--- python-cherrypy-2.3.0.orig/debian/changelog +++ python-cherrypy-2.3.0/debian/changelog @@ -0,0 +1,316 @@ +python-cherrypy (2.3.0-3build1) precise; urgency=low + + * Rebuild to drop python2.6 dependencies and provides. + + -- Matthias Klose Sat, 14 Apr 2012 13:44:10 +0000 + +python-cherrypy (2.3.0-3) unstable; urgency=low + + * debian/control: + - make this package extra, because it conflicts with cherrypy3 + - bump Standards-Version to 3.8.2, with no changes + + -- Gustavo Noronha Silva Sat, 15 Aug 2009 14:13:20 -0300 + +python-cherrypy (2.3.0-2) unstable; urgency=low + + [ Sandro Tosi ] + * debian/control + - switch Vcs-Browser field to viewsvn + + [ Gustavo Noronha Silva ] + * debian/patches/01_ignore_invalid_cookies.diff: + - patch from upstream, provided by Alban Crequy + to ignore invalid cookies + (Closes: #514032) + + -- Gustavo Noronha Silva Sat, 09 May 2009 12:40:54 -0300 + +python-cherrypy (2.3.0-1) unstable; urgency=low + + * New upstream release + * debian/watch: + - updated watch file to look for 2.3.x releases + * debian/patches/04_CVE-2008-0252.diff: + - applied upstream; removing + * debian/control: + - no longer build-depends on revision -1 of setuptools + + -- Gustavo Noronha Silva Sat, 10 May 2008 16:46:50 -0300 + +python-cherrypy (2.2.1-4) unstable; urgency=low + + [ Piotr Ożarowski ] + * Vcs-Svn, Vcs-Browser and Homepage fields added + * New python-support handles egg's directory name correctly + - bump python-support required version + - remove mv part from debian/rules + + [ Loic Minier ] + * Only track 2.x versions in watch file; thanks Goedson Teixeira Paixao. + + [ Scott Kitterman ] + * debian/patches/03_autoreloader_fix.dpatch + - Fixed the auto-reloader if modules with an invalid __file__ attribute + are loaded, using code from CherryPy 3. + + [ Sandro Tosi ] + * debian/control + - uniforming Vcs-Browser field + + [ Gustavo Noronha Silva ] + * acknowledging NMU by Nico, thanks! (Closes: #461069) + * debian/control: + - updated Standards-Version to 3.7.3 + - turn build-depends-indep into build-deps, since they are needed on clean + + -- Gustavo Noronha Silva Thu, 24 Jan 2008 13:31:32 -0200 + +python-cherrypy (2.2.1-3.1) unstable; urgency=high + + * Non-maintainer upload by security team. + * This update addresses the following security issue: + - Directory traversal vulnerability in the _get_file_path function + in filter/sessionfilter.py allows remote attackers to create or + delete arbitrary files, and possibly read and write portions of + arbitrary files, via a crafted session id in a cookie + (CVE-2008-0252; Closes: #461069). + + -- Nico Golde Fri, 18 Jan 2008 16:25:39 +0100 + +python-cherrypy (2.2.1-3) unstable; urgency=low + + * debian/rules, debian/control: + - updated to follow the new Python Policy, build-depending on the + newest versions of cdbs, python-support and debhelper + (Closes: #373517) + * debian/python-cherrypy.{postinst,prerm}: + - removed; generated by python-support + + -- Gustavo Noronha Silva Sun, 4 Jun 2006 23:50:37 -0300 + +python-cherrypy (2.2.1-2) unstable; urgency=low + + * debian/patches/02_eggify.diff: + - fixed to only patch setup.py, so that it imports setup + from setuptools instead of distutils; ez_setup is not + needed + * debian/patches/00_supress_profiler_warning.diff: + - stop warning about the profiler module not being packaged + in the main python distribution; that is documented in + README.Debian + * debian/control: + - move python and python-setuptools to Build-Depends, + since they are needed at the clean target + * debian/watch: + - new uscan support file, using the sf.net trick + + -- Gustavo Noronha Silva Sun, 4 Jun 2006 23:44:26 -0300 + +python-cherrypy (2.2.1-1) unstable; urgency=low + + * debian/patches/*: + - renamed to have numbers defining the order in which they + should be applied + * debian/README.Debian: + - added, documenting the Python profiler only being available + in a non-free package problem + * debian/rules, debian/python-cherrypy.{postinst,prerm}: + - install py files to the python-cherrypy instead of cherrypy + for python-support; using the package name is the correct, + documented way of doing it. + * debian/patches/01_auto-reload-with-python-support.diff: + - removed because python-support >= 0.2, which I depend upon + provides symlinks for the .py files; + * debian/control: + - depend on python-support >= 0.2; see above + - Standards-Version to 3.7.2, no changes + + -- Gustavo Noronha Silva Sat, 13 May 2006 17:06:10 -0300 + +python-cherrypy (2.2.0-3) unstable; urgency=low + + * Upload to unstable (duh) + + -- Gustavo Noronha Silva Thu, 4 May 2006 00:25:21 -0300 + +python-cherrypy (2.2.0-2) experimental; urgency=low + + * debian/source.lintian-overrides: + - this package needs debhelper and cdbs for the clean target + to be run + * debian/control: + - increased Standards-Version to 3.7 with no changes + * debian/rules: + - use --install-lib instead of moving stuff manually + - also install tutorial and test using --install-data + + -- Gustavo Noronha Silva Thu, 4 May 2006 00:00:28 -0300 + +python-cherrypy (2.2.0-1) unstable; urgency=low + + * New upstream release + * debian/control, debian/rules: + - no longer provides the transition packages for cherrypy2.1 + * debian/patches/auto-reload-with-python-support.diff: + - updated for the new version + * debian/control: + - moved cdbs and debhelper to Build-Depends + * debian/rules: + - removed the code to auto-generate the Uploaders field, since + it will not be used + - fix the arguments passed to dh_compress so .py and .pdf files + are actually not compressed + + -- Gustavo Noronha Silva Sun, 23 Apr 2006 10:08:43 -0300 + +python-cherrypy (2.1.1-3) unstable; urgency=low + + * Python Modules Team upload + * debian/control: + - added the team in Uploaders field + * debian/rules: + - install the egg info without the python version in the name of + the directory + * debian/NEWS.Debian -> debian/NEWS: + - renamed so debhelper will take care of installing it; + (Closes: #362039). + + -- Gustavo Noronha Silva Sun, 16 Apr 2006 16:56:12 -0300 + +python-cherrypy (2.1.1-2) unstable; urgency=low + + * Debian revision with source package name change + * changed source package name back to something more generic, since + it seems like there won't be compatibility breakage again anytime + soon + * use python-support + * debian/patches/eggify.diff: + - add patch to provide EGG-INFO stuff, so that packages that depend + on that information, such as TurboGears, will be able to use + CherryPy + * debian/patches/auto-reload-with-python-support.diff: + - auto-reload doesn't like the .py files to be in a different path as the + pyc files; I need a better solution for this, but for now the auto-reloader + simply ignores the files in the cherrypy distribution (which is OK, since they + are not supposed to be modified after the package is installed). + * debian/control: + - build-depends on python-setup-tools >= 0.6a9-1, needed to provide the + EGG-INFO stuff + * debian/copyright: + - de-wikify the authors names + * debian/control, debian/rules: + - add dummy transition packages for python-cherrypy2.1, and deal with what + cdbs's python stuff likes to do when it sees lots of python${ver}-module + packages on the control file =D + * debian/NEWS.Debian: + - document big changes, and that this version is incompatible with + CherryPy 2.0 + + -- Gustavo Noronha Silva Sun, 2 Apr 2006 12:47:52 -0300 + +cherrypy2.1 (2.1.1-1) unstable; urgency=low + + * SECURITY bug fix (CVE-2006-0847) + * New upstream release fixing a security bug (Closes: #353542) + + -- Gustavo Noronha Silva Tue, 21 Feb 2006 07:47:33 -0300 + +cherrypy2.1 (2.1.0-1) unstable; urgency=low + + * New backwards-incompatible version, thus new source + package to keep both on the archive (Closes: #334933) + * debian/control: + - packages conflict with their 2.0 versions counterparts + - enhanced description, mention the backwards incompatibility + and that it's part of the Turbo Gears framework + - changed maintainer to myself + * debian/copyright: + - modified downloaded from location to mention cherrypy.org instead + of the sourceforge page + * debian/rules: + - avoid compressing the pdf and py files on the tutorial documentation + directory + - do not try to move the tutorial from unversioned site-packages + directory since there's no tutorial in there + + -- Gustavo Noronha Silva Sun, 13 Nov 2005 20:24:08 -0200 + +python-cherrypy (2.0.0f-2) unstable; urgency=low + + * Packaging based on the work by Bob Tanner + * New Upstream Release + * debian/control: + - Standards-Version is now 3.6.2 + - add python to the Build-Depends (Closes: #322452) + * debian/rules: + - clean hack to work around cdbs bug + * debian/changelog: + - fixed date format on the 0.9-1 upload (Web->Wed) + + -- Gustavo Noronha Silva Sun, 13 Nov 2005 19:24:27 -0200 + +python-cherrypy (2.0.0f-1) unstable; urgency=low + + * New upstream release + * debian/control: + - turn all packages into Arch: all packages, as they should be + - create packages for python2.3 and python2.4 + - Build-Depend-Indep on python2.3-dev and python2.4-dev (Closes: #306381) + * debian/rules: + - adapted post-install rule to work with multiple python versions + supported + + -- Gustavo Noronha Silva Mon, 20 Jun 2005 16:45:45 -0300 + +python-cherrypy (2.0.0b-1) experimental; urgency=low + + * New upstream version. (Closes: #284511) + - package rebuilt from scratch, changelog kept for historic + reasons + - comaintaince with Raphael Goulais + * Source package name change. + + -- Gustavo Noronha Silva Sun, 17 Apr 2005 16:39:06 -0300 + +cherrypy (0.10-1) unstable; urgency=low + + * New Upstream Version + + -- Raphael Goulais Mon, 26 Apr 2004 18:01:00 +0200 + +cherrypy (0.9-1) unstable; urgency=low + + * New Upstream Version + + -- Raphael Goulais (Rafou) Wed, 28 Nov 2003 12:34:37 +0100 + +cherrypy (0.8.99rc1-1) unstable; urgency=low + + * New Upstream Version + + -- Raphael Goulais (Rafou) Tue, 18 Nov 2003 15:03:08 +0100 + +cherrypy (0.8-3) unstable; urgency=low + + * Removed python2.1 and python2.3 from build depends (Closes: #192715) + + -- Raphael Goulais (Rafou) Mon, 12 May 2003 16:12:00 +0200 + +cherrypy (0.8-2) unstable; urgency=low + + * White Space Policy : Changed 4 spaces to tabs in lib files + * Removed CR/LF from most files + * Backported python2.3 fixes from CVS + * Removed doc sources from cherrypy-doc + * Modified doc/Makefile (more targets, added clean) + * Regenerated html doc with png images instead of gif + + -- Raphael Goulais (Rafou) Wed, 16 Apr 2003 21:29:00 +0200 + +cherrypy (0.8-1) unstable; urgency=low + + * Initial Release (Closes: #188144) + + -- Raphael Goulais (Rafou) Tue, 08 Apr 2003 15:20:00 +0200 + --- python-cherrypy-2.3.0.orig/debian/source.lintian-overrides +++ python-cherrypy-2.3.0/debian/source.lintian-overrides @@ -0,0 +1 @@ +python-cherrypy source: build-depends-without-arch-dep --- python-cherrypy-2.3.0.orig/debian/rules +++ python-cherrypy-2.3.0/debian/rules @@ -0,0 +1,17 @@ +#!/usr/bin/make -f + +DEB_PYTHON_SYSTEM := pysupport + +include /usr/share/cdbs/1/rules/buildcore.mk +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/python-distutils.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk + +DEB_COMPRESS_EXCLUDE=.py .pdf +DEB_PYTHON_INSTALL_ARGS_ALL += --single-version-externally-managed --install-lib usr/share/python-support/python-cherrypy --install-data usr/share/doc/python-cherrypy +# hack around CDBS bug -- see #373678 +DEB_PYTHON_INSTALL_ARGS := ${DEB_PYTHON_INSTALL_ARGS_ALL} + +clean:: + # hack (CDBS bug -- see #300149) + -rm -rf build --- python-cherrypy-2.3.0.orig/debian/README.Debian +++ python-cherrypy-2.3.0/debian/README.Debian @@ -0,0 +1,18 @@ +Notes about the CherryPy package for Debian +------------------------------------------- + +The profiler module of Python has a non-DFSG-compliant license. It is, +thus, not included in the Python package distributed officialy by +Debian. + +If you want to use it, you'll have to install the python-profiler +package from the non-free section; Notice that if you are using a +version of Python that is different from the default Python version +for Debian you need to install the package that matches your version +(for example, python2.3-profiler, if you are using python2.3). + +See this page for details: + + http://www.cherrypy.org/wiki/ProfilingOnDebian + + -- Gustavo Noronha Silva --- python-cherrypy-2.3.0.orig/debian/NEWS +++ python-cherrypy-2.3.0/debian/NEWS @@ -0,0 +1,13 @@ +python-cherrypy (2.1.1-2) unstable; urgency=low + + This release is incompatible with CherryPy 2.0. If you are using + that version, take a look at this page for how to upgrade your code: + + http://www.cherrypy.org/wiki/WhatsNewIn21 + + This release also marks a big overhaul on the package layout, which + is now using python-support, and also providing EGG-INFO information + so that systems like TurboGears are able to find and use CherryPy. + + -- Gustavo Noronha Silva Sun, 2 Apr 2006 12:47:11 -0300 + --- python-cherrypy-2.3.0.orig/debian/control +++ python-cherrypy-2.3.0/debian/control @@ -0,0 +1,31 @@ +Source: python-cherrypy +Section: python +Priority: extra +Maintainer: Gustavo Noronha Silva +Uploaders: Debian Python Modules Team +Build-Depends: cdbs (>= 0.4.41), debhelper (>= 5.0.37.1), python-setuptools (>= 0.6a9), python-dev, python-support (>= 0.6.4) +Standards-Version: 3.8.2 +Homepage: http://www.cherrypy.org/ +XS-Python-Version: all +Vcs-Svn: svn://svn.debian.org/python-modules/packages/python-cherrypy/trunk/ +Vcs-Browser: http://svn.debian.org/viewsvn/python-modules/packages/python-cherrypy/trunk/ + +Package: python-cherrypy +Architecture: all +XB-Python-Version: ${python:Versions} +Depends: ${python:Depends} +Provides: ${python:Provides} +Conflicts: python2.4-cherrypy2.1 (<= 2.1.1-1), python2.3-cherrypy2.1 (<= 2.1.1-1) +Replaces: python2.4-cherrypy2.1, python2.3-cherrypy2.1 +Description: Python web development framework + CherryPy is a pythonic, object-oriented web development framework. It + provides the foundation over which complex web-based applications can + be written, with little or no knowledge of the underlying + protocols. CherryPy allows developers to build web applications in + much the same way they would build any other object-oriented Python + program. This usually results in smaller source code developed in + less time. + . + This version is backwards incompatible with the 2.0 version, and is + the version used by the Turbo Gears framework. Visit the Turbo Gears + webpage for more: http://www.turbogears.org/ --- python-cherrypy-2.3.0.orig/debian/copyright +++ python-cherrypy-2.3.0/debian/copyright @@ -0,0 +1,23 @@ +This package was debianized by Gustavo Noronha Silva on +Thu, 10 Mar 2005 09:32:58 -0300. + +It was downloaded from http://www.cherrypy.org/ + +Copyright: + +Copyright (c) 2004, CherryPy Team (team@cherrypy.org) + +Upstream Authors: Remi Delon + Carlos Ribeiro + Remco Boerma + Jesir Vargas + Pawel Maczewski + Peter Hunt + Jaroslaw Zabiello + Robert Szefler + and others + +License: + +This package is licensed under the BSD license which can be found, +on Debian systems, at /usr/share/common-licenses/BSD. --- python-cherrypy-2.3.0.orig/debian/pycompat +++ python-cherrypy-2.3.0/debian/pycompat @@ -0,0 +1 @@ +2 --- python-cherrypy-2.3.0.orig/debian/watch +++ python-cherrypy-2.3.0/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://download.cherrypy.org/cherrypy/2.3.0/CherryPy-(2\.[\d.]+)\.tar\.gz --- python-cherrypy-2.3.0.orig/debian/compat +++ python-cherrypy-2.3.0/debian/compat @@ -0,0 +1 @@ +5 --- python-cherrypy-2.3.0.orig/debian/docs +++ python-cherrypy-2.3.0/debian/docs @@ -0,0 +1 @@ +README.txt --- python-cherrypy-2.3.0.orig/debian/patches/00_supress_profiler_warning.diff +++ python-cherrypy-2.3.0/debian/patches/00_supress_profiler_warning.diff @@ -0,0 +1,21 @@ +--- cherrypy/lib/profiler.py~ 2006-06-04 23:45:51.000000000 -0300 ++++ cherrypy/lib/profiler.py 2006-06-04 23:46:23.000000000 -0300 +@@ -46,12 +46,12 @@ + except ImportError: + profile = None + pstats = None +- import warnings +- msg = ("Your installation of Python doesn't have a profile module. " +- "If you're on Debian, you can apt-get python2.4-profiler from " +- "non-free in a separate step. See http://www.cherrypy.org/wiki/" +- "ProfilingOnDebian for details.") +- warnings.warn(msg) ++ #import warnings ++ #msg = ("Your installation of Python doesn't have a profile module. " ++ # "If you're on Debian, you can apt-get python2.4-profiler from " ++ # "non-free in a separate step. See http://www.cherrypy.org/wiki/" ++ # "ProfilingOnDebian for details.") ++ #warnings.warn(msg) + + import os, os.path + import sys --- python-cherrypy-2.3.0.orig/debian/patches/02_eggify.diff +++ python-cherrypy-2.3.0/debian/patches/02_eggify.diff @@ -0,0 +1,12 @@ +--- setup.py~ 2006-04-24 22:37:55.000000000 -0300 ++++ setup.py 2006-06-04 23:02:07.000000000 -0300 +@@ -6,7 +6,8 @@ + to install this package. + """ + +-from distutils.core import setup ++#from distutils.core import setup ++from setuptools import setup + from distutils.command.install import INSTALL_SCHEMES + import sys + import os --- python-cherrypy-2.3.0.orig/debian/patches/01_ignore_invalid_cookies.diff +++ python-cherrypy-2.3.0/debian/patches/01_ignore_invalid_cookies.diff @@ -0,0 +1,20 @@ +--- ./cherrypy/_cphttptools.py.vanilla 2009-02-03 14:04:42.000000000 +0200 ++++ ./cherrypy/_cphttptools.py 2009-02-03 16:20:13.000000000 +0200 +@@ -200,7 +200,16 @@ class Request(object): + # Handle cookies differently because on Konqueror, multiple + # cookies come on different lines with the same key + if name.title() == 'Cookie': +- self.simple_cookie.load(value) ++ # Cookies with a colon (":") are invalid according to rfc2965 ++ # and rfc2068. However if the browser send such a cookie, we ++ # want to ignore it and continue instead of returning an ++ # "500 Internal Server Error" error. More infos on: ++ # http://www.cherrypy.org/ticket/868 ++ try: ++ self.simple_cookie.load(value) ++ except Cookie.CookieError, e: ++ cherrypy.log("Unable to load user's cookie. Cookie ignored.") ++ + + # Save original values (in case they get modified by filters) + # This feature is deprecated in 2.2 and will be removed in 2.3. --- python-cherrypy-2.3.0.orig/debian/patches/03_autoreloader_fix.dpatch +++ python-cherrypy-2.3.0/debian/patches/03_autoreloader_fix.dpatch @@ -0,0 +1,41 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_autoreloader_fix.dpatch by John Millikin +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fixed the auto-reloader if modules with an invalid __file__ attribute +## DP: are loaded, using code from CherryPy 3 + +@DPATCH@ + +--- cherrypy/lib/autoreload.py~ 2007-02-14 17:17:37.553928785 -0800 ++++ cherrypy/lib/autoreload.py 2007-02-14 17:20:47.615142289 -0800 +@@ -23,15 +23,25 @@ def reloader_thread(freq): + if filename: + if filename.endswith(".pyc"): + filename = filename[:-1] ++ ++ oldtime = mtimes.get(filename, 0) ++ if oldtime is None: ++ # Module with no .py file. Skip it. ++ continue ++ + try: + mtime = os.stat(filename).st_mtime + except OSError: +- sys.exit(3) # force reload ++ # Either a module with no .py file, or it's been deleted. ++ mtime = None ++ + if filename not in mtimes: ++ # If a module has no .py file, this will be None. + mtimes[filename] = mtime +- continue +- if mtime > mtimes[filename]: +- sys.exit(3) # force reload ++ else: ++ if mtime is None or mtime > oldtime: ++ # The file has been deleted or modified. ++ sys.exit(3) + time.sleep(freq) + + def restart_with_reloader(): --- python-cherrypy-2.3.0.orig/debian/patches/00list +++ python-cherrypy-2.3.0/debian/patches/00list @@ -0,0 +1 @@ +03_autoreloader_fix.dpatch