Date: Wed, 13 May 2026 11:42:08 +0000 From: Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 1ece3aa0d2fe - main - devel/py-installer: Update to 1.0.1 Message-ID: <6a046390.4552b.73d5e7fb@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by sunpoet: URL: https://cgit.FreeBSD.org/ports/commit/?id=1ece3aa0d2fe70a9dc86a0c4fb1ae2d03e824a3c commit 1ece3aa0d2fe70a9dc86a0c4fb1ae2d03e824a3c Author: Po-Chuan Hsieh <sunpoet@FreeBSD.org> AuthorDate: 2026-05-13 11:39:54 +0000 Commit: Po-Chuan Hsieh <sunpoet@FreeBSD.org> CommitDate: 2026-05-13 11:39:54 +0000 devel/py-installer: Update to 1.0.1 Changes: https://github.com/pypa/installer/releases --- devel/py-installer/Makefile | 3 +-- devel/py-installer/distinfo | 6 ++--- .../files/patch-src_installer_destinations.py | 28 ---------------------- 3 files changed, 4 insertions(+), 33 deletions(-) diff --git a/devel/py-installer/Makefile b/devel/py-installer/Makefile index 4bd4a88a9de0..19f35569a54b 100644 --- a/devel/py-installer/Makefile +++ b/devel/py-installer/Makefile @@ -1,6 +1,5 @@ PORTNAME= installer -PORTVERSION= 1.0.0 -PORTREVISION= 1 +PORTVERSION= 1.0.1 CATEGORIES= devel python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/devel/py-installer/distinfo b/devel/py-installer/distinfo index 7e6b53d2854f..95dd63441b66 100644 --- a/devel/py-installer/distinfo +++ b/devel/py-installer/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1775587302 -SHA256 (installer-1.0.0.tar.gz) = c6d691331621cf3fec4822f5c6f83cab3705f79b316225dc454127411677c71f -SIZE (installer-1.0.0.tar.gz) = 462685 +TIMESTAMP = 1778641018 +SHA256 (installer-1.0.1.tar.gz) = 052c7fc3721d54c696e2dea019be67539d7b144e924f559f54beb3121831c364 +SIZE (installer-1.0.1.tar.gz) = 481132 diff --git a/devel/py-installer/files/patch-src_installer_destinations.py b/devel/py-installer/files/patch-src_installer_destinations.py deleted file mode 100644 index 1079affcaa6c..000000000000 --- a/devel/py-installer/files/patch-src_installer_destinations.py +++ /dev/null @@ -1,28 +0,0 @@ -Combination of https://github.com/pypa/installer/commit/8b72cf945bfa and -https://github.com/pypa/installer/commit/b5f03f151f0e. -See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294631 and -https://github.com/pypa/installer/issues/325. - ---- src/installer/destinations.py.orig 2026-03-28 15:38:56 UTC -+++ src/installer/destinations.py -@@ -136,8 +136,18 @@ class SchemeDictionaryDestination(WheelDestination): - """Silently overwrite existing files.""" - - def _path_with_destdir(self, scheme: Scheme, path: str) -> Path: -- target_dir = Path(self.scheme_dict[scheme]).resolve() -- file = (target_dir / path).resolve() -+ # See https://docs.python.org/3/library/zipfile.html#zipfile.Path: -+ # When handling untrusted archives, -+ # consider resolving filenames using os.path.abspath() -+ # and checking against the target directory with os.path.commonpath(). -+ # -+ # Attention: Path.absolute() is not sufficient because it does not -+ # normalize, i.e. does not remove "..". -+ # -+ # We want to avoid Path.resolve() because it is significantly slower -+ # than os.path.abspath()! -+ target_dir = Path(os.path.abspath(self.scheme_dict[scheme])) # noqa: PTH100 -+ file = Path(os.path.abspath(target_dir / path)) # noqa: PTH100 - - if not file.is_relative_to(target_dir): - raise ValueError(home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a046390.4552b.73d5e7fb>