Hello community, here is the log from the commit of package python-suds-jurko for openSUSE:Factory checked in at 2016-10-13 11:29:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-suds-jurko (Old) and /work/SRC/openSUSE:Factory/.python-suds-jurko.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-suds-jurko" Changes: -------- --- /work/SRC/openSUSE:Factory/python-suds-jurko/python-suds-jurko.changes 2015-11-10 10:03:59.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-suds-jurko.new/python-suds-jurko.changes 2016-10-13 11:29:33.000000000 +0200 @@ -1,0 +2,11 @@ +Tue Oct 4 14:13:21 UTC 2016 - r...@rotkraut.de + +- Add suds-insecure-cache-tempdir.patch: CVE-2013-2217 (bsc#827568) + +------------------------------------------------------------------- +Thu Sep 8 07:38:26 UTC 2016 - tbecht...@suse.com + +- Add missing openstack-macros BuildRequires +- Use pypi.io as Source url + +------------------------------------------------------------------- New: ---- suds-insecure-cache-tempdir.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-suds-jurko.spec ++++++ --- /var/tmp/diff_new_pack.cRJMGV/_old 2016-10-13 11:29:34.000000000 +0200 +++ /var/tmp/diff_new_pack.cRJMGV/_new 2016-10-13 11:29:34.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-suds-jurko # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,11 @@ License: LGPL-3.0+ Group: Development/Languages/Python Url: http://bitbucket.org/jurko/suds -Source: https://pypi.python.org/packages/source/s/suds-jurko/suds-jurko-%{version}.tar.bz2 +Source: https://pypi.io/packages/source/s/suds-jurko/suds-jurko-%{version}.tar.bz2 +# CVE-2013-2217. +# Fixed upstream in https://bitbucket.org/jurko/suds/issues/15/ +Patch0: suds-insecure-cache-tempdir.patch +BuildRequires: openstack-macros BuildRequires: openstack-suse-macros BuildRequires: python-devel BuildRequires: python-setuptools @@ -48,6 +52,7 @@ %prep %setup -q -n suds-jurko-%{version} +%patch0 %build %{__python2} setup.py build ++++++ suds-insecure-cache-tempdir.patch ++++++ --- suds/cache.py.orig 2014-01-21 20:06:03.000000000 +0100 +++ suds/cache.py 2014-02-11 13:22:39.047914048 +0100 @@ -26,7 +26,7 @@ from datetime import datetime as dt from datetime import timedelta import os -from tempfile import gettempdir as tmp +import tempfile try: import cPickle as pickle except Exception: @@ -93,6 +93,9 @@ A file-based URL cache. @cvar fnprefix: The file name prefix. @type fnsuffix: str + @cvar remove_default_location_on_exit: Whether to remove the default cache + location on process exit (default=True). + @type remove_default_location_on_exit: bool @ivar duration: The cached file duration which defines how long the file will be cached. @type duration: (unit, value) @@ -100,10 +103,21 @@ @type location: str """ fnprefix = 'suds' + __default_location = None + remove_default_location_on_exit = True units = ('months', 'weeks', 'days', 'hours', 'minutes', 'seconds') def __init__(self, location=None, **duration): """ + Initialized a new FileCache instance. + + If no cache location is specified, a temporary default location will be + used. Such default cache location will be shared by all FileCache + instances with no explicitly specified location within the same + process. The default cache location will be removed automatically on + process exit unless user sets the remove_default_location_on_exit + FileCache class attribute to False. + @param location: The directory for the cached files. @type location: str @param duration: The cached file duration which defines how @@ -112,7 +126,7 @@ @type duration: {unit:value} """ if location is None: - location = os.path.join(tmp(), 'suds') + location = self.__get_default_location() self.location = location self.duration = (None, 0) self.setduration(**duration) @@ -250,6 +264,34 @@ fn = '%s-%s.%s' % (self.fnprefix, name, suffix) return os.path.join(self.location, fn) + @staticmethod + def __get_default_location(): + """ + Returns the current process's default cache location folder. + + The folder is determined lazily on first call. + + """ + if not FileCache.__default_location: + tmp = tempfile.mkdtemp("suds-default-cache") + FileCache.__default_location = tmp + import atexit + atexit.register(FileCache.__remove_default_location) + return FileCache.__default_location + + @staticmethod + def __remove_default_location(): + """ + Removes the default cache location folder. + + This removal may be disabled by setting the + remove_default_location_on_exit FileCache class attribute to False. + + """ + if FileCache.remove_default_location_on_exit: + import shutil + shutil.rmtree(FileCache.__default_location, ignore_errors=True) + class DocumentCache(FileCache): """ --- tests/test_cache.py.orig 2014-01-21 20:06:03.000000000 +0100 +++ tests/test_cache.py 2014-02-11 13:32:00.713225646 +0100 @@ -133,14 +133,7 @@ assert cache2.get("unga2") == value_p22 -def test_FileCache_location(tmpdir): - defaultLocation = os.path.join(tempfile.gettempdir(), "suds") - cache = suds.cache.FileCache() - assert os.path.isdir(cache.location) - assert cache.location == defaultLocation - assert suds.cache.FileCache().location == defaultLocation - assert cache.location == defaultLocation - +def test_FileCache_non_default_location(tmpdir): cacheFolder1 = tmpdir.join("flip-flop1").strpath assert not os.path.isdir(cacheFolder1) assert suds.cache.FileCache(location=cacheFolder1).location == cacheFolder1