pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/py-jinja2 add the redhat fix for CVE-2014-001...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c40f9c42fee7
branches: trunk
changeset: 634281:c40f9c42fee7
user: mspo <mspo%pkgsrc.org@localhost>
date: Wed May 14 02:28:18 2014 +0000
description:
add the redhat fix for CVE-2014-0012; debian has an alternative but this is better for cgi
diffstat:
textproc/py-jinja2/distinfo | 3 +-
textproc/py-jinja2/patches/patch-jinja2_bccache.py | 42 ++++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletions(-)
diffs (57 lines):
diff -r 7faf03458caf -r c40f9c42fee7 textproc/py-jinja2/distinfo
--- a/textproc/py-jinja2/distinfo Wed May 14 02:28:13 2014 +0000
+++ b/textproc/py-jinja2/distinfo Wed May 14 02:28:18 2014 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.7 2014/01/19 00:18:37 rodent Exp $
+$NetBSD: distinfo,v 1.8 2014/05/14 02:28:18 mspo Exp $
SHA1 (Jinja2-2.7.2.tar.gz) = 1ce4c8bc722444ec3e77ef9db76faebbd17a40d8
RMD160 (Jinja2-2.7.2.tar.gz) = 7bf0278d6fd75fc402b5dba785b29badeb507650
Size (Jinja2-2.7.2.tar.gz) = 378300 bytes
+SHA1 (patch-jinja2_bccache.py) = 0c1cab3fcc83d210569071ddb2e2c6713f8f9325
diff -r 7faf03458caf -r c40f9c42fee7 textproc/py-jinja2/patches/patch-jinja2_bccache.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/py-jinja2/patches/patch-jinja2_bccache.py Wed May 14 02:28:18 2014 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-jinja2_bccache.py,v 1.1 2014/05/14 02:28:18 mspo Exp $
+
+--- jinja2/bccache.py-orig 2014-05-14 02:23:49.000000000 +0000
++++ jinja2/bccache.py
+@@ -16,6 +16,7 @@
+ """
+ from os import path, listdir
+ import os
++import stat
+ import sys
+ import errno
+ import marshal
+@@ -215,7 +216,7 @@ class FileSystemBytecodeCache(BytecodeCa
+
+ # On windows the temporary directory is used specific unless
+ # explicitly forced otherwise. We can just use that.
+- if os.name == 'n':
++ if os.name == 'nt':
+ return tmpdir
+ if not hasattr(os, 'getuid'):
+ raise RuntimeError('Cannot determine safe temp directory. You '
+@@ -224,12 +225,18 @@ class FileSystemBytecodeCache(BytecodeCa
+ dirname = '_jinja2-cache-%d' % os.getuid()
+ actual_dir = os.path.join(tmpdir, dirname)
+ try:
+- # 448 == 0700
+- os.mkdir(actual_dir, 448)
++ os.mkdir(actual_dir, stat.S_IRWXU) # 0o700
+ except OSError as e:
+ if e.errno != errno.EEXIST:
+ raise
+
++ actual_dir_stat = os.lstat(actual_dir)
++ if actual_dir_stat.st_uid != os.getuid() \
++ or not stat.S_ISDIR(actual_dir_stat.st_mode) \
++ or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU:
++ raise RuntimeError('Temporary directory \'%s\' has an incorrect '
++ 'owner, permissions, or type.' % actual_dir)
++
+ return actual_dir
+
+ def _get_cache_filename(self, bucket):
Home |
Main Index |
Thread Index |
Old Index