upstream/oracle/userland-gate: components/logilab-common/patches/02-CVE-2014-1839.patch@658c82bc2bfc (annotated)

3002 baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	1	Patch from upstream, not yet available in latest stable release--
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	2	http://www.logilab.org/revision/210454
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	3	--to fix CVE-2014-1839.
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	4
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	5	diff -rupN logilab-common-0.58.2-orig/ChangeLog logilab-common-0.58.2/ChangeLog
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	6	--- logilab-common-0.58.2-orig/ChangeLog 2014-03-14 10:39:51.021176000 -0700
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	7	+++ logilab-common-0.58.2/ChangeLog 2014-03-14 10:43:43.925212000 -0700
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	8	@@ -4,6 +4,9 @@ ChangeLog for logilab.common
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	9	2014-02-03
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	10	* pdf_ext: removed, it had no known users (CVE-2014-1838)
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	11
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	12	+ * shellutils: fix tempfile issue in Execute, and deprecate it
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	13	+ (CVE-2014-1839)
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	14	+
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	15
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	16	2012-07-30 -- 0.58.2
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	17	* modutils: fixes (closes #100757 and #100935)
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	18	diff -rupN logilab-common-0.58.2-orig/shellutils.py logilab-common-0.58.2/shellutils.py
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	19	--- logilab-common-0.58.2-orig/shellutils.py 2012-07-30 06:06:59.000000000 -0700
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	20	+++ logilab-common-0.58.2/shellutils.py 2014-03-14 10:46:41.707010000 -0700
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	21	@@ -31,11 +31,13 @@ import fnmatch
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	22	import errno
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	23	import string
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	24	import random
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	25	+import subprocess
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	26	from os.path import exists, isdir, islink, basename, join
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	27
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	28	from logilab.common import STD_BLACKLIST, _handle_blacklist
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	29	from logilab.common.compat import raw_input
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	30	from logilab.common.compat import str_to_bytes
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	31	+from logilab.common.deprecation import deprecated
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	32
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	33	try:
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	34	from logilab.common.proc import ProcInfo, NoSuchProcess
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	35	@@ -224,20 +226,17 @@ def unzip(archive, destdir):
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	36	outfile.write(zfobj.read(name))
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	37	outfile.close()
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	38
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	39	+@deprecated('Use subprocess.Popen instead')
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	40	class Execute:
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	41	"""This is a deadlock safe version of popen2 (no stdin), that returns
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	42	an object with errorlevel, out and err.
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	43	"""
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	44
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	45	def __init__(self, command):
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	46	- outfile = tempfile.mktemp()
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	47	- errfile = tempfile.mktemp()
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	48	- self.status = os.system("( %s ) >%s 2>%s" %
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	49	- (command, outfile, errfile)) >> 8
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	50	- self.out = open(outfile, "r").read()
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	51	- self.err = open(errfile, "r").read()
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	52	- os.remove(outfile)
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	53	- os.remove(errfile)
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	54	+ cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	55	+ self.out, self.err = cmd.communicate()
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	56	+ self.status = os.WEXITSTATUS(cmd.returncode)
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	57	+
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	58
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	59	def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600):
baadf45ecbdd 18299226 problem in PYTHON-MOD/LOGILAB-COMMON April Chin <april.chin@oracle.com> parents: diff changeset	60	"""Acquire a lock represented by a file on the file system

author	Mike Sullivan <Mike.Sullivan@Oracle.COM>
	Mon, 09 Jun 2014 13:48:50 -0700
branch	s11-update
changeset 3168	658c82bc2bfc
parent 3002	baadf45ecbdd
permissions	-rw-r--r--