py-pyramid: update to 2.0.2

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: py-pyramid: update to 2.0.2
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Mon, 20 May 2024 10:18:53 +0000
Module Name:	pkgsrc-wip
Committed By:	Thomas Klausner <wiz%NetBSD.org@localhost>
Pushed By:	wiz
Date:		Mon May 20 12:18:26 2024 +0200
Changeset:	06877898b189d20c17deb4a721e6e98830b2a8a0

Modified Files:
	TODO
	py-pyramid/Makefile
	py-pyramid/PLIST
	py-pyramid/distinfo

Log Message:
py-pyramid: update to 2.0.2

2.0.2 (2023-08-25)
==================

Bug Fixes
---------

- Removed support for null-bytes in the path when making a request for a file
  against a static_view. Whille null-bytes are allowed by the HTTP
  specification, due to the handling of null-bytes potentially leading to
  security vulnerabilities it is no longer supported.

  This fixes a security vulnerability that is present due to a bug in Python
  3.11.0 through 3.11.4, thereby allowing the unintended disclosure of an
  ``index.html`` one directory up from the static views path.

  Thanks to Masashi Yamane of LAC Co., Ltd for reporting this issue.

Backward Incompatibilities
--------------------------

- Requests to a static_view are no longer allowed to contain a null-byte in any
  part of the path segment.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=06877898b189d20c17deb4a721e6e98830b2a8a0

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 TODO                |  1 -
 py-pyramid/Makefile | 10 +++++-----
 py-pyramid/PLIST    | 13 ++++++-------
 py-pyramid/distinfo |  6 +++---
 4 files changed, 14 insertions(+), 16 deletions(-)

diffs:
diff --git a/TODO b/TODO
index d0817c46dc..7b898cc2ab 100644
--- a/TODO
+++ b/TODO
@@ -113,7 +113,6 @@ Suggested package updates
 	o pike-7.8.700
 	o py-PyPE-2.9
 	o py-etmtk-3.2.31
-	o py-pyramid-2.0.2
 	o py-rpyc-3.2.1
 	o py-sentry-23.7.1
 	o py-smop-0.29
diff --git a/py-pyramid/Makefile b/py-pyramid/Makefile
index 7016cc8ed2..9c789514d9 100644
--- a/py-pyramid/Makefile
+++ b/py-pyramid/Makefile
@@ -1,19 +1,20 @@
 # $NetBSD$
 
-DISTNAME=	pyramid-2.0.1
+DISTNAME=	pyramid-2.0.2
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=	www python
 MASTER_SITES=	${MASTER_SITE_PYPI:=p/pyramid/}
 
 MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=	https://trypyramid.com/
-COMMENT=	The Pyramid Web Framework, a Pylons project
+COMMENT=	Pyramid Web Framework, a Pylons project
 LICENSE=	original-bsd AND zpl-2.1 AND cc-by-nc-sa-v3.0-license AND mit
 
+TOOL_DEPENDS+=	${PYPKGPREFIX}-setuptools>=0:../../devel/py-setuptools
+TOOL_DEPENDS+=	${PYPKGPREFIX}-wheel>=0:../../devel/py-wheel
 DEPENDS+=	${PYPKGPREFIX}-hupper>=1.5:../../sysutils/py-hupper
 DEPENDS+=	${PYPKGPREFIX}-plaster>=0:../../devel/py-plaster
 DEPENDS+=	${PYPKGPREFIX}-plaster_pastedeploy>=0:../../www/py-plaster_pastedeploy
-DEPENDS+=	${PYPKGPREFIX}-setuptools>=0:../../devel/py-setuptools
 DEPENDS+=	${PYPKGPREFIX}-translationstring>=0.4:../../wip/py-translationstring
 DEPENDS+=	${PYPKGPREFIX}-venusian>=1.0:../../wip/py-venusian
 DEPENDS+=	${PYPKGPREFIX}-WebOb>=1.8.3:../../www/py-WebOb
@@ -22,7 +23,6 @@ DEPENDS+=	${PYPKGPREFIX}-zope.interface>=3.8.0:../../devel/py-zope.interface
 TEST_DEPENDS+=	${PYPKGPREFIX}-WebTest>=1.3.1:../../www/py-WebTest
 TEST_DEPENDS+=	${PYPKGPREFIX}-zope.component>=4.0:../../devel/py-zope.component
 
-USE_PKGLOCALEDIR=	yes
 USE_LANGUAGES=		# none
 
 PYTHON_VERSIONS_INCOMPATIBLE=	27
@@ -32,5 +32,5 @@ post-install:
 	cd ${DESTDIR}${PREFIX}/bin && ${MV} ${file} ${file}-${PYVERSSUFFIX}
 .endfor
 
-.include "../../lang/python/egg.mk"
+.include "../../lang/python/wheel.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/py-pyramid/PLIST b/py-pyramid/PLIST
index 943a94c066..fb0f21fcda 100644
--- a/py-pyramid/PLIST
+++ b/py-pyramid/PLIST
@@ -6,13 +6,12 @@ bin/pserve-${PYVERSSUFFIX}
 bin/pshell-${PYVERSSUFFIX}
 bin/ptweens-${PYVERSSUFFIX}
 bin/pviews-${PYVERSSUFFIX}
-${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
-${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
-${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
-${PYSITELIB}/${EGG_INFODIR}/entry_points.txt
-${PYSITELIB}/${EGG_INFODIR}/not-zip-safe
-${PYSITELIB}/${EGG_INFODIR}/requires.txt
-${PYSITELIB}/${EGG_INFODIR}/top_level.txt
+${PYSITELIB}/${WHEEL_INFODIR}/LICENSE.txt
+${PYSITELIB}/${WHEEL_INFODIR}/METADATA
+${PYSITELIB}/${WHEEL_INFODIR}/RECORD
+${PYSITELIB}/${WHEEL_INFODIR}/WHEEL
+${PYSITELIB}/${WHEEL_INFODIR}/entry_points.txt
+${PYSITELIB}/${WHEEL_INFODIR}/top_level.txt
 ${PYSITELIB}/pyramid/__init__.py
 ${PYSITELIB}/pyramid/__init__.pyc
 ${PYSITELIB}/pyramid/__init__.pyo
diff --git a/py-pyramid/distinfo b/py-pyramid/distinfo
index 1b7f1ba82f..5a366c84a4 100644
--- a/py-pyramid/distinfo
+++ b/py-pyramid/distinfo
@@ -1,5 +1,5 @@
 $NetBSD$
 
-BLAKE2s (pyramid-2.0.1.tar.gz) = b515fb6d5b643d255d3c24e65058aa1b9980efc3e5b44b49f1f195947276ae93
-SHA512 (pyramid-2.0.1.tar.gz) = a61988387c9dea9d04dc38fc12cfd68dae9b727082faee36d9f6244df69de84e46389a5cd21802b8e62b39d2dc055ea3f3c65224640aac414e270eae9c124b70
-Size (pyramid-2.0.1.tar.gz) = 2635286 bytes
+BLAKE2s (pyramid-2.0.2.tar.gz) = a7032e6d267b08c47f3de78dcbc99bf4213d93432b74e11cf1aa35fab7937641
+SHA512 (pyramid-2.0.2.tar.gz) = 9d0c1de36cbe659156b9306b8cafe5532d9b2d2b1d088abf5c0d3c7b62cc8021a9a40682fac61f9bb5511cac312df993e9030d914f461a844fc930d1c8b5d050
+Size (pyramid-2.0.2.tar.gz) = 2637533 bytes
Prev by Date: py-translationstring: update to 1.4
Next by Date: lpjs: Update to 0.0.4.7
Previous by Thread: py-translationstring: update to 1.4
Next by Thread: lpjs: Update to 0.0.4.7
Indexes:
Home | Main Index | Thread Index | Old Index