CVS commit: pkgsrc/www/py-bleach

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Mar 18 10:08:16 UTC 2020

Modified Files:
        pkgsrc/www/py-bleach: Makefile distinfo

Log Message:
py-bleach: updated to 3.1.3

Version 3.1.3:

**Features**

* Add relative link to code of conduct.
* Drop deprecated 'setup.py test' support.
* Fix typo: curren -> current in tests/test_clean.py
* Test on PyPy 7
* Drop test support for end of life Python 3.4

Version 3.1.2:

**Security fixes**

* ``bleach.clean`` behavior parsing embedded MathML and SVG content
  with RCDATA tags did not match browser behavior and could result in
  a mutation XSS.

  Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
  ``svg`` tags and one or more of the RCDATA tags ``script``,
  ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
  ``xmp`` in the allowed tags whitelist were vulnerable to a mutation
  XSS.

  This security issue was confirmed in Bleach version v3.1.1. Earlier
  versions are likely affected too.

Version 3.1.1:

**Security fixes**

* ``bleach.clean`` behavior parsing ``noscript`` tags did not match
  browser behavior.

  Calls to ``bleach.clean`` allowing ``noscript`` and one or more of
  the raw text tags (``title``, ``textarea``, ``script``, ``style``,
  ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable
  to a mutation XSS.

  This security issue was confirmed in Bleach versions v2.1.4, v3.0.2,
  and v3.1.0. Earlier versions are probably affected too.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/py-bleach/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/py-bleach/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-bleach/Makefile
diff -u pkgsrc/www/py-bleach/Makefile:1.13 pkgsrc/www/py-bleach/Makefile:1.14
--- pkgsrc/www/py-bleach/Makefile:1.13  Mon Jan 21 12:23:39 2019
+++ pkgsrc/www/py-bleach/Makefile       Wed Mar 18 10:08:16 2020
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2019/01/21 12:23:39 adam Exp $
+# $NetBSD: Makefile,v 1.14 2020/03/18 10:08:16 adam Exp $
 
-DISTNAME=      bleach-3.1.0
+DISTNAME=      bleach-3.1.3
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=b/bleach/}
@@ -19,5 +19,8 @@ USE_LANGUAGES=        # none
 
 REPLACE_SH+=   bleach/_vendor/pip_install_vendor.sh
 
+do-test:
+       cd ${WRKSRC} && pytest-${PYVERSSUFFIX} tests
+
 .include "../../lang/python/egg.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/www/py-bleach/distinfo
diff -u pkgsrc/www/py-bleach/distinfo:1.11 pkgsrc/www/py-bleach/distinfo:1.12
--- pkgsrc/www/py-bleach/distinfo:1.11  Mon Jan 21 12:23:39 2019
+++ pkgsrc/www/py-bleach/distinfo       Wed Mar 18 10:08:16 2020
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.11 2019/01/21 12:23:39 adam Exp $
+$NetBSD: distinfo,v 1.12 2020/03/18 10:08:16 adam Exp $
 
-SHA1 (bleach-3.1.0.tar.gz) = b44b7705a1425338cf429d66f009aa15d09b768d
-RMD160 (bleach-3.1.0.tar.gz) = aa1bda9144a52123e900452e78325da2090cbded
-SHA512 (bleach-3.1.0.tar.gz) = 8db3a54b68fa66a07a3b4b90481557aac06e7783f9c72035a6f037909017354718b67b64153e1cd50cb2c821174b8282837c4c3e667878041a68703b141b2969
-Size (bleach-3.1.0.tar.gz) = 167814 bytes
+SHA1 (bleach-3.1.3.tar.gz) = 09306029c815f77e7685bacfbc01228e80d9b76d
+RMD160 (bleach-3.1.3.tar.gz) = 6033fa4236a6c51ad107dae858a092dee88a15fb
+SHA512 (bleach-3.1.3.tar.gz) = 6c46504833ac9aa83ea056b6a2970aa539774301b14b5f0d7ae5abb9576ace56b7e027b718159c8ed83d37ae78b4db1083eb12b1cafcff10429399025fb5ab4e
+Size (bleach-3.1.3.tar.gz) = 176601 bytes