From 6abbf81ef2f298e3221ff5e67a1f3c5f23958212 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 14 Dec 2020 13:26:14 +0000
Subject: gentoo resync : 14.12.2020

---
 dev-python/py/Manifest                            |  5 ++-
 dev-python/py/files/py-1.9.0-cve-2020-29651.patch | 31 +++++++++++++++
 dev-python/py/py-1.10.0.ebuild                    | 24 ++++++++++++
 dev-python/py/py-1.9.0-r1.ebuild                  | 42 ---------------------
 dev-python/py/py-1.9.0-r2.ebuild                  | 46 +++++++++++++++++++++++
 5 files changed, 105 insertions(+), 43 deletions(-)
 create mode 100644 dev-python/py/files/py-1.9.0-cve-2020-29651.patch
 create mode 100644 dev-python/py/py-1.10.0.ebuild
 delete mode 100644 dev-python/py/py-1.9.0-r1.ebuild
 create mode 100644 dev-python/py/py-1.9.0-r2.ebuild

(limited to 'dev-python/py')

diff --git a/dev-python/py/Manifest b/dev-python/py/Manifest
index e22fd32aae37..5cf440d5d122 100644
--- a/dev-python/py/Manifest
+++ b/dev-python/py/Manifest
@@ -1,5 +1,8 @@
 AUX py-1.5.2-skip-apiwarn-pytest31.patch 517 BLAKE2B a086d8130c1ead322461e7d89249f07e2dd9a6eee4f7e878bd8c01cf19df695a6a5698ec0cc50770f0514cbedbd2aa88e3fc356a72c78eab4b6bc378b5d1f590 SHA512 01da1bb928fe3b22a69a439481a1ebdac790811da781b7ee497ffa1b7362270628527b33f2d5dc0e83ebc2e57cdaf9fbd2974735f580931222f33e543fd69762
 AUX py-1.8.0-pytest-4.patch 20364 BLAKE2B 8fe8f3b659ef6f586d3de299dcc2e986fec0ede3659c19c08f1c273e3204278620770051603e0c7bffbb47a6b9ecb438f5b7744c0c5894512b0f50877188a6e0 SHA512 ade290d37af218077100f03da5c8ce6e77b93e79317405b9e62059a2c97e14e21e56a11dec7d031f6f2deeff05ce0d6c0c3488535a6d117a02cacc1e18da46e3
+AUX py-1.9.0-cve-2020-29651.patch 1113 BLAKE2B 4a7f69b47ccd27036dcab4e9cd856804ca1d03f57d23c88c7c2577b4e0ac1bf98a3670f2e872e519bd25498dc62dcbc41a60567aef5bbbed11b265e6a70be290 SHA512 cbfc1c1e508fd9326534065ea595679b10f298b5f6084d0d19b95e393a5f49ec5c6e58f635b10ca84c2eca027c1b001db7f01e986f9679530041c763d763b47b
+DIST py-1.10.0.tar.gz 206984 BLAKE2B 94abc8f348a0ae1b64a1417fbb5ea1e29929a0a98130a968ed80d92824c242a9614493c8c7f87c3db8294d2baf3bdb35ce0254fe2aac0fb6af2c151b682c5d33 SHA512 7a0eb964067bc01fa4f8ffe70b043abfd4619134fbee2935713e28382085d0b8972c319ed665a643b879b18ce662db8a9bd722937af7cf36c233214eea211dd1
 DIST py-1.9.0.tar.gz 210098 BLAKE2B d7f9b22ebaedd12534198912c1fa0be80f42e97751701442e060e1c244b06ab82239fe78a3cc7119fa4df5d87ecfd97bfb2568744693d3ffe9824ae1d73e59f9 SHA512 965b2adfe1b13177629ccfcdf6d0a13460683ca7a01d585163deb1af15d926fc86680d9e51660f6cbb8569f822a4d54ce281c029e363d244ddf67e33b102ad0a
-EBUILD py-1.9.0-r1.ebuild 1267 BLAKE2B 3e75fff7e68162c68e9a5c2bc4cd659759741642d4a5eb4957010ce66c555c2a512b3975ee166b696e52b79ce1cd2bb83c414afa02745501244471d6951a48a3 SHA512 1e77587976a6769973f48ae9ca5aa80bb12e77695d45594f390282652fa8971d13507e9ab503aaf389f7c283f077c7827741420996032a0a3fb0efa64de24074
+EBUILD py-1.10.0.ebuild 826 BLAKE2B c872b7bc9392a66b91001efb3df9e9e42dad5c5d2e79edb8fb7badd6d104cfbc141b8c078c7d4b46ca82e30b720e64164916ec7cf5009893b2d6752e0f5cb314 SHA512 2f70207ea82dccb1df4c8273ce838b05ee595d4a58f9f149e383974af318d44063239cadcd258bf479497eb632450f84e3370576589f8e3d891547805c329966
+EBUILD py-1.9.0-r2.ebuild 1424 BLAKE2B 37dfa023d9a6fde1ff40ae95e7fa83c35876b308de3a514d81d4f2d7595d4f66e6d8bd55a1aa4fa5339b7fcf9e9f0db4786299fce002d441fd44b40c58c18b8f SHA512 0a6b72abd7031f9d311edf4ff46fb72b9fc67dff00eb4dc889f827f51c534f3d33cfd7b21c4ddf75cf48b898304e96b803c826ad26da7a14b862d9107e654306
 MISC metadata.xml 340 BLAKE2B 110b7f7cc26818661b98f60f589a782c0a9ed827fb43a89eef8cd7096045b1cc168410d9525641d4a78dee9709679d4d9ee7c38680caef5f37a73f1e726007cd SHA512 ce65db3c076a27acc6af28c1adecf61bfd7d10872612994fd616c72e91264be87460823055182e3b60f6931f22386d3a9f541ddd16c902fd8e02a6a345e65f5c
diff --git a/dev-python/py/files/py-1.9.0-cve-2020-29651.patch b/dev-python/py/files/py-1.9.0-cve-2020-29651.patch
new file mode 100644
index 000000000000..af89fb14808c
--- /dev/null
+++ b/dev-python/py/files/py-1.9.0-cve-2020-29651.patch
@@ -0,0 +1,31 @@
+From 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 Mon Sep 17 00:00:00 2001
+From: Ran Benita <ran@unusedvar.com>
+Date: Fri, 4 Sep 2020 13:57:26 +0300
+Subject: [PATCH] svnwc: fix regular expression vulnerable to DoS in blame
+ functionality
+
+The subpattern `\d+\s*\S+` is ambiguous which makes the pattern subject
+to catastrophic backtracing given a string like `"1" * 5000`.
+
+SVN blame output seems to always have at least one space between the
+revision number and the user name, so the ambiguity can be fixed by
+changing the `*` to `+`.
+
+Fixes #256.
+---
+ py/_path/svnwc.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/py/_path/svnwc.py b/py/_path/svnwc.py
+index 3138dd85..b5b9d8d5 100644
+--- a/py/_path/svnwc.py
++++ b/py/_path/svnwc.py
+@@ -396,7 +396,7 @@ def makecmdoptions(self):
+     def __str__(self):
+         return "<SvnAuth username=%s ...>" %(self.username,)
+ 
+-rex_blame = re.compile(r'\s*(\d+)\s*(\S+) (.*)')
++rex_blame = re.compile(r'\s*(\d+)\s+(\S+) (.*)')
+ 
+ class SvnWCCommandPath(common.PathBase):
+     """ path implementation offering access/modification to svn working copies.
diff --git a/dev-python/py/py-1.10.0.ebuild b/dev-python/py/py-1.10.0.ebuild
new file mode 100644
index 000000000000..98989aafbc2b
--- /dev/null
+++ b/dev-python/py/py-1.10.0.ebuild
@@ -0,0 +1,24 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} pypy3 )
+
+inherit distutils-r1
+
+DESCRIPTION="library with cross-python path, ini-parsing, io, code, log facilities"
+HOMEPAGE="https://pylib.readthedocs.io/en/latest/ https://pypi.org/project/py/"
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+# This package is unmaintained and keeps being broken periodically.
+RESTRICT=test
+
+BDEPEND="
+	dev-python/setuptools_scm[${PYTHON_USEDEP}]"
+
+distutils_enable_sphinx doc
+distutils_enable_tests pytest
diff --git a/dev-python/py/py-1.9.0-r1.ebuild b/dev-python/py/py-1.9.0-r1.ebuild
deleted file mode 100644
index 78e1479659e4..000000000000
--- a/dev-python/py/py-1.9.0-r1.ebuild
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6..9} pypy3 )
-
-inherit distutils-r1
-
-DESCRIPTION="library with cross-python path, ini-parsing, io, code, log facilities"
-HOMEPAGE="https://pylib.readthedocs.io/en/latest/ https://pypi.org/project/py/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-
-BDEPEND="
-	dev-python/setuptools_scm[${PYTHON_USEDEP}]"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.5.2-skip-apiwarn-pytest31.patch
-	"${FILESDIR}"/${PN}-1.8.0-pytest-4.patch
-)
-
-distutils_enable_sphinx doc
-distutils_enable_tests pytest
-
-src_prepare() {
-	# broken on py3.8, don't seem important
-	sed -i -e 's:test_syntaxerror_rerepresentation:_&:' \
-		-e 's:test_comments:_&:' \
-		testing/code/test_source.py || die
-	# broken on py3.9, this package is just dead
-	sed -i -e 's:test_getfslineno:_&:' \
-		testing/code/test_source.py || die
-
-	distutils-r1_src_prepare
-
-	# broken, and relying on exact assertion strings
-	rm testing/code/test_assertion.py || die
-}
diff --git a/dev-python/py/py-1.9.0-r2.ebuild b/dev-python/py/py-1.9.0-r2.ebuild
new file mode 100644
index 000000000000..c7102745bc31
--- /dev/null
+++ b/dev-python/py/py-1.9.0-r2.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} pypy3 )
+
+inherit distutils-r1
+
+DESCRIPTION="library with cross-python path, ini-parsing, io, code, log facilities"
+HOMEPAGE="https://pylib.readthedocs.io/en/latest/ https://pypi.org/project/py/"
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+# This package is unmaintained and keeps being broken periodically.
+RESTRICT=test
+
+BDEPEND="
+	dev-python/setuptools_scm[${PYTHON_USEDEP}]"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.5.2-skip-apiwarn-pytest31.patch
+	"${FILESDIR}"/${PN}-1.8.0-pytest-4.patch
+	# https://bugs.gentoo.org/759547
+	"${FILESDIR}"/${P}-cve-2020-29651.patch
+)
+
+distutils_enable_sphinx doc
+distutils_enable_tests pytest
+
+src_prepare() {
+	# broken on py3.8, don't seem important
+	sed -i -e 's:test_syntaxerror_rerepresentation:_&:' \
+		-e 's:test_comments:_&:' \
+		testing/code/test_source.py || die
+	# broken on py3.9, this package is just dead
+	sed -i -e 's:test_getfslineno:_&:' \
+		testing/code/test_source.py || die
+
+	distutils-r1_src_prepare
+
+	# broken, and relying on exact assertion strings
+	rm testing/code/test_assertion.py || die
+}
-- 
cgit v1.2.3