diff -Nru python-rply-0.7.3/debian/changelog python-rply-0.7.4/debian/changelog --- python-rply-0.7.3/debian/changelog 2015-05-01 15:14:29.000000000 +0000 +++ python-rply-0.7.4/debian/changelog 2015-09-04 05:16:31.000000000 +0000 @@ -1,3 +1,17 @@ +python-rply (0.7.4-1) unstable; urgency=medium + + * New upstream release. + - Stop using /tmp entirely; this fixes the remaining insecure handling + issue (Closes: #737627). + + -- Tristan Seligmann Fri, 04 Sep 2015 07:16:00 +0200 + +python-rply (0.7.3-3) unstable; urgency=medium + + * Drop 2001_dont_use_setuptools.patch as pypy-setuptools now exists. + + -- Tristan Seligmann Tue, 01 Sep 2015 10:56:32 +0200 + python-rply (0.7.3-2) unstable; urgency=medium * Reupload to unstable. diff -Nru python-rply-0.7.3/debian/control python-rply-0.7.4/debian/control --- python-rply-0.7.3/debian/control 2014-12-13 07:44:34.000000000 +0000 +++ python-rply-0.7.4/debian/control 2015-09-04 05:16:31.000000000 +0000 @@ -11,7 +11,13 @@ debhelper (>= 9~), dh-buildinfo, pypy, - dh-python + dh-python, + python-setuptools, + python-appdirs, + python3-setuptools, + python3-appdirs, + pypy-setuptools, + pypy-appdirs Standards-Version: 3.9.6 Homepage: https://github.com/alex/rply Vcs-Svn: svn://anonscm.debian.org/python-modules/packages/python-rply/trunk/ diff -Nru python-rply-0.7.3/debian/control.in python-rply-0.7.4/debian/control.in --- python-rply-0.7.3/debian/control.in 2014-01-18 00:35:22.000000000 +0000 +++ python-rply-0.7.4/debian/control.in 2015-09-01 08:56:41.000000000 +0000 @@ -5,7 +5,7 @@ Uploaders: Vasudev Kamath , Tristan Seligmann Build-Depends: @cdbs@ -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Homepage: https://github.com/alex/rply Vcs-Svn: svn://anonscm.debian.org/python-modules/packages/python-rply/trunk/ Vcs-Browser: http://anonscm.debian.org/viewvc/python-modules/packages/python-rply/trunk/ diff -Nru python-rply-0.7.3/debian/copyright_hints python-rply-0.7.4/debian/copyright_hints --- python-rply-0.7.3/debian/copyright_hints 2014-01-18 00:48:49.000000000 +0000 +++ python-rply-0.7.4/debian/copyright_hints 2015-09-01 09:01:30.000000000 +0000 @@ -12,16 +12,13 @@ debian/control.in debian/docs debian/gbp.conf - debian/patches/2001_dont_use_setuptools.patch debian/patches/README - debian/patches/series debian/pypy-rply.install debian/python-rply.install debian/python3-rply.install debian/rules debian/source/format - debian/source/include-binaries - debian/upstream-signing-key.pgp + debian/upstream/signing-key.asc debian/watch rply.egg-info/PKG-INFO rply.egg-info/SOURCES.txt diff -Nru python-rply-0.7.3/debian/patches/2001_dont_use_setuptools.patch python-rply-0.7.4/debian/patches/2001_dont_use_setuptools.patch --- python-rply-0.7.3/debian/patches/2001_dont_use_setuptools.patch 2014-01-18 00:41:53.000000000 +0000 +++ python-rply-0.7.4/debian/patches/2001_dont_use_setuptools.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -Description: Switch setup.py back to distutils - Upstream switched setup.py to use setuptools directly, rather than distutils. - However, this change is only necessary for building and publishing wheels, - which does not concern the Debian package, and setuptools is not currently - packaged for pypy, so this patch switches back to distutils. - . - Can be removed once setuptools is packaged for pypy in Debian (see #735855). -Author: Tristan Seligmann -Forwarded: no -Last-Update: 2014-01-18 -Index: python-rply-0.7.1/setup.py -=================================================================== ---- python-rply-0.7.1.orig/setup.py 2014-01-18 01:19:19.000000000 +0200 -+++ python-rply-0.7.1/setup.py 2014-01-18 02:38:39.789465893 +0200 -@@ -1,4 +1,4 @@ --from setuptools import setup -+from distutils.core import setup - - - with open("README.rst") as f: diff -Nru python-rply-0.7.3/debian/patches/series python-rply-0.7.4/debian/patches/series --- python-rply-0.7.3/debian/patches/series 2014-01-18 00:41:53.000000000 +0000 +++ python-rply-0.7.4/debian/patches/series 2015-09-01 08:56:41.000000000 +0000 @@ -1 +0,0 @@ -2001_dont_use_setuptools.patch diff -Nru python-rply-0.7.3/debian/pypydist-overrides python-rply-0.7.4/debian/pypydist-overrides --- python-rply-0.7.3/debian/pypydist-overrides 1970-01-01 00:00:00.000000000 +0000 +++ python-rply-0.7.4/debian/pypydist-overrides 2015-09-04 05:16:31.000000000 +0000 @@ -0,0 +1 @@ +appdirs pypy-appdirs; PEP386 diff -Nru python-rply-0.7.3/debian/rules python-rply-0.7.4/debian/rules --- python-rply-0.7.3/debian/rules 2014-02-21 15:46:20.000000000 +0000 +++ python-rply-0.7.4/debian/rules 2015-09-01 09:00:54.000000000 +0000 @@ -13,7 +13,7 @@ # Additional build-depends on pypy for building pypy-rply # TODO: remove this once dh_pypy is integrated into CDBS -CDBS_BUILD_DEPENDS += , pypy, dh-python +CDBS_BUILD_DEPENDS += , pypy, dh-python, python-setuptools, python3-setuptools, pypy-setuptools # generates get-orig-source target DEB_UPSTREAM_PACKAGE = rply diff -Nru python-rply-0.7.3/PKG-INFO python-rply-0.7.4/PKG-INFO --- python-rply-0.7.3/PKG-INFO 2014-12-02 21:51:28.000000000 +0000 +++ python-rply-0.7.4/PKG-INFO 2015-09-01 12:42:30.000000000 +0000 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: rply -Version: 0.7.3 +Version: 0.7.4 Summary: A pure Python Lex/Yacc that works with RPython Home-page: UNKNOWN Author: Alex Gaynor @@ -10,7 +10,7 @@ ==== .. image:: https://secure.travis-ci.org/alex/rply.png - :target: http://travis-ci.org/alex/rply + :target: https://travis-ci.org/alex/rply Welcome to RPLY! A pure python parser generator, that also works with RPython. It is a more-or-less direct port of David Beazley's awesome PLY, with a new diff -Nru python-rply-0.7.3/README.rst python-rply-0.7.4/README.rst --- python-rply-0.7.3/README.rst 2014-08-09 17:28:35.000000000 +0000 +++ python-rply-0.7.4/README.rst 2015-09-01 12:25:44.000000000 +0000 @@ -2,7 +2,7 @@ ==== .. image:: https://secure.travis-ci.org/alex/rply.png - :target: http://travis-ci.org/alex/rply + :target: https://travis-ci.org/alex/rply Welcome to RPLY! A pure python parser generator, that also works with RPython. It is a more-or-less direct port of David Beazley's awesome PLY, with a new diff -Nru python-rply-0.7.3/rply/parsergenerator.py python-rply-0.7.4/rply/parsergenerator.py --- python-rply-0.7.3/rply/parsergenerator.py 2014-11-10 21:00:59.000000000 +0000 +++ python-rply-0.7.4/rply/parsergenerator.py 2015-09-01 12:25:44.000000000 +0000 @@ -2,12 +2,12 @@ import json import os import random -import stat import string import sys -import tempfile import warnings +from appdirs import AppDirs + from rply.errors import ParserGeneratorError, ParserGeneratorWarning from rply.grammar import Grammar from rply.parser import LRParser @@ -175,44 +175,28 @@ g.compute_first() g.compute_follow() - # win32 temp directories are already per-user - if os.name == "nt": - cache_file = os.path.join( - tempfile.gettempdir(), - "rply-%s-%s-%s.json" % ( - self.VERSION, self.cache_id, self.compute_grammar_hash(g) - ) - ) - else: - cache_file = os.path.join( - tempfile.gettempdir(), - "rply-%s-%s-%s-%s.json" % ( - self.VERSION, - os.getuid(), - self.cache_id, - self.compute_grammar_hash(g) - ) + cache_dir = AppDirs("rply").user_cache_dir + cache_file = os.path.join( + cache_dir, + "%s-%s-%s.json" % ( + self.cache_id, self.VERSION, self.compute_grammar_hash(g) ) + ) + table = None if os.path.exists(cache_file): with open(cache_file) as f: data = json.load(f) - stat_result = os.fstat(f.fileno()) - if ( - os.name == "nt" or ( - stat_result.st_uid == os.getuid() and - stat.S_IMODE(stat_result.st_mode) == 0o0600 - ) - ): - if self.data_is_valid(g, data): - table = LRTable.from_cache(g, data) + if self.data_is_valid(g, data): + table = LRTable.from_cache(g, data) if table is None: table = LRTable.from_grammar(g) - fd = os.open( - cache_file, os.O_RDWR | os.O_CREAT | os.O_EXCL, 0o0600 - ) - with os.fdopen(fd, "w") as f: + if not os.path.exists(cache_dir): + os.makedirs(cache_dir, mode=0o0700) + + with open(cache_file, "w") as f: json.dump(self.serialize_table(table), f) + if table.sr_conflicts: warnings.warn( "%d shift/reduce conflict%s" % ( diff -Nru python-rply-0.7.3/rply.egg-info/PKG-INFO python-rply-0.7.4/rply.egg-info/PKG-INFO --- python-rply-0.7.3/rply.egg-info/PKG-INFO 2014-12-02 21:51:28.000000000 +0000 +++ python-rply-0.7.4/rply.egg-info/PKG-INFO 2015-09-01 12:42:30.000000000 +0000 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: rply -Version: 0.7.3 +Version: 0.7.4 Summary: A pure Python Lex/Yacc that works with RPython Home-page: UNKNOWN Author: Alex Gaynor @@ -10,7 +10,7 @@ ==== .. image:: https://secure.travis-ci.org/alex/rply.png - :target: http://travis-ci.org/alex/rply + :target: https://travis-ci.org/alex/rply Welcome to RPLY! A pure python parser generator, that also works with RPython. It is a more-or-less direct port of David Beazley's awesome PLY, with a new diff -Nru python-rply-0.7.3/rply.egg-info/requires.txt python-rply-0.7.4/rply.egg-info/requires.txt --- python-rply-0.7.3/rply.egg-info/requires.txt 1970-01-01 00:00:00.000000000 +0000 +++ python-rply-0.7.4/rply.egg-info/requires.txt 2015-09-01 12:42:30.000000000 +0000 @@ -0,0 +1 @@ +appdirs diff -Nru python-rply-0.7.3/rply.egg-info/SOURCES.txt python-rply-0.7.4/rply.egg-info/SOURCES.txt --- python-rply-0.7.3/rply.egg-info/SOURCES.txt 2014-12-02 21:51:28.000000000 +0000 +++ python-rply-0.7.4/rply.egg-info/SOURCES.txt 2015-09-01 12:42:30.000000000 +0000 @@ -15,4 +15,5 @@ rply.egg-info/PKG-INFO rply.egg-info/SOURCES.txt rply.egg-info/dependency_links.txt +rply.egg-info/requires.txt rply.egg-info/top_level.txt \ No newline at end of file diff -Nru python-rply-0.7.3/setup.py python-rply-0.7.4/setup.py --- python-rply-0.7.3/setup.py 2014-12-02 21:50:43.000000000 +0000 +++ python-rply-0.7.4/setup.py 2015-09-01 12:41:11.000000000 +0000 @@ -9,8 +9,9 @@ description="A pure Python Lex/Yacc that works with RPython", long_description=readme, # duplicated in docs/conf.py - version="0.7.3", + version="0.7.4", author="Alex Gaynor", author_email="alex.gaynor@gmail.com", packages=["rply"], + install_requires=["appdirs"], )