rpms/python-cherrypy/EL-4 cherrypy-2.2.1-security-sessionfilter.patch, NONE, 1.1 python-cherrypy.spec, 1.7, 1.8
Toshio くらとみ (toshio)
fedora-extras-commits at redhat.com
Sun Jan 6 19:14:33 UTC 2008
- Previous message (by thread): rpms/shorewall/F-7 patch-perl-4.0.7.2-cherrypick, NONE, 1.1 shorewall.spec, 1.41, 1.42 sources, 1.32, 1.33 patch-perl-4.0.6-1.diff, 1.1, NONE patch-perl-4.0.6-2.diff, 1.1, NONE patch-perl-4.0.6-3.diff, 1.1, NONE
- Next message (by thread): rpms/shorewall/EL-5 patch-perl-4.0.7.2-cherrypick, NONE, 1.1 shorewall.spec, 1.38, 1.39 sources, 1.31, 1.32 patch-perl-4.0.6-1.diff, 1.1, NONE patch-perl-4.0.6-2.diff, 1.1, NONE patch-perl-4.0.6-3.diff, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: toshio
Update of /cvs/pkgs/rpms/python-cherrypy/EL-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12297
Modified Files:
python-cherrypy.spec
Added Files:
cherrypy-2.2.1-security-sessionfilter.patch
Log Message:
* Sun Jan 6 2008 Toshio Kuratomi <toshio at fedoraproject.org> 2.2.1-8
- Fix a security bug with a backport of http://www.cherrypy.org/changeset/1775
- Include the egginfo files as well as the python files.
cherrypy-2.2.1-security-sessionfilter.patch:
--- NEW FILE cherrypy-2.2.1-security-sessionfilter.patch ---
diff -up CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix CherryPy-2.2.1/cherrypy/filters/sessionfilter.py
--- CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix 2008-01-06 08:54:39.000000000 -0800
+++ CherryPy-2.2.1/cherrypy/filters/sessionfilter.py 2008-01-06 08:55:31.000000000 -0800
@@ -326,6 +326,8 @@ class FileStorage:
raise SessionStoragePathNotConfiguredError()
fileName = self.SESSION_PREFIX + id
file_path = os.path.join(storage_path, fileName)
+ if not os.path.normpath(filePath).startswith(storagePath):
+ raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
return file_path
def _lock_file(self, path):
Index: python-cherrypy.spec
===================================================================
RCS file: /cvs/pkgs/rpms/python-cherrypy/EL-4/python-cherrypy.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- python-cherrypy.spec 11 Dec 2007 22:29:44 -0000 1.7
+++ python-cherrypy.spec 6 Jan 2008 19:13:47 -0000 1.8
@@ -2,15 +2,17 @@
Name: python-cherrypy
Version: 2.2.1
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: A pythonic, object-oriented web development framework
Group: Development/Libraries
License: BSD
URL: http://www.cherrypy.org/
Source0: http://dl.sf.net/cherrypy/CherryPy-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Patch0: python-cherrypy-tutorial-doc.patch
-Patch1: python-cherrypy-regression-test.patch
+Patch0: %{name}-tutorial-doc.patch
+Patch1: %{name}-regression-test.patch
+Patch2: %{name}-%{version}-EINTR.patch
+Patch3: cherrypy-2.2.1-security-sessionfilter.patch
BuildArch: noarch
@@ -25,7 +27,10 @@
%setup -q -n CherryPy-%{version}
%patch0
%patch1
+%patch2
+%patch3 -p1
+%{__sed} -i 's/\r//' CHANGELOG.txt README.txt CHERRYPYTEAM.txt cherrypy/tutorial/README.txt
%build
%{__python} setup.py build
@@ -45,18 +50,17 @@
%defattr(-,root,root,-)
%doc CHANGELOG.txt CHERRYPYTEAM.txt README.txt
%doc cherrypy/tutorial
-%dir %{python_sitelib}/cherrypy
-%dir %{python_sitelib}/cherrypy/lib
-%dir %{python_sitelib}/cherrypy/lib/filter
-%{python_sitelib}/cherrypy/favicon.ico
-%{python_sitelib}/cherrypy/*.py*
-%{python_sitelib}/cherrypy/lib/*.py*
-%{python_sitelib}/cherrypy/lib/filter/*.py*
-%{python_sitelib}/cherrypy/filters/*.py*
+%{python_sitelib}/*
%changelog
-* Tue Dec 11 2007 Luke Macken <lmacken at redhat.com> 2.2.1-7
-- Update our patches for 2.2.1
+* Sun Jan 6 2008 Toshio Kuratomi <toshio at fedoraproject.org> 2.2.1-8
+- Fix a security bug with a backport of http://www.cherrypy.org/changeset/1775
+- Include the egginfo files as well as the python files.
+
+* Sat Nov 3 2007 Luke Macken <lmacken at redhat.com> 2.2.1-7
+- Apply backported fix from http://www.cherrypy.org/changeset/1766
+ to improve CherryPy's SIGSTOP/SIGCONT handling (Bug #364911).
+ Thanks to Nils Philippsen for the patch.
* Mon Feb 19 2007 Luke Macken <lmacken at redhat.com> 2.2.1-6
- Disable regression tests until we can figure out why they
- Previous message (by thread): rpms/shorewall/F-7 patch-perl-4.0.7.2-cherrypick, NONE, 1.1 shorewall.spec, 1.41, 1.42 sources, 1.32, 1.33 patch-perl-4.0.6-1.diff, 1.1, NONE patch-perl-4.0.6-2.diff, 1.1, NONE patch-perl-4.0.6-3.diff, 1.1, NONE
- Next message (by thread): rpms/shorewall/EL-5 patch-perl-4.0.7.2-cherrypick, NONE, 1.1 shorewall.spec, 1.38, 1.39 sources, 1.31, 1.32 patch-perl-4.0.6-1.diff, 1.1, NONE patch-perl-4.0.6-2.diff, 1.1, NONE patch-perl-4.0.6-3.diff, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list