[Python-modules-commits] r27184 - in packages/jinja2/trunk/debian (3 files)

piotr at users.alioth.debian.org piotr at users.alioth.debian.org
Sun Jan 12 14:23:07 UTC 2014 

    Date: Sunday, January 12, 2014 @ 14:23:06
  Author: piotr
Revision: 27184

Add fix_CVE-2014-1402 patch which uses tempfile.mkdtemp to create cache dir (closes: 734956)

Added:
  packages/jinja2/trunk/debian/patches/fix_CVE-2014-0012.patch
Modified:
  packages/jinja2/trunk/debian/changelog
  packages/jinja2/trunk/debian/patches/series

Modified: packages/jinja2/trunk/debian/changelog
===================================================================
--- packages/jinja2/trunk/debian/changelog	2014-01-12 10:22:00 UTC (rev 27183)
+++ packages/jinja2/trunk/debian/changelog	2014-01-12 14:23:06 UTC (rev 27184)
@@ -1,3 +1,10 @@
+jinja2 (2.7.2-2) unstable; urgency=high
+
+  * Add fix_CVE-2014-1402 patch which uses tempfile.mkdtemp to create
+    cache dir (closes: 734956)
+
+ -- Piotr Ożarowski <piotr at debian.org>  Sun, 12 Jan 2014 15:09:04 +0100
+
 jinja2 (2.7.2-1) unstable; urgency=high
 
   * New upstream release

Added: packages/jinja2/trunk/debian/patches/fix_CVE-2014-0012.patch
===================================================================
--- packages/jinja2/trunk/debian/patches/fix_CVE-2014-0012.patch	                        (rev 0)
+++ packages/jinja2/trunk/debian/patches/fix_CVE-2014-0012.patch	2014-01-12 14:23:06 UTC (rev 27184)
@@ -0,0 +1,13 @@
+Index: jinja2-2.7.2/jinja2/bccache.py
+===================================================================
+--- jinja2-2.7.2.orig/jinja2/bccache.py
++++ jinja2-2.7.2/jinja2/bccache.py
+@@ -206,7 +206,7 @@ class FileSystemBytecodeCache(BytecodeCa
+ 
+     def __init__(self, directory=None, pattern='__jinja2_%s.cache'):
+         if directory is None:
+-            directory = self._get_default_cache_dir()
++            directory = tempfile.mkdtemp(prefix='jinja2-cache-')
+         self.directory = directory
+         self.pattern = pattern
+ 

Modified: packages/jinja2/trunk/debian/patches/series
===================================================================
--- packages/jinja2/trunk/debian/patches/series	2014-01-12 10:22:00 UTC (rev 27183)
+++ packages/jinja2/trunk/debian/patches/series	2014-01-12 14:23:06 UTC (rev 27184)
@@ -1,2 +1,3 @@
 drop_next_import_from_docs-jinjaext.patch
 jinja2-typos.patch
+fix_CVE-2014-0012.patch

More information about the Python-modules-commits mailing list