--- a/components/logilab-common/logilab-common-26.p5m Mon Mar 24 09:57:22 2014 -0700
+++ b/components/logilab-common/logilab-common-26.p5m Mon Mar 24 14:39:23 2014 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -32,7 +32,7 @@
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
set name=org.opensolaris.arc-caseid \
- value=PSARC/2009/298
+ value=LSARC/2009/298
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
dir path=usr
dir path=usr/lib
@@ -103,7 +103,6 @@
file path=usr/lib/python2.6/vendor-packages/logilab/common/optik_ext.py
file path=usr/lib/python2.6/vendor-packages/logilab/common/optparser.py
file path=usr/lib/python2.6/vendor-packages/logilab/common/patricia.py
-file path=usr/lib/python2.6/vendor-packages/logilab/common/pdf_ext.py
file path=usr/lib/python2.6/vendor-packages/logilab/common/proc.py
file path=usr/lib/python2.6/vendor-packages/logilab/common/pytest.py
file path=usr/lib/python2.6/vendor-packages/logilab/common/shellutils.py
--- a/components/logilab-common/logilab-common-27.p5m Mon Mar 24 09:57:22 2014 -0700
+++ b/components/logilab-common/logilab-common-27.p5m Mon Mar 24 14:39:23 2014 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -32,7 +32,7 @@
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
set name=org.opensolaris.arc-caseid \
- value=PSARC/2009/298
+ value=LSARC/2009/298
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
license logilab-common.license license=GPLv2
@@ -96,7 +96,6 @@
file path=usr/lib/python2.7/vendor-packages/logilab/common/optik_ext.py
file path=usr/lib/python2.7/vendor-packages/logilab/common/optparser.py
file path=usr/lib/python2.7/vendor-packages/logilab/common/patricia.py
-file path=usr/lib/python2.7/vendor-packages/logilab/common/pdf_ext.py
file path=usr/lib/python2.7/vendor-packages/logilab/common/proc.py
file path=usr/lib/python2.7/vendor-packages/logilab/common/pytest.py
file path=usr/lib/python2.7/vendor-packages/logilab/common/shellutils.py
--- a/components/logilab-common/logilab-common.p5m Mon Mar 24 09:57:22 2014 -0700
+++ b/components/logilab-common/logilab-common.p5m Mon Mar 24 14:39:23 2014 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -32,7 +32,7 @@
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
set name=org.opensolaris.arc-caseid \
- value=PSARC/2009/298
+ value=LSARC/2009/298
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
dir path=usr
dir path=usr/share
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/logilab-common/patches/01-CVE-2014-1838.patch Mon Mar 24 14:39:23 2014 -0700
@@ -0,0 +1,126 @@
+Patch from upstream, not yet available in latest stable release--
+http://www.logilab.org/revision/207574
+--to fix CVE-2014-1838.
+
+diff -rupN logilab-common-0.40.0-orig/ChangeLog logilab-common-0.40.0/ChangeLog
+--- logilab-common-0.40.0-orig/ChangeLog 2014-03-19 15:28:18.000000000 -0700
++++ logilab-common-0.40.0/ChangeLog 2014-03-19 15:45:21.685581000 -0700
+@@ -8,6 +8,7 @@ ChangeLog for logilab.common
+ * db: add time adapter for pysqlite2, fix mysql bool and string handling
+ * configuration: don't print default for store_true / store_false option
+ or option with None as default
++ * pdf_ext: removed, it had no known users (CVE-2014-1838)
+
+
+ 2009-04-07 -- 0.39.1
+diff -rupN logilab-common-0.40.0-orig/pdf_ext.py logilab-common-0.40.0/pdf_ext.py
+--- logilab-common-0.40.0-orig/pdf_ext.py 2008-07-18 02:10:37.000000000 -0700
++++ logilab-common-0.40.0/pdf_ext.py 1969-12-31 16:00:00.000000000 -0800
+@@ -1,94 +0,0 @@
+-"""Manipulate pdf and fdf files (pdftk recommended).
+-
+-Notes regarding pdftk, pdf forms and fdf files (form definition file)
+-fields names can be extracted with:
+-
+- pdftk orig.pdf generate_fdf output truc.fdf
+-
+-to merge fdf and pdf:
+-
+- pdftk orig.pdf fill_form test.fdf output result.pdf [flatten]
+-
+-without flatten, one could further edit the resulting form.
+-with flatten, everything is turned into text.
+-
+-:copyright: 2000-2008 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+-:contact: http://www.logilab.fr/ -- mailto:[email protected]
+-:license: General Public License version 2 - http://www.gnu.org/licenses
+-"""
+-__docformat__ = "restructuredtext en"
+-# XXX seems very unix specific
+-# TODO: check availability of pdftk at import
+-
+-
+-import os
+-
+-HEAD="""%FDF-1.2
+-%\xE2\xE3\xCF\xD3
+-1 0 obj
+-<<
+-/FDF
+-<<
+-/Fields [
+-"""
+-
+-TAIL="""]
+->>
+->>
+-endobj
+-trailer
+-
+-<<
+-/Root 1 0 R
+->>
+-%%EOF
+-"""
+-
+-def output_field( f ):
+- return "\xfe\xff" + "".join( [ "\x00"+c for c in f ] )
+-
+-def extract_keys(lines):
+- keys = []
+- for line in lines:
+- if line.startswith('/V'):
+- pass #print 'value',line
+- elif line.startswith('/T'):
+- key = line[7:-2]
+- key = ''.join(key.split('\x00'))
+- keys.append( key )
+- return keys
+-
+-def write_field(out, key, value):
+- out.write("<<\n")
+- if value:
+- out.write("/V (%s)\n" %value)
+- else:
+- out.write("/V /\n")
+- out.write("/T (%s)\n" % output_field(key) )
+- out.write(">> \n")
+-
+-def write_fields(out, fields):
+- out.write(HEAD)
+- for (key,value,comment) in fields:
+- write_field(out, key, value)
+- write_field(out, key+"a", value) # pour copie-carbone sur autres pages
+- out.write(TAIL)
+-
+-def extract_keys_from_pdf(filename):
+- # what about using 'pdftk filename dump_data_fields' and parsing the output ?
+- os.system('pdftk %s generate_fdf output /tmp/toto.fdf' % filename)
+- lines = file('/tmp/toto.fdf').readlines()
+- return extract_keys(lines)
+-
+-
+-def fill_pdf(infile, outfile, fields):
+- write_fields(file('/tmp/toto.fdf', 'w'), fields)
+- os.system('pdftk %s fill_form /tmp/toto.fdf output %s flatten' % (infile, outfile))
+-
+-def testfill_pdf(infile, outfile):
+- keys = extract_keys_from_pdf(infile)
+- fields = []
+- for key in keys:
+- fields.append( (key, key, '') )
+- fill_pdf(infile, outfile, fields)
+-
+diff -rupN logilab-common-0.40.0-orig/README logilab-common-0.40.0/README
+--- logilab-common-0.40.0-orig/README 2014-03-19 15:28:18.000000000 -0700
++++ logilab-common-0.40.0/README 2014-03-19 15:45:59.671252000 -0700
+@@ -126,9 +126,6 @@ Here is a brief description of the avail
+ A Python implementation of PATRICIA trie (Practical Algorithm to
+ Retrieve Information Coded in Alphanumeric).
+
+-* pdf_ext.py:
+- pdf and fdf file manipulations, with pdftk.
+-
+ * pytest.py:
+ unittest runner. See testlib
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/logilab-common/patches/02-CVE-2014-1839.patch Mon Mar 24 14:39:23 2014 -0700
@@ -0,0 +1,58 @@
+Patch from upstream, not yet available in latest stable release--
+http://www.logilab.org/revision/210454
+--to fix CVE-2014-1839.
+
+diff -rupN logilab-common-0.40.0-orig/ChangeLog logilab-common-0.40.0/ChangeLog
+--- logilab-common-0.40.0-orig/ChangeLog 2014-03-19 15:50:19.232018000 -0700
++++ logilab-common-0.40.0/ChangeLog 2014-03-19 15:50:58.871107000 -0700
+@@ -9,6 +9,8 @@ ChangeLog for logilab.common
+ * configuration: don't print default for store_true / store_false option
+ or option with None as default
+ * pdf_ext: removed, it had no known users (CVE-2014-1838)
++ * shellutils: fix tempfile issue in Execute, and deprecate it
++ (CVE-2014-1839)
+
+
+ 2009-04-07 -- 0.39.1
+diff -rupN logilab-common-0.40.0-orig/shellutils.py logilab-common-0.40.0/shellutils.py
+--- logilab-common-0.40.0-orig/shellutils.py 2009-03-06 06:47:46.000000000 -0800
++++ logilab-common-0.40.0/shellutils.py 2014-03-19 15:57:32.940658000 -0700
+@@ -17,9 +17,12 @@ import tempfile
+ import time
+ import fnmatch
+ import errno
++import subprocess
+ from os.path import exists, isdir, islink, basename, join, walk
+
+ from logilab.common import STD_BLACKLIST
++from logilab.common.deprecation import deprecated
++
+ try:
+ from logilab.common.proc import ProcInfo, NoSuchProcess
+ except ImportError:
+@@ -194,20 +197,17 @@ def unzip(archive, destdir):
+ outfile.write(zfobj.read(name))
+ outfile.close()
+
++@deprecated('Use subprocess.Popen instead')
+ class Execute:
+ """This is a deadlock safe version of popen2 (no stdin), that returns
+ an object with errorlevel, out and err.
+ """
+
+ def __init__(self, command):
+- outfile = tempfile.mktemp()
+- errfile = tempfile.mktemp()
+- self.status = os.system("( %s ) >%s 2>%s" %
+- (command, outfile, errfile)) >> 8
+- self.out = open(outfile,"r").read()
+- self.err = open(errfile,"r").read()
+- os.remove(outfile)
+- os.remove(errfile)
++ cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
++ self.out, self.err = cmd.communicate()
++ self.status = os.WEXITSTATUS(cmd.returncode)
++
+
+ def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600):
+ """Acquire a lock represented by a file on the file system