[arch-commits] Commit in python-numpy/trunk (PKGBUILD numpy-insecure-mktemp-use.patch)
Date: Friday, April 4, 2014 @ 08:03:09
Author: fyan
Revision: 209781
upgpkg: python-numpy 1.8.1-1
Modified:
python-numpy/trunk/PKGBUILD
Deleted:
python-numpy/trunk/numpy-insecure-mktemp-use.patch
-+
PKGBUILD| 14 --
numpy-insecure-mktemp-use.patch | 263 --
2 files changed, 4 insertions(+), 273 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2014-04-04 05:24:27 UTC (rev 209780)
+++ PKGBUILD2014-04-04 06:03:09 UTC (rev 209781)
@@ -5,8 +5,8 @@
pkgbase=python-numpy
pkgname=('python2-numpy' 'python-numpy')
-pkgver=1.8.0
-pkgrel=3
+pkgver=1.8.1
+pkgrel=1
pkgdesc="Scientific tools for Python"
arch=('i686' 'x86_64')
license=('custom')
@@ -13,16 +13,10 @@
url="http://www.numpy.org/";
makedepends=('lapack' 'python' 'python2' 'python-setuptools'
'python2-setuptools' 'gcc-fortran' 'python-nose' 'python2-nose')
options=('staticlibs')
-source=(http://downloads.sourceforge.net/numpy/numpy-${pkgver}.tar.gz
-numpy-insecure-mktemp-use.patch)
-md5sums=('2a4b0423a758706d592abb6721ec8dcd'
- '2caf84740b54dcb5fa1d47e72201f294')
+source=(http://downloads.sourceforge.net/numpy/numpy-${pkgver}.tar.gz)
+md5sums=('be95babe263bfa3428363d6db5b64678')
prepare() {
- cd numpy-$pkgver
- patch -Np1 -i ../numpy-insecure-mktemp-use.patch
- cd ..
-
cp -a numpy-$pkgver numpy-py2-$pkgver
cd numpy-py2-$pkgver
Deleted: numpy-insecure-mktemp-use.patch
===
--- numpy-insecure-mktemp-use.patch 2014-04-04 05:24:27 UTC (rev 209780)
+++ numpy-insecure-mktemp-use.patch 2014-04-04 06:03:09 UTC (rev 209781)
@@ -1,263 +0,0 @@
a/numpy/lib/tests/test_io.py 2013-10-30 19:32:51.0 +0100
-+++ b/numpy/lib/tests/test_io.py 2014-02-10 08:30:12.903607138 +0100
-@@ -4,7 +4,9 @@
- import gzip
- import os
- import threading
--from tempfile import mkstemp, mktemp, NamedTemporaryFile
-+import shutil
-+import contextlib
-+from tempfile import mkstemp, mkdtemp, NamedTemporaryFile
- import time
- import warnings
- import gc
-@@ -21,6 +23,12 @@
- assert_raises, run_module_suite)
- from numpy.testing import assert_warns, assert_, build_err_msg
-
-+@contextlib.contextmanager
-+def tempdir(change_dir=False):
-+tmpdir = mkdtemp()
-+yield tmpdir
-+shutil.rmtree(tmpdir)
-+
-
- class TextIO(BytesIO):
- """Helper IO class.
-@@ -145,14 +153,14 @@
- @np.testing.dec.slow
- def test_big_arrays(self):
- L = (1 << 31) + 10
--tmp = mktemp(suffix='.npz')
- a = np.empty(L, dtype=np.uint8)
--np.savez(tmp, a=a)
--del a
--npfile = np.load(tmp)
--a = npfile['a']
--npfile.close()
--os.remove(tmp)
-+with tempdir() as tmpdir:
-+tmp = open(os.path.join(tmpdir, "file.npz"), "w")
-+np.savez(tmp, a=a)
-+del a
-+npfile = np.load(tmp)
-+a = npfile['a']
-+npfile.close()
-
- def test_multiple_arrays(self):
- a = np.array([[1, 2], [3, 4]], float)
-commit 0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
-Author: Julian Taylor
-Date: Wed Feb 5 23:01:47 2014 +0100
-
-ENH: remove insecure mktemp use
-
-mktemp only returns a filename, a malicous user could replace it before
-it gets used.
-
-diff --git a/numpy/core/tests/test_memmap.py b/numpy/core/tests/test_memmap.py
-index 6de6319..10e7a08 100644
a/numpy/core/tests/test_memmap.py
-+++ b/numpy/core/tests/test_memmap.py
-@@ -1,7 +1,7 @@
- from __future__ import division, absolute_import, print_function
-
- import sys
--from tempfile import NamedTemporaryFile, TemporaryFile, mktemp
-+from tempfile import NamedTemporaryFile, TemporaryFile
- import os
-
- from numpy import memmap
-@@ -33,12 +33,11 @@ class TestMemmap(TestCase):
- assert_array_equal(self.data, newfp)
-
- def test_open_with_filename(self):
--tmpname = mktemp('', 'mmap')
--fp = memmap(tmpname, dtype=self.dtype, mode='w+',
-- shape=self.shape)
--fp[:] = self.data[:]
--del fp
--os.unlink(tmpname)
-+with NamedTemporaryFile() as tmp:
-+fp = memmap(tmp.name, dtype=self.dtype, mode='w+',
-+shape=self.shape)
-+fp[:] = self.data[:]
-+del fp
-
- def test_unnamed_file(self):
- with TemporaryFile() as f:
-@@ -55,17 +54,16 @@ class TestMemmap(TestCase):
- del fp
-
- def test_filename(self):
--tmpname = mktemp('', 'mmap')
--fp = memmap(tmpname, dtype=self.dtype, mode='w+',
-- shape=self.shape)
--abspath = os.path.abspath(tmpname)
--fp[:] = self.data[:]
--self.assertEqual(abspath, fp.filename)
--b = fp[:1]
--self.assertEqual(abspath, b.filename)
[arch-commits] Commit in python-numpy/trunk (PKGBUILD numpy-insecure-mktemp-use.patch)
Date: Tuesday, February 11, 2014 @ 13:33:07
Author: jgc
Revision: 205835
upgpkg: python-numpy 1.8.0-2
Fix CVE2014-1858 and CVE2014-1859 (FS#38863)
Added:
python-numpy/trunk/numpy-insecure-mktemp-use.patch
Modified:
python-numpy/trunk/PKGBUILD
-+
PKGBUILD| 12 +
numpy-insecure-mktemp-use.patch | 263 ++
2 files changed, 272 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2014-02-11 11:49:26 UTC (rev 205834)
+++ PKGBUILD2014-02-11 12:33:07 UTC (rev 205835)
@@ -6,7 +6,7 @@
pkgbase=python-numpy
pkgname=('python2-numpy' 'python-numpy')
pkgver=1.8.0
-pkgrel=1
+pkgrel=2
pkgdesc="Scientific tools for Python"
arch=('i686' 'x86_64')
license=('custom')
@@ -13,10 +13,16 @@
url="http://www.numpy.org/";
makedepends=('lapack' 'python' 'python2' 'python-setuptools'
'python2-setuptools' 'gcc-fortran' 'python-nose' 'python2-nose')
options=('staticlibs')
-source=(http://downloads.sourceforge.net/numpy/numpy-${pkgver}.tar.gz)
-md5sums=('2a4b0423a758706d592abb6721ec8dcd')
+source=(http://downloads.sourceforge.net/numpy/numpy-${pkgver}.tar.gz
+numpy-insecure-mktemp-use.patch)
+md5sums=('2a4b0423a758706d592abb6721ec8dcd'
+ '2caf84740b54dcb5fa1d47e72201f294')
prepare() {
+ cd numpy-$pkgver
+ patch -Np1 -i ../numpy-insecure-mktemp-use.patch
+ cd ..
+
cp -a numpy-$pkgver numpy-py2-$pkgver
cd numpy-py2-$pkgver
Added: numpy-insecure-mktemp-use.patch
===
--- numpy-insecure-mktemp-use.patch (rev 0)
+++ numpy-insecure-mktemp-use.patch 2014-02-11 12:33:07 UTC (rev 205835)
@@ -0,0 +1,263 @@
+--- a/numpy/lib/tests/test_io.py 2013-10-30 19:32:51.0 +0100
b/numpy/lib/tests/test_io.py 2014-02-10 08:30:12.903607138 +0100
+@@ -4,7 +4,9 @@
+ import gzip
+ import os
+ import threading
+-from tempfile import mkstemp, mktemp, NamedTemporaryFile
++import shutil
++import contextlib
++from tempfile import mkstemp, mkdtemp, NamedTemporaryFile
+ import time
+ import warnings
+ import gc
+@@ -21,6 +23,12 @@
+ assert_raises, run_module_suite)
+ from numpy.testing import assert_warns, assert_, build_err_msg
+
++@contextlib.contextmanager
++def tempdir(change_dir=False):
++tmpdir = mkdtemp()
++yield tmpdir
++shutil.rmtree(tmpdir)
++
+
+ class TextIO(BytesIO):
+ """Helper IO class.
+@@ -145,14 +153,14 @@
+ @np.testing.dec.slow
+ def test_big_arrays(self):
+ L = (1 << 31) + 10
+-tmp = mktemp(suffix='.npz')
+ a = np.empty(L, dtype=np.uint8)
+-np.savez(tmp, a=a)
+-del a
+-npfile = np.load(tmp)
+-a = npfile['a']
+-npfile.close()
+-os.remove(tmp)
++with tempdir() as tmpdir:
++tmp = open(os.path.join(tmpdir, "file.npz"), "w")
++np.savez(tmp, a=a)
++del a
++npfile = np.load(tmp)
++a = npfile['a']
++npfile.close()
+
+ def test_multiple_arrays(self):
+ a = np.array([[1, 2], [3, 4]], float)
+commit 0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
+Author: Julian Taylor
+Date: Wed Feb 5 23:01:47 2014 +0100
+
+ENH: remove insecure mktemp use
+
+mktemp only returns a filename, a malicous user could replace it before
+it gets used.
+
+diff --git a/numpy/core/tests/test_memmap.py b/numpy/core/tests/test_memmap.py
+index 6de6319..10e7a08 100644
+--- a/numpy/core/tests/test_memmap.py
b/numpy/core/tests/test_memmap.py
+@@ -1,7 +1,7 @@
+ from __future__ import division, absolute_import, print_function
+
+ import sys
+-from tempfile import NamedTemporaryFile, TemporaryFile, mktemp
++from tempfile import NamedTemporaryFile, TemporaryFile
+ import os
+
+ from numpy import memmap
+@@ -33,12 +33,11 @@ class TestMemmap(TestCase):
+ assert_array_equal(self.data, newfp)
+
+ def test_open_with_filename(self):
+-tmpname = mktemp('', 'mmap')
+-fp = memmap(tmpname, dtype=self.dtype, mode='w+',
+- shape=self.shape)
+-fp[:] = self.data[:]
+-del fp
+-os.unlink(tmpname)
++with NamedTemporaryFile() as tmp:
++fp = memmap(tmp.name, dtype=self.dtype, mode='w+',
++shape=self.shape)
++fp[:] = self.data[:]
++del fp
+
+ def test_unnamed_file(self):
+ with TemporaryFile() as f:
+@@ -55,17 +54,16 @@ class TestMemmap(TestCase):
+ del fp
+
+ def test_filename(self):
+-tmpname = mktemp('', 'mmap')
+-fp = memmap(tmpname, dtype=self.dtype, mode='w+',
+- shape=self.shape)
+-abspath = os.path.abspath(tmpname)
+-fp[:] = self.data[:]
+-self.assertEqual(abspath, fp.filename)
+-b = fp[:1]
+-self.assertEq
