FreeBSD Bugzilla – Attachment 50627 Details for
Bug 77079
Update port: lang/python22 Security update PSF-2005-001
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
python22.patch
python22.patch (text/plain), 3.23 KB, created by
Marcus Grando
on 2005-02-03 22:30:20 UTC
(
hide
)
Description:
python22.patch
Filename:
MIME Type:
Creator:
Marcus Grando
Created:
2005-02-03 22:30:20 UTC
Size:
3.23 KB
patch
obsolete
>diff -ruN python22.old/Makefile python22/Makefile >--- python22.old/Makefile Tue Nov 16 01:01:47 2004 >+++ python22/Makefile Thu Feb 3 20:07:58 2005 >@@ -7,7 +7,7 @@ > > PORTNAME= python > PORTVERSION= 2.2.3 >-PORTREVISION= 6 >+PORTREVISION= 7 > CATEGORIES= lang python ipv6 > MASTER_SITES= ${PYTHON_MASTER_SITES} > MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR} >diff -ruN python22.old/files/patch-Lib::SimpleXMLRPCServer.py python22/files/patch-Lib::SimpleXMLRPCServer.py >--- python22.old/files/patch-Lib::SimpleXMLRPCServer.py Wed Dec 31 21:00:00 1969 >+++ python22/files/patch-Lib::SimpleXMLRPCServer.py Thu Feb 3 20:07:42 2005 >@@ -0,0 +1,68 @@ >+--- Lib/SimpleXMLRPCServer.py.orig Sat Sep 29 01:54:33 2001 >++++ Lib/SimpleXMLRPCServer.py Thu Feb 3 20:07:10 2005 >+@@ -161,7 +161,8 @@ >+ try: >+ func = _resolve_dotted_attribute( >+ self.server.instance, >+- method >++ method, >++ self.allow_dotted_names >+ ) >+ except AttributeError: >+ pass >+@@ -178,11 +179,20 @@ >+ BaseHTTPServer.BaseHTTPRequestHandler.log_request(self, code, size) >+ >+ >+-def _resolve_dotted_attribute(obj, attr): >++def _resolve_dotted_attribute(obj, attr, allow_dotted_names=True): >+ """Resolves a dotted attribute name to an object. Raises >+ an AttributeError if any attribute in the chain starts with a '_'. >++ >++ If the optional allow_dotted_names argument is false, dots are not >++ supported and this function operates similar to getattr(obj, attr). >+ """ >+- for i in attr.split('.'): >++ >++ if allow_dotted_names: >++ attrs = attr.split('.') >++ else: >++ attrs = [attr] >++ >++ for i in attrs: >+ if i.startswith('_'): >+ raise AttributeError( >+ 'attempt to access private attribute "%s"' % i >+@@ -206,7 +216,7 @@ >+ self.instance = None >+ SocketServer.TCPServer.__init__(self, addr, requestHandler) >+ >+- def register_instance(self, instance): >++ def register_instance(self, instance, allow_dotted_names=False): >+ """Registers an instance to respond to XML-RPC requests. >+ >+ Only one instance can be installed at a time. >+@@ -225,9 +235,23 @@ >+ >+ If a registered function matches a XML-RPC request, then it >+ will be called instead of the registered instance. >++ >++ If the optional allow_dotted_names argument is true and the >++ instance does not have a _dispatch method, method names >++ containing dots are supported and resolved, as long as none of >++ the name segments start with an '_'. >++ >++ *** SECURITY WARNING: *** >++ >++ Enabling the allow_dotted_names options allows intruders >++ to access your module's global variables and may allow >++ intruders to execute arbitrary code on your machine. Only >++ use this option on a secure, closed network. >++ >+ """ >+ >+ self.instance = instance >++ self.allow_dotted_names = allow_dotted_names >+ >+ def register_function(self, function, name = None): >+ """Registers a function to respond to XML-RPC requests.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=50627">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 77079
: 50627