CVS commit: pkgsrc/www/py-notebook

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/py-notebook
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Fri, 22 Mar 2019 17:55:05 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Fri Mar 22 17:55:05 UTC 2019

Modified Files:
        pkgsrc/www/py-notebook: Makefile distinfo

Log Message:
py-notebook: updated to 5.7.6

5.7.6
5.7.6 contains a security fix for a cross-site inclusion (XSSI) vulnerability,
where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server.
The fix involves setting the X-Content-Type-Options: nosniff
header, and applying CSRF checks previously on all non-GET
API requests to GET requests to API endpoints and the /files/ endpoint.

The attacking page is able to access some contents of files when using Internet Explorer through script errors,
but this has not been demonstrated with other browsers.
A CVE has been requested for this vulnerability.

5.7.5
- Fix compatibility with tornado 6
- Fix opening integer filedescriptor during startup on Python 2
- Fix compatibility with asynchronous KernelManager.restart_kernel methods


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/py-notebook/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/py-notebook/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-notebook/Makefile
diff -u pkgsrc/www/py-notebook/Makefile:1.12 pkgsrc/www/py-notebook/Makefile:1.13
--- pkgsrc/www/py-notebook/Makefile:1.12        Tue Jan  8 10:49:30 2019
+++ pkgsrc/www/py-notebook/Makefile     Fri Mar 22 17:55:05 2019
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2019/01/08 10:49:30 markd Exp $
+# $NetBSD: Makefile,v 1.13 2019/03/22 17:55:05 adam Exp $
 
-DISTNAME=      notebook-5.7.4
+DISTNAME=      notebook-5.7.6
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
-PKGREVISION=   1
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=n/notebook/}
 

Index: pkgsrc/www/py-notebook/distinfo
diff -u pkgsrc/www/py-notebook/distinfo:1.8 pkgsrc/www/py-notebook/distinfo:1.9
--- pkgsrc/www/py-notebook/distinfo:1.8 Wed Jan  2 15:32:41 2019
+++ pkgsrc/www/py-notebook/distinfo     Fri Mar 22 17:55:05 2019
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.8 2019/01/02 15:32:41 adam Exp $
+$NetBSD: distinfo,v 1.9 2019/03/22 17:55:05 adam Exp $
 
-SHA1 (notebook-5.7.4.tar.gz) = 1be311bcee44c06f4ac4ec8c4cd59ba15504e585
-RMD160 (notebook-5.7.4.tar.gz) = 29c92f292c99e0c1211562499a730e51f6baffb4
-SHA512 (notebook-5.7.4.tar.gz) = e91bcc950055a670ddc966e52e44543de46eb806a55a468053de0b4b92868b3e9551aac51283c502c8bd7c4bfac41e108d81c6d1b32d117fe4a2c2625ffed7ee
-Size (notebook-5.7.4.tar.gz) = 13389469 bytes
+SHA1 (notebook-5.7.6.tar.gz) = f6d31d620b2817ca99e9e0f6685543effdc4185f
+RMD160 (notebook-5.7.6.tar.gz) = bfe058dcc54e0be016df47ca8f3837a09f89c54f
+SHA512 (notebook-5.7.6.tar.gz) = 3382dad95a0fd3de99b96c3a05a0d931fd99829320ef38760e70193b4162d4168459463d399fc066d5606e292462fee0c663ba7763b6f6834fce2c749533a017
+Size (notebook-5.7.6.tar.gz) = 13369646 bytes

Prev by Date: CVS commit: pkgsrc/net/py-prometheus_client
Next by Date: CVS commit: pkgsrc/ham/uhd
Previous by Thread: CVS commit: pkgsrc/net/py-prometheus_client
Next by Thread: CVS commit: pkgsrc/ham/uhd
Indexes:

Home | Main Index | Thread Index | Old Index