| author | April Chin <april.chin@oracle.com> |
| Sat, 15 Mar 2014 00:26:21 -0700 | |
| changeset 1758 | 28f01aad153d |
| permissions | -rw-r--r-- |
|
1758
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
1 |
Patch from upstream, not yet available in latest stable release-- |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
2 |
http://www.logilab.org/revision/210454 |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
3 |
--to fix CVE-2014-1839. |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
4 |
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
5 |
diff -rupN logilab-common-0.58.2-orig/ChangeLog logilab-common-0.58.2/ChangeLog |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
6 |
--- logilab-common-0.58.2-orig/ChangeLog 2014-03-14 10:39:51.021176000 -0700 |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
7 |
+++ logilab-common-0.58.2/ChangeLog 2014-03-14 10:43:43.925212000 -0700 |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
8 |
@@ -4,6 +4,9 @@ ChangeLog for logilab.common |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
9 |
2014-02-03 |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
10 |
* pdf_ext: removed, it had no known users (CVE-2014-1838) |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
11 |
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
12 |
+ * shellutils: fix tempfile issue in Execute, and deprecate it |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
13 |
+ (CVE-2014-1839) |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
14 |
+ |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
15 |
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
16 |
2012-07-30 -- 0.58.2 |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
17 |
* modutils: fixes (closes #100757 and #100935) |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
18 |
diff -rupN logilab-common-0.58.2-orig/shellutils.py logilab-common-0.58.2/shellutils.py |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
19 |
--- logilab-common-0.58.2-orig/shellutils.py 2012-07-30 06:06:59.000000000 -0700 |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
20 |
+++ logilab-common-0.58.2/shellutils.py 2014-03-14 10:46:41.707010000 -0700 |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
21 |
@@ -31,11 +31,13 @@ import fnmatch |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
22 |
import errno |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
23 |
import string |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
24 |
import random |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
25 |
+import subprocess |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
26 |
from os.path import exists, isdir, islink, basename, join |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
27 |
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
28 |
from logilab.common import STD_BLACKLIST, _handle_blacklist |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
29 |
from logilab.common.compat import raw_input |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
30 |
from logilab.common.compat import str_to_bytes |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
31 |
+from logilab.common.deprecation import deprecated |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
32 |
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
33 |
try: |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
34 |
from logilab.common.proc import ProcInfo, NoSuchProcess |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
35 |
@@ -224,20 +226,17 @@ def unzip(archive, destdir): |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
36 |
outfile.write(zfobj.read(name)) |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
37 |
outfile.close() |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
38 |
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
39 |
+@deprecated('Use subprocess.Popen instead')
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
40 |
class Execute: |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
41 |
"""This is a deadlock safe version of popen2 (no stdin), that returns |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
42 |
an object with errorlevel, out and err. |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
43 |
""" |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
44 |
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
45 |
def __init__(self, command): |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
46 |
- outfile = tempfile.mktemp() |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
47 |
- errfile = tempfile.mktemp() |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
48 |
- self.status = os.system("( %s ) >%s 2>%s" %
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
49 |
- (command, outfile, errfile)) >> 8 |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
50 |
- self.out = open(outfile, "r").read() |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
51 |
- self.err = open(errfile, "r").read() |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
52 |
- os.remove(outfile) |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
53 |
- os.remove(errfile) |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
54 |
+ cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
55 |
+ self.out, self.err = cmd.communicate() |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
56 |
+ self.status = os.WEXITSTATUS(cmd.returncode) |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
57 |
+ |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
58 |
|
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
59 |
def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600): |
|
28f01aad153d
18299226 problem in PYTHON-MOD/LOGILAB-COMMON
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
60 |
"""Acquire a lock represented by a file on the file system |