Gentoo Archives: gentoo-commits

From: "Ian Delaney (idella4)" <idella4@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-python/logilab-common/files: logilab-common-sec-CVE-2014-1838-9.patch
Date: Thu, 27 Mar 2014 12:53:31
Message-Id: 20140327125328.9DD8F20051@flycatcher.gentoo.org
1 idella4 14/03/27 12:53:28
2
3 Added: logilab-common-sec-CVE-2014-1838-9.patch
4 Log:
5 revbump; sec fix wrt sec Bug #499872, rm old unstable versions
6
7 (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
8
9 Revision Changes Path
10 1.1 dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch?rev=1.1&content-type=text/plain
14
15 Index: logilab-common-sec-CVE-2014-1838-9.patch
16 ===================================================================
17 http://www.logilab.org/revision/207574
18 http://www.logilab.org/revision/210454
19 This is a re-base of the sec patches which appeared to offer no ready diff files @ logilab HQ
20 CVE-2014-1838 comprises deletion of the outright deletion of the pdf_ext module and edit of
21 the ChangeLog which, being trivial, has been excluded. The edit to the README is the only
22 remaining portion of CVE-2014-1838. The module is deleted in python_prepare_all().
23 diff -u logilab-common-0.60.1.orig/README logilab-common-0.60.1/README
24 --- logilab-common-0.60.1.orig/README 2013-12-16 23:23:10.000000000 +0800
25 +++ logilab-common-0.60.1/README 2014-03-27 20:05:25.037324979 +0800
26 @@ -123,8 +123,6 @@
27
28 * `hg`, some Mercurial_ utility functions.
29
30 -* `pdf_ext`, pdf and fdf file manipulations, with pdftk.
31 -
32 * `pyro_ext`, some Pyro_ utility functions.
33
34 * `sphinx_ext`, Sphinx_ plugin defining a `autodocstring` directive.
35 diff -u logilab-common-0.60.1.orig/shellutils.py logilab-common-0.60.1/shellutils.py
36 --- logilab-common-0.60.1.orig/shellutils.py 2013-12-16 23:23:10.000000000 +0800
37 +++ logilab-common-0.60.1/shellutils.py 2014-03-27 20:13:28.087314990 +0800
38 @@ -31,11 +31,13 @@
39 import errno
40 import string
41 import random
42 +import subprocess
43 from os.path import exists, isdir, islink, basename, join
44
45 from logilab.common import STD_BLACKLIST, _handle_blacklist
46 from logilab.common.compat import raw_input
47 from logilab.common.compat import str_to_bytes
48 +from logilab.common.deprecation import deprecated
49
50 try:
51 from logilab.common.proc import ProcInfo, NoSuchProcess
52 @@ -224,20 +226,16 @@
53 outfile.write(zfobj.read(name))
54 outfile.close()
55
56 +@deprecated('Use subprocess.Popen instead')
57 class Execute:
58 """This is a deadlock safe version of popen2 (no stdin), that returns
59 an object with errorlevel, out and err.
60 """
61
62 def __init__(self, command):
63 - outfile = tempfile.mktemp()
64 - errfile = tempfile.mktemp()
65 - self.status = os.system("( %s ) >%s 2>%s" %
66 - (command, outfile, errfile)) >> 8
67 - self.out = open(outfile, "r").read()
68 - self.err = open(errfile, "r").read()
69 - os.remove(outfile)
70 - os.remove(errfile)
71 + cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
72 + self.out, self.err = cmd.communicate()
73 + self.status = os.WEXITSTATUS(cmd.returncode)
74
75 def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600):
76 """Acquire a lock represented by a file on the file system