pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/py-cfscrape 1.8.0:
details: https://anonhg.NetBSD.org/pkgsrc/rev/02c45343a7bb
branches: trunk
changeset: 365861:02c45343a7bb
user: adam <adam%pkgsrc.org@localhost>
date: Fri Jul 28 07:04:36 2017 +0000
description:
1.8.0:
Remove insecure Js2Py library (code execution risk)
Please upgrade to 1.8.0 immediately.
Versions 1.6.6 to 1.7.1 are vulnerable to code execution. If you are running a vulnerable version, a malicious website owner could craft a page which executes arbitrary Python code on the machine
that runs this script. This can only occur if the website that the user attempts to scrape has specifically prepared a page to exploit vulnerable versions of cfscrape.
diffstat:
www/py-cfscrape/Makefile | 12 +++++++-----
www/py-cfscrape/distinfo | 10 +++++-----
2 files changed, 12 insertions(+), 10 deletions(-)
diffs (43 lines):
diff -r 36ce7c3bf68d -r 02c45343a7bb www/py-cfscrape/Makefile
--- a/www/py-cfscrape/Makefile Fri Jul 28 07:01:31 2017 +0000
+++ b/www/py-cfscrape/Makefile Fri Jul 28 07:04:36 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.1 2017/02/07 23:52:16 joerg Exp $
+# $NetBSD: Makefile,v 1.2 2017/07/28 07:04:36 adam Exp $
-DISTNAME= cfscrape-1.6.8
+DISTNAME= cfscrape-1.8.0
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
-CATEGORIES= python www net
+CATEGORIES= www net python
MASTER_SITES= ${MASTER_SITE_PYPI:=c/cfscrape/}
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
@@ -10,8 +10,10 @@
COMMENT= Python module for dealing with Cloudfare protection
LICENSE= mit
-DEPENDS+= ${PYPKGPREFIX}-requests-[0-9]*:../../devel/py-requests
-DEPENDS+= ${PYPKGPREFIX}-js2py-[0-9]*:../../lang/py-js2py
+DEPENDS+= ${PYPKGPREFIX}-execjs>=1.4.0:../../lang/py-execjs
+DEPENDS+= ${PYPKGPREFIX}-requests>=2.0.0:../../devel/py-requests
+
+USE_LANGUAGES= # none
.include "../../lang/python/egg.mk"
.include "../../mk/bsd.pkg.mk"
diff -r 36ce7c3bf68d -r 02c45343a7bb www/py-cfscrape/distinfo
--- a/www/py-cfscrape/distinfo Fri Jul 28 07:01:31 2017 +0000
+++ b/www/py-cfscrape/distinfo Fri Jul 28 07:04:36 2017 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.1 2017/02/07 23:52:16 joerg Exp $
+$NetBSD: distinfo,v 1.2 2017/07/28 07:04:36 adam Exp $
-SHA1 (cfscrape-1.6.8.tar.gz) = dd4d9d3754bfbb10e5ce92b7d14733d2f6436036
-RMD160 (cfscrape-1.6.8.tar.gz) = e74493116b2432b53a5862b27bd4a59af5359f3b
-SHA512 (cfscrape-1.6.8.tar.gz) = 9531403e941d3f7d3149012594ebadc0b6570d8419eb61bf2b53864fc467cc475f9601673fded545a195abf78d74ff1c9f715ac4504e391e82ba55589780832f
-Size (cfscrape-1.6.8.tar.gz) = 3202 bytes
+SHA1 (cfscrape-1.8.0.tar.gz) = 96d213cb2d576bd91ddb6d115ca03eadf2b3d8a7
+RMD160 (cfscrape-1.8.0.tar.gz) = ee4ea6853ec02dd53c613d4b73111386facf8acb
+SHA512 (cfscrape-1.8.0.tar.gz) = 1305eac9b61658d8625cbadcdf0f780d72e9504b01b1269a5beebe7d1958f7d0b114f0cd7654cf569781ddca660bbc397199d9ab377a86bb182f95674bec3077
+Size (cfscrape-1.8.0.tar.gz) = 3495 bytes
Home |
Main Index |
Thread Index |
Old Index