diff options
Diffstat (limited to 'www-apps/roundup')
-rw-r--r-- | www-apps/roundup/Manifest | 2 | ||||
-rw-r--r-- | www-apps/roundup/files/roundup-1.6.0-configparser.patch | 40 | ||||
-rw-r--r-- | www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch | 150 | ||||
-rw-r--r-- | www-apps/roundup/files/roundup-1.6.0-xss.patch | 35 | ||||
-rw-r--r-- | www-apps/roundup/metadata.xml | 5 | ||||
-rw-r--r-- | www-apps/roundup/roundup-1.6.1.ebuild (renamed from www-apps/roundup/roundup-1.6.0-r1.ebuild) | 16 |
6 files changed, 15 insertions, 233 deletions
diff --git a/www-apps/roundup/Manifest b/www-apps/roundup/Manifest index 07f3cccfd454..b97d22ec5105 100644 --- a/www-apps/roundup/Manifest +++ b/www-apps/roundup/Manifest @@ -1,2 +1,2 @@ DIST roundup-1.5.1.tar.gz 2618886 BLAKE2B 5ccca10ce7f30b35b0875340c4cae87aa19e5384e6e5973576ea8e2de79eb83d32447580944f472d73e7cdb5f43a4ed7f805d51242e22cc2f756b3deae4004b2 SHA512 d7cdeaafb682ce7f202cacddeb1a42312f22778a2c83b52b4e838c27b1e7141a94b2ac2b670b0edee0efcfe27d74e31e6f267ae1380e90359def27385ca68d58 -DIST roundup-1.6.0.tar.gz 2893499 BLAKE2B 5fe75b0953d16cebe52a25379d5a13f7745eb87e4a6a46f17945c3655394c1d1d2aff9e74783ee3e4757fc407ca2b46a7c3ef6d20eedbfb695783302fb64bf1f SHA512 1a8e9c0c7a6e607953ee91ce750f72bf53b5c6dc4bbd6d001570dd77abf396d4de2c832ef45495b87890a3c11b158be9e7a8eed635f63b5586b7bb9399856dcc +DIST roundup-1.6.1.tar.gz 3128618 BLAKE2B 7fa87006582feac74f0fc455bc201f2485326b8f6ed616164f667992da114d45e8d8cef370a825450b5a4cb757ba0453d5fe3ace47164bd83e78a8c6f28b9d05 SHA512 b7666c5515c76baa4fa3ac3d0efea82feace6270af55bbc70e603b2ce0c617b4a303a15133310c1e00d3b6442baa58060d5387f568014652b1b781d9248f0052 diff --git a/www-apps/roundup/files/roundup-1.6.0-configparser.patch b/www-apps/roundup/files/roundup-1.6.0-configparser.patch deleted file mode 100644 index 6bdfc8dfaaad..000000000000 --- a/www-apps/roundup/files/roundup-1.6.0-configparser.patch +++ /dev/null @@ -1,40 +0,0 @@ -changeset: 5625:99175953520e -branch: maint-1.6 -parent: 5537:d698d3d843a9 -user: Joseph Myers <jsm@polyomino.org.uk> -date: Mon Aug 20 00:50:16 2018 +0000 -files: CHANGES.txt roundup/configuration.py -description: -Fix issue2550994: breakage caused by configparser backports. - - -diff -r d698d3d843a9 -r 99175953520e roundup/configuration.py ---- a/roundup/configuration.py Thu Sep 06 17:04:49 2018 -0400 -+++ b/roundup/configuration.py Mon Aug 20 00:50:16 2018 +0000 -@@ -2,9 +2,15 @@ - # - __docformat__ = "restructuredtext" - --try: -+# Some systems have a backport of the Python 3 configparser module to -+# Python 2: <https://pypi.org/project/configparser/>. That breaks -+# Roundup if used with Python 2 because it generates unicode objects -+# where not expected by the Python code. Thus, a version check is -+# used here instead of try/except. -+import sys -+if sys.version_info[0] > 2: - import configparser # Python 3 --except ImportError: -+else: - import ConfigParser as configparser # Python 2 - - import getopt -@@ -12,7 +18,6 @@ - import logging, logging.config - import os - import re --import sys - import time - import smtplib - - diff --git a/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch b/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch deleted file mode 100644 index 8be484d5f807..000000000000 --- a/www-apps/roundup/files/roundup-1.6.0-csrf-headers.patch +++ /dev/null @@ -1,150 +0,0 @@ -changeset: 5629:8e3df461d316 -branch: maint-1.6 -user: John Rouillard <rouilj@ieee.org> -date: Wed Feb 27 21:47:39 2019 -0500 -files: CHANGES.txt roundup/cgi/client.py roundup/scripts/roundup_server.py test/test_cgi.py -description: -issue2551023: Fix CSRF headers for use with wsgi and cgi. The -env variable array used - separators rather than _. Compare: -HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is -correct. Also fix roundup-server to produce the latter form. (Patch -by Cédric Krier) - - -diff -r 64ceb9c14b28 -r 8e3df461d316 roundup/cgi/client.py ---- a/roundup/cgi/client.py Tue Feb 12 21:31:41 2019 -0500 -+++ b/roundup/cgi/client.py Wed Feb 27 21:47:39 2019 -0500 -@@ -1026,7 +1026,7 @@ - # If required headers are missing, raise an error - for header in header_names: - if (config["WEB_CSRF_ENFORCE_HEADER_%s"%header] == 'required' -- and "HTTP_%s"%header not in self.env): -+ and "HTTP_%s" % header.replace('-', '_') not in self.env): - logger.error(self._("csrf header %s required but missing for user%s."), header, current_user) - raise Unauthorised, self._("Missing header: %s")%header - -@@ -1062,9 +1062,9 @@ - header_pass += 1 - - enforce=config['WEB_CSRF_ENFORCE_HEADER_X-FORWARDED-HOST'] -- if 'HTTP_X-FORWARDED-HOST' in self.env: -+ if 'HTTP_X_FORWARDED_HOST' in self.env: - if enforce != "no": -- host = self.env['HTTP_X-FORWARDED-HOST'] -+ host = self.env['HTTP_X_FORWARDED_HOST'] - foundat = self.base.find('://' + host + '/') - # 4 means self.base has http:/ prefix, 5 means https:/ prefix - if foundat not in [4, 5]: -@@ -1111,7 +1111,7 @@ - # Note we do not use CSRF nonces for xmlrpc requests. - # - # see: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers -- if 'HTTP_X-REQUESTED-WITH' not in self.env: -+ if 'HTTP_X_REQUESTED_WITH' not in self.env: - logger.error(self._("csrf X-REQUESTED-WITH xmlrpc required header check failed for user%s."), current_user) - raise UsageError, self._("Required Header Missing") - -diff -r 64ceb9c14b28 -r 8e3df461d316 roundup/scripts/roundup_server.py ---- a/roundup/scripts/roundup_server.py Tue Feb 12 21:31:41 2019 -0500 -+++ b/roundup/scripts/roundup_server.py Wed Feb 27 21:47:39 2019 -0500 -@@ -384,8 +384,8 @@ - # If behind a proxy, this is the hostname supplied - # via the Host header to the proxy. Used by core code. - # Controlled by the CSRF settings. -- env['HTTP_X-FORWARDED-HOST'] = xfh -- xff = self.headers.getheader('X-Forwarded-For', None) -+ env['HTTP_X_FORWARDED_HOST'] = xfh -+ xff = self.headers.get('X-Forwarded-For', None) - if xff: - # xff is a list of ip addresses for original client/proxies: - # X-Forwarded-For: clientIP, proxy1IP, proxy2IP -@@ -394,8 +394,8 @@ - # Made available for extensions if the user trusts it. - # E.g. you may wish to disable recaptcha validation extension - # if the ip of the client matches 172.16.0.0. -- env['HTTP_X-FORWARDED-FOR'] = xff -- xfp = self.headers.getheader('X-Forwarded-Proto', None) -+ env['HTTP_X_FORWARDED_FOR'] = xff -+ xfp = self.headers.get('X-Forwarded-Proto', None) - if xfp: - # xfp is the protocol (http/https) seen by proxies in the - # path of the request. I am not sure if there is only -@@ -408,8 +408,8 @@ - # May not be trustworthy. Do not use in core without - # config option to control its use. - # Made available for extensions if the user trusts it. -- env['HTTP_X-FORWARDED-PROTO'] = xfp -- if os.environ.has_key('CGI_SHOW_TIMING'): -+ env['HTTP_X_FORWARDED_PROTO'] = xfp -+ if 'CGI_SHOW_TIMING' in os.environ: - env['CGI_SHOW_TIMING'] = os.environ['CGI_SHOW_TIMING'] - env['HTTP_ACCEPT_LANGUAGE'] = self.headers.get('accept-language') - referer = self.headers.get('Referer') -@@ -420,8 +420,8 @@ - env['HTTP_ORIGIN'] = origin - xrw = self.headers.get('x-requested-with') - if xrw: -- env['HTTP_X-REQUESTED-WITH'] = xrw -- range = self.headers.getheader('range') -+ env['HTTP_X_REQUESTED_WITH'] = xrw -+ range = self.headers.get('range') - if range: - env['HTTP_RANGE'] = range - -diff -r 64ceb9c14b28 -r 8e3df461d316 test/test_cgi.py ---- a/test/test_cgi.py Tue Feb 12 21:31:41 2019 -0500 -+++ b/test/test_cgi.py Wed Feb 27 21:47:39 2019 -0500 -@@ -888,7 +888,7 @@ - del(cl.env['HTTP_ORIGIN']) - del(out[0]) - -- cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.com' -+ cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.com' - # if there is an X-FORWARDED-HOST header it is used and - # HOST header is ignored. X-FORWARDED-HOST should only be - # passed/set by a proxy. In this case the HOST header is -@@ -899,7 +899,7 @@ - match_at=out[0].find('Redirecting to <a href="http://whoami.com/path/issue1?@ok_message') - print "result of subtest 4:", out[0] - self.assertNotEqual(match_at, -1) -- del(cl.env['HTTP_X-FORWARDED-HOST']) -+ del(cl.env['HTTP_X_FORWARDED_HOST']) - del(cl.env['HTTP_HOST']) - del(out[0]) - -@@ -912,14 +912,14 @@ - del(out[0]) - - # try failing headers -- cl.env['HTTP_X-FORWARDED-HOST'] = 'whoami.net' -+ cl.env['HTTP_X_FORWARDED_HOST'] = 'whoami.net' - # this raises an error as the header check passes and - # it did the edit and tries to send mail. - cl.inner_main() - match_at=out[0].find('Invalid X-FORWARDED-HOST whoami.net') - print "result of subtest 6:", out[0] - self.assertNotEqual(match_at, -1) -- del(cl.env['HTTP_X-FORWARDED-HOST']) -+ del(cl.env['HTTP_X_FORWARDED_HOST']) - del(out[0]) - - # header checks succeed -@@ -1031,7 +1031,7 @@ - 'CONTENT_TYPE': 'text/plain', - 'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', - 'HTTP_REFERER': 'http://whoami.com/path/', -- 'HTTP_X-REQUESTED-WITH': "XMLHttpRequest" -+ 'HTTP_X_REQUESTED_WITH': "XMLHttpRequest" - }, form) - cl.db = self.db - cl.base = 'http://whoami.com/path/' -@@ -1059,7 +1059,7 @@ - del(out[0]) - - # remove the X-REQUESTED-WITH header and get an xmlrpc fault returned -- del(cl.env['HTTP_X-REQUESTED-WITH']) -+ del(cl.env['HTTP_X_REQUESTED_WITH']) - cl.handle_xmlrpc() - output="<?xml version='1.0'?>\n<methodResponse>\n<fault>\n<value><struct>\n<member>\n<name>faultCode</name>\n<value><int>1</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string><class 'roundup.exceptions.UsageError'>:Required Header Missing</string></value>\n</member>\n</struct></value>\n</fault>\n</methodResponse>\n" - print out[0] - diff --git a/www-apps/roundup/files/roundup-1.6.0-xss.patch b/www-apps/roundup/files/roundup-1.6.0-xss.patch deleted file mode 100644 index 44a607e0c46b..000000000000 --- a/www-apps/roundup/files/roundup-1.6.0-xss.patch +++ /dev/null @@ -1,35 +0,0 @@ -changeset: 5665:ab37c1705dbf -branch: maint-1.6 -parent: 5635:ea35ab75a4c0 -user: John Rouillard <rouilj@ieee.org> -date: Fri Mar 22 18:16:11 2019 -0400 -files: CHANGES.txt frontends/roundup.cgi roundup/cgi/wsgi_handler.py -description: -Fix fix XSS issue in wsgi and cgi when handing url not found/404. issue2551035 - - -diff -r ea35ab75a4c0 -r ab37c1705dbf frontends/roundup.cgi ---- a/frontends/roundup.cgi Thu Mar 07 15:42:21 2019 +0100 -+++ b/frontends/roundup.cgi Fri Mar 22 18:16:11 2019 -0400 -@@ -179,7 +179,7 @@ - request.send_response(404) - request.send_header('Content-Type', 'text/html') - request.end_headers() -- out.write('Not found: %s'%client.path) -+ out.write('Not found: %s'%cgi.escape(client.path)) - - else: - import urllib -diff -r ea35ab75a4c0 -r ab37c1705dbf roundup/cgi/wsgi_handler.py ---- a/roundup/cgi/wsgi_handler.py Thu Mar 07 15:42:21 2019 +0100 -+++ b/roundup/cgi/wsgi_handler.py Fri Mar 22 18:16:11 2019 -0400 -@@ -66,7 +66,7 @@ - client.main() - except roundup.cgi.client.NotFound: - request.start_response([('Content-Type', 'text/html')], 404) -- request.wfile.write('Not found: %s'%client.path) -+ request.wfile.write('Not found: %s'%cgi.escape(client.path)) - - # all body data has been written using wfile - return [] - diff --git a/www-apps/roundup/metadata.xml b/www-apps/roundup/metadata.xml index 0942edd01872..499f901ab9c1 100644 --- a/www-apps/roundup/metadata.xml +++ b/www-apps/roundup/metadata.xml @@ -13,4 +13,9 @@ <remote-id type="pypi">roundup</remote-id> <remote-id type="sourceforge">roundup</remote-id> </upstream> + <use> + <flag name="tz">Enable full support of timezone</flag> + <flag name="xapian">Enable Xapian full-text indexer</flag> + <flag name="whoosh">Enable Whoosh full-text indexer</flag> + </use> </pkgmetadata> diff --git a/www-apps/roundup/roundup-1.6.0-r1.ebuild b/www-apps/roundup/roundup-1.6.1.ebuild index 4e1c93d0283a..eebb51a675b5 100644 --- a/www-apps/roundup/roundup-1.6.0-r1.ebuild +++ b/www-apps/roundup/roundup-1.6.1.ebuild @@ -13,18 +13,20 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" LICENSE="MIT ZPL" SLOT="0" KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="+tz sqlite mysql postgres xapian whoosh ssl" DEPEND="" -RDEPEND="${DEPEND}" +RDEPEND="${DEPEND} + tz? ( dev-python/pytz[$PYTHON_USEDEP] ) + sqlite? ( dev-lang/python:*[sqlite] ) + mysql? ( dev-python/mysql-python[$PYTHON_USEDEP] ) + postgres? ( >=dev-python/psycopg-1.1.21[$PYTHON_USEDEP] ) + xapian? ( >=dev-libs/xapian-bindings-1.0.0[python,$PYTHON_USEDEP] ) + whoosh? ( >=dev-python/whoosh-2.5.7[$PYTHON_USEDEP] ) + ssl? ( dev-python/pyopenssl[$PYTHON_USEDEP] )" DOCS="CHANGES.txt doc/*.txt" -PATCHES=( - "${FILESDIR}/${P}-configparser.patch" - "${FILESDIR}/${P}-csrf-headers.patch" - "${FILESDIR}/${P}-xss.patch" -) - python_install_all() { distutils-r1_python_install_all rm -r "${ED}"/usr/share/doc/${PN} || die |