Permalink
Browse files

Merge branch '2.7-maintenance'

  • Loading branch information...
2 parents 377b9b5 + 8fc231a commit 99e46a07441b7da3d2c5051b50dc8332ab769a2d @mitsuhiko mitsuhiko committed Jun 6, 2014
Showing with 16 additions and 3 deletions.
  1. +7 −0 CHANGES
  2. +9 −1 jinja2/bccache.py
  3. +0 −2 setup.py
View
@@ -17,6 +17,13 @@ Version 2.8
- Added :func:`make_logging_undefined` which returns an undefined
object that logs failures into a logger.
+Version 2.7.3
+-------------
+(bugfix release, released on June 6th 2014)
+
+- Security issue: Corrected the security fix for the cache folder. This
+ fix was provided by RedHat.
+
Version 2.7.2
-------------
(bugfix release, released on January 10th 2014)
View
@@ -240,8 +240,16 @@ def _unsafe_dir():
or not stat.S_ISDIR(actual_dir_stat.st_mode) \
or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU:
_unsafe_dir()
- except OSError:
+ except OSError as e:
+ if e.errno != errno.EEXIST:
+ raise
+
+ actual_dir_stat = os.lstat(actual_dir)
+ if actual_dir_stat.st_uid != os.getuid() \
+ or not stat.S_ISDIR(actual_dir_stat.st_mode) \
+ or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU:
_unsafe_dir()
+
return actual_dir
def _get_cache_filename(self, bucket):
View
@@ -35,8 +35,6 @@
.. _Jinja2 webpage: http://jinja.pocoo.org/
.. _documentation: http://jinja.pocoo.org/2/documentation/
"""
-import sys
-
from setuptools import setup

0 comments on commit 99e46a0

Please sign in to comment.