Bug#703801: tpu: gunicorn/0.14.5-3+deb7u1

[Jonathan Wiltshire]

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: tpu

As discussed with Adam, please approve the attached tpu diff for gunicorn.

The primary fix is the updated patch for dropping guids; however, it also
includes an important fix for switching to dh_python2 which currently
results in no helper being used if built in a minimal chroot, with the
potential for leftover files after removal in Wheezy.


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru gunicorn-0.14.5/debian/changelog gunicorn-0.14.5/debian/changelog
--- gunicorn-0.14.5/debian/changelog	2012-10-04 20:22:11.000000000 +0100
+++ gunicorn-0.14.5/debian/changelog	2013-03-23 20:11:19.000000000 +0000
@@ -1,3 +1,12 @@
+gunicorn (0.14.5-3+deb7u1) testing-proposed-updates; urgency=low
+
+  * Non-maintainer upload.
+  * Backport updated patch 01-drop-supplemental-groups.diff from unstable
+    to avoid exceptions when starting as a non-root user (Closes: #690500)
+  * Properly migrate to dh_python2 (Closes: #690079)
+
+ -- Jonathan Wiltshire <j...@debian.org>  Sat, 23 Mar 2013 20:03:01 +0000
+
 gunicorn (0.14.5-3) unstable; urgency=medium
 
   * Apply security patch from Vangelis Koukis <vkou...@grnet.gr> to ensure
diff -Nru gunicorn-0.14.5/debian/patches/01-drop-supplemental-groups.diff gunicorn-0.14.5/debian/patches/01-drop-supplemental-groups.diff
--- gunicorn-0.14.5/debian/patches/01-drop-supplemental-groups.diff	2012-10-04 20:22:11.000000000 +0100
+++ gunicorn-0.14.5/debian/patches/01-drop-supplemental-groups.diff	2013-03-23 20:02:36.000000000 +0000
@@ -1,13 +1,25 @@
 diff --git a/gunicorn/util.py b/gunicorn/util.py
-index e919d53..d0e5642 100644
+index e919d53..a854eb7 100644
 --- a/gunicorn/util.py
 +++ b/gunicorn/util.py
-@@ -146,6 +146,9 @@ def set_owner_process(uid,gid):
+@@ -14,6 +14,7 @@ except ImportError:
+     # Python on Solaris compiled with Sun Studio doesn't have ctypes
+     ctypes = None
+ 
++import errno
+ import fcntl
+ import os
+ import pkg_resources
+@@ -146,6 +147,13 @@ def set_owner_process(uid,gid):
              # groups like on osx or fedora
              os.setgid(-ctypes.c_int(-gid).value)
  
 +        # Also drop supplemental groups
-+        os.setgroups([])
++        try:
++            os.setgroups([])
++        except OSError, e:
++            if e.errno != errno.EPERM:
++                raise
 +
      if uid:
          os.setuid(uid)
diff -Nru gunicorn-0.14.5/debian/rules gunicorn-0.14.5/debian/rules
--- gunicorn-0.14.5/debian/rules	2012-10-04 20:22:11.000000000 +0100
+++ gunicorn-0.14.5/debian/rules	2013-03-23 20:02:05.000000000 +0000
@@ -2,10 +2,9 @@
 
 POD_MANPAGES=$(wildcard debian/manpages/*.pod)
 MANPAGES=$(patsubst %.pod,%.1, $(POD_MANPAGES))
-DEB_PYTHON2_MODULE_PACKAGES=gunicorn
 
 %:
-	dh $@
+	dh $@ --with=python2
 
 %.1: %.pod
 	pod2man $< $@