CVS commit: pkgsrc/www/py-bleach

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Sat Apr 11 07:23:30 UTC 2020

Modified Files:
        pkgsrc/www/py-bleach: Makefile distinfo

Log Message:
py-bleach: updated to 3.1.4

Version 3.1.4:

Security fixes

* ``bleach.clean`` behavior parsing style attributes could result in a
  regular expression denial of service (ReDoS).

  Calls to ``bleach.clean`` with an allowed tag with an allowed
  ``style`` attribute were vulnerable to ReDoS. For example,
  ``bleach.clean(..., attributes={'a': ['style']})``.

  This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1,
  v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar
  regular expression and should be considered vulnerable too.

  Anyone using Bleach <=v3.1.3 is encouraged to upgrade.

Backwards incompatible changes

* Style attributes with dashes, or single or double quoted values are
  cleaned instead of passed through.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/py-bleach/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/py-bleach/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-bleach/Makefile
diff -u pkgsrc/www/py-bleach/Makefile:1.14 pkgsrc/www/py-bleach/Makefile:1.15
--- pkgsrc/www/py-bleach/Makefile:1.14  Wed Mar 18 10:08:16 2020
+++ pkgsrc/www/py-bleach/Makefile       Sat Apr 11 07:23:30 2020
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.14 2020/03/18 10:08:16 adam Exp $
+# $NetBSD: Makefile,v 1.15 2020/04/11 07:23:30 adam Exp $
 
-DISTNAME=      bleach-3.1.3
+DISTNAME=      bleach-3.1.4
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=b/bleach/}

Index: pkgsrc/www/py-bleach/distinfo
diff -u pkgsrc/www/py-bleach/distinfo:1.12 pkgsrc/www/py-bleach/distinfo:1.13
--- pkgsrc/www/py-bleach/distinfo:1.12  Wed Mar 18 10:08:16 2020
+++ pkgsrc/www/py-bleach/distinfo       Sat Apr 11 07:23:30 2020
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.12 2020/03/18 10:08:16 adam Exp $
+$NetBSD: distinfo,v 1.13 2020/04/11 07:23:30 adam Exp $
 
-SHA1 (bleach-3.1.3.tar.gz) = 09306029c815f77e7685bacfbc01228e80d9b76d
-RMD160 (bleach-3.1.3.tar.gz) = 6033fa4236a6c51ad107dae858a092dee88a15fb
-SHA512 (bleach-3.1.3.tar.gz) = 6c46504833ac9aa83ea056b6a2970aa539774301b14b5f0d7ae5abb9576ace56b7e027b718159c8ed83d37ae78b4db1083eb12b1cafcff10429399025fb5ab4e
-Size (bleach-3.1.3.tar.gz) = 176601 bytes
+SHA1 (bleach-3.1.4.tar.gz) = ce0937e304ddaad0a93bee5da3533c1440f3b525
+RMD160 (bleach-3.1.4.tar.gz) = cddd93fba0cf2871778d14ef0e80604b4971ee70
+SHA512 (bleach-3.1.4.tar.gz) = da233794954aad4e63e334d3c3bab9089e7767e0d784b8c51d12d2862ac6ed73ad5122b4d9cfd291ba7d9fc86a4a3b515429d7e383f241a46e3290acefa2ffc6
+Size (bleach-3.1.4.tar.gz) = 177813 bytes