Comment 1 commit-hook 2020-04-26 17:39:53 UTC

A commit references this bug:

Author: dbaio
Date: Sun Apr 26 17:39:28 UTC 2020
New revision: 533080
URL: https://svnweb.freebsd.org/changeset/ports/533080

Log:
  security/vuxml: Document www/py-bleach issue

  PR:		245943
  Security:	CVE-2020-6817

Changes:
  head/security/vuxml/vuln.xml

Comment 2 Kubilay Kocak 2020-04-27 01:17:40 UTC

Thank you Danilo.

The following changelog entry warrants additional testing (which we as a project should be doing more of regardless):

"""
**Backwards incompatible changes**

* Style attributes with dashes, or single or double quoted values are
  cleaned instead of passed through.
"""

Since this will additionally be merged to quarterly, could we:

- Evaluate any bleach ports consumers for any *_DEPENDS:<version-spec> issues 
- Run a reverse dependents poudriere run
- Run QA (make test) for a bleach dependent port with a test target (test for runtime test failures with this version update)

Comment 3 Danilo G. Baio 2020-04-27 02:19:57 UTC

(In reply to Kubilay Kocak from comment #2)

poudriere reverse test was done.
I'll run make tests in the consumers, good point.

and my email is dbaio@ =)

Comment 4 Danilo G. Baio 2020-04-27 14:33:42 UTC

net-im/py-matrix-synapse
  make test: PASSED (skips=1, successes=906)

Do you have any updates on this? Looks like 3.1.5 is out now.

Thank you!

Comment 6 Danilo G. Baio 2020-05-07 23:39:37 UTC

Created attachment 214250 [details]
py-bleach-3.1.5.patch

Comment 7 Danilo G. Baio 2020-05-07 23:42:09 UTC

makte test: 335 passed, 3 xfailed, 1 warnings in 1.09 seconds  (3.1.5)
poudriere ok (11, 12, CURRENT; i386, amd64)

Comment 8 Kubilay Kocak 2020-05-08 02:52:16 UTC

Comment on attachment 214250 [details]
py-bleach-3.1.5.patch

Approved by: koobs (maintainer)
MFH: 2020Q2 (security, bugfix release(s))

Comment 9 commit-hook 2020-05-08 12:14:52 UTC

A commit references this bug:

Author: dbaio
Date: Fri May  8 12:14:12 UTC 2020
New revision: 534393
URL: https://svnweb.freebsd.org/changeset/ports/534393

Log:
  www/py-bleach: Update to 3.1.5, Fix security issue

  Changelog:	https://github.com/mozilla/bleach/blob/v3.1.5/CHANGES

  PR:		245943
  Approved by:	koobs (maintainer)
  MFH:		2020Q2 (security, bugfix release(s))
  Security:	4c52ec3c-86f3-11ea-b5b4-641c67a117d8

Changes:
  head/www/py-bleach/Makefile
  head/www/py-bleach/distinfo

Comment 10 commit-hook 2020-05-14 11:52:46 UTC

A commit references this bug:

Author: dbaio
Date: Thu May 14 11:52:06 UTC 2020
New revision: 535227
URL: https://svnweb.freebsd.org/changeset/ports/535227

Log:
  MFH: r534393

  www/py-bleach: Update to 3.1.5, Fix security issue

  Changelog:	https://github.com/mozilla/bleach/blob/v3.1.5/CHANGES

  PR:		245943
  Approved by:	koobs (maintainer)
  Security:	4c52ec3c-86f3-11ea-b5b4-641c67a117d8

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/www/py-bleach/Makefile
  branches/2020Q2/www/py-bleach/distinfo