[python-virtualenvwrapper] Patch vulnerability.
Ralph Bean
ralph at fedoraproject.org
Mon May 7 16:08:45 UTC 2012
commit 9fa97f818a5b760aca3ae20f5a4cc27ab3e38555
Author: Ralph Bean <rbean at redhat.com>
Date: Mon May 7 12:08:36 2012 -0400
Patch vulnerability.
0002-remove-tmp-trap.patch | 10 ++++++++++
python-virtualenvwrapper.spec | 7 ++++++-
2 files changed, 16 insertions(+), 1 deletions(-)
---
diff --git a/0002-remove-tmp-trap.patch b/0002-remove-tmp-trap.patch
new file mode 100644
index 0000000..10acb52
--- /dev/null
+++ b/0002-remove-tmp-trap.patch
@@ -0,0 +1,10 @@
+--- virtualenvwrapper.sh.orig 2012-05-03 19:11:04.000000000 -0400
++++ virtualenvwrapper.sh 2012-05-07 11:45:44.061357101 -0400
+@@ -137,7 +137,6 @@
+ echo "ERROR: virtualenvwrapper could not create a temporary file name." 1>&2
+ return 1
+ fi
+- trap "\rm -f '$file' >/dev/null 2>&1" EXIT
+ echo $file
+ return 0
+ }
diff --git a/python-virtualenvwrapper.spec b/python-virtualenvwrapper.spec
index 3f5f2a8..64560ad 100644
--- a/python-virtualenvwrapper.spec
+++ b/python-virtualenvwrapper.spec
@@ -2,7 +2,7 @@
Name: python-virtualenvwrapper
Version: 3.2
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Enhancements to virtualenv
Group: Development/Languages
@@ -10,6 +10,7 @@ License: MIT
URL: http://pypi.python.org/pypi/virtualenvwrapper
Source0: http://pypi.python.org/packages/source/v/virtualenvwrapper/virtualenvwrapper-3.2.tar.gz
Patch0: 0001-Shebangs-and-permissions.patch
+Patch1: 0002-remove-tmp-trap.patch
BuildArch: noarch
@@ -30,6 +31,7 @@ one project at a time without introducing conflicts in their dependencies.
%prep
%setup -q -n %{modname}-%{version}
%patch0 -p1
+%patch1 -p0
%build
%{__python} setup.py build
@@ -44,6 +46,9 @@ one project at a time without introducing conflicts in their dependencies.
%{_bindir}/virtualenvwrapper.sh
%changelog
+* Mon May 07 2012 Ralph Bean <rbean at redhat.com> 3.2-3
+- Applied security patch from Aaron Griffis. http://bit.ly/IHJqxs
+
* Tue Apr 17 2012 Ralph Bean <rbean at redhat.com> 3.2-2
- Updated the Shebangs-and-permissions patch to add a shebang to
/usr/bin/virtualenvwrapper.sh
More information about the scm-commits
mailing list