Mon Apr 9 12:14:19 2018 UTC ()
py-bleach: updated to 2.1.3

Version 2.1.3:

**Security fixes**
* Attributes that have URI values weren't properly sanitized if the
  values contained character entities. Using character entities, it
  was possible to construct a URI value with a scheme that was not
  allowed that would slide through unsanitized.

  This security issue was introduced in Bleach 2.1. Anyone using
  Bleach 2.1 is highly encouraged to upgrade.

**Bug fixes**
* Fixed some other edge cases for attribute URI value sanitizing and
  improved testing of this code.


(adam)
diff -r1.8 -r1.9 pkgsrc/www/py-bleach/Makefile
diff -r1.7 -r1.8 pkgsrc/www/py-bleach/distinfo
cvs diff -r1.8 -r1.9 pkgsrc/www/py-bleach/Makefile (expand / switch to unified diff)

--- pkgsrc/www/py-bleach/Makefile 2017/12/10 16:56:51 1.8
+++ pkgsrc/www/py-bleach/Makefile 2018/04/09 12:14:19 1.9
@@ -1,21 +1,21 @@ @@ -1,21 +1,21 @@
1# $NetBSD: Makefile,v 1.8 2017/12/10 16:56:51 adam Exp $ 1# $NetBSD: Makefile,v 1.9 2018/04/09 12:14:19 adam Exp $
2 2
3DISTNAME= bleach-2.1.2 3DISTNAME= bleach-2.1.3
4PKGNAME= ${PYPKGPREFIX}-${DISTNAME} 4PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
5CATEGORIES= www python 5CATEGORIES= www python
6MASTER_SITES= ${MASTER_SITE_PYPI:=b/bleach/} 6MASTER_SITES= ${MASTER_SITE_PYPI:=b/bleach/}
7 7
8MAINTAINER= ryoon@NetBSD.org 8MAINTAINER= ryoon@NetBSD.org
9HOMEPAGE= https://github.com/mozilla/bleach 9HOMEPAGE= https://github.com/mozilla/bleach
10COMMENT= Easy whitelist-based HTML-sanitizing tool 10COMMENT= Easy whitelist-based HTML-sanitizing tool
11LICENSE= apache-2.0 11LICENSE= apache-2.0
12 12
13DEPENDS+= ${PYPKGPREFIX}-html5lib>=0.99999999:../../textproc/py-html5lib 13DEPENDS+= ${PYPKGPREFIX}-html5lib>=0.99999999:../../textproc/py-html5lib
14DEPENDS+= ${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six 14DEPENDS+= ${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six
15BUILD_DEPENDS+= ${PYPKGPREFIX}-test>=3.0.0:../../devel/py-test 
16BUILD_DEPENDS+= ${PYPKGPREFIX}-test-runner>=2.0:../../devel/py-test-runner 15BUILD_DEPENDS+= ${PYPKGPREFIX}-test-runner>=2.0:../../devel/py-test-runner
 16TEST_DEPENDS+= ${PYPKGPREFIX}-test>=3.0.0:../../devel/py-test
17 17
18USE_LANGUAGES= # none 18USE_LANGUAGES= # none
19 19
20.include "../../lang/python/egg.mk" 20.include "../../lang/python/egg.mk"
21.include "../../mk/bsd.pkg.mk" 21.include "../../mk/bsd.pkg.mk"
cvs diff -r1.7 -r1.8 pkgsrc/www/py-bleach/distinfo (expand / switch to unified diff)

--- pkgsrc/www/py-bleach/distinfo 2017/12/10 16:56:51 1.7
+++ pkgsrc/www/py-bleach/distinfo 2018/04/09 12:14:19 1.8
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.7 2017/12/10 16:56:51 adam Exp $ 1$NetBSD: distinfo,v 1.8 2018/04/09 12:14:19 adam Exp $
2 2
3SHA1 (bleach-2.1.2.tar.gz) = 5a1c023724f16cbb1fce65816aa36b6a502bebdc 3SHA1 (bleach-2.1.3.tar.gz) = ed09e5428b8a47d57e232457ad944119ce9cba06
4RMD160 (bleach-2.1.2.tar.gz) = 86b4f867b5dbcabf44af764c36d175625985dad3 4RMD160 (bleach-2.1.3.tar.gz) = a86fbfd97c1e2b7eace9eef5281e9c78d84c381b
5SHA512 (bleach-2.1.2.tar.gz) = ea4071e05deae54c88507c299805b44ade23810b63834d83fa5682ebcfb36bb4b9fe09e4aa2f50f9a5b1a07d13fd70aece30d02fc5b55d983930e353bdc37f48 5SHA512 (bleach-2.1.3.tar.gz) = ff74fb3646709f20c79ea02e6d0fb93e2f204d3151a05f259b703050c10d410859af76acb470405f6fb7b55c8fb64595e6f0fcf8e9cb8fd3fc3722fa30a47de5
6Size (bleach-2.1.2.tar.gz) = 58954 bytes 6Size (bleach-2.1.3.tar.gz) = 60141 bytes