SliTaz Repositories

     1.1 --- a/py3k-dev/receipt	Sun Oct 16 06:36:10 2011 +0000
     1.2 +++ b/py3k-dev/receipt	Sun Oct 16 07:08:02 2011 +0000
     1.3 @@ -1,7 +1,7 @@
     1.4  # SliTaz package receipt.
     1.5  
     1.6  PACKAGE="py3k-dev"
     1.7 -VERSION="3.2"
     1.8 +VERSION="3.2.2"
     1.9  CATEGORY="development"
    1.10  SHORT_DESC="The Python programming language devel files."
    1.11  MAINTAINER="pankso@slitaz.org"

     2.1 --- a/py3k/receipt	Sun Oct 16 06:36:10 2011 +0000
     2.2 +++ b/py3k/receipt	Sun Oct 16 07:08:02 2011 +0000
     2.3 @@ -1,7 +1,7 @@
     2.4  # SliTaz package receipt.
     2.5  
     2.6  PACKAGE="py3k"
     2.7 -VERSION="3.2"
     2.8 +VERSION="3.2.2"
     2.9  CATEGORY="development"
    2.10  SHORT_DESC="The Python 3000 programming language."
    2.11  MAINTAINER="pascal.bellard@slitaz.org"
    2.12 @@ -16,12 +16,11 @@
    2.13  compile_rules()
    2.14  {
    2.15  	cd $src
    2.16 -	patch -Np1 -i $stuff/CVE-2011-1521.patch
    2.17  	./configure --enable-shared --with-ncurses \
    2.18  	--prefix=/usr --infodir=/usr/share/info \
    2.19  	--mandir=/usr/share/man $CONFIGURE_ARGS &&
    2.20  	make &&
    2.21 -	make DESTDIR=$PWD/_pkg install
    2.22 +	make DESTDIR=$DESTDIR install
    2.23  }
    2.24  
    2.25  # Rules to gen a SliTaz package suitable for Tazpkg.

     3.1 --- a/py3k/stuff/CVE-2011-1521.patch	Sun Oct 16 06:36:10 2011 +0000
     3.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.3 @@ -1,134 +0,0 @@
     3.4 -diff -Naur Python-3.2.ori/Doc/library/urllib.request.rst Python-3.2/Doc/library/urllib.request.rst
     3.5 ---- Python-3.2.ori/Doc/library/urllib.request.rst	2011-02-11 03:25:47.000000000 -0800
     3.6 -+++ Python-3.2/Doc/library/urllib.request.rst	2011-04-15 03:49:02.778745379 -0700
     3.7 -@@ -650,6 +650,10 @@
     3.8 -    is the case, :exc:`HTTPError` is raised.  See :rfc:`2616` for details of the
     3.9 -    precise meanings of the various redirection codes.
    3.10 - 
    3.11 -+   An :class:`HTTPError` exception raised as a security consideration if the
    3.12 -+   HTTPRedirectHandler is presented with a redirected url which is not an HTTP,
    3.13 -+   HTTPS or FTP url.
    3.14 -+
    3.15 - 
    3.16 - .. method:: HTTPRedirectHandler.redirect_request(req, fp, code, msg, hdrs, newurl)
    3.17 - 
    3.18 -diff -Naur Python-3.2.ori/Lib/test/test_urllib2.py Python-3.2/Lib/test/test_urllib2.py
    3.19 ---- Python-3.2.ori/Lib/test/test_urllib2.py	2011-02-11 03:25:47.000000000 -0800
    3.20 -+++ Python-3.2/Lib/test/test_urllib2.py	2011-04-15 03:50:29.705417290 -0700
    3.21 -@@ -8,6 +8,7 @@
    3.22 - 
    3.23 - import urllib.request
    3.24 - from urllib.request import Request, OpenerDirector
    3.25 -+import urllib.error
    3.26 - 
    3.27 - # XXX
    3.28 - # Request
    3.29 -@@ -1029,6 +1030,29 @@
    3.30 -             self.assertEqual(count,
    3.31 -                              urllib.request.HTTPRedirectHandler.max_redirections)
    3.32 - 
    3.33 -+
    3.34 -+    def test_invalid_redirect(self):
    3.35 -+        from_url = "http://example.com/a.html"
    3.36 -+        valid_schemes = ['http','https','ftp']
    3.37 -+        invalid_schemes = ['file','imap','ldap']
    3.38 -+        schemeless_url = "example.com/b.html"
    3.39 -+        h = urllib.request.HTTPRedirectHandler()
    3.40 -+        o = h.parent = MockOpener()
    3.41 -+        req = Request(from_url)
    3.42 -+        req.timeout = socket._GLOBAL_DEFAULT_TIMEOUT
    3.43 -+
    3.44 -+        for scheme in invalid_schemes:
    3.45 -+            invalid_url = scheme + '://' + schemeless_url
    3.46 -+            self.assertRaises(urllib.error.HTTPError, h.http_error_302,
    3.47 -+                    req, MockFile(), 302, "Security Loophole",
    3.48 -+                    MockHeaders({"location": invalid_url}))
    3.49 -+
    3.50 -+        for scheme in valid_schemes:
    3.51 -+            valid_url = scheme + '://' + schemeless_url
    3.52 -+            h.http_error_302(req, MockFile(), 302, "That's fine",
    3.53 -+                MockHeaders({"location": valid_url}))
    3.54 -+            self.assertEqual(o.req.get_full_url(), valid_url)
    3.55 -+
    3.56 -     def test_cookie_redirect(self):
    3.57 -         # cookies shouldn't leak into redirected requests
    3.58 -         from http.cookiejar import CookieJar
    3.59 -diff -Naur Python-3.2.ori/Lib/test/test_urllib.py Python-3.2/Lib/test/test_urllib.py
    3.60 ---- Python-3.2.ori/Lib/test/test_urllib.py	2010-12-17 09:35:56.000000000 -0800
    3.61 -+++ Python-3.2/Lib/test/test_urllib.py	2011-04-15 03:49:02.778745379 -0700
    3.62 -@@ -2,6 +2,7 @@
    3.63 - 
    3.64 - import urllib.parse
    3.65 - import urllib.request
    3.66 -+import urllib.error
    3.67 - import http.client
    3.68 - import email.message
    3.69 - import io
    3.70 -@@ -198,6 +199,21 @@
    3.71 -         finally:
    3.72 -             self.unfakehttp()
    3.73 - 
    3.74 -+    def test_invalid_redirect(self):
    3.75 -+        # urlopen() should raise IOError for many error codes.
    3.76 -+        self.fakehttp(b'''HTTP/1.1 302 Found
    3.77 -+Date: Wed, 02 Jan 2008 03:03:54 GMT
    3.78 -+Server: Apache/1.3.33 (Debian GNU/Linux) mod_ssl/2.8.22 OpenSSL/0.9.7e
    3.79 -+Location: file://guidocomputer.athome.com:/python/license
    3.80 -+Connection: close
    3.81 -+Content-Type: text/html; charset=iso-8859-1
    3.82 -+''')
    3.83 -+        try:
    3.84 -+            self.assertRaises(urllib.error.HTTPError, urlopen,
    3.85 -+                              "http://python.org/")
    3.86 -+        finally:
    3.87 -+            self.unfakehttp()
    3.88 -+
    3.89 -     def test_empty_socket(self):
    3.90 -         # urlopen() raises IOError if the underlying socket does not send any
    3.91 -         # data. (#1680230)
    3.92 -diff -Naur Python-3.2.ori/Lib/urllib/request.py Python-3.2/Lib/urllib/request.py
    3.93 ---- Python-3.2.ori/Lib/urllib/request.py	2011-02-11 03:25:47.000000000 -0800
    3.94 -+++ Python-3.2/Lib/urllib/request.py	2011-04-15 03:49:02.778745379 -0700
    3.95 -@@ -545,6 +545,17 @@
    3.96 - 
    3.97 -         # fix a possible malformed URL
    3.98 -         urlparts = urlparse(newurl)
    3.99 -+
   3.100 -+        # For security reasons we don't allow redirection to anything other
   3.101 -+        # than http, https or ftp.
   3.102 -+
   3.103 -+        if not urlparts.scheme in ('http', 'https', 'ftp'):
   3.104 -+            raise HTTPError(newurl, code,
   3.105 -+                            msg +
   3.106 -+                            " - Redirection to url '%s' is not allowed" %
   3.107 -+                            newurl,
   3.108 -+                            headers, fp)
   3.109 -+
   3.110 -         if not urlparts.path:
   3.111 -             urlparts = list(urlparts)
   3.112 -             urlparts[2] = "/"
   3.113 -@@ -1897,8 +1908,24 @@
   3.114 -             return
   3.115 -         void = fp.read()
   3.116 -         fp.close()
   3.117 -+
   3.118 -         # In case the server sent a relative URL, join with original:
   3.119 -         newurl = urljoin(self.type + ":" + url, newurl)
   3.120 -+
   3.121 -+        urlparts = urlparse(newurl)
   3.122 -+
   3.123 -+        # For security reasons, we don't allow redirection to anything other
   3.124 -+        # than http, https and ftp.
   3.125 -+
   3.126 -+        # We are using newer HTTPError with older redirect_internal method
   3.127 -+        # This older method will get deprecated in 3.3
   3.128 -+
   3.129 -+        if not urlparts.scheme in ('http', 'https', 'ftp'):
   3.130 -+            raise HTTPError(newurl, errcode,
   3.131 -+                            errmsg +
   3.132 -+                            " Redirection to url '%s' is not allowed." % newurl,
   3.133 -+                            headers, fp)
   3.134 -+
   3.135 -         return self.open(newurl)
   3.136 - 
   3.137 -     def http_error_301(self, url, fp, errcode, errmsg, headers, data=None):