Re: UPDATE: py-jinja2

Fri, 05 Sep 2014 03:59:22 -0700 

ping?

-f

frantisek holop, 03 Sep 2014 17:32:
> 
> please test and commit.
> as far as i can say, the patch is not necessary
> anymore.
> 
> -f
> -- 
> time is the best teacher, unfortunately it kills all its students.

> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/www/py-jinja2/Makefile,v
> retrieving revision 1.18
> diff -u -p -r1.18 Makefile
> --- Makefile  25 May 2014 18:19:32 -0000      1.18
> +++ Makefile  3 Sep 2014 15:30:39 -0000
> @@ -2,7 +2,7 @@
>  
>  COMMENT =            fast, optionally sandboxed, Python template engine
>  
> -MODPY_EGG_VERSION =  2.7.2
> +MODPY_EGG_VERSION =  2.7.3
>  DISTNAME =           Jinja2-${MODPY_EGG_VERSION}
>  PKGNAME =            py-${DISTNAME:L}
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/www/py-jinja2/distinfo,v
> retrieving revision 1.9
> diff -u -p -r1.9 distinfo
> --- distinfo  25 May 2014 18:19:32 -0000      1.9
> +++ distinfo  3 Sep 2014 15:30:39 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (Jinja2-2.7.2.tar.gz) = MQo1+8ysOvE+v5Jyl/hxrGVrnaHSSLH+Z2Wv+nG1MjU=
> -SIZE (Jinja2-2.7.2.tar.gz) = 378300
> +SHA256 (Jinja2-2.7.3.tar.gz) = LiSsXQBNtXFJdqBKwOgMbfbkfpjDVMssDYL4h51Pj9s=
> +SIZE (Jinja2-2.7.3.tar.gz) = 378470
> Index: patches/patch-jinja2_bccache_py
> ===================================================================
> RCS file: patches/patch-jinja2_bccache_py
> diff -N patches/patch-jinja2_bccache_py
> --- patches/patch-jinja2_bccache_py   25 May 2014 18:19:32 -0000      1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,50 +0,0 @@
> -$OpenBSD: patch-jinja2_bccache_py,v 1.1 2014/05/25 18:19:32 rpe Exp $
> -
> -Fix for CVE-2014-0012 (Insecure temp folder creation)
> -https://github.com/mitsuhiko/jinja2/pull/292/commits
> -
> ---- jinja2/bccache.py.orig   Fri Jan 10 11:42:03 2014
> -+++ jinja2/bccache.py        Sun May 25 16:34:26 2014
> -@@ -15,9 +15,7 @@
> -     :license: BSD.
> - """
> - from os import path, listdir
> --import os
> - import sys
> --import errno
> - import marshal
> - import tempfile
> - import fnmatch
> -@@ -206,31 +204,9 @@ class FileSystemBytecodeCache(BytecodeCache):
> - 
> -     def __init__(self, directory=None, pattern='__jinja2_%s.cache'):
> -         if directory is None:
> --            directory = self._get_default_cache_dir()
> -+            directory = tempfile.mkdtemp(prefix="jinja2-cache-")
> -         self.directory = directory
> -         self.pattern = pattern
> --
> --    def _get_default_cache_dir(self):
> --        tmpdir = tempfile.gettempdir()
> --
> --        # On windows the temporary directory is used specific unless
> --        # explicitly forced otherwise.  We can just use that.
> --        if os.name == 'n':
> --            return tmpdir
> --        if not hasattr(os, 'getuid'):
> --            raise RuntimeError('Cannot determine safe temp directory.  You '
> --                               'need to explicitly provide one.')
> --
> --        dirname = '_jinja2-cache-%d' % os.getuid()
> --        actual_dir = os.path.join(tmpdir, dirname)
> --        try:
> --            # 448 == 0700
> --            os.mkdir(actual_dir, 448)
> --        except OSError as e:
> --            if e.errno != errno.EEXIST:
> --                raise
> --
> --        return actual_dir
> - 
> -     def _get_cache_filename(self, bucket):
> -         return path.join(self.directory, self.pattern % bucket.key)


-- 
i'm a tagline.  when i grow up i wanna be a novel.

Reply via email to