Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/logilab-common/patches/02-CVE-2014-1839.patch
changeset 1758 28f01aad153d
equal deleted inserted replaced
1757:c16b57481a8a 1758:28f01aad153d 
       
     1 Patch from upstream, not yet available in latest stable release--
 
       
     2 http://www.logilab.org/revision/210454
 
       
     3 --to fix CVE-2014-1839.
 
       
     4 
       
     5 diff -rupN logilab-common-0.58.2-orig/ChangeLog logilab-common-0.58.2/ChangeLog
 
       
     6 --- logilab-common-0.58.2-orig/ChangeLog	2014-03-14 10:39:51.021176000 -0700
 
       
     7 +++ logilab-common-0.58.2/ChangeLog	2014-03-14 10:43:43.925212000 -0700
 
       
     8 @@ -4,6 +4,9 @@ ChangeLog for logilab.common
 
       
     9  2014-02-03
 
       
    10     * pdf_ext: removed, it had no known users (CVE-2014-1838)
 
       
    11  
       
    12 +   * shellutils: fix tempfile issue in Execute, and deprecate it
 
       
    13 +     (CVE-2014-1839)
 
       
    14 +
 
       
    15  
       
    16  2012-07-30  --  0.58.2
 
       
    17      * modutils: fixes (closes #100757 and #100935)
 
       
    18 diff -rupN logilab-common-0.58.2-orig/shellutils.py logilab-common-0.58.2/shellutils.py
 
       
    19 --- logilab-common-0.58.2-orig/shellutils.py	2012-07-30 06:06:59.000000000 -0700
 
       
    20 +++ logilab-common-0.58.2/shellutils.py	2014-03-14 10:46:41.707010000 -0700
 
       
    21 @@ -31,11 +31,13 @@ import fnmatch
 
       
    22  import errno
 
       
    23  import string
 
       
    24  import random
 
       
    25 +import subprocess
 
       
    26  from os.path import exists, isdir, islink, basename, join
 
       
    27  
       
    28  from logilab.common import STD_BLACKLIST, _handle_blacklist
 
       
    29  from logilab.common.compat import raw_input
 
       
    30  from logilab.common.compat import str_to_bytes
 
       
    31 +from logilab.common.deprecation import deprecated
 
       
    32  
       
    33  try:
 
       
    34      from logilab.common.proc import ProcInfo, NoSuchProcess
 
       
    35 @@ -224,20 +226,17 @@ def unzip(archive, destdir):
 
       
    36              outfile.write(zfobj.read(name))
 
       
    37              outfile.close()
 
       
    38  
       
    39 +@deprecated('Use subprocess.Popen instead')
 
       
    40  class Execute:
 
       
    41      """This is a deadlock safe version of popen2 (no stdin), that returns
 
       
    42      an object with errorlevel, out and err.
 
       
    43      """
 
       
    44  
       
    45      def __init__(self, command):
 
       
    46 -        outfile = tempfile.mktemp()
 
       
    47 -        errfile = tempfile.mktemp()
 
       
    48 -        self.status = os.system("( %s ) >%s 2>%s" %
 
       
    49 -                                (command, outfile, errfile)) >> 8
 
       
    50 -        self.out = open(outfile, "r").read()
 
       
    51 -        self.err = open(errfile, "r").read()
 
       
    52 -        os.remove(outfile)
 
       
    53 -        os.remove(errfile)
 
       
    54 +        cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
       
    55 +        self.out, self.err = cmd.communicate()
 
       
    56 +        self.status = os.WEXITSTATUS(cmd.returncode)
 
       
    57 +
 
       
    58  
       
    59  def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600):
 
       
    60      """Acquire a lock represented by a file on the file system
upstream/oracle/userland-gate