rpms/python-cherrypy/EL-5 cherrypy-2.2.1-security-sessionfilter.patch, NONE, 1.1 python-cherrypy.spec, 1.13, 1.14
Toshio くらとみ (toshio)
fedora-extras-commits at redhat.com
Sun Jan 6 19:11:33 UTC 2008
- Previous message (by thread): rpms/python-cherrypy/F-8 cherrypy-2.2.1-security-sessionfilter.patch, NONE, 1.1 python-cherrypy.spec, 1.14, 1.15
- Next message (by thread): rpms/extrema/devel extrema-4.2.10.gcc43.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 extrema.spec, 1.2, 1.3 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: toshio
Update of /cvs/pkgs/rpms/python-cherrypy/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11918
Modified Files:
python-cherrypy.spec
Added Files:
cherrypy-2.2.1-security-sessionfilter.patch
Log Message:
* Sun Jan 6 2008 Toshio Kuratomi <toshio at fedoraproject.org> 2.2.1-8
- Fix a security bug with a backport of http://www.cherrypy.org/changeset/1775
- Include the egginfo files as well as the python files.
cherrypy-2.2.1-security-sessionfilter.patch:
--- NEW FILE cherrypy-2.2.1-security-sessionfilter.patch ---
diff -up CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix CherryPy-2.2.1/cherrypy/filters/sessionfilter.py
--- CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix 2008-01-06 08:54:39.000000000 -0800
+++ CherryPy-2.2.1/cherrypy/filters/sessionfilter.py 2008-01-06 08:55:31.000000000 -0800
@@ -326,6 +326,8 @@ class FileStorage:
raise SessionStoragePathNotConfiguredError()
fileName = self.SESSION_PREFIX + id
file_path = os.path.join(storage_path, fileName)
+ if not os.path.normpath(filePath).startswith(storagePath):
+ raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
return file_path
def _lock_file(self, path):
Index: python-cherrypy.spec
===================================================================
RCS file: /cvs/pkgs/rpms/python-cherrypy/EL-5/python-cherrypy.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- python-cherrypy.spec 19 Feb 2007 18:04:16 -0000 1.13
+++ python-cherrypy.spec 6 Jan 2008 19:10:44 -0000 1.14
@@ -2,15 +2,17 @@
Name: python-cherrypy
Version: 2.2.1
-Release: 6%{?dist}
+Release: 8%{?dist}
Summary: A pythonic, object-oriented web development framework
Group: Development/Libraries
License: BSD
URL: http://www.cherrypy.org/
Source0: http://dl.sf.net/cherrypy/CherryPy-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Patch0: python-cherrypy-tutorial-doc.patch
-Patch1: python-cherrypy-regression-test.patch
+Patch0: %{name}-tutorial-doc.patch
+Patch1: %{name}-regression-test.patch
+Patch2: %{name}-%{version}-EINTR.patch
+Patch3: cherrypy-2.2.1-security-sessionfilter.patch
BuildArch: noarch
@@ -25,7 +27,10 @@
%setup -q -n CherryPy-%{version}
%patch0
%patch1
+%patch2
+%patch3 -p1
+%{__sed} -i 's/\r//' CHANGELOG.txt README.txt CHERRYPYTEAM.txt cherrypy/tutorial/README.txt
%build
%{__python} setup.py build
@@ -45,16 +50,18 @@
%defattr(-,root,root,-)
%doc CHANGELOG.txt CHERRYPYTEAM.txt README.txt
%doc cherrypy/tutorial
-%dir %{python_sitelib}/cherrypy
-%dir %{python_sitelib}/cherrypy/lib
-%dir %{python_sitelib}/cherrypy/lib/filter
-%{python_sitelib}/cherrypy/favicon.ico
-%{python_sitelib}/cherrypy/*.py*
-%{python_sitelib}/cherrypy/lib/*.py*
-%{python_sitelib}/cherrypy/lib/filter/*.py*
-%{python_sitelib}/cherrypy/filters/*.py*
+%{python_sitelib}/*
%changelog
+* Sun Jan 6 2008 Toshio Kuratomi <toshio at fedoraproject.org> 2.2.1-8
+- Fix a security bug with a backport of http://www.cherrypy.org/changeset/1775
+- Include the egginfo files as well as the python files.
+
+* Sat Nov 3 2007 Luke Macken <lmacken at redhat.com> 2.2.1-7
+- Apply backported fix from http://www.cherrypy.org/changeset/1766
+ to improve CherryPy's SIGSTOP/SIGCONT handling (Bug #364911).
+ Thanks to Nils Philippsen for the patch.
+
* Mon Feb 19 2007 Luke Macken <lmacken at redhat.com> 2.2.1-6
- Disable regression tests until we can figure out why they
are dying in mock.
- Previous message (by thread): rpms/python-cherrypy/F-8 cherrypy-2.2.1-security-sessionfilter.patch, NONE, 1.1 python-cherrypy.spec, 1.14, 1.15
- Next message (by thread): rpms/extrema/devel extrema-4.2.10.gcc43.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 extrema.spec, 1.2, 1.3 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list