NetBSD Problem Report #54798

From www@netbsd.org  Wed Dec 25 02:49:03 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 4FB9E7A1CD
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 25 Dec 2019 02:49:03 +0000 (UTC)
Message-Id: <20191225024902.3E7E87A1E8@mollari.NetBSD.org>
Date: Wed, 25 Dec 2019 02:49:02 +0000 (UTC)
From: jonthn+pkgsrc@pinacea.com
Reply-To: jonthn+pkgsrc@pinacea.com
To: gnats-bugs@NetBSD.org
Subject: devel/py-msgpack Update to version 0.6.2
X-Send-Pr-Version: www-1.0

>Number:         54798
>Category:       pkg
>Synopsis:       devel/py-msgpack Update to version 0.6.2
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 25 02:50:00 +0000 2019
>Closed-Date:    Sat Apr 11 14:10:16 +0000 2020
>Last-Modified:  Sat Apr 11 14:10:16 +0000 2020
>Originator:     Jonathan Buschmann
>Release:        
>Organization:
>Environment:
>Description:
Just a diff/patch to update this package to latest version

Changelog :

0.6.2

Release Date: 2019-09-20

    Support Python 3.8.
    Update Cython to 0.29.13 for support Python 3.8.
    Some small optimizations.

0.6.1

Release Date: 2019-01-25

This release is for mitigating pain caused by v0.6.0 reduced max input limits for security reason.


0.6.0

Release Date: 2018-11-30

This release contains some backward incompatible changes for security reason (DoS).
Important changes

    unpacker: Default value of input limits are smaller than before to avoid DoS attack. If you need to handle large data, you need to specify limits manually. (#319)
    Unpacker doesn't wrap underlaying ValueError (including UnicodeError) into UnpackValueError. If you want to catch all exception during unpack, you need to use try ... except Exception with minimum try code block. (#323, #233)
    PackValueError and PackOverflowError are also removed. You need to catch normal ValueError and OverflowError. (#323, #233)
    Unpacker has strict_map_key option now. When it is true, only bytes and str (unicode in Python 2) are allowed for map keys. It is recommended to avoid hashdos. Default value of this option is False for backward compatibility reason. But it will be changed True in 1.0. (#296, #334)

Other changes

    Extension modules are merged. There is msgpack._cmsgpack instead of msgpack._packer and msgpack._unpacker. (#314, #328)
    Add Unpacker.getbuffer() method. (#320)
    unpacker: msgpack.StackError is raised when input data contains too nested data. (#331)
    unpacker: msgpack.FormatError is raised when input data is not valid msgpack format. (#331)

>How-To-Repeat:

>Fix:
diff --git i/devel/py-msgpack/Makefile w/devel/py-msgpack/Makefile
index 67b2c776059..30f31706c22 100644
--- i/devel/py-msgpack/Makefile
+++ w/devel/py-msgpack/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD: Makefile,v 1.22 2018/02/23 14:20:55 adam Exp $

-DISTNAME=	msgpack-0.5.6
+DISTNAME=	msgpack-0.6.2
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=	devel python
 MASTER_SITES=	${MASTER_SITE_PYPI:=m/msgpack/}
diff --git i/devel/py-msgpack/PLIST w/devel/py-msgpack/PLIST
index 5ebc18a6802..e13c75ff464 100644
--- i/devel/py-msgpack/PLIST
+++ w/devel/py-msgpack/PLIST
@@ -2,8 +2,7 @@
 ${PYSITELIB}/msgpack/__init__.py
 ${PYSITELIB}/msgpack/__init__.pyc
 ${PYSITELIB}/msgpack/__init__.pyo
-${PYSITELIB}/msgpack/_packer.so
-${PYSITELIB}/msgpack/_unpacker.so
+${PYSITELIB}/msgpack/_cmsgpack.so
 ${PYSITELIB}/msgpack/_version.py
 ${PYSITELIB}/msgpack/_version.pyc
 ${PYSITELIB}/msgpack/_version.pyo
diff --git i/devel/py-msgpack/distinfo w/devel/py-msgpack/distinfo
index c683f30827f..321c3befa48 100644
--- i/devel/py-msgpack/distinfo
+++ w/devel/py-msgpack/distinfo
@@ -1,6 +1,6 @@
 $NetBSD: distinfo,v 1.13 2018/02/23 14:20:55 adam Exp $

-SHA1 (msgpack-0.5.6.tar.gz) = 916c234864a5eaae179982dcd4b20efaa3677a30
-RMD160 (msgpack-0.5.6.tar.gz) = 48818b2ea891871e70754fc3720a15d04a12c28c
-SHA512 (msgpack-0.5.6.tar.gz) = bdbd193bd3bd02e78d9c6e8d9d8fa687d13583dff2813bc77c5e6cbbe0d180765da3c9a80d176f9993589e35f548ad04973e3d523d0b6d41ef7916ecd86195aa
-Size (msgpack-0.5.6.tar.gz) = 138292 bytes
+SHA1 (msgpack-0.6.2.tar.gz) = 19f52aa24cc16163d64ab1a3c53f2587b723b106
+RMD160 (msgpack-0.6.2.tar.gz) = 48cc4b2df2dad4b6f5b815f15aa262dcdc2db2d6
+SHA512 (msgpack-0.6.2.tar.gz) = 95b92e3d35e0500dd4256d18bf76e586e57cc66319b4459ac5daef599277a5049177a89ad86e291dbdc4c7a918901a89d9218353ddc4a7d0b399e8a98afef363
+Size (msgpack-0.6.2.tar.gz) = 119062 bytes

>Release-Note:

>Audit-Trail:
From: Benny Siegert <bsiegert@gmail.com>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: pkg/54798: devel/py-msgpack Update to version 0.6.2
Date: Thu, 2 Jan 2020 20:26:04 +0100

 On Wed, Dec 25, 2019 at 3:50 AM <jonthn+pkgsrc@pinacea.com> wrote:
 > >Synopsis:       devel/py-msgpack Update to version 0.6.2

 This will break sysutils/py-borgbackup, which explicitly only supports
 0.5.6. We could switch it to a vendored copy of py-msgpack if we go
 ahead with this update.

 -- 
 Benny

State-Changed-From-To: open->closed
State-Changed-By: adam@NetBSD.org
State-Changed-When: Sat, 11 Apr 2020 14:10:16 +0000
State-Changed-Why:
Updated to 1.0.0


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.