Compare commits

...

No commits in common. "c9" and "c8" have entirely different histories.
c9 ... c8

5 changed files with 140 additions and 77 deletions

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/pyxdg-0.27.tar.gz
SOURCES/pyxdg-test-example.tar.gz
SOURCES/pyxdg-0.25.tar.gz

View File

@ -1,2 +1 @@
e4afee88cc156da408e10508a1a21b16082781b0 SOURCES/pyxdg-0.27.tar.gz
aa3d34dd52a01cc09fe91177b5dda284fd2dcca0 SOURCES/pyxdg-test-example.tar.gz
1272ee62b8c3909ac4844a34a95f8b1fb3398af2 SOURCES/pyxdg-0.25.tar.gz

View File

@ -0,0 +1,48 @@
diff -up pyxdg-0.25/xdg/BaseDirectory.py.CVE-2014-1624 pyxdg-0.25/xdg/BaseDirectory.py
--- pyxdg-0.25/xdg/BaseDirectory.py.CVE-2014-1624 2014-12-04 11:49:53.681654931 -0500
+++ pyxdg-0.25/xdg/BaseDirectory.py 2014-12-04 11:52:45.831522703 -0500
@@ -25,7 +25,7 @@ Typical usage:
Note: see the rox.Options module for a higher-level API for managing options.
"""
-import os
+import os, stat
_home = os.path.expanduser('~')
xdg_data_home = os.environ.get('XDG_DATA_HOME') or \
@@ -131,15 +131,29 @@ def get_runtime_dir(strict=True):
import getpass
fallback = '/tmp/pyxdg-runtime-dir-fallback-' + getpass.getuser()
+ create = False
try:
- os.mkdir(fallback, 0o700)
+ # This must be a real directory, not a symlink, so attackers can't
+ # point it elsewhere. So we use lstat to check it.
+ st = os.lstat(fallback)
except OSError as e:
import errno
- if e.errno == errno.EEXIST:
- # Already exists - set 700 permissions again.
- import stat
- os.chmod(fallback, stat.S_IRUSR|stat.S_IWUSR|stat.S_IXUSR)
- else: # pragma: no cover
+ if e.errno == errno.ENOENT:
+ create = True
+ else:
raise
+ else:
+ # The fallback must be a directory
+ if not stat.S_ISDIR(st.st_mode):
+ os.unlink(fallback)
+ create = True
+ # Must be owned by the user and not accessible by anyone else
+ elif (st.st_uid != os.getuid()) \
+ or (st.st_mode & (stat.S_IRWXG | stat.S_IRWXO)):
+ os.rmdir(fallback)
+ create = True
+
+ if create:
+ os.mkdir(fallback, 0o700)
return fallback

View File

@ -0,0 +1,13 @@
diff -up pyxdg-0.25/xdg/Mime.py.BAD pyxdg-0.25/xdg/Mime.py
--- pyxdg-0.25/xdg/Mime.py.BAD 2013-03-05 10:19:10.750845664 -0500
+++ pyxdg-0.25/xdg/Mime.py 2013-03-05 10:19:14.771845520 -0500
@@ -360,7 +360,8 @@ def _cache_database():
if pattern.startswith('*.'):
rest = pattern[2:]
if not ('*' in rest or '[' in rest or '?' in rest):
- exts[rest] = mtype
+ if rest not in exts:
+ exts[rest] = mtype
continue
if '*' in pattern or '[' in pattern or '?' in pattern:
globs.append((pattern, mtype))

View File

@ -1,111 +1,115 @@
%global with_python3 1
%if 0%{?rhel} > 7
# Disable python2 build by default
%bcond_with python2
%else
%bcond_without python2
%endif
Name: pyxdg
Version: 0.27
Release: 3%{?dist}
Version: 0.25
Release: 16%{?dist}
Summary: Python library to access freedesktop.org standards
Group: Development/Libraries
License: LGPLv2
URL: http://freedesktop.org/Software/pyxdg
Source0: %pypi_source
# Upstream did not include the test/examples directory in the source tarball
# This tarball is a copy of the directory from https://cgit.freedesktop.org/xdg/pyxdg/
Source1: pyxdg-test-example.tar.gz
Source0: http://people.freedesktop.org/~takluyver/%{name}-%{version}.tar.gz
# https://bugs.freedesktop.org/show_bug.cgi?id=61817
Patch0: pyxdg-0.25-find-first-mimetype-match.patch
# https://bugs.freedesktop.org/show_bug.cgi?id=73878
Patch1: pyxdg-0.25-CVE-2014-1624.patch
BuildArch: noarch
# These are needed for the nose tests.
BuildRequires: hicolor-icon-theme
BuildRequires: shared-mime-info
%description
PyXDG is a python library to access freedesktop.org standards.
PyXDG is a python library to access freedesktop.org standards
%if %{with python2}
%package -n python2-pyxdg
Summary: Python2 library to access freedesktop.org standards
%{?python_provide:%python_provide python2-pyxdg}
BuildRequires: python2-devel
# These are needed for the nose tests.
BuildRequires: python2-nose
%{?python_provide:%python_provide python2-pyxdg}
Provides: pyxdg = %{version}-%{release}
Obsoletes: pyxdg < 0.25-10
%description -n python2-pyxdg
PyXDG is a python library to access freedesktop.org standards. This
package contains a Python 2 version of PyXDG.
%endif # with python2
%if 0%{?with_python3}
%package -n python%{python3_pkgversion}-pyxdg
Summary: Python3 library to access freedesktop.org standards
%{?python_provide:%python_provide python3-pyxdg}
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
%if %{with check}
# These are needed for the nose tests.
BuildRequires: python%{python3_pkgversion}-nose
%endif
%{?python_provide:%python_provide python%{python3_pkgversion}-pyxdg}
%description -n python%{python3_pkgversion}-pyxdg
PyXDG is a python library to access freedesktop.org standards. This
package contains a Python 3 version of PyXDG.
%endif # with_python3
%prep
%setup -q -a 1
%setup -q
%patch0 -p1 -b .pngfix
%patch1 -p1 -b .CVE-2014-1624
%build
%if %{with python2}
%py2_build
%endif # with python2
%if 0%{?with_python3}
%py3_build
%endif # with_python3
%install
%if 0%{?with_python3}
%py3_install
%endif # with_python3
%if %{with python2}
%py2_install
%endif # with python2
%check
%if %{with python2}
# icon-test currently fails
# https://bugs.freedesktop.org/show_bug.cgi?id=104846
nosetests-%{python3_version} || :
nosetests-%{python2_version} || :
%endif # with python2
%if 0%{?with_python3}
nosetests-%{python3_version} || :
%endif # with_python3
%if %{with python2}
%files -n python2-pyxdg
%license COPYING
%doc AUTHORS ChangeLog README TODO
%{python2_sitelib}/xdg
%{python2_sitelib}/pyxdg-*.egg-info
%endif # with python2
%if 0%{?with_python3}
%files -n python%{python3_pkgversion}-pyxdg
%license COPYING
%doc AUTHORS ChangeLog README TODO
%{python3_sitelib}/xdg
%{python3_sitelib}/pyxdg-*.egg-info
%endif #with_python3
%changelog
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.27-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon May 24 2021 Tomas Popela <tpopela@redhat.com> - 0.27-2
- Backport a rawhide patch to fix the gating tests
* Fri May 14 2021 Kalev Lember <klember@redhat.com> - 0.27-1
- update to 0.27
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.26-13
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sun May 24 2020 Miro Hrončok <mhroncok@redhat.com> - 0.26-10
- Rebuilt for Python 3.9
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Nov 07 2019 Miro Hrončok <mhroncok@redhat.com> - 0.26-8
- Subpackage python2-pyxdg has been removed
See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.26-7
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Sat Aug 17 2019 Miro Hrončok <mhroncok@redhat.com> - 0.26-6
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Nov 30 2018 Tom Callaway <spot@fedoraproject.org> - 0.26-3
- fix incorrect use of Type attribute (bz 1654857)
* Thu Nov 1 2018 Tom Callaway <spot@fedoraproject.org> - 0.26-2
- fix OnlyShowIn (bz 1624651)
* Mon Jul 23 2018 Tom Callaway <spot@fedoraproject.org> - 0.26-1
- update to 0.26
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.25-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jun 18 2018 Miro Hrončok <mhroncok@redhat.com> - 0.25-16
- Rebuilt for Python 3.7
* Fri Jun 22 2018 Charalampos Stratakis <cstratak@redhat.com> - 0.25-16
- Conditionalize the python2 subpackage
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.25-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild