Navigation:
Browse pkgsrc
(this page)
print py-octop..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2025-01-19 17:13:21 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: py-octoprint: updated to 1.10.3 1.10.3 Changes Security fixes Severity Moderate (5.5): OctoPrint versions up until and including 1.10.2 are \ vulnerable to reflected XSS vulnerabilities through its Jinja2 template system, \ as this is not configured to enforce automatic escaping. This affects, among \ other places, the login dialog and the standalone application key confirmation \ dialog. An attacker who successfully talked a victim into clicking on or through a \ malicious third party app successfully redirected a victim to a specially \ crafted link could use this to retrieve or modify sensitive configuration \ settings, interrupt prints or otherwise interact with the OctoPrint instance in \ a malicious way. The above mentioned specific vulnerabilities of the login dialog and the \ standalone application key confirmation dialog have been fixed in 1.10.3 by \ individual escaping of the detected locations. A global change throughout all of \ OctoPrint's templating system with the upcoming 1.11.0 release will handle this \ further, switching to globally enforced automatic escaping and thus reducing the \ attack surface in general. The latter will also improve the security of third party plugins. During a \ transition period, third party plugins will be able to opt into the automatic \ escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be \ enforced even for third party plugins, unless they explicitly opt-out. See also the GitHub Security Advisory and CVE-2024-49377. Severity Moderate (5.3): OctoPrint versions up until and including 1.10.2 \ contain a vulnerability that allows an attacker that has gained temporary \ control over an authenticated victim's OctoPrint browser session to \ retrieve/recreate/delete the user's or - if the victim has admin permissions - \ the global API key without having to reauthenticate by re-entering the user \ account's password. An attacker could use a stolen API key to access OctoPrint through its API, or \ disrupt workflows depending on the API key they deleted. See also the GitHub Security Advisory and CVE-2024-51493. Minor Security fixes Core,: Use secrets lib to generate Flask secret key, API keys and user session IDs. Discovery Plugin: Removed version number from discovery.xml of SSDP discovery. \ Combats information leakage. GCODE Viewer Plugin: Limited access to skip_until check API to available \ GCODE_VIEWER and FILES_DOWNLOAD permissions. Combats information leakage. Bug fixes Core Fixed a typo where the config setting server.reverseProxy.trustedUpstream was \ used instead of server.reverseProxy.trustedDownstream. Also made the SockJS \ trusted proxy check align with that of Flask & Tornado. Fixed file list cache being created before all extension tree providing plugins \ have had a chance to act. Plugin Manager Fixed dequeuing of plugin installs. |
| 2024-09-18 10:13:36 by Adam Ciarcinski | Files touched by this commit (1) |
Log message: py-octoprint: remove unused patch |
| 2024-09-18 10:12:20 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-octoprint: updated to 1.10.2 1.10.2 Core Fix a translation string in the german translation. Fix/workaround for a third party dependency change, breaking the octoprint dev \ plugin:new command. Fix behaviour of "Hide successful prints" filter in the file list. \ Folders will be shown as long as they have at least one file in them that has \ not been printed successfully yet, and they will also be shown if they contain \ the currently selected file, regardless of the amount of successful prints. Fix an import to be compatible to Jinja2>=3.1.3. Pin pydantic to 1.10.16 to work around an issue with Python 3.12.4. Achievements Plugin Fix a string in the german translation that caused the Achievements overview to \ not correctly render if german language was selected. Fix description of the Adventurer achievement Fix event processing if the backup or plugin manager plugins are disabled. |
| 2023-11-05 23:34:51 by Thomas Klausner | Files touched by this commit (1) |
Log message: py-octoprint: not for Python 3.12 |
| 2022-01-05 16:41:32 by Thomas Klausner | Files touched by this commit (289) |
Log message: python: egg.mk: add USE_PKG_RESOURCES flag This flag should be set for packages that import pkg_resources and thus need setuptools after the build step. Set this flag for packages that need it and bump PKGREVISION. |
| 2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message: *: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS |
| 2021-12-07 11:51:22 by Pierre Pronchery | Files touched by this commit (3) |
Log message: py-octoprint: fix dependencies Bumps PKGREVISION. Thanks wiz@ for the heads up! |
| 2021-10-26 13:15:15 by Nia Alarie | Files touched by this commit (1670) |
Log message: print: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes |
New packages: