please test and commit.
as far as i can say, the patch is not necessary
anymore.
-f
--
time is the best teacher, unfortunately it kills all its students.
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/py-jinja2/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- Makefile 25 May 2014 18:19:32 -0000 1.18
+++ Makefile 3 Sep 2014 15:30:39 -0000
@@ -2,7 +2,7 @@
COMMENT = fast, optionally sandboxed, Python template engine
-MODPY_EGG_VERSION = 2.7.2
+MODPY_EGG_VERSION = 2.7.3
DISTNAME = Jinja2-${MODPY_EGG_VERSION}
PKGNAME = py-${DISTNAME:L}
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/py-jinja2/distinfo,v
retrieving revision 1.9
diff -u -p -r1.9 distinfo
--- distinfo 25 May 2014 18:19:32 -0000 1.9
+++ distinfo 3 Sep 2014 15:30:39 -0000
@@ -1,2 +1,2 @@
-SHA256 (Jinja2-2.7.2.tar.gz) = MQo1+8ysOvE+v5Jyl/hxrGVrnaHSSLH+Z2Wv+nG1MjU=
-SIZE (Jinja2-2.7.2.tar.gz) = 378300
+SHA256 (Jinja2-2.7.3.tar.gz) = LiSsXQBNtXFJdqBKwOgMbfbkfpjDVMssDYL4h51Pj9s=
+SIZE (Jinja2-2.7.3.tar.gz) = 378470
Index: patches/patch-jinja2_bccache_py
===================================================================
RCS file: patches/patch-jinja2_bccache_py
diff -N patches/patch-jinja2_bccache_py
--- patches/patch-jinja2_bccache_py 25 May 2014 18:19:32 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,50 +0,0 @@
-$OpenBSD: patch-jinja2_bccache_py,v 1.1 2014/05/25 18:19:32 rpe Exp $
-
-Fix for CVE-2014-0012 (Insecure temp folder creation)
-https://github.com/mitsuhiko/jinja2/pull/292/commits
-
---- jinja2/bccache.py.orig Fri Jan 10 11:42:03 2014
-+++ jinja2/bccache.py Sun May 25 16:34:26 2014
-@@ -15,9 +15,7 @@
- :license: BSD.
- """
- from os import path, listdir
--import os
- import sys
--import errno
- import marshal
- import tempfile
- import fnmatch
-@@ -206,31 +204,9 @@ class FileSystemBytecodeCache(BytecodeCache):
-
- def __init__(self, directory=None, pattern='__jinja2_%s.cache'):
- if directory is None:
-- directory = self._get_default_cache_dir()
-+ directory = tempfile.mkdtemp(prefix="jinja2-cache-")
- self.directory = directory
- self.pattern = pattern
--
-- def _get_default_cache_dir(self):
-- tmpdir = tempfile.gettempdir()
--
-- # On windows the temporary directory is used specific unless
-- # explicitly forced otherwise. We can just use that.
-- if os.name == 'n':
-- return tmpdir
-- if not hasattr(os, 'getuid'):
-- raise RuntimeError('Cannot determine safe temp directory. You '
-- 'need to explicitly provide one.')
--
-- dirname = '_jinja2-cache-%d' % os.getuid()
-- actual_dir = os.path.join(tmpdir, dirname)
-- try:
-- # 448 == 0700
-- os.mkdir(actual_dir, 448)
-- except OSError as e:
-- if e.errno != errno.EEXIST:
-- raise
--
-- return actual_dir
-
- def _get_cache_filename(self, bucket):
- return path.join(self.directory, self.pattern % bucket.key)
