summaryrefslogtreecommitdiff
path: root/dev-python
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python')
-rw-r--r--dev-python/Manifest.gzbin260391 -> 260389 bytes
-rw-r--r--dev-python/future/Manifest3
-rw-r--r--dev-python/future/files/future-0.18.2-cve-2022-40899.patch52
-rw-r--r--dev-python/future/future-0.18.2-r3.ebuild (renamed from dev-python/future/future-0.18.2-r2.ebuild)11
-rw-r--r--dev-python/pipenv/Manifest2
-rw-r--r--dev-python/pipenv/pipenv-2022.11.30.ebuild111
6 files changed, 176 insertions, 3 deletions
diff --git a/dev-python/Manifest.gz b/dev-python/Manifest.gz
index 5d65da215030..81cbb7d2fdd3 100644
--- a/dev-python/Manifest.gz
+++ b/dev-python/Manifest.gz
Binary files differ
diff --git a/dev-python/future/Manifest b/dev-python/future/Manifest
index 5dced2f17c48..da0426ba4f36 100644
--- a/dev-python/future/Manifest
+++ b/dev-python/future/Manifest
@@ -1,7 +1,8 @@
+AUX future-0.18.2-cve-2022-40899.patch 2057 BLAKE2B 3ceaac51709be84a594474a35b8cb688c7e4382c7e625f328aa891c7f788efffba093daeff6551567425e7b9b2d1a4a5ed70df99dd5a6d0666bbc9915f72972f SHA512 7bd6743680ed69326eefd61ae517ebacebe2b175879367a66a1fa9729f75f77e2c632c3c50f64be197e71d09446a4ad01b733b15dc3508466ebd0cf06d7b6734
AUX future-0.18.2-py3.10.patch 850 BLAKE2B 79c51778686c03a0b2fa6ed084b38039d9e5c14312cbf534da51a9da66e8fb50f0b619912414439f9975db43d5686e80150e82642d64963d16384fce339a09d4 SHA512 438e7092c4e9ece575e1d4cb341e52e45d6506fed348511266b7a583731516ad5e5eac43bc8b81ff7a24e29a8495612f5bbcb0984f6e428dee2b7dcfbf241ae2
AUX future-0.18.2-py39-fileurl.patch 1005 BLAKE2B 9446c90649e5c06c1d603041c07e81ca96ea982fcf6ac9d7aaf48141015574ca2f81bd4da02c994e41ce96ef2e37290ae45f4ec70e332632e7086d08ce2feca0 SHA512 7d469a212b36828d20f65964aa52db30ab2c82f92b4411d39de054ba6ea7b7860413609b426f3f30dcc715be517e25e99f2b8afc05cc629c9a8e149fee2421b4
AUX future-0.18.2-py39.patch 2789 BLAKE2B db6c0cb0a030d166f01b95721e560d346f8a80ec63f81c58e5fca663f975b8f8f771d169742a421c34c08b0de01069bb5455b5fafdab440af6e73746df0bb24c SHA512 7bb140d526d2e728d5a988898977e8bf87934f68c42a38f97717b3e5fc040ddc736cdb2b366a8dbbb95c857bffee9f448ff1883dff9c61cb46582d3a01aad65f
AUX future-0.18.2-tests.patch 11773 BLAKE2B e2b9321ab2a04e4567c312beaccd23886c87f8b78c1de5d480205181a68b77d8c8b1582a57f43e510d5cd3ecc54252bb85130fe6d7e82756c9f1db11263fdf7b SHA512 d884d6b4e320a6e2aeca2c0c46576d9b0fd0d31aaa6f8f9a79f2007ecbc949f1393aa0b9254f0c51616ca4e8d3fb3f11d828879e4e8c01549acd4ecf04e2cf68
DIST future-0.18.2.tar.gz 829220 BLAKE2B 68574b589bf54aa8dacbd162a54885589faa32829ccf212f50de5bf036ebd8b9aba0c13e63e80d34e507cc0dae4d8d3d47fea33433b17d2c2e6dbf6c37f66d8f SHA512 91c025f7d94bcdf93df838fab67053165a414fc84e8496f92ecbb910dd55f6b6af5e360bbd051444066880c5a6877e75157bd95e150ead46e5c605930dfc50f2
-EBUILD future-0.18.2-r2.ebuild 1144 BLAKE2B 7d7adc1e620acaa1c194eb0aad0e647aa80a8a23e8611a6fc777e548d6a8fbcd9294e255564a11a6f1dc2b1e6d2045707494ee97d493d5f31f3b9a29764984ad SHA512 38bd9df88bc0545daac2649effa4db53dd33d1c6d1d83811644fad550ac199472496c5e98dd6040e2d6f0684ef5f9e1af571bc20f18ca15e62f87ff0fba4fffc
+EBUILD future-0.18.2-r3.ebuild 1274 BLAKE2B 57a0354a45b53c29d40d10d1a91104d15a175ab771c581273adc978f36ccbe02cff3ab89b2f2e6e374f820c25f7bcf3b63f1095f4cacab6e0ffc32e17f80e91a SHA512 8dc72d2e520ac0d322cb5a8d85506c804a64d9e51ef945e3cf4279e63600c23abbc5cb0204bf88fc8b229fa76088a627a355a0e932e232f830a20a03a84d6d94
MISC metadata.xml 402 BLAKE2B 84957a57a39c658794b57e41e2e683d826a6e5b7e1006f0430034a29b82d12f2983b021c63e9d519fe6ea21a90f30822b5561001c7e9283ea770fedb1d40ad9c SHA512 e1a2dfb08304d2cd0751dbde1e1410be0805493bf7624db17b3631dc10051fb443758a0c750ced2846a2769a3d33da752002ad7e92f95d88b4060f7a8be995bd
diff --git a/dev-python/future/files/future-0.18.2-cve-2022-40899.patch b/dev-python/future/files/future-0.18.2-cve-2022-40899.patch
new file mode 100644
index 000000000000..c7341e0d6fdb
--- /dev/null
+++ b/dev-python/future/files/future-0.18.2-cve-2022-40899.patch
@@ -0,0 +1,52 @@
+From c91d70b34ef0402aef3e9d04364ba98509dca76f Mon Sep 17 00:00:00 2001
+From: Will Shanks <wshaos@posteo.net>
+Date: Fri, 23 Dec 2022 13:38:26 -0500
+Subject: [PATCH] Backport fix for bpo-38804
+
+The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
+expression denial of service (REDoS). The regex contained multiple
+overlapping \s* capture groups. A long sequence of spaces can trigger
+bad performance.
+
+See https://github.com/python/cpython/pull/17157 and https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
+---
+ src/future/backports/http/cookiejar.py | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/src/future/backports/http/cookiejar.py b/src/future/backports/http/cookiejar.py
+index af3ef415..0ad80a02 100644
+--- a/src/future/backports/http/cookiejar.py
++++ b/src/future/backports/http/cookiejar.py
+@@ -225,10 +225,14 @@ def _str2time(day, mon, yr, hr, min, sec, tz):
+ (?::(\d\d))? # optional seconds
+ )? # optional clock
+ \s*
+- ([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+)? # timezone
++ (?:
++ ([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+) # timezone
++ \s*
++ )?
++ (?:
++ \(\w+\) # ASCII representation of timezone in parens.
+ \s*
+- (?:\(\w+\))? # ASCII representation of timezone in parens.
+- \s*$""", re.X | re.ASCII)
++ )?$""", re.X | re.ASCII)
+ def http2time(text):
+ """Returns time in seconds since epoch of time represented by a string.
+
+@@ -298,9 +302,11 @@ def http2time(text):
+ (?::?(\d\d(?:\.\d*)?))? # optional seconds (and fractional)
+ )? # optional clock
+ \s*
+- ([-+]?\d\d?:?(:?\d\d)?
+- |Z|z)? # timezone (Z is "zero meridian", i.e. GMT)
+- \s*$""", re.X | re. ASCII)
++ (?:
++ ([-+]?\d\d?:?(:?\d\d)?
++ |Z|z) # timezone (Z is "zero meridian", i.e. GMT)
++ \s*
++ )?$""", re.X | re. ASCII)
+ def iso2time(text):
+ """
+ As for http2time, but parses the ISO 8601 formats:
diff --git a/dev-python/future/future-0.18.2-r2.ebuild b/dev-python/future/future-0.18.2-r3.ebuild
index 1558c0ea92ce..a05bf7f207d5 100644
--- a/dev-python/future/future-0.18.2-r2.ebuild
+++ b/dev-python/future/future-0.18.2-r3.ebuild
@@ -5,10 +5,15 @@ EAPI=8
DISTUTILS_USE_PEP517=setuptools
PYTHON_COMPAT=( python3_{8..11} pypy3 )
+
inherit distutils-r1
DESCRIPTION="Easy, clean, reliable Python 2/3 compatibility"
-HOMEPAGE="https://python-future.org/"
+HOMEPAGE="
+ https://python-future.org/
+ https://github.com/PythonCharmers/python-future/
+ https://pypi.org/project/future/
+"
SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
LICENSE="MIT"
@@ -20,7 +25,8 @@ BDEPEND="
$(python_gen_cond_dep '
dev-python/numpy[${PYTHON_USEDEP}]
' 'python*')
- )"
+ )
+"
distutils_enable_tests pytest
distutils_enable_sphinx docs dev-python/sphinx-bootstrap-theme
@@ -30,6 +36,7 @@ PATCHES=(
"${FILESDIR}"/${P}-py39.patch
"${FILESDIR}"/${P}-py39-fileurl.patch
"${FILESDIR}"/${P}-py3.10.patch
+ "${FILESDIR}"/${P}-cve-2022-40899.patch
)
EPYTEST_DESELECT=(
diff --git a/dev-python/pipenv/Manifest b/dev-python/pipenv/Manifest
index a6d14db2a3e3..af3ae87705ea 100644
--- a/dev-python/pipenv/Manifest
+++ b/dev-python/pipenv/Manifest
@@ -1,4 +1,6 @@
AUX pipenv-2022.9.24-inject-site-packages.patch 1155 BLAKE2B 61f296dd1f8168b86f17a55359c75febfc02807dd97c750217b46bd017b7bf73cf6fde0fcd2afa95908bd3e1cd7b50f626459f1a19f47b1c34ecdbea39fcfb7c SHA512 3a26ce6217fbf86eda1bb8266928dffe5fc1a55e4f7b66d0ade5ea31deff9cb68427f424995e4c8d402737e90ca9358a3a00364a4167667fae9a4bd018100ebc
+DIST pipenv-2022.11.30.gh.tar.gz 11120234 BLAKE2B 3d33475932a59dfb862869becb792aea420b8c9fffd9179866dc01eb5e0b2ba77a23c5de8be5570f9ed2e46f098bc000173d74766d42953f93ab2439c20d7f2c SHA512 a44409d41196388b05f2b9620b9d0f45f4af7f244f8243143278b62560e54063574670356e141e07807b56b1181ad27f701f84b91bc045bf47b5701455b36c66
DIST pipenv-2022.9.24.gh.tar.gz 11543711 BLAKE2B e875068383c8ca55864bfcb53288ae9a02adc578c09ad7392bf50a7ebe07e2eb5944bc225cfefad2ca8265d8dcbb17af96b34e8c0fd51a709921148207021f2b SHA512 d29a728d914d8c762469fd2d72de7be41050165b4587c3304ebc03235a1946967f78473651e1834e5a69a35395d0cf9087e1515fd746450057774fc22e61e092
+EBUILD pipenv-2022.11.30.ebuild 4298 BLAKE2B 48765d4f94f1e22aaaaf15abbe3bc0258a76b7b0dff137debe44a714c699462cff9e55ce7f4086650745519d1bb918aca5a56829860718c1c261eddf02859df5 SHA512 52606570f856b91dd5fd900f97ee842f143af4008cf79def3297fb2229f72eb99de5939a822fd13fd436d352b5d71506c3890ec913e955964468f02353fce0f6
EBUILD pipenv-2022.9.24-r1.ebuild 3137 BLAKE2B 5beb68c4ca7aad9d8d8c5f17dc09b7e8078a26357618c5fd7044b0107b77c5adf1983592ddeac79b98224f0cdc5ad3a39123e155a354fe1d57c264681a8b36bb SHA512 500e4bd9b9c5ff6359fd46c99a3c635827bc1ff7e6d0e4de19aa3ca62b4b92d260b9c04a3bb187ac158c1c322b361974ed7a237ddae055a995d08b1debed967c
MISC metadata.xml 643 BLAKE2B ff3557d9ae32b553c85455436683e2ca94bc16c6ec7c6d2ceb1113a69dc841b9ac2f0e4b96eec4c6c84ca899ad6a99b0747d7bf3f9289110a8bbdfb80f2cb2eb SHA512 7a611950572c2d700fb1680e0aa307069d80d992528144da781eca9f1fee729defa6f8b28382ddd8f66e58c5f68de9a17815989a4a39473bbf830a7be42ea282
diff --git a/dev-python/pipenv/pipenv-2022.11.30.ebuild b/dev-python/pipenv/pipenv-2022.11.30.ebuild
new file mode 100644
index 000000000000..a398ffb770a3
--- /dev/null
+++ b/dev-python/pipenv/pipenv-2022.11.30.ebuild
@@ -0,0 +1,111 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit distutils-r1 multiprocessing
+
+MY_PV=${PV/_beta/b}
+DESCRIPTION="Python Development Workflow for Humans"
+HOMEPAGE="https://github.com/pypa/pipenv https://pypi.org/project/pipenv/"
+SRC_URI="https://github.com/pypa/pipenv/archive/v${MY_PV}.tar.gz -> ${P}.gh.tar.gz"
+S="${WORKDIR}"/${PN}-${MY_PV}
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~riscv ~x86"
+
+PATCHES=(
+ "${FILESDIR}/pipenv-2022.9.24-inject-site-packages.patch"
+)
+
+RDEPEND="
+ dev-python/attrs[${PYTHON_USEDEP}]
+ >=dev-python/cerberus-1.3.2[${PYTHON_USEDEP}]
+ dev-python/click[${PYTHON_USEDEP}]
+ >=dev-python/colorama-0.4.4[${PYTHON_USEDEP}]
+ >=dev-python/markupsafe-2.0.1[${PYTHON_USEDEP}]
+ >=dev-python/pexpect-4.8.0[${PYTHON_USEDEP}]
+ >=dev-python/ptyprocess-0.7.0[${PYTHON_USEDEP}]
+ dev-python/pyparsing[${PYTHON_USEDEP}]
+ >=dev-python/python-dateutil-2.8.2[${PYTHON_USEDEP}]
+ >=dev-python/python-dotenv-0.21.0[${PYTHON_USEDEP}]
+ >=dev-python/virtualenv-20.0.35[${PYTHON_USEDEP}]
+ dev-python/virtualenv-clone[${PYTHON_USEDEP}]
+ >=dev-python/requests-2.26.0[${PYTHON_USEDEP}]
+ dev-python/ruamel-yaml[${PYTHON_USEDEP}]
+ dev-python/tomlkit[${PYTHON_USEDEP}]
+"
+
+BDEPEND="
+ ${RDEPEND}
+ test? (
+ dev-python/flaky[${PYTHON_USEDEP}]
+ dev-python/mock[${PYTHON_USEDEP}]
+ dev-python/pytz[${PYTHON_USEDEP}]
+ )
+"
+
+distutils_enable_tests pytest
+
+# IMPORTANT: The following sed command patches the vendor direcotry
+# in the pipenv source. Attempts to simply bump the version of the
+# package without checking that it works is likely to fail
+# The vendored packages should eventually all be removed
+# see: https://bugs.gentoo.org/717666
+src_prepare() {
+ local pkgName
+ local jobs=$(makeopts_jobs)
+ local packages=( attr attrs cerberus click colorama dotenv markupsafe \
+ pexpect ptyprocess pyparsing requests urllib3 tomlkit )
+ for pkgName in ${packages[@]}; do
+ find ./ -type f -print0 | \
+ xargs --max-procs="${jobs}" --null \
+ sed --in-place \
+ -e "s/from pipenv.vendor import ${pkgName}/import ${pkgName}/g" \
+ -e "s/from pipenv.vendor.${pkgName}\(.*\) import \(\w*\)/from ${pkgName}\1 import \2/g"\
+ -e "s/import pipenv.vendor.${pkgName} as ${pkgName}/import ${pkgName}/g" \
+ -e "s/from .vendor import ${pkgName}/import ${pkgName}/g" || die "Failed to sed for ${pkgName}"
+ done
+
+ distutils-r1_src_prepare
+
+ # remove vendored versions
+ for pkgName in ${packages[@]}; do
+ find ./pipenv/vendor -regextype posix-extended -regex ".*${pkgName}$" -prune -exec rm -rvf {} + || die
+ # package names can be foo-bar, their module will be however foo_bar
+ find ./pipenv/vendor -regextype posix-extended -regex ".*${pkgName/_/-}" -prune -exec rm -rvf {} + || die
+ done
+
+ find ./pipenv/vendor -regextype posix-extended -regex '.*cached[_-]property.*' -prune -exec rm -rvf {} + || die
+
+ find ./ -type f -print0 | \
+ xargs --max-procs="${jobs}" --null \
+ sed --in-place \
+ -e "s/from pipenv\.vendor import plette, toml, tomlkit, vistir/from pipenv\.vendor import plette, toml, vistir\\nimport tomlkit/g"
+
+ # remove tomlkit from vendoring
+ for fname in pipenv/utils/toml.py tests/integration/conftest.py; do
+ sed --in-place -e "s/from pipenv\.vendor import toml, tomlkit/from pipenv\.vendor import toml\\nimport tomlkit/g" $fname || die "Failed sed in $fname"
+ done
+ #for fname in "tests/unit/test_vendor.py "; do
+ # sed --in-place -e "s/from pipenv\.vendor import tomlkit/import tomlkit/g" $fname || die "Failed sed in tomlkit"
+ #done
+ # remove python ruaml yaml
+ sed --in-place -e "s/from pipenv\.vendor\.ruamel\.yaml import YAML/from ruaml\.yaml import YAML/g" pipenv/patched/safety/util.py || die "Failed sed in ruaml-yaml"
+ sed --in-place -e "s/from pipenv\.vendor\.ruamel\.yaml\.error import MarkedYAMLError/from ruaml\.yaml\.error import MarkedYAMLError/g" pipenv/patched/safety/util.py || die "Failed sed in ruamel-yaml"
+
+ rm -vR pipenv/vendor/ruamel || die "Failed removing ruamel-yaml from vendor"
+
+ for fname in Makefile README.md README.rst ruamel.*.LICENSE vendor.txt; do
+ rm -v pipenv/vendor/$fname || die "Failed removing pipenv/vendor/$fname"
+ done
+
+}
+
+python_test() {
+ epytest -m "not cli and not needs_internet" tests/unit/
+}