diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /dev-python/pyxdg/files | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'dev-python/pyxdg/files')
| -rw-r--r-- | dev-python/pyxdg/files/pyxdg-subprocess.patch | 38 | ||||
| -rw-r--r-- | dev-python/pyxdg/files/sec-patch-CVE-2014-1624.patch | 54 |
2 files changed, 92 insertions, 0 deletions
diff --git a/dev-python/pyxdg/files/pyxdg-subprocess.patch b/dev-python/pyxdg/files/pyxdg-subprocess.patch new file mode 100644 index 000000000000..7b9a1ba7d644 --- /dev/null +++ b/dev-python/pyxdg/files/pyxdg-subprocess.patch @@ -0,0 +1,38 @@ +#Patch sent to upstream on March 1st, 2009 +#Jesus Rivero (Neurogeek) +#Replaced deprecated os.popen3 for subprocess + +diff -uNr xdg.orig/Menu.py xdg/Menu.py +--- xdg.orig/Menu.py 2009-03-01 04:34:38.000000000 -0430 ++++ xdg/Menu.py 2009-03-01 04:41:27.000000000 -0430 +@@ -12,6 +12,7 @@ + + import xdg.Locale + import xdg.Config ++from subprocess import Popen, PIPE + + ELEMENT_NODE = xml.dom.Node.ELEMENT_NODE + +@@ -841,13 +842,16 @@ + return m + + def __parseKDELegacyDirs(filename, parent): +- f=os.popen3("kde-config --path apps") +- output = f[1].readlines() + try: +- for dir in output[0].split(":"): +- __parseLegacyDir(dir,"kde", filename, parent) +- except IndexError: +- pass ++ f=Popen("kde-config --path apps", shell=True, stdout=PIPE).stdout ++ output = f.readlines() ++ try: ++ for dir in output[0].split(":"): ++ __parseLegacyDir(dir,"kde", filename, parent) ++ except IndexError: ++ pass ++ except: ++ raise Exception, "kde-config failed" + + # remove duplicate entries from a list + def __removeDuplicates(list): diff --git a/dev-python/pyxdg/files/sec-patch-CVE-2014-1624.patch b/dev-python/pyxdg/files/sec-patch-CVE-2014-1624.patch new file mode 100644 index 000000000000..d94c0a42bddb --- /dev/null +++ b/dev-python/pyxdg/files/sec-patch-CVE-2014-1624.patch @@ -0,0 +1,54 @@ +Improve security of get_runtime_dir(strict=False) +https://github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4 +diff --git a/xdg/BaseDirectory.py b/xdg/BaseDirectory.py +index cececa3..a7c31b1 100644 +--- a/xdg/BaseDirectory.py ++++ b/xdg/BaseDirectory.py +@@ -25,7 +25,7 @@ + Note: see the rox.Options module for a higher-level API for managing options. + """ + +-import os ++import os, stat + + _home = os.path.expanduser('~') + xdg_data_home = os.environ.get('XDG_DATA_HOME') or \ +@@ -131,15 +131,30 @@ def get_runtime_dir(strict=True): + + import getpass + fallback = '/tmp/pyxdg-runtime-dir-fallback-' + getpass.getuser() ++ create = False ++ + try: +- os.mkdir(fallback, 0o700) ++ # This must be a real directory, not a symlink, so attackers can't ++ # point it elsewhere. So we use lstat to check it. ++ st = os.lstat(fallback) + except OSError as e: + import errno +- if e.errno == errno.EEXIST: +- # Already exists - set 700 permissions again. +- import stat +- os.chmod(fallback, stat.S_IRUSR|stat.S_IWUSR|stat.S_IXUSR) +- else: # pragma: no cover ++ if e.errno == errno.ENOENT: ++ create = True ++ else: + raise +- ++ else: ++ # The fallback must be a directory ++ if not stat.S_ISDIR(st.st_mode): ++ os.unlink(fallback) ++ create = True ++ # Must be owned by the user and not accessible by anyone else ++ elif (st.st_uid != os.getuid()) \ ++ or (st.st_mode & (stat.S_IRWXG | stat.S_IRWXO)): ++ os.rmdir(fallback) ++ create = True ++ ++ if create: ++ os.mkdir(fallback, 0o700) ++ + return fallback + |