From 6712fde0b877ac8ae5c3cd3051215db1c7f366c5 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Wed, 10 Jun 2020 13:25:44 -0500 Subject: user/py3-pyyaml: [CVE] bump to 5.3.1 (#251) --- user/py3-pyyaml/APKBUILD | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'user/py3-pyyaml') diff --git a/user/py3-pyyaml/APKBUILD b/user/py3-pyyaml/APKBUILD index e2ce44251..afbf6f336 100644 --- a/user/py3-pyyaml/APKBUILD +++ b/user/py3-pyyaml/APKBUILD @@ -2,11 +2,12 @@ # Maintainer: pkgname=py3-pyyaml _pkgname=pyyaml -pkgver=5.1.2 +pkgver=5.3.1 pkgrel=0 pkgdesc="YAML parser and emitter for Python" url="https://pyyaml.org/wiki/PyYAML" arch="noarch" +# Certified net clean license="MIT" depends="python3 yaml" makedepends="python3-dev yaml yaml-dev" @@ -14,6 +15,10 @@ subpackages="" source="$pkgname-$pkgver.tar.gz::https://github.com/yaml/$_pkgname/archive/$pkgver.tar.gz" builddir="$srcdir/$_pkgname-$pkgver" +# secfixes: +# 5.3.1-r0: +# - CVE-2020-1747 + build() { # Seems like they need Cython to build the C extension now, so it falls back to pure Python. # Once we ship Cython we can probably change this. @@ -28,4 +33,4 @@ package() { python3 setup.py install --prefix=/usr --root="$pkgdir" } -sha512sums="7bc3dceadcfd512ede67581625887d00822464f20d3b646904f4a73afce8cf3b9766829c6004b626c31757edf8e2eedc27e60d96bee13afa68d3296a8a7f33bb py3-pyyaml-5.1.2.tar.gz" +sha512sums="27d97e8493c7660c7c0c471e20a8aa46c85431e4559a98bcbdafc2bd89a67fd04c6f2090e54ff6b206c868b33635ef8be68070a4c25d17a25c97fd5ad3549556 py3-pyyaml-5.3.1.tar.gz" -- cgit v1.2.3-70-g09d2