FreeBSD Bugzilla – Attachment 185433 Details for
Bug 221539
sysutils/py-supervisor: Update to 3.3.3, Fixes security vulnerability
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to update py-supervisor
py-supervisor.diff (text/plain), 20.36 KB, created by
Franz Glasner
on 2017-08-15 10:31:55 UTC
(
hide
)
Description:
Patch to update py-supervisor
Filename:
MIME Type:
Creator:
Franz Glasner
Created:
2017-08-15 10:31:55 UTC
Size:
20.36 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 447978) >+++ Makefile (working copy) >@@ -2,7 +2,7 @@ > # $FreeBSD$ > > PORTNAME= supervisor >-PORTVERSION= 3.3.0 >+DISTVERSION= 3.3.3 > PORTEPOCH= 1 > CATEGORIES= sysutils python > MASTER_SITES= CHEESESHOP >@@ -11,6 +11,12 @@ > MAINTAINER= hizel@vyborg.ru > COMMENT= System to monitor and control a number of processes on UNIX-like OS > >+LICENSE= ZPL-Derived >+LICENSE_GROUPS= FSF OSI GPL >+LICENSE_NAME= ZPL-derived license with no servicemark clause >+LICENSE_FILE= ${WRKSRC}/LICENSES.txt >+LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept >+ > RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}meld3>=0.6.5:www/py-meld3 > TEST_DEPENDS:= ${RUN_DEPENDS} \ > ${PYTHON_PKGNAMEPREFIX}mock>0:devel/py-mock >@@ -26,7 +32,7 @@ > > PORTDOCS= *.txt *.rst > >-USES= python:2 >+USES= python:2 shebangfix > USE_PYTHON= distutils autoplist > PIDDIR?= /var/run/supervisor > >@@ -35,6 +41,11 @@ > PLIST_SUB= PIDDIR=${PIDDIR} > USE_RC_SUBR= supervisord > >+SHEBANG_FILES= supervisor/scripts/*.py supervisor/tests/fixtures/*.py >+SHEBANG_LANG= Python >+Python_OLD_CMD= "/usr/bin/env python" "<<PYTHON>>" >+Python_CMD= ${PYTHON_CMD} >+ > post-patch: > @${REINPLACE_CMD} -e 's!%%PREFIX%%!${PREFIX}!' ${WRKSRC}/supervisor/options.py > >Index: distinfo >=================================================================== >--- distinfo (revision 447978) >+++ distinfo (working copy) >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1465394448 >-SHA256 (supervisor-3.3.0.tar.gz) = 3176fb8a78c60164020e252e4a2b50b039cfec1f410b4562a843b66186188652 >-SIZE (supervisor-3.3.0.tar.gz) = 416329 >+TIMESTAMP = 1502190315 >+SHA256 (supervisor-3.3.3.tar.gz) = 96287ebfabf9a6923f74123b056c4da39c617fef367980f007cac02fba6527ad >+SIZE (supervisor-3.3.3.tar.gz) = 418354 >Index: files/patch-supervisor-tests-test_options.py >=================================================================== >--- files/patch-supervisor-tests-test_options.py (revision 447978) >+++ files/patch-supervisor-tests-test_options.py (working copy) >@@ -1,6 +1,6 @@ >---- supervisor/tests/test_options.py.orig 2016-05-14 21:19:49.000000000 +0300 >-+++ supervisor/tests/test_options.py 2016-06-08 17:05:08.114929000 +0300 >-@@ -157,15 +157,15 @@ class OptionTests(unittest.TestCase): >+--- supervisor/tests/test_options.py.orig 2017-07-24 19:48:01 UTC >++++ supervisor/tests/test_options.py >+@@ -158,15 +158,15 @@ class OptionTests(unittest.TestCase): > short=False, > ) > >@@ -25,7 +25,7 @@ > > def test_options_and_args_order(self): > # Only config file exists >-@@ -352,17 +352,17 @@ class ClientOptionsTests(unittest.TestCa >+@@ -353,17 +353,17 @@ class ClientOptionsTests(unittest.TestCa > except ValueError, exc: > self.assertTrue("could not find config file" in exc.args[0]) > >@@ -34,18 +34,17 @@ > - def dummy_open(fn, mode): > - raise IOError(errno.EACCES, 'Permission denied: %s' % fn) > - instance.open = dummy_open >-- >++# def test_read_config_unreadable(self): >++# instance = self._makeOne() >++# def dummy_open(fn, mode): >++# raise IOError(errno.EACCES, 'Permission denied: %s' % fn) >++# instance.open = dummy_open >+ > - try: > - instance.read_config(__file__) > - self.fail("expected exception") > - except ValueError, exc: > - self.assertTrue("could not read config file" in exc.args[0]) >-+# def test_read_config_unreadable(self): >-+# instance = self._makeOne() >-+# def dummy_open(fn, mode): >-+# raise IOError(errno.EACCES, 'Permission denied: %s' % fn) >-+# instance.open = dummy_open >-+ > +# try: > +# instance.read_config(__file__) > +# self.fail("expected exception") >@@ -54,7 +53,7 @@ > > def test_read_config_no_supervisord_section_raises_valueerror(self): > instance = self._makeOne() >-@@ -803,17 +803,17 @@ class ServerOptionsTests(unittest.TestCa >+@@ -804,17 +804,17 @@ class ServerOptionsTests(unittest.TestCa > except ValueError, exc: > self.assertTrue("could not find config file" in exc.args[0]) > >@@ -63,18 +62,17 @@ > - def dummy_open(fn, mode): > - raise IOError(errno.EACCES, 'Permission denied: %s' % fn) > - instance.open = dummy_open >-- >++# def test_read_config_unreadable(self): >++# instance = self._makeOne() >++# def dummy_open(fn, mode): >++# raise IOError(errno.EACCES, 'Permission denied: %s' % fn) >++# instance.open = dummy_open >+ > - try: > - instance.read_config(__file__) > - self.fail("nothing raised") > - except ValueError, exc: > - self.assertTrue("could not read config file" in exc.args[0]) >-+# def test_read_config_unreadable(self): >-+# instance = self._makeOne() >-+# def dummy_open(fn, mode): >-+# raise IOError(errno.EACCES, 'Permission denied: %s' % fn) >-+# instance.open = dummy_open >-+ > +# try: > +# instance.read_config(__file__) > +# self.fail("nothing raised") >Index: files/patch-supervisor-tests-test_supervisorctl.py >=================================================================== >--- files/patch-supervisor-tests-test_supervisorctl.py (revision 447978) >+++ files/patch-supervisor-tests-test_supervisorctl.py (working copy) >@@ -1,6 +1,6 @@ >---- supervisor/tests/test_supervisorctl.py.orig 2016-06-08 17:08:09.404989000 +0300 >-+++ supervisor/tests/test_supervisorctl.py 2016-06-08 17:08:32.361939000 +0300 >-@@ -1562,23 +1562,23 @@ class TestDefaultControllerPlugin(unitte >+--- supervisor/tests/test_supervisorctl.py.orig 2017-07-24 19:48:01 UTC >++++ supervisor/tests/test_supervisorctl.py >+@@ -1600,23 +1600,23 @@ class TestDefaultControllerPlugin(unitte > val = plugin.ctl.stdout.getvalue() > self.assertTrue(val.startswith('Error: bad argument wrong'), val) > >Index: files/patch-supervisor_options.py >=================================================================== >--- files/patch-supervisor_options.py (revision 447978) >+++ files/patch-supervisor_options.py (working copy) >@@ -1,5 +1,5 @@ >---- supervisor/options.py.orig 2016-06-08 17:09:41.213297000 +0300 >-+++ supervisor/options.py 2016-06-08 17:10:18.970354000 +0300 >+--- supervisor/options.py.orig 2017-07-24 19:48:00 UTC >++++ supervisor/options.py > @@ -96,13 +96,7 @@ class Options: > self.add("configfile", None, "c:", "configuration=") > >@@ -11,7 +11,7 @@ > - '/etc/supervisord.conf', > - '/etc/supervisor/supervisord.conf', > - ] >-+ searchpaths = [ '%%PREFIX%%/etc/supervisord.conf' ] >++ searchpaths = [ '/usr/local/etc/supervisord.conf' ] > self.searchpaths = searchpaths > > self.environ_expansions = {} >Index: files/supervisord.conf.sample >=================================================================== >--- files/supervisord.conf.sample (revision 447978) >+++ files/supervisord.conf.sample (working copy) >@@ -1,51 +1,68 @@ > ; Sample supervisor config file. >+; >+; For more information on the config file, please see: >+; http://supervisord.org/configuration.html >+; >+; Notes: >+; - Shell expansion ("~" or "$HOME") is not supported. Environment >+; variables can be expanded using this syntax: "%(ENV_HOME)s". >+; - Quotes around values are not supported, except in the case of >+; the environment= options as shown below. >+; - Comments must have a leading space: "a=b ;comment" not "a=b;comment". >+; - Command will be truncated if it looks like a config file comment, e.g. >+; "command=bash -c 'foo ; bar'" will truncate to "command=bash -c 'foo ". > > [unix_http_server] >-file=/var/run/supervisor/supervisor.sock ; (the path to the socket file) >-;chmod=0700 ; sockef file mode (default 0700) >+file=/var/run/supervisor/supervisor.sock ; the path to the socket file >+;chmod=0700 ; socket file mode (default 0700) > ;chown=nobody:nogroup ; socket file uid:gid owner >-;username=user ; (default is no username (open server)) >-;password=123 ; (default is no password (open server)) >+;username=user ; default is no username (open server) >+;password=123 ; default is no password (open server) > > ;[inet_http_server] ; inet (TCP) server disabled by default >-;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface) >-;username=user ; (default is no username (open server)) >-;password=123 ; (default is no password (open server)) >+;port=127.0.0.1:9001 ; ip_address:port specifier, *:port for all iface >+;username=user ; default is no username (open server) >+;password=123 ; default is no password (open server) > > [supervisord] >-logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log) >-logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) >-logfile_backups=10 ; (num of main logfile rotation backups;default 10) >-loglevel=info ; (log level;default info; others: debug,warn,trace) >-pidfile=/var/run/supervisor/supervisord.pid ; (supervisord pidfile;default supervisord.pid) >-nodaemon=false ; (start in foreground if true;default false) >-minfds=1024 ; (min. avail startup file descriptors;default 1024) >-minprocs=200 ; (min. avail process descriptors;default 200) >-;umask=022 ; (process file creation umask;default 022) >-;user=chrism ; (default is current user, required if root) >-;identifier=supervisor ; (supervisord identifier, default is 'supervisor') >-;directory=/tmp ; (default is not to cd during start) >-;nocleanup=true ; (don't clean up tempfiles at start;default false) >-;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) >-;environment=KEY=value ; (key value pairs to add to environment) >-;strip_ansi=false ; (strip ansi escape codes in logs; def. false) >+logfile=/tmp/supervisord.log ; main log file; default $CWD/supervisord.log >+logfile_maxbytes=50MB ; max main logfile bytes b4 rotation; default 50MB >+logfile_backups=10 ; # of main logfile backups; 0 means none, default 10 >+loglevel=info ; log level; default info; others: debug,warn,trace >+;pidfile=/var/run/supervisor/supervisord.pid ; supervisord pidfile; default supervisord.pid >+nodaemon=false ; start in foreground if true; default false >+minfds=1024 ; min. avail startup file descriptors; default 1024 >+minprocs=200 ; min. avail process descriptors;default 200 >+;umask=022 ; process file creation umask; default 022 >+;user=chrism ; default is current user, required if root >+;identifier=supervisor ; supervisord identifier, default is 'supervisor' >+;directory=/tmp ; default is not to cd during start >+;nocleanup=true ; don't clean up tempfiles at start; default false >+;childlogdir=/tmp ; 'AUTO' child log dir, default $TEMP >+;environment=KEY="value" ; key value pairs to add to environment >+;strip_ansi=false ; strip ansi escape codes in logs; def. false > >-; the below section must remain in the config file for RPC >-; (supervisorctl/web interface) to work, additional interfaces may be >-; added by defining them in separate rpcinterface: sections >+; The rpcinterface:supervisor section must remain in the config file for >+; RPC (supervisorctl/web interface) to work. Additional interfaces may be >+; added by defining them in separate [rpcinterface:x] sections. >+ > [rpcinterface:supervisor] > supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface > >+; The supervisorctl section configures how supervisorctl will connect to >+; supervisord. configure it match the settings in either the unix_http_server >+; or inet_http_server section. >+ > [supervisorctl] > serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket > ;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket >-;username=chris ; should be same as http_username if set >-;password=123 ; should be same as http_password if set >+;username=chris ; should be same as in [*_http_server] if set >+;password=123 ; should be same as in [*_http_server] if set > ;prompt=mysupervisor ; cmd line prompt (default "supervisor") > ;history_file=~/.sc_history ; use readline history if available > >-; The below sample program section shows all possible program subsection values, >-; create one or more 'real' program: sections to be able to control them under >+; The sample program section below shows all possible program subsection values. >+; Create one or more 'real' program: sections to be able to control them under > ; supervisor. > > ;[program:theprogramname] >@@ -56,31 +73,32 @@ > ;umask=022 ; umask for process (default None) > ;priority=999 ; the relative start priority (default 999) > ;autostart=true ; start at supervisord start (default: true) >-;autorestart=true ; retstart at unexpected quit (default: true) >-;startsecs=10 ; number of secs prog must stay running (def. 1) >-;startretries=3 ; max # of serial start failures (default 3) >-;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) >+;startsecs=1 ; # of secs prog must stay up to be running (def. 1) >+;startretries=3 ; max # of serial start failures when starting (default 3) >+;autorestart=unexpected ; when to restart if exited after running (def: unexpected) >+;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2) > ;stopsignal=QUIT ; signal used to kill process (default TERM) > ;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) >+;stopasgroup=false ; send stop signal to the UNIX process group (default false) >+;killasgroup=false ; SIGKILL the UNIX process group (def false) > ;user=chrism ; setuid to this UNIX account to run the program > ;redirect_stderr=true ; redirect proc stderr to stdout (default false) > ;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO > ;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) >-;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) >+;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) > ;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) > ;stdout_events_enabled=false ; emit events on stdout writes (default false) > ;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO > ;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) >-;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) >+;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) > ;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) > ;stderr_events_enabled=false ; emit events on stderr writes (default false) >-;environment=A=1,B=2 ; process environment additions (def no adds) >+;environment=A="1",B="2" ; process environment additions (def no adds) > ;serverurl=AUTO ; override serverurl computation (childutils) > >-; The below sample eventlistener section shows all possible >-; eventlistener subsection values, create one or more 'real' >-; eventlistener: sections to be able to handle event notifications >-; sent by supervisor. >+; The sample eventlistener section below shows all possible eventlistener >+; subsection values. Create one or more 'real' eventlistener: sections to be >+; able to handle event notifications sent by supervisord. > > ;[eventlistener:theeventlistenername] > ;command=/bin/eventlistener ; the program (relative uses PATH, can take args) >@@ -92,28 +110,29 @@ > ;umask=022 ; umask for process (default None) > ;priority=-1 ; the relative start priority (default -1) > ;autostart=true ; start at supervisord start (default: true) >-;autorestart=unexpected ; restart at unexpected quit (default: unexpected) >-;startsecs=10 ; number of secs prog must stay running (def. 1) >-;startretries=3 ; max # of serial start failures (default 3) >-;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) >+;startsecs=1 ; # of secs prog must stay up to be running (def. 1) >+;startretries=3 ; max # of serial start failures when starting (default 3) >+;autorestart=unexpected ; autorestart if exited after running (def: unexpected) >+;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2) > ;stopsignal=QUIT ; signal used to kill process (default TERM) > ;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) >+;stopasgroup=false ; send stop signal to the UNIX process group (default false) >+;killasgroup=false ; SIGKILL the UNIX process group (def false) > ;user=chrism ; setuid to this UNIX account to run the program >-;redirect_stderr=true ; redirect proc stderr to stdout (default false) >+;redirect_stderr=false ; redirect_stderr=true is not allowed for eventlisteners > ;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO > ;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) >-;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) >+;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) > ;stdout_events_enabled=false ; emit events on stdout writes (default false) > ;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO > ;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) >-;stderr_logfile_backups ; # of stderr logfile backups (default 10) >+;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) > ;stderr_events_enabled=false ; emit events on stderr writes (default false) >-;environment=A=1,B=2 ; process environment additions >+;environment=A="1",B="2" ; process environment additions > ;serverurl=AUTO ; override serverurl computation (childutils) > >-; The below sample group section shows all possible group values, >-; create one or more 'real' group: sections to create "heterogeneous" >-; process groups. >+; The sample group section below shows all possible group values. Create one >+; or more 'real' group: sections to create "heterogeneous" process groups. > > ;[group:thegroupname] > ;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions >Index: files/supervisord.in >=================================================================== >--- files/supervisord.in (revision 447978) >+++ files/supervisord.in (working copy) >@@ -26,9 +26,20 @@ > : ${supervisord_config="%%PREFIX%%/etc/supervisord.conf"} > : ${supervisord_user="root"} > >+pidfile="%%PIDDIR%%/${name}.pid" > command="%%PREFIX%%/bin/${name}" >-command_args="-u ${supervisord_user} -c ${supervisord_config}" >+command_args="-j ${pidfile} -u ${supervisord_user} -c ${supervisord_config}" > command_interpreter="%%PYTHON_CMD%%" >-pidfile="%%PIDDIR%%/${name}.pid" > >+start_precmd="_supervisord_precmd" >+ >+_supervisord_precmd() >+{ >+ # Create the run directory >+ local _piddir=`dirname ${pidfile}` >+ if [ ! -d ${_piddir} ]; then >+ install -d -o ${supervisord_user} ${_piddir} >+ fi >+} >+ > run_rc_command "$1" >Index: pkg-plist >=================================================================== >--- pkg-plist (revision 447978) >+++ pkg-plist (working copy) >@@ -1,6 +1,5 @@ >-@sample etc/supervisord.conf.sample >-@exec mkdir -p %%PIDDIR%% >-@unexec echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=" >-@unexec echo "If you are permanently removing py-supervisor, you should also:" | /usr/bin/fmt >-@unexec echo "'rm -rf %%PIDDIR%%'" | /usr/bin/fmt >-@unexec echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=" >+@sample etc/supervisord.conf.sample etc/supervisord.conf >+@postunexec echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=" >+@postunexec echo "If you are permanently removing py-supervisor, you should also:" | /usr/bin/fmt >+@postunexec echo "'rm -rf %%PIDDIR%%'" | /usr/bin/fmt >+@postunexec echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-="
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=185433">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 221539
:
185433
|
185434
|
185638
|
186416
|
186417
|
186419