K 10
svn:author
V 5
koobs
K 8
svn:date
V 27
2016-02-04T08:48:40.142763Z
K 7
svn:log
V 1237
ports-mgmt/portscout: Loop through all PyPI files

While processing Issue 206746 [1] for a security update to
security/py-rsa (For versions < 3.3), it was noticed that Portscout
had not identified the the newer version, released on 2016-01-13.

Investigation revealed that the PyPI SiteHandler in Portscout only
processed the first url/filename returned by PyPI, which in many cases
is not a tar.gz, the default EXTRACT_SUFFIX for source distribution
(sdist) files:

[py-rsa] VersionCheck()
[py-rsa] Checking site: https://pypi.python.org/packages/source/r/rsa/
Does site handler exist ... Yes
(Portscout::SiteHandler::PyPI) GET https://pypi.python.org/pypi/rsa/json
(Portscout::SiteHandler::PyPI) GET success: 200 Filename: rsa-3.3-py2.py3-none-any.whl
FindNewest: Checking rsa-3.3-py2.py3-none-any.whl ... against port DISTFILES.
FindNewest: Checking DISTFILE ... rsa-3.1.4.tar.gz (ver: 3.1.4, sufx: .tar.gz)
[py-rsa] Done

This change backports a commit [1] made to Portroach which adds a loop to
enumerate all URLs/filenames in the PyPI JSON response, not just the
first.

[1] https://github.com/jasperla/portroach/commit/e93b8331f6e5f850bbb5faca866efcbf73de756c

PR:		206746 [1]
Obtained from:	https://github.com/jasperla/portroach

END