Update to 1.9.1 (security fix):

Release 1.9.1 (2012-01-12)
--------------------------

Security-related Bugfix
'''''''''''''''''''''''

- Fix flaw that would allow servers to cause undetected corruption when
  retrieving the contents of mutable files (both SDMF and MDMF). (`#1654`_)

.. _`#1654`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654
This commit is contained in:
gdt 2012-01-13 01:14:56 +00:00
parent f5d917e6fb
commit b75b8cad44
3 changed files with 20 additions and 15 deletions

View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.9 2011/11/09 00:30:12 gdt Exp $
# $NetBSD: Makefile,v 1.10 2012/01/13 01:14:56 gdt Exp $
#
VERSION= 1.9.0
VERSION= 1.9.1
DISTNAME= allmydata-tahoe-${VERSION}
EGG_NAME= allmydata_tahoe-${VERSION}
PKGNAME= tahoe-lafs-${VERSION}
@ -45,11 +45,15 @@ DEPENDS+= ${PYPKGPREFIX}-cryptopp-[0-9]*:../../security/py-cryptopp
DEPENDS+= ${PYPKGPREFIX}-OpenSSL-[0-9]*:../../security/py-OpenSSL
DEPENDS+= ${PYPKGPREFIX}-nevow-[0-9]*:../../www/py-nevow
#1.9.1 seems ok
#BAD_DISTFILE_MODES=yes
.if defined(BAD_DISTFILE_MODES)
# Distfile has files mode 600, which leads to root-owned 600 files in
# the binary package.
post-extract:
${ECHO} "Fixing distfile contents to be world readable:"
chmod -R +r ${WRKSRC}
.endif
REPLACE_PYTHON+= src/allmydata/reliability.py
REPLACE_PYTHON+= src/allmydata/storage/shares.py

View file

@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.6 2011/11/09 00:30:12 gdt Exp $
$NetBSD: distinfo,v 1.7 2012/01/13 01:14:56 gdt Exp $
SHA1 (allmydata-tahoe-1.9.0.tar.bz2) = 10a3b21d63cf6bacded25c9e6cec35dff70add03
RMD160 (allmydata-tahoe-1.9.0.tar.bz2) = c05a46937a47719bb3eaa0e676d508b84306aeee
Size (allmydata-tahoe-1.9.0.tar.bz2) = 1121903 bytes
SHA1 (patch-aa) = be8b873d419ae688fdcc9cf0efbb9269259ebd13
SHA1 (allmydata-tahoe-1.9.1.tar.bz2) = c1e3802f893438e4fcc83f1c178d498027000bec
RMD160 (allmydata-tahoe-1.9.1.tar.bz2) = 3b934fe834c14a550b8df42e2a0856bcee214fcf
Size (allmydata-tahoe-1.9.1.tar.bz2) = 1126286 bytes
SHA1 (patch-aa) = 68f09259cd8e4aab5dd6c8a4fbac1aac6c159e23

View file

@ -1,16 +1,17 @@
$NetBSD: patch-aa,v 1.1 2010/12/04 01:58:57 gdt Exp $
$NetBSD: patch-aa,v 1.2 2012/01/13 01:14:56 gdt Exp $
Upstream incorrectly installs test code. Patch from David-Sarah
Hopwood (of upstream) in private mail.
--- setup.py.orig 2010-11-30 05:41:58.000000000 +0000
--- setup.py.orig 2012-01-11 22:40:51.000000000 +0000
+++ setup.py
@@ -371,7 +371,7 @@ setup(name=APPNAME,
"sdist": MySdist,
},
package_dir = {'':'src'},
- packages=find_packages("src"),
+ packages=find_packages("src", exclude=["buildtest"]),
@@ -453,8 +453,7 @@ setup(name=APPNAME,
'allmydata.test',
'allmydata.util',
'allmydata.web',
- 'allmydata.windows',
- 'buildtest'],
+ 'allmydata.windows'],
classifiers=trove_classifiers,
test_suite="allmydata.test",
install_requires=install_requires,