rpms/python-cherrypy/devel cherrypy-2.2.1-security-sessionfilter.patch, NONE, 1.1 python-cherrypy.spec, 1.14, 1.15
Toshio くらとみ (toshio)
fedora-extras-commits at redhat.com
Sun Jan 6 17:57:46 UTC 2008
- Previous message (by thread): rpms/SimGear/devel SimGear-1.0.0-more-archs.patch, NONE, 1.1 SimGear-1.0.0-shared-auto.patch, NONE, 1.1 SimGear-1.0.0-shared.patch, NONE, 1.1 SimGear-1.0.0-untangle.patch, NONE, 1.1
- Next message (by thread): rpms/shorewall/devel patch-perl-4.0.7.1, NONE, 1.1 patch-perl-4.0.7.2-cherrypick, NONE, 1.1 .cvsignore, 1.32, 1.33 shorewall.spec, 1.41, 1.42 sources, 1.32, 1.33
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: toshio
Update of /cvs/pkgs/rpms/python-cherrypy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26850
Modified Files:
python-cherrypy.spec
Added Files:
cherrypy-2.2.1-security-sessionfilter.patch
Log Message:
- Fix a security bug with a backport of http://www.cherrypy.org/changeset/1775
- Include the egginfo files as well as the python files.
cherrypy-2.2.1-security-sessionfilter.patch:
--- NEW FILE cherrypy-2.2.1-security-sessionfilter.patch ---
diff -up CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix CherryPy-2.2.1/cherrypy/filters/sessionfilter.py
--- CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix 2008-01-06 08:54:39.000000000 -0800
+++ CherryPy-2.2.1/cherrypy/filters/sessionfilter.py 2008-01-06 08:55:31.000000000 -0800
@@ -326,6 +326,8 @@ class FileStorage:
raise SessionStoragePathNotConfiguredError()
fileName = self.SESSION_PREFIX + id
file_path = os.path.join(storage_path, fileName)
+ if not os.path.normpath(filePath).startswith(storagePath):
+ raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
return file_path
def _lock_file(self, path):
Index: python-cherrypy.spec
===================================================================
RCS file: /cvs/pkgs/rpms/python-cherrypy/devel/python-cherrypy.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- python-cherrypy.spec 3 Nov 2007 13:41:34 -0000 1.14
+++ python-cherrypy.spec 6 Jan 2008 17:57:04 -0000 1.15
@@ -2,7 +2,7 @@
Name: python-cherrypy
Version: 2.2.1
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: A pythonic, object-oriented web development framework
Group: Development/Libraries
License: BSD
@@ -12,6 +12,7 @@
Patch0: %{name}-tutorial-doc.patch
Patch1: %{name}-regression-test.patch
Patch2: %{name}-%{version}-EINTR.patch
+Patch3: cherrypy-2.2.1-security-sessionfilter.patch
BuildArch: noarch
@@ -27,7 +28,9 @@
%patch0
%patch1
%patch2
+%patch3 -p1
+%{__sed} -i 's/\r//' CHANGELOG.txt README.txt CHERRYPYTEAM.txt cherrypy/tutorial/README.txt
%build
%{__python} setup.py build
@@ -47,16 +50,13 @@
%defattr(-,root,root,-)
%doc CHANGELOG.txt CHERRYPYTEAM.txt README.txt
%doc cherrypy/tutorial
-%dir %{python_sitelib}/cherrypy
-%dir %{python_sitelib}/cherrypy/lib
-%dir %{python_sitelib}/cherrypy/lib/filter
-%{python_sitelib}/cherrypy/favicon.ico
-%{python_sitelib}/cherrypy/*.py*
-%{python_sitelib}/cherrypy/lib/*.py*
-%{python_sitelib}/cherrypy/lib/filter/*.py*
-%{python_sitelib}/cherrypy/filters/*.py*
+%{python_sitelib}/*
%changelog
+* Sun Jan 6 2008 Toshio Kuratomi <toshio at fedoraproject.org> 2.2.1-8
+- Fix a security bug with a backport of http://www.cherrypy.org/changeset/1775
+- Include the egginfo files as well as the python files.
+
* Sat Nov 3 2007 Luke Macken <lmacken at redhat.com> 2.2.1-7
- Apply backported fix from http://www.cherrypy.org/changeset/1766
to improve CherryPy's SIGSTOP/SIGCONT handling (Bug #364911).
- Previous message (by thread): rpms/SimGear/devel SimGear-1.0.0-more-archs.patch, NONE, 1.1 SimGear-1.0.0-shared-auto.patch, NONE, 1.1 SimGear-1.0.0-shared.patch, NONE, 1.1 SimGear-1.0.0-untangle.patch, NONE, 1.1
- Next message (by thread): rpms/shorewall/devel patch-perl-4.0.7.1, NONE, 1.1 patch-perl-4.0.7.2-cherrypick, NONE, 1.1 .cvsignore, 1.32, 1.33 shorewall.spec, 1.41, 1.42 sources, 1.32, 1.33
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list