From 21eb112346b3e9d2e8d39b067c8d2daaefcd6ded Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 04 2015 07:13:29 +0000 Subject: import python27-python-2.7.8-3.el7 --- diff --git a/.gitignore b/.gitignore index 9ca0244..9699aed 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/Python-2.7.5.tar.xz +SOURCES/Python-2.7.8.tar.xz diff --git a/.python27-python.metadata b/.python27-python.metadata index a8fe566..94bb874 100644 --- a/.python27-python.metadata +++ b/.python27-python.metadata @@ -1 +1 @@ -b7389791f789625c2ba9d897aa324008ff482daf SOURCES/Python-2.7.5.tar.xz +9c6281eeace0c3646fa556c8087bb1b7e033c9c4 SOURCES/Python-2.7.8.tar.xz diff --git a/SOURCES/00111-no-static-lib.patch b/SOURCES/00111-no-static-lib.patch index 2f4fdd6..70dfb77 100644 --- a/SOURCES/00111-no-static-lib.patch +++ b/SOURCES/00111-no-static-lib.patch @@ -1,7 +1,7 @@ -diff -up Python-2.7.3/Makefile.pre.in.no-static-lib Python-2.7.3/Makefile.pre.in ---- Python-2.7.3/Makefile.pre.in.no-static-lib 2013-02-19 14:03:40.801993224 -0500 -+++ Python-2.7.3/Makefile.pre.in 2013-02-19 14:04:44.070988898 -0500 -@@ -397,7 +397,7 @@ coverage: +diff -up Python-2.7.6/Makefile.pre.in.no-static-lib Python-2.7.6/Makefile.pre.in +--- Python-2.7.6/Makefile.pre.in.no-static-lib 2014-01-29 13:58:32.933226720 +0100 ++++ Python-2.7.6/Makefile.pre.in 2014-01-29 14:10:25.002247272 +0100 +@@ -437,7 +437,7 @@ coverage: # Build the interpreter @@ -10,8 +10,8 @@ diff -up Python-2.7.3/Makefile.pre.in.no-static-lib Python-2.7.3/Makefile.pre.in $(LINKCC) $(CFLAGS) $(LDFLAGS) $(LINKFORSHARED) -o $@ \ Modules/python.o \ $(BLDLIBRARY) $(LIBS) $(MODLIBS) $(SYSLIBS) $(LDLAST) -@@ -413,18 +413,6 @@ sharedmods: $(BUILDPYTHON) - $(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \ +@@ -464,18 +464,6 @@ sharedmods: $(BUILDPYTHON) pybuilddir.tx + _TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build -# Build static library @@ -29,7 +29,7 @@ diff -up Python-2.7.3/Makefile.pre.in.no-static-lib Python-2.7.3/Makefile.pre.in libpython$(VERSION).so: $(LIBRARY_OBJS) if test $(INSTSONAME) != $(LDLIBRARY); then \ $(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \ -@@ -1021,18 +1009,6 @@ libainstall: all python-config +@@ -1097,18 +1085,6 @@ libainstall: all python-config else true; \ fi; \ done diff --git a/SOURCES/00136-skip-tests-of-seeking-stdin-in-rpmbuild.patch b/SOURCES/00136-skip-tests-of-seeking-stdin-in-rpmbuild.patch index 845fb2a..1214055 100644 --- a/SOURCES/00136-skip-tests-of-seeking-stdin-in-rpmbuild.patch +++ b/SOURCES/00136-skip-tests-of-seeking-stdin-in-rpmbuild.patch @@ -1,7 +1,7 @@ -diff -up Python-2.7.2/Lib/test/test_file2k.py.skip-tests-of-seeking-stdin-in-rpmbuild Python-2.7.2/Lib/test/test_file2k.py ---- Python-2.7.2/Lib/test/test_file2k.py.skip-tests-of-seeking-stdin-in-rpmbuild 2011-09-08 17:23:50.922520729 -0400 -+++ Python-2.7.2/Lib/test/test_file2k.py 2011-09-08 17:24:41.368517277 -0400 -@@ -213,6 +213,7 @@ class OtherFileTests(unittest.TestCase): +diff -up Python-2.7.6/Lib/test/test_file2k.py.stdin-test Python-2.7.6/Lib/test/test_file2k.py +--- Python-2.7.6/Lib/test/test_file2k.py.stdin-test 2013-11-10 08:36:40.000000000 +0100 ++++ Python-2.7.6/Lib/test/test_file2k.py 2014-01-29 14:28:01.029488055 +0100 +@@ -223,6 +223,7 @@ class OtherFileTests(unittest.TestCase): else: f.close() @@ -9,14 +9,3 @@ diff -up Python-2.7.2/Lib/test/test_file2k.py.skip-tests-of-seeking-stdin-in-rpm def testStdin(self): # This causes the interpreter to exit on OSF1 v5.1. if sys.platform != 'osf1V5': -diff -up Python-2.7.2/Lib/test/test_file.py.skip-tests-of-seeking-stdin-in-rpmbuild Python-2.7.2/Lib/test/test_file.py ---- Python-2.7.2/Lib/test/test_file.py.skip-tests-of-seeking-stdin-in-rpmbuild 2011-09-08 17:20:31.146534389 -0400 -+++ Python-2.7.2/Lib/test/test_file.py 2011-09-08 17:24:45.016517030 -0400 -@@ -154,6 +154,7 @@ class OtherFileTests(unittest.TestCase): - f.close() - self.fail('%r is an invalid file mode' % mode) - -+ @unittest._skipInRpmBuild('seems not to raise the exception when run in Koji') - def testStdin(self): - # This causes the interpreter to exit on OSF1 v5.1. - if sys.platform != 'osf1V5': diff --git a/SOURCES/00138-fix-distutils-tests-in-debug-build.patch b/SOURCES/00138-fix-distutils-tests-in-debug-build.patch index 0bfda90..1fd1091 100644 --- a/SOURCES/00138-fix-distutils-tests-in-debug-build.patch +++ b/SOURCES/00138-fix-distutils-tests-in-debug-build.patch @@ -65,4 +65,4 @@ diff -up Python-2.7.2/Lib/distutils/tests/test_build_ext.py.mark-tests-that-fail + wanted = os.path.join(cmd.build_lib, 'UpdateManager', 'fdsend' + debug_ext + ext) self.assertEqual(ext_path, wanted) - def test_build_ext_path_cross_platform(self): + @unittest.skipUnless(sys.platform == 'win32', 'these tests require Windows') diff --git a/SOURCES/00142-skip-failing-pty-tests-in-rpmbuild.patch b/SOURCES/00142-skip-failing-pty-tests-in-rpmbuild.patch index 414ffcd..2f51165 100644 --- a/SOURCES/00142-skip-failing-pty-tests-in-rpmbuild.patch +++ b/SOURCES/00142-skip-failing-pty-tests-in-rpmbuild.patch @@ -1,6 +1,6 @@ -diff -up Python-2.7.2/Lib/test/test_openpty.py.skip-failing-pty-tests-in-rpmbuild Python-2.7.2/Lib/test/test_openpty.py ---- Python-2.7.2/Lib/test/test_openpty.py.skip-failing-pty-tests-in-rpmbuild 2011-09-09 05:09:28.698920379 -0400 -+++ Python-2.7.2/Lib/test/test_openpty.py 2011-09-09 05:10:54.805914490 -0400 +diff -up Python-2.7.6/Lib/test/test_openpty.py.tty-fail Python-2.7.6/Lib/test/test_openpty.py +--- Python-2.7.6/Lib/test/test_openpty.py.tty-fail 2014-01-29 14:31:43.761343267 +0100 ++++ Python-2.7.6/Lib/test/test_openpty.py 2014-01-29 14:32:19.284090165 +0100 @@ -8,6 +8,7 @@ if not hasattr(os, "openpty"): @@ -8,11 +8,11 @@ diff -up Python-2.7.2/Lib/test/test_openpty.py.skip-failing-pty-tests-in-rpmbuil + @unittest._skipInRpmBuild('sometimes fails in Koji, possibly due to a mock issue (rhbz#714627)') def test(self): master, slave = os.openpty() - if not os.isatty(slave): -diff -up Python-2.7.2/Lib/test/test_pty.py.skip-failing-pty-tests-in-rpmbuild Python-2.7.2/Lib/test/test_pty.py ---- Python-2.7.2/Lib/test/test_pty.py.skip-failing-pty-tests-in-rpmbuild 2011-09-09 05:09:36.781919825 -0400 -+++ Python-2.7.2/Lib/test/test_pty.py 2011-09-09 05:11:14.741913127 -0400 -@@ -109,6 +109,7 @@ class PtyTest(unittest.TestCase): + self.addCleanup(os.close, master) +diff -up Python-2.7.6/Lib/test/test_pty.py.tty-fail Python-2.7.6/Lib/test/test_pty.py +--- Python-2.7.6/Lib/test/test_pty.py.tty-fail 2013-11-10 08:36:40.000000000 +0100 ++++ Python-2.7.6/Lib/test/test_pty.py 2014-01-29 14:31:43.761343267 +0100 +@@ -111,6 +111,7 @@ class PtyTest(unittest.TestCase): os.close(master_fd) diff --git a/SOURCES/00146-hashlib-fips.patch b/SOURCES/00146-hashlib-fips.patch index c67eb3b..696aa29 100644 --- a/SOURCES/00146-hashlib-fips.patch +++ b/SOURCES/00146-hashlib-fips.patch @@ -39,7 +39,7 @@ diff -up Python-2.7.2/Lib/hashlib.py.hashlib-fips Python-2.7.2/Lib/hashlib.py - update(arg): Update the hash object with the string arg. Repeated calls are equivalent to a single call with the concatenation of all @@ -63,74 +80,39 @@ algorithms = __always_supported - __all__ = __always_supported + ('new', 'algorithms') + __all__ = __always_supported + ('new', 'algorithms', 'pbkdf2_hmac') -def __get_builtin_constructor(name): @@ -269,9 +269,9 @@ diff -up Python-2.7.2/Lib/test/test_hashlib.py.hashlib-fips Python-2.7.2/Lib/tes def test_unicode(self): @@ -354,6 +335,70 @@ class HashLibTestCase(unittest.TestCase) - self.assertEqual(expected_hash, hasher.hexdigest()) + + def test_issue9146(self): + # Ensure that various ways to use "MD5" from "hashlib" don't segfault: + m = hashlib.md5(usedforsecurity=False) @@ -336,12 +336,58 @@ diff -up Python-2.7.2/Lib/test/test_hashlib.py.hashlib-fips Python-2.7.2/Lib/tes + + + - def test_main(): - test_support.run_unittest(HashLibTestCase) + class KDFTests(unittest.TestCase): + pbkdf2_test_vectors = [ + (b'password', b'salt', 1, None), +diff -up Python-2.7.2/Modules/Setup.dist.hashlib-fips Python-2.7.2/Modules/Setup.dist +--- Python-2.7.2/Modules/Setup.dist.hashlib-fips 2011-09-14 00:21:26.163252001 -0400 ++++ Python-2.7.2/Modules/Setup.dist 2011-09-14 00:21:26.201252001 -0400 +@@ -248,14 +248,14 @@ imageop imageop.c # Operations on images + # Message-Digest Algorithm, described in RFC 1321. The necessary files + # md5.c and md5.h are included here. + +-_md5 md5module.c md5.c ++#_md5 md5module.c md5.c + + + # The _sha module implements the SHA checksum algorithms. + # (NIST's Secure Hash Algorithms.) +-_sha shamodule.c +-_sha256 sha256module.c +-_sha512 sha512module.c ++#_sha shamodule.c ++#_sha256 sha256module.c ++#_sha512 sha512module.c + + + # SGI IRIX specific modules -- off by default. +diff -up Python-2.7.2/setup.py.hashlib-fips Python-2.7.2/setup.py +--- Python-2.7.2/setup.py.hashlib-fips 2011-09-14 00:21:25.722252001 -0400 ++++ Python-2.7.2/setup.py 2011-09-14 00:21:26.203252001 -0400 +@@ -768,21 +768,6 @@ class PyBuildExt(build_ext): + print ("warning: openssl 0x%08x is too old for _hashlib" % + openssl_ver) + missing.append('_hashlib') +- if COMPILED_WITH_PYDEBUG or not have_usable_openssl: +- # The _sha module implements the SHA1 hash algorithm. +- exts.append( Extension('_sha', ['shamodule.c']) ) +- # The _md5 module implements the RSA Data Security, Inc. MD5 +- # Message-Digest Algorithm, described in RFC 1321. The +- # necessary files md5.c and md5.h are included here. +- exts.append( Extension('_md5', +- sources = ['md5module.c', 'md5.c'], +- depends = ['md5.h']) ) +- +- min_sha2_openssl_ver = 0x00908000 +- if COMPILED_WITH_PYDEBUG or openssl_ver < min_sha2_openssl_ver: +- # OpenSSL doesn't do these until 0.9.8 so we'll bring our own hash +- exts.append( Extension('_sha256', ['sha256module.c']) ) +- exts.append( Extension('_sha512', ['sha512module.c']) ) -diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_hashopenssl.c ---- Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips 2011-06-11 11:46:26.000000000 -0400 -+++ Python-2.7.2/Modules/_hashopenssl.c 2011-09-14 00:21:26.199252001 -0400 + # Modules that provide persistent dictionary-like semantics. You will + # probably want to arrange for at least one of them to be available on +--- Python-2.7.8/Modules/_hashopenssl.c.orig 2014-06-30 04:05:41.000000000 +0200 ++++ Python-2.7.8/Modules/_hashopenssl.c 2014-07-14 14:21:59.546386572 +0200 @@ -36,6 +36,8 @@ #endif @@ -349,9 +395,9 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ +#include +#include #include - - #define MUNCH_SIZE INT_MAX -@@ -65,11 +67,19 @@ typedef struct { + #include + #include +@@ -67,11 +69,19 @@ static PyTypeObject EVPtype; @@ -375,7 +421,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ DEFINE_CONSTS_FOR_NEW(md5) DEFINE_CONSTS_FOR_NEW(sha1) -@@ -115,6 +125,48 @@ EVP_hash(EVPobject *self, const void *vp +@@ -117,6 +127,48 @@ } } @@ -424,7 +470,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ /* Internal methods for a hash object */ static void -@@ -313,14 +365,15 @@ EVP_repr(PyObject *self) +@@ -315,14 +367,15 @@ static int EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) { @@ -443,7 +489,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ return -1; } -@@ -336,7 +389,12 @@ EVP_tp_init(EVPobject *self, PyObject *a +@@ -338,7 +391,12 @@ PyBuffer_Release(&view); return -1; } @@ -457,7 +503,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ self->name = name_obj; Py_INCREF(self->name); -@@ -420,7 +478,8 @@ static PyTypeObject EVPtype = { +@@ -422,7 +480,8 @@ static PyObject * EVPnew(PyObject *name_obj, const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, @@ -467,7 +513,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ { EVPobject *self; -@@ -435,7 +494,12 @@ EVPnew(PyObject *name_obj, +@@ -437,7 +496,12 @@ if (initial_ctx) { EVP_MD_CTX_copy(&self->ctx, initial_ctx); } else { @@ -481,7 +527,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ } if (cp && len) { -@@ -459,20 +523,28 @@ PyDoc_STRVAR(EVP_new__doc__, +@@ -461,20 +525,28 @@ An optional string argument may be provided and will be\n\ automatically hashed.\n\ \n\ @@ -514,7 +560,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ return NULL; } -@@ -484,58 +556,118 @@ EVP_new(PyObject *self, PyObject *args, +@@ -487,7 +559,7 @@ digest = EVP_get_digestbyname(name); ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, @@ -523,7 +569,8 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ PyBuffer_Release(&view); return ret_obj; - } +@@ -713,51 +785,111 @@ + #endif /* - * This macro generates constructor function definitions for specific @@ -539,7 +586,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ #define GEN_CONSTRUCTOR(NAME) \ static PyObject * \ - EVP_new_ ## NAME (PyObject *self, PyObject *args) \ -+ EVP_new_ ## NAME (PyObject *self, PyObject *args, PyObject *kwdict) \ ++ EVP_new_ ## NAME (PyObject *self, PyObject *args, PyObject *kwdict) \ { \ - Py_buffer view = { 0 }; \ - PyObject *ret_obj; \ @@ -555,9 +602,9 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ - (unsigned char*)view.buf, view.len); \ - PyBuffer_Release(&view); \ - return ret_obj; \ -+ return implement_specific_EVP_new(self, args, kwdict, \ -+ "|s*i:" #NAME, \ -+ &cached_info_ ## NAME ); \ ++ return implement_specific_EVP_new(self, args, kwdict, \ ++ "|s*i:" #NAME, \ ++ &cached_info_ ## NAME ); \ } +static PyObject * @@ -565,7 +612,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ + const char *format, + EVPCachedInfo *cached_info) +{ -+ static char *kwlist[] = {"string", "usedforsecurity", NULL}; ++ static char *kwlist[] = {"string", "usedforsecurity", NULL}; + Py_buffer view = { 0 }; + int usedforsecurity = 1; + int idx; @@ -631,7 +678,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ + + Try to initialize a context for each hash twice, once with + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW and once without. -+ ++ + Any that have errors during initialization will end up wit a NULL ctx_ptrs + entry, and err_msgs will be set (unless we're very low on memory) +*/ @@ -664,7 +711,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ GEN_CONSTRUCTOR(md5) GEN_CONSTRUCTOR(sha1) #ifdef _OPENSSL_SUPPORTS_SHA2 -@@ -565,13 +700,10 @@ init_hashlib(void) +@@ -794,13 +926,10 @@ { PyObject *m; @@ -680,50 +727,3 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ Py_TYPE(&EVPtype) = &PyType_Type; if (PyType_Ready(&EVPtype) < 0) return; -diff -up Python-2.7.2/Modules/Setup.dist.hashlib-fips Python-2.7.2/Modules/Setup.dist ---- Python-2.7.2/Modules/Setup.dist.hashlib-fips 2011-09-14 00:21:26.163252001 -0400 -+++ Python-2.7.2/Modules/Setup.dist 2011-09-14 00:21:26.201252001 -0400 -@@ -248,14 +248,14 @@ imageop imageop.c # Operations on images - # Message-Digest Algorithm, described in RFC 1321. The necessary files - # md5.c and md5.h are included here. - --_md5 md5module.c md5.c -+#_md5 md5module.c md5.c - - - # The _sha module implements the SHA checksum algorithms. - # (NIST's Secure Hash Algorithms.) --_sha shamodule.c --_sha256 sha256module.c --_sha512 sha512module.c -+#_sha shamodule.c -+#_sha256 sha256module.c -+#_sha512 sha512module.c - - - # SGI IRIX specific modules -- off by default. -diff -up Python-2.7.2/setup.py.hashlib-fips Python-2.7.2/setup.py ---- Python-2.7.2/setup.py.hashlib-fips 2011-09-14 00:21:25.722252001 -0400 -+++ Python-2.7.2/setup.py 2011-09-14 00:21:26.203252001 -0400 -@@ -768,21 +768,6 @@ class PyBuildExt(build_ext): - print ("warning: openssl 0x%08x is too old for _hashlib" % - openssl_ver) - missing.append('_hashlib') -- if COMPILED_WITH_PYDEBUG or not have_usable_openssl: -- # The _sha module implements the SHA1 hash algorithm. -- exts.append( Extension('_sha', ['shamodule.c']) ) -- # The _md5 module implements the RSA Data Security, Inc. MD5 -- # Message-Digest Algorithm, described in RFC 1321. The -- # necessary files md5.c and md5.h are included here. -- exts.append( Extension('_md5', -- sources = ['md5module.c', 'md5.c'], -- depends = ['md5.h']) ) -- -- min_sha2_openssl_ver = 0x00908000 -- if COMPILED_WITH_PYDEBUG or openssl_ver < min_sha2_openssl_ver: -- # OpenSSL doesn't do these until 0.9.8 so we'll bring our own hash -- exts.append( Extension('_sha256', ['sha256module.c']) ) -- exts.append( Extension('_sha512', ['sha512module.c']) ) - - # Modules that provide persistent dictionary-like semantics. You will - # probably want to arrange for at least one of them to be available on diff --git a/SOURCES/00147-add-debug-malloc-stats.patch b/SOURCES/00147-add-debug-malloc-stats.patch index 0ab8c94..0d783f5 100644 --- a/SOURCES/00147-add-debug-malloc-stats.patch +++ b/SOURCES/00147-add-debug-malloc-stats.patch @@ -163,9 +163,9 @@ diff -up Python-2.7.2/Lib/test/test_sys.py.add-debug-malloc-stats Python-2.7.2/L + sys._debugmallocstats(42) + + + @test.test_support.cpython_only class SizeofTest(unittest.TestCase): - - def setUp(self): + diff -up Python-2.7.2/Objects/classobject.c.add-debug-malloc-stats Python-2.7.2/Objects/classobject.c --- Python-2.7.2/Objects/classobject.c.add-debug-malloc-stats 2011-06-11 11:46:27.000000000 -0400 +++ Python-2.7.2/Objects/classobject.c 2011-09-16 19:03:25.110821625 -0400 @@ -362,7 +362,7 @@ diff -up Python-2.7.2/Objects/obmalloc.c.add-debug-malloc-stats Python-2.7.2/Obj if (unused_arena_objects == NULL) { uint i; @@ -588,11 +586,9 @@ new_arena(void) - } + arenaobj->address = (uptr)address; ++narenas_currently_allocated; -#ifdef PYMALLOC_DEBUG diff --git a/SOURCES/00157-uid-gid-overflows.patch b/SOURCES/00157-uid-gid-overflows.patch index 13546bb..a31c98a 100644 --- a/SOURCES/00157-uid-gid-overflows.patch +++ b/SOURCES/00157-uid-gid-overflows.patch @@ -2,48 +2,48 @@ diff -up Python-2.7.3/Lib/test/test_os.py.uid-gid-overflows Python-2.7.3/Lib/tes --- Python-2.7.3/Lib/test/test_os.py.uid-gid-overflows 2012-04-09 19:07:32.000000000 -0400 +++ Python-2.7.3/Lib/test/test_os.py 2012-06-26 14:51:36.000817929 -0400 @@ -677,30 +677,36 @@ if sys.platform != 'win32': - def test_setuid(self): - if os.getuid() != 0: - self.assertRaises(os.error, os.setuid, 0) -+ self.assertRaises(TypeError, os.setuid, 'not an int') - self.assertRaises(OverflowError, os.setuid, 1<<32) + def test_setuid(self): + if os.getuid() != 0: + self.assertRaises(os.error, os.setuid, 0) ++ self.assertRaises(TypeError, os.setuid, 'not an int') + self.assertRaises(OverflowError, os.setuid, 1<<32) - if hasattr(os, 'setgid'): - def test_setgid(self): - if os.getuid() != 0: - self.assertRaises(os.error, os.setgid, 0) -+ self.assertRaises(TypeError, os.setgid, 'not an int') - self.assertRaises(OverflowError, os.setgid, 1<<32) + @unittest.skipUnless(hasattr(os, 'setgid'), 'test needs os.setgid()') + def test_setgid(self): + if os.getuid() != 0: + self.assertRaises(os.error, os.setgid, 0) ++ self.assertRaises(TypeError, os.setgid, 'not an int') + self.assertRaises(OverflowError, os.setgid, 1<<32) - if hasattr(os, 'seteuid'): - def test_seteuid(self): - if os.getuid() != 0: - self.assertRaises(os.error, os.seteuid, 0) -+ self.assertRaises(TypeError, os.seteuid, 'not an int') - self.assertRaises(OverflowError, os.seteuid, 1<<32) + @unittest.skipUnless(hasattr(os, 'seteuid'), 'test needs os.seteuid()') + def test_seteuid(self): + if os.getuid() != 0: + self.assertRaises(os.error, os.seteuid, 0) ++ self.assertRaises(TypeError, os.seteuid, 'not an int') + self.assertRaises(OverflowError, os.seteuid, 1<<32) - if hasattr(os, 'setegid'): - def test_setegid(self): - if os.getuid() != 0: - self.assertRaises(os.error, os.setegid, 0) -+ self.assertRaises(TypeError, os.setegid, 'not an int') - self.assertRaises(OverflowError, os.setegid, 1<<32) + @unittest.skipUnless(hasattr(os, 'setegid'), 'test needs os.setegid()') + def test_setegid(self): + if os.getuid() != 0: + self.assertRaises(os.error, os.setegid, 0) ++ self.assertRaises(TypeError, os.setegid, 'not an int') + self.assertRaises(OverflowError, os.setegid, 1<<32) - if hasattr(os, 'setreuid'): - def test_setreuid(self): - if os.getuid() != 0: - self.assertRaises(os.error, os.setreuid, 0, 0) -+ self.assertRaises(TypeError, os.setreuid, 'not an int', 0) -+ self.assertRaises(TypeError, os.setreuid, 0, 'not an int') - self.assertRaises(OverflowError, os.setreuid, 1<<32, 0) - self.assertRaises(OverflowError, os.setreuid, 0, 1<<32) + @unittest.skipUnless(hasattr(os, 'setreuid'), 'test needs os.setreuid()') + def test_setreuid(self): + if os.getuid() != 0: + self.assertRaises(os.error, os.setreuid, 0, 0) ++ self.assertRaises(TypeError, os.setreuid, 'not an int', 0) ++ self.assertRaises(TypeError, os.setreuid, 0, 'not an int') + self.assertRaises(OverflowError, os.setreuid, 1<<32, 0) + self.assertRaises(OverflowError, os.setreuid, 0, 1<<32) @@ -715,6 +721,8 @@ if sys.platform != 'win32': - def test_setregid(self): - if os.getuid() != 0: - self.assertRaises(os.error, os.setregid, 0, 0) -+ self.assertRaises(TypeError, os.setregid, 'not an int', 0) -+ self.assertRaises(TypeError, os.setregid, 0, 'not an int') - self.assertRaises(OverflowError, os.setregid, 1<<32, 0) - self.assertRaises(OverflowError, os.setregid, 0, 1<<32) + def test_setregid(self): + if os.getuid() != 0: + self.assertRaises(os.error, os.setregid, 0, 0) ++ self.assertRaises(TypeError, os.setregid, 'not an int', 0) ++ self.assertRaises(TypeError, os.setregid, 0, 'not an int') + self.assertRaises(OverflowError, os.setregid, 1<<32, 0) + self.assertRaises(OverflowError, os.setregid, 0, 1<<32) diff --git a/SOURCES/00166-fix-fake-repr-in-gdb-hooks.patch b/SOURCES/00166-fix-fake-repr-in-gdb-hooks.patch index bfd2459..5f3781c 100644 --- a/SOURCES/00166-fix-fake-repr-in-gdb-hooks.patch +++ b/SOURCES/00166-fix-fake-repr-in-gdb-hooks.patch @@ -111,14 +111,14 @@ diff -up Python-2.7.3/Tools/gdb/libpython.py.fix-fake-repr-in-gdb-hooks Python-2 sys.stdout.write('#%i (unable to read python frame information)\n' % self.get_index()) else: @@ -1303,7 +1309,11 @@ class PyList(gdb.Command): - print 'Unable to read information on python frame' + print('Unable to read information on python frame') return - filename = pyop.filename() + try: + filename = pyop.filename() + except CantReadFilename: -+ print "Unable to extract filename from python frame" ++ print("Unable to extract filename from python frame") + return lineno = pyop.current_line_num() diff --git a/SOURCES/00173-workaround-ENOPROTOOPT-in-bind_port.patch b/SOURCES/00173-workaround-ENOPROTOOPT-in-bind_port.patch index eb34610..3e83d67 100644 --- a/SOURCES/00173-workaround-ENOPROTOOPT-in-bind_port.patch +++ b/SOURCES/00173-workaround-ENOPROTOOPT-in-bind_port.patch @@ -8,6 +8,7 @@ diff -up Python-2.7.3/Lib/test/test_support.py.rhbz913732 Python-2.7.3/Lib/test/ - if hasattr(socket, 'SO_REUSEPORT'): + if hasattr(socket, 'SO_REUSEPORT') \ + and 'WITHIN_PYTHON_RPM_BUILD' not in os.environ: # rhbz#913732 - if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1: - raise TestFailed("tests should never set the SO_REUSEPORT " \ - "socket option on TCP/IP sockets!") + try: + if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1: + raise TestFailed("tests should never set the SO_REUSEPORT " \ + "socket option on TCP/IP sockets!") diff --git a/SOURCES/00183-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch b/SOURCES/00183-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch deleted file mode 100644 index e215589..0000000 --- a/SOURCES/00183-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch +++ /dev/null @@ -1,247 +0,0 @@ -diff -r 9ddc63c039ba Lib/test/nullbytecert.pem ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/Lib/test/nullbytecert.pem Sun Aug 11 18:13:17 2013 +0200 -@@ -0,0 +1,90 @@ -+Certificate: -+ Data: -+ Version: 3 (0x2) -+ Serial Number: 0 (0x0) -+ Signature Algorithm: sha1WithRSAEncryption -+ Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org -+ Validity -+ Not Before: Aug 7 13:11:52 2013 GMT -+ Not After : Aug 7 13:12:52 2013 GMT -+ Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org -+ Subject Public Key Info: -+ Public Key Algorithm: rsaEncryption -+ Public-Key: (2048 bit) -+ Modulus: -+ 00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3: -+ 03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97: -+ 16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2: -+ 88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1: -+ 32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4: -+ 56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8: -+ a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02: -+ 45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75: -+ ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91: -+ 90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d: -+ 7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30: -+ 68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7: -+ f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12: -+ f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5: -+ ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb: -+ d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f: -+ 9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da: -+ 2f:85 -+ Exponent: 65537 (0x10001) -+ X509v3 extensions: -+ X509v3 Basic Constraints: critical -+ CA:FALSE -+ X509v3 Subject Key Identifier: -+ 88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C -+ X509v3 Key Usage: -+ Digital Signature, Non Repudiation, Key Encipherment -+ X509v3 Subject Alternative Name: -+ ************************************************************* -+ WARNING: The values for DNS, email and URI are WRONG. OpenSSL -+ doesn't print the text after a NULL byte. -+ ************************************************************* -+ DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1 -+ Signature Algorithm: sha1WithRSAEncryption -+ ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5: -+ a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44: -+ 3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37: -+ 86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3: -+ 56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86: -+ de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac: -+ 3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4: -+ 60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60: -+ d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5: -+ 25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60: -+ 1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6: -+ 4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d: -+ 0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e: -+ 5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6: -+ c1:ca:a9:94 -+-----BEGIN CERTIFICATE----- -+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx -+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ -+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg -+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y -+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw -+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI -+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv -+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt -+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq -+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j -+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P -+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv -+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA -+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL -+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV -+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E -+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu -+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 -+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA -+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 -+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j -+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk -+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx -+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW -+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= -+-----END CERTIFICATE----- -diff -r 9ddc63c039ba Lib/test/test_ssl.py ---- a/Lib/test/test_ssl.py Sun Aug 11 13:04:50 2013 +0300 -+++ b/Lib/test/test_ssl.py Sun Aug 11 18:13:17 2013 +0200 -@@ -25,6 +25,7 @@ - HOST = test_support.HOST - CERTFILE = None - SVN_PYTHON_ORG_ROOT_CERT = None -+NULLBYTECERT = None - - def handle_error(prefix): - exc_format = ' '.join(traceback.format_exception(*sys.exc_info())) -@@ -123,6 +124,27 @@ - ('DNS', 'projects.forum.nokia.com')) - ) - -+ def test_parse_cert_CVE_2013_4073(self): -+ p = ssl._ssl._test_decode_cert(NULLBYTECERT) -+ if test_support.verbose: -+ sys.stdout.write("\n" + pprint.pformat(p) + "\n") -+ subject = ((('countryName', 'US'),), -+ (('stateOrProvinceName', 'Oregon'),), -+ (('localityName', 'Beaverton'),), -+ (('organizationName', 'Python Software Foundation'),), -+ (('organizationalUnitName', 'Python Core Development'),), -+ (('commonName', 'null.python.org\x00example.org'),), -+ (('emailAddress', 'python-dev@python.org'),)) -+ self.assertEqual(p['subject'], subject) -+ self.assertEqual(p['issuer'], subject) -+ self.assertEqual(p['subjectAltName'], -+ (('DNS', 'altnull.python.org\x00example.com'), -+ ('email', 'null@python.org\x00user@example.org'), -+ ('URI', 'http://null.python.org\x00http://example.org'), -+ ('IP Address', '192.0.2.1'), -+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n')) -+ ) -+ - def test_DER_to_PEM(self): - with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f: - pem = f.read() -@@ -1360,7 +1382,7 @@ - - - def test_main(verbose=False): -- global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT -+ global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT, NULLBYTECERT - CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, - "keycert.pem") - SVN_PYTHON_ORG_ROOT_CERT = os.path.join( -@@ -1368,10 +1390,13 @@ - "https_svn_python_org_root.pem") - NOKIACERT = os.path.join(os.path.dirname(__file__) or os.curdir, - "nokia.pem") -+ NULLBYTECERT = os.path.join(os.path.dirname(__file__) or os.curdir, -+ "nullbytecert.pem") - - if (not os.path.exists(CERTFILE) or - not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or -- not os.path.exists(NOKIACERT)): -+ not os.path.exists(NOKIACERT) or -+ not os.path.exists(NULLBYTECERT)): - raise test_support.TestFailed("Can't read certificate files!") - - tests = [BasicTests, BasicSocketTests] -diff -r 9ddc63c039ba Modules/_ssl.c ---- a/Modules/_ssl.c Sun Aug 11 13:04:50 2013 +0300 -+++ b/Modules/_ssl.c Sun Aug 11 18:13:17 2013 +0200 -@@ -741,8 +741,13 @@ - - /* get a rendering of each name in the set of names */ - -+ int gntype; -+ ASN1_STRING *as = NULL; -+ - name = sk_GENERAL_NAME_value(names, j); -- if (name->type == GEN_DIRNAME) { -+ gntype = name-> type; -+ switch (gntype) { -+ case GEN_DIRNAME: - - /* we special-case DirName as a tuple of tuples of attributes */ - -@@ -764,11 +769,61 @@ - goto fail; - } - PyTuple_SET_ITEM(t, 1, v); -+ break; - -- } else { -+ case GEN_EMAIL: -+ case GEN_DNS: -+ case GEN_URI: -+ /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string -+ correctly. */ -+ t = PyTuple_New(2); -+ if (t == NULL) -+ goto fail; -+ switch (gntype) { -+ case GEN_EMAIL: -+ v = PyUnicode_FromString("email"); -+ as = name->d.rfc822Name; -+ break; -+ case GEN_DNS: -+ v = PyUnicode_FromString("DNS"); -+ as = name->d.dNSName; -+ break; -+ case GEN_URI: -+ v = PyUnicode_FromString("URI"); -+ as = name->d.uniformResourceIdentifier; -+ break; -+ } -+ if (v == NULL) { -+ Py_DECREF(t); -+ goto fail; -+ } -+ PyTuple_SET_ITEM(t, 0, v); -+ v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ if (v == NULL) { -+ Py_DECREF(t); -+ goto fail; -+ } -+ PyTuple_SET_ITEM(t, 1, v); -+ break; - -+ default: - /* for everything else, we use the OpenSSL print form */ -- -+ switch (gntype) { -+ /* check for new general name type */ -+ case GEN_OTHERNAME: -+ case GEN_X400: -+ case GEN_EDIPARTY: -+ case GEN_IPADD: -+ case GEN_RID: -+ break; -+ default: -+ if (PyErr_Warn(PyExc_RuntimeWarning, -+ "Unknown general name type") == -1) { -+ goto fail; -+ } -+ break; -+ } - (void) BIO_reset(biobuf); - GENERAL_NAME_print(biobuf, name); - len = BIO_gets(biobuf, buf, sizeof(buf)-1); -@@ -794,6 +849,7 @@ - goto fail; - } - PyTuple_SET_ITEM(t, 1, v); -+ break; - } - - /* and add that rendering to the list */ diff --git a/SOURCES/00185-urllib2-honors-noproxy-for-ftp.patch b/SOURCES/00185-urllib2-honors-noproxy-for-ftp.patch new file mode 100644 index 0000000..b26c4d4 --- /dev/null +++ b/SOURCES/00185-urllib2-honors-noproxy-for-ftp.patch @@ -0,0 +1,12 @@ +diff -up Python-2.7.5/Lib/urllib2.py.orig Python-2.7.5/Lib/urllib2.py +--- Python-2.7.5/Lib/urllib2.py.orig 2013-07-17 12:22:58.595525622 +0200 ++++ Python-2.7.5/Lib/urllib2.py 2013-07-17 12:19:59.875898030 +0200 +@@ -728,6 +728,8 @@ class ProxyHandler(BaseHandler): + if proxy_type is None: + proxy_type = orig_type + ++ req.get_host() ++ + if req.host and proxy_bypass(req.host): + return None + diff --git a/SOURCES/00187-add-RPATH-to-pyexpat.patch b/SOURCES/00187-add-RPATH-to-pyexpat.patch new file mode 100644 index 0000000..0ac5227 --- /dev/null +++ b/SOURCES/00187-add-RPATH-to-pyexpat.patch @@ -0,0 +1,25 @@ +diff -r e8b8279ca118 setup.py +--- a/setup.py Sun Jul 21 21:57:52 2013 -0400 ++++ b/setup.py Tue Aug 20 09:45:31 2013 +0200 +@@ -1480,12 +1480,21 @@ + 'expat/xmltok_impl.h' + ] + ++ # Add an explicit RPATH to pyexpat.so pointing at the directory ++ # containing the system expat (which has the extra XML_SetHashSalt ++ # symbol), to avoid an ImportError with a link error if there's an ++ # LD_LIBRARY_PATH containing a "vanilla" build of expat (without the ++ # symbol) (rhbz#833271): ++ EXPAT_RPATH = '/usr/lib64' if sys.maxint == 0x7fffffffffffffff else '/usr/lib' ++ ++ + exts.append(Extension('pyexpat', + define_macros = define_macros, + include_dirs = expat_inc, + libraries = expat_lib, + sources = ['pyexpat.c'] + expat_sources, + depends = expat_depends, ++ extra_link_args = ['-Wl,-rpath,%s' % EXPAT_RPATH] + )) + + # Fredrik Lundh's cElementTree module. Note that this also diff --git a/SOURCES/00189-gdb-py-bt-dont-raise-exception-from-eval.patch b/SOURCES/00189-gdb-py-bt-dont-raise-exception-from-eval.patch new file mode 100644 index 0000000..4e82859 --- /dev/null +++ b/SOURCES/00189-gdb-py-bt-dont-raise-exception-from-eval.patch @@ -0,0 +1,11 @@ +--- Python-2.7.5-orig/Tools/gdb/libpython.py 2013-05-12 03:32:54.000000000 +0000 ++++ Python-2.7.5-orig/Tools/gdb/libpython.py 2013-09-15 09:56:25.494000000 +0000 +@@ -887,6 +887,8 @@ + newline character''' + if self.is_optimized_out(): + return '(frame information optimized out)' ++ if self.filename() == '': ++ return '(in an eval block)' + with open(self.filename(), 'r') as f: + all_lines = f.readlines() + # Convert from 1-based current_line_num to 0-based list offset: diff --git a/SOURCES/00191-disable-NOOP.patch b/SOURCES/00191-disable-NOOP.patch new file mode 100644 index 0000000..fbe9474 --- /dev/null +++ b/SOURCES/00191-disable-NOOP.patch @@ -0,0 +1,12 @@ +diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py +index 81806c9..e7881b9 100644 +--- a/Lib/test/test_smtplib.py ++++ b/Lib/test/test_smtplib.py +@@ -182,6 +182,7 @@ class DebuggingServerTests(unittest.TestCase): + smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=3) + smtp.quit() + ++ @unittest._skipInRpmBuild("Does not work in network-free environment") + def testNOOP(self): + smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=3) + expected = (250, 'Ok') diff --git a/SOURCES/05000-autotool-intermediates.patch b/SOURCES/05000-autotool-intermediates.patch index cfedc25..dfe0257 100644 --- a/SOURCES/05000-autotool-intermediates.patch +++ b/SOURCES/05000-autotool-intermediates.patch @@ -43,15 +43,6 @@ diff -up ./configure.autotool-intermediates ./configure --with-wctype-functions use wctype.h functions --with-fpectl enable SIGFPE catching --with-libm=STRING math library -@@ -5171,7 +5181,7 @@ esac - $as_echo_n "checking LIBRARY... " >&6; } - if test -z "$LIBRARY" - then -- LIBRARY='libpython$(VERSION).a' -+ LIBRARY='libpython$(VERSION)$(DEBUG_EXT).a' - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBRARY" >&5 - $as_echo "$LIBRARY" >&6; } @@ -5343,8 +5353,8 @@ $as_echo "#define Py_ENABLE_SHARED 1" >> INSTSONAME="$LDLIBRARY".$SOVERSION ;; @@ -60,7 +51,7 @@ diff -up ./configure.autotool-intermediates ./configure - BLDLIBRARY='-L. -lpython$(VERSION)' + LDLIBRARY='libpython$(VERSION)$(DEBUG_EXT).so' + BLDLIBRARY='-L. -lpython$(VERSION)$(DEBUG_EXT)' - RUNSHARED=LD_LIBRARY_PATH=`pwd`:${LD_LIBRARY_PATH} + RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} case $ac_sys_system in FreeBSD*) @@ -5367,7 +5377,7 @@ $as_echo "#define Py_ENABLE_SHARED 1" >> @@ -69,7 +60,7 @@ diff -up ./configure.autotool-intermediates ./configure LDLIBRARY='libpython$(VERSION).so' - BLDLIBRARY='-rpath $(LIBDIR) -L. -lpython$(VERSION)' + BLDLIBRARY='-L. -lpython$(VERSION)' - RUNSHARED=LD_LIBRARY_PATH=`pwd`:${LD_LIBRARY_PATH} + RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} ;; atheos*) @@ -5894,6 +5904,14 @@ $as_echo "no" >&6; } diff --git a/SOURCES/CVE-2013-1752.patch b/SOURCES/CVE-2013-1752.patch new file mode 100644 index 0000000..ff2be9d --- /dev/null +++ b/SOURCES/CVE-2013-1752.patch @@ -0,0 +1,203 @@ + +# HG changeset patch +# User Benjamin Peterson +# Date 1417827758 18000 +# Node ID 339f877cca115c1901f5dd93d7bc066031d2a669 +# Parent 54af094087953f4997a4ead63e949d845c4b4412 +in poplib, limit maximum line length that we read from the network (closes #16041) + +Patch from Berker Peksag. + +diff --git a/Lib/poplib.py b/Lib/poplib.py +--- a/Lib/poplib.py ++++ b/Lib/poplib.py +@@ -32,6 +32,12 @@ CR = '\r' + LF = '\n' + CRLF = CR+LF + ++# maximal line length when calling readline(). This is to prevent ++# reading arbitrary length lines. RFC 1939 limits POP3 line length to ++# 512 characters, including CRLF. We have selected 2048 just to be on ++# the safe side. ++_MAXLINE = 2048 ++ + + class POP3: + +@@ -103,7 +109,9 @@ class POP3: + # Raise error_proto('-ERR EOF') if the connection is closed. + + def _getline(self): +- line = self.file.readline() ++ line = self.file.readline(_MAXLINE + 1) ++ if len(line) > _MAXLINE: ++ raise error_proto('line too long') + if self._debugging > 1: print '*get*', repr(line) + if not line: raise error_proto('-ERR EOF') + octets = len(line) +@@ -365,6 +373,8 @@ else: + match = renewline.match(self.buffer) + while not match: + self._fillBuffer() ++ if len(self.buffer) > _MAXLINE: ++ raise error_proto('line too long') + match = renewline.match(self.buffer) + line = match.group(0) + self.buffer = renewline.sub('' ,self.buffer, 1) +diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py +--- a/Lib/test/test_poplib.py ++++ b/Lib/test/test_poplib.py +@@ -198,6 +198,10 @@ class TestPOP3Class(TestCase): + 113) + self.assertEqual(self.client.retr('foo'), expected) + ++ def test_too_long_lines(self): ++ self.assertRaises(poplib.error_proto, self.client._shortcmd, ++ 'echo +%s' % ((poplib._MAXLINE + 10) * 'a')) ++ + def test_dele(self): + self.assertOK(self.client.dele('foo')) + + + +# HG changeset patch +# User Benjamin Peterson +# Date 1417827918 18000 +# Node ID 923aac88a3cc76a95d5a04d9d3ece245147a8064 +# Parent 339f877cca115c1901f5dd93d7bc066031d2a669 +smtplib: limit amount read from the network (closes #16042) + +diff --git a/Lib/smtplib.py b/Lib/smtplib.py +--- a/Lib/smtplib.py ++++ b/Lib/smtplib.py +@@ -57,6 +57,7 @@ from sys import stderr + SMTP_PORT = 25 + SMTP_SSL_PORT = 465 + CRLF = "\r\n" ++_MAXLINE = 8192 # more than 8 times larger than RFC 821, 4.5.3 + + OLDSTYLE_AUTH = re.compile(r"auth=(.*)", re.I) + +@@ -179,10 +180,14 @@ else: + def __init__(self, sslobj): + self.sslobj = sslobj + +- def readline(self): ++ def readline(self, size=-1): ++ if size < 0: ++ size = None + str = "" + chr = None + while chr != "\n": ++ if size is not None and len(str) >= size: ++ break + chr = self.sslobj.read(1) + if not chr: + break +@@ -353,7 +358,7 @@ class SMTP: + self.file = self.sock.makefile('rb') + while 1: + try: +- line = self.file.readline() ++ line = self.file.readline(_MAXLINE + 1) + except socket.error as e: + self.close() + raise SMTPServerDisconnected("Connection unexpectedly closed: " +@@ -363,6 +368,8 @@ class SMTP: + raise SMTPServerDisconnected("Connection unexpectedly closed") + if self.debuglevel > 0: + print>>stderr, 'reply:', repr(line) ++ if len(line) > _MAXLINE: ++ raise SMTPResponseException(500, "Line too long.") + resp.append(line[4:].strip()) + code = line[:3] + # Check that the error code is syntactically correct. +diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py +--- a/Lib/test/test_smtplib.py ++++ b/Lib/test/test_smtplib.py +@@ -292,6 +292,33 @@ class BadHELOServerTests(unittest.TestCa + HOST, self.port, 'localhost', 3) + + ++@unittest.skipUnless(threading, 'Threading required for this test.') ++class TooLongLineTests(unittest.TestCase): ++ respdata = '250 OK' + ('.' * smtplib._MAXLINE * 2) + '\n' ++ ++ def setUp(self): ++ self.old_stdout = sys.stdout ++ self.output = StringIO.StringIO() ++ sys.stdout = self.output ++ ++ self.evt = threading.Event() ++ self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ++ self.sock.settimeout(15) ++ self.port = test_support.bind_port(self.sock) ++ servargs = (self.evt, self.respdata, self.sock) ++ threading.Thread(target=server, args=servargs).start() ++ self.evt.wait() ++ self.evt.clear() ++ ++ def tearDown(self): ++ self.evt.wait() ++ sys.stdout = self.old_stdout ++ ++ def testLineTooLong(self): ++ self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP, ++ HOST, self.port, 'localhost', 3) ++ ++ + sim_users = {'Mr.A@somewhere.com':'John A', + 'Ms.B@somewhere.com':'Sally B', + 'Mrs.C@somewhereesle.com':'Ruth C', +@@ -526,7 +553,8 @@ class SMTPSimTests(unittest.TestCase): + def test_main(verbose=None): + test_support.run_unittest(GeneralTests, DebuggingServerTests, + NonConnectingTests, +- BadHELOServerTests, SMTPSimTests) ++ BadHELOServerTests, SMTPSimTests, ++ TooLongLineTests) + + if __name__ == '__main__': + test_main() + +diff --git a/Lib/httplib.py b/Lib/httplib.py +--- a/Lib/httplib.py ++++ b/Lib/httplib.py +@@ -211,6 +211,10 @@ responses = { + # maximal line length when calling readline(). + _MAXLINE = 65536 + ++# maximum amount of headers accepted ++_MAXHEADERS = 100 ++ ++ + class HTTPMessage(mimetools.Message): + + def addheader(self, key, value): +@@ -267,6 +271,8 @@ class HTTPMessage(mimetools.Message): + elif self.seekable: + tell = self.fp.tell + while True: ++ if len(hlist) > _MAXHEADERS: ++ raise HTTPException("got more than %d headers" % _MAXHEADERS) + if tell: + try: + startofline = tell() + +diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py +--- a/Lib/test/test_httplib.py ++++ b/Lib/test/test_httplib.py +@@ -152,6 +152,13 @@ class BasicTest(TestCase): + if resp.read() != "": + self.fail("Did not expect response from HEAD request") + ++ def test_too_many_headers(self): ++ headers = '\r\n'.join('Header%d: foo' % i for i in xrange(200)) + '\r\n' ++ text = ('HTTP/1.1 200 OK\r\n' + headers) ++ s = FakeSocket(text) ++ r = httplib.HTTPResponse(s) ++ self.assertRaises(httplib.HTTPException, r.begin) ++ + def test_send_file(self): + expected = 'GET /foo HTTP/1.1\r\nHost: example.com\r\n' \ + 'Accept-Encoding: identity\r\nContent-Length:' diff --git a/SOURCES/python-2.6-rpath.patch b/SOURCES/python-2.6-rpath.patch index 43e3ec4..33d7cf6 100644 --- a/SOURCES/python-2.6-rpath.patch +++ b/SOURCES/python-2.6-rpath.patch @@ -7,6 +7,6 @@ diff -up Python-2.6/configure.ac.rpath Python-2.6/configure.ac LDLIBRARY='libpython$(VERSION).so' - BLDLIBRARY='-rpath $(LIBDIR) -L. -lpython$(VERSION)' + BLDLIBRARY='-L. -lpython$(VERSION)' - RUNSHARED=LD_LIBRARY_PATH=`pwd`:${LD_LIBRARY_PATH} + RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} ;; atheos*) diff --git a/SOURCES/python-2.7.3-debug-build.patch b/SOURCES/python-2.7.3-debug-build.patch index 5b6cda7..ee0b2a2 100644 --- a/SOURCES/python-2.7.3-debug-build.patch +++ b/SOURCES/python-2.7.3-debug-build.patch @@ -1,45 +1,7 @@ -diff -up Python-2.7.3/configure.ac.debug-build Python-2.7.3/configure.ac ---- Python-2.7.3/configure.ac.debug-build 2012-04-18 19:46:22.066498521 -0400 -+++ Python-2.7.3/configure.ac 2012-04-18 19:46:22.078498372 -0400 -@@ -635,7 +635,7 @@ AC_SUBST(LIBRARY) - AC_MSG_CHECKING(LIBRARY) - if test -z "$LIBRARY" - then -- LIBRARY='libpython$(VERSION).a' -+ LIBRARY='libpython$(VERSION)$(DEBUG_EXT).a' - fi - AC_MSG_RESULT($LIBRARY) - -@@ -780,8 +780,8 @@ if test $enable_shared = "yes"; then - INSTSONAME="$LDLIBRARY".$SOVERSION - ;; - Linux*|GNU*|NetBSD*|FreeBSD*|DragonFly*|OpenBSD*) -- LDLIBRARY='libpython$(VERSION).so' -- BLDLIBRARY='-L. -lpython$(VERSION)' -+ LDLIBRARY='libpython$(VERSION)$(DEBUG_EXT).so' -+ BLDLIBRARY='-L. -lpython$(VERSION)$(DEBUG_EXT)' - RUNSHARED=LD_LIBRARY_PATH=`pwd`:${LD_LIBRARY_PATH} - case $ac_sys_system in - FreeBSD*) -@@ -905,6 +905,14 @@ else AC_MSG_RESULT(no); Py_DEBUG='false' - fi], - [AC_MSG_RESULT(no)]) - -+if test "$Py_DEBUG" = 'true' -+then -+ DEBUG_EXT=_d -+ DEBUG_SUFFIX=-debug -+fi -+AC_SUBST(DEBUG_EXT) -+AC_SUBST(DEBUG_SUFFIX) -+ - # XXX Shouldn't the code above that fiddles with BASECFLAGS and OPT be - # merged with this chunk of code? - -diff -up Python-2.7.3/Lib/distutils/command/build_ext.py.debug-build Python-2.7.3/Lib/distutils/command/build_ext.py ---- Python-2.7.3/Lib/distutils/command/build_ext.py.debug-build 2012-04-09 19:07:29.000000000 -0400 -+++ Python-2.7.3/Lib/distutils/command/build_ext.py 2012-04-18 19:46:22.079498360 -0400 -@@ -676,7 +676,10 @@ class build_ext (Command): +diff -up Python-2.7.6/Lib/distutils/command/build_ext.py.debug-build Python-2.7.6/Lib/distutils/command/build_ext.py +--- Python-2.7.6/Lib/distutils/command/build_ext.py.debug-build 2013-11-10 08:36:40.000000000 +0100 ++++ Python-2.7.6/Lib/distutils/command/build_ext.py 2014-01-29 14:13:08.815888533 +0100 +@@ -674,7 +674,10 @@ class build_ext (Command): so_ext = get_config_var('SO') if os.name == 'nt' and self.debug: return os.path.join(*ext_path) + '_d' + so_ext @@ -51,7 +13,7 @@ diff -up Python-2.7.3/Lib/distutils/command/build_ext.py.debug-build Python-2.7. def get_export_symbols (self, ext): """Return the list of symbols that a shared extension has to -@@ -761,6 +764,8 @@ class build_ext (Command): +@@ -759,6 +762,8 @@ class build_ext (Command): template = "python%d.%d" pythonlib = (template % (sys.hexversion >> 24, (sys.hexversion >> 16) & 0xff)) @@ -60,10 +22,10 @@ diff -up Python-2.7.3/Lib/distutils/command/build_ext.py.debug-build Python-2.7. return ext.libraries + [pythonlib] else: return ext.libraries -diff -up Python-2.7.3/Lib/distutils/sysconfig.py.debug-build Python-2.7.3/Lib/distutils/sysconfig.py ---- Python-2.7.3/Lib/distutils/sysconfig.py.debug-build 2012-04-18 19:46:21.988499499 -0400 -+++ Python-2.7.3/Lib/distutils/sysconfig.py 2012-04-18 19:46:22.080498348 -0400 -@@ -85,7 +85,8 @@ def get_python_inc(plat_specific=0, pref +diff -up Python-2.7.6/Lib/distutils/sysconfig.py.debug-build Python-2.7.6/Lib/distutils/sysconfig.py +--- Python-2.7.6/Lib/distutils/sysconfig.py.debug-build 2014-01-29 14:13:08.770891379 +0100 ++++ Python-2.7.6/Lib/distutils/sysconfig.py 2014-01-29 14:13:08.815888533 +0100 +@@ -90,7 +90,8 @@ def get_python_inc(plat_specific=0, pref # Include is located in the srcdir inc_dir = os.path.join(srcdir, "Include") return inc_dir @@ -73,7 +35,7 @@ diff -up Python-2.7.3/Lib/distutils/sysconfig.py.debug-build Python-2.7.3/Lib/di elif os.name == "nt": return os.path.join(prefix, "include") elif os.name == "os2": -@@ -250,7 +251,7 @@ def get_makefile_filename(): +@@ -247,7 +248,7 @@ def get_makefile_filename(): if python_build: return os.path.join(project_base, "Makefile") lib_dir = get_python_lib(plat_specific=1, standard_lib=1) @@ -82,9 +44,9 @@ diff -up Python-2.7.3/Lib/distutils/sysconfig.py.debug-build Python-2.7.3/Lib/di def parse_config_h(fp, g=None): -diff -up Python-2.7.3/Lib/distutils/tests/test_install.py.debug-build Python-2.7.3/Lib/distutils/tests/test_install.py ---- Python-2.7.3/Lib/distutils/tests/test_install.py.debug-build 2012-04-18 19:46:21.997499385 -0400 -+++ Python-2.7.3/Lib/distutils/tests/test_install.py 2012-04-18 19:46:22.080498348 -0400 +diff -up Python-2.7.6/Lib/distutils/tests/test_install.py.debug-build Python-2.7.6/Lib/distutils/tests/test_install.py +--- Python-2.7.6/Lib/distutils/tests/test_install.py.debug-build 2014-01-29 14:13:08.779890810 +0100 ++++ Python-2.7.6/Lib/distutils/tests/test_install.py 2014-01-29 14:13:08.815888533 +0100 @@ -20,8 +20,9 @@ from distutils.tests import support @@ -96,10 +58,10 @@ diff -up Python-2.7.3/Lib/distutils/tests/test_install.py.debug-build Python-2.7 return modname + sysconfig.get_config_var('SO') -diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in ---- Python-2.7.3/Makefile.pre.in.debug-build 2012-04-18 19:46:22.073498437 -0400 -+++ Python-2.7.3/Makefile.pre.in 2012-04-18 19:48:46.336694896 -0400 -@@ -102,8 +102,8 @@ SCRIPTDIR= $(prefix)/lib64 +diff -up Python-2.7.6/Makefile.pre.in.debug-build Python-2.7.6/Makefile.pre.in +--- Python-2.7.6/Makefile.pre.in.debug-build 2014-01-29 14:13:08.800889482 +0100 ++++ Python-2.7.6/Makefile.pre.in 2014-01-29 14:17:30.929316462 +0100 +@@ -111,8 +111,8 @@ SCRIPTDIR= $(prefix)/lib64 # Detailed destination directories BINLIBDEST= $(LIBDIR)/python$(VERSION) LIBDEST= $(SCRIPTDIR)/python$(VERSION) @@ -110,7 +72,7 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in LIBP= $(LIBDIR)/python$(VERSION) # Symbols used for using shared libraries -@@ -117,6 +117,12 @@ DESTSHARED= $(BINLIBDEST)/lib-dynload +@@ -126,6 +126,12 @@ DESTSHARED= $(BINLIBDEST)/lib-dynload EXE= @EXEEXT@ BUILDEXE= @BUILDEXEEXT@ @@ -123,7 +85,7 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in # Short name and location for Mac OS X Python framework UNIVERSALSDK=@UNIVERSALSDK@ PYTHONFRAMEWORK= @PYTHONFRAMEWORK@ -@@ -180,8 +186,8 @@ LIBOBJDIR= Python/ +@@ -189,8 +195,8 @@ LIBOBJDIR= Python/ LIBOBJS= @LIBOBJS@ UNICODE_OBJS= @UNICODE_OBJS@ @@ -134,8 +96,8 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in PYTHON_FOR_BUILD=@PYTHON_FOR_BUILD@ _PYTHON_HOST_PLATFORM=@_PYTHON_HOST_PLATFORM@ -@@ -413,7 +419,7 @@ sharedmods: $(BUILDPYTHON) - $(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \ +@@ -464,7 +470,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.tx + _TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build -libpython$(VERSION).so: $(LIBRARY_OBJS) @@ -143,7 +105,7 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in if test $(INSTSONAME) != $(LDLIBRARY); then \ $(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \ $(LN) -f $(INSTSONAME) $@; \ -@@ -796,18 +802,18 @@ bininstall: altbininstall +@@ -856,18 +862,18 @@ bininstall: altbininstall then rm -f $(DESTDIR)$(BINDIR)/$(PYTHON); \ else true; \ fi @@ -173,7 +135,7 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in # Install the interpreter with $(VERSION) affixed # This goes into $(exec_prefix) -@@ -820,7 +826,7 @@ altbininstall: $(BUILDPYTHON) +@@ -880,7 +886,7 @@ altbininstall: $(BUILDPYTHON) else true; \ fi; \ done @@ -182,7 +144,7 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in if test -f $(LDLIBRARY); then \ if test -n "$(DLLLIBRARY)" ; then \ $(INSTALL_SHARED) $(DLLLIBRARY) $(DESTDIR)$(BINDIR); \ -@@ -970,10 +976,11 @@ $(srcdir)/Lib/$(PLATDIR): +@@ -1046,10 +1052,11 @@ $(srcdir)/Lib/$(PLATDIR): fi; \ cd $(srcdir)/Lib/$(PLATDIR); $(RUNSHARED) ./regen @@ -196,7 +158,7 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in # Install the include files INCLDIRSTOMAKE=$(INCLUDEDIR) $(CONFINCLUDEDIR) $(INCLUDEPY) $(CONFINCLUDEPY) -@@ -994,13 +1001,13 @@ inclinstall: +@@ -1070,13 +1077,13 @@ inclinstall: $(INSTALL_DATA) pyconfig.h $(DESTDIR)$(CONFINCLUDEPY)/pyconfig.h # Install the library and miscellaneous stuff needed for extending/embedding @@ -213,7 +175,7 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC); \ do \ if test ! -d $(DESTDIR)$$i; then \ -@@ -1016,11 +1023,10 @@ libainstall: all python-config +@@ -1092,11 +1099,10 @@ libainstall: all python-config $(INSTALL_DATA) Modules/Setup $(DESTDIR)$(LIBPL)/Setup $(INSTALL_DATA) Modules/Setup.local $(DESTDIR)$(LIBPL)/Setup.local $(INSTALL_DATA) Modules/Setup.config $(DESTDIR)$(LIBPL)/Setup.config @@ -227,9 +189,9 @@ diff -up Python-2.7.3/Makefile.pre.in.debug-build Python-2.7.3/Makefile.pre.in @if [ -s Modules/python.exp -a \ "`echo $(MACHDEP) | sed 's/^\(...\).*/\1/'`" = "aix" ]; then \ echo; echo "Installing support files for building shared extension modules on AIX:"; \ -diff -up Python-2.7.3/Misc/python-config.in.debug-build Python-2.7.3/Misc/python-config.in ---- Python-2.7.3/Misc/python-config.in.debug-build 2012-04-09 19:07:33.000000000 -0400 -+++ Python-2.7.3/Misc/python-config.in 2012-04-18 19:46:22.082498324 -0400 +diff -up Python-2.7.6/Misc/python-config.in.debug-build Python-2.7.6/Misc/python-config.in +--- Python-2.7.6/Misc/python-config.in.debug-build 2013-11-10 08:36:41.000000000 +0100 ++++ Python-2.7.6/Misc/python-config.in 2014-01-29 14:13:08.816888470 +0100 @@ -45,7 +45,7 @@ for opt in opt_flags: elif opt in ('--libs', '--ldflags'): @@ -239,9 +201,9 @@ diff -up Python-2.7.3/Misc/python-config.in.debug-build Python-2.7.3/Misc/python # add the prefix/lib/pythonX.Y/config dir, but only if there is no # shared library in prefix/lib/. if opt == '--ldflags': -diff -up Python-2.7.3/Modules/makesetup.debug-build Python-2.7.3/Modules/makesetup ---- Python-2.7.3/Modules/makesetup.debug-build 2012-04-09 19:07:34.000000000 -0400 -+++ Python-2.7.3/Modules/makesetup 2012-04-18 19:46:22.083498312 -0400 +diff -up Python-2.7.6/Modules/makesetup.debug-build Python-2.7.6/Modules/makesetup +--- Python-2.7.6/Modules/makesetup.debug-build 2013-11-10 08:36:41.000000000 +0100 ++++ Python-2.7.6/Modules/makesetup 2014-01-29 14:13:08.817888407 +0100 @@ -233,7 +233,7 @@ sed -e 's/[ ]*#.*//' -e '/^[ ]*$/d' | *$mod.o*) base=$mod;; *) base=${mod}module;; @@ -251,9 +213,9 @@ diff -up Python-2.7.3/Modules/makesetup.debug-build Python-2.7.3/Modules/makeset case $doconfig in no) SHAREDMODS="$SHAREDMODS $file";; esac -diff -up Python-2.7.3/Python/dynload_shlib.c.debug-build Python-2.7.3/Python/dynload_shlib.c ---- Python-2.7.3/Python/dynload_shlib.c.debug-build 2012-04-09 19:07:35.000000000 -0400 -+++ Python-2.7.3/Python/dynload_shlib.c 2012-04-18 19:46:22.083498312 -0400 +diff -up Python-2.7.6/Python/dynload_shlib.c.debug-build Python-2.7.6/Python/dynload_shlib.c +--- Python-2.7.6/Python/dynload_shlib.c.debug-build 2013-11-10 08:36:41.000000000 +0100 ++++ Python-2.7.6/Python/dynload_shlib.c 2014-01-29 14:13:08.817888407 +0100 @@ -46,11 +46,16 @@ const struct filedescr _PyImport_DynLoad {"module.exe", "rb", C_EXTENSION}, {"MODULE.EXE", "rb", C_EXTENSION}, @@ -274,9 +236,9 @@ diff -up Python-2.7.3/Python/dynload_shlib.c.debug-build Python-2.7.3/Python/dyn {0, 0} }; -diff -up Python-2.7.3/Python/sysmodule.c.debug-build Python-2.7.3/Python/sysmodule.c ---- Python-2.7.3/Python/sysmodule.c.debug-build 2012-04-09 19:07:35.000000000 -0400 -+++ Python-2.7.3/Python/sysmodule.c 2012-04-18 19:46:22.083498312 -0400 +diff -up Python-2.7.6/Python/sysmodule.c.debug-build Python-2.7.6/Python/sysmodule.c +--- Python-2.7.6/Python/sysmodule.c.debug-build 2013-11-10 08:36:41.000000000 +0100 ++++ Python-2.7.6/Python/sysmodule.c 2014-01-29 14:13:08.817888407 +0100 @@ -1506,6 +1506,12 @@ _PySys_Init(void) PyString_FromString("legacy")); #endif @@ -290,3 +252,41 @@ diff -up Python-2.7.3/Python/sysmodule.c.debug-build Python-2.7.3/Python/sysmodu #undef SET_SYS_FROM_STRING if (PyErr_Occurred()) return NULL; +diff -up Python-2.7.6/configure.ac.debug-build Python-2.7.6/configure.ac +--- Python-2.7.6/configure.ac.debug-build 2014-01-29 14:13:08.796889735 +0100 ++++ Python-2.7.6/configure.ac 2014-01-29 14:13:08.814888597 +0100 +@@ -738,7 +738,7 @@ AC_SUBST(LIBRARY) + AC_MSG_CHECKING(LIBRARY) + if test -z "$LIBRARY" + then +- LIBRARY='libpython$(VERSION).a' ++ LIBRARY='libpython$(VERSION)$(DEBUG_EXT).a' + fi + AC_MSG_RESULT($LIBRARY) + +@@ -884,8 +884,8 @@ if test $enable_shared = "yes"; then + INSTSONAME="$LDLIBRARY".$SOVERSION + ;; + Linux*|GNU*|NetBSD*|FreeBSD*|DragonFly*|OpenBSD*) +- LDLIBRARY='libpython$(VERSION).so' +- BLDLIBRARY='-L. -lpython$(VERSION)' ++ LDLIBRARY='libpython$(VERSION)$(DEBUG_EXT).so' ++ BLDLIBRARY='-L. -lpython$(VERSION)$(DEBUG_EXT)' + RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} + case $ac_sys_system in + FreeBSD*) +@@ -1028,6 +1028,14 @@ else AC_MSG_RESULT(no); Py_DEBUG='false' + fi], + [AC_MSG_RESULT(no)]) + ++if test "$Py_DEBUG" = 'true' ++then ++ DEBUG_EXT=_d ++ DEBUG_SUFFIX=-debug ++fi ++AC_SUBST(DEBUG_EXT) ++AC_SUBST(DEBUG_SUFFIX) ++ + # XXX Shouldn't the code above that fiddles with BASECFLAGS and OPT be + # merged with this chunk of code? + diff --git a/SOURCES/python-2.7.3-lib64.patch b/SOURCES/python-2.7.3-lib64.patch index 71f32c5..678d916 100644 --- a/SOURCES/python-2.7.3-lib64.patch +++ b/SOURCES/python-2.7.3-lib64.patch @@ -1,6 +1,6 @@ -diff -up Python-2.7.3/Lib/distutils/command/install.py.lib64 Python-2.7.3/Lib/distutils/command/install.py ---- Python-2.7.3/Lib/distutils/command/install.py.lib64 2012-04-09 19:07:29.000000000 -0400 -+++ Python-2.7.3/Lib/distutils/command/install.py 2013-02-19 13:58:20.446015129 -0500 +diff -up Python-2.7.6/Lib/distutils/command/install.py.lib64 Python-2.7.6/Lib/distutils/command/install.py +--- Python-2.7.6/Lib/distutils/command/install.py.lib64 2013-11-10 08:36:40.000000000 +0100 ++++ Python-2.7.6/Lib/distutils/command/install.py 2014-01-29 13:51:19.779590378 +0100 @@ -42,14 +42,14 @@ else: INSTALL_SCHEMES = { 'unix_prefix': { @@ -18,10 +18,10 @@ diff -up Python-2.7.3/Lib/distutils/command/install.py.lib64 Python-2.7.3/Lib/di 'headers': '$base/include/python/$dist_name', 'scripts': '$base/bin', 'data' : '$base', -diff -up Python-2.7.3/Lib/distutils/sysconfig.py.lib64 Python-2.7.3/Lib/distutils/sysconfig.py ---- Python-2.7.3/Lib/distutils/sysconfig.py.lib64 2012-04-09 19:07:29.000000000 -0400 -+++ Python-2.7.3/Lib/distutils/sysconfig.py 2013-02-19 13:58:20.446015129 -0500 -@@ -114,8 +114,12 @@ def get_python_lib(plat_specific=0, stan +diff -up Python-2.7.6/Lib/distutils/sysconfig.py.lib64 Python-2.7.6/Lib/distutils/sysconfig.py +--- Python-2.7.6/Lib/distutils/sysconfig.py.lib64 2013-11-10 08:36:40.000000000 +0100 ++++ Python-2.7.6/Lib/distutils/sysconfig.py 2014-01-29 13:51:19.779590378 +0100 +@@ -119,8 +119,12 @@ def get_python_lib(plat_specific=0, stan prefix = plat_specific and EXEC_PREFIX or PREFIX if os.name == "posix": @@ -35,10 +35,10 @@ diff -up Python-2.7.3/Lib/distutils/sysconfig.py.lib64 Python-2.7.3/Lib/distutil if standard_lib: return libpython else: -diff -up Python-2.7.3/Lib/site.py.lib64 Python-2.7.3/Lib/site.py ---- Python-2.7.3/Lib/site.py.lib64 2012-04-09 19:07:31.000000000 -0400 -+++ Python-2.7.3/Lib/site.py 2013-02-19 13:58:20.447015128 -0500 -@@ -300,12 +300,16 @@ def getsitepackages(): +diff -up Python-2.7.6/Lib/site.py.lib64 Python-2.7.6/Lib/site.py +--- Python-2.7.6/Lib/site.py.lib64 2013-11-10 08:36:40.000000000 +0100 ++++ Python-2.7.6/Lib/site.py 2014-01-29 13:51:19.779590378 +0100 +@@ -288,12 +288,16 @@ def getsitepackages(): if sys.platform in ('os2emx', 'riscos'): sitepackages.append(os.path.join(prefix, "Lib", "site-packages")) elif os.sep == '/': @@ -55,9 +55,9 @@ diff -up Python-2.7.3/Lib/site.py.lib64 Python-2.7.3/Lib/site.py sitepackages.append(os.path.join(prefix, "lib", "site-packages")) if sys.platform == "darwin": # for framework builds *only* we add the standard Apple -diff -up Python-2.7.3/Lib/test/test_site.py.lib64 Python-2.7.3/Lib/test/test_site.py ---- Python-2.7.3/Lib/test/test_site.py.lib64 2012-04-09 19:07:32.000000000 -0400 -+++ Python-2.7.3/Lib/test/test_site.py 2013-02-19 13:58:20.447015128 -0500 +diff -up Python-2.7.6/Lib/test/test_site.py.lib64 Python-2.7.6/Lib/test/test_site.py +--- Python-2.7.6/Lib/test/test_site.py.lib64 2013-11-10 08:36:40.000000000 +0100 ++++ Python-2.7.6/Lib/test/test_site.py 2014-01-29 13:51:19.780590315 +0100 @@ -241,17 +241,20 @@ class HelperFunctionsTests(unittest.Test self.assertEqual(dirs[2], wanted) elif os.sep == '/': @@ -83,10 +83,10 @@ diff -up Python-2.7.3/Lib/test/test_site.py.lib64 Python-2.7.3/Lib/test/test_sit self.assertEqual(dirs[1], wanted) class PthFile(object): -diff -up Python-2.7.3/Makefile.pre.in.lib64 Python-2.7.3/Makefile.pre.in ---- Python-2.7.3/Makefile.pre.in.lib64 2013-02-19 13:58:20.435015131 -0500 -+++ Python-2.7.3/Makefile.pre.in 2013-02-19 13:58:20.447015128 -0500 -@@ -97,7 +97,7 @@ LIBDIR= @libdir@ +diff -up Python-2.7.6/Makefile.pre.in.lib64 Python-2.7.6/Makefile.pre.in +--- Python-2.7.6/Makefile.pre.in.lib64 2014-01-29 13:51:19.773590757 +0100 ++++ Python-2.7.6/Makefile.pre.in 2014-01-29 13:51:19.780590315 +0100 +@@ -106,7 +106,7 @@ LIBDIR= @libdir@ MANDIR= @mandir@ INCLUDEDIR= @includedir@ CONFINCLUDEDIR= $(exec_prefix)/include @@ -95,9 +95,30 @@ diff -up Python-2.7.3/Makefile.pre.in.lib64 Python-2.7.3/Makefile.pre.in # Detailed destination directories BINLIBDEST= $(LIBDIR)/python$(VERSION) -diff -up Python-2.7.3/Modules/getpath.c.lib64 Python-2.7.3/Modules/getpath.c ---- Python-2.7.3/Modules/getpath.c.lib64 2012-04-09 19:07:34.000000000 -0400 -+++ Python-2.7.3/Modules/getpath.c 2013-02-19 13:58:20.448015128 -0500 +diff -up Python-2.7.6/Modules/Setup.dist.lib64 Python-2.7.6/Modules/Setup.dist +--- Python-2.7.6/Modules/Setup.dist.lib64 2014-01-29 13:51:19.768591073 +0100 ++++ Python-2.7.6/Modules/Setup.dist 2014-01-29 13:51:19.781590252 +0100 +@@ -416,7 +416,7 @@ gdbm gdbmmodule.c -lgdbm + # Edit the variables DB and DBLIBVERto point to the db top directory + # and the subdirectory of PORT where you built it. + DBINC=/usr/include/libdb +-DBLIB=/usr/lib ++DBLIB=/usr/lib64 + _bsddb _bsddb.c -I$(DBINC) -L$(DBLIB) -ldb + + # Historical Berkeley DB 1.85 +@@ -462,7 +462,7 @@ cPickle cPickle.c + # Andrew Kuchling's zlib module. + # This require zlib 1.1.3 (or later). + # See http://www.gzip.org/zlib/ +-zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib -lz ++zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib64 -lz + + # Interface to the Expat XML parser + # +diff -up Python-2.7.6/Modules/getpath.c.lib64 Python-2.7.6/Modules/getpath.c +--- Python-2.7.6/Modules/getpath.c.lib64 2013-11-10 08:36:41.000000000 +0100 ++++ Python-2.7.6/Modules/getpath.c 2014-01-29 13:51:19.781590252 +0100 @@ -117,8 +117,8 @@ #endif @@ -118,7 +139,7 @@ diff -up Python-2.7.3/Modules/getpath.c.lib64 Python-2.7.3/Modules/getpath.c static void reduce(char *dir) -@@ -528,7 +528,7 @@ calculate_path(void) +@@ -543,7 +543,7 @@ calculate_path(void) } else strncpy(zip_path, PREFIX, MAXPATHLEN); @@ -127,7 +148,7 @@ diff -up Python-2.7.3/Modules/getpath.c.lib64 Python-2.7.3/Modules/getpath.c bufsz = strlen(zip_path); /* Replace "00" with version */ zip_path[bufsz - 6] = VERSION[0]; zip_path[bufsz - 5] = VERSION[2]; -@@ -538,7 +538,7 @@ calculate_path(void) +@@ -553,7 +553,7 @@ calculate_path(void) fprintf(stderr, "Could not find platform dependent libraries \n"); strncpy(exec_prefix, EXEC_PREFIX, MAXPATHLEN); @@ -136,40 +157,19 @@ diff -up Python-2.7.3/Modules/getpath.c.lib64 Python-2.7.3/Modules/getpath.c } /* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */ -diff -up Python-2.7.3/Modules/Setup.dist.lib64 Python-2.7.3/Modules/Setup.dist ---- Python-2.7.3/Modules/Setup.dist.lib64 2013-02-19 13:58:20.442015131 -0500 -+++ Python-2.7.3/Modules/Setup.dist 2013-02-19 14:02:25.255998391 -0500 -@@ -413,7 +413,7 @@ gdbm gdbmmodule.c -lgdbm - # Edit the variables DB and DBLIBVERto point to the db top directory - # and the subdirectory of PORT where you built it. - DBINC=/usr/include/libdb --DBLIB=/usr/lib -+DBLIB=/usr/lib64 - _bsddb _bsddb.c -I$(DBINC) -L$(DBLIB) -ldb - - # Historical Berkeley DB 1.85 -@@ -459,7 +459,7 @@ cPickle cPickle.c - # Andrew Kuchling's zlib module. - # This require zlib 1.1.3 (or later). - # See http://www.gzip.org/zlib/ --zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib -lz -+zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib64 -lz - - # Interface to the Expat XML parser - # -diff -up Python-2.7.3/setup.py.lib64 Python-2.7.3/setup.py ---- Python-2.7.3/setup.py.lib64 2012-04-09 19:07:36.000000000 -0400 -+++ Python-2.7.3/setup.py 2013-02-19 13:58:20.449015129 -0500 -@@ -369,7 +369,7 @@ class PyBuildExt(build_ext): - +diff -up Python-2.7.6/setup.py.lib64 Python-2.7.6/setup.py +--- Python-2.7.6/setup.py.lib64 2013-11-10 08:36:41.000000000 +0100 ++++ Python-2.7.6/setup.py 2014-01-29 13:56:02.713716528 +0100 +@@ -438,7 +438,7 @@ class PyBuildExt(build_ext): def detect_modules(self): # Ensure that /usr/local is always used -- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib') -+ add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib64') - add_dir_to_list(self.compiler.include_dirs, '/usr/local/include') - self.add_gcc_paths() - self.add_multiarch_paths() -@@ -677,11 +677,11 @@ class PyBuildExt(build_ext): + if not cross_compiling: +- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib') ++ add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib64') + add_dir_to_list(self.compiler.include_dirs, '/usr/local/include') + if cross_compiling: + self.add_gcc_paths() +@@ -758,11 +758,11 @@ class PyBuildExt(build_ext): elif curses_library: readline_libs.append(curses_library) elif self.compiler.find_library_file(lib_dirs + @@ -183,7 +183,7 @@ diff -up Python-2.7.3/setup.py.lib64 Python-2.7.3/setup.py extra_link_args=readline_extra_link_args, libraries=readline_libs) ) else: -@@ -715,8 +715,8 @@ class PyBuildExt(build_ext): +@@ -797,8 +797,8 @@ class PyBuildExt(build_ext): if krb5_h: ssl_incs += krb5_h ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs, diff --git a/SOURCES/python-2.7.5-memory-leak-marshalc.patch b/SOURCES/python-2.7.5-memory-leak-marshalc.patch deleted file mode 100644 index 19fb175..0000000 --- a/SOURCES/python-2.7.5-memory-leak-marshalc.patch +++ /dev/null @@ -1,57 +0,0 @@ ---- Python-2.7.5/Python/marshal.c 2013-05-12 05:32:53.000000000 +0200 -+++ /home/rkuska/hg/cpython/Python/marshal.c 2013-07-18 10:33:26.392486235 +0200 -@@ -88,7 +88,7 @@ - } - - static void --w_string(char *s, Py_ssize_t n, WFILE *p) -+w_string(const char *s, Py_ssize_t n, WFILE *p) - { - if (p->fp != NULL) { - fwrite(s, 1, n, p->fp); -@@ -141,6 +141,13 @@ - # define W_SIZE w_long - #endif - -+static void -+w_pstring(const char *s, Py_ssize_t n, WFILE *p) -+{ -+ W_SIZE(n, p); -+ w_string(s, n, p); -+} -+ - /* We assume that Python longs are stored internally in base some power of - 2**15; for the sake of portability we'll always read and write them in base - exactly 2**15. */ -@@ -338,9 +345,7 @@ - else { - w_byte(TYPE_STRING, p); - } -- n = PyString_GET_SIZE(v); -- W_SIZE(n, p); -- w_string(PyString_AS_STRING(v), n, p); -+ w_pstring(PyBytes_AS_STRING(v), PyString_GET_SIZE(v), p); - } - #ifdef Py_USING_UNICODE - else if (PyUnicode_CheckExact(v)) { -@@ -352,9 +357,7 @@ - return; - } - w_byte(TYPE_UNICODE, p); -- n = PyString_GET_SIZE(utf8); -- W_SIZE(n, p); -- w_string(PyString_AS_STRING(utf8), n, p); -+ w_pstring(PyString_AS_STRING(utf8), PyString_GET_SIZE(utf8), p); - Py_DECREF(utf8); - } - #endif -@@ -441,8 +444,7 @@ - PyBufferProcs *pb = v->ob_type->tp_as_buffer; - w_byte(TYPE_STRING, p); - n = (*pb->bf_getreadbuffer)(v, 0, (void **)&s); -- W_SIZE(n, p); -- w_string(s, n, p); -+ w_pstring(s, n, p); - } - else { - w_byte(TYPE_UNKNOWN, p); diff --git a/SOURCES/xmlrpc_gzip_27_parameter.patch b/SOURCES/xmlrpc_gzip_27_parameter.patch new file mode 100644 index 0000000..a838c1f --- /dev/null +++ b/SOURCES/xmlrpc_gzip_27_parameter.patch @@ -0,0 +1,88 @@ + +# HG changeset patch +# User Benjamin Peterson +# Date 1417828515 18000 +# Node ID d50096708b2d701937e78f525446d729fc28db88 +# Parent 923aac88a3cc76a95d5a04d9d3ece245147a8064 +add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043) + +diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py +--- a/Lib/test/test_xmlrpc.py ++++ b/Lib/test/test_xmlrpc.py +@@ -737,7 +737,7 @@ class GzipServerTestCase(BaseServerTestC + with cm: + p.pow(6, 8) + +- def test_gsip_response(self): ++ def test_gzip_response(self): + t = self.Transport() + p = xmlrpclib.ServerProxy(URL, transport=t) + old = self.requestHandler.encode_threshold +@@ -750,6 +750,23 @@ class GzipServerTestCase(BaseServerTestC + self.requestHandler.encode_threshold = old + self.assertTrue(a>b) + ++ def test_gzip_decode_limit(self): ++ max_gzip_decode = 20 * 1024 * 1024 ++ data = '\0' * max_gzip_decode ++ encoded = xmlrpclib.gzip_encode(data) ++ decoded = xmlrpclib.gzip_decode(encoded) ++ self.assertEqual(len(decoded), max_gzip_decode) ++ ++ data = '\0' * (max_gzip_decode + 1) ++ encoded = xmlrpclib.gzip_encode(data) ++ ++ with self.assertRaisesRegexp(ValueError, ++ "max gzipped payload length exceeded"): ++ xmlrpclib.gzip_decode(encoded) ++ ++ xmlrpclib.gzip_decode(encoded, max_decode=-1) ++ ++ + #Test special attributes of the ServerProxy object + class ServerProxyTestCase(unittest.TestCase): + def setUp(self): +diff --git a/Lib/xmlrpclib.py b/Lib/xmlrpclib.py +--- a/Lib/xmlrpclib.py ++++ b/Lib/xmlrpclib.py +@@ -49,6 +49,7 @@ + # 2003-07-12 gp Correct marshalling of Faults + # 2003-10-31 mvl Add multicall support + # 2004-08-20 mvl Bump minimum supported Python version to 2.1 ++# 2014-12-02 ch/doko Add workaround for gzip bomb vulnerability + # + # Copyright (c) 1999-2002 by Secret Labs AB. + # Copyright (c) 1999-2002 by Fredrik Lundh. +@@ -1165,10 +1166,13 @@ def gzip_encode(data): + # in the HTTP header, as described in RFC 1952 + # + # @param data The encoded data ++# @keyparam max_decode Maximum bytes to decode (20MB default), use negative ++# values for unlimited decoding + # @return the unencoded data + # @raises ValueError if data is not correctly coded. ++# @raises ValueError if max gzipped payload length exceeded + +-def gzip_decode(data): ++def gzip_decode(data, max_decode=20971520): + """gzip encoded data -> unencoded data + + Decode data using the gzip content encoding as described in RFC 1952 +@@ -1178,11 +1182,16 @@ def gzip_decode(data): + f = StringIO.StringIO(data) + gzf = gzip.GzipFile(mode="rb", fileobj=f) + try: +- decoded = gzf.read() ++ if max_decode < 0: # no limit ++ decoded = gzf.read() ++ else: ++ decoded = gzf.read(max_decode + 1) + except IOError: + raise ValueError("invalid data") + f.close() + gzf.close() ++ if max_decode >= 0 and len(decoded) > max_decode: ++ raise ValueError("max gzipped payload length exceeded") + return decoded + + ## diff --git a/SPECS/python.spec b/SPECS/python.spec index bc45818..6cd9e8a 100644 --- a/SPECS/python.spec +++ b/SPECS/python.spec @@ -119,8 +119,8 @@ Summary: An interpreted, interactive, object-oriented programming language Name: %{?scl_prefix}%{python} # Remember to also rebase python-docs when changing this: -Version: 2.7.5 -Release: 12%{?dist} +Version: 2.7.8 +Release: 3%{?dist} License: Python Group: Development/Languages %{?scl:Requires: %{scl}-runtime} @@ -832,14 +832,13 @@ Patch180: 00180-python-add-support-for-ppc64p7.patch # Doesn't apply to Python 3, where this is fixed otherwise and works. Patch181: 00181-allow-arbitrary-timeout-in-condition-wait.patch -# Fix memory leak of variable utf8 in marshal.c -# (rhbz#985439) -Patch182: python-2.7.5-memory-leak-marshalc.patch +# 00182 # +# Upstream as of Python 2.7.7 +# Patch182: python-2.7.5-memory-leak-marshalc.patch # 00183 # -# Fix for CVE-2013-4238 -# rhbz#997768 -Patch183: 00183-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch +# Upstream as of Python 2.7.7 +# Patch183: 00183-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch # 00184 # # Fix for https://bugzilla.redhat.com/show_bug.cgi?id=979696 @@ -849,6 +848,63 @@ Patch183: 00183-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch # We patch this by also accepting "#define ffi_wrapper_h" Patch184: 00184-ctypes-should-build-with-libffi-multilib-wrapper.patch +# 00185 # +# Makes urllib2 honor "no_proxy" enviroment variable for "ftp:" URLs +# when ftp_proxy is set +Patch185: 00185-urllib2-honors-noproxy-for-ftp.patch + +# 00187 # +# Add an explicit RPATH to pyexpat.so pointing at the directory +# containing the system expat (which has the extra XML_SetHashSalt +# symbol), to avoid an ImportError with a link error if there's an +# LD_LIBRARY_PATH containing a "vanilla" build of expat (without the +# symbol) +Patch187: 00187-add-RPATH-to-pyexpat.patch + +# 00189 # +# Fixes gdb py-bt command not to raise exception while processing +# statements from eval +# rhbz#1008154 (patch by Attila Fazekas) +Patch189: 00189-gdb-py-bt-dont-raise-exception-from-eval.patch + +# 00190 # +# Upstream as of Python 2.7.8 +#Patch190: 00190-get_python_version.patch + +# 00191 # +# +# Disabling NOOP test as it fails without internet connection +Patch191: 00191-disable-NOOP.patch + +# 00192 # +# Upstream as of Python 2.7.8 +# Patch192: 00192-buffer-overflow.patch + +# 00194 # +# Upstream as of Python 2.7.8 +# Patch194: 00194-fix-tests-with-sqlite-3.8.4.patch + +# Since openssl-1.0.1h-5.fc21 SSLv2 and SSLV3 protocols +# are disabled by default in openssl, according the comment in openssl +# patch this affects only SSLv23_method, this patch enables SSLv2 +# and SSLv3 when SSLv23_method is used +# UPDATE: SSL3 was again enabled in openssl so I am disabling this patch +# UPDATE: If you will later try to re-enable it again please see rhbz#1156519 +# check if (self->ctx == NULL) is needed +# Patch195: 00195-enable-sslv23-in-ssl.patch + +# Fix for CVE-2013-1752 +# - multiple unbound readline() DoS flaws in python stdlib +# rhbz#1046174 +Patch196: CVE-2013-1752.patch + +# Fix for CVE-2013-1753 +# - XMLRPC library unrestricted decompression of HTTP responses using gzip +# enconding +# rhbz#1046170 +Patch197: xmlrpc_gzip_27_parameter.patch + + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora 17 onwards, @@ -948,6 +1004,7 @@ Summary: The libraries and header files needed for Python development Group: Development/Libraries Requires: %{?scl_prefix}%{python}%{?_isa} = %{version}-%{release} Requires: pkgconfig +Requires: scl-utils-build # Needed here because of the migration of Makefile from -devel to the main # package Conflicts: %{?scl_prefix}%{python} < %{version}-%{release} @@ -1193,9 +1250,17 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c # 00179: not for python 2 %patch180 -p1 %patch181 -p1 -%patch182 -p1 -%patch183 -p1 +# 00182: upstream as of Python 2.7.7 +# 00183: upstream as of Python 2.7.7 +# 00184: upstream as of Python 2.7.7 %patch184 -p1 +%patch185 -p1 +%patch187 -p1 +%patch189 -p1 +%patch191 -p1 +%patch196 -p1 +%patch197 -p1 + # This shouldn't be necesarry, but is right now (2.2a3) find -name "*~" |xargs rm -f @@ -1674,6 +1739,7 @@ export -f CheckPython %if 0%{run_selftest_suite} %{?scl:scl enable %scl - << \EOF} +set -e # Check each of the configurations: %if 0%{?with_debug_build} CheckPython \ @@ -2056,6 +2122,21 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Tue May 19 2015 Matej Stuchlik - 2.7.8-3 +- Add httplib fix for CVE-2013-1752 +Resolves: rhbz#1187779 + +* Wed Feb 04 2015 Matej Stuchlik - 2.7.8-2 +- Fix %check setion not failing properly on failed test +- Fixed CVE-2013-1752, CVE-2013-1753 +Resolves: rhbz#1187779 + +* Thu Jan 08 2015 Slavek Kabrda - 2.7.8-1 +- Update to 2.7.8. +Resolves: rhbz#1167912 +- Make python-devel depend on scl-utils-build. +Resolves: rhbz#1170993 + * Thu Mar 20 2014 Robert Kuska - 2.7.5-12 - Add scl prefix to libpython.stp file Resolves: rhbz#1077272