CVS commit: pkgsrc/textproc/py-xmltodict

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/py-xmltodict
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Sun, 7 Sep 2025 16:01:35 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Sun Sep  7 16:01:35 UTC 2025

Modified Files:
        pkgsrc/textproc/py-xmltodict: Makefile distinfo

Log Message:
py-xmltodict: updated to 0.15.0

0.15.0

Security: Prevent XML injection (CVE-2025-9375) by rejecting '<'/'>' in element and attribute names (including @xmlns prefixes) during unparse. This limits validation to avoiding tag-context escapes; 
attribute values continue to be escaped by the SAX XMLGenerator. Advisory: https://fluidattacks.com/advisories/mono


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/textproc/py-xmltodict/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/py-xmltodict/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/py-xmltodict/Makefile
diff -u pkgsrc/textproc/py-xmltodict/Makefile:1.9 pkgsrc/textproc/py-xmltodict/Makefile:1.10
--- pkgsrc/textproc/py-xmltodict/Makefile:1.9   Mon Apr 14 13:00:59 2025
+++ pkgsrc/textproc/py-xmltodict/Makefile       Sun Sep  7 16:01:35 2025
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.9 2025/04/14 13:00:59 adam Exp $
+# $NetBSD: Makefile,v 1.10 2025/09/07 16:01:35 adam Exp $
 
-DISTNAME=      xmltodict-0.14.2
+DISTNAME=      xmltodict-0.15.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
-PKGREVISION=   1
 CATEGORIES=    textproc python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=x/xmltodict/}
 

Index: pkgsrc/textproc/py-xmltodict/distinfo
diff -u pkgsrc/textproc/py-xmltodict/distinfo:1.8 pkgsrc/textproc/py-xmltodict/distinfo:1.9
--- pkgsrc/textproc/py-xmltodict/distinfo:1.8   Sat Oct 19 05:57:41 2024
+++ pkgsrc/textproc/py-xmltodict/distinfo       Sun Sep  7 16:01:35 2025
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.8 2024/10/19 05:57:41 adam Exp $
+$NetBSD: distinfo,v 1.9 2025/09/07 16:01:35 adam Exp $
 
-BLAKE2s (xmltodict-0.14.2.tar.gz) = 3149cc3e4839fee9114ea391e05d0df31401eb36ac7749d91a2c2587944778e1
-SHA512 (xmltodict-0.14.2.tar.gz) = 3333955156e355cd40bd947bbefe0ff2e90de900cf12aa3ad82fa28e2921d9e2ccd245116573a0711cce12ac294d5a8d18a83744b4e7fc9e2b4025e35175080b
-Size (xmltodict-0.14.2.tar.gz) = 51942 bytes
+BLAKE2s (xmltodict-0.15.0.tar.gz) = 4dbe794b1bfa94a0fa2efc30ce95b770539a904e431e4f361789160fecd0897b
+SHA512 (xmltodict-0.15.0.tar.gz) = 6f1af04125b7c8f177a3d13ee7c46c557a0c60166ba23f946bb38e1e7543ee93ae577311182e0c861b83632bd3e63c274ece1011e81163c96c875bf1e58f2fbc
+Size (xmltodict-0.15.0.tar.gz) = 60285 bytes
 SHA1 (patch-README.md) = af28ff7112772932b9229b343ff162af4227b98e

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/devel/py-test-cov
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/devel/py-test-cov
Indexes:

Home | Main Index | Thread Index | Old Index