diff --git a/devel/py-installer/Makefile b/devel/py-installer/Makefile index 4bd4a88a9de0..19f35569a54b 100644 --- a/devel/py-installer/Makefile +++ b/devel/py-installer/Makefile @@ -1,26 +1,25 @@ PORTNAME= installer -PORTVERSION= 1.0.0 -PORTREVISION= 1 +PORTVERSION= 1.0.1 CATEGORIES= devel python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= sunpoet@FreeBSD.org COMMENT= Library for installing Python wheels WWW= https://installer.pypa.io/en/stable/ \ https://github.com/pypa/installer LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE USES= python USE_PYTHON= allflavors autoplist concurrent pep517 MAKE_ENV= PYTHONPATH=${WRKSRC}/src NO_ARCH= yes PEP517_BUILD_CMD= ${PYTHON_CMD} -m flit_core.wheel PEP517_BUILD_DEPEND= ${PYTHON_PKGNAMEPREFIX}flit-core>=3.11<4:devel/py-flit-core@${PY_FLAVOR} PEP517_INSTALL_DEPEND= # empty .include diff --git a/devel/py-installer/distinfo b/devel/py-installer/distinfo index 7e6b53d2854f..95dd63441b66 100644 --- a/devel/py-installer/distinfo +++ b/devel/py-installer/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1775587302 -SHA256 (installer-1.0.0.tar.gz) = c6d691331621cf3fec4822f5c6f83cab3705f79b316225dc454127411677c71f -SIZE (installer-1.0.0.tar.gz) = 462685 +TIMESTAMP = 1778641018 +SHA256 (installer-1.0.1.tar.gz) = 052c7fc3721d54c696e2dea019be67539d7b144e924f559f54beb3121831c364 +SIZE (installer-1.0.1.tar.gz) = 481132 diff --git a/devel/py-installer/files/patch-src_installer_destinations.py b/devel/py-installer/files/patch-src_installer_destinations.py deleted file mode 100644 index 1079affcaa6c..000000000000 --- a/devel/py-installer/files/patch-src_installer_destinations.py +++ /dev/null @@ -1,28 +0,0 @@ -Combination of https://github.com/pypa/installer/commit/8b72cf945bfa and -https://github.com/pypa/installer/commit/b5f03f151f0e. -See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294631 and -https://github.com/pypa/installer/issues/325. - ---- src/installer/destinations.py.orig 2026-03-28 15:38:56 UTC -+++ src/installer/destinations.py -@@ -136,8 +136,18 @@ class SchemeDictionaryDestination(WheelDestination): - """Silently overwrite existing files.""" - - def _path_with_destdir(self, scheme: Scheme, path: str) -> Path: -- target_dir = Path(self.scheme_dict[scheme]).resolve() -- file = (target_dir / path).resolve() -+ # See https://docs.python.org/3/library/zipfile.html#zipfile.Path: -+ # When handling untrusted archives, -+ # consider resolving filenames using os.path.abspath() -+ # and checking against the target directory with os.path.commonpath(). -+ # -+ # Attention: Path.absolute() is not sufficient because it does not -+ # normalize, i.e. does not remove "..". -+ # -+ # We want to avoid Path.resolve() because it is significantly slower -+ # than os.path.abspath()! -+ target_dir = Path(os.path.abspath(self.scheme_dict[scheme])) # noqa: PTH100 -+ file = Path(os.path.abspath(target_dir / path)) # noqa: PTH100 - - if not file.is_relative_to(target_dir): - raise ValueError(