Bug 245943 - www/py-bleach: Update to 3.1.5, Fix security issue
Summary: www/py-bleach: Update to 3.1.5, Fix security issue
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Danilo G. Baio
URL: https://github.com/mozilla/bleach/blo...
Keywords: security
Depends on:
Blocks:
 
Reported: 2020-04-26 17:32 UTC by Danilo G. Baio
Modified: 2020-05-14 11:53 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback+
dbaio: merge-quarterly+


Attachments
py-bleach-3.1.4.patch (893 bytes, patch)
2020-04-26 17:32 UTC, Danilo G. Baio
no flags Details | Diff
py-bleach-3.1.5.patch (1.32 KB, patch)
2020-05-07 23:39 UTC, Danilo G. Baio
koobs: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Danilo G. Baio freebsd_committer 2020-04-26 17:32:50 UTC
Created attachment 213820 [details]
py-bleach-3.1.4.patch

Changelog:  https://github.com/mozilla/bleach/blob/v3.1.4/CHANGES

makte test: 335 passed, 3 xfailed, 1 warnings in 1.09 seconds
poudriere ok (11, 12, CURRENT; i386, amd64)
Comment 1 commit-hook freebsd_committer 2020-04-26 17:39:53 UTC
A commit references this bug:

Author: dbaio
Date: Sun Apr 26 17:39:28 UTC 2020
New revision: 533080
URL: https://svnweb.freebsd.org/changeset/ports/533080

Log:
  security/vuxml: Document www/py-bleach issue

  PR:		245943
  Security:	CVE-2020-6817

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2020-04-27 01:17:40 UTC
Thank you Danilo.

The following changelog entry warrants additional testing (which we as a project should be doing more of regardless):

"""
**Backwards incompatible changes**

* Style attributes with dashes, or single or double quoted values are
  cleaned instead of passed through.
"""

Since this will additionally be merged to quarterly, could we:

- Evaluate any bleach ports consumers for any *_DEPENDS:<version-spec> issues 
- Run a reverse dependents poudriere run
- Run QA (make test) for a bleach dependent port with a test target (test for runtime test failures with this version update)
Comment 3 Danilo G. Baio freebsd_committer 2020-04-27 02:19:57 UTC
(In reply to Kubilay Kocak from comment #2)

poudriere reverse test was done.
I'll run make tests in the consumers, good point.

and my email is dbaio@ =)
Comment 4 Danilo G. Baio freebsd_committer 2020-04-27 14:33:42 UTC
net-im/py-matrix-synapse
  make test: PASSED (skips=1, successes=906)
Comment 5 Teran McKinney 2020-05-05 20:52:41 UTC
Do you have any updates on this? Looks like 3.1.5 is out now.

Thank you!
Comment 6 Danilo G. Baio freebsd_committer 2020-05-07 23:39:37 UTC
Created attachment 214250 [details]
py-bleach-3.1.5.patch
Comment 7 Danilo G. Baio freebsd_committer 2020-05-07 23:42:09 UTC
makte test: 335 passed, 3 xfailed, 1 warnings in 1.09 seconds  (3.1.5)
poudriere ok (11, 12, CURRENT; i386, amd64)
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2020-05-08 02:52:16 UTC
Comment on attachment 214250 [details]
py-bleach-3.1.5.patch

Approved by: koobs (maintainer)
MFH: 2020Q2 (security, bugfix release(s))
Comment 9 commit-hook freebsd_committer 2020-05-08 12:14:52 UTC
A commit references this bug:

Author: dbaio
Date: Fri May  8 12:14:12 UTC 2020
New revision: 534393
URL: https://svnweb.freebsd.org/changeset/ports/534393

Log:
  www/py-bleach: Update to 3.1.5, Fix security issue

  Changelog:	https://github.com/mozilla/bleach/blob/v3.1.5/CHANGES

  PR:		245943
  Approved by:	koobs (maintainer)
  MFH:		2020Q2 (security, bugfix release(s))
  Security:	4c52ec3c-86f3-11ea-b5b4-641c67a117d8

Changes:
  head/www/py-bleach/Makefile
  head/www/py-bleach/distinfo
Comment 10 commit-hook freebsd_committer 2020-05-14 11:52:46 UTC
A commit references this bug:

Author: dbaio
Date: Thu May 14 11:52:06 UTC 2020
New revision: 535227
URL: https://svnweb.freebsd.org/changeset/ports/535227

Log:
  MFH: r534393

  www/py-bleach: Update to 3.1.5, Fix security issue

  Changelog:	https://github.com/mozilla/bleach/blob/v3.1.5/CHANGES

  PR:		245943
  Approved by:	koobs (maintainer)
  Security:	4c52ec3c-86f3-11ea-b5b4-641c67a117d8

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/www/py-bleach/Makefile
  branches/2020Q2/www/py-bleach/distinfo