; h=Date:From:Subject:To:Reply-To; b=kVTC9TqMiE1eG1QaROgvLG4YEYsT4p/2X+lEJCY55V4jZ9Ut1rXPsJCWsyRiAzg2N KrpwnBril2Nf6piObEhapQDrBXYwY2C5LJsxcWwwf1h5NQsqc2pKzhn79OByOHlEua llmdvJfYUp4P/fCNf+vm8TBVVaV+Q8BZm7KGgrL4= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 6EF60FA2C; Wed, 10 Apr 2024 12:51:33 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1712753493286130" MIME-Version: 1.0 Date: Wed, 10 Apr 2024 12:51:33 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/net/py-rpyc To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20240410125133.6EF60FA2C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1712753493286130 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Module Name: pkgsrc Committed By: adam Date: Wed Apr 10 12:51:33 UTC 2024 Modified Files: pkgsrc/net/py-rpyc: Makefile PLIST distinfo Added Files: pkgsrc/net/py-rpyc: ALTERNATIVES Log Message: py-rpyc: updated to 6.0.0 6.0.0 Resolves security issue that results in RCE. The fix breaks backwards compatibility for those that rely on the __array__ attribute used by numpy. This RCE is only exploitable when the server-side gets the attribute __array__ and calls it (e.g., np.array(x)). This issues effects all versions since major release 4. 5.3.1 Resolved timeout issue that was introduced in 5.2.1 and While the fix for thread binding is not backwards compatible, it only impacts people using an experimental feature. Hence, I did a patch version bump. 5.3.0 Support for Python 3.11 is available after teleportation bug fix Experimental support for threading is added (default is disabled for now) Resolved server-side exceptions due to the logic for checking if a name is in ModuleNamespace Improved documentation on the life-cycle of a netref/proxy-object 5.2.3 rpyc_classic.py and rpyc_registry.py can now be resolved without the suffix as well. 5.2.1 Added support for using decorators to expose methods Allow BgServingThread serve and sleep intervals to be customized Avoid redefining hasattr_static on every _check_attr call Updated SSL context usage to avoid deprecated aspects and changes Add a configurable timeout on the zero deploy close method Fixed –mode CLI argument for rpyc_registry Fixed propagation of AttributeErrors raised by exposed descriptors Allow filtering by host on list_services and Some work around race conditions but proper fix is rather involved 5.2.0 was skipped due to PyPi not allowing file name reuse 5.1.0 Add types.MappingProxyType to _builtin_types Updated documentation Fixed spradic dealock issues from wait within AsyncResult Fixed chained Classic RPyC connections Added ability to list Registry services Fixed bug that prevented RPyC from running on systems without SSL Fixed unexpected behavior with respect to auto_register Fixed propagation of chunk_size parameter for download_dir 5.0.1 Fixed unexpected behavior when using inspect.isfunction Now prevents installation of RPyC on unsupported versions of python 5.0.0 Date: 12.26.2020 Backwards Incompatible RPyC 5.0.0 cannot teleport functions to earlier versions Deprecated Python 2 support to coincide with it’s EOL Improvements Server hostname default supports IPv4 and IPv6 by using the wildcard address Added docker/docker-compose.yml for Python 3.6, 3.7, 3.8, 3.9, and 3.10 containers to improve local workflow Fixed pickle failure on windows for connect_multiprocess and connect_thread Fixed teleport function behavior for keyword-only arguments with default Improved documentation on custom exception handling Fixed IPv6 support for server Added a simple asynchronous service example To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 pkgsrc/net/py-rpyc/ALTERNATIVES cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/py-rpyc/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/py-rpyc/PLIST cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/py-rpyc/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1712753493286130 Content-Disposition: inline Content-Length: 4175 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/py-rpyc/Makefile diff -u pkgsrc/net/py-rpyc/Makefile:1.8 pkgsrc/net/py-rpyc/Makefile:1.9 --- pkgsrc/net/py-rpyc/Makefile:1.8 Thu May 11 09:31:10 2023 +++ pkgsrc/net/py-rpyc/Makefile Wed Apr 10 12:51:33 2024 @@ -1,21 +1,32 @@ -# $NetBSD: Makefile,v 1.8 2023/05/11 09:31:10 adam Exp $ +# $NetBSD: Makefile,v 1.9 2024/04/10 12:51:33 adam Exp $ -DISTNAME= rpyc-4.1.2 +DISTNAME= rpyc-6.0.0 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} -PKGREVISION= 1 -CATEGORIES= net +CATEGORIES= net python MASTER_SITES= ${MASTER_SITE_PYPI:=r/rpyc/} MAINTAINER= gde@llew.me -HOMEPAGE= http://rpyc.readthedocs.org/ +HOMEPAGE= https://rpyc.readthedocs.io/ COMMENT= Remote Python Call (RPyC), a transparent and symmetric RPC library LICENSE= mit +TOOL_DEPENDS+= ${PYPKGPREFIX}-hatchling>=1.6.0:../../devel/py-hatchling DEPENDS+= ${PYPKGPREFIX}-plumbum>=1.6.1:../../devel/py-plumbum -PYTHON_SELF_CONFLICT= yes +USE_LANGUAGES= # none + +REPLACE_PYTHON+= rpyc/cli/rpyc_classic.py +REPLACE_PYTHON+= rpyc/cli/rpyc_registry.py PYTHON_VERSIONS_INCOMPATIBLE= 27 -.include "../../lang/python/egg.mk" +post-install: +.for bin in rpyc_classic rpyc_registry + cd ${DESTDIR}${PREFIX}/bin && \ + ${RM} ${bin}.py && \ + ${MV} ${bin} ${bin}-${PYVERSSUFFIX} || ${TRUE} +.endfor + +.include "../../lang/python/application.mk" +.include "../../lang/python/wheel.mk" .include "../../mk/bsd.pkg.mk" Index: pkgsrc/net/py-rpyc/PLIST diff -u pkgsrc/net/py-rpyc/PLIST:1.5 pkgsrc/net/py-rpyc/PLIST:1.6 --- pkgsrc/net/py-rpyc/PLIST:1.5 Tue Jan 4 19:54:28 2022 +++ pkgsrc/net/py-rpyc/PLIST Wed Apr 10 12:51:33 2024 @@ -1,15 +1,23 @@ -@comment $NetBSD: PLIST,v 1.5 2022/01/04 19:54:28 wiz Exp $ -bin/rpyc_classic.py -bin/rpyc_registry.py -${PYSITELIB}/${EGG_INFODIR}/PKG-INFO -${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt -${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt -${PYSITELIB}/${EGG_INFODIR}/not-zip-safe -${PYSITELIB}/${EGG_INFODIR}/requires.txt -${PYSITELIB}/${EGG_INFODIR}/top_level.txt +@comment $NetBSD: PLIST,v 1.6 2024/04/10 12:51:33 adam Exp $ +bin/rpyc_classic-${PYVERSSUFFIX} +bin/rpyc_registry-${PYVERSSUFFIX} +${PYSITELIB}/${WHEEL_INFODIR}/METADATA +${PYSITELIB}/${WHEEL_INFODIR}/RECORD +${PYSITELIB}/${WHEEL_INFODIR}/WHEEL +${PYSITELIB}/${WHEEL_INFODIR}/entry_points.txt +${PYSITELIB}/${WHEEL_INFODIR}/licenses/LICENSE ${PYSITELIB}/rpyc/__init__.py ${PYSITELIB}/rpyc/__init__.pyc ${PYSITELIB}/rpyc/__init__.pyo +${PYSITELIB}/rpyc/cli/__init__.py +${PYSITELIB}/rpyc/cli/__init__.pyc +${PYSITELIB}/rpyc/cli/__init__.pyo +${PYSITELIB}/rpyc/cli/rpyc_classic.py +${PYSITELIB}/rpyc/cli/rpyc_classic.pyc +${PYSITELIB}/rpyc/cli/rpyc_classic.pyo +${PYSITELIB}/rpyc/cli/rpyc_registry.py +${PYSITELIB}/rpyc/cli/rpyc_registry.pyc +${PYSITELIB}/rpyc/cli/rpyc_registry.pyo ${PYSITELIB}/rpyc/core/__init__.py ${PYSITELIB}/rpyc/core/__init__.pyc ${PYSITELIB}/rpyc/core/__init__.pyo Index: pkgsrc/net/py-rpyc/distinfo diff -u pkgsrc/net/py-rpyc/distinfo:1.7 pkgsrc/net/py-rpyc/distinfo:1.8 --- pkgsrc/net/py-rpyc/distinfo:1.7 Tue Oct 26 11:06:42 2021 +++ pkgsrc/net/py-rpyc/distinfo Wed Apr 10 12:51:33 2024 @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.7 2021/10/26 11:06:42 nia Exp $ +$NetBSD: distinfo,v 1.8 2024/04/10 12:51:33 adam Exp $ -BLAKE2s (rpyc-4.1.2.tar.gz) = 9a44551f56bc74774ec9e6b01af58827f08e4e3544a79c36a63b64256b0f01e2 -SHA512 (rpyc-4.1.2.tar.gz) = cd5e23204187a77b6dc08703e36ce3f1d7b194e850f402e214e0e6c90cbda4dd8afa42e4d090aa44446be6ed274de6e374684b7ea281345f114109a0c449cfa1 -Size (rpyc-4.1.2.tar.gz) = 56783 bytes +BLAKE2s (rpyc-6.0.0.tar.gz) = b5e4b52e3743816fb7fed0c96e1ac7a315ccff757033327cf76d8058ea3ee9a8 +SHA512 (rpyc-6.0.0.tar.gz) = a8b4146b7b41b0dbe4a9fec4ed7ddd36b5e4143d8e7ad024e1ce4bc1a8db0979640842d63056cde000b865bff4dcfe795af3c83babd1eecaab9ba143d1279e9f +Size (rpyc-6.0.0.tar.gz) = 62091 bytes Added files: Index: pkgsrc/net/py-rpyc/ALTERNATIVES diff -u /dev/null pkgsrc/net/py-rpyc/ALTERNATIVES:1.1 --- /dev/null Wed Apr 10 12:51:33 2024 +++ pkgsrc/net/py-rpyc/ALTERNATIVES Wed Apr 10 12:51:33 2024 @@ -0,0 +1,2 @@ +bin/rpyc_classic @PREFIX@/bin/rpyc_classic-@PYVERSSUFFIX@ +bin/rpyc_registry @PREFIX@/bin/rpyc_registry-@PYVERSSUFFIX@ --_----------=_1712753493286130--