| 1 |
idella4 14/03/27 12:53:28 |
| 2 |
|
| 3 |
Added: logilab-common-sec-CVE-2014-1838-9.patch |
| 4 |
Log: |
| 5 |
revbump; sec fix wrt sec Bug #499872, rm old unstable versions |
| 6 |
|
| 7 |
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: logilab-common-sec-CVE-2014-1838-9.patch |
| 16 |
=================================================================== |
| 17 |
http://www.logilab.org/revision/207574 |
| 18 |
http://www.logilab.org/revision/210454 |
| 19 |
This is a re-base of the sec patches which appeared to offer no ready diff files @ logilab HQ |
| 20 |
CVE-2014-1838 comprises deletion of the outright deletion of the pdf_ext module and edit of |
| 21 |
the ChangeLog which, being trivial, has been excluded. The edit to the README is the only |
| 22 |
remaining portion of CVE-2014-1838. The module is deleted in python_prepare_all(). |
| 23 |
diff -u logilab-common-0.60.1.orig/README logilab-common-0.60.1/README |
| 24 |
--- logilab-common-0.60.1.orig/README 2013-12-16 23:23:10.000000000 +0800 |
| 25 |
+++ logilab-common-0.60.1/README 2014-03-27 20:05:25.037324979 +0800 |
| 26 |
@@ -123,8 +123,6 @@ |
| 27 |
|
| 28 |
* `hg`, some Mercurial_ utility functions. |
| 29 |
|
| 30 |
-* `pdf_ext`, pdf and fdf file manipulations, with pdftk. |
| 31 |
- |
| 32 |
* `pyro_ext`, some Pyro_ utility functions. |
| 33 |
|
| 34 |
* `sphinx_ext`, Sphinx_ plugin defining a `autodocstring` directive. |
| 35 |
diff -u logilab-common-0.60.1.orig/shellutils.py logilab-common-0.60.1/shellutils.py |
| 36 |
--- logilab-common-0.60.1.orig/shellutils.py 2013-12-16 23:23:10.000000000 +0800 |
| 37 |
+++ logilab-common-0.60.1/shellutils.py 2014-03-27 20:13:28.087314990 +0800 |
| 38 |
@@ -31,11 +31,13 @@ |
| 39 |
import errno |
| 40 |
import string |
| 41 |
import random |
| 42 |
+import subprocess |
| 43 |
from os.path import exists, isdir, islink, basename, join |
| 44 |
|
| 45 |
from logilab.common import STD_BLACKLIST, _handle_blacklist |
| 46 |
from logilab.common.compat import raw_input |
| 47 |
from logilab.common.compat import str_to_bytes |
| 48 |
+from logilab.common.deprecation import deprecated |
| 49 |
|
| 50 |
try: |
| 51 |
from logilab.common.proc import ProcInfo, NoSuchProcess |
| 52 |
@@ -224,20 +226,16 @@ |
| 53 |
outfile.write(zfobj.read(name)) |
| 54 |
outfile.close() |
| 55 |
|
| 56 |
+@deprecated('Use subprocess.Popen instead') |
| 57 |
class Execute: |
| 58 |
"""This is a deadlock safe version of popen2 (no stdin), that returns |
| 59 |
an object with errorlevel, out and err. |
| 60 |
""" |
| 61 |
|
| 62 |
def __init__(self, command): |
| 63 |
- outfile = tempfile.mktemp() |
| 64 |
- errfile = tempfile.mktemp() |
| 65 |
- self.status = os.system("( %s ) >%s 2>%s" % |
| 66 |
- (command, outfile, errfile)) >> 8 |
| 67 |
- self.out = open(outfile, "r").read() |
| 68 |
- self.err = open(errfile, "r").read() |
| 69 |
- os.remove(outfile) |
| 70 |
- os.remove(errfile) |
| 71 |
+ cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
| 72 |
+ self.out, self.err = cmd.communicate() |
| 73 |
+ self.status = os.WEXITSTATUS(cmd.returncode) |
| 74 |
|
| 75 |
def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600): |
| 76 |
"""Acquire a lock represented by a file on the file system |
Archives