diff options
-rw-r--r-- | dev-python/logilab-common/ChangeLog | 11 | ||||
-rw-r--r-- | dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch | 60 | ||||
-rw-r--r-- | dev-python/logilab-common/logilab-common-0.59.1.ebuild | 71 | ||||
-rw-r--r-- | dev-python/logilab-common/logilab-common-0.60.0.ebuild | 76 | ||||
-rw-r--r-- | dev-python/logilab-common/logilab-common-0.60.1-r1.ebuild (renamed from dev-python/logilab-common/logilab-common-0.60.1.ebuild) | 10 |
5 files changed, 76 insertions, 152 deletions
diff --git a/dev-python/logilab-common/ChangeLog b/dev-python/logilab-common/ChangeLog index 2a60bc005ef6..aa7d0299e9cf 100644 --- a/dev-python/logilab-common/ChangeLog +++ b/dev-python/logilab-common/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for dev-python/logilab-common # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/ChangeLog,v 1.134 2014/02/12 04:49:32 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/ChangeLog,v 1.135 2014/03/27 12:53:28 idella4 Exp $ + +*logilab-common-0.60.1-r1 (27 Mar 2014) + + 27 Mar 2014; Ian Delaney <idella4@gentoo.org> + +files/logilab-common-sec-CVE-2014-1838-9.patch, + +logilab-common-0.60.1-r1.ebuild, -logilab-common-0.59.1.ebuild, + -logilab-common-0.60.0.ebuild, -logilab-common-0.60.1.ebuild, + logilab-common-0.61.0.ebuild: + revbump; sec fix wrt sec Bug #499872, rm old unstable versions *logilab-common-0.61.0 (12 Feb 2014) diff --git a/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch b/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch new file mode 100644 index 000000000000..95172c301aae --- /dev/null +++ b/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch @@ -0,0 +1,60 @@ +http://www.logilab.org/revision/207574 +http://www.logilab.org/revision/210454 +This is a re-base of the sec patches which appeared to offer no ready diff files @ logilab HQ +CVE-2014-1838 comprises deletion of the outright deletion of the pdf_ext module and edit of +the ChangeLog which, being trivial, has been excluded. The edit to the README is the only +remaining portion of CVE-2014-1838. The module is deleted in python_prepare_all(). +diff -u logilab-common-0.60.1.orig/README logilab-common-0.60.1/README +--- logilab-common-0.60.1.orig/README 2013-12-16 23:23:10.000000000 +0800 ++++ logilab-common-0.60.1/README 2014-03-27 20:05:25.037324979 +0800 +@@ -123,8 +123,6 @@ + + * `hg`, some Mercurial_ utility functions. + +-* `pdf_ext`, pdf and fdf file manipulations, with pdftk. +- + * `pyro_ext`, some Pyro_ utility functions. + + * `sphinx_ext`, Sphinx_ plugin defining a `autodocstring` directive. +diff -u logilab-common-0.60.1.orig/shellutils.py logilab-common-0.60.1/shellutils.py +--- logilab-common-0.60.1.orig/shellutils.py 2013-12-16 23:23:10.000000000 +0800 ++++ logilab-common-0.60.1/shellutils.py 2014-03-27 20:13:28.087314990 +0800 +@@ -31,11 +31,13 @@ + import errno + import string + import random ++import subprocess + from os.path import exists, isdir, islink, basename, join + + from logilab.common import STD_BLACKLIST, _handle_blacklist + from logilab.common.compat import raw_input + from logilab.common.compat import str_to_bytes ++from logilab.common.deprecation import deprecated + + try: + from logilab.common.proc import ProcInfo, NoSuchProcess +@@ -224,20 +226,16 @@ + outfile.write(zfobj.read(name)) + outfile.close() + ++@deprecated('Use subprocess.Popen instead') + class Execute: + """This is a deadlock safe version of popen2 (no stdin), that returns + an object with errorlevel, out and err. + """ + + def __init__(self, command): +- outfile = tempfile.mktemp() +- errfile = tempfile.mktemp() +- self.status = os.system("( %s ) >%s 2>%s" % +- (command, outfile, errfile)) >> 8 +- self.out = open(outfile, "r").read() +- self.err = open(errfile, "r").read() +- os.remove(outfile) +- os.remove(errfile) ++ cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) ++ self.out, self.err = cmd.communicate() ++ self.status = os.WEXITSTATUS(cmd.returncode) + + def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600): + """Acquire a lock represented by a file on the file system diff --git a/dev-python/logilab-common/logilab-common-0.59.1.ebuild b/dev-python/logilab-common/logilab-common-0.59.1.ebuild deleted file mode 100644 index 98336739c3c3..000000000000 --- a/dev-python/logilab-common/logilab-common-0.59.1.ebuild +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/logilab-common-0.59.1.ebuild,v 1.6 2013/12/02 12:21:44 mgorny Exp $ - -EAPI=5 -# broken with python3.3, bug #449276 -PYTHON_COMPAT=( python{2_6,2_7,3_2} pypy2_0 ) - -inherit distutils-r1 eutils - -DESCRIPTION="Useful miscellaneous modules used by Logilab projects" -HOMEPAGE="http://www.logilab.org/project/logilab-common http://pypi.python.org/pypi/logilab-common" -SRC_URI="ftp://ftp.logilab.org/pub/common/${P}.tar.gz mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" - -LICENSE="LGPL-2.1" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos" -IUSE="test doc" - -RDEPEND="dev-python/setuptools[${PYTHON_USEDEP}] - virtual/python-unittest2[${PYTHON_USEDEP}]" - -# Tests using dev-python/psycopg are skipped when dev-python/psycopg -# isn't installed. -# egenix-mx-base tests are optional, and egenix-mx-base does support -# Python2 only. -DEPEND="${RDEPEND} - test? ( - dev-python/egenix-mx-base[$(python_gen_usedep 'python2*')] - !dev-python/psycopg[-mxdatetime] - ) - doc? ( dev-python/epydoc )" - -PATCHES=( - # Make sure setuptools does not create a zip file in python_test; - # this is buggy and causes tests to fail. - "${FILESDIR}/${PN}-0.59.1-zipsafe.patch" -) - -python_prepare_all() { - sed -e 's:(CURDIR):{S}/${P}:' -i doc/makefile || die - distutils-r1_python_prepare_all -} - -python_compile_all() { - if use doc; then - # Simplest way to make makefile point to the right place. - ln -s "${BUILD_DIR}" build || die - emake -C doc epydoc - rm build || die - fi -} - -python_test() { - distutils_install_for_testing - - # Prevent timezone related failure. - export TZ=UTC - - # Make sure that the tests use correct modules. - pushd "${TEST_DIR}"/lib > /dev/null || die - "${TEST_DIR}"/scripts/pytest || die "Tests fail with ${EPYTHON}" - popd > /dev/null || die -} - -python_install_all() { - distutils-r1_python_install_all - - doman doc/pytest.1 - use doc && dohtml -r doc/apidoc/. -} diff --git a/dev-python/logilab-common/logilab-common-0.60.0.ebuild b/dev-python/logilab-common/logilab-common-0.60.0.ebuild deleted file mode 100644 index 3d609ff5b6a5..000000000000 --- a/dev-python/logilab-common/logilab-common-0.60.0.ebuild +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/logilab-common-0.60.0.ebuild,v 1.4 2013/12/02 12:21:44 mgorny Exp $ - -EAPI=5 - -# 0.60.0 fails unittest_umessage with python3.3 -# http://www.logilab.org/ticket/149345 -PYTHON_COMPAT=( python{2_6,2_7,3_2} pypy2_0 ) - -inherit distutils-r1 eutils - -DESCRIPTION="Useful miscellaneous modules used by Logilab projects" -HOMEPAGE="http://www.logilab.org/project/logilab-common http://pypi.python.org/pypi/logilab-common" -SRC_URI="ftp://ftp.logilab.org/pub/common/${P}.tar.gz mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" - -LICENSE="LGPL-2.1" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos" -IUSE="test doc" - -RDEPEND="dev-python/setuptools[${PYTHON_USEDEP}] - virtual/python-unittest2[${PYTHON_USEDEP}]" - -# Tests using dev-python/psycopg are skipped when dev-python/psycopg -# isn't installed. -# egenix-mx-base tests are optional, and egenix-mx-base does support -# Python2 only. -DEPEND="${RDEPEND} - test? ( - $(python_gen_cond_dep dev-python/egenix-mx-base[$(python_gen_usedep 'python2*')] 'python2*') - !dev-python/psycopg[-mxdatetime] - ) - doc? ( dev-python/epydoc )" - -PATCHES=( - # Make sure setuptools does not create a zip file in python_test; - # this is buggy and causes tests to fail. - "${FILESDIR}/${PN}-0.59.1-zipsafe.patch" - - # Depends on order of dictionary keys - "${FILESDIR}/logilab-common-0.60.0-skip-doctest.patch" -) - -python_prepare_all() { - sed -e 's:(CURDIR):{S}/${P}:' -i doc/makefile || die - distutils-r1_python_prepare_all -} - -python_compile_all() { - if use doc; then - # Simplest way to make makefile point to the right place. - ln -s "${BUILD_DIR}" build || die - emake -C doc epydoc - rm build || die - fi -} - -python_test() { - distutils_install_for_testing - - # Prevent timezone related failure. - export TZ=UTC - - # Make sure that the tests use correct modules. - pushd "${TEST_DIR}"/lib > /dev/null || die - "${TEST_DIR}"/scripts/pytest || die "Tests fail with ${EPYTHON}" - popd > /dev/null || die -} - -python_install_all() { - distutils-r1_python_install_all - - doman doc/pytest.1 - use doc && dohtml -r doc/apidoc/. -} diff --git a/dev-python/logilab-common/logilab-common-0.60.1.ebuild b/dev-python/logilab-common/logilab-common-0.60.1-r1.ebuild index d013b1e42fd8..1d1b413c51f2 100644 --- a/dev-python/logilab-common/logilab-common-0.60.1.ebuild +++ b/dev-python/logilab-common/logilab-common-0.60.1-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/logilab-common-0.60.1.ebuild,v 1.1 2014/01/08 03:48:51 patrick Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/logilab-common-0.60.1-r1.ebuild,v 1.1 2014/03/27 12:53:28 idella4 Exp $ EAPI=5 @@ -36,13 +36,15 @@ DEPEND="${RDEPEND} PATCHES=( # Make sure setuptools does not create a zip file in python_test; # this is buggy and causes tests to fail. - "${FILESDIR}/${PN}-0.59.1-zipsafe.patch" - + "${FILESDIR}"/${PN}-0.59.1-zipsafe.patch # Depends on order of dictionary keys - "${FILESDIR}/logilab-common-0.60.0-skip-doctest.patch" + "${FILESDIR}"/logilab-common-0.60.0-skip-doctest.patch + "${FILESDIR}"/${PN}-sec-CVE-2014-1838-9.patch ) python_prepare_all() { + # CVE-2014-1838 + rm -f pdf_ext.py || die sed -e 's:(CURDIR):{S}/${P}:' -i doc/makefile || die distutils-r1_python_prepare_all } |