From d5b40e581319bb55480d514990e2b3cae26014d1 Mon Sep 17 00:00:00 2001 From: Rob Cakebread Date: Fri, 11 Feb 2005 19:45:40 +0000 Subject: Bumped and patched security bug# 80109 CAN-2005-0088 Package-Manager: portage-2.0.51.16 --- dev-python/mod_python/ChangeLog | 8 ++- dev-python/mod_python/Manifest | 27 +++++++--- .../mod_python/files/digest-mod_python-3.1.3-r1 | 1 + dev-python/mod_python/files/publisher-2.diff | 43 +++++++++++++++ dev-python/mod_python/mod_python-2.7.10-r1.ebuild | 4 +- dev-python/mod_python/mod_python-2.7.10.ebuild | 4 +- dev-python/mod_python/mod_python-3.1.3-r1.ebuild | 61 ++++++++++++++++++++++ dev-python/mod_python/mod_python-3.1.3.ebuild | 8 +-- 8 files changed, 140 insertions(+), 16 deletions(-) create mode 100644 dev-python/mod_python/files/digest-mod_python-3.1.3-r1 create mode 100644 dev-python/mod_python/files/publisher-2.diff create mode 100644 dev-python/mod_python/mod_python-3.1.3-r1.ebuild (limited to 'dev-python/mod_python') diff --git a/dev-python/mod_python/ChangeLog b/dev-python/mod_python/ChangeLog index aea4ee32fae0..a700c1e428fb 100644 --- a/dev-python/mod_python/ChangeLog +++ b/dev-python/mod_python/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for dev-python/mod_python -# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/ChangeLog,v 1.27 2004/12/30 22:33:21 ciaranm Exp $ +# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/ChangeLog,v 1.28 2005/02/11 19:45:40 pythonhead Exp $ + + 11 Feb 2005; Rob Cakebread + +files/publisher-2.diff, mod_python-3.1.3.ebuild: + Bumped and patched security bug# 80109 CAN-2005-0088 30 Dec 2004; Ciaran McCreesh : Change encoding to UTF-8 for GLEP 31 compliance diff --git a/dev-python/mod_python/Manifest b/dev-python/mod_python/Manifest index 548010275cc4..948051455924 100644 --- a/dev-python/mod_python/Manifest +++ b/dev-python/mod_python/Manifest @@ -1,10 +1,23 @@ -MD5 82be03eed9d1bbab2503bff4a9eb5628 mod_python-2.7.10-r1.ebuild 2666 -MD5 b9b10cbee48dca632802a10dc75bf9b9 ChangeLog 4190 -MD5 e3fe1ef2a654696a5be60895f688b11e mod_python-2.7.10.ebuild 2464 +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +MD5 12c3fe9490e1bfb49d7085703b7ceefb ChangeLog 4354 MD5 19c5d014ef01ffef8f4e55360e14b8ad metadata.xml 546 -MD5 fb31564d5aff33b15784e2ca264a68a2 mod_python-3.1.3.ebuild 1779 -MD5 01ce560a5062d990e685e78b756fa5ba files/mod_python.conf 70 +MD5 67997ffb188bf18507f6a2ac093227a6 mod_python-2.7.10.ebuild 2466 +MD5 56e0e23014de3fcd64cd488154dc0c14 mod_python-2.7.10-r1.ebuild 2670 +MD5 eeb4d18110c623dfed18a9c097b39a97 mod_python-3.1.3.ebuild 1879 +MD5 7a9f8809160500edcc3f6adfee451a0a mod_python-3.1.3-r1.ebuild 1881 +MD5 0779383c65d90a5161e7a11ab5bbbbec files/publisher-2.diff 1383 +MD5 05bbbfafd26dcf70f83fcc2b015751dc files/16_mod_python.conf 1106 +MD5 eedde8a8dd90829d24fdb18cc86054f6 files/digest-mod_python-2.7.10 66 MD5 eedde8a8dd90829d24fdb18cc86054f6 files/digest-mod_python-2.7.10-r1 66 +MD5 67e42121ddce856c5d7021b3eca7abdb files/digest-mod_python-3.1.3-r1 65 MD5 67e42121ddce856c5d7021b3eca7abdb files/digest-mod_python-3.1.3 65 -MD5 eedde8a8dd90829d24fdb18cc86054f6 files/digest-mod_python-2.7.10 66 -MD5 05bbbfafd26dcf70f83fcc2b015751dc files/16_mod_python.conf 1106 +MD5 01ce560a5062d990e685e78b756fa5ba files/mod_python.conf 70 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 (GNU/Linux) + +iD8DBQFCDQucz2gxt1z4IGYRAvYcAKCZInvT5msBBpzbmXEpgLV9NaQNLQCgsvOa +5q5i7ahR1JHWv/UEAHnBUGw= +=wDqr +-----END PGP SIGNATURE----- diff --git a/dev-python/mod_python/files/digest-mod_python-3.1.3-r1 b/dev-python/mod_python/files/digest-mod_python-3.1.3-r1 new file mode 100644 index 000000000000..2e72ee8ba450 --- /dev/null +++ b/dev-python/mod_python/files/digest-mod_python-3.1.3-r1 @@ -0,0 +1 @@ +MD5 2e1983e35edd428f308b0dfeb1c23bfe mod_python-3.1.3.tgz 293548 diff --git a/dev-python/mod_python/files/publisher-2.diff b/dev-python/mod_python/files/publisher-2.diff new file mode 100644 index 000000000000..8916dc383ee2 --- /dev/null +++ b/dev-python/mod_python/files/publisher-2.diff @@ -0,0 +1,43 @@ +*** ../mod_python-3.1.3/lib/python/mod_python/publisher.py Wed Feb 9 08:41:43 2005 +--- lib/python/mod_python/publisher.py Wed Feb 9 08:53:15 2005 +*************** +*** 258,270 **** + (period) to find the last one we're looking for. + """ + +! for obj_str in object_str.split('.'): +! obj = getattr(obj, obj_str) + +! # object cannot be a module +! if type(obj) == ModuleType: + raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND + + realm, user, passwd = process_auth(req, obj, realm, + user, passwd) + +--- 258,282 ---- + (period) to find the last one we're looking for. + """ + +! parts = object_str.split('.') + +! for n in range(len(parts)): +! +! obj = getattr(obj, parts[n]) +! obj_type = type(obj) +! +! # object cannot be a module or a class +! if obj_type in [ClassType, ModuleType]: + raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND + ++ if n < (len(parts)-1): ++ ++ # all but the last object ... ++ ++ # ...must be instance ++ if obj_type != InstanceType: ++ raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND ++ + realm, user, passwd = process_auth(req, obj, realm, + user, passwd) + diff --git a/dev-python/mod_python/mod_python-2.7.10-r1.ebuild b/dev-python/mod_python/mod_python-2.7.10-r1.ebuild index de677d8e7631..910a4b37e639 100644 --- a/dev-python/mod_python/mod_python-2.7.10-r1.ebuild +++ b/dev-python/mod_python/mod_python-2.7.10-r1.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/mod_python-2.7.10-r1.ebuild,v 1.1 2004/09/04 08:22:25 lucass Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/mod_python-2.7.10-r1.ebuild,v 1.2 2005/02/11 19:45:40 pythonhead Exp $ inherit python diff --git a/dev-python/mod_python/mod_python-2.7.10.ebuild b/dev-python/mod_python/mod_python-2.7.10.ebuild index 3340e4434bee..658af8f89cc1 100644 --- a/dev-python/mod_python/mod_python-2.7.10.ebuild +++ b/dev-python/mod_python/mod_python-2.7.10.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/mod_python-2.7.10.ebuild,v 1.5 2004/06/25 01:34:21 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/mod_python-2.7.10.ebuild,v 1.6 2005/02/11 19:45:40 pythonhead Exp $ inherit python diff --git a/dev-python/mod_python/mod_python-3.1.3-r1.ebuild b/dev-python/mod_python/mod_python-3.1.3-r1.ebuild new file mode 100644 index 000000000000..3ab58055735c --- /dev/null +++ b/dev-python/mod_python/mod_python-3.1.3-r1.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/mod_python-3.1.3-r1.ebuild,v 1.1 2005/02/11 19:45:40 pythonhead Exp $ + +inherit python eutils + +DESCRIPTION="An Apache2 DSO providing an embedded Python interpreter" +HOMEPAGE="http://www.modpython.org/" +SRC_URI="mirror://apache/modpython/${P}.tgz" +LICENSE="Apache-1.1" +SLOT="0" +KEYWORDS="x86 alpha ppc ~sparc ~amd64" +IUSE="" +DEPEND="dev-lang/python + >=net-www/apache-2.0" + +src_unpack() { + unpack ${A} || die + cd ${S} || die + # remove optimisations, we do that outside portage + sed -i -e 's:--optimize 2:--no-compile:' dist/Makefile.in + + # Fix compilation when using Python-2.3 + has_version ">=dev-lang/python-2.3" && \ + sed -i -e 's:LONG_LONG:PY_LONG_LONG:g' \ + "${S}/src/requestobject.c" + #Fixes publisher info leak bug# 80109 CAN-2005-0088 + epatch ${FILESDIR}/publisher-2.diff +} + +src_compile() { + ./configure --with-apxs=/usr/sbin/apxs2 || die + make OPT="`apxs2 -q CFLAGS` -fPIC" || die +} + +src_install() { + dodir /usr/lib/apache2-extramodules + make install DESTDIR=${D} LIBEXECDIR=/usr/lib/apache2-extramodules || die + insinto /etc/apache2/conf/modules.d + doins ${FILESDIR}/16_mod_python.conf + dodoc ${FILESDIR}/16_mod_python.conf README NEWS CREDITS COPYRIGHT + dohtml doc-html/* + insinto /usr/share/doc/${PF}/html/icons + doins doc-html/icons/* +} + +pkg_postinst() { + python_version + python_mod_optimize /usr/lib/python${PYVER}/site-packages/mod_python + + einfo "To have Apache run python programs, please do the following:" + einfo "Edit /etc/conf.d/apache2 and add \"-D PYTHON\"" + einfo "That will setup Apache to load python when it starts." + einfo + einfo "If you're new to mod_python there's a manual and tutorial" + einfo "installed in /usr/share/doc/${PF}/html/index.html." +} + +pkg_postrm() { + python_mod_cleanup +} diff --git a/dev-python/mod_python/mod_python-3.1.3.ebuild b/dev-python/mod_python/mod_python-3.1.3.ebuild index ba9bfa6d2d0d..e4c4bb0bf4f4 100644 --- a/dev-python/mod_python/mod_python-3.1.3.ebuild +++ b/dev-python/mod_python/mod_python-3.1.3.ebuild @@ -1,8 +1,8 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/mod_python-3.1.3.ebuild,v 1.9 2004/10/17 07:56:00 absinthe Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-python/mod_python/mod_python-3.1.3.ebuild,v 1.10 2005/02/11 19:45:40 pythonhead Exp $ -inherit python +inherit python eutils DESCRIPTION="An Apache2 DSO providing an embedded Python interpreter" HOMEPAGE="http://www.modpython.org/" @@ -24,6 +24,8 @@ src_unpack() { has_version ">=dev-lang/python-2.3" && \ sed -i -e 's:LONG_LONG:PY_LONG_LONG:g' \ "${S}/src/requestobject.c" + #Fixes publisher info leak bug# 80109 CAN-2005-0088 + epatch ${FILESDIR}/publisher-2.diff } src_compile() { -- cgit v1.2.3-65-gdbad