[gentoo-commits] repo/gentoo:master commit in: www-apps/roundup/files/, www-apps/roundup/ - gentoo-commits

From:	"Cédric Krier" <cedk@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: www-apps/roundup/files/, www-apps/roundup/
Date:	Sat, 14 Sep 2019 13:38:38
Message-Id:	`1568468311.87c4a503664a1a271435d3409d06b412318aa0bb.cedk@gentoo`

1

commit:     87c4a503664a1a271435d3409d06b412318aa0bb

2

Author:     Cédric Krier <cedk <AT> gentoo <DOT> org>

3

AuthorDate: Sat Sep 14 13:37:52 2019 +0000

4

Commit:     Cédric Krier <cedk <AT> gentoo <DOT> org>

5

CommitDate: Sat Sep 14 13:38:31 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87c4a503

7

8

www-apps/roundup: Version bumps

9

10

Package-Manager: Portage-2.3.69, Repoman-2.3.16

11

Signed-off-by: Cédric Krier <cedk <AT> gentoo.org>

12

13

 www-apps/roundup/Manifest                          |   2 +-

14

 .../roundup/files/roundup-1.6.0-configparser.patch |  40 ------

15

 .../roundup/files/roundup-1.6.0-csrf-headers.patch | 150 ---------------------

16

 www-apps/roundup/files/roundup-1.6.0-xss.patch     |  35 -----

17

 www-apps/roundup/metadata.xml                      |   5 +

18

 ...oundup-1.6.0-r1.ebuild => roundup-1.6.1.ebuild} |  16 ++-

19

 6 files changed, 15 insertions(+), 233 deletions(-)

20

21

diff --git a/www-apps/roundup/Manifest b/www-apps/roundup/Manifest

22

index 07f3cccfd45..b97d22ec510 100644

23

--- a/www-apps/roundup/Manifest

24

+++ b/www-apps/roundup/Manifest

25

@@ -1,2 +1,2 @@

26

 DIST roundup-1.5.1.tar.gz 2618886 BLAKE2B 5ccca10ce7f30b35b0875340c4cae87aa19e5384e6e5973576ea8e2de79eb83d32447580944f472d73e7cdb5f43a4ed7f805d51242e22cc2f756b3deae4004b2 SHA512 d7cdeaafb682ce7f202cacddeb1a42312f22778a2c83b52b4e838c27b1e7141a94b2ac2b670b0edee0efcfe27d74e31e6f267ae1380e90359def27385ca68d58

27

-DIST roundup-1.6.0.tar.gz 2893499 BLAKE2B 5fe75b0953d16cebe52a25379d5a13f7745eb87e4a6a46f17945c3655394c1d1d2aff9e74783ee3e4757fc407ca2b46a7c3ef6d20eedbfb695783302fb64bf1f SHA512 1a8e9c0c7a6e607953ee91ce750f72bf53b5c6dc4bbd6d001570dd77abf396d4de2c832ef45495b87890a3c11b158be9e7a8eed635f63b5586b7bb9399856dcc

28

+DIST roundup-1.6.1.tar.gz 3128618 BLAKE2B 7fa87006582feac74f0fc455bc201f2485326b8f6ed616164f667992da114d45e8d8cef370a825450b5a4cb757ba0453d5fe3ace47164bd83e78a8c6f28b9d05 SHA512 b7666c5515c76baa4fa3ac3d0efea82feace6270af55bbc70e603b2ce0c617b4a303a15133310c1e00d3b6442baa58060d5387f568014652b1b781d9248f0052

29

30

diff --git a/www-apps/roundup/files/roundup-1.6.0-configparser.patch b/www-apps/roundup/files/roundup-1.6.0-configparser.patch

31

deleted file mode 100644

32

index 6bdfc8dfaaa..00000000000

33

--- a/www-apps/roundup/files/roundup-1.6.0-configparser.patch

34

+++ /dev/null

35

@@ -1,40 +0,0 @@

36

-changeset:   5625:99175953520e

37

-branch:      maint-1.6

38

-parent:      5537:d698d3d843a9

39

-user:        Joseph Myers <jsm@×××××××××××××.uk>

40

-date:        Mon Aug 20 00:50:16 2018 +0000

41

-files:       CHANGES.txt roundup/configuration.py

42

-description:

43

-Fix issue2550994: breakage caused by configparser backports.

44

-

45

-

46

-diff -r d698d3d843a9 -r 99175953520e roundup/configuration.py

47

---- a/roundup/configuration.py	Thu Sep 06 17:04:49 2018 -0400

48

-+++ b/roundup/configuration.py	Mon Aug 20 00:50:16 2018 +0000

49

-@@ -2,9 +2,15 @@

50

- #

51

- __docformat__ = "restructuredtext"

52

-

53

--try:

54

-+# Some systems have a backport of the Python 3 configparser module to

55

-+# Python 2: <https://pypi.org/project/configparser/>.  That breaks

56

-+# Roundup if used with Python 2 because it generates unicode objects

57

-+# where not expected by the Python code.  Thus, a version check is

58

-+# used here instead of try/except.

59

-+import sys

60

-+if sys.version_info[0] > 2:

61

-     import configparser			# Python 3

62

--except ImportError:

63

-+else:

64

-     import ConfigParser as configparser	# Python 2

65

-

66

- import getopt

67

-@@ -12,7 +18,6 @@

68

- import logging, logging.config

69

- import os

70

- import re

71

--import sys

72

- import time

73

- import smtplib

74

-

75

-

76

77

diff --git a/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch b/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch

78

deleted file mode 100644

79

index 8be484d5f80..00000000000

80

--- a/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch

81

+++ /dev/null

82

@@ -1,150 +0,0 @@

83

-changeset:   5629:8e3df461d316

84

-branch:      maint-1.6

85

-user:        John Rouillard <rouilj@××××.org>

86

-date:        Wed Feb 27 21:47:39 2019 -0500

87

-files:       CHANGES.txt roundup/cgi/client.py roundup/scripts/roundup_server.py test/test_cgi.py

88

-description:

89

-issue2551023: Fix CSRF headers for use with wsgi and cgi. The

90

-env variable array used - separators rather than _. Compare:

91

-HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is

92

-correct. Also fix roundup-server to produce the latter form. (Patch

93

-by Cédric Krier)

94

-

95

-

96

-diff -r 64ceb9c14b28 -r 8e3df461d316 roundup/cgi/client.py

97

---- a/roundup/cgi/client.py	Tue Feb 12 21:31:41 2019 -0500

98

-+++ b/roundup/cgi/client.py	Wed Feb 27 21:47:39 2019 -0500

99

-@@ -1026,7 +1026,7 @@

100

-         # If required headers are missing, raise an error

101

-         for header in header_names:

102

-             if (config["WEB_CSRF_ENFORCE_HEADER_%s"%header] == 'required'

103

--                    and "HTTP_%s"%header not in self.env):

104

-+                    and "HTTP_%s" % header.replace('-', '_') not in self.env):

105

-                 logger.error(self._("csrf header %s required but missing for user%s."), header, current_user)

106

-                 raise Unauthorised, self._("Missing header: %s")%header

107

-

108

-@@ -1062,9 +1062,9 @@

109

-                 header_pass += 1

110

-

111

-         enforce=config['WEB_CSRF_ENFORCE_HEADER_X-FORWARDED-HOST']

112

--        if 'HTTP_X-FORWARDED-HOST' in self.env:

113

-+        if 'HTTP_X_FORWARDED_HOST' in self.env:

114

-             if enforce != "no":

115

--                host = self.env['HTTP_X-FORWARDED-HOST']

116

-+                host = self.env['HTTP_X_FORWARDED_HOST']

117

-                 foundat = self.base.find('://' + host + '/')

118

-                 # 4 means self.base has http:/ prefix, 5 means https:/ prefix

119

-                 if foundat not in [4, 5]:

120

-@@ -1111,7 +1111,7 @@

121

-                 # Note we do not use CSRF nonces for xmlrpc requests.

122

-                 #

123

-                 # see: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers

124

--                if 'HTTP_X-REQUESTED-WITH' not in self.env:

125

-+                if 'HTTP_X_REQUESTED_WITH' not in self.env:

126

-                     logger.error(self._("csrf X-REQUESTED-WITH xmlrpc required header check failed for user%s."), current_user)

127

-                     raise UsageError, self._("Required Header Missing")

128

-

129

-diff -r 64ceb9c14b28 -r 8e3df461d316 roundup/scripts/roundup_server.py

130

---- a/roundup/scripts/roundup_server.py	Tue Feb 12 21:31:41 2019 -0500

131

-+++ b/roundup/scripts/roundup_server.py	Wed Feb 27 21:47:39 2019 -0500

132

-@@ -384,8 +384,8 @@

133

-             # If behind a proxy, this is the hostname supplied

134

-             # via the Host header to the proxy. Used by core code.

135

-             # Controlled by the CSRF settings.

136

--            env['HTTP_X-FORWARDED-HOST'] = xfh

137

--        xff = self.headers.getheader('X-Forwarded-For', None)

138

-+            env['HTTP_X_FORWARDED_HOST'] = xfh

139

-+        xff = self.headers.get('X-Forwarded-For', None)

140

-         if xff:

141

-             # xff is a list of ip addresses for original client/proxies:

142

-             # X-Forwarded-For: clientIP, proxy1IP, proxy2IP

143

-@@ -394,8 +394,8 @@

144

-             # Made available for extensions if the user trusts it.

145

-             # E.g. you may wish to disable recaptcha validation extension

146

-             # if the ip of the client matches 172.16.0.0.

147

--            env['HTTP_X-FORWARDED-FOR'] = xff

148

--        xfp = self.headers.getheader('X-Forwarded-Proto', None)

149

-+            env['HTTP_X_FORWARDED_FOR'] = xff

150

-+        xfp = self.headers.get('X-Forwarded-Proto', None)

151

-         if xfp:

152

-             # xfp is the protocol (http/https) seen by proxies in the

153

-             # path of the request. I am not sure if there is only

154

-@@ -408,8 +408,8 @@

155

-             # May not be trustworthy. Do not use in core without

156

-             # config option to control its use.

157

-             # Made available for extensions if the user trusts it.

158

--            env['HTTP_X-FORWARDED-PROTO'] = xfp

159

--        if os.environ.has_key('CGI_SHOW_TIMING'):

160

-+            env['HTTP_X_FORWARDED_PROTO'] = xfp

161

-+        if 'CGI_SHOW_TIMING' in os.environ:

162

-             env['CGI_SHOW_TIMING'] = os.environ['CGI_SHOW_TIMING']

163

-         env['HTTP_ACCEPT_LANGUAGE'] = self.headers.get('accept-language')

164

-         referer = self.headers.get('Referer')

165

-@@ -420,8 +420,8 @@

166

-             env['HTTP_ORIGIN'] = origin

167

-         xrw = self.headers.get('x-requested-with')

168

-         if xrw:

169

--            env['HTTP_X-REQUESTED-WITH'] = xrw

170

--        range = self.headers.getheader('range')

171

-+            env['HTTP_X_REQUESTED_WITH'] = xrw

172

-+        range = self.headers.get('range')

173

-         if range:

174

-             env['HTTP_RANGE'] = range

175

-

176

-diff -r 64ceb9c14b28 -r 8e3df461d316 test/test_cgi.py

177

---- a/test/test_cgi.py	Tue Feb 12 21:31:41 2019 -0500

178

-+++ b/test/test_cgi.py	Wed Feb 27 21:47:39 2019 -0500

179

-@@ -888,7 +888,7 @@

180

-         del(cl.env['HTTP_ORIGIN'])

181

-         del(out[0])

182

-

183

--        cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.com'

184

-+        cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.com'

185

-         # if there is an X-FORWARDED-HOST header it is used and

186

-         # HOST header is ignored. X-FORWARDED-HOST should only be

187

-         # passed/set by a proxy. In this case the HOST header is

188

-@@ -899,7 +899,7 @@

189

-         match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')

190

-         print "result of subtest 4:", out[0]

191

-         self.assertNotEqual(match_at, -1)

192

--        del(cl.env['HTTP_X-FORWARDED-HOST'])

193

-+        del(cl.env['HTTP_X_FORWARDED_HOST'])

194

-         del(cl.env['HTTP_HOST'])

195

-         del(out[0])

196

-

197

-@@ -912,14 +912,14 @@

198

-         del(out[0])

199

-

200

-         # try failing headers

201

--        cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.net'

202

-+        cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.net'

203

-         # this raises an error as the header check passes and 

204

-         # it did the edit and tries to send mail.

205

-         cl.inner_main()

206

-         match_at=out[0].find('Invalid X-FORWARDED-HOST whoami.net')

207

-         print "result of subtest 6:", out[0]

208

-         self.assertNotEqual(match_at, -1)

209

--        del(cl.env['HTTP_X-FORWARDED-HOST'])

210

-+        del(cl.env['HTTP_X_FORWARDED_HOST'])

211

-         del(out[0])

212

-

213

-         # header checks succeed

214

-@@ -1031,7 +1031,7 @@

215

-                             'CONTENT_TYPE': 'text/plain',

216

-                             'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',

217

-                             'HTTP_REFERER': 'http://whoami.com/path/',

218

--                            'HTTP_X-REQUESTED-WITH': "XMLHttpRequest"

219

-+                            'HTTP_X_REQUESTED_WITH': "XMLHttpRequest"

220

-                         }, form)

221

-         cl.db = self.db

222

-         cl.base = 'http://whoami.com/path/'

223

-@@ -1059,7 +1059,7 @@

224

-         del(out[0])

225

-

226

-         # remove the X-REQUESTED-WITH header and get an xmlrpc fault returned

227

--        del(cl.env['HTTP_X-REQUESTED-WITH'])

228

-+        del(cl.env['HTTP_X_REQUESTED_WITH'])

229

-         cl.handle_xmlrpc()

230

-         output="<?xml version='1.0'?>\n<methodResponse>\n<fault>\n<value><struct>\n<member>\n<name>faultCode</name>\n<value><int>1</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string>&lt;class 'roundup.exceptions.UsageError'&gt;:Required Header Missing</string></value>\n</member>\n</struct></value>\n</fault>\n</methodResponse>\n"

231

-         print out[0]

232

-

233

234

diff --git a/www-apps/roundup/files/roundup-1.6.0-xss.patch b/www-apps/roundup/files/roundup-1.6.0-xss.patch

235

deleted file mode 100644

236

index 44a607e0c46..00000000000

237

--- a/www-apps/roundup/files/roundup-1.6.0-xss.patch

238

+++ /dev/null

239

@@ -1,35 +0,0 @@

240

-changeset:   5665:ab37c1705dbf

241

-branch:      maint-1.6

242

-parent:      5635:ea35ab75a4c0

243

-user:        John Rouillard <rouilj@××××.org>

244

-date:        Fri Mar 22 18:16:11 2019 -0400

245

-files:       CHANGES.txt frontends/roundup.cgi roundup/cgi/wsgi_handler.py

246

-description:

247

-Fix fix XSS issue in wsgi and cgi when handing url not found/404. issue2551035

248

-

249

-

250

-diff -r ea35ab75a4c0 -r ab37c1705dbf frontends/roundup.cgi

251

---- a/frontends/roundup.cgi	Thu Mar 07 15:42:21 2019 +0100

252

-+++ b/frontends/roundup.cgi	Fri Mar 22 18:16:11 2019 -0400

253

-@@ -179,7 +179,7 @@

254

-                 request.send_response(404)

255

-                 request.send_header('Content-Type', 'text/html')

256

-                 request.end_headers()

257

--                out.write('Not found: %s'%client.path)

258

-+                out.write('Not found: %s'%cgi.escape(client.path))

259

-

260

-     else:

261

-         import urllib

262

-diff -r ea35ab75a4c0 -r ab37c1705dbf roundup/cgi/wsgi_handler.py

263

---- a/roundup/cgi/wsgi_handler.py	Thu Mar 07 15:42:21 2019 +0100

264

-+++ b/roundup/cgi/wsgi_handler.py	Fri Mar 22 18:16:11 2019 -0400

265

-@@ -66,7 +66,7 @@

266

-             client.main()

267

-         except roundup.cgi.client.NotFound:

268

-             request.start_response([('Content-Type', 'text/html')], 404)

269

--            request.wfile.write('Not found: %s'%client.path)

270

-+            request.wfile.write('Not found: %s'%cgi.escape(client.path))

271

-

272

-         # all body data has been written using wfile

273

-         return []

274

-

275

276

diff --git a/www-apps/roundup/metadata.xml b/www-apps/roundup/metadata.xml

277

index 0942edd0187..499f901ab9c 100644

278

--- a/www-apps/roundup/metadata.xml

279

+++ b/www-apps/roundup/metadata.xml

280

@@ -13,4 +13,9 @@

281

 		<remote-id type="pypi">roundup</remote-id>

282

 		<remote-id type="sourceforge">roundup</remote-id>

283

 	</upstream>

284

+	<use>

285

+		<flag name="tz">Enable full support of timezone</flag>

286

+		<flag name="xapian">Enable Xapian full-text indexer</flag>

287

+		<flag name="whoosh">Enable Whoosh full-text indexer</flag>

288

+	</use>

289

 </pkgmetadata>

290

291

diff --git a/www-apps/roundup/roundup-1.6.0-r1.ebuild b/www-apps/roundup/roundup-1.6.1.ebuild

292

similarity index 62%

293

rename from www-apps/roundup/roundup-1.6.0-r1.ebuild

294

rename to www-apps/roundup/roundup-1.6.1.ebuild

295

index 4e1c93d0283..eebb51a675b 100644

296

--- a/www-apps/roundup/roundup-1.6.0-r1.ebuild

297

+++ b/www-apps/roundup/roundup-1.6.1.ebuild

298

@@ -13,18 +13,20 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"

299

 LICENSE="MIT ZPL"

300

 SLOT="0"

301

 KEYWORDS="~amd64 ~ppc ~sparc ~x86"

302

+IUSE="+tz sqlite mysql postgres xapian whoosh ssl"

303

304

 DEPEND=""

305

-RDEPEND="${DEPEND}"

306

+RDEPEND="${DEPEND}

307

+	tz? ( dev-python/pytz[$PYTHON_USEDEP] )

308

+	sqlite? ( dev-lang/python:*[sqlite] )

309

+	mysql? ( dev-python/mysql-python[$PYTHON_USEDEP] )

310

+	postgres? ( >=dev-python/psycopg-1.1.21[$PYTHON_USEDEP] )

311

+	xapian? ( >=dev-libs/xapian-bindings-1.0.0[python,$PYTHON_USEDEP] )

312

+	whoosh? ( >=dev-python/whoosh-2.5.7[$PYTHON_USEDEP] )

313

+	ssl? ( dev-python/pyopenssl[$PYTHON_USEDEP] )"

314

315

 DOCS="CHANGES.txt doc/*.txt"

316

317

-PATCHES=(

318

-	"${FILESDIR}/${P}-configparser.patch"

319

-	"${FILESDIR}/${P}-csrf-headers.patch"

320

-	"${FILESDIR}/${P}-xss.patch"

321

-)

322

-

323

 python_install_all() {

324

 	distutils-r1_python_install_all

325

 	rm -r "${ED}"/usr/share/doc/${PN} || die

1	commit: 87c4a503664a1a271435d3409d06b412318aa0bb
2	Author: Cédric Krier <cedk <AT> gentoo <DOT> org>
3	AuthorDate: Sat Sep 14 13:37:52 2019 +0000
4	Commit: Cédric Krier <cedk <AT> gentoo <DOT> org>
5	CommitDate: Sat Sep 14 13:38:31 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87c4a503
7
8	www-apps/roundup: Version bumps
9
10	Package-Manager: Portage-2.3.69, Repoman-2.3.16
11	Signed-off-by: Cédric Krier <cedk <AT> gentoo.org>
12
13	www-apps/roundup/Manifest \| 2 +-
14	.../roundup/files/roundup-1.6.0-configparser.patch \| 40 ------
15	.../roundup/files/roundup-1.6.0-csrf-headers.patch \| 150 ---------------------
16	www-apps/roundup/files/roundup-1.6.0-xss.patch \| 35 -----
17	www-apps/roundup/metadata.xml \| 5 +
18	...oundup-1.6.0-r1.ebuild => roundup-1.6.1.ebuild} \| 16 ++-
19	6 files changed, 15 insertions(+), 233 deletions(-)
20
21	diff --git a/www-apps/roundup/Manifest b/www-apps/roundup/Manifest
22	index 07f3cccfd45..b97d22ec510 100644
23	--- a/www-apps/roundup/Manifest
24	+++ b/www-apps/roundup/Manifest
25	@@ -1,2 +1,2 @@
26	DIST roundup-1.5.1.tar.gz 2618886 BLAKE2B 5ccca10ce7f30b35b0875340c4cae87aa19e5384e6e5973576ea8e2de79eb83d32447580944f472d73e7cdb5f43a4ed7f805d51242e22cc2f756b3deae4004b2 SHA512 d7cdeaafb682ce7f202cacddeb1a42312f22778a2c83b52b4e838c27b1e7141a94b2ac2b670b0edee0efcfe27d74e31e6f267ae1380e90359def27385ca68d58
27	-DIST roundup-1.6.0.tar.gz 2893499 BLAKE2B 5fe75b0953d16cebe52a25379d5a13f7745eb87e4a6a46f17945c3655394c1d1d2aff9e74783ee3e4757fc407ca2b46a7c3ef6d20eedbfb695783302fb64bf1f SHA512 1a8e9c0c7a6e607953ee91ce750f72bf53b5c6dc4bbd6d001570dd77abf396d4de2c832ef45495b87890a3c11b158be9e7a8eed635f63b5586b7bb9399856dcc
28	+DIST roundup-1.6.1.tar.gz 3128618 BLAKE2B 7fa87006582feac74f0fc455bc201f2485326b8f6ed616164f667992da114d45e8d8cef370a825450b5a4cb757ba0453d5fe3ace47164bd83e78a8c6f28b9d05 SHA512 b7666c5515c76baa4fa3ac3d0efea82feace6270af55bbc70e603b2ce0c617b4a303a15133310c1e00d3b6442baa58060d5387f568014652b1b781d9248f0052
29
30	diff --git a/www-apps/roundup/files/roundup-1.6.0-configparser.patch b/www-apps/roundup/files/roundup-1.6.0-configparser.patch
31	deleted file mode 100644
32	index 6bdfc8dfaaa..00000000000
33	--- a/www-apps/roundup/files/roundup-1.6.0-configparser.patch
34	+++ /dev/null
35	@@ -1,40 +0,0 @@
36	-changeset: 5625:99175953520e
37	-branch: maint-1.6
38	-parent: 5537:d698d3d843a9
39	-user: Joseph Myers <jsm@×××××××××××××.uk>
40	-date: Mon Aug 20 00:50:16 2018 +0000
41	-files: CHANGES.txt roundup/configuration.py
42	-description:
43	-Fix issue2550994: breakage caused by configparser backports.
44	-
45	-
46	-diff -r d698d3d843a9 -r 99175953520e roundup/configuration.py
47	---- a/roundup/configuration.py Thu Sep 06 17:04:49 2018 -0400
48	-+++ b/roundup/configuration.py Mon Aug 20 00:50:16 2018 +0000
49	-@@ -2,9 +2,15 @@
50	- #
51	- __docformat__ = "restructuredtext"
52	-
53	--try:
54	-+# Some systems have a backport of the Python 3 configparser module to
55	-+# Python 2: <https://pypi.org/project/configparser/>. That breaks
56	-+# Roundup if used with Python 2 because it generates unicode objects
57	-+# where not expected by the Python code. Thus, a version check is
58	-+# used here instead of try/except.
59	-+import sys
60	-+if sys.version_info[0] > 2:
61	- import configparser # Python 3
62	--except ImportError:
63	-+else:
64	- import ConfigParser as configparser # Python 2
65	-
66	- import getopt
67	-@@ -12,7 +18,6 @@
68	- import logging, logging.config
69	- import os
70	- import re
71	--import sys
72	- import time
73	- import smtplib
74	-
75	-
76
77	diff --git a/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch b/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch
78	deleted file mode 100644
79	index 8be484d5f80..00000000000
80	--- a/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch
81	+++ /dev/null
82	@@ -1,150 +0,0 @@
83	-changeset: 5629:8e3df461d316
84	-branch: maint-1.6
85	-user: John Rouillard <rouilj@××××.org>
86	-date: Wed Feb 27 21:47:39 2019 -0500
87	-files: CHANGES.txt roundup/cgi/client.py roundup/scripts/roundup_server.py test/test_cgi.py
88	-description:
89	-issue2551023: Fix CSRF headers for use with wsgi and cgi. The
90	-env variable array used - separators rather than _. Compare:
91	-HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is
92	-correct. Also fix roundup-server to produce the latter form. (Patch
93	-by Cédric Krier)
94	-
95	-
96	-diff -r 64ceb9c14b28 -r 8e3df461d316 roundup/cgi/client.py
97	---- a/roundup/cgi/client.py Tue Feb 12 21:31:41 2019 -0500
98	-+++ b/roundup/cgi/client.py Wed Feb 27 21:47:39 2019 -0500
99	-@@ -1026,7 +1026,7 @@
100	- # If required headers are missing, raise an error
101	- for header in header_names:
102	- if (config["WEB_CSRF_ENFORCE_HEADER_%s"%header] == 'required'
103	-- and "HTTP_%s"%header not in self.env):
104	-+ and "HTTP_%s" % header.replace('-', '_') not in self.env):
105	- logger.error(self._("csrf header %s required but missing for user%s."), header, current_user)
106	- raise Unauthorised, self._("Missing header: %s")%header
107	-
108	-@@ -1062,9 +1062,9 @@
109	- header_pass += 1
110	-
111	- enforce=config['WEB_CSRF_ENFORCE_HEADER_X-FORWARDED-HOST']
112	-- if 'HTTP_X-FORWARDED-HOST' in self.env:
113	-+ if 'HTTP_X_FORWARDED_HOST' in self.env:
114	- if enforce != "no":
115	-- host = self.env['HTTP_X-FORWARDED-HOST']
116	-+ host = self.env['HTTP_X_FORWARDED_HOST']
117	- foundat = self.base.find('://' + host + '/')
118	- # 4 means self.base has http:/ prefix, 5 means https:/ prefix
119	- if foundat not in [4, 5]:
120	-@@ -1111,7 +1111,7 @@
121	- # Note we do not use CSRF nonces for xmlrpc requests.
122	- #
123	- # see: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers
124	-- if 'HTTP_X-REQUESTED-WITH' not in self.env:
125	-+ if 'HTTP_X_REQUESTED_WITH' not in self.env:
126	- logger.error(self._("csrf X-REQUESTED-WITH xmlrpc required header check failed for user%s."), current_user)
127	- raise UsageError, self._("Required Header Missing")
128	-
129	-diff -r 64ceb9c14b28 -r 8e3df461d316 roundup/scripts/roundup_server.py
130	---- a/roundup/scripts/roundup_server.py Tue Feb 12 21:31:41 2019 -0500
131	-+++ b/roundup/scripts/roundup_server.py Wed Feb 27 21:47:39 2019 -0500
132	-@@ -384,8 +384,8 @@
133	- # If behind a proxy, this is the hostname supplied
134	- # via the Host header to the proxy. Used by core code.
135	- # Controlled by the CSRF settings.
136	-- env['HTTP_X-FORWARDED-HOST'] = xfh
137	-- xff = self.headers.getheader('X-Forwarded-For', None)
138	-+ env['HTTP_X_FORWARDED_HOST'] = xfh
139	-+ xff = self.headers.get('X-Forwarded-For', None)
140	- if xff:
141	- # xff is a list of ip addresses for original client/proxies:
142	- # X-Forwarded-For: clientIP, proxy1IP, proxy2IP
143	-@@ -394,8 +394,8 @@
144	- # Made available for extensions if the user trusts it.
145	- # E.g. you may wish to disable recaptcha validation extension
146	- # if the ip of the client matches 172.16.0.0.
147	-- env['HTTP_X-FORWARDED-FOR'] = xff
148	-- xfp = self.headers.getheader('X-Forwarded-Proto', None)
149	-+ env['HTTP_X_FORWARDED_FOR'] = xff
150	-+ xfp = self.headers.get('X-Forwarded-Proto', None)
151	- if xfp:
152	- # xfp is the protocol (http/https) seen by proxies in the
153	- # path of the request. I am not sure if there is only
154	-@@ -408,8 +408,8 @@
155	- # May not be trustworthy. Do not use in core without
156	- # config option to control its use.
157	- # Made available for extensions if the user trusts it.
158	-- env['HTTP_X-FORWARDED-PROTO'] = xfp
159	-- if os.environ.has_key('CGI_SHOW_TIMING'):
160	-+ env['HTTP_X_FORWARDED_PROTO'] = xfp
161	-+ if 'CGI_SHOW_TIMING' in os.environ:
162	- env['CGI_SHOW_TIMING'] = os.environ['CGI_SHOW_TIMING']
163	- env['HTTP_ACCEPT_LANGUAGE'] = self.headers.get('accept-language')
164	- referer = self.headers.get('Referer')
165	-@@ -420,8 +420,8 @@
166	- env['HTTP_ORIGIN'] = origin
167	- xrw = self.headers.get('x-requested-with')
168	- if xrw:
169	-- env['HTTP_X-REQUESTED-WITH'] = xrw
170	-- range = self.headers.getheader('range')
171	-+ env['HTTP_X_REQUESTED_WITH'] = xrw
172	-+ range = self.headers.get('range')
173	- if range:
174	- env['HTTP_RANGE'] = range
175	-
176	-diff -r 64ceb9c14b28 -r 8e3df461d316 test/test_cgi.py
177	---- a/test/test_cgi.py Tue Feb 12 21:31:41 2019 -0500
178	-+++ b/test/test_cgi.py Wed Feb 27 21:47:39 2019 -0500
179	-@@ -888,7 +888,7 @@
180	- del(cl.env['HTTP_ORIGIN'])
181	- del(out[0])
182	-
183	-- cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.com'
184	-+ cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.com'
185	- # if there is an X-FORWARDED-HOST header it is used and
186	- # HOST header is ignored. X-FORWARDED-HOST should only be
187	- # passed/set by a proxy. In this case the HOST header is
188	-@@ -899,7 +899,7 @@
189	- match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message')
190	- print "result of subtest 4:", out[0]
191	- self.assertNotEqual(match_at, -1)
192	-- del(cl.env['HTTP_X-FORWARDED-HOST'])
193	-+ del(cl.env['HTTP_X_FORWARDED_HOST'])
194	- del(cl.env['HTTP_HOST'])
195	- del(out[0])
196	-
197	-@@ -912,14 +912,14 @@
198	- del(out[0])
199	-
200	- # try failing headers
201	-- cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.net'
202	-+ cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.net'
203	- # this raises an error as the header check passes and
204	- # it did the edit and tries to send mail.
205	- cl.inner_main()
206	- match_at=out[0].find('Invalid X-FORWARDED-HOST whoami.net')
207	- print "result of subtest 6:", out[0]
208	- self.assertNotEqual(match_at, -1)
209	-- del(cl.env['HTTP_X-FORWARDED-HOST'])
210	-+ del(cl.env['HTTP_X_FORWARDED_HOST'])
211	- del(out[0])
212	-
213	- # header checks succeed
214	-@@ -1031,7 +1031,7 @@
215	- 'CONTENT_TYPE': 'text/plain',
216	- 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=',
217	- 'HTTP_REFERER': 'http://whoami.com/path/',
218	-- 'HTTP_X-REQUESTED-WITH': "XMLHttpRequest"
219	-+ 'HTTP_X_REQUESTED_WITH': "XMLHttpRequest"
220	- }, form)
221	- cl.db = self.db
222	- cl.base = 'http://whoami.com/path/'
223	-@@ -1059,7 +1059,7 @@
224	- del(out[0])
225	-
226	- # remove the X-REQUESTED-WITH header and get an xmlrpc fault returned
227	-- del(cl.env['HTTP_X-REQUESTED-WITH'])
228	-+ del(cl.env['HTTP_X_REQUESTED_WITH'])
229	- cl.handle_xmlrpc()
230	- output="<?xml version='1.0'?>\n<methodResponse>\n<fault>\n<value><struct>\n<member>\n<name>faultCode</name>\n<value><int>1</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string><class 'roundup.exceptions.UsageError'>:Required Header Missing</string></value>\n</member>\n</struct></value>\n</fault>\n</methodResponse>\n"
231	- print out[0]
232	-
233
234	diff --git a/www-apps/roundup/files/roundup-1.6.0-xss.patch b/www-apps/roundup/files/roundup-1.6.0-xss.patch
235	deleted file mode 100644
236	index 44a607e0c46..00000000000
237	--- a/www-apps/roundup/files/roundup-1.6.0-xss.patch
238	+++ /dev/null
239	@@ -1,35 +0,0 @@
240	-changeset: 5665:ab37c1705dbf
241	-branch: maint-1.6
242	-parent: 5635:ea35ab75a4c0
243	-user: John Rouillard <rouilj@××××.org>
244	-date: Fri Mar 22 18:16:11 2019 -0400
245	-files: CHANGES.txt frontends/roundup.cgi roundup/cgi/wsgi_handler.py
246	-description:
247	-Fix fix XSS issue in wsgi and cgi when handing url not found/404. issue2551035
248	-
249	-
250	-diff -r ea35ab75a4c0 -r ab37c1705dbf frontends/roundup.cgi
251	---- a/frontends/roundup.cgi Thu Mar 07 15:42:21 2019 +0100
252	-+++ b/frontends/roundup.cgi Fri Mar 22 18:16:11 2019 -0400
253	-@@ -179,7 +179,7 @@
254	- request.send_response(404)
255	- request.send_header('Content-Type', 'text/html')
256	- request.end_headers()
257	-- out.write('Not found: %s'%client.path)
258	-+ out.write('Not found: %s'%cgi.escape(client.path))
259	-
260	- else:
261	- import urllib
262	-diff -r ea35ab75a4c0 -r ab37c1705dbf roundup/cgi/wsgi_handler.py
263	---- a/roundup/cgi/wsgi_handler.py Thu Mar 07 15:42:21 2019 +0100
264	-+++ b/roundup/cgi/wsgi_handler.py Fri Mar 22 18:16:11 2019 -0400
265	-@@ -66,7 +66,7 @@
266	- client.main()
267	- except roundup.cgi.client.NotFound:
268	- request.start_response([('Content-Type', 'text/html')], 404)
269	-- request.wfile.write('Not found: %s'%client.path)
270	-+ request.wfile.write('Not found: %s'%cgi.escape(client.path))
271	-
272	- # all body data has been written using wfile
273	- return []
274	-
275
276	diff --git a/www-apps/roundup/metadata.xml b/www-apps/roundup/metadata.xml
277	index 0942edd0187..499f901ab9c 100644
278	--- a/www-apps/roundup/metadata.xml
279	+++ b/www-apps/roundup/metadata.xml
280	@@ -13,4 +13,9 @@
281	<remote-id type="pypi">roundup</remote-id>
282	<remote-id type="sourceforge">roundup</remote-id>
283	</upstream>
284	+ <use>
285	+ <flag name="tz">Enable full support of timezone</flag>
286	+ <flag name="xapian">Enable Xapian full-text indexer</flag>
287	+ <flag name="whoosh">Enable Whoosh full-text indexer</flag>
288	+ </use>
289	</pkgmetadata>
290
291	diff --git a/www-apps/roundup/roundup-1.6.0-r1.ebuild b/www-apps/roundup/roundup-1.6.1.ebuild
292	similarity index 62%
293	rename from www-apps/roundup/roundup-1.6.0-r1.ebuild
294	rename to www-apps/roundup/roundup-1.6.1.ebuild
295	index 4e1c93d0283..eebb51a675b 100644
296	--- a/www-apps/roundup/roundup-1.6.0-r1.ebuild
297	+++ b/www-apps/roundup/roundup-1.6.1.ebuild
298	@@ -13,18 +13,20 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
299	LICENSE="MIT ZPL"
300	SLOT="0"
301	KEYWORDS="~amd64 ~ppc ~sparc ~x86"
302	+IUSE="+tz sqlite mysql postgres xapian whoosh ssl"
303
304	DEPEND=""
305	-RDEPEND="${DEPEND}"
306	+RDEPEND="${DEPEND}
307	+ tz? ( dev-python/pytz[$PYTHON_USEDEP] )
308	+ sqlite? ( dev-lang/python:*[sqlite] )
309	+ mysql? ( dev-python/mysql-python[$PYTHON_USEDEP] )
310	+ postgres? ( >=dev-python/psycopg-1.1.21[$PYTHON_USEDEP] )
311	+ xapian? ( >=dev-libs/xapian-bindings-1.0.0[python,$PYTHON_USEDEP] )
312	+ whoosh? ( >=dev-python/whoosh-2.5.7[$PYTHON_USEDEP] )
313	+ ssl? ( dev-python/pyopenssl[$PYTHON_USEDEP] )"
314
315	DOCS="CHANGES.txt doc/*.txt"
316
317	-PATCHES=(
318	- "${FILESDIR}/${P}-configparser.patch"
319	- "${FILESDIR}/${P}-csrf-headers.patch"
320	- "${FILESDIR}/${P}-xss.patch"
321	-)
322	-
323	python_install_all() {
324	distutils-r1_python_install_all
325	rm -r "${ED}"/usr/share/doc/${PN} \|\| die

Gentoo Archives: gentoo-commits