From 2d0815884f3fca7fae1838e2ab1086d5682d98b7 Mon Sep 17 00:00:00 2001
From: Zac Medico <zmedico@gentoo.org>
Date: Mon, 22 Jul 2013 09:42:48 -0700
Subject: [PATCH] Sanitize PYTHONPATH for helpers, bug #477764

---
 bin/bashrc-functions.sh                          |  4 ++--
 bin/ebuild-helpers/dohtml                        |  2 +-
 bin/ebuild-helpers/portageq                      |  2 +-
 bin/ebuild-helpers/xattr/install                 |  2 +-
 bin/ebuild-ipc                                   |  2 +-
 bin/misc-functions.sh                            |  2 +-
 bin/phase-functions.sh                           |  2 +-
 bin/save-ebuild-env.sh                           |  2 +-
 pym/portage/__init__.py                          |  2 +-
 .../package/ebuild/_config/special_env_vars.py   |  3 ++-
 pym/portage/package/ebuild/config.py             | 16 +++++++++++++++-
 11 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/bin/bashrc-functions.sh b/bin/bashrc-functions.sh
index f1b6bb538..503b17224 100644
--- a/bin/bashrc-functions.sh
+++ b/bin/bashrc-functions.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 portageq() {
-	PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
+	PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}}\
 	"${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/portageq" "$@"
 }
 
diff --git a/bin/ebuild-helpers/dohtml b/bin/ebuild-helpers/dohtml
index fd9efd267..75d3d00ab 100755
--- a/bin/ebuild-helpers/dohtml
+++ b/bin/ebuild-helpers/dohtml
@@ -9,7 +9,7 @@ PORTAGE_PYM_PATH=${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}
 # Use safe cwd, avoiding unsafe import for bug #469338.
 export __PORTAGE_HELPER_CWD=${PWD}
 cd "${PORTAGE_PYM_PATH}"
-PYTHONPATH=$PORTAGE_PYM_PATH${PYTHONPATH:+:}$PYTHONPATH \
+PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
 	"${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH/dohtml.py" "$@"
 
 ret=$?
diff --git a/bin/ebuild-helpers/portageq b/bin/ebuild-helpers/portageq
index 7bd330bec..b67b03f33 100755
--- a/bin/ebuild-helpers/portageq
+++ b/bin/ebuild-helpers/portageq
@@ -6,5 +6,5 @@ PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
 PORTAGE_PYM_PATH=${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}
 # Use safe cwd, avoiding unsafe import for bug #469338.
 cd "${PORTAGE_PYM_PATH}"
-PYTHONPATH=$PORTAGE_PYM_PATH${PYTHONPATH:+:}$PYTHONPATH \
+PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
 	exec "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH/portageq" "$@"
diff --git a/bin/ebuild-helpers/xattr/install b/bin/ebuild-helpers/xattr/install
index 51a477468..f51f621bc 100755
--- a/bin/ebuild-helpers/xattr/install
+++ b/bin/ebuild-helpers/xattr/install
@@ -8,5 +8,5 @@ PORTAGE_PYM_PATH=${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}
 export __PORTAGE_HELPER_CWD=${PWD}
 cd "${PORTAGE_PYM_PATH}"
 export __PORTAGE_HELPER_PATH=${BASH_SOURCE[0]}
-PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}$PYTHONPATH \
+PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
 	exec "${PORTAGE_PYTHON:-/usr/bin/python}" "${PORTAGE_BIN_PATH}/install.py" "$@"
diff --git a/bin/ebuild-ipc b/bin/ebuild-ipc
index 9ff6f1ccb..820005fbb 100755
--- a/bin/ebuild-ipc
+++ b/bin/ebuild-ipc
@@ -6,5 +6,5 @@ PORTAGE_BIN_PATH=${PORTAGE_BIN_PATH:-/usr/lib/portage/bin}
 PORTAGE_PYM_PATH=${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}
 # Use safe cwd, avoiding unsafe import for bug #469338.
 cd "${PORTAGE_PYM_PATH}"
-PYTHONPATH=$PORTAGE_PYM_PATH${PYTHONPATH:+:}$PYTHONPATH \
+PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
 	exec "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH/ebuild-ipc.py" "$@"
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh
index 9375734cb..ee2144453 100755
--- a/bin/misc-functions.sh
+++ b/bin/misc-functions.sh
@@ -1157,7 +1157,7 @@ __dyn_package() {
 	tar $tar_options -cf - $PORTAGE_BINPKG_TAR_OPTS -C "${PROOT}" . | \
 		$PORTAGE_BZIP2_COMMAND -c > "$PORTAGE_BINPKG_TMPFILE"
 	assert "failed to pack binary package: '$PORTAGE_BINPKG_TMPFILE'"
-	PYTHONPATH=${PORTAGE_PYM_PATH}${PYTHONPATH:+:}${PYTHONPATH} \
+	PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \
 		"${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH"/xpak-helper.py recompose \
 		"$PORTAGE_BINPKG_TMPFILE" "$PORTAGE_BUILDDIR/build-info"
 	if [ $? -ne 0 ]; then
diff --git a/bin/phase-functions.sh b/bin/phase-functions.sh
index dc4da6a4e..8a52f3007 100644
--- a/bin/phase-functions.sh
+++ b/bin/phase-functions.sh
@@ -23,7 +23,7 @@ PORTAGE_READONLY_VARS="D EBUILD EBUILD_PHASE EBUILD_PHASE_FUNC \
 	PORTAGE_GID PORTAGE_GRPNAME PORTAGE_INST_GID PORTAGE_INST_UID \
 	PORTAGE_INTERNAL_CALLER PORTAGE_IPC_DAEMON PORTAGE_IUSE PORTAGE_LOG_FILE \
 	PORTAGE_MUTABLE_FILTERED_VARS PORTAGE_OVERRIDE_EPREFIX \
-	PORTAGE_PYM_PATH PORTAGE_PYTHON \
+	PORTAGE_PYM_PATH PORTAGE_PYTHON PORTAGE_PYTHONPATH \
 	PORTAGE_READONLY_METADATA PORTAGE_READONLY_VARS \
 	PORTAGE_REPO_NAME PORTAGE_REPOSITORIES PORTAGE_RESTRICT \
 	PORTAGE_SAVED_READONLY_VARS PORTAGE_SIGPIPE_STATUS \
diff --git a/bin/save-ebuild-env.sh b/bin/save-ebuild-env.sh
index 72055c9e6..f6952450e 100644
--- a/bin/save-ebuild-env.sh
+++ b/bin/save-ebuild-env.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 # @FUNCTION: __save_ebuild_env
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py
index 1fb35bb96..51aa61b41 100644
--- a/pym/portage/__init__.py
+++ b/pym/portage/__init__.py
@@ -607,7 +607,7 @@ def create_trees(config_root=None, target_root=None, trees=None, env=None,
 		# with ROOT != "/", so pass a nearly empty dict for the env parameter.
 		clean_env = {}
 		for k in ('PATH', 'PORTAGE_GRPNAME', 'PORTAGE_REPOSITORIES', 'PORTAGE_USERNAME',
-			'SSH_AGENT_PID', 'SSH_AUTH_SOCK', 'TERM',
+			'PYTHONPATH', 'SSH_AGENT_PID', 'SSH_AUTH_SOCK', 'TERM',
 			'ftp_proxy', 'http_proxy', 'no_proxy',
 			'__PORTAGE_TEST_HARDLINK_LOCKS'):
 			v = settings.get(k)
diff --git a/pym/portage/package/ebuild/_config/special_env_vars.py b/pym/portage/package/ebuild/_config/special_env_vars.py
index 85b699eae..35f80e3dd 100644
--- a/pym/portage/package/ebuild/_config/special_env_vars.py
+++ b/pym/portage/package/ebuild/_config/special_env_vars.py
@@ -68,7 +68,8 @@ environ_whitelist += [
 	"PORTAGE_INST_GID", "PORTAGE_INST_UID",
 	"PORTAGE_IPC_DAEMON", "PORTAGE_IUSE",
 	"PORTAGE_LOG_FILE", "PORTAGE_OVERRIDE_EPREFIX", "PORTAGE_PIPE_FD",
-	"PORTAGE_PYM_PATH", "PORTAGE_PYTHON", "PORTAGE_QUIET",
+	"PORTAGE_PYM_PATH", "PORTAGE_PYTHON",
+	"PORTAGE_PYTHONPATH", "PORTAGE_QUIET",
 	"PORTAGE_REPO_NAME", "PORTAGE_REPOSITORIES", "PORTAGE_RESTRICT",
 	"PORTAGE_SIGPIPE_STATUS",
 	"PORTAGE_TMPDIR", "PORTAGE_UPDATE_ENV", "PORTAGE_USERNAME",
diff --git a/pym/portage/package/ebuild/config.py b/pym/portage/package/ebuild/config.py
index 39a60968f..506600823 100644
--- a/pym/portage/package/ebuild/config.py
+++ b/pym/portage/package/ebuild/config.py
@@ -146,7 +146,7 @@ class config(object):
 	"""
 
 	_constant_keys = frozenset(['PORTAGE_BIN_PATH', 'PORTAGE_GID',
-		'PORTAGE_PYM_PATH'])
+		'PORTAGE_PYM_PATH', 'PORTAGE_PYTHONPATH'])
 
 	_setcpv_aux_keys = ('DEFINED_PHASES', 'DEPEND', 'EAPI', 'HDEPEND',
 		'INHERITED', 'IUSE', 'REQUIRED_USE', 'KEYWORDS', 'LICENSE', 'PDEPEND',
@@ -2489,6 +2489,20 @@ class config(object):
 			elif mykey == "PORTAGE_PYM_PATH":
 				return portage._pym_path
 
+			elif mykey == "PORTAGE_PYTHONPATH":
+				value = [x for x in \
+					self.backupenv.get("PYTHONPATH", "").split(":") if x]
+				need_pym_path = True
+				if value:
+					try:
+						need_pym_path = not os.path.samefile(value[0],
+							portage._pym_path)
+					except OSError:
+						pass
+				if need_pym_path:
+					value.insert(0, portage._pym_path)
+				return ":".join(value)
+
 			elif mykey == "PORTAGE_GID":
 				return "%s" % portage_gid
 
-- 
2.26.2