pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/devel/py-requests
Module Name: pkgsrc
Committed By: adam
Date: Fri May 26 19:42:57 UTC 2023
Modified Files:
pkgsrc/devel/py-requests: Makefile distinfo
Removed Files:
pkgsrc/devel/py-requests/patches: patch-setup.py
Log Message:
py-requests: updated to 2.31.0
2.31.0 (2023-05-22)
-------------------
**Security**
- Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of `Proxy-Authorization` headers to destination servers when
following HTTPS redirects.
When proxies are defined with user info (https://user:pass@proxy:8080), Requests
will construct a `Proxy-Authorization` header that is attached to the request to
authenticate with the proxy.
In cases where Requests receives a redirect response, it previously reattached
the `Proxy-Authorization` header incorrectly, resulting in the value being
sent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are *strongly* encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.
Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.
Full details can be read in our [Github Security Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q)
and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681).
To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/devel/py-requests/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/py-requests/distinfo
cvs rdiff -u -r1.12 -r0 pkgsrc/devel/py-requests/patches/patch-setup.py
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/devel/py-requests/Makefile
diff -u pkgsrc/devel/py-requests/Makefile:1.60 pkgsrc/devel/py-requests/Makefile:1.61
--- pkgsrc/devel/py-requests/Makefile:1.60 Fri May 5 18:25:02 2023
+++ pkgsrc/devel/py-requests/Makefile Fri May 26 19:42:57 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.60 2023/05/05 18:25:02 adam Exp $
+# $NetBSD: Makefile,v 1.61 2023/05/26 19:42:57 adam Exp $
-DISTNAME= requests-2.30.0
+DISTNAME= requests-2.31.0
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= devel www python
MASTER_SITES= ${MASTER_SITE_PYPI:=r/requests/}
@@ -16,7 +16,7 @@ DEPENDS+= ${PYPKGPREFIX}-idna>=2.5:../..
DEPENDS+= ${PYPKGPREFIX}-urllib3>=1.21.1:../../www/py-urllib3
TEST_DEPENDS+= ${PYPKGPREFIX}-Socks>=1.5.8:../../net/py-Socks
TEST_DEPENDS+= ${PYPKGPREFIX}-test-cov-[0-9]*:../../devel/py-test-cov
-TEST_DEPENDS+= ${PYPKGPREFIX}-test-httpbin>=0.0.7:../../www/py-test-httpbin
+TEST_DEPENDS+= ${PYPKGPREFIX}-test-httpbin>=2.0.0:../../www/py-test-httpbin
TEST_DEPENDS+= ${PYPKGPREFIX}-test-mock-[0-9]*:../../devel/py-test-mock
TEST_DEPENDS+= ${PYPKGPREFIX}-test-xdist-[0-9]*:../../devel/py-test-xdist
TEST_DEPENDS+= ${PYPKGPREFIX}-test>=3:../../devel/py-test
Index: pkgsrc/devel/py-requests/distinfo
diff -u pkgsrc/devel/py-requests/distinfo:1.48 pkgsrc/devel/py-requests/distinfo:1.49
--- pkgsrc/devel/py-requests/distinfo:1.48 Fri May 5 18:25:02 2023
+++ pkgsrc/devel/py-requests/distinfo Fri May 26 19:42:57 2023
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.48 2023/05/05 18:25:02 adam Exp $
+$NetBSD: distinfo,v 1.49 2023/05/26 19:42:57 adam Exp $
-BLAKE2s (requests-2.30.0.tar.gz) = 52d01eb3b24b67d4f98038fd5115d898860eaa2f77cf6ce21c10d607d75f0d37
-SHA512 (requests-2.30.0.tar.gz) = a950a156ac78e5e315b95619f8753f7ba837c63198e256ea69a53f9492f7be1cecb295fcacbf091f3d5ae077ea02c67056d753f99c2b95cc9d233c3ca77f2905
-Size (requests-2.30.0.tar.gz) = 108411 bytes
-SHA1 (patch-setup.py) = 9344db9f4ce311a59564f89f35538bab4aa2ad7e
+BLAKE2s (requests-2.31.0.tar.gz) = 860cbb87ba43dd7244f420c4b38e6a8453335b9101286fc246a718ef9c222c94
+SHA512 (requests-2.31.0.tar.gz) = ce50d64973752f4cf7f7c7c91401669854b55c66d7465bea3689772fae8a6b646cf6720d84a2984bbe6fd78fc8b9ce0aa377f291fb6d7c20c7c2a4be8193acdd
+Size (requests-2.31.0.tar.gz) = 110794 bytes
Home |
Main Index |
Thread Index |
Old Index