diff options
| author | mspo <mspo> | 2014-05-14 02:28:18 +0000 |
|---|---|---|
| committer | mspo <mspo> | 2014-05-14 02:28:18 +0000 |
| commit | 0970171e2cd6589765f8452fe3ebdecd9a04ee82 (patch) | |
| tree | b55f38ab1511aa79b2d7a7d9a6c45a33f7ea267d /textproc | |
| parent | 97dc0156b65daa38029f16f1143833c756b678f9 (diff) | |
| download | pkgsrc-0970171e2cd6589765f8452fe3ebdecd9a04ee82.tar.gz | |
add the redhat fix for CVE-2014-0012; debian has an alternative but this is better for cgi
Diffstat (limited to 'textproc')
| -rw-r--r-- | textproc/py-jinja2/distinfo | 3 | ||||
| -rw-r--r-- | textproc/py-jinja2/patches/patch-jinja2_bccache.py | 42 |
2 files changed, 44 insertions, 1 deletions
diff --git a/textproc/py-jinja2/distinfo b/textproc/py-jinja2/distinfo index 01bb2ab53af..c21a4605f31 100644 --- a/textproc/py-jinja2/distinfo +++ b/textproc/py-jinja2/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.7 2014/01/19 00:18:37 rodent Exp $ +$NetBSD: distinfo,v 1.8 2014/05/14 02:28:18 mspo Exp $ SHA1 (Jinja2-2.7.2.tar.gz) = 1ce4c8bc722444ec3e77ef9db76faebbd17a40d8 RMD160 (Jinja2-2.7.2.tar.gz) = 7bf0278d6fd75fc402b5dba785b29badeb507650 Size (Jinja2-2.7.2.tar.gz) = 378300 bytes +SHA1 (patch-jinja2_bccache.py) = 0c1cab3fcc83d210569071ddb2e2c6713f8f9325 diff --git a/textproc/py-jinja2/patches/patch-jinja2_bccache.py b/textproc/py-jinja2/patches/patch-jinja2_bccache.py new file mode 100644 index 00000000000..746829b3d1d --- /dev/null +++ b/textproc/py-jinja2/patches/patch-jinja2_bccache.py @@ -0,0 +1,42 @@ +$NetBSD: patch-jinja2_bccache.py,v 1.1 2014/05/14 02:28:18 mspo Exp $ + +--- jinja2/bccache.py-orig 2014-05-14 02:23:49.000000000 +0000 ++++ jinja2/bccache.py +@@ -16,6 +16,7 @@ + """ + from os import path, listdir + import os ++import stat + import sys + import errno + import marshal +@@ -215,7 +216,7 @@ class FileSystemBytecodeCache(BytecodeCa + + # On windows the temporary directory is used specific unless + # explicitly forced otherwise. We can just use that. +- if os.name == 'n': ++ if os.name == 'nt': + return tmpdir + if not hasattr(os, 'getuid'): + raise RuntimeError('Cannot determine safe temp directory. You ' +@@ -224,12 +225,18 @@ class FileSystemBytecodeCache(BytecodeCa + dirname = '_jinja2-cache-%d' % os.getuid() + actual_dir = os.path.join(tmpdir, dirname) + try: +- # 448 == 0700 +- os.mkdir(actual_dir, 448) ++ os.mkdir(actual_dir, stat.S_IRWXU) # 0o700 + except OSError as e: + if e.errno != errno.EEXIST: + raise + ++ actual_dir_stat = os.lstat(actual_dir) ++ if actual_dir_stat.st_uid != os.getuid() \ ++ or not stat.S_ISDIR(actual_dir_stat.st_mode) \ ++ or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU: ++ raise RuntimeError('Temporary directory \'%s\' has an incorrect ' ++ 'owner, permissions, or type.' % actual_dir) ++ + return actual_dir + + def _get_cache_filename(self, bucket): |