calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '35ed0e3241'
${ noResults }
gentoo-overlay/dev-python/logilab-common/files/logilab-common-sec-CVE-2014...

61 lines
2.5 KiB
Raw Blame History

http://www.logilab.org/revision/207574
http://www.logilab.org/revision/210454
This is a re-base of the sec patches which appeared to offer no ready diff files @ logilab HQ
CVE-2014-1838 comprises deletion of the outright deletion of the pdf_ext module and edit of
the ChangeLog which, being trivial, has been excluded. The edit to the README is the only
remaining portion of CVE-2014-1838. The module is deleted in python_prepare_all().
diff -u logilab-common-0.60.1.orig/README logilab-common-0.60.1/README
--- logilab-common-0.60.1.orig/README 2013-12-16 23:23:10.000000000 +0800
+++ logilab-common-0.60.1/README 2014-03-27 20:05:25.037324979 +0800
@@ -123,8 +123,6 @@
* `hg`, some Mercurial_ utility functions.
-* `pdf_ext`, pdf and fdf file manipulations, with pdftk.
-
* `pyro_ext`, some Pyro_ utility functions.
* `sphinx_ext`, Sphinx_ plugin defining a `autodocstring` directive.
diff -u logilab-common-0.60.1.orig/shellutils.py logilab-common-0.60.1/shellutils.py
--- logilab-common-0.60.1.orig/shellutils.py 2013-12-16 23:23:10.000000000 +0800
+++ logilab-common-0.60.1/shellutils.py 2014-03-27 20:13:28.087314990 +0800
@@ -31,11 +31,13 @@
import errno
import string
import random
+import subprocess
from os.path import exists, isdir, islink, basename, join
from logilab.common import STD_BLACKLIST, _handle_blacklist
from logilab.common.compat import raw_input
from logilab.common.compat import str_to_bytes
+from logilab.common.deprecation import deprecated
try:
from logilab.common.proc import ProcInfo, NoSuchProcess
@@ -224,20 +226,16 @@
outfile.write(zfobj.read(name))
outfile.close()
+@deprecated('Use subprocess.Popen instead')
class Execute:
"""This is a deadlock safe version of popen2 (no stdin), that returns
an object with errorlevel, out and err.
"""
def __init__(self, command):
- outfile = tempfile.mktemp()
- errfile = tempfile.mktemp()
- self.status = os.system("( %s ) >%s 2>%s" %
- (command, outfile, errfile)) >> 8
- self.out = open(outfile, "r").read()
- self.err = open(errfile, "r").read()
- os.remove(outfile)
- os.remove(errfile)
+ cmd = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ self.out, self.err = cmd.communicate()
+ self.status = os.WEXITSTATUS(cmd.returncode)
def acquire_lock(lock_file, max_try=10, delay=10, max_delay=3600):
"""Acquire a lock represented by a file on the file system
Reference in new issue View Git Blame Copy Permalink