aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lang/python/Makefile1
-rw-r--r--lang/python/files/patch-Lib::SimpleXMLRPCServer.py125
-rw-r--r--lang/python24/Makefile1
-rw-r--r--lang/python24/files/patch-Lib::SimpleXMLRPCServer.py125
4 files changed, 252 insertions, 0 deletions
diff --git a/lang/python/Makefile b/lang/python/Makefile
index 0fafbcb85066..8cbd19756eb4 100644
--- a/lang/python/Makefile
+++ b/lang/python/Makefile
@@ -7,6 +7,7 @@
PORTNAME= python
PORTVERSION= 2.4
+PORTREVISION= 1
CATEGORIES= lang python ipv6
MASTER_SITES= ${PYTHON_MASTER_SITES}
MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR}
diff --git a/lang/python/files/patch-Lib::SimpleXMLRPCServer.py b/lang/python/files/patch-Lib::SimpleXMLRPCServer.py
new file mode 100644
index 000000000000..54b8b4523f4e
--- /dev/null
+++ b/lang/python/files/patch-Lib::SimpleXMLRPCServer.py
@@ -0,0 +1,125 @@
+Index: Lib/SimpleXMLRPCServer.py
+===================================================================
+RCS file: /cvsroot/python/python/dist/src/Lib/SimpleXMLRPCServer.py,v
+retrieving revision 1.7.8.1
+diff -c -r1.7.8.1 SimpleXMLRPCServer.py
+*** Lib/SimpleXMLRPCServer.py 3 Oct 2004 23:23:00 -0000 1.7.8.1
+--- Lib/SimpleXMLRPCServer.py 3 Feb 2005 05:33:55 -0000
+***************
+*** 107,120 ****
+ import types
+ import os
+
+! def resolve_dotted_attribute(obj, attr):
+ """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d
+
+ Resolves a dotted attribute name to an object. Raises
+ an AttributeError if any attribute in the chain starts with a '_'.
+ """
+
+! for i in attr.split('.'):
+ if i.startswith('_'):
+ raise AttributeError(
+ 'attempt to access private attribute "%s"' % i
+--- 107,128 ----
+ import types
+ import os
+
+! def resolve_dotted_attribute(obj, attr, allow_dotted_names=True):
+ """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d
+
+ Resolves a dotted attribute name to an object. Raises
+ an AttributeError if any attribute in the chain starts with a '_'.
++
++ If the optional allow_dotted_names argument is false, dots are not
++ supported and this function operates similar to getattr(obj, attr).
+ """
+
+! if allow_dotted_names:
+! attrs = attr.split('.')
+! else:
+! attrs = [attr]
+!
+! for i in attrs:
+ if i.startswith('_'):
+ raise AttributeError(
+ 'attempt to access private attribute "%s"' % i
+***************
+*** 156,162 ****
+ self.funcs = {}
+ self.instance = None
+
+! def register_instance(self, instance):
+ """Registers an instance to respond to XML-RPC requests.
+
+ Only one instance can be installed at a time.
+--- 164,170 ----
+ self.funcs = {}
+ self.instance = None
+
+! def register_instance(self, instance, allow_dotted_names=False):
+ """Registers an instance to respond to XML-RPC requests.
+
+ Only one instance can be installed at a time.
+***************
+*** 174,182 ****
+--- 182,204 ----
+
+ If a registered function matches a XML-RPC request, then it
+ will be called instead of the registered instance.
++
++ If the optional allow_dotted_names argument is true and the
++ instance does not have a _dispatch method, method names
++ containing dots are supported and resolved, as long as none of
++ the name segments start with an '_'.
++
++ *** SECURITY WARNING: ***
++
++ Enabling the allow_dotted_names options allows intruders
++ to access your module's global variables and may allow
++ intruders to execute arbitrary code on your machine. Only
++ use this option on a secure, closed network.
++
+ """
+
+ self.instance = instance
++ self.allow_dotted_names = allow_dotted_names
+
+ def register_function(self, function, name = None):
+ """Registers a function to respond to XML-RPC requests.
+***************
+*** 295,301 ****
+ try:
+ method = resolve_dotted_attribute(
+ self.instance,
+! method_name
+ )
+ except AttributeError:
+ pass
+--- 317,324 ----
+ try:
+ method = resolve_dotted_attribute(
+ self.instance,
+! method_name,
+! self.allow_dotted_names
+ )
+ except AttributeError:
+ pass
+***************
+*** 374,380 ****
+ try:
+ func = resolve_dotted_attribute(
+ self.instance,
+! method
+ )
+ except AttributeError:
+ pass
+--- 397,404 ----
+ try:
+ func = resolve_dotted_attribute(
+ self.instance,
+! method,
+! self.allow_dotted_names
+ )
+ except AttributeError:
+ pass
diff --git a/lang/python24/Makefile b/lang/python24/Makefile
index 0fafbcb85066..8cbd19756eb4 100644
--- a/lang/python24/Makefile
+++ b/lang/python24/Makefile
@@ -7,6 +7,7 @@
PORTNAME= python
PORTVERSION= 2.4
+PORTREVISION= 1
CATEGORIES= lang python ipv6
MASTER_SITES= ${PYTHON_MASTER_SITES}
MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR}
diff --git a/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py b/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py
new file mode 100644
index 000000000000..54b8b4523f4e
--- /dev/null
+++ b/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py
@@ -0,0 +1,125 @@
+Index: Lib/SimpleXMLRPCServer.py
+===================================================================
+RCS file: /cvsroot/python/python/dist/src/Lib/SimpleXMLRPCServer.py,v
+retrieving revision 1.7.8.1
+diff -c -r1.7.8.1 SimpleXMLRPCServer.py
+*** Lib/SimpleXMLRPCServer.py 3 Oct 2004 23:23:00 -0000 1.7.8.1
+--- Lib/SimpleXMLRPCServer.py 3 Feb 2005 05:33:55 -0000
+***************
+*** 107,120 ****
+ import types
+ import os
+
+! def resolve_dotted_attribute(obj, attr):
+ """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d
+
+ Resolves a dotted attribute name to an object. Raises
+ an AttributeError if any attribute in the chain starts with a '_'.
+ """
+
+! for i in attr.split('.'):
+ if i.startswith('_'):
+ raise AttributeError(
+ 'attempt to access private attribute "%s"' % i
+--- 107,128 ----
+ import types
+ import os
+
+! def resolve_dotted_attribute(obj, attr, allow_dotted_names=True):
+ """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d
+
+ Resolves a dotted attribute name to an object. Raises
+ an AttributeError if any attribute in the chain starts with a '_'.
++
++ If the optional allow_dotted_names argument is false, dots are not
++ supported and this function operates similar to getattr(obj, attr).
+ """
+
+! if allow_dotted_names:
+! attrs = attr.split('.')
+! else:
+! attrs = [attr]
+!
+! for i in attrs:
+ if i.startswith('_'):
+ raise AttributeError(
+ 'attempt to access private attribute "%s"' % i
+***************
+*** 156,162 ****
+ self.funcs = {}
+ self.instance = None
+
+! def register_instance(self, instance):
+ """Registers an instance to respond to XML-RPC requests.
+
+ Only one instance can be installed at a time.
+--- 164,170 ----
+ self.funcs = {}
+ self.instance = None
+
+! def register_instance(self, instance, allow_dotted_names=False):
+ """Registers an instance to respond to XML-RPC requests.
+
+ Only one instance can be installed at a time.
+***************
+*** 174,182 ****
+--- 182,204 ----
+
+ If a registered function matches a XML-RPC request, then it
+ will be called instead of the registered instance.
++
++ If the optional allow_dotted_names argument is true and the
++ instance does not have a _dispatch method, method names
++ containing dots are supported and resolved, as long as none of
++ the name segments start with an '_'.
++
++ *** SECURITY WARNING: ***
++
++ Enabling the allow_dotted_names options allows intruders
++ to access your module's global variables and may allow
++ intruders to execute arbitrary code on your machine. Only
++ use this option on a secure, closed network.
++
+ """
+
+ self.instance = instance
++ self.allow_dotted_names = allow_dotted_names
+
+ def register_function(self, function, name = None):
+ """Registers a function to respond to XML-RPC requests.
+***************
+*** 295,301 ****
+ try:
+ method = resolve_dotted_attribute(
+ self.instance,
+! method_name
+ )
+ except AttributeError:
+ pass
+--- 317,324 ----
+ try:
+ method = resolve_dotted_attribute(
+ self.instance,
+! method_name,
+! self.allow_dotted_names
+ )
+ except AttributeError:
+ pass
+***************
+*** 374,380 ****
+ try:
+ func = resolve_dotted_attribute(
+ self.instance,
+! method
+ )
+ except AttributeError:
+ pass
+--- 397,404 ----
+ try:
+ func = resolve_dotted_attribute(
+ self.instance,
+! method,
+! self.allow_dotted_names
+ )
+ except AttributeError:
+ pass
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-15 00:30:27 +0000