From 56bd759df1d0c750a065b8c845e93d5dfa6b549d Mon Sep 17 00:00:00 2001
From: "Robin H. Johnson" <robbat2@gentoo.org>
Date: Sat, 8 Aug 2015 13:49:04 -0700
Subject: proj/gentoo: Initial commit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.

This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.

Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
---
 dev-python/pyxdg/files/pyxdg-subprocess.patch      | 38 +++++++++++++++
 .../pyxdg/files/sec-patch-CVE-2014-1624.patch      | 54 ++++++++++++++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 dev-python/pyxdg/files/pyxdg-subprocess.patch
 create mode 100644 dev-python/pyxdg/files/sec-patch-CVE-2014-1624.patch

(limited to 'dev-python/pyxdg/files')

diff --git a/dev-python/pyxdg/files/pyxdg-subprocess.patch b/dev-python/pyxdg/files/pyxdg-subprocess.patch
new file mode 100644
index 000000000000..7b9a1ba7d644
--- /dev/null
+++ b/dev-python/pyxdg/files/pyxdg-subprocess.patch
@@ -0,0 +1,38 @@
+#Patch sent to upstream on March 1st, 2009
+#Jesus Rivero (Neurogeek)
+#Replaced deprecated os.popen3 for subprocess
+
+diff -uNr xdg.orig/Menu.py xdg/Menu.py
+--- xdg.orig/Menu.py	2009-03-01 04:34:38.000000000 -0430
++++ xdg/Menu.py	2009-03-01 04:41:27.000000000 -0430
+@@ -12,6 +12,7 @@
+ 
+ import xdg.Locale
+ import xdg.Config
++from subprocess import Popen, PIPE
+ 
+ ELEMENT_NODE = xml.dom.Node.ELEMENT_NODE
+ 
+@@ -841,13 +842,16 @@
+         return m
+ 
+ def __parseKDELegacyDirs(filename, parent):
+-    f=os.popen3("kde-config --path apps")
+-    output = f[1].readlines()
+     try:
+-        for dir in output[0].split(":"):
+-            __parseLegacyDir(dir,"kde", filename, parent)
+-    except IndexError:
+-        pass
++        f=Popen("kde-config --path apps", shell=True, stdout=PIPE).stdout
++        output = f.readlines()
++        try:
++            for dir in output[0].split(":"):
++                __parseLegacyDir(dir,"kde", filename, parent)
++        except IndexError:
++            pass
++    except:
++        raise Exception, "kde-config failed"
+ 
+ # remove duplicate entries from a list
+ def __removeDuplicates(list):
diff --git a/dev-python/pyxdg/files/sec-patch-CVE-2014-1624.patch b/dev-python/pyxdg/files/sec-patch-CVE-2014-1624.patch
new file mode 100644
index 000000000000..d94c0a42bddb
--- /dev/null
+++ b/dev-python/pyxdg/files/sec-patch-CVE-2014-1624.patch
@@ -0,0 +1,54 @@
+Improve security of get_runtime_dir(strict=False) 
+https://github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4
+diff --git a/xdg/BaseDirectory.py b/xdg/BaseDirectory.py
+index cececa3..a7c31b1 100644
+--- a/xdg/BaseDirectory.py
++++ b/xdg/BaseDirectory.py
+@@ -25,7 +25,7 @@
+ Note: see the rox.Options module for a higher-level API for managing options.
+ """
+ 
+-import os
++import os, stat
+ 
+ _home = os.path.expanduser('~')
+ xdg_data_home = os.environ.get('XDG_DATA_HOME') or \
+@@ -131,15 +131,30 @@ def get_runtime_dir(strict=True):
+         
+         import getpass
+         fallback = '/tmp/pyxdg-runtime-dir-fallback-' + getpass.getuser()
++        create = False
++
+         try:
+-            os.mkdir(fallback, 0o700)
++            # This must be a real directory, not a symlink, so attackers can't
++            # point it elsewhere. So we use lstat to check it.
++            st = os.lstat(fallback)
+         except OSError as e:
+             import errno
+-            if e.errno == errno.EEXIST:
+-                # Already exists - set 700 permissions again.
+-                import stat
+-                os.chmod(fallback, stat.S_IRUSR|stat.S_IWUSR|stat.S_IXUSR)
+-            else: # pragma: no cover
++            if e.errno == errno.ENOENT:
++                create = True
++            else:
+                 raise
+-        
++        else:
++            # The fallback must be a directory
++            if not stat.S_ISDIR(st.st_mode):
++                os.unlink(fallback)
++                create = True
++            # Must be owned by the user and not accessible by anyone else
++            elif (st.st_uid != os.getuid()) \
++              or (st.st_mode & (stat.S_IRWXG | stat.S_IRWXO)):
++                os.rmdir(fallback)
++                create = True
++
++        if create:
++            os.mkdir(fallback, 0o700)
++
+         return fallback
+
-- 
cgit v1.2.3-65-gdbad