1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
|
Description: Set PYTHONPATH securely
A number of packages in the archive sets the PYTHONPATH environment
variable in an insecure way. They do something like:
.
PYTHONPATH=/spam/eggs:$PYTHONPATH
.
This is wrong, because if PYTHONPATH were originally unset or empty,
current working directory would be added to sys.path.
Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605168;msg=5
Bug: http://code.google.com/p/distcc/issues/detail?id=109
Bug-Debian: http://bugs.debian.org/605168
Author: Steve M. Robbins <smr@debian.org>
Applied-Upstream: 3.2, http://code.google.com/p/distcc/source/detail?r=768
--- a/source/pump.in
+++ b/source/pump.in
@@ -285,7 +285,7 @@
# of one asterisk) without filename expansion.
eval \
"PYTHONOPTIMIZE='$PYTHONOPTIMIZE' " \
- "PYTHONPATH='$pythonpath::$PYTHONPATH' " \
+ "PYTHONPATH='$pythonpath${PYTHONPATH:+:$PYTHONPATH}' " \
"'$PYTHON'" \
"'$include_server'" \
--port "'$socket'" \
|