Comment 1 Matt Summers (RETIRED) 2009-07-30 17:42:55 UTC

Created attachment 199673 [details]
here is the updated ebuild, with fixes now that tests are included in the release tarball once again.

enjoy

Comment 2 Tobias Heinlein (RETIRED) 2009-07-30 18:20:14 UTC

Matt, thanks for the report. Python team, please proceed.

Comment 3 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2009-07-31 00:30:46 UTC

(In reply to comment #1)

Please attach unidiff patches instead of whole ebuilds.

Comment 4 Matt Summers (RETIRED) 2009-07-31 15:03:25 UTC

Created attachment 199749 [details]
diff

including fix for upstream tarball name change, and removal of tests workaround as they are now, correctly, included in the release.

Thanks to Arfrever for the assist.

Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2009-08-02 19:30:53 UTC

Fixed.

Parentheses in RDEPEND in the ebuild in the tree seem to be wrong:
    sqlite? ( || (
        >=dev-lang/python-2.5[sqlite] )
        ( dev-python/pysqlite:2 <dev-lang/python-2.5 )
    )
(and similar for test in DEPEND)
I think there should be no parenthesis after >=dev-lang/python-2.5[sqlite] -- now portage wants to install python-2.4 and pysqlite in addition to python-2.6 I have already installed.

Comment 7 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2009-08-03 05:10:50 UTC

(In reply to comment #6)

Fixed.

Comment 8 Alex Legler (RETIRED) 2009-08-05 11:34:08 UTC

CVE-2009-2659 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2659):
  The Admin media handler in core/servers/basehttp.py in Django 1.0 and
  0.96 does not properly map URL requests to expected "static media
  files," which allows remote attackers to conduct directory traversal
  attacks and read arbitrary files via a crafted URL.