summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--dev-python/logilab-common/ChangeLog11
-rw-r--r--dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch60
-rw-r--r--dev-python/logilab-common/logilab-common-0.59.1.ebuild71
-rw-r--r--dev-python/logilab-common/logilab-common-0.60.0.ebuild76
-rw-r--r--dev-python/logilab-common/logilab-common-0.60.1-r1.ebuild (renamed from dev-python/logilab-common/logilab-common-0.60.1.ebuild)10
5 files changed, 76 insertions, 152 deletions
diff --git a/dev-python/logilab-common/ChangeLog b/dev-python/logilab-common/ChangeLog
index 2a60bc005ef6..aa7d0299e9cf 100644
--- a/dev-python/logilab-common/ChangeLog
+++ b/dev-python/logilab-common/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for dev-python/logilab-common
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/ChangeLog,v 1.134 2014/02/12 04:49:32 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/ChangeLog,v 1.135 2014/03/27 12:53:28 idella4 Exp $
+
+*logilab-common-0.60.1-r1 (27 Mar 2014)
+
+ 27 Mar 2014; Ian Delaney <idella4@gentoo.org>
+ +files/logilab-common-sec-CVE-2014-1838-9.patch,
+ +logilab-common-0.60.1-r1.ebuild, -logilab-common-0.59.1.ebuild,
+ -logilab-common-0.60.0.ebuild, -logilab-common-0.60.1.ebuild,
+ logilab-common-0.61.0.ebuild:
+ revbump; sec fix wrt sec Bug #499872, rm old unstable versions
*logilab-common-0.61.0 (12 Feb 2014)
diff --git a/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch b/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch
new file mode 100644
index 000000000000..95172c301aae
--- /dev/null
+++ b/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch
@@ -0,0 +1,60 @@
+http://www.logilab.org/revision/207574
+http://www.logilab.org/revision/210454
+This is a re-base of the sec patches which appeared to offer no ready diff files @ logilab HQ
+CVE-2014-1838 comprises deletion of the outright deletion of the pdf_ext module and edit of
+the ChangeLog which, being trivial, has been excluded. The edit to the README is the only
+remaining portion of CVE-2014-1838. The module is deleted in python_prepare_all().
+diff -u logilab-common-0.60.1.orig/README logilab-common-0.60.1/README
+--- logilab-common-0.60.1.orig/README 2013-12-16 23:23:10.000000000 +0800
++++ logilab-common-0.60.1/README 2014-03-27 20:05:25.037324979 +0800
+@@ -123,8 +123,6 @@
+
+ * `hg`, some Mercurial_ utility functions.
+
+-* `pdf_ext`, pdf and fdf file manipulations, with pdftk.
+-
+ * `pyro_ext`, some Pyro_ utility functions.
+
+ * `sphinx_ext`, Sphinx_ plugin defining a `autodocstring` directive.
+diff -u logilab-common-0.60.1.orig/shellutils.py logilab-common-0.60.1/shellutils.py
+--- logilab-common-0.60.1.orig/shellutils.py 2013-12-16 23:23:10.000000000 +0800
++++ logilab-common-0.60.1/shellutils.py 2014-03-27 20:13:28.087314990 +0800
+@@ -31,11 +31,13 @@
+ import errno
+ import string
+ import random
++import subprocess
+ from os.path import exists, isdir, islink, basename, join
+
+ from logilab.common import STD_BLACKLIST, _handle_blacklist
+ from logilab.common.compat import raw_input
+ from logilab.common.compat import str_to_bytes
++from logilab.common.deprecation import deprecated
+
+ try:
+ from logilab.common.proc import ProcInfo, NoSuchProcess
+@@ -224,20 +226,16 @@
+ outfile.write(zfobj.read(name))
+ outfile.close()
+
++@deprecated('Use subprocess.Popen instead')
+ class Execute:
+ """This is a deadlock safe version of popen2 (no stdin), that returns
+ an object with errorlevel, out and err.
+ """
+
+ def __init__(self, command):
+- outfile = tempfile.mktemp()
+- errfile = tempfile.mktemp()
+- self.status = os.system("( %s ) >%s 2>%s" %
+- (command, outfile, errfile)) >> 8
+- self.out = open(outfile, "r").read()
+- self.err = open(errfile, "r").read()
+- os.remove(outfile)
+- os.remove(errfile)
++ cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
++ self.out, self.err = cmd.communicate()
++ self.status = os.WEXITSTATUS(cmd.returncode)
+
+ def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600):
+ """Acquire a lock represented by a file on the file system
diff --git a/dev-python/logilab-common/logilab-common-0.59.1.ebuild b/dev-python/logilab-common/logilab-common-0.59.1.ebuild
deleted file mode 100644
index 98336739c3c3..000000000000
--- a/dev-python/logilab-common/logilab-common-0.59.1.ebuild
+++ /dev/null
@@ -1,71 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/logilab-common-0.59.1.ebuild,v 1.6 2013/12/02 12:21:44 mgorny Exp $
-
-EAPI=5
-# broken with python3.3, bug #449276
-PYTHON_COMPAT=( python{2_6,2_7,3_2} pypy2_0 )
-
-inherit distutils-r1 eutils
-
-DESCRIPTION="Useful miscellaneous modules used by Logilab projects"
-HOMEPAGE="http://www.logilab.org/project/logilab-common http://pypi.python.org/pypi/logilab-common"
-SRC_URI="ftp://ftp.logilab.org/pub/common/${P}.tar.gz mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos"
-IUSE="test doc"
-
-RDEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
- virtual/python-unittest2[${PYTHON_USEDEP}]"
-
-# Tests using dev-python/psycopg are skipped when dev-python/psycopg
-# isn't installed.
-# egenix-mx-base tests are optional, and egenix-mx-base does support
-# Python2 only.
-DEPEND="${RDEPEND}
- test? (
- dev-python/egenix-mx-base[$(python_gen_usedep 'python2*')]
- !dev-python/psycopg[-mxdatetime]
- )
- doc? ( dev-python/epydoc )"
-
-PATCHES=(
- # Make sure setuptools does not create a zip file in python_test;
- # this is buggy and causes tests to fail.
- "${FILESDIR}/${PN}-0.59.1-zipsafe.patch"
-)
-
-python_prepare_all() {
- sed -e 's:(CURDIR):{S}/${P}:' -i doc/makefile || die
- distutils-r1_python_prepare_all
-}
-
-python_compile_all() {
- if use doc; then
- # Simplest way to make makefile point to the right place.
- ln -s "${BUILD_DIR}" build || die
- emake -C doc epydoc
- rm build || die
- fi
-}
-
-python_test() {
- distutils_install_for_testing
-
- # Prevent timezone related failure.
- export TZ=UTC
-
- # Make sure that the tests use correct modules.
- pushd "${TEST_DIR}"/lib > /dev/null || die
- "${TEST_DIR}"/scripts/pytest || die "Tests fail with ${EPYTHON}"
- popd > /dev/null || die
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- doman doc/pytest.1
- use doc && dohtml -r doc/apidoc/.
-}
diff --git a/dev-python/logilab-common/logilab-common-0.60.0.ebuild b/dev-python/logilab-common/logilab-common-0.60.0.ebuild
deleted file mode 100644
index 3d609ff5b6a5..000000000000
--- a/dev-python/logilab-common/logilab-common-0.60.0.ebuild
+++ /dev/null
@@ -1,76 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/logilab-common-0.60.0.ebuild,v 1.4 2013/12/02 12:21:44 mgorny Exp $
-
-EAPI=5
-
-# 0.60.0 fails unittest_umessage with python3.3
-# http://www.logilab.org/ticket/149345
-PYTHON_COMPAT=( python{2_6,2_7,3_2} pypy2_0 )
-
-inherit distutils-r1 eutils
-
-DESCRIPTION="Useful miscellaneous modules used by Logilab projects"
-HOMEPAGE="http://www.logilab.org/project/logilab-common http://pypi.python.org/pypi/logilab-common"
-SRC_URI="ftp://ftp.logilab.org/pub/common/${P}.tar.gz mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos"
-IUSE="test doc"
-
-RDEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
- virtual/python-unittest2[${PYTHON_USEDEP}]"
-
-# Tests using dev-python/psycopg are skipped when dev-python/psycopg
-# isn't installed.
-# egenix-mx-base tests are optional, and egenix-mx-base does support
-# Python2 only.
-DEPEND="${RDEPEND}
- test? (
- $(python_gen_cond_dep dev-python/egenix-mx-base[$(python_gen_usedep 'python2*')] 'python2*')
- !dev-python/psycopg[-mxdatetime]
- )
- doc? ( dev-python/epydoc )"
-
-PATCHES=(
- # Make sure setuptools does not create a zip file in python_test;
- # this is buggy and causes tests to fail.
- "${FILESDIR}/${PN}-0.59.1-zipsafe.patch"
-
- # Depends on order of dictionary keys
- "${FILESDIR}/logilab-common-0.60.0-skip-doctest.patch"
-)
-
-python_prepare_all() {
- sed -e 's:(CURDIR):{S}/${P}:' -i doc/makefile || die
- distutils-r1_python_prepare_all
-}
-
-python_compile_all() {
- if use doc; then
- # Simplest way to make makefile point to the right place.
- ln -s "${BUILD_DIR}" build || die
- emake -C doc epydoc
- rm build || die
- fi
-}
-
-python_test() {
- distutils_install_for_testing
-
- # Prevent timezone related failure.
- export TZ=UTC
-
- # Make sure that the tests use correct modules.
- pushd "${TEST_DIR}"/lib > /dev/null || die
- "${TEST_DIR}"/scripts/pytest || die "Tests fail with ${EPYTHON}"
- popd > /dev/null || die
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- doman doc/pytest.1
- use doc && dohtml -r doc/apidoc/.
-}
diff --git a/dev-python/logilab-common/logilab-common-0.60.1.ebuild b/dev-python/logilab-common/logilab-common-0.60.1-r1.ebuild
index d013b1e42fd8..1d1b413c51f2 100644
--- a/dev-python/logilab-common/logilab-common-0.60.1.ebuild
+++ b/dev-python/logilab-common/logilab-common-0.60.1-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/logilab-common-0.60.1.ebuild,v 1.1 2014/01/08 03:48:51 patrick Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-python/logilab-common/logilab-common-0.60.1-r1.ebuild,v 1.1 2014/03/27 12:53:28 idella4 Exp $
EAPI=5
@@ -36,13 +36,15 @@ DEPEND="${RDEPEND}
PATCHES=(
# Make sure setuptools does not create a zip file in python_test;
# this is buggy and causes tests to fail.
- "${FILESDIR}/${PN}-0.59.1-zipsafe.patch"
-
+ "${FILESDIR}"/${PN}-0.59.1-zipsafe.patch
# Depends on order of dictionary keys
- "${FILESDIR}/logilab-common-0.60.0-skip-doctest.patch"
+ "${FILESDIR}"/logilab-common-0.60.0-skip-doctest.patch
+ "${FILESDIR}"/${PN}-sec-CVE-2014-1838-9.patch
)
python_prepare_all() {
+ # CVE-2014-1838
+ rm -f pdf_ext.py || die
sed -e 's:(CURDIR):{S}/${P}:' -i doc/makefile || die
distutils-r1_python_prepare_all
}