[python-virtualenvwrapper] Patch vulnerability.

Ralph Bean ralph at fedoraproject.org
Mon May 7 16:08:45 UTC 2012 

commit 9fa97f818a5b760aca3ae20f5a4cc27ab3e38555
Author: Ralph Bean <rbean at redhat.com>
Date:   Mon May 7 12:08:36 2012 -0400

    Patch vulnerability.

 0002-remove-tmp-trap.patch    |   10 ++++++++++
 python-virtualenvwrapper.spec |    7 ++++++-
 2 files changed, 16 insertions(+), 1 deletions(-)
---
diff --git a/0002-remove-tmp-trap.patch b/0002-remove-tmp-trap.patch
new file mode 100644
index 0000000..10acb52
--- /dev/null
+++ b/0002-remove-tmp-trap.patch
@@ -0,0 +1,10 @@
+--- virtualenvwrapper.sh.orig  2012-05-03 19:11:04.000000000 -0400
++++ virtualenvwrapper.sh   2012-05-07 11:45:44.061357101 -0400
+@@ -137,7 +137,6 @@
+         echo "ERROR: virtualenvwrapper could not create a temporary file name." 1>&2
+         return 1
+     fi
+-    trap "\rm -f '$file' >/dev/null 2>&1" EXIT
+     echo $file
+     return 0
+ }
diff --git a/python-virtualenvwrapper.spec b/python-virtualenvwrapper.spec
index 3f5f2a8..64560ad 100644
--- a/python-virtualenvwrapper.spec
+++ b/python-virtualenvwrapper.spec
@@ -2,7 +2,7 @@
 
 Name:             python-virtualenvwrapper
 Version:          3.2
-Release:          2%{?dist}
+Release:          3%{?dist}
 Summary:          Enhancements to virtualenv
 
 Group:            Development/Languages
@@ -10,6 +10,7 @@ License:          MIT
 URL:              http://pypi.python.org/pypi/virtualenvwrapper
 Source0:          http://pypi.python.org/packages/source/v/virtualenvwrapper/virtualenvwrapper-3.2.tar.gz
 Patch0:           0001-Shebangs-and-permissions.patch
+Patch1:           0002-remove-tmp-trap.patch
 
 BuildArch:        noarch
 
@@ -30,6 +31,7 @@ one project at a time without introducing conflicts in their dependencies.
 %prep
 %setup -q -n %{modname}-%{version}
 %patch0 -p1
+%patch1 -p0
 
 %build
 %{__python} setup.py build 
@@ -44,6 +46,9 @@ one project at a time without introducing conflicts in their dependencies.
 %{_bindir}/virtualenvwrapper.sh
 
 %changelog
+* Mon May 07 2012 Ralph Bean <rbean at redhat.com> 3.2-3
+- Applied security patch from Aaron Griffis.  http://bit.ly/IHJqxs
+
 * Tue Apr 17 2012 Ralph Bean <rbean at redhat.com> 3.2-2
 - Updated the Shebangs-and-permissions patch to add a shebang to
   /usr/bin/virtualenvwrapper.sh

More information about the scm-commits mailing list