diff options
| author |   Rob Cakebread <pythonhead@gentoo.org> | 2005-02-07 04:28:20 +0000 |
|---|---|---|
| committer | Rob Cakebread <pythonhead@gentoo.org> | 2005-02-07 04:28:20 +0000 |
| commit | 9fa9617896b8bb28df27911a8048146422aacd08 (patch) | |
| tree | e64cbd5f5d89754d122e316ac9a990a39dd2d3af | |
| parent | Marked stable on mips. (diff) | |
| download | historical-9fa9617896b8bb28df27911a8048146422aacd08.tar.gz historical-9fa9617896b8bb28df27911a8048146422aacd08.tar.bz2 historical-9fa9617896b8bb28df27911a8048146422aacd08.zip | |
Patches and version bumps for security bug# 80592 Python bug# PSF-2005-001 xmlrpc vulnerability. Removed obsolete versions.
Package-Manager: portage-2.0.51.16
| -rw-r--r-- | dev-lang/python/ChangeLog | 21 | ||||
| -rw-r--r-- | dev-lang/python/Manifest | 29 | ||||
| -rw-r--r-- | dev-lang/python/files/digest-python-2.2.3-r6 (renamed from dev-lang/python/files/digest-python-2.2.3-r5) | 0 | ||||
| -rw-r--r-- | dev-lang/python/files/digest-python-2.3.3-r1 | 1 | ||||
| -rw-r--r-- | dev-lang/python/files/digest-python-2.3.3-r2 (renamed from dev-lang/python/files/digest-python-2.3.3) | 0 | ||||
| -rw-r--r-- | dev-lang/python/files/digest-python-2.3.4-r1 (renamed from dev-lang/python/files/digest-python-2.3.4) | 0 | ||||
| -rw-r--r-- | dev-lang/python/files/digest-python-2.4-r1 (renamed from dev-lang/python/files/digest-python-2.4) | 0 | ||||
| -rw-r--r-- | dev-lang/python/files/python-2.2.3-xmlrpc.patch | 98 | ||||
| -rw-r--r-- | dev-lang/python/files/python-2.3-xmlrpc.patch | 121 | ||||
| -rw-r--r-- | dev-lang/python/files/python-2.4-xmlrpc.patch | 121 | ||||
| -rw-r--r-- | dev-lang/python/python-2.2.3-r6.ebuild (renamed from dev-lang/python/python-2.2.3-r5.ebuild) | 5 | ||||
| -rw-r--r-- | dev-lang/python/python-2.3.3-r2.ebuild (renamed from dev-lang/python/python-2.3.3-r1.ebuild) | 5 | ||||
| -rw-r--r-- | dev-lang/python/python-2.3.3.ebuild | 177 | ||||
| -rw-r--r-- | dev-lang/python/python-2.3.4-r1.ebuild (renamed from dev-lang/python/python-2.3.4.ebuild) | 5 | ||||
| -rw-r--r-- | dev-lang/python/python-2.4-r1.ebuild (renamed from dev-lang/python/python-2.4.ebuild) | 5 |
15 files changed, 387 insertions, 201 deletions
diff --git a/dev-lang/python/ChangeLog b/dev-lang/python/ChangeLog index 305bb7b1e4d9..579319c20647 100644 --- a/dev-lang/python/ChangeLog +++ b/dev-lang/python/ChangeLog @@ -1,8 +1,19 @@ # ChangeLog for dev-lang/python # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/ChangeLog,v 1.125 2005/01/06 17:23:42 kloeri Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/ChangeLog,v 1.126 2005/02/07 04:28:20 pythonhead Exp $ - 06 Jan 2005; Bryan Østergaard <kloeri@gentoo.org> python-2.4.ebuild: +*python-2.2.3-r6 (06 Feb 2005) + + 06 Feb 2005; Rob Cakebread <pythonhead@gentoo.org> + +files/python-2.2.3-xmlrpc.patch, +files/python-2.3-xmlrpc.patch, + +files/python-2.4-xmlrpc.patch, -python-2.2.3-r5.ebuild, + +python-2.2.3-r6.ebuild, -python-2.3.3-r1.ebuild, +python-2.3.3-r2.ebuild, + -python-2.3.3.ebuild, +python-2.3.4-r1.ebuild, -python-2.3.4.ebuild, + +python-2.4-r1.ebuild, -python-2.4.ebuild: + Patches and version bumps for security bug# 80592 Python bug# PSF-2005-001 xmlrpc + vulnerability. Removed obsolete versions. + + 06 Jan 2005; Bryan Ãstergaard <kloeri@gentoo.org> python-2.4.ebuild: Fix broken Manifest. 05 Jan 2005; Rob Cakebread <pythonhead@gentoo.org> python-2.4.ebuild: @@ -74,7 +85,7 @@ Made python-2.1 stable on ppc as there are still some ebuilds which require this version. - 03 Jul 2004; Bryan Ãstergaard <kloeri@gentoo.org> python-2.3.3-r1.ebuild: + 03 Jul 2004; Bryan ÃÂstergaard <kloeri@gentoo.org> python-2.3.3-r1.ebuild: Stable on alpha. 03 Jul 2004; Grant Goodyear <g2boojum@gentoo.org> python-2.3.4.ebuild: @@ -107,7 +118,7 @@ *python-2.3.4 (04 Jun 2004) - 04 Jun 2004; Bryan Ãstergaard <kloeri@gentoo.org> +python-2.3.4.ebuild: + 04 Jun 2004; Bryan ÃÂstergaard <kloeri@gentoo.org> +python-2.3.4.ebuild: Bump version. 02 Jun 2004; Travis Tilley <lv@gentoo.org> python-2.3.3-r1.ebuild: @@ -161,7 +172,7 @@ Removing portage version check again as it's preventing new installations. Bug #43036 - 25 Feb 2004; Bryan Ãstergaard,,, <kloeri@gentoo.org> python-2.3.3.ebuild: + 25 Feb 2004; Bryan ÃÂstergaard,,, <kloeri@gentoo.org> python-2.3.3.ebuild: Reinstating portage version check as people keep upgrading python without upgrading portage. diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest index c92e30c223c5..62f9f8c748e7 100644 --- a/dev-lang/python/Manifest +++ b/dev-lang/python/Manifest @@ -1,19 +1,17 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 618c17cf90f543541625b9e71eace8d6 ChangeLog 21093 +MD5 d394c3e599719294e4085cccc5c96f5d ChangeLog 21645 MD5 8145ce0144332d6caca98fa5fb648741 metadata.xml 221 MD5 b0dabb5b661c34b2054f5ae852c2fd45 python-2.1.3-r1.ebuild 2329 -MD5 0b01bba91bec91b02c044fdf8f3ba4bc python-2.4.ebuild 6659 -MD5 d646219175210ff5eec9a8996d2edb43 python-2.2.3-r5.ebuild 4311 -MD5 3d174b1204c330f7cb067dbe6134fb73 python-2.3.3.ebuild 5571 -MD5 79ce98d4e26ccecf872e428d3d7574af python-2.3.3-r1.ebuild 7019 -MD5 6fa0ddcfee993f8905d9c70a4325eda0 python-2.3.4.ebuild 7017 +MD5 1e424541a26b4d5785a6e830e6a14fe8 python-2.2.3-r6.ebuild 4498 +MD5 d6caef1d9e32c8f6a3c0f04de5152fb1 python-2.3.3-r2.ebuild 7182 +MD5 5a86dd1a431b7adc66b634bde23e14ef python-2.3.4-r1.ebuild 7183 +MD5 99f8bbd61c29e69242730071f964faf4 python-2.4-r1.ebuild 6826 MD5 1c5cd53cb89c821a549968bac31df0f1 files/depreorder.py 2235 MD5 f3f370c8d1382c1a7571cfc1cbb196d9 files/digest-python-2.1.3-r1 62 -MD5 fccf57b8c47164b676517e516898dc46 files/digest-python-2.4 64 -MD5 f11f5d528c570ef739ea10806cebfa9f files/digest-python-2.2.3-r5 62 -MD5 d5e1334ddcc639401001d01f26ce0af5 files/digest-python-2.3.3 66 +MD5 55af7ba61954f03e09bcafbce1227c61 files/python-2.2.3-xmlrpc.patch 3659 +MD5 e8c8ffd37f007b6ee62180d31b2100fe files/python-2.3-xmlrpc.patch 4228 MD5 5f2361b3e770981b737a9ad3d2863931 files/python-2.2.1-r5-gentoo.diff 4152 MD5 11aa066154fe2e0a4c306124c7e5dd4a files/python-2.2.2-tk-8.4.x.patch 2997 MD5 96d4207fb41391c70d5f02e1785c9527 files/python-2.2.3-db4.patch 1220 @@ -30,8 +28,7 @@ MD5 b530d6f9dbcf30239061be3de80932cc files/python-config-2.2.1 178 MD5 b530d6f9dbcf30239061be3de80932cc files/python-config-2.2.2 178 MD5 201acd1cfd5124f25c58a8db3f78a502 files/python-config-2.3 178 MD5 fe5a878d2ba1e49ebc789b65f430290a files/python-updater 8611 -MD5 d5e1334ddcc639401001d01f26ce0af5 files/digest-python-2.3.3-r1 66 -MD5 c2e3a6ed5d700a7976f5b763cd935599 files/digest-python-2.3.4 66 +MD5 e8c8ffd37f007b6ee62180d31b2100fe files/python-2.4-xmlrpc.patch 4228 MD5 7a12ce3bbe0961cf1533fcf838e17fa9 files/python-2.4-db4.2.patch 1015 MD5 4b9922f74b1076d82d1fdb653fa5769a files/python-2.3-add_portage_search_path_take_2.patch 614 MD5 a387f41bfc6767b90a51daaa0c0aac45 files/python-2.3.4-lib64.patch 11779 @@ -41,10 +38,14 @@ MD5 2121d3986faa4b6c2c3ed472f77f2a9d files/python-2.4-gentoo_py_dontcompile.patc MD5 ec16631b538a7481f0537191d5f23b27 files/python-2.4-mimetypes_apache.patch 454 MD5 d74e7f0fd47f00e8b3fe7ca36b7eb629 files/python-config-2.4 179 MD5 7ed8f8f52ed392ef28dd320b130e3c6b files/python-2.4-lib64.patch 9941 +MD5 d5e1334ddcc639401001d01f26ce0af5 files/digest-python-2.3.3-r2 66 +MD5 c2e3a6ed5d700a7976f5b763cd935599 files/digest-python-2.3.4-r1 66 +MD5 fccf57b8c47164b676517e516898dc46 files/digest-python-2.4-r1 64 +MD5 f11f5d528c570ef739ea10806cebfa9f files/digest-python-2.2.3-r6 62 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) -iD8DBQFB3bNrz2gxt1z4IGYRAktSAKCzotDDYgaVt0NMaGCr3Mg0UHIoZgCfSyfo -X6+rOlB/+YdzdcwNr+zOX/M= -=CdK6 +iD8DBQFCBu6ez2gxt1z4IGYRAkqBAKCGvjGOpxSsVPQ4Em70MwuCsfYSoACfRID4 +yavVaNbrBw9oI4BX2LYzjxE= +=+PaS -----END PGP SIGNATURE----- diff --git a/dev-lang/python/files/digest-python-2.2.3-r5 b/dev-lang/python/files/digest-python-2.2.3-r6 index 283c3d783859..283c3d783859 100644 --- a/dev-lang/python/files/digest-python-2.2.3-r5 +++ b/dev-lang/python/files/digest-python-2.2.3-r6 diff --git a/dev-lang/python/files/digest-python-2.3.3-r1 b/dev-lang/python/files/digest-python-2.3.3-r1 deleted file mode 100644 index 8c0e033775a0..000000000000 --- a/dev-lang/python/files/digest-python-2.3.3-r1 +++ /dev/null @@ -1 +0,0 @@ -MD5 70ada9f65742ab2c77a96bcd6dffd9b1 Python-2.3.3.tar.bz2 7195007 diff --git a/dev-lang/python/files/digest-python-2.3.3 b/dev-lang/python/files/digest-python-2.3.3-r2 index 8c0e033775a0..8c0e033775a0 100644 --- a/dev-lang/python/files/digest-python-2.3.3 +++ b/dev-lang/python/files/digest-python-2.3.3-r2 diff --git a/dev-lang/python/files/digest-python-2.3.4 b/dev-lang/python/files/digest-python-2.3.4-r1 index b7cd9dae4d5c..b7cd9dae4d5c 100644 --- a/dev-lang/python/files/digest-python-2.3.4 +++ b/dev-lang/python/files/digest-python-2.3.4-r1 diff --git a/dev-lang/python/files/digest-python-2.4 b/dev-lang/python/files/digest-python-2.4-r1 index f096fae6214a..f096fae6214a 100644 --- a/dev-lang/python/files/digest-python-2.4 +++ b/dev-lang/python/files/digest-python-2.4-r1 diff --git a/dev-lang/python/files/python-2.2.3-xmlrpc.patch b/dev-lang/python/files/python-2.2.3-xmlrpc.patch new file mode 100644 index 000000000000..d5eecf5b5676 --- /dev/null +++ b/dev-lang/python/files/python-2.2.3-xmlrpc.patch @@ -0,0 +1,98 @@ +diff -c -r1.2 SimpleXMLRPCServer.py +*** Lib/SimpleXMLRPCServer.py 29 Sep 2001 04:54:33 -0000 1.2 +--- Lib/SimpleXMLRPCServer.py 3 Feb 2005 05:34:18 -0000 +*************** +*** 161,167 **** + try: + func = _resolve_dotted_attribute( + self.server.instance, +! method + ) + except AttributeError: + pass +--- 161,168 ---- + try: + func = _resolve_dotted_attribute( + self.server.instance, +! method, +! self.allow_dotted_names + ) + except AttributeError: + pass +*************** +*** 178,188 **** + BaseHTTPServer.BaseHTTPRequestHandler.log_request(self, code, size) + + +! def _resolve_dotted_attribute(obj, attr): + """Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. + """ +! for i in attr.split('.'): + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +--- 179,198 ---- + BaseHTTPServer.BaseHTTPRequestHandler.log_request(self, code, size) + + +! def _resolve_dotted_attribute(obj, attr, allow_dotted_names=True): + """Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. ++ ++ If the optional allow_dotted_names argument is false, dots are not ++ supported and this function operates similar to getattr(obj, attr). + """ +! +! if allow_dotted_names: +! attrs = attr.split('.') +! else: +! attrs = [attr] +! +! for i in attrs: + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +*************** +*** 206,212 **** + self.instance = None + SocketServer.TCPServer.__init__(self, addr, requestHandler) + +! def register_instance(self, instance): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +--- 216,222 ---- + self.instance = None + SocketServer.TCPServer.__init__(self, addr, requestHandler) + +! def register_instance(self, instance, allow_dotted_names=False): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +*************** +*** 225,233 **** +--- 235,257 ---- + + If a registered function matches a XML-RPC request, then it + will be called instead of the registered instance. ++ ++ If the optional allow_dotted_names argument is true and the ++ instance does not have a _dispatch method, method names ++ containing dots are supported and resolved, as long as none of ++ the name segments start with an '_'. ++ ++ *** SECURITY WARNING: *** ++ ++ Enabling the allow_dotted_names options allows intruders ++ to access your module's global variables and may allow ++ intruders to execute arbitrary code on your machine. Only ++ use this option on a secure, closed network. ++ + """ + + self.instance = instance ++ self.allow_dotted_names = allow_dotted_names + + def register_function(self, function, name = None): + """Registers a function to respond to XML-RPC requests. diff --git a/dev-lang/python/files/python-2.3-xmlrpc.patch b/dev-lang/python/files/python-2.3-xmlrpc.patch new file mode 100644 index 000000000000..61f61f2d8391 --- /dev/null +++ b/dev-lang/python/files/python-2.3-xmlrpc.patch @@ -0,0 +1,121 @@ +diff -c -r1.7.8.1 SimpleXMLRPCServer.py +*** Lib/SimpleXMLRPCServer.py 3 Oct 2004 23:23:00 -0000 1.7.8.1 +--- Lib/SimpleXMLRPCServer.py 3 Feb 2005 05:33:55 -0000 +*************** +*** 107,120 **** + import types + import os + +! def resolve_dotted_attribute(obj, attr): + """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d + + Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. + """ + +! for i in attr.split('.'): + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +--- 107,128 ---- + import types + import os + +! def resolve_dotted_attribute(obj, attr, allow_dotted_names=True): + """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d + + Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. ++ ++ If the optional allow_dotted_names argument is false, dots are not ++ supported and this function operates similar to getattr(obj, attr). + """ + +! if allow_dotted_names: +! attrs = attr.split('.') +! else: +! attrs = [attr] +! +! for i in attrs: + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +*************** +*** 156,162 **** + self.funcs = {} + self.instance = None + +! def register_instance(self, instance): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +--- 164,170 ---- + self.funcs = {} + self.instance = None + +! def register_instance(self, instance, allow_dotted_names=False): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +*************** +*** 174,182 **** +--- 182,204 ---- + + If a registered function matches a XML-RPC request, then it + will be called instead of the registered instance. ++ ++ If the optional allow_dotted_names argument is true and the ++ instance does not have a _dispatch method, method names ++ containing dots are supported and resolved, as long as none of ++ the name segments start with an '_'. ++ ++ *** SECURITY WARNING: *** ++ ++ Enabling the allow_dotted_names options allows intruders ++ to access your module's global variables and may allow ++ intruders to execute arbitrary code on your machine. Only ++ use this option on a secure, closed network. ++ + """ + + self.instance = instance ++ self.allow_dotted_names = allow_dotted_names + + def register_function(self, function, name = None): + """Registers a function to respond to XML-RPC requests. +*************** +*** 295,301 **** + try: + method = resolve_dotted_attribute( + self.instance, +! method_name + ) + except AttributeError: + pass +--- 317,324 ---- + try: + method = resolve_dotted_attribute( + self.instance, +! method_name, +! self.allow_dotted_names + ) + except AttributeError: + pass +*************** +*** 374,380 **** + try: + func = resolve_dotted_attribute( + self.instance, +! method + ) + except AttributeError: + pass +--- 397,404 ---- + try: + func = resolve_dotted_attribute( + self.instance, +! method, +! self.allow_dotted_names + ) + except AttributeError: + pass diff --git a/dev-lang/python/files/python-2.4-xmlrpc.patch b/dev-lang/python/files/python-2.4-xmlrpc.patch new file mode 100644 index 000000000000..61f61f2d8391 --- /dev/null +++ b/dev-lang/python/files/python-2.4-xmlrpc.patch @@ -0,0 +1,121 @@ +diff -c -r1.7.8.1 SimpleXMLRPCServer.py +*** Lib/SimpleXMLRPCServer.py 3 Oct 2004 23:23:00 -0000 1.7.8.1 +--- Lib/SimpleXMLRPCServer.py 3 Feb 2005 05:33:55 -0000 +*************** +*** 107,120 **** + import types + import os + +! def resolve_dotted_attribute(obj, attr): + """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d + + Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. + """ + +! for i in attr.split('.'): + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +--- 107,128 ---- + import types + import os + +! def resolve_dotted_attribute(obj, attr, allow_dotted_names=True): + """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d + + Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. ++ ++ If the optional allow_dotted_names argument is false, dots are not ++ supported and this function operates similar to getattr(obj, attr). + """ + +! if allow_dotted_names: +! attrs = attr.split('.') +! else: +! attrs = [attr] +! +! for i in attrs: + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +*************** +*** 156,162 **** + self.funcs = {} + self.instance = None + +! def register_instance(self, instance): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +--- 164,170 ---- + self.funcs = {} + self.instance = None + +! def register_instance(self, instance, allow_dotted_names=False): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +*************** +*** 174,182 **** +--- 182,204 ---- + + If a registered function matches a XML-RPC request, then it + will be called instead of the registered instance. ++ ++ If the optional allow_dotted_names argument is true and the ++ instance does not have a _dispatch method, method names ++ containing dots are supported and resolved, as long as none of ++ the name segments start with an '_'. ++ ++ *** SECURITY WARNING: *** ++ ++ Enabling the allow_dotted_names options allows intruders ++ to access your module's global variables and may allow ++ intruders to execute arbitrary code on your machine. Only ++ use this option on a secure, closed network. ++ + """ + + self.instance = instance ++ self.allow_dotted_names = allow_dotted_names + + def register_function(self, function, name = None): + """Registers a function to respond to XML-RPC requests. +*************** +*** 295,301 **** + try: + method = resolve_dotted_attribute( + self.instance, +! method_name + ) + except AttributeError: + pass +--- 317,324 ---- + try: + method = resolve_dotted_attribute( + self.instance, +! method_name, +! self.allow_dotted_names + ) + except AttributeError: + pass +*************** +*** 374,380 **** + try: + func = resolve_dotted_attribute( + self.instance, +! method + ) + except AttributeError: + pass +--- 397,404 ---- + try: + func = resolve_dotted_attribute( + self.instance, +! method, +! self.allow_dotted_names + ) + except AttributeError: + pass diff --git a/dev-lang/python/python-2.2.3-r5.ebuild b/dev-lang/python/python-2.2.3-r6.ebuild index 5cfc623be1a8..5352533d4833 100644 --- a/dev-lang/python/python-2.2.3-r5.ebuild +++ b/dev-lang/python/python-2.2.3-r6.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.2.3-r5.ebuild,v 1.25 2005/01/05 00:38:48 pythonhead Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.2.3-r6.ebuild,v 1.1 2005/02/07 04:28:20 pythonhead Exp $ inherit flag-o-matic eutils python @@ -40,6 +40,9 @@ SLOT="2.2" src_unpack() { unpack ${A} + #Fixes security vulnerability in XML-RPC server - pythonhead (06 Feb 05) + #http://www.python.org/security/PSF-2005-001/ + EPATCH_OPTS="-d ${S}" epatch ${FILESDIR}/${PN}-2.2.3-xmlrpc.patch EPATCH_OPTS="-d ${S}" epatch ${FILESDIR}/${P}-db4.patch EPATCH_OPTS="-d ${S}" epatch ${FILESDIR}/${P}-disable_modules_and_ssl.patch EPATCH_OPTS="-d ${S}" epatch ${FILESDIR}/${PN}-2.3-add_portage_search_path.patch diff --git a/dev-lang/python/python-2.3.3-r1.ebuild b/dev-lang/python/python-2.3.3-r2.ebuild index 7fea12223d4c..7b756efa80e6 100644 --- a/dev-lang/python/python-2.3.3-r1.ebuild +++ b/dev-lang/python/python-2.3.3-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.3.3-r1.ebuild,v 1.24 2005/01/05 00:38:48 pythonhead Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.3.3-r2.ebuild,v 1.1 2005/02/07 04:28:20 pythonhead Exp $ # NOTE about python-portage interactions : # - Do not add a pkg_setup() check for a certain version of portage @@ -48,6 +48,9 @@ PROVIDE="virtual/python" src_unpack() { unpack ${A} cd ${S} + #Fixes security vulnerability in XML-RPC server - pythonhead (06 Feb 05) + #http://www.python.org/security/PSF-2005-001/ + epatch ${FILESDIR}/${PN}-2.3-xmlrpc.patch # adds /usr/lib/portage/pym to sys.path - liquidx (08 Oct 03) # prepends /usr/lib/portage/pym to sys.path - liquidx (12 Apr 04) epatch ${FILESDIR}/${PN}-2.3-add_portage_search_path_take_2.patch diff --git a/dev-lang/python/python-2.3.3.ebuild b/dev-lang/python/python-2.3.3.ebuild deleted file mode 100644 index 08372025db92..000000000000 --- a/dev-lang/python/python-2.3.3.ebuild +++ /dev/null @@ -1,177 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.3.3.ebuild,v 1.31 2005/01/05 00:38:48 pythonhead Exp $ - -# NOTE about python-portage interactions : -# - Do not add a pkg_setup() check for a certain version of portage -# in dev-lang/python. It _WILL_ stop people installing from -# Gentoo 1.4 images. - -inherit flag-o-matic python eutils - -MY_PV=${PV/_rc/c} -PYVER_MAJOR="`echo ${PV%_*} | cut -d '.' -f 1`" -PYVER_MINOR="`echo ${PV%_*} | cut -d '.' -f 2`" -PYVER="${PYVER_MAJOR}.${PYVER_MINOR}" - -S="${WORKDIR}/Python-${MY_PV}" -DESCRIPTION="A really great language" -SRC_URI="http://www.python.org/ftp/python/${PV%_*}/Python-${MY_PV}.tar.bz2" -HOMEPAGE="http://www.python.org" - -IUSE="ncurses gdbm ssl readline tcltk berkdb bootstrap ipv6 build ucs2 doc X" -LICENSE="PSF-2.2" -SLOT="2.3" -KEYWORDS="x86 ppc sparc hppa amd64 s390 alpha ia64 ppc64" - -DEPEND="virtual/libc - >=sys-libs/zlib-1.1.3 - !build? ( - X? ( tcltk? ( >=dev-lang/tk-8.0 ) ) - ncurses? ( >=sys-libs/ncurses-5.2 readline? ( >=sys-libs/readline-4.1 ) ) - berkdb? ( >=sys-libs/db-3.1 ) - gdbm? ( sys-libs/gdbm ) - ssl? ( dev-libs/openssl ) - doc? ( =dev-python/python-docs-${PV}* ) - dev-libs/expat - )" -RDEPEND="${DEPEND} - dev-python/python-fchksum" - -# The dev-python/python-fchksum RDEPEND is needed to that this python provides -# the functionality expected from previous pythons. - -PROVIDE="virtual/python" - -src_unpack() { - unpack ${A} - cd ${S} - # adds /usr/lib/portage/pym to sys.path - liquidx (08 Oct 03) - epatch ${FILESDIR}/${PN}-2.3-add_portage_search_path.patch - # adds support for PYTHON_DONTCOMPILE shell environment to - # supress automatic generation of .pyc and .pyo files - liquidx (08 Oct 03) - epatch ${FILESDIR}/${PN}-2.3-gentoo_py_dontcompile.patch - epatch ${FILESDIR}/${PN}-2.3.2-disable_modules_and_ssl.patch - epatch ${FILESDIR}/${PN}-2.3-mimetypes_apache.patch - epatch ${FILESDIR}/${PN}-2.3-db4.2.patch - # fix os.utime() on hppa. utimes it not supported but unfortunately reported as working - gmsoft (22 May 04) - [ "${ARCH}" = "hppa" ] && sed -e 's/utimes //' -i ${S}/configure -} - -src_configure() { - # disable extraneous modules with extra dependencies - if use build ; then - export PYTHON_DISABLE_MODULES="readline pyexpat dbm gdbm bsddb _curses _curses_panel _tkinter" - export PYTHON_DISABLE_SSL=1 - else - use gdbm \ - || PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} gdbm" - use berkdb \ - || PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} dbm bsddb" - use readline \ - || PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} readline" - ( use !X || use !tcltk ) \ - && PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} _tkinter" - use ncurses \ - || PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} _curses _curses_panel" - use ssl \ - || export PYTHON_DISABLE_SSL=1 - export PYTHON_DISABLE_MODULES - echo $PYTHON_DISABLE_MODULES - fi -} - -src_compile() { - filter-flags -malign-double - - [ "${ARCH}" = "hppa" ] && append-flags -fPIC - [ "${ARCH}" = "alpha" ] && append-flags -fPIC - [ "${ARCH}" = "amd64" ] && append-flags -fPIC - - # http://bugs.gentoo.org/show_bug.cgi?id=50309 - if is-flag -O3; then - is-flag -fstack-protector-all && replace-flags -O3 -O2 - use hardened && replace-flags -O3 -O2 - fi - - export OPT="${CFLAGS}" - - local myconf - #if we are creating a new build image, we remove the dependency on g++ - if use build && ! use bootstrap; then - myconf="--with-cxx=no" - fi - - # super-secret switch. don't use this unless you know what you're - # doing. enabling UCS2 support will break your existing python - # modules - use ucs2 \ - && myconf="${myconf} --enable-unicode=ucs2" \ - || myconf="${myconf} --enable-unicode=ucs4" - - src_configure - - econf --with-fpectl \ - --enable-shared \ - `use_enable ipv6` \ - --infodir='${prefix}'/share/info \ - --mandir='${prefix}'/share/man \ - --with-threads \ - ${myconf} || die - emake || die "Parallel make failed" -} - -src_install() { - dodir /usr - src_configure - make DESTDIR="${D}" altinstall || die - - # install our own custom python-config - exeinto /usr/bin - newexe ${FILESDIR}/python-config-${PYVER} python-config - - # The stuff below this line extends from 2.1, and should be deprecated - # in 2.3, or possibly can wait till 2.4 - - # seems like the build do not install Makefile.pre.in anymore - # it probably shouldn't - use DistUtils, people! - insinto /usr/lib/python${PYVER}/config - doins ${S}/Makefile.pre.in - - # While we're working on the config stuff... Let's fix the OPT var - # so that it doesn't have any opts listed in it. Prevents the problem - # with compiling things with conflicting opts later. - dosed -e 's:^OPT=.*:OPT=-DNDEBUG:' /usr/lib/python${PYVER}/config/Makefile - - # install python-updater in /usr/sbin - dosbin ${FILESDIR}/python-updater -} - -pkg_postrm() { - python_makesym - python_mod_cleanup /usr/lib/python2.3 -} - -pkg_postinst() { - local myroot - myroot=$(echo $ROOT | sed 's:/$::') - - python_makesym - python_mod_optimize - python_mod_optimize -x site-packages -x test ${myroot}/usr/lib/python${PYVER} - - echo - ewarn - ewarn "If you have just upgraded from python-2.2.x you will need to run:" - ewarn - ewarn "/usr/sbin/python-updater" - ewarn - ewarn "This will automatically rebuild all the python dependent modules" - ewarn "to run with python-2.3." - ewarn - ewarn "Python 2.2 is still installed and can be accessed via /usr/bin/python2.2." - ewarn "Portage-2.0.49-r8 and below will continue to use python-2.2.x, so" - ewarn "think twice about uninstalling it, otherwise your system will break." - ewarn - ebeep 5 -} diff --git a/dev-lang/python/python-2.3.4.ebuild b/dev-lang/python/python-2.3.4-r1.ebuild index 77a4b16643ff..c9938f663854 100644 --- a/dev-lang/python/python-2.3.4.ebuild +++ b/dev-lang/python/python-2.3.4-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.3.4.ebuild,v 1.21 2005/01/05 00:38:48 pythonhead Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.3.4-r1.ebuild,v 1.1 2005/02/07 04:28:20 pythonhead Exp $ # NOTE about python-portage interactions : # - Do not add a pkg_setup() check for a certain version of portage @@ -46,6 +46,9 @@ src_unpack() { unpack ${A} cd ${S} sed -ie 's/OpenBSD\/3.\[01234/OpenBSD\/3.\[012345/' configure || die "OpenBSD sed failed" + #Fixes security vulnerability in XML-RPC server - pythonhead (06 Feb 05) + #http://www.python.org/security/PSF-2005-001/ + epatch ${FILESDIR}/${PN}-2.3-xmlrpc.patch # adds /usr/lib/portage/pym to sys.path - liquidx (08 Oct 03) # prepends /usr/lib/portage/pym to sys.path - liquidx (12 Apr 04) epatch ${FILESDIR}/${PN}-2.3-add_portage_search_path_take_2.patch diff --git a/dev-lang/python/python-2.4.ebuild b/dev-lang/python/python-2.4-r1.ebuild index e5a39b814702..d4d21f89a44e 100644 --- a/dev-lang/python/python-2.4.ebuild +++ b/dev-lang/python/python-2.4-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.4.ebuild,v 1.6 2005/01/06 21:53:12 pythonhead Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.4-r1.ebuild,v 1.1 2005/02/07 04:28:20 pythonhead Exp $ # NOTE about python-portage interactions : # - Do not add a pkg_setup() check for a certain version of portage @@ -46,6 +46,9 @@ PROVIDE="virtual/python" src_unpack() { unpack ${A} cd ${S} + #Fixes security vulnerability in XML-RPC server - pythonhead (06 Feb 05) + #http://www.python.org/security/PSF-2005-001/ + epatch ${FILESDIR}/${PN}-2.4-xmlrpc.patch # prepends /usr/lib/portage/pym to sys.path epatch ${FILESDIR}/${PN}-${PYVER}-add_portage_search_path.patch # adds support for PYTHON_DONTCOMPILE shell environment to |