pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/py-httpie
Module Name: pkgsrc
Committed By: adam
Date: Tue Aug 27 06:01:23 UTC 2019
Modified Files:
pkgsrc/www/py-httpie: Makefile distinfo
Log Message:
py-httpie: updated to 1.0.3
1.0.3:
* Fixed CVE-2019-10751 — the way the output filename is generated for
--download requests without --output resulting in a redirect has
been changed to only consider the initial URL as the base for the generated
filename, and not the final one. This fixes a potential security issue under
the following scenario:
1. A --download request with no explicit --output is made (e.g.,
$ http -d example.org/file.txt), instructing httpie to
generate the output filename <https://httpie.org/doc#downloaded-file-name>_
from the Content-Disposition response, or from the URL if the header
is not provided.
2. The server handling the request has been modified by an attacker and
instead of the expected response the URL returns a redirect to another
URL, e.g., attacker.example.org/.bash_profile, whose response does
not provide a Content-Disposition header (i.e., the base for the
generated filename becomes .bash_profile instead of file.txt).
3. Your current directory doesn’t already contain .bash_profile
(i.e., no unique suffix is added to the generated filename).
4. You don’t notice the potentially unexpected output filename
as reported by httpie in the console output
(e.g., Downloading 100.00 B to ".bash_profile").
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/py-httpie/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/py-httpie/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/py-httpie/Makefile
diff -u pkgsrc/www/py-httpie/Makefile:1.7 pkgsrc/www/py-httpie/Makefile:1.8
--- pkgsrc/www/py-httpie/Makefile:1.7 Fri Nov 30 11:28:55 2018
+++ pkgsrc/www/py-httpie/Makefile Tue Aug 27 06:01:23 2019
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2018/11/30 11:28:55 adam Exp $
+# $NetBSD: Makefile,v 1.8 2019/08/27 06:01:23 adam Exp $
-DISTNAME= httpie-1.0.2
+DISTNAME= httpie-1.0.3
PKGNAME= ${PYPKGPREFIX}-${EGG_NAME}
CATEGORIES= www python
MASTER_SITES= ${MASTER_SITE_PYPI:=h/httpie/}
@@ -13,14 +13,14 @@ LICENSE= original-bsd
DEPENDS+= ${PYPKGPREFIX}-curses-[0-9]*:../../devel/py-curses
DEPENDS+= ${PYPKGPREFIX}-pygments>=2.1.3:../../textproc/py-pygments
DEPENDS+= ${PYPKGPREFIX}-requests>=2.18.4:../../devel/py-requests
-# Tests are not included as of 1.0.2
-TEST_DEPENDS+= ${PYPKGPREFIX}-test-httpbin-[0-9]*:../../www/py-test-httpbin
+# Tests are not included as of 1.0.3
+#TEST_DEPENDS+= ${PYPKGPREFIX}-test-httpbin-[0-9]*:../../www/py-test-httpbin
USE_LANGUAGES= # none
post-install:
cd ${DESTDIR}${PREFIX}/bin && \
- ${MV} http http-${PYVERSSUFFIX} || ${TRUE}
+ ${MV} http http-${PYVERSSUFFIX} || ${TRUE}
.include "../../lang/python/egg.mk"
.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/www/py-httpie/distinfo
diff -u pkgsrc/www/py-httpie/distinfo:1.8 pkgsrc/www/py-httpie/distinfo:1.9
--- pkgsrc/www/py-httpie/distinfo:1.8 Fri Nov 30 11:28:55 2018
+++ pkgsrc/www/py-httpie/distinfo Tue Aug 27 06:01:23 2019
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.8 2018/11/30 11:28:55 adam Exp $
+$NetBSD: distinfo,v 1.9 2019/08/27 06:01:23 adam Exp $
-SHA1 (httpie-1.0.2.tar.gz) = 28b9c57c10f20a38b985d87de856ffc4042deae3
-RMD160 (httpie-1.0.2.tar.gz) = dde8e550fa2083eddb69512310a5ec1f52d9a86a
-SHA512 (httpie-1.0.2.tar.gz) = cc0f2b8928d68bdd0c4eba96f499365d294429e909d91538c48f5028a55ca4a7ba41abdb94ef851459799f437457639b43ba408bb6336702d6042e7e5d5a9cbf
-Size (httpie-1.0.2.tar.gz) = 85245 bytes
+SHA1 (httpie-1.0.3.tar.gz) = 476fde8aa1827f7dd65c3a114e80023450df0bff
+RMD160 (httpie-1.0.3.tar.gz) = ce5d7149dcca76a93c8f4d9a8d19c7560b8463ca
+SHA512 (httpie-1.0.3.tar.gz) = b51779e0ec8f24108ee3f4bf690dc9dfddafff42509d1aa3d13ac12d65a93e02aad9644dc10134ebdbebf949b250cb288650a4dad3d382143e9ad3b9b0ac8c16
+Size (httpie-1.0.3.tar.gz) = 86725 bytes
Home |
Main Index |
Thread Index |
Old Index