Compare commits
7 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
126b994a74 | ||
|
|
187d1b176d | ||
|
|
b11c4c490f | ||
|
|
791ea4823d | ||
|
|
4cc307f058 | ||
|
|
4c42845c02 | ||
|
|
b8467f1c88 |
8 changed files with 104 additions and 55 deletions
|
|
@ -1 +0,0 @@
|
|||
Jinja2-2.1.1.tar.gz
|
||||
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
Jinja2-2.2.1.tar.gz
|
||||
65
Jinja2-2.2.1-fix-CVE-2014-1402.patch
Normal file
65
Jinja2-2.2.1-fix-CVE-2014-1402.patch
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
diff -up Jinja2-2.2.1/jinja2/bccache.py.orig Jinja2-2.2.1/jinja2/bccache.py
|
||||
--- Jinja2-2.2.1/jinja2/bccache.py.orig 2009-08-05 18:41:50.000000000 +0200
|
||||
+++ Jinja2-2.2.1/jinja2/bccache.py 2014-07-18 18:33:08.039204468 +0200
|
||||
@@ -20,6 +20,9 @@ import tempfile
|
||||
import cPickle as pickle
|
||||
import fnmatch
|
||||
from cStringIO import StringIO
|
||||
+import os
|
||||
+import errno
|
||||
+import stat
|
||||
try:
|
||||
from hashlib import sha1
|
||||
except ImportError:
|
||||
@@ -173,7 +176,9 @@ class FileSystemBytecodeCache(BytecodeCa
|
||||
two arguments: The directory where the cache items are stored and a
|
||||
pattern string that is used to build the filename.
|
||||
|
||||
- If no directory is specified the system temporary items folder is used.
|
||||
+ If no directory is specified a default cache directory is selected. On
|
||||
+ Windows the user's temp directory is used, on UNIX systems a directory
|
||||
+ is created for the user in the system temp directory.
|
||||
|
||||
The pattern can be used to have multiple separate caches operate on the
|
||||
same directory. The default pattern is ``'__jinja2_%s.cache'``. ``%s``
|
||||
@@ -186,10 +191,39 @@ class FileSystemBytecodeCache(BytecodeCa
|
||||
|
||||
def __init__(self, directory=None, pattern='__jinja2_%s.cache'):
|
||||
if directory is None:
|
||||
- directory = tempfile.gettempdir()
|
||||
+ directory = self._get_default_cache_dir()
|
||||
self.directory = directory
|
||||
self.pattern = pattern
|
||||
|
||||
+ def _get_default_cache_dir(self):
|
||||
+ tmpdir = tempfile.gettempdir()
|
||||
+
|
||||
+ # On windows the temporary directory is used specific unless
|
||||
+ # explicitly forced otherwise. We can just use that.
|
||||
+ if os.name == 'nt':
|
||||
+ return tmpdir
|
||||
+ if not hasattr(os, 'getuid'):
|
||||
+ raise RuntimeError('Cannot determine safe temp directory. You '
|
||||
+ 'need to explicitly provide one.')
|
||||
+
|
||||
+ dirname = '_jinja2-cache-%d' % os.getuid()
|
||||
+ actual_dir = os.path.join(tmpdir, dirname)
|
||||
+ try:
|
||||
+ os.mkdir(actual_dir, stat.S_IRWXU) # 0o700
|
||||
+ except OSError, e:
|
||||
+ if e.errno != errno.EEXIST:
|
||||
+ raise
|
||||
+
|
||||
+ actual_dir_stat = os.lstat(actual_dir)
|
||||
+ if actual_dir_stat.st_uid != os.getuid() \
|
||||
+ or not stat.S_ISDIR(actual_dir_stat.st_mode) \
|
||||
+ or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU:
|
||||
+ raise RuntimeError('Temporary directory \'%s\' has an incorrect '
|
||||
+ 'owner, permissions, or type.' % actual_dir)
|
||||
+
|
||||
+
|
||||
+ return actual_dir
|
||||
+
|
||||
def _get_cache_filename(self, bucket):
|
||||
return path.join(self.directory, self.pattern % bucket.key)
|
||||
|
||||
21
Makefile
21
Makefile
|
|
@ -1,21 +0,0 @@
|
|||
# Makefile for source rpm: python-jinja2
|
||||
# $Id$
|
||||
NAME := python-jinja2
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attept a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
python-jinja2-2_0-2_fc9:HEAD:python-jinja2-2.0-2.fc9.src.rpm:1216886150
|
||||
python-jinja2-2_1-1_fc10:HEAD:python-jinja2-2.1-1.fc10.src.rpm:1229610786
|
||||
python-jinja2-2_1_1-1_fc10:HEAD:python-jinja2-2.1.1-1.fc10.src.rpm:1231601194
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
diff -up Jinja2-2.1/setup.py.orig Jinja2-2.1/setup.py
|
||||
--- Jinja2-2.1/setup.py.orig 2008-11-23 13:08:17.000000000 +0100
|
||||
+++ Jinja2-2.1/setup.py 2008-12-18 15:14:22.000000000 +0100
|
||||
@@ -54,7 +54,7 @@ VERSION = '2.1'
|
||||
|
||||
data_files = []
|
||||
documentation_path = 'docs/_build/html'
|
||||
-if os.path.exists(documentation_path):
|
||||
+if os.path.exists(documentation_path) and False:
|
||||
documentation_files = []
|
||||
for fn in os.listdir(documentation_path):
|
||||
if not fn.startswith('.'):
|
||||
|
|
@ -1,25 +1,23 @@
|
|||
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||
|
||||
Name: python-jinja2
|
||||
Version: 2.1.1
|
||||
Release: 2%{?dist}
|
||||
Version: 2.2.1
|
||||
Release: 4%{?dist}
|
||||
Summary: General purpose template engine
|
||||
|
||||
Group: Development/Languages
|
||||
License: BSD
|
||||
URL: http://jinja.pocoo.org/
|
||||
Source0: http://pypi.python.org/packages/source/J/Jinja2/Jinja2-%{version}.tar.gz
|
||||
Patch0: %{name}-docs.patch
|
||||
# This patch consists of two upstream patches merged and rebased
|
||||
# (the first upstream patch introduced CVE-2014-0012 and the second fixed it)
|
||||
# https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa
|
||||
# https://github.com/mitsuhiko/jinja2/pull/296/files
|
||||
Patch0: Jinja2-2.2.1-fix-CVE-2014-1402.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: python-devel
|
||||
|
||||
%if 0%{?fedora} >= 8
|
||||
BuildRequires: python-setuptools-devel
|
||||
%else
|
||||
BuildRequires: python-setuptools
|
||||
%endif
|
||||
|
||||
BuildRequires: python-setuptools-devel
|
||||
Requires: python-babel >= 0.8
|
||||
Requires: python-setuptools
|
||||
|
||||
%description
|
||||
Jinja2 is a template engine written in pure Python. It provides a
|
||||
|
|
@ -35,22 +33,27 @@ environments.
|
|||
|
||||
%prep
|
||||
%setup -q -n Jinja2-%{version}
|
||||
%patch0 -p1 -b .docs
|
||||
%patch0 -p1
|
||||
|
||||
|
||||
%build
|
||||
CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
|
||||
CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py --with-speedups build
|
||||
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
%{__python} setup.py install -O1 --skip-build --root %{buildroot}
|
||||
%{__python} setup.py --with-speedups install -O1 --skip-build \
|
||||
--root %{buildroot}
|
||||
|
||||
# fix EOL
|
||||
sed -i 's|\r$||g' LICENSE
|
||||
|
||||
# fix wrong permission
|
||||
%{__chmod} 0755 %{buildroot}%{python_sitearch}/jinja2/_speedups.so
|
||||
# ensure correct permission
|
||||
chmod 0755 %{buildroot}%{python_sitearch}/jinja2/_speedups.so
|
||||
|
||||
# remove hidden file
|
||||
rm -rf docs/_build/html/.buildinfo
|
||||
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
|
@ -64,6 +67,24 @@ rm -rf %{buildroot}
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Aug 1 2014 Thomas Moschny <thomas.moschny@gmx.de> - 2.2.1-4
|
||||
- Add dependency on python-setuptools (rhbz#1121241).
|
||||
|
||||
* Fri Jul 18 2014 Thomas Moschny <thomas.moschny@gmx.de> - 2.2.1-3
|
||||
- Update patch for Python 2.4 (rhbz#1114823).
|
||||
|
||||
* Fri Jun 13 2014 Thomas Moschny <thomas.moschny@gmx.de> - 2.2.1-2
|
||||
- Fix CVE-2014-1402 (using patch from RHSA-2014:0747).
|
||||
|
||||
* Sat Sep 19 2009 Thomas Moschny <thomas.moschny@gmx.de> - 2.2.1-1
|
||||
- Update to 2.2.1, mainly a bugfix release.
|
||||
- Remove patch no longer needed.
|
||||
- Remove conditional for FC-8.
|
||||
- Compilation of speedup module has to be explicitly requested now.
|
||||
|
||||
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
|
|
@ -85,4 +106,3 @@ rm -rf %{buildroot}
|
|||
|
||||
* Sun Jun 29 2008 Thomas Moschny <thomas.moschny@gmx.de> - 2.0-0.1.rc1
|
||||
- Modified specfile from the existing python-jinja package.
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
b37fc262e4f613eec57c3defe6aea97c Jinja2-2.1.1.tar.gz
|
||||
fea849d68891218eb0b21c170f1c32d5 Jinja2-2.2.1.tar.gz
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue