CVS commit: pkgsrc/www/py-cfscrape

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Fri Jul 28 07:04:36 UTC 2017

Modified Files:
        pkgsrc/www/py-cfscrape: Makefile distinfo

Log Message:
1.8.0:
Remove insecure Js2Py library (code execution risk)

Please upgrade to 1.8.0 immediately.

Versions 1.6.6 to 1.7.1 are vulnerable to code execution. If you are running a vulnerable version, a malicious website owner could craft a page which executes arbitrary Python code on the machine 
that runs this script. This can only occur if the website that the user attempts to scrape has specifically prepared a page to exploit vulnerable versions of cfscrape.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/py-cfscrape/Makefile \
    pkgsrc/www/py-cfscrape/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-cfscrape/Makefile
diff -u pkgsrc/www/py-cfscrape/Makefile:1.1 pkgsrc/www/py-cfscrape/Makefile:1.2
--- pkgsrc/www/py-cfscrape/Makefile:1.1 Tue Feb  7 23:52:16 2017
+++ pkgsrc/www/py-cfscrape/Makefile     Fri Jul 28 07:04:36 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.1 2017/02/07 23:52:16 joerg Exp $
+# $NetBSD: Makefile,v 1.2 2017/07/28 07:04:36 adam Exp $
 
-DISTNAME=      cfscrape-1.6.8
+DISTNAME=      cfscrape-1.8.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
-CATEGORIES=    python www net
+CATEGORIES=    www net python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=c/cfscrape/}
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
@@ -10,8 +10,10 @@ HOMEPAGE=    http://pypi.python.org/pypi/cf
 COMMENT=       Python module for dealing with Cloudfare protection
 LICENSE=       mit
 
-DEPENDS+=      ${PYPKGPREFIX}-requests-[0-9]*:../../devel/py-requests
-DEPENDS+=      ${PYPKGPREFIX}-js2py-[0-9]*:../../lang/py-js2py
+DEPENDS+=      ${PYPKGPREFIX}-execjs>=1.4.0:../../lang/py-execjs
+DEPENDS+=      ${PYPKGPREFIX}-requests>=2.0.0:../../devel/py-requests
+
+USE_LANGUAGES=         # none
 
 .include "../../lang/python/egg.mk"
 .include "../../mk/bsd.pkg.mk"
Index: pkgsrc/www/py-cfscrape/distinfo
diff -u pkgsrc/www/py-cfscrape/distinfo:1.1 pkgsrc/www/py-cfscrape/distinfo:1.2
--- pkgsrc/www/py-cfscrape/distinfo:1.1 Tue Feb  7 23:52:16 2017
+++ pkgsrc/www/py-cfscrape/distinfo     Fri Jul 28 07:04:36 2017
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.1 2017/02/07 23:52:16 joerg Exp $
+$NetBSD: distinfo,v 1.2 2017/07/28 07:04:36 adam Exp $
 
-SHA1 (cfscrape-1.6.8.tar.gz) = dd4d9d3754bfbb10e5ce92b7d14733d2f6436036
-RMD160 (cfscrape-1.6.8.tar.gz) = e74493116b2432b53a5862b27bd4a59af5359f3b
-SHA512 (cfscrape-1.6.8.tar.gz) = 9531403e941d3f7d3149012594ebadc0b6570d8419eb61bf2b53864fc467cc475f9601673fded545a195abf78d74ff1c9f715ac4504e391e82ba55589780832f
-Size (cfscrape-1.6.8.tar.gz) = 3202 bytes
+SHA1 (cfscrape-1.8.0.tar.gz) = 96d213cb2d576bd91ddb6d115ca03eadf2b3d8a7
+RMD160 (cfscrape-1.8.0.tar.gz) = ee4ea6853ec02dd53c613d4b73111386facf8acb
+SHA512 (cfscrape-1.8.0.tar.gz) = 1305eac9b61658d8625cbadcdf0f780d72e9504b01b1269a5beebe7d1958f7d0b114f0cd7654cf569781ddca660bbc397199d9ab377a86bb182f95674bec3077
+Size (cfscrape-1.8.0.tar.gz) = 3495 bytes