Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch')
-rw-r--r--dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch b/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch
new file mode 100644
index 000000000000..95172c301aae
--- /dev/null
+++ b/dev-python/logilab-common/files/logilab-common-sec-CVE-2014-1838-9.patch
@@ -0,0 +1,60 @@
+http://www.logilab.org/revision/207574
+http://www.logilab.org/revision/210454
+This is a re-base of the sec patches which appeared to offer no ready diff files @ logilab HQ
+CVE-2014-1838 comprises deletion of the outright deletion of the pdf_ext module and edit of
+the ChangeLog which, being trivial, has been excluded. The edit to the README is the only
+remaining portion of CVE-2014-1838. The module is deleted in python_prepare_all().
+diff -u logilab-common-0.60.1.orig/README logilab-common-0.60.1/README
+--- logilab-common-0.60.1.orig/README 2013-12-16 23:23:10.000000000 +0800
++++ logilab-common-0.60.1/README 2014-03-27 20:05:25.037324979 +0800
+@@ -123,8 +123,6 @@
+
+ * `hg`, some Mercurial_ utility functions.
+
+-* `pdf_ext`, pdf and fdf file manipulations, with pdftk.
+-
+ * `pyro_ext`, some Pyro_ utility functions.
+
+ * `sphinx_ext`, Sphinx_ plugin defining a `autodocstring` directive.
+diff -u logilab-common-0.60.1.orig/shellutils.py logilab-common-0.60.1/shellutils.py
+--- logilab-common-0.60.1.orig/shellutils.py 2013-12-16 23:23:10.000000000 +0800
++++ logilab-common-0.60.1/shellutils.py 2014-03-27 20:13:28.087314990 +0800
+@@ -31,11 +31,13 @@
+ import errno
+ import string
+ import random
++import subprocess
+ from os.path import exists, isdir, islink, basename, join
+
+ from logilab.common import STD_BLACKLIST, _handle_blacklist
+ from logilab.common.compat import raw_input
+ from logilab.common.compat import str_to_bytes
++from logilab.common.deprecation import deprecated
+
+ try:
+ from logilab.common.proc import ProcInfo, NoSuchProcess
+@@ -224,20 +226,16 @@
+ outfile.write(zfobj.read(name))
+ outfile.close()
+
++@deprecated('Use subprocess.Popen instead')
+ class Execute:
+ """This is a deadlock safe version of popen2 (no stdin), that returns
+ an object with errorlevel, out and err.
+ """
+
+ def __init__(self, command):
+- outfile = tempfile.mktemp()
+- errfile = tempfile.mktemp()
+- self.status = os.system("( %s ) >%s 2>%s" %
+- (command, outfile, errfile)) >> 8
+- self.out = open(outfile, "r").read()
+- self.err = open(errfile, "r").read()
+- os.remove(outfile)
+- os.remove(errfile)
++ cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
++ self.out, self.err = cmd.communicate()
++ self.status = os.WEXITSTATUS(cmd.returncode)
+
+ def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600):
+ """Acquire a lock represented by a file on the file system