pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/54883: python-ecdsa 0.15 (important security update)



The following reply was made to PR pkg/54883; it has been noted by GNATS.

From: js-pkgsrc%heap.zone@localhost
To: gnats-bugs%netbsd.org@localhost
Cc: gls%netbsd.org@localhost,
 gnats-admin%netbsd.org@localhost,
 pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/54883: python-ecdsa 0.15 (important security update)
Date: Sun, 9 Feb 2020 12:26:43 +0100

 > When updating packages, if possible please also provide a changelog =
 from
 > upstream.
 
 I could not find an upstream change log, unfortunately. It's also =
 jumping several versions.
 
 > Unrelated to the update but I think that EGG_NAME could be removed (I
 > think that defining it as ecdsa-${PKGVERSION} is also incorrect for
 > possible PKGREVISION bumps), please remove it if that's the case.
 
 Removed.
 
 > The extra requires.txt seems to point out that there is at least a
 > missing dependency, please add py-six to DEPENDS in the Makefile.
 
 Added.
 
 > The PLIST is not sorted, please sort it.
 
 Done.
 
 New patch:
 
 commit 72fe11c8f23930b06c6045149c68dac2736e703e
 Author: Jonathan Schleifer <js%nil.im@localhost>
 Date:   Wed Jan 22 01:33:03 2020 +0100
 
     py-ecdsa 0.15, includes important security updates
    =20
     Also switches the source from GitHub to PyPi, because for whatever
     reason, the archive is different. Hashes for the archive from GitHub =
 are
     nowhere to be found, and I could not find a single distro that uses =
 the
     archive from GitHub instead of PyPi. So instead, I used the PyPi one =
 and
     compared the hashes to what Alpine has.
 
 diff --git a/security/py-ecdsa/Makefile b/security/py-ecdsa/Makefile
 index 496eb0b8bd5..fb19738c5ca 100644
 --- a/security/py-ecdsa/Makefile
 +++ b/security/py-ecdsa/Makefile
 @@ -1,17 +1,17 @@
  # $NetBSD: Makefile,v 1.7 2015/06/29 17:00:00 gls Exp $
 =20
 -DISTNAME=3D	python-ecdsa-0.13
 -PKGNAME=3D	${PYPKGPREFIX}-ecdsa-0.13
 -EGG_NAME=3D	ecdsa-${PKGVERSION}
 +DISTNAME=3D	ecdsa-0.15
 +PKGNAME=3D	${PYPKGPREFIX}-ecdsa-0.15
  CATEGORIES=3D	security
 -MASTER_SITES=3D	https://github.com/warner/python-ecdsa/archive/
 +MASTER_SITES=3D	${MASTER_SITE_PYPI:=3De/ecdsa/}
 =20
  MAINTAINER=3D	gls%NetBSD.org@localhost
  HOMEPAGE=3D	https://github.com/warner/python-ecdsa/
  COMMENT=3D	Easy-to-use implementation of ECDSA cryptography
  LICENSE=3D	mit
 =20
 -WRKSRC=3D		${WRKDIR}/python-ecdsa-${DISTNAME}
 +DEPENDS+=3D	${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six
 +
  USE_LANGUAGES=3D	# none
 =20
  REPLACE_PYTHON=3D	ecdsa/ecdsa.py ecdsa/ellipticcurve.py =
 ecdsa/numbertheory.py
 diff --git a/security/py-ecdsa/PLIST b/security/py-ecdsa/PLIST
 index 32517559708..bd61df47360 100644
 --- a/security/py-ecdsa/PLIST
 +++ b/security/py-ecdsa/PLIST
 @@ -1,11 +1,18 @@
 -@comment $NetBSD: PLIST,v 1.3 2015/06/29 17:00:00 gls Exp $
 +@comment $NetBSD$
  ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
  ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
  ${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
 +${PYSITELIB}/${EGG_INFODIR}/requires.txt
  ${PYSITELIB}/${EGG_INFODIR}/top_level.txt
  ${PYSITELIB}/ecdsa/__init__.py
  ${PYSITELIB}/ecdsa/__init__.pyc
  ${PYSITELIB}/ecdsa/__init__.pyo
 +${PYSITELIB}/ecdsa/_compat.py
 +${PYSITELIB}/ecdsa/_compat.pyc
 +${PYSITELIB}/ecdsa/_compat.pyo
 +${PYSITELIB}/ecdsa/_rwlock.py
 +${PYSITELIB}/ecdsa/_rwlock.pyc
 +${PYSITELIB}/ecdsa/_rwlock.pyo
  ${PYSITELIB}/ecdsa/_version.py
  ${PYSITELIB}/ecdsa/_version.pyc
  ${PYSITELIB}/ecdsa/_version.pyo
 @@ -15,6 +22,9 @@ ${PYSITELIB}/ecdsa/curves.pyo
  ${PYSITELIB}/ecdsa/der.py
  ${PYSITELIB}/ecdsa/der.pyc
  ${PYSITELIB}/ecdsa/der.pyo
 +${PYSITELIB}/ecdsa/ecdh.py
 +${PYSITELIB}/ecdsa/ecdh.pyc
 +${PYSITELIB}/ecdsa/ecdh.pyo
  ${PYSITELIB}/ecdsa/ecdsa.py
  ${PYSITELIB}/ecdsa/ecdsa.pyc
  ${PYSITELIB}/ecdsa/ecdsa.pyo
 @@ -30,12 +40,36 @@ ${PYSITELIB}/ecdsa/numbertheory.pyo
  ${PYSITELIB}/ecdsa/rfc6979.py
  ${PYSITELIB}/ecdsa/rfc6979.pyc
  ${PYSITELIB}/ecdsa/rfc6979.pyo
 -${PYSITELIB}/ecdsa/six.py
 -${PYSITELIB}/ecdsa/six.pyc
 -${PYSITELIB}/ecdsa/six.pyo
 +${PYSITELIB}/ecdsa/test_der.py
 +${PYSITELIB}/ecdsa/test_der.pyc
 +${PYSITELIB}/ecdsa/test_der.pyo
 +${PYSITELIB}/ecdsa/test_ecdh.py
 +${PYSITELIB}/ecdsa/test_ecdh.pyc
 +${PYSITELIB}/ecdsa/test_ecdh.pyo
 +${PYSITELIB}/ecdsa/test_ecdsa.py
 +${PYSITELIB}/ecdsa/test_ecdsa.pyc
 +${PYSITELIB}/ecdsa/test_ecdsa.pyo
 +${PYSITELIB}/ecdsa/test_ellipticcurve.py
 +${PYSITELIB}/ecdsa/test_ellipticcurve.pyc
 +${PYSITELIB}/ecdsa/test_ellipticcurve.pyo
 +${PYSITELIB}/ecdsa/test_jacobi.py
 +${PYSITELIB}/ecdsa/test_jacobi.pyc
 +${PYSITELIB}/ecdsa/test_jacobi.pyo
 +${PYSITELIB}/ecdsa/test_keys.py
 +${PYSITELIB}/ecdsa/test_keys.pyc
 +${PYSITELIB}/ecdsa/test_keys.pyo
 +${PYSITELIB}/ecdsa/test_malformed_sigs.py
 +${PYSITELIB}/ecdsa/test_malformed_sigs.pyc
 +${PYSITELIB}/ecdsa/test_malformed_sigs.pyo
 +${PYSITELIB}/ecdsa/test_numbertheory.py
 +${PYSITELIB}/ecdsa/test_numbertheory.pyc
 +${PYSITELIB}/ecdsa/test_numbertheory.pyo
  ${PYSITELIB}/ecdsa/test_pyecdsa.py
  ${PYSITELIB}/ecdsa/test_pyecdsa.pyc
  ${PYSITELIB}/ecdsa/test_pyecdsa.pyo
 +${PYSITELIB}/ecdsa/test_rw_lock.py
 +${PYSITELIB}/ecdsa/test_rw_lock.pyc
 +${PYSITELIB}/ecdsa/test_rw_lock.pyo
  ${PYSITELIB}/ecdsa/util.py
  ${PYSITELIB}/ecdsa/util.pyc
  ${PYSITELIB}/ecdsa/util.pyo
 diff --git a/security/py-ecdsa/distinfo b/security/py-ecdsa/distinfo
 index aa491f44855..b744ddc02a6 100644
 --- a/security/py-ecdsa/distinfo
 +++ b/security/py-ecdsa/distinfo
 @@ -1,6 +1,6 @@
  $NetBSD: distinfo,v 1.7 2015/11/04 01:18:03 agc Exp $
 =20
 -SHA1 (python-ecdsa-0.13.tar.gz) =3D =
 f23d77b03f3e62a9298579ccf897a305c618a6f2
 -RMD160 (python-ecdsa-0.13.tar.gz) =3D =
 7d7e2bb73649dba507f6389b8f909d251346e1fc
 -SHA512 (python-ecdsa-0.13.tar.gz) =3D =
 540b85bc11963b369a2b77adcae132fbac8d267c34c865207b434f013c3d82a9ed118e22e7=
 ce73f85c2ddd5a629926a29ec1b92b56f2a350bb155b53cdb60244
 -Size (python-ecdsa-0.13.tar.gz) =3D 58966 bytes
 +SHA1 (ecdsa-0.15.tar.gz) =3D 5ac84f3012d807793bcb98a8e9c86c63b9965596
 +RMD160 (ecdsa-0.15.tar.gz) =3D aaeba796ec51455deb06d4accc01535aeac26302
 +SHA512 (ecdsa-0.15.tar.gz) =3D =
 7b7491d1abdb5ca43456d943c96525fa5d722635c496bbddd04ef8e1baad9dc0aef3d1752a=
 fea7820f7796421b18295ee260657ec1e8faf7564613b316c0d603
 +Size (ecdsa-0.15.tar.gz) =3D 122119 bytes
 


Home | Main Index | Thread Index | Old Index