Bug 256220 - devel/py-yaml: update to 5.4.1
Summary: devel/py-yaml: update to 5.4.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Danilo G. Baio
URL: https://github.com/yaml/pyyaml/blob/5...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2021-05-28 17:26 UTC by Dmitry Marakasov
Modified: 2021-06-02 18:48 UTC (History)
1 user (show)

See Also:
dbaio: maintainer-feedback+
koobs: merge-quarterly?


Attachments
Patch (1.58 KB, patch)
2021-05-28 17:26 UTC, Dmitry Marakasov
koobs: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Marakasov freebsd_committer 2021-05-28 17:26:42 UTC
Created attachment 225341 [details]
Patch
Comment 1 Danilo G. Baio freebsd_committer 2021-05-28 18:01:54 UTC
Hi.

Thanks for the patch.

I didn't receive the portscout notification about this update and there is a CVE involved, a vuxml entry is necessary.

if all consumers are building fine, please go ahead.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2021-05-30 01:58:45 UTC
^Triage: security update, set merge-quarterly flag, cc ports-secteam, bump prio
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2021-05-30 01:59:19 UTC
Comment on attachment 225341 [details]
Patch

Pending QA:

Approved by: dbaio (maintainer)
MFH: 2020Q2 (security release)
Comment 4 Dmitry Marakasov freebsd_committer 2021-06-02 18:45:22 UTC
Consumers build fine, vuxml entry added.
Comment 5 commit-hook freebsd_committer 2021-06-02 18:45:44 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=44ab2946a775ffac4851022225e24c868888e7dc

commit 44ab2946a775ffac4851022225e24c868888e7dc
Author:     Dmitry Marakasov <amdmi3@FreeBSD.org>
AuthorDate: 2021-05-28 17:05:05 +0000
Commit:     Dmitry Marakasov <amdmi3@FreeBSD.org>
CommitDate: 2021-06-02 18:41:43 +0000

    devel/py-yaml: update to 5.4.1

    PR:             256220
    Approved by:    dbaio (maintainer)
    MFH:            2020Q2 (security release)

 devel/py-yaml/Makefile | 7 +++----
 devel/py-yaml/distinfo | 6 +++---
 2 files changed, 6 insertions(+), 7 deletions(-)
Comment 6 commit-hook freebsd_committer 2021-06-02 18:45:44 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2acbd03da0c12f63b77be9348b7f1d662322cc7d

commit 2acbd03da0c12f63b77be9348b7f1d662322cc7d
Author:     Dmitry Marakasov <amdmi3@FreeBSD.org>
AuthorDate: 2021-06-02 18:36:44 +0000
Commit:     Dmitry Marakasov <amdmi3@FreeBSD.org>
CommitDate: 2021-06-02 18:41:43 +0000

    security/vuxml: add entry for PyYAML CVE-2020-14343

    PR:             256220

 security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
Comment 7 commit-hook freebsd_committer 2021-06-02 18:48:45 UTC
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=08da1b52dddc923dbe55ae9c18701b6fa29df5fe

commit 08da1b52dddc923dbe55ae9c18701b6fa29df5fe
Author:     Dmitry Marakasov <amdmi3@FreeBSD.org>
AuthorDate: 2021-05-28 17:05:05 +0000
Commit:     Dmitry Marakasov <amdmi3@FreeBSD.org>
CommitDate: 2021-06-02 18:44:41 +0000

    devel/py-yaml: update to 5.4.1

    PR:             256220
    Approved by:    dbaio (maintainer)
    MFH:            2020Q2 (security release)

    (cherry picked from commit 44ab2946a775ffac4851022225e24c868888e7dc)

 devel/py-yaml/Makefile | 7 +++----
 devel/py-yaml/distinfo | 6 +++---
 2 files changed, 6 insertions(+), 7 deletions(-)