[Bug 215876] [MAINTAINER] math/py-pandas: Update to 0.19.2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215876 Wen Heping changed: What|Removed |Added Assignee|freebsd-ports-bugs@FreeBSD. |w...@freebsd.org |org | CC||w...@freebsd.org -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215876] [MAINTAINER] math/py-pandas: Update to 0.19.2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215876 --- Comment #1 from commit-h...@freebsd.org --- A commit references this bug: Author: wen Date: Mon Jan 9 10:50:20 UTC 2017 New revision: 430939 URL: https://svnweb.freebsd.org/changeset/ports/430939 Log: - Update to 0.19.2 - Expand optional dependency on SQLAlchemy to v1.1 - Strip binary modules PR: 215876 Submitted by: j...@saltant.com(maintainer) Changes: head/math/py-pandas/Makefile head/math/py-pandas/distinfo -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215876] [MAINTAINER] math/py-pandas: Update to 0.19.2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215876 Wen Heping changed: What|Removed |Added Resolution|--- |FIXED Status|New |Closed -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 Mark Felder changed: What|Removed |Added Resolution|--- |FIXED Status|In Progress |Closed --- Comment #14 from Mark Felder --- The change was reverted, but it doesn't matter anymore because 9.3 is EoL. I should not be proud the "fix" is to wait for the OS to be EoL... -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215615] graphics/py-pillow: Update to 3.4.2 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 Mark Felder changed: What|Removed |Added CC||f...@freebsd.org --- Comment #5 from Mark Felder --- When it's security related we don't need maintainer approval / wait for timeout. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215615] graphics/py-pillow: Update to 3.4.2 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 Mark Felder changed: What|Removed |Added Assignee|freebsd-ports-bugs@FreeBSD. |f...@freebsd.org |org | Flags|merge-quarterly?|merge-quarterly+ -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215615] graphics/py-pillow: Update to 3.4.2 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 --- Comment #6 from Po-Chuan Hsieh --- (In reply to Mark Felder from comment #5) Ok, so it's covered by portmgr blanket or ports-secteam blanket? -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215615] graphics/py-pillow: Update to 3.4.2 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 Mark Felder changed: What|Removed |Added Status|Open|Closed Resolution|--- |FIXED --- Comment #7 from Mark Felder --- committed, thanks! -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214412] graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214412 Bug 214412 depends on bug 215615, which changed state. Bug 215615 Summary: graphics/py-pillow: Update to 3.4.2 (security fixes) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 What|Removed |Added Status|Open|Closed Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215615] graphics/py-pillow: Update to 3.4.2 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 --- Comment #8 from commit-h...@freebsd.org --- A commit references this bug: Author: feld Date: Mon Jan 9 18:00:01 UTC 2017 New revision: 430992 URL: https://svnweb.freebsd.org/changeset/ports/430992 Log: graphics/py-pillow: Update to 3.4.2 (security fixes) - Update to 3.4.2 - Add JPEG2000 option Changes: https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst PR: 215615 MFH: 2017Q1 Changes: head/graphics/py-pillow/Makefile head/graphics/py-pillow/distinfo -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215615] graphics/py-pillow: Update to 3.4.2 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 --- Comment #9 from commit-h...@freebsd.org --- A commit references this bug: Author: feld Date: Mon Jan 9 18:00:36 UTC 2017 New revision: 430993 URL: https://svnweb.freebsd.org/changeset/ports/430993 Log: MFH: r430992 graphics/py-pillow: Update to 3.4.2 (security fixes) - Update to 3.4.2 - Add JPEG2000 option Changes: https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst PR: 215615 Approved by: ports-secteam (with hat) Changes: _U branches/2017Q1/ branches/2017Q1/graphics/py-pillow/Makefile branches/2017Q1/graphics/py-pillow/distinfo -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215615] graphics/py-pillow: Update to 3.4.2 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 --- Comment #10 from Mark Felder --- (In reply to Po-Chuan Hsieh from comment #6) ports-secteam approval generally overrides need of maintainer approval (of course common sense presides) -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215615] graphics/py-pillow: Update to 3.4.2 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215615 --- Comment #11 from Vladimir Krstulja --- (In reply to Po-Chuan Hsieh from comment #4) The reason I stated timeout, beside it being a security issue like feld said, is that I already have an issue open about it from November (the dependent bug #214412). I just never got around to producing a patch like you did :) -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214412] graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214412 Vladimir Krstulja changed: What|Removed |Added Status|Open|Closed Resolution|--- |FIXED --- Comment #4 from Vladimir Krstulja --- Fixed with upgrade to 3.4.2, please see bug #215615, and revision 430992 * https://svnweb.freebsd.org/changeset/ports/430992 -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215651] devel/py-Jinja2: Update to 2.8.1
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215651 Vladimir Krstulja changed: What|Removed |Added Flags||merge-quarterly? CC||pyt...@freebsd.org Severity|Affects Only Me |Affects Some People Keywords||needs-qa --- Comment #4 from Vladimir Krstulja --- Uh, wait. If Jinja2 >= 2.9 uses async, then 2.8.1 is still py3 compliant. We're using 2.8.1 in production with Python 3.5 (pip installed in virtualenv, tho', it's one of few packages we haven't yet switched to ports) and there's no problem, at least not to our use case (main HTML/XML renderer for a rather large flask web app). As for update from 2.8 to 2.8.1, I'm adding merge-quarterly request, these are the changes: (bugfix release, released on December 29th 2016) - Fixed the `for_qs` flag for `urlencode`. - Fixed regression when applying `int` to non-string values. - SECURITY: if the sandbox mode is used format expressions are now sandboxed with the same rules as in Jinja. This solves various information leakage problems that can occur with format strings. * https://github.com/pallets/jinja/blob/master/CHANGES Please revise the change and leave Python3 support for 2.8.1. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215651] devel/py-Jinja2: Update to 2.8.1
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215651 --- Comment #5 from Olivier Duchateau --- (In reply to Vladimir Krstulja from comment #4) No I keep my diff unchanged, it's maintainer's choice, if he wants to keep Python3 support. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 215651] devel/py-Jinja2: Update to 2.8.1
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215651 Vladimir Krstulja changed: What|Removed |Added Keywords||security --- Comment #6 from Vladimir Krstulja --- (In reply to Olivier Duchateau from comment #5) Ok. Let me just add this too, it appears that the asyncsupport.py is imported only if there's async support (environment.is_async == True), there's a conditional import for the template in compiler.py. I just ran a quick and dirty test in a py27 virtualenv, and Jinja2 2.9.3 imports fine. I have to test it with actual templates used, but I don't think there's a need to hard-limit Jinja2 to python2.7 only. Please correct me if I'm wrong. Also please be aware that there are 29 reverse dependencies of py-Jinja2, some of which, to my knowledge as I haven't tested all of them, build and work fine at the moment with DEFAULT_VERSIONS= python=3.5, most notably Sphinx and Flask. And only a handful of py3-Jinja2, I presume for some cases where those rdeps must be forced to py35-* So another question is why is py3-Jinja2 an entirely separate port and not a slave? If a sweeping change like this is to be done, perhaps it should be done closer to the next Quarterly cut-off, and we can combine the ports and fully switch to 2.9.x? -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
