diff --git a/www/py-requests/Makefile b/www/py-requests/Makefile
index 99a31c7d4c0..95a1d504667 100644
--- a/www/py-requests/Makefile
+++ b/www/py-requests/Makefile
@@ -2,13 +2,9 @@
COMMENT= elegant and simple HTTP library for Python
-MODPY_EGG_VERSION= 2.18.4
+MODPY_EGG_VERSION= 2.20.0
DISTNAME= requests-${MODPY_EGG_VERSION}
PKGNAME= py-${DISTNAME}
-REVISION= 0
-
-# XXX remove during next update
-DISTFILES = ${DISTNAME}_1{${DISTNAME}}${EXTRACT_SUFX}
CATEGORIES= www
diff --git a/www/py-requests/distinfo b/www/py-requests/distinfo
index 6a3a0f542b2..dfbc7c0549f 100644
--- a/www/py-requests/distinfo
+++ b/www/py-requests/distinfo
@@ -1,2 +1,2 @@
-SHA256 (requests-2.18.4_1.tar.gz) = nEQ+cyS6W4UHDEqBit4ov6vt8W6hAgbaETLtqm3aI34=
-SIZE (requests-2.18.4_1.tar.gz) = 126224
+SHA256 (requests-2.20.0.tar.gz) = mdz9qusXyvblJvMrant4BGFRKrPx2ZIYeAFpTLpCdww=
+SIZE (requests-2.20.0.tar.gz) = 111179
diff --git a/www/py-requests/pkg/PLIST b/www/py-requests/pkg/PLIST
index bf0d0e12636..feac233b56f 100644
--- a/www/py-requests/pkg/PLIST
+++ b/www/py-requests/pkg/PLIST
@@ -1,4 +1,6 @@
@comment $OpenBSD: PLIST,v 1.12 2018/01/21 23:20:10 jung Exp $
+lib/python${MODPY_VERSION}/
+lib/python${MODPY_VERSION}/site-packages/
lib/python${MODPY_VERSION}/site-packages/requests/
lib/python${MODPY_VERSION}/site-packages/requests-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/
lib/python${MODPY_VERSION}/site-packages/requests-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/PKG-INFO
Changelog:
- Fixed in 2.20.0 - CVE 2018-18074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074
The Requests package before 2.20.0 for Python sends an HTTP
Authorization header to an http URI upon receiving a same-hostname
https-to-http redirect, which makes it easier for remote attackers to
discover credentials by sniffing the network.
Diff attached. Builds fine on amd64 and only thing that requires it is
upt-pypi (limited to py3 variant).
Ok to merge?
--
Edward Lopez-Acosta
No comments:
Post a Comment