* [PR PATCH] python3-bleach: update to 3.2.1
@ 2020-11-17 23:16 ndowens
2020-11-18 19:17 ` Chocimier
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: ndowens @ 2020-11-17 23:16 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 341 bytes --]
There is a new pull request by ndowens against master on the void-packages repository
https://github.com/ndowens/void-packages python-bleach
https://github.com/void-linux/void-packages/pull/26468
python3-bleach: update to 3.2.1
Fixes CVE-2020-6816
A patch file from https://github.com/void-linux/void-packages/pull/26468.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-python-bleach-26468.patch --]
[-- Type: text/x-diff, Size: 1112 bytes --]
From ce253f746c0c1675f2a139709f0eb9d888757533 Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens@artixlinux.org>
Date: Tue, 17 Nov 2020 17:16:51 -0600
Subject: [PATCH] python3-bleach: update to 3.2.1
Fixes CVE-2020-6816
---
srcpkgs/python3-bleach/template | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/srcpkgs/python3-bleach/template b/srcpkgs/python3-bleach/template
index 34ba5371b45..e85c9a35e86 100644
--- a/srcpkgs/python3-bleach/template
+++ b/srcpkgs/python3-bleach/template
@@ -1,7 +1,7 @@
# Template file for 'python3-bleach'
pkgname=python3-bleach
-version=3.1.1
-revision=3
+version=3.2.1
+revision=1
wrksrc="bleach-${version}"
build_style=python3-module
hostmakedepends="python3-setuptools"
@@ -12,4 +12,4 @@ license="Apache-2.0"
homepage="https://github.com/mozilla/bleach"
changelog="https://raw.githubusercontent.com/mozilla/bleach/master/CHANGES"
distfiles="${PYPI_SITE}/b/bleach/bleach-${version}.tar.gz"
-checksum=aa8b870d0f46965bac2c073a93444636b0e1ca74e9777e34f03dd494b8a59d48
+checksum=52b5919b81842b1854196eaae5ca29679a2f2e378905c346d3ca8227c2c66080
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: python3-bleach: update to 3.2.1
2020-11-17 23:16 [PR PATCH] python3-bleach: update to 3.2.1 ndowens
@ 2020-11-18 19:17 ` Chocimier
2020-11-18 20:57 ` [PR PATCH] [Updated] " ndowens
2020-11-19 17:09 ` [PR PATCH] [Merged]: " Chocimier
2 siblings, 0 replies; 4+ messages in thread
From: Chocimier @ 2020-11-18 19:17 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 184 bytes --]
New comment by Chocimier on void-packages repository
https://github.com/void-linux/void-packages/pull/26468#issuecomment-729897310
Comment:
fails to import without python3-packaging
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Updated] python3-bleach: update to 3.2.1
2020-11-17 23:16 [PR PATCH] python3-bleach: update to 3.2.1 ndowens
2020-11-18 19:17 ` Chocimier
@ 2020-11-18 20:57 ` ndowens
2020-11-19 17:09 ` [PR PATCH] [Merged]: " Chocimier
2 siblings, 0 replies; 4+ messages in thread
From: ndowens @ 2020-11-18 20:57 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 493 bytes --]
There is an updated pull request by ndowens against master on the void-packages repository
https://github.com/ndowens/void-packages python-bleach
https://github.com/void-linux/void-packages/pull/26468
python3-bleach: update to 3.2.1
Fixes CVE-2020-6816
Synapse seemed to run fine with this version and also tested against another python package that uses this as a checkdepend and tests ran fine.
A patch file from https://github.com/void-linux/void-packages/pull/26468.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-python-bleach-26468.patch --]
[-- Type: text/x-diff, Size: 1319 bytes --]
From 47439ebbad18db3950e21832d31f95725f0f3143 Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens@artixlinux.org>
Date: Tue, 17 Nov 2020 17:16:51 -0600
Subject: [PATCH] python3-bleach: update to 3.2.1
Fixes CVE-2020-6816
---
srcpkgs/python3-bleach/template | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/srcpkgs/python3-bleach/template b/srcpkgs/python3-bleach/template
index 34ba5371b45..e1951883ea8 100644
--- a/srcpkgs/python3-bleach/template
+++ b/srcpkgs/python3-bleach/template
@@ -1,15 +1,16 @@
# Template file for 'python3-bleach'
pkgname=python3-bleach
-version=3.1.1
-revision=3
+version=3.2.1
+revision=1
wrksrc="bleach-${version}"
build_style=python3-module
hostmakedepends="python3-setuptools"
-depends="python3-six python3-webencodings"
+depends="python3-six python3-webencodings
+ python3-packaging"
short_desc="Easy safelist-based HTML-sanitizing tool (Python3)"
maintainer="Orphaned <orphan@voidlinux.org>"
license="Apache-2.0"
homepage="https://github.com/mozilla/bleach"
changelog="https://raw.githubusercontent.com/mozilla/bleach/master/CHANGES"
distfiles="${PYPI_SITE}/b/bleach/bleach-${version}.tar.gz"
-checksum=aa8b870d0f46965bac2c073a93444636b0e1ca74e9777e34f03dd494b8a59d48
+checksum=52b5919b81842b1854196eaae5ca29679a2f2e378905c346d3ca8227c2c66080
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Merged]: python3-bleach: update to 3.2.1
2020-11-17 23:16 [PR PATCH] python3-bleach: update to 3.2.1 ndowens
2020-11-18 19:17 ` Chocimier
2020-11-18 20:57 ` [PR PATCH] [Updated] " ndowens
@ 2020-11-19 17:09 ` Chocimier
2 siblings, 0 replies; 4+ messages in thread
From: Chocimier @ 2020-11-19 17:09 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 331 bytes --]
There's a merged pull request on the void-packages repository
python3-bleach: update to 3.2.1
https://github.com/void-linux/void-packages/pull/26468
Description:
Fixes CVE-2020-6816
Synapse seemed to run fine with this version and also tested against another python package that uses this as a checkdepend and tests ran fine.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-11-19 17:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-17 23:16 [PR PATCH] python3-bleach: update to 3.2.1 ndowens
2020-11-18 19:17 ` Chocimier
2020-11-18 20:57 ` [PR PATCH] [Updated] " ndowens
2020-11-19 17:09 ` [PR PATCH] [Merged]: " Chocimier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).