Bug 256220 - devel/py-yaml: update to 5.4.1
Summary: devel/py-yaml: update to 5.4.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Danilo G. Baio
URL: https://github.com/yaml/pyyaml/blob/5...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2021-05-28 17:26 UTC by Dmitry Marakasov
Modified: 2021-06-02 18:48 UTC (History)
1 user (show)

See Also:
dbaio: maintainer-feedback+
koobs: merge-quarterly?

Attachments
Patch (1.58 KB, patch)
2021-05-28 17:26 UTC, Dmitry Marakasov 		koobs: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Marakasov freebsd_committer freebsd_triage 2021-05-28 17:26:42 UTC 
Created attachment 225341 [details]
Patch
Comment 1 Danilo G. Baio freebsd_committer freebsd_triage 2021-05-28 18:01:54 UTC 
Hi.

Thanks for the patch.

I didn't receive the portscout notification about this update and there is a CVE involved, a vuxml entry is necessary.

if all consumers are building fine, please go ahead.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2021-05-30 01:58:45 UTC 
^Triage: security update, set merge-quarterly flag, cc ports-secteam, bump prio
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2021-05-30 01:59:19 UTC 
Comment on attachment 225341 [details]
Patch

Pending QA:

Approved by: dbaio (maintainer)
MFH: 2020Q2 (security release)
Comment 4 Dmitry Marakasov freebsd_committer freebsd_triage 2021-06-02 18:45:22 UTC 
Consumers build fine, vuxml entry added.
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-06-02 18:45:44 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=44ab2946a775ffac4851022225e24c868888e7dc

commit 44ab2946a775ffac4851022225e24c868888e7dc
Author:     Dmitry Marakasov <amdmi3@FreeBSD.org>
AuthorDate: 2021-05-28 17:05:05 +0000
Commit:     Dmitry Marakasov <amdmi3@FreeBSD.org>
CommitDate: 2021-06-02 18:41:43 +0000

    devel/py-yaml: update to 5.4.1

    PR:             256220
    Approved by:    dbaio (maintainer)
    MFH:            2020Q2 (security release)

 devel/py-yaml/Makefile | 7 +++----
 devel/py-yaml/distinfo | 6 +++---
 2 files changed, 6 insertions(+), 7 deletions(-)
Comment 6 commit-hook freebsd_committer freebsd_triage 2021-06-02 18:45:44 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2acbd03da0c12f63b77be9348b7f1d662322cc7d

commit 2acbd03da0c12f63b77be9348b7f1d662322cc7d
Author:     Dmitry Marakasov <amdmi3@FreeBSD.org>
AuthorDate: 2021-06-02 18:36:44 +0000
Commit:     Dmitry Marakasov <amdmi3@FreeBSD.org>
CommitDate: 2021-06-02 18:41:43 +0000

    security/vuxml: add entry for PyYAML CVE-2020-14343

    PR:             256220

 security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
Comment 7 commit-hook freebsd_committer freebsd_triage 2021-06-02 18:48:45 UTC 
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=08da1b52dddc923dbe55ae9c18701b6fa29df5fe

commit 08da1b52dddc923dbe55ae9c18701b6fa29df5fe
Author:     Dmitry Marakasov <amdmi3@FreeBSD.org>
AuthorDate: 2021-05-28 17:05:05 +0000
Commit:     Dmitry Marakasov <amdmi3@FreeBSD.org>
CommitDate: 2021-06-02 18:44:41 +0000

    devel/py-yaml: update to 5.4.1

    PR:             256220
    Approved by:    dbaio (maintainer)
    MFH:            2020Q2 (security release)

    (cherry picked from commit 44ab2946a775ffac4851022225e24c868888e7dc)

 devel/py-yaml/Makefile | 7 +++----
 devel/py-yaml/distinfo | 6 +++---
 2 files changed, 6 insertions(+), 7 deletions(-)