removes this behaviour, additionally "make clean" is now able to clean
such a port's directory and no longer fails due to missing permissions.
from Andrew Dalgleish via Xavier Santolaria
Zack Weinberg found a vulnerability in the way the exevpe() method
from the os.py module uses a temporary file name. A file which
supposedly should not exist is created in a unsafe way and the method
tries to execute it. The objective of such code is to discover what
error the operating system returns in a portable way.
By exploiting this vulnerability a local attacker can execute
arbitrary code with the privileges of the user running python code
which uses the execvpe() method.
http://python.org/sf/590294http://python.org/sf/601077
>
> Modified files:
> lang/python/2.2/patches: patch-configure_in
>
> Log message:
> fixes for shared lib support
if it's good enough for 2.2, it's good enough for 2.1
2.1.3 has very few improvements over 2.1.2, but the most important
are some thread-safety fixes that were causing heavily loaded Zope
sites to keel over.
size is not adequate for some of the complex processing that Zope
does, and -fPIC was aggravating that condition. Now, if we're using
shared libs, up the stack size to 128k.
Also remove some stray files that never should have been committed
in the first place.
Major changes:
- no more threads flavor, threads is now the default.
- subpackage modules that depend on other packages instead of having
largely redundant flavors (unless platform has no shared libs, then
flavors count again)
- shared libpython stuff disabled until someone can figure out why
it makes Zope crash
- mark threads usage BROKEN on anything other than i386 for now.
- suggest using env when trying to set FLAVOR variable from command line.
- simplify Makefile a bit and push some of it out into the autoconf script where it properly
belongs.
