pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/54883: python-ecdsa 0.15 (important security update)
The following reply was made to PR pkg/54883; it has been noted by GNATS.
From: js-pkgsrc%heap.zone@localhost
To: gnats-bugs%netbsd.org@localhost
Cc: gls%netbsd.org@localhost,
gnats-admin%netbsd.org@localhost,
pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/54883: python-ecdsa 0.15 (important security update)
Date: Sun, 9 Feb 2020 12:26:43 +0100
> When updating packages, if possible please also provide a changelog =
from
> upstream.
I could not find an upstream change log, unfortunately. It's also =
jumping several versions.
> Unrelated to the update but I think that EGG_NAME could be removed (I
> think that defining it as ecdsa-${PKGVERSION} is also incorrect for
> possible PKGREVISION bumps), please remove it if that's the case.
Removed.
> The extra requires.txt seems to point out that there is at least a
> missing dependency, please add py-six to DEPENDS in the Makefile.
Added.
> The PLIST is not sorted, please sort it.
Done.
New patch:
commit 72fe11c8f23930b06c6045149c68dac2736e703e
Author: Jonathan Schleifer <js%nil.im@localhost>
Date: Wed Jan 22 01:33:03 2020 +0100
py-ecdsa 0.15, includes important security updates
=20
Also switches the source from GitHub to PyPi, because for whatever
reason, the archive is different. Hashes for the archive from GitHub =
are
nowhere to be found, and I could not find a single distro that uses =
the
archive from GitHub instead of PyPi. So instead, I used the PyPi one =
and
compared the hashes to what Alpine has.
diff --git a/security/py-ecdsa/Makefile b/security/py-ecdsa/Makefile
index 496eb0b8bd5..fb19738c5ca 100644
--- a/security/py-ecdsa/Makefile
+++ b/security/py-ecdsa/Makefile
@@ -1,17 +1,17 @@
# $NetBSD: Makefile,v 1.7 2015/06/29 17:00:00 gls Exp $
=20
-DISTNAME=3D python-ecdsa-0.13
-PKGNAME=3D ${PYPKGPREFIX}-ecdsa-0.13
-EGG_NAME=3D ecdsa-${PKGVERSION}
+DISTNAME=3D ecdsa-0.15
+PKGNAME=3D ${PYPKGPREFIX}-ecdsa-0.15
CATEGORIES=3D security
-MASTER_SITES=3D https://github.com/warner/python-ecdsa/archive/
+MASTER_SITES=3D ${MASTER_SITE_PYPI:=3De/ecdsa/}
=20
MAINTAINER=3D gls%NetBSD.org@localhost
HOMEPAGE=3D https://github.com/warner/python-ecdsa/
COMMENT=3D Easy-to-use implementation of ECDSA cryptography
LICENSE=3D mit
=20
-WRKSRC=3D ${WRKDIR}/python-ecdsa-${DISTNAME}
+DEPENDS+=3D ${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six
+
USE_LANGUAGES=3D # none
=20
REPLACE_PYTHON=3D ecdsa/ecdsa.py ecdsa/ellipticcurve.py =
ecdsa/numbertheory.py
diff --git a/security/py-ecdsa/PLIST b/security/py-ecdsa/PLIST
index 32517559708..bd61df47360 100644
--- a/security/py-ecdsa/PLIST
+++ b/security/py-ecdsa/PLIST
@@ -1,11 +1,18 @@
-@comment $NetBSD: PLIST,v 1.3 2015/06/29 17:00:00 gls Exp $
+@comment $NetBSD$
${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
+${PYSITELIB}/${EGG_INFODIR}/requires.txt
${PYSITELIB}/${EGG_INFODIR}/top_level.txt
${PYSITELIB}/ecdsa/__init__.py
${PYSITELIB}/ecdsa/__init__.pyc
${PYSITELIB}/ecdsa/__init__.pyo
+${PYSITELIB}/ecdsa/_compat.py
+${PYSITELIB}/ecdsa/_compat.pyc
+${PYSITELIB}/ecdsa/_compat.pyo
+${PYSITELIB}/ecdsa/_rwlock.py
+${PYSITELIB}/ecdsa/_rwlock.pyc
+${PYSITELIB}/ecdsa/_rwlock.pyo
${PYSITELIB}/ecdsa/_version.py
${PYSITELIB}/ecdsa/_version.pyc
${PYSITELIB}/ecdsa/_version.pyo
@@ -15,6 +22,9 @@ ${PYSITELIB}/ecdsa/curves.pyo
${PYSITELIB}/ecdsa/der.py
${PYSITELIB}/ecdsa/der.pyc
${PYSITELIB}/ecdsa/der.pyo
+${PYSITELIB}/ecdsa/ecdh.py
+${PYSITELIB}/ecdsa/ecdh.pyc
+${PYSITELIB}/ecdsa/ecdh.pyo
${PYSITELIB}/ecdsa/ecdsa.py
${PYSITELIB}/ecdsa/ecdsa.pyc
${PYSITELIB}/ecdsa/ecdsa.pyo
@@ -30,12 +40,36 @@ ${PYSITELIB}/ecdsa/numbertheory.pyo
${PYSITELIB}/ecdsa/rfc6979.py
${PYSITELIB}/ecdsa/rfc6979.pyc
${PYSITELIB}/ecdsa/rfc6979.pyo
-${PYSITELIB}/ecdsa/six.py
-${PYSITELIB}/ecdsa/six.pyc
-${PYSITELIB}/ecdsa/six.pyo
+${PYSITELIB}/ecdsa/test_der.py
+${PYSITELIB}/ecdsa/test_der.pyc
+${PYSITELIB}/ecdsa/test_der.pyo
+${PYSITELIB}/ecdsa/test_ecdh.py
+${PYSITELIB}/ecdsa/test_ecdh.pyc
+${PYSITELIB}/ecdsa/test_ecdh.pyo
+${PYSITELIB}/ecdsa/test_ecdsa.py
+${PYSITELIB}/ecdsa/test_ecdsa.pyc
+${PYSITELIB}/ecdsa/test_ecdsa.pyo
+${PYSITELIB}/ecdsa/test_ellipticcurve.py
+${PYSITELIB}/ecdsa/test_ellipticcurve.pyc
+${PYSITELIB}/ecdsa/test_ellipticcurve.pyo
+${PYSITELIB}/ecdsa/test_jacobi.py
+${PYSITELIB}/ecdsa/test_jacobi.pyc
+${PYSITELIB}/ecdsa/test_jacobi.pyo
+${PYSITELIB}/ecdsa/test_keys.py
+${PYSITELIB}/ecdsa/test_keys.pyc
+${PYSITELIB}/ecdsa/test_keys.pyo
+${PYSITELIB}/ecdsa/test_malformed_sigs.py
+${PYSITELIB}/ecdsa/test_malformed_sigs.pyc
+${PYSITELIB}/ecdsa/test_malformed_sigs.pyo
+${PYSITELIB}/ecdsa/test_numbertheory.py
+${PYSITELIB}/ecdsa/test_numbertheory.pyc
+${PYSITELIB}/ecdsa/test_numbertheory.pyo
${PYSITELIB}/ecdsa/test_pyecdsa.py
${PYSITELIB}/ecdsa/test_pyecdsa.pyc
${PYSITELIB}/ecdsa/test_pyecdsa.pyo
+${PYSITELIB}/ecdsa/test_rw_lock.py
+${PYSITELIB}/ecdsa/test_rw_lock.pyc
+${PYSITELIB}/ecdsa/test_rw_lock.pyo
${PYSITELIB}/ecdsa/util.py
${PYSITELIB}/ecdsa/util.pyc
${PYSITELIB}/ecdsa/util.pyo
diff --git a/security/py-ecdsa/distinfo b/security/py-ecdsa/distinfo
index aa491f44855..b744ddc02a6 100644
--- a/security/py-ecdsa/distinfo
+++ b/security/py-ecdsa/distinfo
@@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.7 2015/11/04 01:18:03 agc Exp $
=20
-SHA1 (python-ecdsa-0.13.tar.gz) =3D =
f23d77b03f3e62a9298579ccf897a305c618a6f2
-RMD160 (python-ecdsa-0.13.tar.gz) =3D =
7d7e2bb73649dba507f6389b8f909d251346e1fc
-SHA512 (python-ecdsa-0.13.tar.gz) =3D =
540b85bc11963b369a2b77adcae132fbac8d267c34c865207b434f013c3d82a9ed118e22e7=
ce73f85c2ddd5a629926a29ec1b92b56f2a350bb155b53cdb60244
-Size (python-ecdsa-0.13.tar.gz) =3D 58966 bytes
+SHA1 (ecdsa-0.15.tar.gz) =3D 5ac84f3012d807793bcb98a8e9c86c63b9965596
+RMD160 (ecdsa-0.15.tar.gz) =3D aaeba796ec51455deb06d4accc01535aeac26302
+SHA512 (ecdsa-0.15.tar.gz) =3D =
7b7491d1abdb5ca43456d943c96525fa5d722635c496bbddd04ef8e1baad9dc0aef3d1752a=
fea7820f7796421b18295ee260657ec1e8faf7564613b316c0d603
+Size (ecdsa-0.15.tar.gz) =3D 122119 bytes
Home |
Main Index |
Thread Index |
Old Index