[pkgsrc/trunk]: pkgsrc/www/py-cfscrape 1.8.0:

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/02c45343a7bb
branches:  trunk
changeset: 365861:02c45343a7bb
user:      adam <adam%pkgsrc.org@localhost>
date:      Fri Jul 28 07:04:36 2017 +0000

description:
1.8.0:
Remove insecure Js2Py library (code execution risk)

Please upgrade to 1.8.0 immediately.

Versions 1.6.6 to 1.7.1 are vulnerable to code execution. If you are running a vulnerable version, a malicious website owner could craft a page which executes arbitrary Python code on the machine 
that runs this script. This can only occur if the website that the user attempts to scrape has specifically prepared a page to exploit vulnerable versions of cfscrape.

diffstat:

 www/py-cfscrape/Makefile |  12 +++++++-----
 www/py-cfscrape/distinfo |  10 +++++-----
 2 files changed, 12 insertions(+), 10 deletions(-)

diffs (43 lines):

diff -r 36ce7c3bf68d -r 02c45343a7bb www/py-cfscrape/Makefile
--- a/www/py-cfscrape/Makefile  Fri Jul 28 07:01:31 2017 +0000
+++ b/www/py-cfscrape/Makefile  Fri Jul 28 07:04:36 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.1 2017/02/07 23:52:16 joerg Exp $
+# $NetBSD: Makefile,v 1.2 2017/07/28 07:04:36 adam Exp $
 
-DISTNAME=      cfscrape-1.6.8
+DISTNAME=      cfscrape-1.8.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
-CATEGORIES=    python www net
+CATEGORIES=    www net python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=c/cfscrape/}
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
@@ -10,8 +10,10 @@
 COMMENT=       Python module for dealing with Cloudfare protection
 LICENSE=       mit
 
-DEPENDS+=      ${PYPKGPREFIX}-requests-[0-9]*:../../devel/py-requests
-DEPENDS+=      ${PYPKGPREFIX}-js2py-[0-9]*:../../lang/py-js2py
+DEPENDS+=      ${PYPKGPREFIX}-execjs>=1.4.0:../../lang/py-execjs
+DEPENDS+=      ${PYPKGPREFIX}-requests>=2.0.0:../../devel/py-requests
+
+USE_LANGUAGES=         # none
 
 .include "../../lang/python/egg.mk"
 .include "../../mk/bsd.pkg.mk"
diff -r 36ce7c3bf68d -r 02c45343a7bb www/py-cfscrape/distinfo
--- a/www/py-cfscrape/distinfo  Fri Jul 28 07:01:31 2017 +0000
+++ b/www/py-cfscrape/distinfo  Fri Jul 28 07:04:36 2017 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.1 2017/02/07 23:52:16 joerg Exp $
+$NetBSD: distinfo,v 1.2 2017/07/28 07:04:36 adam Exp $
 
-SHA1 (cfscrape-1.6.8.tar.gz) = dd4d9d3754bfbb10e5ce92b7d14733d2f6436036
-RMD160 (cfscrape-1.6.8.tar.gz) = e74493116b2432b53a5862b27bd4a59af5359f3b
-SHA512 (cfscrape-1.6.8.tar.gz) = 9531403e941d3f7d3149012594ebadc0b6570d8419eb61bf2b53864fc467cc475f9601673fded545a195abf78d74ff1c9f715ac4504e391e82ba55589780832f
-Size (cfscrape-1.6.8.tar.gz) = 3202 bytes
+SHA1 (cfscrape-1.8.0.tar.gz) = 96d213cb2d576bd91ddb6d115ca03eadf2b3d8a7
+RMD160 (cfscrape-1.8.0.tar.gz) = ee4ea6853ec02dd53c613d4b73111386facf8acb
+SHA512 (cfscrape-1.8.0.tar.gz) = 1305eac9b61658d8625cbadcdf0f780d72e9504b01b1269a5beebe7d1958f7d0b114f0cd7654cf569781ddca660bbc397199d9ab377a86bb182f95674bec3077
+Size (cfscrape-1.8.0.tar.gz) = 3495 bytes