Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 167252 Details for
Bug 239560
sys-apps/portage <2.1.4.5 Insecure search path for python -c in ebuilds (CVE-2008-4394)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
2.1.4.5 patch that applies on top of 2.1.4.4
portage-2.1.4.5.patch (text/plain), 3.28 KB, created by
Zac Medico
on 2008-10-05 07:21:07 UTC
(
hide
)
Description:
2.1.4.5 patch that applies on top of 2.1.4.4
Filename:
MIME Type:
Creator:
Zac Medico
Created:
2008-10-05 07:21:07 UTC
Size:
3.28 KB
patch
obsolete
>diff --git a/bin/ebuild.sh b/bin/ebuild.sh >index 61f6e18..7fe126e 100755 >--- a/bin/ebuild.sh >+++ b/bin/ebuild.sh >@@ -260,6 +260,12 @@ register_die_hook() { > export EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} $*" > } > >+# Ensure that $PWD is sane whenever possible. >+if ! hasq "$EBUILD_PHASE" clean depend help ; then >+ cd "$PORTAGE_BUILDDIR" || \ >+ die "PORTAGE_BUILDDIR does not exist: '$PORTAGE_BUILDDIR'" >+fi >+ > #if no perms are specified, dirs/files will have decent defaults > #(not secretive, but not stupid) > umask 022 >diff --git a/bin/emerge b/bin/emerge >index bef6f40..61bec13 100755 >--- a/bin/emerge >+++ b/bin/emerge >@@ -634,13 +634,19 @@ class search: > import portage_manifest as manifest > mf = manifest.Manifest( > pkgdir, self.settings["DISTDIR"]) >- fetchlist = self.portdb.getfetchlist(mycpv, >- mysettings=self.settings, all=True)[1] > try: >- mysum[0] = mf.getDistfilesSize(fetchlist) >- except KeyError, e: >- file_size_str = "Unknown (missing digest for %s)" % \ >- str(e) >+ fetchlist = self.portdb.getfetchlist(mycpv, >+ mysettings=self.settings, all=True)[1] >+ except portage_exception.InvalidDependString, e: >+ file_size_str = "Unknown (%s)" % (e,) >+ del e >+ else: >+ try: >+ mysum[0] = mf.getDistfilesSize(fetchlist) >+ except KeyError, e: >+ file_size_str = "Unknown (missing " + \ >+ "digest for %s)" % (e,) >+ del e > > available = False > for db in self._dbs: >@@ -1083,7 +1089,7 @@ class FakeVartree(portage.vartree): > self._aux_get = self.dbapi.aux_get > self.dbapi.aux_get = self._aux_get_wrapper > self._aux_get_history = set() >- self._portdb_keys = ["DEPEND", "RDEPEND", "PDEPEND"] >+ self._portdb_keys = ["EAPI", "DEPEND", "RDEPEND", "PDEPEND"] > self._portdb = portdb > self._global_updates = None > >@@ -1095,6 +1101,8 @@ class FakeVartree(portage.vartree): > # Use the live ebuild metadata if possible. > live_metadata = dict(izip(self._portdb_keys, > self._portdb.aux_get(pkg, self._portdb_keys))) >+ if not portage.eapi_is_supported(live_metadata["EAPI"]): >+ raise KeyError(pkg) > self.dbapi.aux_update(pkg, live_metadata) > except (KeyError, portage_exception.PortageException): > if self._global_updates is None: >diff --git a/bin/filter-bash-environment.py b/bin/filter-bash-environment.py >index 83b250b..a078f04 100755 >--- a/bin/filter-bash-environment.py >+++ b/bin/filter-bash-environment.py >@@ -31,7 +31,7 @@ def filter_bash_environment(pattern, file_in, file_out): > file_out.write(line) > continue > if pattern.match(line) is None: >- file_out.write(line) >+ file_out.write(line.replace("\1", "")) > > if __name__ == "__main__": > description = "Filter out any lines that match a given PATTERN " + \ >diff --git a/pym/portage.py b/pym/portage.py >index b63105c..83228ba 100644 >--- a/pym/portage.py >+++ b/pym/portage.py >@@ -4475,8 +4475,7 @@ def doebuild(myebuild, mydo, myroot, mysettings, debug=0, listonly=0, > > # Build directory creation isn't required for any of these. > have_build_dirs = False >- if mydo not in ("clean", "cleanrm", "digest", >- "fetch", "help", "manifest"): >+ if mydo not in ("clean", "cleanrm", "digest", "help", "manifest"): > mystatus = prepare_build_dirs(myroot, mysettings, cleanup) > if mystatus: > return mystatus
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 239560
: 167252 |
167255