CVS commit: pkgsrc/print/py-octoprint

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon Feb 16 09:16:44 UTC 2026

Modified Files:
        pkgsrc/print/py-octoprint: Makefile distinfo

Log Message:
py-octoprint: updated to 1.11.6

1.11.6

Security fixes

Timing Side-Channel in API Key Authentication, severity Moderate (6.0): OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key 
extraction over the network.

Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the 
point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess 
an API key character by character.

The likelihood of this attack actually working is highly dependent on the network's latency, noise and similar parameters. An actual proof of concept was not achieved so far. Still, as always 
administrators are advised to not expose their OctoPrint instance on hostile networks, especially not on the public internet!

See also the GitHub Security Advisory and CVE-2026-23892

Features & improvements

Achievements Plugin

Support resetting the yearly stats & display the status of the current year.

Bug fixes

Core

Correctly apply preprocessors on settings get & set when handling nested values.

Achievements Plugin

Properly handle year changes during runtime in stats collection, which is also used for the Wrapped Plugin. Auto fix stats affected by the underlying issue.

Upload Manager Plugin

Fix multi select on MacOS, now uses Cmd+Click.
Fix shift select logic to be more inline with common operating system file explorers.


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/print/py-octoprint/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/print/py-octoprint/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/print/py-octoprint/Makefile
diff -u pkgsrc/print/py-octoprint/Makefile:1.15 pkgsrc/print/py-octoprint/Makefile:1.16
--- pkgsrc/print/py-octoprint/Makefile:1.15     Sun Jan 11 09:36:20 2026
+++ pkgsrc/print/py-octoprint/Makefile  Mon Feb 16 09:16:43 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.15 2026/01/11 09:36:20 adam Exp $
+# $NetBSD: Makefile,v 1.16 2026/02/16 09:16:43 adam Exp $
 
-DISTNAME=      octoprint-1.11.5
+DISTNAME=      octoprint-1.11.6
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    print python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=O/OctoPrint/}

Index: pkgsrc/print/py-octoprint/distinfo
diff -u pkgsrc/print/py-octoprint/distinfo:1.8 pkgsrc/print/py-octoprint/distinfo:1.9
--- pkgsrc/print/py-octoprint/distinfo:1.8      Sun Jan 11 09:36:20 2026
+++ pkgsrc/print/py-octoprint/distinfo  Mon Feb 16 09:16:43 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.8 2026/01/11 09:36:20 adam Exp $
+$NetBSD: distinfo,v 1.9 2026/02/16 09:16:43 adam Exp $
 
-BLAKE2s (octoprint-1.11.5.tar.gz) = 3128a3d5541448433874f2f1d020a111351c98cba0bd4c29e651f9efe1017231
-SHA512 (octoprint-1.11.5.tar.gz) = f46ec0bd88b944c571ff9f5474e2f3e7742075a95a956dbb3cb0b5d5102a4db896d524ba70099d275132c465879e7e3c36eb69eb2cf50bf1b9dacf82c62db197
-Size (octoprint-1.11.5.tar.gz) = 3232182 bytes
+BLAKE2s (octoprint-1.11.6.tar.gz) = 5070a63a360a6f190bbd37efbe5e1d057fcb378ceb2c698990c02ec7b40850d2
+SHA512 (octoprint-1.11.6.tar.gz) = b5658759aeea75e222f07ebb0f9817cba90abf128543ddda9ffb7a91d7b7fd85095b29380ad89c4892d1284ab3b142249210fa67ed2fd5fd2a163dfee0d170b9
+Size (octoprint-1.11.6.tar.gz) = 3234886 bytes