[Python-modules-commits] r19224 - in packages/python-django-piston/trunk/debian (5 files)

svedrin-guest at users.alioth.debian.org svedrin-guest at users.alioth.debian.org
Sat Nov 12 11:06:31 UTC 2011 

    Date: Saturday, November 12, 2011 @ 11:06:26
  Author: svedrin-guest
Revision: 19224

* Remove the security patches as they have been applied upstream.
* Adapt 01-fix-oauth-import.diff to reflect upstream changes.

Modified:
  packages/python-django-piston/trunk/debian/changelog
  packages/python-django-piston/trunk/debian/patches/01-fix-oauth-import.diff
  packages/python-django-piston/trunk/debian/patches/series
Deleted:
  packages/python-django-piston/trunk/debian/patches/02-fix-yaml-load.diff
  packages/python-django-piston/trunk/debian/patches/03-fix-pickle-load.diff

Modified: packages/python-django-piston/trunk/debian/changelog
===================================================================
--- packages/python-django-piston/trunk/debian/changelog	2011-11-12 10:59:39 UTC (rev 19223)
+++ packages/python-django-piston/trunk/debian/changelog	2011-11-12 11:06:26 UTC (rev 19224)
@@ -1,8 +1,10 @@
 python-django-piston (0.2.3-1) unstable; urgency=low
 
   * New upstream release.
+  * Remove the security patches as they have been applied upstream.
+  * Adapt 01-fix-oauth-import.diff to reflect upstream changes.
 
- -- Michael Ziegler <diese-addy at funzt-halt.net>  Sat, 12 Nov 2011 11:59:33 +0100
+ -- Michael Ziegler <diese-addy at funzt-halt.net>  Sat, 12 Nov 2011 12:05:07 +0100
 
 python-django-piston (0.2.2-2) unstable; urgency=low
 

Modified: packages/python-django-piston/trunk/debian/patches/01-fix-oauth-import.diff
===================================================================
--- packages/python-django-piston/trunk/debian/patches/01-fix-oauth-import.diff	2011-11-12 10:59:39 UTC (rev 19223)
+++ packages/python-django-piston/trunk/debian/patches/01-fix-oauth-import.diff	2011-11-12 11:06:26 UTC (rev 19224)
@@ -8,6 +8,8 @@
 --- python-django-piston-0.2.2.orig/piston/authentication.py	2010-02-25 19:40:29.000000000 +0100
 +++ python-django-piston-0.2.2/piston/authentication.py	2010-02-25 19:41:10.000000000 +0100
 @@ -1,4 +1,4 @@
+ import binascii
+
 -import oauth
 +from oauth import oauth
  from django.http import HttpResponse, HttpResponseRedirect

Deleted: packages/python-django-piston/trunk/debian/patches/02-fix-yaml-load.diff
===================================================================
--- packages/python-django-piston/trunk/debian/patches/02-fix-yaml-load.diff	2011-11-12 10:59:39 UTC (rev 19223)
+++ packages/python-django-piston/trunk/debian/patches/02-fix-yaml-load.diff	2011-11-12 11:06:26 UTC (rev 19224)
@@ -1,18 +0,0 @@
-Description: Fix a security bug in the YAML emitter.
- See https://bitbucket.org/jespern/django-piston/changeset/91bdaec89543
-Forwarded: not-needed
-Author: Michael Ziegler <diese-addy at funzt-halt.net>
-
-Index: python-django-piston-0.2.2/piston/emitters.py
-===================================================================
---- python-django-piston-0.2.2.orig/piston/emitters.py	2009-06-14 12:04:30.000000000 +0200
-+++ python-django-piston-0.2.2/piston/emitters.py	2011-11-01 19:19:34.526595345 +0100
-@@ -385,7 +385,7 @@
- 
- if yaml:  # Only register yaml if it was import successfully.
-     Emitter.register('yaml', YAMLEmitter, 'application/x-yaml; charset=utf-8')
--    Mimer.register(yaml.load, ('application/x-yaml',))
-+    Mimer.register(yaml.safe_load, ('application/x-yaml',))
- 
- class PickleEmitter(Emitter):
-     """

Deleted: packages/python-django-piston/trunk/debian/patches/03-fix-pickle-load.diff
===================================================================
--- packages/python-django-piston/trunk/debian/patches/03-fix-pickle-load.diff	2011-11-12 10:59:39 UTC (rev 19223)
+++ packages/python-django-piston/trunk/debian/patches/03-fix-pickle-load.diff	2011-11-12 11:06:26 UTC (rev 19224)
@@ -1,28 +0,0 @@
-Description: Fix a security bug in the pickle loader.
- See Bug Report #646517
-Forwarded: not-needed
-Author: Michael Ziegler <diese-addy at funzt-halt.net>
-
-Index: python-django-piston-0.2.2/piston/emitters.py
-===================================================================
---- python-django-piston-0.2.2.orig/piston/emitters.py	2011-11-02 18:16:16.685560613 +0100
-+++ python-django-piston-0.2.2/piston/emitters.py	2011-11-02 18:17:07.451559769 +0100
-@@ -395,7 +395,17 @@
-         return pickle.dumps(self.construct())
-         
- Emitter.register('pickle', PickleEmitter, 'application/python-pickle')
--Mimer.register(pickle.loads, ('application/python-pickle',))
-+
-+"""
-+WARNING: Accepting arbitrary pickled data is a huge security concern.
-+The unpickler has been disabled by default now, and if you want to use
-+it, please be aware of what implications it will have.
-+
-+Read more: http://nadiana.com/python-pickle-insecure
-+
-+Uncomment the line below to enable it. You're doing so at your own risk.
-+"""
-+#Mimer.register(pickle.loads, ('application/python-pickle',))
- 
- class DjangoEmitter(Emitter):
-     """

Modified: packages/python-django-piston/trunk/debian/patches/series
===================================================================
--- packages/python-django-piston/trunk/debian/patches/series	2011-11-12 10:59:39 UTC (rev 19223)
+++ packages/python-django-piston/trunk/debian/patches/series	2011-11-12 11:06:26 UTC (rev 19224)
@@ -1,3 +1 @@
 01-fix-oauth-import.diff
-02-fix-yaml-load.diff
-03-fix-pickle-load.diff

More information about the Python-modules-commits mailing list