1 |
commit: 87c4a503664a1a271435d3409d06b412318aa0bb |
2 |
Author: Cédric Krier <cedk <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Sep 14 13:37:52 2019 +0000 |
4 |
Commit: Cédric Krier <cedk <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Sep 14 13:38:31 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87c4a503 |
7 |
|
8 |
www-apps/roundup: Version bumps |
9 |
|
10 |
Package-Manager: Portage-2.3.69, Repoman-2.3.16 |
11 |
Signed-off-by: Cédric Krier <cedk <AT> gentoo.org> |
12 |
|
13 |
www-apps/roundup/Manifest | 2 +- |
14 |
.../roundup/files/roundup-1.6.0-configparser.patch | 40 ------ |
15 |
.../roundup/files/roundup-1.6.0-csrf-headers.patch | 150 --------------------- |
16 |
www-apps/roundup/files/roundup-1.6.0-xss.patch | 35 ----- |
17 |
www-apps/roundup/metadata.xml | 5 + |
18 |
...oundup-1.6.0-r1.ebuild => roundup-1.6.1.ebuild} | 16 ++- |
19 |
6 files changed, 15 insertions(+), 233 deletions(-) |
20 |
|
21 |
diff --git a/www-apps/roundup/Manifest b/www-apps/roundup/Manifest |
22 |
index 07f3cccfd45..b97d22ec510 100644 |
23 |
--- a/www-apps/roundup/Manifest |
24 |
+++ b/www-apps/roundup/Manifest |
25 |
@@ -1,2 +1,2 @@ |
26 |
DIST roundup-1.5.1.tar.gz 2618886 BLAKE2B 5ccca10ce7f30b35b0875340c4cae87aa19e5384e6e5973576ea8e2de79eb83d32447580944f472d73e7cdb5f43a4ed7f805d51242e22cc2f756b3deae4004b2 SHA512 d7cdeaafb682ce7f202cacddeb1a42312f22778a2c83b52b4e838c27b1e7141a94b2ac2b670b0edee0efcfe27d74e31e6f267ae1380e90359def27385ca68d58 |
27 |
-DIST roundup-1.6.0.tar.gz 2893499 BLAKE2B 5fe75b0953d16cebe52a25379d5a13f7745eb87e4a6a46f17945c3655394c1d1d2aff9e74783ee3e4757fc407ca2b46a7c3ef6d20eedbfb695783302fb64bf1f SHA512 1a8e9c0c7a6e607953ee91ce750f72bf53b5c6dc4bbd6d001570dd77abf396d4de2c832ef45495b87890a3c11b158be9e7a8eed635f63b5586b7bb9399856dcc |
28 |
+DIST roundup-1.6.1.tar.gz 3128618 BLAKE2B 7fa87006582feac74f0fc455bc201f2485326b8f6ed616164f667992da114d45e8d8cef370a825450b5a4cb757ba0453d5fe3ace47164bd83e78a8c6f28b9d05 SHA512 b7666c5515c76baa4fa3ac3d0efea82feace6270af55bbc70e603b2ce0c617b4a303a15133310c1e00d3b6442baa58060d5387f568014652b1b781d9248f0052 |
29 |
|
30 |
diff --git a/www-apps/roundup/files/roundup-1.6.0-configparser.patch b/www-apps/roundup/files/roundup-1.6.0-configparser.patch |
31 |
deleted file mode 100644 |
32 |
index 6bdfc8dfaaa..00000000000 |
33 |
--- a/www-apps/roundup/files/roundup-1.6.0-configparser.patch |
34 |
+++ /dev/null |
35 |
@@ -1,40 +0,0 @@ |
36 |
-changeset: 5625:99175953520e |
37 |
-branch: maint-1.6 |
38 |
-parent: 5537:d698d3d843a9 |
39 |
-user: Joseph Myers <jsm@×××××××××××××.uk> |
40 |
-date: Mon Aug 20 00:50:16 2018 +0000 |
41 |
-files: CHANGES.txt roundup/configuration.py |
42 |
-description: |
43 |
-Fix issue2550994: breakage caused by configparser backports. |
44 |
- |
45 |
- |
46 |
-diff -r d698d3d843a9 -r 99175953520e roundup/configuration.py |
47 |
---- a/roundup/configuration.py Thu Sep 06 17:04:49 2018 -0400 |
48 |
-+++ b/roundup/configuration.py Mon Aug 20 00:50:16 2018 +0000 |
49 |
-@@ -2,9 +2,15 @@ |
50 |
- # |
51 |
- __docformat__ = "restructuredtext" |
52 |
- |
53 |
--try: |
54 |
-+# Some systems have a backport of the Python 3 configparser module to |
55 |
-+# Python 2: <https://pypi.org/project/configparser/>. That breaks |
56 |
-+# Roundup if used with Python 2 because it generates unicode objects |
57 |
-+# where not expected by the Python code. Thus, a version check is |
58 |
-+# used here instead of try/except. |
59 |
-+import sys |
60 |
-+if sys.version_info[0] > 2: |
61 |
- import configparser # Python 3 |
62 |
--except ImportError: |
63 |
-+else: |
64 |
- import ConfigParser as configparser # Python 2 |
65 |
- |
66 |
- import getopt |
67 |
-@@ -12,7 +18,6 @@ |
68 |
- import logging, logging.config |
69 |
- import os |
70 |
- import re |
71 |
--import sys |
72 |
- import time |
73 |
- import smtplib |
74 |
- |
75 |
- |
76 |
|
77 |
diff --git a/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch b/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch |
78 |
deleted file mode 100644 |
79 |
index 8be484d5f80..00000000000 |
80 |
--- a/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch |
81 |
+++ /dev/null |
82 |
@@ -1,150 +0,0 @@ |
83 |
-changeset: 5629:8e3df461d316 |
84 |
-branch: maint-1.6 |
85 |
-user: John Rouillard <rouilj@××××.org> |
86 |
-date: Wed Feb 27 21:47:39 2019 -0500 |
87 |
-files: CHANGES.txt roundup/cgi/client.py roundup/scripts/roundup_server.py test/test_cgi.py |
88 |
-description: |
89 |
-issue2551023: Fix CSRF headers for use with wsgi and cgi. The |
90 |
-env variable array used - separators rather than _. Compare: |
91 |
-HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is |
92 |
-correct. Also fix roundup-server to produce the latter form. (Patch |
93 |
-by Cédric Krier) |
94 |
- |
95 |
- |
96 |
-diff -r 64ceb9c14b28 -r 8e3df461d316 roundup/cgi/client.py |
97 |
---- a/roundup/cgi/client.py Tue Feb 12 21:31:41 2019 -0500 |
98 |
-+++ b/roundup/cgi/client.py Wed Feb 27 21:47:39 2019 -0500 |
99 |
-@@ -1026,7 +1026,7 @@ |
100 |
- # If required headers are missing, raise an error |
101 |
- for header in header_names: |
102 |
- if (config["WEB_CSRF_ENFORCE_HEADER_%s"%header] == 'required' |
103 |
-- and "HTTP_%s"%header not in self.env): |
104 |
-+ and "HTTP_%s" % header.replace('-', '_') not in self.env): |
105 |
- logger.error(self._("csrf header %s required but missing for user%s."), header, current_user) |
106 |
- raise Unauthorised, self._("Missing header: %s")%header |
107 |
- |
108 |
-@@ -1062,9 +1062,9 @@ |
109 |
- header_pass += 1 |
110 |
- |
111 |
- enforce=config['WEB_CSRF_ENFORCE_HEADER_X-FORWARDED-HOST'] |
112 |
-- if 'HTTP_X-FORWARDED-HOST' in self.env: |
113 |
-+ if 'HTTP_X_FORWARDED_HOST' in self.env: |
114 |
- if enforce != "no": |
115 |
-- host = self.env['HTTP_X-FORWARDED-HOST'] |
116 |
-+ host = self.env['HTTP_X_FORWARDED_HOST'] |
117 |
- foundat = self.base.find('://' + host + '/') |
118 |
- # 4 means self.base has http:/ prefix, 5 means https:/ prefix |
119 |
- if foundat not in [4, 5]: |
120 |
-@@ -1111,7 +1111,7 @@ |
121 |
- # Note we do not use CSRF nonces for xmlrpc requests. |
122 |
- # |
123 |
- # see: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers |
124 |
-- if 'HTTP_X-REQUESTED-WITH' not in self.env: |
125 |
-+ if 'HTTP_X_REQUESTED_WITH' not in self.env: |
126 |
- logger.error(self._("csrf X-REQUESTED-WITH xmlrpc required header check failed for user%s."), current_user) |
127 |
- raise UsageError, self._("Required Header Missing") |
128 |
- |
129 |
-diff -r 64ceb9c14b28 -r 8e3df461d316 roundup/scripts/roundup_server.py |
130 |
---- a/roundup/scripts/roundup_server.py Tue Feb 12 21:31:41 2019 -0500 |
131 |
-+++ b/roundup/scripts/roundup_server.py Wed Feb 27 21:47:39 2019 -0500 |
132 |
-@@ -384,8 +384,8 @@ |
133 |
- # If behind a proxy, this is the hostname supplied |
134 |
- # via the Host header to the proxy. Used by core code. |
135 |
- # Controlled by the CSRF settings. |
136 |
-- env['HTTP_X-FORWARDED-HOST'] = xfh |
137 |
-- xff = self.headers.getheader('X-Forwarded-For', None) |
138 |
-+ env['HTTP_X_FORWARDED_HOST'] = xfh |
139 |
-+ xff = self.headers.get('X-Forwarded-For', None) |
140 |
- if xff: |
141 |
- # xff is a list of ip addresses for original client/proxies: |
142 |
- # X-Forwarded-For: clientIP, proxy1IP, proxy2IP |
143 |
-@@ -394,8 +394,8 @@ |
144 |
- # Made available for extensions if the user trusts it. |
145 |
- # E.g. you may wish to disable recaptcha validation extension |
146 |
- # if the ip of the client matches 172.16.0.0. |
147 |
-- env['HTTP_X-FORWARDED-FOR'] = xff |
148 |
-- xfp = self.headers.getheader('X-Forwarded-Proto', None) |
149 |
-+ env['HTTP_X_FORWARDED_FOR'] = xff |
150 |
-+ xfp = self.headers.get('X-Forwarded-Proto', None) |
151 |
- if xfp: |
152 |
- # xfp is the protocol (http/https) seen by proxies in the |
153 |
- # path of the request. I am not sure if there is only |
154 |
-@@ -408,8 +408,8 @@ |
155 |
- # May not be trustworthy. Do not use in core without |
156 |
- # config option to control its use. |
157 |
- # Made available for extensions if the user trusts it. |
158 |
-- env['HTTP_X-FORWARDED-PROTO'] = xfp |
159 |
-- if os.environ.has_key('CGI_SHOW_TIMING'): |
160 |
-+ env['HTTP_X_FORWARDED_PROTO'] = xfp |
161 |
-+ if 'CGI_SHOW_TIMING' in os.environ: |
162 |
- env['CGI_SHOW_TIMING'] = os.environ['CGI_SHOW_TIMING'] |
163 |
- env['HTTP_ACCEPT_LANGUAGE'] = self.headers.get('accept-language') |
164 |
- referer = self.headers.get('Referer') |
165 |
-@@ -420,8 +420,8 @@ |
166 |
- env['HTTP_ORIGIN'] = origin |
167 |
- xrw = self.headers.get('x-requested-with') |
168 |
- if xrw: |
169 |
-- env['HTTP_X-REQUESTED-WITH'] = xrw |
170 |
-- range = self.headers.getheader('range') |
171 |
-+ env['HTTP_X_REQUESTED_WITH'] = xrw |
172 |
-+ range = self.headers.get('range') |
173 |
- if range: |
174 |
- env['HTTP_RANGE'] = range |
175 |
- |
176 |
-diff -r 64ceb9c14b28 -r 8e3df461d316 test/test_cgi.py |
177 |
---- a/test/test_cgi.py Tue Feb 12 21:31:41 2019 -0500 |
178 |
-+++ b/test/test_cgi.py Wed Feb 27 21:47:39 2019 -0500 |
179 |
-@@ -888,7 +888,7 @@ |
180 |
- del(cl.env['HTTP_ORIGIN']) |
181 |
- del(out[0]) |
182 |
- |
183 |
-- cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.com' |
184 |
-+ cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.com' |
185 |
- # if there is an X-FORWARDED-HOST header it is used and |
186 |
- # HOST header is ignored. X-FORWARDED-HOST should only be |
187 |
- # passed/set by a proxy. In this case the HOST header is |
188 |
-@@ -899,7 +899,7 @@ |
189 |
- match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message') |
190 |
- print "result of subtest 4:", out[0] |
191 |
- self.assertNotEqual(match_at, -1) |
192 |
-- del(cl.env['HTTP_X-FORWARDED-HOST']) |
193 |
-+ del(cl.env['HTTP_X_FORWARDED_HOST']) |
194 |
- del(cl.env['HTTP_HOST']) |
195 |
- del(out[0]) |
196 |
- |
197 |
-@@ -912,14 +912,14 @@ |
198 |
- del(out[0]) |
199 |
- |
200 |
- # try failing headers |
201 |
-- cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.net' |
202 |
-+ cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.net' |
203 |
- # this raises an error as the header check passes and |
204 |
- # it did the edit and tries to send mail. |
205 |
- cl.inner_main() |
206 |
- match_at=out[0].find('Invalid X-FORWARDED-HOST whoami.net') |
207 |
- print "result of subtest 6:", out[0] |
208 |
- self.assertNotEqual(match_at, -1) |
209 |
-- del(cl.env['HTTP_X-FORWARDED-HOST']) |
210 |
-+ del(cl.env['HTTP_X_FORWARDED_HOST']) |
211 |
- del(out[0]) |
212 |
- |
213 |
- # header checks succeed |
214 |
-@@ -1031,7 +1031,7 @@ |
215 |
- 'CONTENT_TYPE': 'text/plain', |
216 |
- 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', |
217 |
- 'HTTP_REFERER': 'http://whoami.com/path/', |
218 |
-- 'HTTP_X-REQUESTED-WITH': "XMLHttpRequest" |
219 |
-+ 'HTTP_X_REQUESTED_WITH': "XMLHttpRequest" |
220 |
- }, form) |
221 |
- cl.db = self.db |
222 |
- cl.base = 'http://whoami.com/path/' |
223 |
-@@ -1059,7 +1059,7 @@ |
224 |
- del(out[0]) |
225 |
- |
226 |
- # remove the X-REQUESTED-WITH header and get an xmlrpc fault returned |
227 |
-- del(cl.env['HTTP_X-REQUESTED-WITH']) |
228 |
-+ del(cl.env['HTTP_X_REQUESTED_WITH']) |
229 |
- cl.handle_xmlrpc() |
230 |
- output="<?xml version='1.0'?>\n<methodResponse>\n<fault>\n<value><struct>\n<member>\n<name>faultCode</name>\n<value><int>1</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string><class 'roundup.exceptions.UsageError'>:Required Header Missing</string></value>\n</member>\n</struct></value>\n</fault>\n</methodResponse>\n" |
231 |
- print out[0] |
232 |
- |
233 |
|
234 |
diff --git a/www-apps/roundup/files/roundup-1.6.0-xss.patch b/www-apps/roundup/files/roundup-1.6.0-xss.patch |
235 |
deleted file mode 100644 |
236 |
index 44a607e0c46..00000000000 |
237 |
--- a/www-apps/roundup/files/roundup-1.6.0-xss.patch |
238 |
+++ /dev/null |
239 |
@@ -1,35 +0,0 @@ |
240 |
-changeset: 5665:ab37c1705dbf |
241 |
-branch: maint-1.6 |
242 |
-parent: 5635:ea35ab75a4c0 |
243 |
-user: John Rouillard <rouilj@××××.org> |
244 |
-date: Fri Mar 22 18:16:11 2019 -0400 |
245 |
-files: CHANGES.txt frontends/roundup.cgi roundup/cgi/wsgi_handler.py |
246 |
-description: |
247 |
-Fix fix XSS issue in wsgi and cgi when handing url not found/404. issue2551035 |
248 |
- |
249 |
- |
250 |
-diff -r ea35ab75a4c0 -r ab37c1705dbf frontends/roundup.cgi |
251 |
---- a/frontends/roundup.cgi Thu Mar 07 15:42:21 2019 +0100 |
252 |
-+++ b/frontends/roundup.cgi Fri Mar 22 18:16:11 2019 -0400 |
253 |
-@@ -179,7 +179,7 @@ |
254 |
- request.send_response(404) |
255 |
- request.send_header('Content-Type', 'text/html') |
256 |
- request.end_headers() |
257 |
-- out.write('Not found: %s'%client.path) |
258 |
-+ out.write('Not found: %s'%cgi.escape(client.path)) |
259 |
- |
260 |
- else: |
261 |
- import urllib |
262 |
-diff -r ea35ab75a4c0 -r ab37c1705dbf roundup/cgi/wsgi_handler.py |
263 |
---- a/roundup/cgi/wsgi_handler.py Thu Mar 07 15:42:21 2019 +0100 |
264 |
-+++ b/roundup/cgi/wsgi_handler.py Fri Mar 22 18:16:11 2019 -0400 |
265 |
-@@ -66,7 +66,7 @@ |
266 |
- client.main() |
267 |
- except roundup.cgi.client.NotFound: |
268 |
- request.start_response([('Content-Type', 'text/html')], 404) |
269 |
-- request.wfile.write('Not found: %s'%client.path) |
270 |
-+ request.wfile.write('Not found: %s'%cgi.escape(client.path)) |
271 |
- |
272 |
- # all body data has been written using wfile |
273 |
- return [] |
274 |
- |
275 |
|
276 |
diff --git a/www-apps/roundup/metadata.xml b/www-apps/roundup/metadata.xml |
277 |
index 0942edd0187..499f901ab9c 100644 |
278 |
--- a/www-apps/roundup/metadata.xml |
279 |
+++ b/www-apps/roundup/metadata.xml |
280 |
@@ -13,4 +13,9 @@ |
281 |
<remote-id type="pypi">roundup</remote-id> |
282 |
<remote-id type="sourceforge">roundup</remote-id> |
283 |
</upstream> |
284 |
+ <use> |
285 |
+ <flag name="tz">Enable full support of timezone</flag> |
286 |
+ <flag name="xapian">Enable Xapian full-text indexer</flag> |
287 |
+ <flag name="whoosh">Enable Whoosh full-text indexer</flag> |
288 |
+ </use> |
289 |
</pkgmetadata> |
290 |
|
291 |
diff --git a/www-apps/roundup/roundup-1.6.0-r1.ebuild b/www-apps/roundup/roundup-1.6.1.ebuild |
292 |
similarity index 62% |
293 |
rename from www-apps/roundup/roundup-1.6.0-r1.ebuild |
294 |
rename to www-apps/roundup/roundup-1.6.1.ebuild |
295 |
index 4e1c93d0283..eebb51a675b 100644 |
296 |
--- a/www-apps/roundup/roundup-1.6.0-r1.ebuild |
297 |
+++ b/www-apps/roundup/roundup-1.6.1.ebuild |
298 |
@@ -13,18 +13,20 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" |
299 |
LICENSE="MIT ZPL" |
300 |
SLOT="0" |
301 |
KEYWORDS="~amd64 ~ppc ~sparc ~x86" |
302 |
+IUSE="+tz sqlite mysql postgres xapian whoosh ssl" |
303 |
|
304 |
DEPEND="" |
305 |
-RDEPEND="${DEPEND}" |
306 |
+RDEPEND="${DEPEND} |
307 |
+ tz? ( dev-python/pytz[$PYTHON_USEDEP] ) |
308 |
+ sqlite? ( dev-lang/python:*[sqlite] ) |
309 |
+ mysql? ( dev-python/mysql-python[$PYTHON_USEDEP] ) |
310 |
+ postgres? ( >=dev-python/psycopg-1.1.21[$PYTHON_USEDEP] ) |
311 |
+ xapian? ( >=dev-libs/xapian-bindings-1.0.0[python,$PYTHON_USEDEP] ) |
312 |
+ whoosh? ( >=dev-python/whoosh-2.5.7[$PYTHON_USEDEP] ) |
313 |
+ ssl? ( dev-python/pyopenssl[$PYTHON_USEDEP] )" |
314 |
|
315 |
DOCS="CHANGES.txt doc/*.txt" |
316 |
|
317 |
-PATCHES=( |
318 |
- "${FILESDIR}/${P}-configparser.patch" |
319 |
- "${FILESDIR}/${P}-csrf-headers.patch" |
320 |
- "${FILESDIR}/${P}-xss.patch" |
321 |
-) |
322 |
- |
323 |
python_install_all() { |
324 |
distutils-r1_python_install_all |
325 |
rm -r "${ED}"/usr/share/doc/${PN} || die |