From ed0efb6fb132a83c578ea28c4a6cc4f63cd6cca8 Mon Sep 17 00:00:00 2001 From: jpaetzel Date: Tue, 28 Apr 2020 14:52:41 +0000 Subject: [PATCH] MFH: r533167 Update to 5.3.1 This release contains a security fix for CVE-2020-1747. FullLoader was still exploitable for arbitrary command execution. https://bugzilla.redhat.com/show_bug.cgi?id=1807367 Thanks to Riccardo Schirone (https://github.com/ret2libc) for both reporting this and providing the fixes to resolve it. - https://github.com/yaml/pyyaml/pull/386 PR: 245937 Submitted by: daniel.engberg.lists@pyret.net Security: http://vuxml.freebsd.org/freebsd/aae8fecf-888e-11ea-9714-08002718de91.html Approved by: portmgr (joneum) --- devel/py-yaml/Makefile | 2 +- devel/py-yaml/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/devel/py-yaml/Makefile b/devel/py-yaml/Makefile index f6997f6a7cf4..f754cf688bb0 100644 --- a/devel/py-yaml/Makefile +++ b/devel/py-yaml/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= yaml -PORTVERSION= 5.2 +PORTVERSION= 5.3.1 CATEGORIES= devel python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/devel/py-yaml/distinfo b/devel/py-yaml/distinfo index aeeb0c5bf0e8..e1128148eaad 100644 --- a/devel/py-yaml/distinfo +++ b/devel/py-yaml/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1575414761 -SHA256 (PyYAML-5.2.tar.gz) = c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c -SIZE (PyYAML-5.2.tar.gz) = 265687 +TIMESTAMP = 1587917471 +SHA256 (PyYAML-5.3.1.tar.gz) = b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d +SIZE (PyYAML-5.3.1.tar.gz) = 269377