[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#770708: marked as done (unblock: astroid/1.2.1-2)



Your message dated Sun, 23 Nov 2014 16:21:33 +0100
with message-id <5471FB7D.5050208@thykier.net>
and subject line Re: Bug#770708: unblock: astroid/1.2.1-2
has caused the Debian Bug report #770708,
regarding unblock: astroid/1.2.1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
770708: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770708
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package astroid

This upload fixes a bug which affects pylint, which would let it import (and
this possibly execute code) when checking python extensions (which is agains the
contract with pylint users to be a static checker).

unblock astroid/1.2.1-2

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru astroid-1.2.1/debian/changelog astroid-1.2.1/debian/changelog
--- astroid-1.2.1/debian/changelog	2014-11-02 14:47:31.000000000 +0000
+++ astroid-1.2.1/debian/changelog	2014-11-23 13:36:47.000000000 +0000
@@ -1,3 +1,12 @@
+astroid (1.2.1-2) unstable; urgency=medium
+
+  * debian/patches/e24cacb15e2e152db155fdca9197a8d1bf9ce235.patch
+    - Never load C extensions that are not from the standard library and also
+      never load any compiled Python files; thanks to Jakub Wilk for the report;
+      Closes: #591676
+
+ -- Sandro Tosi <morph@debian.org>  Sun, 23 Nov 2014 13:36:44 +0000
+
 astroid (1.2.1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru astroid-1.2.1/debian/patches/e24cacb15e2e152db155fdca9197a8d1bf9ce235.patch astroid-1.2.1/debian/patches/e24cacb15e2e152db155fdca9197a8d1bf9ce235.patch
--- astroid-1.2.1/debian/patches/e24cacb15e2e152db155fdca9197a8d1bf9ce235.patch	1970-01-01 01:00:00.000000000 +0100
+++ astroid-1.2.1/debian/patches/e24cacb15e2e152db155fdca9197a8d1bf9ce235.patch	2014-11-23 13:36:27.000000000 +0000
@@ -0,0 +1,383 @@
+# HG changeset patch
+# User Torsten Marek <shlomme@gmail.com>
+# Date 1415534030 -3600
+# Node ID e24cacb15e2e152db155fdca9197a8d1bf9ce235
+# Parent  8b1f838e213786440a65bbfcb2ba4f743caa19ca
+Never load C extensions that are not from the standard library and also never load any compiled Python files.
+
+Fixes pylint issue #347.
+
+--- a/manager.py
++++ b/manager.py
+@@ -22,16 +22,16 @@ from various source and using a cache of
+ 
+ __docformat__ = "restructuredtext en"
+ 
++import imp
+ import os
+ from os.path import dirname, join, isdir, exists
+ from warnings import warn
++import zipimport
+ 
+ from logilab.common.configuration import OptionsProviderMixIn
+ 
+ from astroid.exceptions import AstroidBuildingException
+-from astroid.modutils import NoSourceFile, is_python_source, \
+-     file_from_modpath, load_module_from_name, modpath_from_file, \
+-     get_module_files, get_source_file, zipimport
++from astroid import modutils
+ 
+ 
+ def astroid_wrapper(func, modname):
+@@ -90,13 +90,13 @@ class AstroidManager(OptionsProviderMixI
+     def ast_from_file(self, filepath, modname=None, fallback=True, source=False):
+         """given a module name, return the astroid object"""
+         try:
+-            filepath = get_source_file(filepath, include_no_ext=True)
++            filepath = modutils.get_source_file(filepath, include_no_ext=True)
+             source = True
+-        except NoSourceFile:
++        except modutils.NoSourceFile:
+             pass
+         if modname is None:
+             try:
+-                modname = '.'.join(modpath_from_file(filepath))
++                modname = '.'.join(modutils.modpath_from_file(filepath))
+             except ImportError:
+                 modname = filepath
+         if modname in self.astroid_cache and self.astroid_cache[modname].file == filepath:
+@@ -109,29 +109,36 @@ class AstroidManager(OptionsProviderMixI
+         raise AstroidBuildingException('unable to get astroid for file %s' %
+                                        filepath)
+ 
++    def _build_stub_module(self, modname):
++        from astroid.builder import AstroidBuilder
++        return AstroidBuilder(self).string_build('', modname)
++
+     def ast_from_module_name(self, modname, context_file=None):
+         """given a module name, return the astroid object"""
+         if modname in self.astroid_cache:
+             return self.astroid_cache[modname]
+         if modname == '__main__':
+-            from astroid.builder import AstroidBuilder
+-            return AstroidBuilder(self).string_build('', modname)
++            return self._build_stub_module(modname)
+         old_cwd = os.getcwd()
+         if context_file:
+             os.chdir(dirname(context_file))
+         try:
+-            filepath = self.file_from_module_name(modname, context_file)
+-            if filepath is not None and not is_python_source(filepath):
++            filepath, mp_type = self.file_from_module_name(modname, context_file)
++            if mp_type == modutils.PY_ZIPMODULE:
+                 module = self.zip_import_data(filepath)
+                 if module is not None:
+                     return module
+-            if filepath is None or not is_python_source(filepath):
++            elif mp_type in (imp.C_BUILTIN, imp.C_EXTENSION):
++                if mp_type == imp.C_EXTENSION and not modutils.is_standard_module(modname):
++                    return self._build_stub_module(modname)
+                 try:
+-                    module = load_module_from_name(modname)
++                    module = modutils.load_module_from_name(modname)
+                 except Exception, ex:
+                     msg = 'Unable to load module %s (%s)' % (modname, ex)
+                     raise AstroidBuildingException(msg)
+                 return self.ast_from_module(module, modname)
++            elif mp_type == imp.PY_COMPILED:
++                raise AstroidBuildingException("Unable to load compiled module %s" % (modname,))
+             return self.ast_from_file(filepath, modname, fallback=False)
+         finally:
+             os.chdir(old_cwd)
+@@ -163,8 +170,8 @@ class AstroidManager(OptionsProviderMixI
+             value = self._mod_file_cache[(modname, contextfile)]
+         except KeyError:
+             try:
+-                value = file_from_modpath(modname.split('.'),
+-                                          context_file=contextfile)
++                value = modutils.file_info_from_modpath(
++                    modname.split('.'), context_file=contextfile)
+             except ImportError, ex:
+                 msg = 'Unable to load module %s (%s)' % (modname, ex)
+                 value = AstroidBuildingException(msg)
+@@ -181,7 +188,7 @@ class AstroidManager(OptionsProviderMixI
+         try:
+             # some builtin modules don't have __file__ attribute
+             filepath = module.__file__
+-            if is_python_source(filepath):
++            if modutils.is_python_source(filepath):
+                 return self.ast_from_file(filepath, modname)
+         except AttributeError:
+             pass
+@@ -242,7 +249,7 @@ class AstroidManager(OptionsProviderMixI
+         project = Project(project_name)
+         for something in files:
+             if not exists(something):
+-                fpath = file_from_modpath(something.split('.'))
++                fpath = modutils.file_from_modpath(something.split('.'))
+             elif isdir(something):
+                 fpath = join(something, '__init__.py')
+             else:
+@@ -257,8 +264,8 @@ class AstroidManager(OptionsProviderMixI
+             # recurse in package except if __init__ was explicitly given
+             if astroid.package and something.find('__init__') == -1:
+                 # recurse on others packages / modules if this is a package
+-                for fpath in get_module_files(dirname(astroid.file),
+-                                              black_list):
++                for fpath in modutils.get_module_files(dirname(astroid.file),
++                                                       black_list):
+                     astroid = func_wrapper(self.ast_from_file, fpath)
+                     if astroid is None or astroid.name == base_name:
+                         continue
+--- a/modutils.py
++++ b/modutils.py
+@@ -20,8 +20,8 @@
+ :type PY_SOURCE_EXTS: tuple(str)
+ :var PY_SOURCE_EXTS: list of possible python source file extension
+ 
+-:type STD_LIB_DIR: str
+-:var STD_LIB_DIR: directory where standard modules are located
++:type STD_LIB_DIRS: list of str
++:var STD_LIB_DIRS: directories where standard modules are located
+ 
+ :type BUILTIN_MODULES: dict
+ :var BUILTIN_MODULES: dictionary with builtin module names has key
+@@ -30,28 +30,17 @@ from __future__ import with_statement
+ 
+ __docformat__ = "restructuredtext en"
+ 
+-import sys
++import imp
+ import os
++import sys
+ from os.path import splitext, join, abspath, isdir, dirname, exists
+-from imp import find_module, load_module, C_BUILTIN, PY_COMPILED, PKG_DIRECTORY
+ from distutils.sysconfig import get_python_lib
+ from distutils.errors import DistutilsPlatformError
++import zipimport
+ 
+-try:
+-    import zipimport
+-except ImportError:
+-    zipimport = None
+-
+-ZIPFILE = object()
+-
++PY_ZIPMODULE = object()
+ from logilab.common import _handle_blacklist
+ 
+-# Notes about STD_LIB_DIR
+-# Consider arch-specific installation for STD_LIB_DIR definition
+-# :mod:`distutils.sysconfig` contains to much hardcoded values to rely on
+-#
+-# :see: `Problems with /usr/lib64 builds <http://bugs.python.org/issue1294959>`_
+-# :see: `FHS <http://www.pathname.com/fhs/pub/fhs-2.3.html#LIBLTQUALGTALTERNATEFORMATESSENTIAL>`_
+ if sys.platform.startswith('win'):
+     PY_SOURCE_EXTS = ('py', 'pyw')
+     PY_COMPILED_EXTS = ('dll', 'pyd')
+@@ -59,12 +48,25 @@ else:
+     PY_SOURCE_EXTS = ('py',)
+     PY_COMPILED_EXTS = ('so',)
+ 
++# Notes about STD_LIB_DIRS
++# Consider arch-specific installation for STD_LIB_DIR definition
++# :mod:`distutils.sysconfig` contains to much hardcoded values to rely on
++#
++# :see: `Problems with /usr/lib64 builds <http://bugs.python.org/issue1294959>`_
++# :see: `FHS <http://www.pathname.com/fhs/pub/fhs-2.3.html#LIBLTQUALGTALTERNATEFORMATESSENTIAL>`_
+ try:
+-    STD_LIB_DIR = get_python_lib(standard_lib=1)
++    # The explicit prefix is to work around a patch in virtualenv that
++    # replaces the 'real' sys.prefix (i.e. the location of the binary)
++    # with the prefix from which the virtualenv was created. This throws
++    # off the detection logic for standard library modules, thus the
++    # workaround.
++    STD_LIB_DIRS = [
++        get_python_lib(standard_lib=True, prefix=sys.prefix),
++        get_python_lib(standard_lib=True)]
+ # get_python_lib(standard_lib=1) is not available on pypy, set STD_LIB_DIR to
+ # non-valid path, see https://bugs.pypy.org/issue1164
+ except DistutilsPlatformError:
+-    STD_LIB_DIR = '//'
++    STD_LIB_DIRS = []
+ 
+ EXT_LIB_DIR = get_python_lib()
+ 
+@@ -142,8 +144,8 @@ def load_module_from_modpath(parts, path
+             # because it may have been indirectly loaded through a parent
+             module = sys.modules.get(curname)
+         if module is None:
+-            mp_file, mp_filename, mp_desc = find_module(part, path)
+-            module = load_module(curname, mp_file, mp_filename, mp_desc)
++            mp_file, mp_filename, mp_desc = imp.find_module(part, path)
++            module = imp.load_module(curname, mp_file, mp_filename, mp_desc)
+         if prevmodule:
+             setattr(prevmodule, part, module)
+         _file = getattr(module, '__file__', '')
+@@ -228,8 +230,10 @@ def modpath_from_file(filename, extrapat
+         filename, ', \n'.join(sys.path)))
+ 
+ 
+-
+ def file_from_modpath(modpath, path=None, context_file=None):
++    return file_info_from_modpath(modpath, path, context_file)[0]
++
++def file_info_from_modpath(modpath, path=None, context_file=None):
+     """given a mod path (i.e. splitted module / package name), return the
+     corresponding file, giving priority to source file over precompiled
+     file if it exists
+@@ -254,7 +258,7 @@ def file_from_modpath(modpath, path=None
+ 
+     :raise ImportError: if there is no such module in the directory
+ 
+-    :rtype: str or None
++    :rtype: (str or None, import type)
+     :return:
+       the path to the module's file or None if it's an integrated
+       builtin module such as 'sys'
+@@ -271,7 +275,7 @@ def file_from_modpath(modpath, path=None
+             return _file_from_modpath(modpath, path, context)
+     elif modpath == ['os', 'path']:
+         # FIXME: currently ignoring search_path...
+-        return os.path.__file__
++        return os.path.__file__, imp.PY_SOURCE
+     return _file_from_modpath(modpath, path, context)
+ 
+ 
+@@ -399,7 +403,7 @@ def is_python_source(filename):
+     return splitext(filename)[1][1:] in PY_SOURCE_EXTS
+ 
+ 
+-def is_standard_module(modname, std_path=(STD_LIB_DIR,)):
++def is_standard_module(modname, std_path=None):
+     """try to guess if a module is a standard python module (by default,
+     see `std_path` parameter's description)
+ 
+@@ -430,6 +434,8 @@ def is_standard_module(modname, std_path
+     filename = abspath(filename)
+     if filename.startswith(EXT_LIB_DIR):
+         return False
++    if std_path is None:
++        std_path = STD_LIB_DIRS
+     for path in std_path:
+         if filename.startswith(_abspath(path)):
+             return True
+@@ -457,7 +463,7 @@ def is_relative(modname, from_file):
+     if from_file in sys.path:
+         return False
+     try:
+-        find_module(modname.split('.')[0], [from_file])
++        imp.find_module(modname.split('.')[0], [from_file])
+         return True
+     except ImportError:
+         return False
+@@ -480,17 +486,18 @@ def _file_from_modpath(modpath, path=Non
+             mtype, mp_filename = _module_file(modpath, path)
+     else:
+         mtype, mp_filename = _module_file(modpath, path)
+-    if mtype == PY_COMPILED:
++    if mtype == imp.PY_COMPILED:
+         try:
+-            return get_source_file(mp_filename)
++            return get_source_file(mp_filename), imp.PY_SOURCE
+         except NoSourceFile:
+-            return mp_filename
+-    elif mtype == C_BUILTIN:
++            return mp_filename, imp.PY_COMPILED
++    elif mtype == imp.C_BUILTIN:
+         # integrated builtin module
+-        return None
+-    elif mtype == PKG_DIRECTORY:
++        return None, imp.C_BUILTIN
++    elif mtype == imp.PKG_DIRECTORY:
+         mp_filename = _has_init(mp_filename)
+-    return mp_filename
++        mtype = imp.PY_SOURCE
++    return mp_filename, mtype
+ 
+ def _search_zip(modpath, pic):
+     for filepath, importer in pic.items():
+@@ -499,7 +506,7 @@ def _search_zip(modpath, pic):
+                 if not importer.find_module(os.path.sep.join(modpath)):
+                     raise ImportError('No module named %s in %s/%s' % (
+                         '.'.join(modpath[1:]), filepath, modpath))
+-                return ZIPFILE, abspath(filepath) + os.path.sep + os.path.sep.join(modpath), filepath
++                return PY_ZIPMODULE, abspath(filepath) + os.path.sep + os.path.sep.join(modpath), filepath
+     raise ImportError('No module named %s' % '.'.join(modpath))
+ 
+ 
+@@ -570,7 +577,7 @@ def _module_file(modpath, path=None):
+         # >>> imp.find_module('posix')
+         # (None, None, ('', '', 6))
+         try:
+-            _, mp_filename, mp_desc = find_module(modname, path)
++            _, mp_filename, mp_desc = imp.find_module(modname, path)
+         except ImportError:
+             if checkeggs:
+                 return _search_zip(modpath, pic)[:2]
+@@ -593,7 +600,7 @@ def _module_file(modpath, path=None):
+         imported.append(modpath.pop(0))
+         mtype = mp_desc[2]
+         if modpath:
+-            if mtype != PKG_DIRECTORY:
++            if mtype != imp.PKG_DIRECTORY:
+                 raise ImportError('No module %s in %s' % ('.'.join(modpath),
+                                                           '.'.join(imported)))
+             # XXX guess if package is using pkgutil.extend_path by looking for
+--- a/test/unittest_manager.py
++++ b/test/unittest_manager.py
+@@ -127,7 +127,7 @@ class AstroidManagerTC(TestCase):
+         else:
+             unittest_file = unittest.__file__[:-1]
+         self.assertEqual(unittest_file,
+-                        self.manager.file_from_module_name('unittest', None))
++                        self.manager.file_from_module_name('unittest', None)[0])
+ 
+     def test_file_from_module_name_astro_building_exception(self):
+         """check if the method launch a exception with a wrong module name"""
+--- a/test/unittest_modutils.py
++++ b/test/unittest_modutils.py
+@@ -45,12 +45,12 @@ class ModuleFileTC(TestCase):
+ 
+     def test_find_zipped_module(self):
+         mtype, mfile = modutils._module_file([self.package], [path.join(DATADIR, 'MyPyPa-0.1.0-py2.5.zip')])
+-        self.assertEqual(mtype, modutils.ZIPFILE)
++        self.assertEqual(mtype, modutils.PY_ZIPMODULE)
+         self.assertEqual(mfile.split(sep)[-4:], ["test", "data", "MyPyPa-0.1.0-py2.5.zip", self.package])
+ 
+     def test_find_egg_module(self):
+         mtype, mfile = modutils._module_file([self.package], [path.join(DATADIR, 'MyPyPa-0.1.0-py2.5.egg')])
+-        self.assertEqual(mtype, modutils.ZIPFILE)
++        self.assertEqual(mtype, modutils.PY_ZIPMODULE)
+         self.assertEqual(mfile.split(sep)[-4:], ["test", "data", "MyPyPa-0.1.0-py2.5.egg", self.package])
+ 
+ 
+@@ -194,14 +194,10 @@ class is_standard_module_tc(TestCase):
+     def test_builtin(self):
+         self.assertEqual(modutils.is_standard_module('marshal'), True)
+ 
++    @unittest.skipIf(sys.version_info > (3, 0) and sys.platform.startswith("win"),
++                     "Python 3's imp module on Windows is broken since it returns "
++                     "the module path with wrong casing.")
+     def test_4(self):
+-        import astroid
+-        if sys.version_info > (3, 0):
+-            skip = sys.platform.startswith('win') or '.tox' in astroid.__file__
+-            if skip:
+-                self.skipTest('imp module has a broken behaviour in Python 3 on '
+-                              'Windows, returning the module path with different '
+-                              'case than it should be.')
+         self.assertEqual(modutils.is_standard_module('hashlib'), True)
+         self.assertEqual(modutils.is_standard_module('pickle'), True)
+         self.assertEqual(modutils.is_standard_module('email'), True)
+--- a/test/unittest_regrtest.py
++++ b/test/unittest_regrtest.py
+@@ -138,7 +138,7 @@ multiply(1, 2, 3)
+         callfunc = astroid.body[1].value.func
+         infered = callfunc.infered()
+         self.assertEqual(len(infered), 1)
+-        self.assertIsInstance(infered[0], Instance)
++        self.assertIs(infered[0], YES)
+ 
+     @require_version('3.0')
+     def test_nameconstant(self):
diff -Nru astroid-1.2.1/debian/patches/series astroid-1.2.1/debian/patches/series
--- astroid-1.2.1/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ astroid-1.2.1/debian/patches/series	2014-11-23 13:36:27.000000000 +0000
@@ -0,0 +1 @@
+e24cacb15e2e152db155fdca9197a8d1bf9ce235.patch

--- End Message ---
--- Begin Message ---
On 2014-11-23 14:43, Sandro Tosi wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package astroid
> 
> This upload fixes a bug which affects pylint, which would let it import (and
> this possibly execute code) when checking python extensions (which is agains the
> contract with pylint users to be a static checker).
> 
> unblock astroid/1.2.1-2
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---

Reply to: