Hello community,
here is the log from the commit of package python3 for openSUSE:Factory checked in at 2014-04-09 13:01:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python3 (Old)
and /work/SRC/openSUSE:Factory/.python3.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python3/python3-base.changes 2014-03-31 20:42:59.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.python3.new/python3-base.changes 2014-04-09 13:01:10.000000000 +0200
@@ -1,0 +2,8 @@
+Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com
+
+- CVE-2014-2667-mkdir.patch: race condition with reseting umask
+ in os.makedirs
+ (CVE-2014-2667, bnc#869222)
+- updated multilib patch to include ~/.local/lib64 (bnc#637176)
+
+-------------------------------------------------------------------
python3.changes: same change
New:
----
CVE-2014-2667-mkdir.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python3-base.spec ++++++
--- /var/tmp/diff_new_pack.A5ClVq/_old 2014-04-09 13:01:12.000000000 +0200
+++ /var/tmp/diff_new_pack.A5ClVq/_new 2014-04-09 13:01:12.000000000 +0200
@@ -85,6 +85,8 @@
Patch14: python-3.4.0rc2-sqlite-3.8.4-tests.patch
# Raise timeout value for test_subprocess
Patch15: subprocess-raise-timeout.patch
+# CVE-2014-2667 - race condition with umask in os.makedirs
+Patch16: CVE-2014-2667-mkdir.patch
### COMMON-PATCH-END ###
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -216,6 +218,7 @@
%patch13 -p0
%patch14 -p1
%patch15 -p1
+%patch16 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ python3-doc.spec ++++++
--- /var/tmp/diff_new_pack.A5ClVq/_old 2014-04-09 13:01:12.000000000 +0200
+++ /var/tmp/diff_new_pack.A5ClVq/_new 2014-04-09 13:01:12.000000000 +0200
@@ -70,6 +70,10 @@
Patch13: libffi-ppc64le.diff
# Fix tests for sqlite 3.8.4
Patch14: python-3.4.0rc2-sqlite-3.8.4-tests.patch
+# Raise timeout value for test_subprocess
+Patch15: subprocess-raise-timeout.patch
+# CVE-2014-2667 - race condition with umask in os.makedirs
+Patch16: CVE-2014-2667-mkdir.patch
### COMMON-PATCH-END ###
### COMMON-DEF-BEGIN ###
@@ -139,6 +143,8 @@
%patch12 -p1
%patch13 -p0
%patch14 -p1
+%patch15 -p1
+%patch16 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ python3.spec ++++++
--- /var/tmp/diff_new_pack.A5ClVq/_old 2014-04-09 13:01:12.000000000 +0200
+++ /var/tmp/diff_new_pack.A5ClVq/_new 2014-04-09 13:01:12.000000000 +0200
@@ -82,6 +82,10 @@
Patch13: libffi-ppc64le.diff
# Fix tests for sqlite 3.8.4
Patch14: python-3.4.0rc2-sqlite-3.8.4-tests.patch
+# Raise timeout value for test_subprocess
+Patch15: subprocess-raise-timeout.patch
+# CVE-2014-2667 - race condition with umask in os.makedirs
+Patch16: CVE-2014-2667-mkdir.patch
### COMMON-PATCH-END ###
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -184,6 +188,8 @@
%patch12 -p1
%patch13 -p0
%patch14 -p1
+%patch15 -p1
+%patch16 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ CVE-2014-2667-mkdir.patch ++++++
# HG changeset patch
# User Benjamin Peterson
# Date 1396394328 14400
# Node ID c24dd53ab4b9ebc13671051d524e25305266994f
# Parent 1039d4ebc4bb8655060cf016f5681867d07b7e44# Parent 6370d44013f7e7e0892dd7f78b91d3a929e2d343
merge 3.3 (#21082)
Index: Python-3.4.0/Doc/library/os.rst
===================================================================
--- Python-3.4.0.orig/Doc/library/os.rst 2014-04-04 18:06:50.821300387 +0200
+++ Python-3.4.0/Doc/library/os.rst 2014-04-04 18:06:59.558350425 +0200
@@ -1619,11 +1619,8 @@
The default *mode* is ``0o777`` (octal). On some systems, *mode* is
ignored. Where it is used, the current umask value is first masked out.
- If *exist_ok* is ``False`` (the default), an :exc:`OSError` is raised if
- the target directory already exists. If *exist_ok* is ``True`` an
- :exc:`OSError` is still raised if the umask-masked *mode* is different from
- the existing mode, on systems where the mode is used. :exc:`OSError` will
- also be raised if the directory creation fails.
+ If *exist_ok* is ``False`` (the default), an :exc:`OSError` is raised if the
+ target directory already exists.
.. note::
@@ -1635,6 +1632,13 @@
.. versionadded:: 3.2
The *exist_ok* parameter.
+ .. versionchanged:: 3.3.6
+
+ Before Python 3.3.6, if *exist_ok* was ``True`` and the directory existed,
+ :func:`makedirs` would still raise an error if *mode* did not match the
+ mode of the existing directory. Since this behavior was impossible to
+ implement safely, it was removed in Python 3.3.6. See :issue:`21082`.
+
.. function:: mkfifo(path, mode=0o666, *, dir_fd=None)
Index: Python-3.4.0/Lib/os.py
===================================================================
--- Python-3.4.0.orig/Lib/os.py 2014-04-04 18:06:50.821300387 +0200
+++ Python-3.4.0/Lib/os.py 2014-04-04 18:20:44.057141177 +0200
@@ -206,23 +206,16 @@
SEEK_CUR = 1
SEEK_END = 2
-
-def _get_masked_mode(mode):
- mask = umask(0)
- umask(mask)
- return mode & ~mask
-
# Super directory utilities.
# (Inspired by Eric Raymond; the doc strings are mostly his)
def makedirs(name, mode=0o777, exist_ok=False):
"""makedirs(path [, mode=0o777][, exist_ok=False])
- Super-mkdir; create a leaf directory and all intermediate ones.
- Works like mkdir, except that any intermediate path segment (not
- just the rightmost) will be created if it does not exist. If the
- target directory with the same mode as we specified already exists,
- raises an OSError if exist_ok is False, otherwise no exception is
+ Super-mkdir; create a leaf directory and all intermediate ones. Works like
+ mkdir, except that any intermediate path segment (not just the rightmost)
+ will be created if it does not exist. If the target directory already
+ exists, raise an OSError if exist_ok is False. Otherwise no exception is
raised. This is recursive.
"""
@@ -243,20 +236,7 @@
try:
mkdir(name, mode)
except OSError as e:
- dir_exists = path.isdir(name)
- expected_mode = _get_masked_mode(mode)
- if dir_exists:
- # S_ISGID is automatically copied by the OS from parent to child
- # directories on mkdir. Don't consider it being set to be a mode
- # mismatch as mkdir does not unset it when not specified in mode.
- actual_mode = st.S_IMODE(lstat(name).st_mode) & ~st.S_ISGID
- else:
- actual_mode = -1
- if not (e.errno == errno.EEXIST and exist_ok and dir_exists and
- actual_mode == expected_mode):
- if dir_exists and actual_mode != expected_mode:
- e.strerror += ' (mode %o != expected mode %o)' % (
- actual_mode, expected_mode)
+ if not exist_ok or e.errno != errno.EEXIST or not path.isdir(name):
raise
def removedirs(name):
Index: Python-3.4.0/Lib/test/test_os.py
===================================================================
--- Python-3.4.0.orig/Lib/test/test_os.py 2014-04-04 18:06:50.822300392 +0200
+++ Python-3.4.0/Lib/test/test_os.py 2014-04-04 18:06:59.559350431 +0200
@@ -901,7 +901,7 @@
os.makedirs(path, mode)
self.assertRaises(OSError, os.makedirs, path, mode)
self.assertRaises(OSError, os.makedirs, path, mode, exist_ok=False)
- self.assertRaises(OSError, os.makedirs, path, 0o776, exist_ok=True)
+ os.makedirs(path, 0o776, exist_ok=True)
os.makedirs(path, mode=mode, exist_ok=True)
os.umask(old_mask)
@@ -938,9 +938,8 @@
os.makedirs(path, mode, exist_ok=True)
# remove the bit.
os.chmod(path, stat.S_IMODE(os.lstat(path).st_mode) & ~S_ISGID)
- with self.assertRaises(OSError):
- # Should fail when the bit is not already set when demanded.
- os.makedirs(path, mode | S_ISGID, exist_ok=True)
+ # May work even when the bit is not already set when demanded.
+ os.makedirs(path, mode | S_ISGID, exist_ok=True)
finally:
os.umask(old_mask)
++++++ Python-3.3.0b2-multilib.patch ++++++
--- /var/tmp/diff_new_pack.A5ClVq/_old 2014-04-09 13:01:12.000000000 +0200
+++ /var/tmp/diff_new_pack.A5ClVq/_new 2014-04-09 13:01:12.000000000 +0200
@@ -68,6 +68,66 @@
===================================================================
--- Python-3.4.0b3.orig/Lib/site.py 2014-01-27 05:13:49.000000000 +0100
+++ Python-3.4.0b3/Lib/site.py 2014-02-04 17:18:37.568144174 +0100
+@@ -244,28 +244,37 @@
+ USER_BASE = get_config_var('userbase')
+ return USER_BASE
+
+-def getusersitepackages():
++def getusersitepackages(lib_kind = 'purelib'):
+ """Returns the user-specific site-packages directory path.
+
+ If the global variable ``USER_SITE`` is not initialized yet, this
+ function will also set it.
+ """
++
++ set_user_site = (lib_kind == 'purelib')
++
+ global USER_SITE
+ user_base = getuserbase() # this will also set USER_BASE
+
+- if USER_SITE is not None:
++ if USER_SITE is not None and set_user_site:
+ return USER_SITE
+
+ from sysconfig import get_path
+
++ user_site = None
++
+ if sys.platform == 'darwin':
+ from sysconfig import get_config_var
+ if get_config_var('PYTHONFRAMEWORK'):
+- USER_SITE = get_path('purelib', 'osx_framework_user')
+- return USER_SITE
++ user_site = get_path('purelib', 'osx_framework_user')
++
++ if user_site is None:
++ user_site = get_path('purelib', '%s_user' % os.name)
+
+- USER_SITE = get_path('purelib', '%s_user' % os.name)
+- return USER_SITE
++ if set_user_site:
++ USER_SITE = user_site
++
++ return user_site
+
+ def addusersitepackages(known_paths):
+ """Add a per user site-package to sys.path
+@@ -275,10 +284,12 @@
+ """
+ # get the per user site-package path
+ # this call will also make sure USER_BASE and USER_SITE are set
+- user_site = getusersitepackages()
++ for kind in ('purelib', 'platlib'):
++ user_site = getusersitepackages()
++
++ if ENABLE_USER_SITE and os.path.isdir(user_site):
++ addsitedir(user_site, known_paths)
+
+- if ENABLE_USER_SITE and os.path.isdir(user_site):
+- addsitedir(user_site, known_paths)
+ return known_paths
+
+ def getsitepackages(prefixes=None):
@@ -304,13 +304,19 @@
seen.add(prefix)
@@ -295,20 +355,6 @@
'include':
'{installed_base}/include/python{py_version_short}{abiflags}',
'platinclude':
-@@ -32,10 +32,10 @@
- 'data': '{base}',
- },
- 'posix_home': {
-- 'stdlib': '{installed_base}/lib/python',
-- 'platstdlib': '{base}/lib/python',
-+ 'stdlib': '{installed_base}/'+sys.lib+'/python',
-+ 'platstdlib': '{base}/'+sys.lib+'/python',
- 'purelib': '{base}/lib/python',
-- 'platlib': '{base}/lib/python',
-+ 'platlib': '{base}/'+sys.lib+'/python',
- 'include': '{installed_base}/include/python',
- 'platinclude': '{installed_base}/include/python',
- 'scripts': '{base}/bin',
@@ -61,10 +61,10 @@
'data': '{userbase}',
},
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org