[Python-modules-commits] r21957 - in packages/pastescript/trunk/debian (5 files)

piotr at users.alioth.debian.org piotr at users.alioth.debian.org
Sun May 27 20:10:51 UTC 2012 

    Date: Sunday, May 27, 2012 @ 20:10:44
  Author: piotr
Revision: 21957

* Fix CVE-2012-0878 by dropping supplementary groups (closes: #661061) - thanks to Luk Claes
* Add versioned dependency on python-pastedeploy (the first one that uses dh_python2)
* Remove egg-info data in clean target to allow building twice in a row (closes: #671318)
* Standards-Version bumped to 3.9.3 (no changes needed)
* Add changes from 1.7.5-1.1 upload

Added:
  packages/pastescript/trunk/debian/patches/04_drop_supplementary_groups.patch
Modified:
  packages/pastescript/trunk/debian/changelog
  packages/pastescript/trunk/debian/control
  packages/pastescript/trunk/debian/patches/series
  packages/pastescript/trunk/debian/rules

Modified: packages/pastescript/trunk/debian/changelog
===================================================================
--- packages/pastescript/trunk/debian/changelog	2012-05-27 20:02:26 UTC (rev 21956)
+++ packages/pastescript/trunk/debian/changelog	2012-05-27 20:10:44 UTC (rev 21957)
@@ -1,3 +1,24 @@
+pastescript (1.7.5-2) unstable; urgency=high
+
+  [ Luk Claes ]
+  * Fix CVE-2012-0878 by dropping supplementary groups (closes: #661061).
+
+  [ Piotr Ożarowski ]
+  * Add versioned dependency on python-pastedeploy (the first one that uses
+    dh_python2)
+  * Remove egg-info data in clean target to allow building twice in a row
+    (closes: #671318)
+  * Standards-Version bumped to 3.9.3 (no changes needed)
+
+ -- Piotr Ożarowski <piotr at debian.org>  Sun, 27 May 2012 21:57:31 +0200
+
+pastescript (1.7.5-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Added a versioned dependency on python-paste (>= 1.7.5.1-2~).
+
+ -- Thomas Goirand <zigo at debian.org>  Sun, 29 Apr 2012 08:29:48 +0000
+
 pastescript (1.7.5-1) unstable; urgency=low
 
   * New upstream release

Modified: packages/pastescript/trunk/debian/control
===================================================================
--- packages/pastescript/trunk/debian/control	2012-05-27 20:02:26 UTC (rev 21956)
+++ packages/pastescript/trunk/debian/control	2012-05-27 20:10:44 UTC (rev 21957)
@@ -6,7 +6,7 @@
 Build-Depends: debhelper (>= 5)
 Build-Depends-Indep: python-all (>= 2.6.6-3~),
  python-setuptools (>= 0.6b3-1~), python-sphinx (>= 1.0.7+dfsg-1~), python-paste, python-pastedeploy
-Standards-Version: 3.9.2
+Standards-Version: 3.9.3
 Homepage: http://pythonpaste.org/script/
 Vcs-Svn: svn://svn.debian.org/python-modules/packages/pastescript/trunk/
 Vcs-Browser: http://svn.debian.org/viewsvn/python-modules/packages/pastescript/trunk/
@@ -15,7 +15,7 @@
 Package: python-pastescript
 Architecture: all
 Depends: ${python:Depends}, ${misc:Depends},
- python-paste (>= 1.3), python-pastedeploy,
+ python-paste (>= 1.7.5.1-2~), python-pastedeploy (>= 1.5.0-1~),
  python-setuptools | python-distribute
 Suggests: python-flup (>= 0.5-1), python-cherrypy, python-cheetah (>= 1.0-1.1), ${sphinxdoc:Depends}
 Description: serving web applications, creating file layouts for Python packages

Added: packages/pastescript/trunk/debian/patches/04_drop_supplementary_groups.patch
===================================================================
--- packages/pastescript/trunk/debian/patches/04_drop_supplementary_groups.patch	                        (rev 0)
+++ packages/pastescript/trunk/debian/patches/04_drop_supplementary_groups.patch	2012-05-27 20:10:44 UTC (rev 21957)
@@ -0,0 +1,23 @@
+# HG changeset patch
+# User Clay Gerrard <clay.gerrard at gmail.com>
+# Date 1328679050 21600
+# Branch setgroups
+# Node ID a19e462769b4a5c675e25bb4dedbc0937deec8da
+# Parent  edb9ca5fdc1d47953896d131907eff810202089b
+fix group permissions for paste.script.serve
+
+diff -r edb9ca5fdc1d47953896d131907eff810202089b -r a19e462769b4a5c675e25bb4dedbc0937deec8da paste/script/serve.py
+--- a/paste/script/serve.py	Mon Nov 07 10:11:44 2011 -0600
++++ b/paste/script/serve.py	Tue Feb 07 23:30:50 2012 -0600
+@@ -497,6 +497,11 @@
+         if self.verbose > 0:
+             print 'Changing user to %s:%s (%s:%s)' % (
+                 user, group or '(unknown)', uid, gid)
++        if hasattr(os, 'initgroups'):
++            os.initgroups(user, gid)
++        else:
++            os.setgroups([e.gr_gid for e in grp.getgrall()
++                          if user in e.gr_mem] + [gid]) 
+         if gid:
+             os.setgid(gid)
+         if uid:

Modified: packages/pastescript/trunk/debian/patches/series
===================================================================
--- packages/pastescript/trunk/debian/patches/series	2012-05-27 20:02:26 UTC (rev 21956)
+++ packages/pastescript/trunk/debian/patches/series	2012-05-27 20:10:44 UTC (rev 21957)
@@ -1,2 +1,3 @@
 03_try_to_find_templates_in_system_dir.patch
 02_rename_templates_dir.patch
+04_drop_supplementary_groups.patch

Modified: packages/pastescript/trunk/debian/rules
===================================================================
--- packages/pastescript/trunk/debian/rules	2012-05-27 20:02:26 UTC (rev 21956)
+++ packages/pastescript/trunk/debian/rules	2012-05-27 20:10:44 UTC (rev 21957)
@@ -11,7 +11,7 @@
 	dh_testroot
 	rm -rf dist build
 	find . -name '*\.py[co]' -delete
-	dh_clean build-docs $(PYVERS:%=install-python%) install-stamp PasteScript.egg-info/PKG-INFO
+	dh_clean build-docs $(PYVERS:%=install-python%) install-stamp PasteScript.egg-info/*
 
 build: build-docs
 build-indep: build-docs

More information about the Python-modules-commits mailing list