From b54164a334410fa404f0c5b2703dfcaeb09fba06 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 22 2019 11:43:54 +0000 Subject: import python27-python-2.7.16-4.el7 --- diff --git a/.gitignore b/.gitignore index 5ff5abd..627a8a1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/Python-2.7.13.tar.xz +SOURCES/Python-2.7.16.tar.xz diff --git a/.python27-python.metadata b/.python27-python.metadata index 9fe5e72..9cde9f3 100644 --- a/.python27-python.metadata +++ b/.python27-python.metadata @@ -1 +1 @@ -18a8f30a0356c751b8d0ea6f76e764cab13ee046 SOURCES/Python-2.7.13.tar.xz +e9543af127d958b12b0edfb9340d4f0af3d0d90e SOURCES/Python-2.7.16.tar.xz diff --git a/SOURCES/00055-systemtap.patch b/SOURCES/00055-systemtap.patch index 63bc3f8..bc9403d 100644 --- a/SOURCES/00055-systemtap.patch +++ b/SOURCES/00055-systemtap.patch @@ -1,48 +1,8 @@ -diff -up Python-2.7rc1/configure.ac.systemtap Python-2.7rc1/configure.ac ---- Python-2.7rc1/configure.ac.systemtap 2010-06-06 10:53:15.514975012 -0400 -+++ Python-2.7rc1/configure.ac 2010-06-06 10:53:15.520974361 -0400 -@@ -2616,6 +2616,38 @@ if test "$with_valgrind" != no; then - ) - fi - -+# Check for dtrace support -+AC_MSG_CHECKING(for --with-dtrace) -+AC_ARG_WITH(dtrace, -+ AC_HELP_STRING(--with(out)-dtrace, disable/enable dtrace support)) -+ -+if test ! -z "$with_dtrace" -+then -+ if dtrace -G -o /dev/null -s $srcdir/Include/pydtrace.d 2>/dev/null -+ then -+ AC_DEFINE(WITH_DTRACE, 1, -+ [Define if you want to compile in Dtrace support]) -+ with_dtrace="Sun" -+ DTRACEOBJS="Python/dtrace.o" -+ DTRADEHDRS="" -+ elif dtrace -h -o /dev/null -s $srcdir/Include/pydtrace.d -+ then -+ AC_DEFINE(WITH_DTRACE, 1, -+ [Define if you want to compile in Dtrace support]) -+ with_dtrace="Apple" -+ DTRACEOBJS="" -+ DTRADEHDRS="pydtrace.h" -+ else -+ with_dtrace="no" -+ fi -+else -+ with_dtrace="no" -+fi -+ -+AC_MSG_RESULT($with_dtrace) -+AC_SUBST(DTRACEOBJS) -+AC_SUBST(DTRACEHDRS) -+ - # Check for --with-wctype-functions - AC_MSG_CHECKING(for --with-wctype-functions) - AC_ARG_WITH(wctype-functions, -diff -up Python-2.7rc1/Include/pydtrace.d.systemtap Python-2.7rc1/Include/pydtrace.d ---- Python-2.7rc1/Include/pydtrace.d.systemtap 2010-06-06 10:53:15.520974361 -0400 -+++ Python-2.7rc1/Include/pydtrace.d 2010-06-06 10:53:15.520974361 -0400 +diff --git a/Include/pydtrace.d b/Include/pydtrace.d +new file mode 100644 +index 0000000..3aedc4c +--- /dev/null ++++ b/Include/pydtrace.d @@ -0,0 +1,10 @@ +provider python { + probe function__entry(const char *, const char *, int); @@ -54,10 +14,11 @@ diff -up Python-2.7rc1/Include/pydtrace.d.systemtap Python-2.7rc1/Include/pydtra +#pragma D attributes Private/Private/Common provider python function +#pragma D attributes Evolving/Evolving/Common provider python name +#pragma D attributes Evolving/Evolving/Common provider python args -diff -up Python-2.7rc1/Makefile.pre.in.systemtap Python-2.7rc1/Makefile.pre.in ---- Python-2.7rc1/Makefile.pre.in.systemtap 2010-06-06 10:53:15.488978775 -0400 -+++ Python-2.7rc1/Makefile.pre.in 2010-06-06 11:05:30.411100568 -0400 -@@ -298,6 +298,7 @@ PYTHON_OBJS= \ +diff --git a/Makefile.pre.in b/Makefile.pre.in +index 314c89b..6d8ebbf 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -337,6 +337,7 @@ PYTHON_OBJS= \ Python/formatter_unicode.o \ Python/formatter_string.o \ Python/$(DYNLOADFILE) \ @@ -65,7 +26,7 @@ diff -up Python-2.7rc1/Makefile.pre.in.systemtap Python-2.7rc1/Makefile.pre.in $(LIBOBJS) \ $(MACHDEP_OBJS) \ $(THREADOBJ) -@@ -599,6 +600,18 @@ Python/formatter_unicode.o: $(srcdir)/Py +@@ -748,6 +749,18 @@ Python/formatter_unicode.o: $(srcdir)/Python/formatter_unicode.c \ Python/formatter_string.o: $(srcdir)/Python/formatter_string.c \ $(STRINGLIB_HEADERS) @@ -84,31 +45,19 @@ diff -up Python-2.7rc1/Makefile.pre.in.systemtap Python-2.7rc1/Makefile.pre.in ############################################################################ # Header files -@@ -1251,7 +1264,7 @@ Python/thread.o: @THREADHEADERS@ +@@ -1486,7 +1499,7 @@ Python/thread.o: @THREADHEADERS@ .PHONY: frameworkinstall frameworkinstallframework frameworkinstallstructure .PHONY: frameworkinstallmaclib frameworkinstallapps frameworkinstallunixtools - .PHONY: frameworkaltinstallunixtools recheck autoconf clean clobber distclean --.PHONY: smelly funny patchcheck touch altmaninstall commoninstall -+.PHONY: smelly funny patchcheck touch altmaninstall commoninstall buildinclude + .PHONY: frameworkaltinstallunixtools recheck clean clobber distclean +-.PHONY: smelly funny patchcheck altmaninstall commoninstall ++.PHONY: smelly funny patchcheck altmaninstall commoninstall buildinclude .PHONY: gdbhooks # IF YOU PUT ANYTHING HERE IT WILL GO AWAY -diff -up Python-2.7rc1/pyconfig.h.in.systemtap Python-2.7rc1/pyconfig.h.in ---- Python-2.7rc1/pyconfig.h.in.systemtap 2010-05-08 07:04:18.000000000 -0400 -+++ Python-2.7rc1/pyconfig.h.in 2010-06-06 10:53:15.521974070 -0400 -@@ -1074,6 +1074,9 @@ - /* Define if you want documentation strings in extension modules */ - #undef WITH_DOC_STRINGS - -+/* Define if you want to compile in Dtrace support */ -+#undef WITH_DTRACE -+ - /* Define if you want to use the new-style (Openstep, Rhapsody, MacOS) dynamic - linker (dyld) instead of the old-style (NextStep) dynamic linker (rld). - Dyld is necessary to support frameworks. */ -diff -up Python-2.7rc1/Python/ceval.c.systemtap Python-2.7rc1/Python/ceval.c ---- Python-2.7rc1/Python/ceval.c.systemtap 2010-05-09 10:46:46.000000000 -0400 -+++ Python-2.7rc1/Python/ceval.c 2010-06-06 11:08:40.683100500 -0400 +diff --git a/Python/ceval.c b/Python/ceval.c +index 9a8301a..8049333 100644 +--- a/Python/ceval.c ++++ b/Python/ceval.c @@ -19,6 +19,10 @@ #include @@ -120,7 +69,7 @@ diff -up Python-2.7rc1/Python/ceval.c.systemtap Python-2.7rc1/Python/ceval.c #ifndef WITH_TSC #define READ_TIMESTAMP(var) -@@ -671,6 +675,55 @@ PyEval_EvalCode(PyCodeObject *co, PyObje +@@ -692,6 +696,55 @@ PyEval_EvalCode(PyCodeObject *co, PyObject *globals, PyObject *locals) NULL); } @@ -176,7 +125,7 @@ diff -up Python-2.7rc1/Python/ceval.c.systemtap Python-2.7rc1/Python/ceval.c /* Interpreter main loop */ -@@ -909,6 +962,9 @@ PyEval_EvalFrameEx(PyFrameObject *f, int +@@ -1039,6 +1092,9 @@ PyEval_EvalFrameEx(PyFrameObject *f, int throwflag) } } @@ -186,7 +135,7 @@ diff -up Python-2.7rc1/Python/ceval.c.systemtap Python-2.7rc1/Python/ceval.c co = f->f_code; names = co->co_names; consts = co->co_consts; -@@ -3000,6 +3056,9 @@ fast_yield: +@@ -3375,6 +3431,9 @@ fast_yield: /* pop frame */ exit_eval_frame: @@ -196,3 +145,60 @@ diff -up Python-2.7rc1/Python/ceval.c.systemtap Python-2.7rc1/Python/ceval.c Py_LeaveRecursiveCall(); tstate->frame = f->f_back; +diff --git a/configure.ac b/configure.ac +index 4ca84e3..579dfd3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3070,6 +3070,38 @@ if test "$with_valgrind" != no; then + ) + fi + ++# Check for dtrace support ++AC_MSG_CHECKING(for --with-dtrace) ++AC_ARG_WITH(dtrace, ++ AC_HELP_STRING(--with(out)-dtrace, disable/enable dtrace support)) ++ ++if test ! -z "$with_dtrace" ++then ++ if dtrace -G -o /dev/null -s $srcdir/Include/pydtrace.d 2>/dev/null ++ then ++ AC_DEFINE(WITH_DTRACE, 1, ++ [Define if you want to compile in Dtrace support]) ++ with_dtrace="Sun" ++ DTRACEOBJS="Python/dtrace.o" ++ DTRADEHDRS="" ++ elif dtrace -h -o /dev/null -s $srcdir/Include/pydtrace.d ++ then ++ AC_DEFINE(WITH_DTRACE, 1, ++ [Define if you want to compile in Dtrace support]) ++ with_dtrace="Apple" ++ DTRACEOBJS="" ++ DTRADEHDRS="pydtrace.h" ++ else ++ with_dtrace="no" ++ fi ++else ++ with_dtrace="no" ++fi ++ ++AC_MSG_RESULT($with_dtrace) ++AC_SUBST(DTRACEOBJS) ++AC_SUBST(DTRACEHDRS) ++ + # Check for --with-wctype-functions + AC_MSG_CHECKING(for --with-wctype-functions) + AC_ARG_WITH(wctype-functions, +diff --git a/pyconfig.h.in b/pyconfig.h.in +index 75d70e2..ea28a6a 100644 +--- a/pyconfig.h.in ++++ b/pyconfig.h.in +@@ -1148,6 +1148,9 @@ + /* Define if you want documentation strings in extension modules */ + #undef WITH_DOC_STRINGS + ++/* Define if you want to compile in Dtrace support */ ++#undef WITH_DTRACE ++ + /* Define if you want to use the new-style (Openstep, Rhapsody, MacOS) dynamic + linker (dyld) instead of the old-style (NextStep) dynamic linker (rld). + Dyld is necessary to support frameworks. */ diff --git a/SOURCES/00125-less-verbose-COUNT_ALLOCS.patch b/SOURCES/00125-less-verbose-COUNT_ALLOCS.patch deleted file mode 100644 index 8cef015..0000000 --- a/SOURCES/00125-less-verbose-COUNT_ALLOCS.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -up Python-2.7/Python/pythonrun.c.less-verbose-COUNT_ALLOCS Python-2.7/Python/pythonrun.c ---- Python-2.7/Python/pythonrun.c.less-verbose-COUNT_ALLOCS 2010-08-17 14:49:33.321913909 -0400 -+++ Python-2.7/Python/pythonrun.c 2010-08-17 14:54:48.750910403 -0400 -@@ -470,7 +470,15 @@ Py_Finalize(void) - - /* Debugging stuff */ - #ifdef COUNT_ALLOCS -- dump_counts(stdout); -+ /* This is a downstream Fedora modification. -+ The upstream default with COUNT_ALLOCS is to always dump the counts to -+ stdout on exit. For our debug builds its useful to have the info from -+ COUNT_ALLOCS available, but the stdout info here gets in the way, so -+ we make it optional, wrapping it in an environment variable (modelled -+ on the other PYTHONDUMP* env variables): -+ */ -+ if (Py_GETENV("PYTHONDUMPCOUNTS")) -+ dump_counts(stdout); - #endif - - PRINT_TOTAL_REFS(); diff --git a/SOURCES/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch b/SOURCES/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch deleted file mode 100644 index 71e7f68..0000000 --- a/SOURCES/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/Lib/test/test_sys.py b/Lib/test/test_sys.py -index 0dd4258..d9b3267 100644 ---- a/Lib/test/test_sys.py -+++ b/Lib/test/test_sys.py -@@ -769,6 +769,11 @@ class SizeofTest(unittest.TestCase): - '10P' # PySequenceMethods - '6P' # PyBufferProcs - '2P') -+ -+ # COUNT_ALLOCS adds further fields to the end of a PyTypeObject: -+ if hasattr(sys, 'getcounts'): -+ s += size('P') -+ - class newstyleclass(object): - pass - check(newstyleclass, s) diff --git a/SOURCES/00135-skip-test-within-test_weakref-in-debug-build.patch b/SOURCES/00135-skip-test-within-test_weakref-in-debug-build.patch index e464aa9..8349f81 100644 --- a/SOURCES/00135-skip-test-within-test_weakref-in-debug-build.patch +++ b/SOURCES/00135-skip-test-within-test_weakref-in-debug-build.patch @@ -1,7 +1,8 @@ -diff -up Python-2.7.2/Lib/test/test_weakref.py.skip-test-within-test_weakref-in-debug-build Python-2.7.2/Lib/test/test_weakref.py ---- Python-2.7.2/Lib/test/test_weakref.py.skip-test-within-test_weakref-in-debug-build 2011-09-08 17:55:09.675392260 -0400 -+++ Python-2.7.2/Lib/test/test_weakref.py 2011-09-08 17:59:08.857375903 -0400 -@@ -550,6 +550,14 @@ class ReferencesTestCase(TestBase): +diff --git a/Lib/test/test_weakref.py b/Lib/test/test_weakref.py +index 418481d..c2f8f19 100644 +--- a/Lib/test/test_weakref.py ++++ b/Lib/test/test_weakref.py +@@ -601,6 +601,14 @@ class ReferencesTestCase(TestBase): del c1, c2, C, D gc.collect() @@ -13,6 +14,6 @@ diff -up Python-2.7.2/Lib/test/test_weakref.py.skip-test-within-test_weakref-in- + # - [] + # + ['C went away'] + @unittest.skipIf(hasattr(sys, 'getobjects'), 'debug build') + @test_support.requires_type_collecting def test_callback_in_cycle_resurrection(self): import gc - diff --git a/SOURCES/00141-fix-test_gc_with_COUNT_ALLOCS.patch b/SOURCES/00141-fix-test_gc_with_COUNT_ALLOCS.patch deleted file mode 100644 index d5bf3c9..0000000 --- a/SOURCES/00141-fix-test_gc_with_COUNT_ALLOCS.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up Python-2.7.2/Lib/test/test_gc.py.fix-test_gc_with_COUNT_ALLOCS Python-2.7.2/Lib/test/test_gc.py ---- Python-2.7.2/Lib/test/test_gc.py.fix-test_gc_with_COUNT_ALLOCS 2011-09-08 19:49:13.045924309 -0400 -+++ Python-2.7.2/Lib/test/test_gc.py 2011-09-08 19:50:07.035920617 -0400 -@@ -102,11 +102,17 @@ class GCTests(unittest.TestCase): - del a - self.assertNotEqual(gc.collect(), 0) - del B, C -- self.assertNotEqual(gc.collect(), 0) -+ if hasattr(sys, 'getcounts'): -+ self.assertEqual(gc.collect(), 0) -+ else: -+ self.assertNotEqual(gc.collect(), 0) - A.a = A() - del A -- self.assertNotEqual(gc.collect(), 0) -- self.assertEqual(gc.collect(), 0) -+ if hasattr(sys, 'getcounts'): -+ self.assertEqual(gc.collect(), 0) -+ else: -+ self.assertNotEqual(gc.collect(), 0) -+ self.assertEqual(gc.collect(), 0) - - def test_method(self): - # Tricky: self.__init__ is a bound method, it references the instance. diff --git a/SOURCES/00146-hashlib-fips.patch b/SOURCES/00146-hashlib-fips.patch index 0510636..088ce1d 100644 --- a/SOURCES/00146-hashlib-fips.patch +++ b/SOURCES/00146-hashlib-fips.patch @@ -1,16 +1,3 @@ -From 26f7f9f07c549b2f7c0bc6eb9f52c554c2cd941f Mon Sep 17 00:00:00 2001 -From: Tomas Orsava -Date: Tue, 10 Jan 2017 17:12:52 +0100 -Subject: [PATCH] Support OpenSSL FIPS mode - ---- - Lib/hashlib.py | 86 +++++++----------- - Lib/test/test_hashlib.py | 132 ++++++++++++++++++--------- - Modules/Setup.dist | 8 +- - Modules/_hashopenssl.c | 228 +++++++++++++++++++++++++++++++++++++---------- - setup.py | 15 ---- - 5 files changed, 305 insertions(+), 164 deletions(-) - diff --git a/Lib/hashlib.py b/Lib/hashlib.py index bbd06b9..72361bb 100644 --- a/Lib/hashlib.py @@ -148,7 +135,7 @@ index bbd06b9..72361bb 100644 -del __py_new, __hash_new, __get_openssl_constructor +del __hash_new, __get_openssl_constructor diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py -index 471ebb4..410a4ef 100644 +index b8d6388..e0520ed 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -34,6 +34,19 @@ def hexstr(s): @@ -356,7 +343,7 @@ index 471ebb4..410a4ef 100644 pbkdf2_test_vectors = [ (b'password', b'salt', 1, None), diff --git a/Modules/Setup.dist b/Modules/Setup.dist -index 138fb33..051fd41 100644 +index c9c2226..38758c5 100644 --- a/Modules/Setup.dist +++ b/Modules/Setup.dist @@ -252,14 +252,14 @@ imageop imageop.c # Operations on images @@ -379,7 +366,7 @@ index 138fb33..051fd41 100644 # SGI IRIX specific modules -- off by default. diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index 75b3a3d..851b9cc 100644 +index de69f6f..b2c2956 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -36,6 +36,7 @@ @@ -703,25 +690,17 @@ index 75b3a3d..851b9cc 100644 GEN_CONSTRUCTOR(md5) GEN_CONSTRUCTOR(sha1) #ifdef _OPENSSL_SUPPORTS_SHA2 -@@ -899,14 +1032,11 @@ init_hashlib(void) - { - PyObject *m, *openssl_md_meth_names; +@@ -901,6 +1034,8 @@ init_hashlib(void) + #ifndef OPENSSL_VERSION_1_1 + /* Load all digest algorithms and initialize cpuid */ + SSL_load_error_strings(); + SSL_library_init(); - OpenSSL_add_all_digests(); + OPENSSL_add_all_algorithms_noconf(); ERR_load_crypto_strings(); - -- /* TODO build EVP_functions openssl_* entries dynamically based -- * on what hashes are supported rather than listing many -- * but having some be unsupported. Only init appropriate -- * constants. */ -- - Py_TYPE(&EVPtype) = &PyType_Type; - if (PyType_Ready(&EVPtype) < 0) - return; + #endif diff --git a/setup.py b/setup.py -index 9fe7634..63ed760 100644 +index e728e17..b210cd7 100644 --- a/setup.py +++ b/setup.py @@ -874,21 +874,6 @@ class PyBuildExt(build_ext): @@ -746,6 +725,3 @@ index 9fe7634..63ed760 100644 # Modules that provide persistent dictionary-like semantics. You will # probably want to arrange for at least one of them to be available on --- -2.11.0 - diff --git a/SOURCES/00153-fix-test_gdb-noise.patch b/SOURCES/00153-fix-test_gdb-noise.patch index a1b26d0..b32f47a 100644 --- a/SOURCES/00153-fix-test_gdb-noise.patch +++ b/SOURCES/00153-fix-test_gdb-noise.patch @@ -1,13 +1,15 @@ ---- Lib/test/test_gdb.py.old 2012-04-11 21:04:01.367073855 -0400 -+++ Lib/test/test_gdb.py 2012-04-12 08:52:58.320288761 -0400 -@@ -144,6 +153,10 @@ - 'Missing separate debuginfo for ', - 'Try: zypper install -C ', +diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py +index dec290b..b3541f0 100644 +--- a/Lib/test/test_gdb.py ++++ b/Lib/test/test_gdb.py +@@ -260,6 +260,10 @@ class DebuggerTests(unittest.TestCase): + # ignore all warnings + 'warning: ', ) + ignore_patterns += ('warning: Unable to open', + 'Missing separate debuginfo for', + 'Try: yum --disablerepo=', + 'Undefined set print command') for line in errlines: - if not line.startswith(ignore_patterns): - unexpected_errlines.append(line) + if not line: + continue diff --git a/SOURCES/00165-crypt-module-salt-backport.patch b/SOURCES/00165-crypt-module-salt-backport.patch index 4308b4c..fef7c85 100644 --- a/SOURCES/00165-crypt-module-salt-backport.patch +++ b/SOURCES/00165-crypt-module-salt-backport.patch @@ -1,6 +1,7 @@ -diff -up Python-2.7.3/Doc/library/crypt.rst.crypt-module-salt-backport Python-2.7.3/Doc/library/crypt.rst ---- Python-2.7.3/Doc/library/crypt.rst.crypt-module-salt-backport 2012-04-09 19:07:28.000000000 -0400 -+++ Python-2.7.3/Doc/library/crypt.rst 2013-02-19 16:44:20.465334062 -0500 +diff --git a/Doc/library/crypt.rst b/Doc/library/crypt.rst +index 91464ef..6ee64d6 100644 +--- a/Doc/library/crypt.rst ++++ b/Doc/library/crypt.rst @@ -16,9 +16,9 @@ This module implements an interface to the :manpage:`crypt(3)` routine, which is @@ -14,7 +15,7 @@ diff -up Python-2.7.3/Doc/library/crypt.rst.crypt-module-salt-backport Python-2. .. index:: single: crypt(3) -@@ -27,15 +27,81 @@ the :manpage:`crypt(3)` routine in the r +@@ -27,15 +27,81 @@ the :manpage:`crypt(3)` routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module. @@ -130,7 +131,7 @@ diff -up Python-2.7.3/Doc/library/crypt.rst.crypt-module-salt-backport Python-2. A simple example illustrating typical use:: import crypt, getpass, pwd -@@ -59,3 +146,11 @@ A simple example illustrating typical us +@@ -59,3 +146,11 @@ A simple example illustrating typical use:: else: return 1 @@ -142,9 +143,11 @@ diff -up Python-2.7.3/Doc/library/crypt.rst.crypt-module-salt-backport Python-2. + hashed = crypt.crypt(plaintext) + if hashed != crypt.crypt(plaintext, hashed): + raise "Hashed version doesn't validate against original" -diff -up Python-2.7.3/Lib/crypt.py.crypt-module-salt-backport Python-2.7.3/Lib/crypt.py ---- Python-2.7.3/Lib/crypt.py.crypt-module-salt-backport 2013-02-19 16:44:20.465334062 -0500 -+++ Python-2.7.3/Lib/crypt.py 2013-02-19 16:49:56.425311089 -0500 +diff --git a/Lib/crypt.py b/Lib/crypt.py +new file mode 100644 +index 0000000..bf0a416 +--- /dev/null ++++ b/Lib/crypt.py @@ -0,0 +1,71 @@ +"""Wrapper to the POSIX crypt library call and associated functionality. + @@ -217,12 +220,13 @@ diff -up Python-2.7.3/Lib/crypt.py.crypt-module-salt-backport Python-2.7.3/Lib/c +methods.append(METHOD_CRYPT) +del _result, _method + -diff -up Python-2.7.3/Lib/test/test_crypt.py.crypt-module-salt-backport Python-2.7.3/Lib/test/test_crypt.py ---- Python-2.7.3/Lib/test/test_crypt.py.crypt-module-salt-backport 2012-04-09 19:07:31.000000000 -0400 -+++ Python-2.7.3/Lib/test/test_crypt.py 2013-02-19 16:44:20.465334062 -0500 -@@ -10,6 +10,25 @@ class CryptTestCase(unittest.TestCase): - if test_support.verbose: - print 'Test encryption: ', c +diff --git a/Lib/test/test_crypt.py b/Lib/test/test_crypt.py +index 7cd9c71..7ef234c 100644 +--- a/Lib/test/test_crypt.py ++++ b/Lib/test/test_crypt.py +@@ -15,6 +15,25 @@ class CryptTestCase(unittest.TestCase): + cr2 = crypt.crypt('mypassword', cr) + self.assertEqual(cr2, cr) + def test_salt(self): + self.assertEqual(len(crypt._saltchars), 64) @@ -243,12 +247,26 @@ diff -up Python-2.7.3/Lib/test/test_crypt.py.crypt-module-salt-backport Python-2 + self.assertTrue(len(crypt.methods) >= 1) + self.assertEqual(crypt.METHOD_CRYPT, crypt.methods[-1]) + + def test_main(): test_support.run_unittest(CryptTestCase) +diff --git a/Modules/Setup.dist b/Modules/Setup.dist +index 38758c5..00e5f18 100644 +--- a/Modules/Setup.dist ++++ b/Modules/Setup.dist +@@ -225,7 +225,7 @@ _ssl _ssl.c \ + # + # First, look at Setup.config; configure may have set this for you. + +-crypt cryptmodule.c # -lcrypt # crypt(3); needs -lcrypt on some systems ++_crypt _cryptmodule.c -lcrypt # crypt(3); needs -lcrypt on some systems -diff -up Python-2.7.3/Modules/cryptmodule.c.crypt-module-salt-backport Python-2.7.3/Modules/cryptmodule.c ---- Python-2.7.3/Modules/cryptmodule.c.crypt-module-salt-backport 2012-04-09 19:07:34.000000000 -0400 -+++ Python-2.7.3/Modules/cryptmodule.c 2013-02-19 16:44:20.466334063 -0500 + + # Some more UNIX dependent modules -- off by default, since these +diff --git a/Modules/cryptmodule.c b/Modules/cryptmodule.c +index 76de54f..7c69ca6 100644 +--- a/Modules/cryptmodule.c ++++ b/Modules/cryptmodule.c @@ -43,7 +43,7 @@ static PyMethodDef crypt_methods[] = { }; @@ -259,22 +277,11 @@ diff -up Python-2.7.3/Modules/cryptmodule.c.crypt-module-salt-backport Python-2. - Py_InitModule("crypt", crypt_methods); + Py_InitModule("_crypt", crypt_methods); } -diff -up Python-2.7.3/Modules/Setup.dist.crypt-module-salt-backport Python-2.7.3/Modules/Setup.dist ---- Python-2.7.3/Modules/Setup.dist.crypt-module-salt-backport 2013-02-19 16:44:20.463334063 -0500 -+++ Python-2.7.3/Modules/Setup.dist 2013-02-19 16:44:20.466334063 -0500 -@@ -221,7 +221,7 @@ _ssl _ssl.c \ - # - # First, look at Setup.config; configure may have set this for you. - --crypt cryptmodule.c # -lcrypt # crypt(3); needs -lcrypt on some systems -+_crypt _cryptmodule.c -lcrypt # crypt(3); needs -lcrypt on some systems - - - # Some more UNIX dependent modules -- off by default, since these -diff -up Python-2.7.3/setup.py.crypt-module-salt-backport Python-2.7.3/setup.py ---- Python-2.7.3/setup.py.crypt-module-salt-backport 2013-02-19 16:44:20.425334067 -0500 -+++ Python-2.7.3/setup.py 2013-02-19 16:44:20.466334063 -0500 -@@ -693,7 +693,7 @@ class PyBuildExt(build_ext): +diff --git a/setup.py b/setup.py +index b210cd7..fa284aa 100644 +--- a/setup.py ++++ b/setup.py +@@ -798,7 +798,7 @@ class PyBuildExt(build_ext): libs = ['crypt'] else: libs = [] diff --git a/SOURCES/00170-gc-assertions.patch b/SOURCES/00170-gc-assertions.patch index f3a0838..366c752 100644 --- a/SOURCES/00170-gc-assertions.patch +++ b/SOURCES/00170-gc-assertions.patch @@ -1,16 +1,18 @@ -diff -up Python-2.7.3/Lib/test/test_gc.py.gc-assertions Python-2.7.3/Lib/test/test_gc.py ---- Python-2.7.3/Lib/test/test_gc.py.gc-assertions 2013-02-20 16:28:20.890536607 -0500 -+++ Python-2.7.3/Lib/test/test_gc.py 2013-02-20 16:39:52.720489297 -0500 -@@ -1,6 +1,7 @@ +diff --git a/Lib/test/test_gc.py b/Lib/test/test_gc.py +index 4215ec4..38ea6d1 100644 +--- a/Lib/test/test_gc.py ++++ b/Lib/test/test_gc.py +@@ -1,7 +1,8 @@ import unittest --from test.test_support import verbose, run_unittest, start_threads -+from test.test_support import verbose, run_unittest, start_threads, import_module + from test.support import (verbose, run_unittest, start_threads, +- requires_type_collecting) ++ import_module, requires_type_collecting) import sys +import sysconfig import time import gc import weakref -@@ -32,6 +33,8 @@ class GC_Detector(object): +@@ -39,6 +40,8 @@ class GC_Detector(object): self.wr = weakref.ref(C1055820(666), it_happened) @@ -19,7 +21,7 @@ diff -up Python-2.7.3/Lib/test/test_gc.py.gc-assertions Python-2.7.3/Lib/test/te ### Tests ############################################################################### -@@ -476,6 +479,49 @@ class GCTests(unittest.TestCase): +@@ -543,6 +546,49 @@ class GCTests(unittest.TestCase): # would be damaged, with an empty __dict__. self.assertEqual(x, None) @@ -27,7 +29,7 @@ diff -up Python-2.7.3/Lib/test/test_gc.py.gc-assertions Python-2.7.3/Lib/test/te + 'built with -NDEBUG') + def test_refcount_errors(self): + # Verify the "handling" of objects with broken refcounts -+ ++ + import_module("ctypes") #skip if not supported + + import subprocess @@ -69,9 +71,10 @@ diff -up Python-2.7.3/Lib/test/test_gc.py.gc-assertions Python-2.7.3/Lib/test/te class GCTogglingTests(unittest.TestCase): def setUp(self): gc.enable() -diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmodule.c ---- Python-2.7.3/Modules/gcmodule.c.gc-assertions 2012-04-09 19:07:34.000000000 -0400 -+++ Python-2.7.3/Modules/gcmodule.c 2013-02-20 16:28:21.029536600 -0500 +diff --git a/Modules/gcmodule.c b/Modules/gcmodule.c +index 700c1a3..e2df829 100644 +--- a/Modules/gcmodule.c ++++ b/Modules/gcmodule.c @@ -21,6 +21,73 @@ #include "Python.h" #include "frameobject.h" /* for PyFrame_ClearFreeList */ @@ -146,7 +149,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo /* Get an object's GC head */ #define AS_GC(o) ((PyGC_Head *)(o)-1) -@@ -288,7 +355,8 @@ update_refs(PyGC_Head *containers) +@@ -328,7 +395,8 @@ update_refs(PyGC_Head *containers) { PyGC_Head *gc = containers->gc.gc_next; for (; gc != containers; gc = gc->gc.gc_next) { @@ -156,7 +159,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo gc->gc.gc_refs = Py_REFCNT(FROM_GC(gc)); /* Python's cyclic gc should never see an incoming refcount * of 0: if something decref'ed to 0, it should have been -@@ -308,7 +376,8 @@ update_refs(PyGC_Head *containers) +@@ -348,7 +416,8 @@ update_refs(PyGC_Head *containers) * so serious that maybe this should be a release-build * check instead of an assert? */ @@ -166,7 +169,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo } } -@@ -323,7 +392,9 @@ visit_decref(PyObject *op, void *data) +@@ -363,7 +432,9 @@ visit_decref(PyObject *op, void *data) * generation being collected, which can be recognized * because only they have positive gc_refs. */ @@ -177,7 +180,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo if (gc->gc.gc_refs > 0) gc->gc.gc_refs--; } -@@ -383,9 +454,10 @@ visit_reachable(PyObject *op, PyGC_Head +@@ -423,9 +494,10 @@ visit_reachable(PyObject *op, PyGC_Head *reachable) * If gc_refs == GC_UNTRACKED, it must be ignored. */ else { @@ -191,7 +194,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo } } return 0; -@@ -427,7 +499,7 @@ move_unreachable(PyGC_Head *young, PyGC_ +@@ -467,7 +539,7 @@ move_unreachable(PyGC_Head *young, PyGC_Head *unreachable) */ PyObject *op = FROM_GC(gc); traverseproc traverse = Py_TYPE(op)->tp_traverse; @@ -200,7 +203,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo gc->gc.gc_refs = GC_REACHABLE; (void) traverse(op, (visitproc)visit_reachable, -@@ -494,7 +566,8 @@ move_finalizers(PyGC_Head *unreachable, +@@ -545,7 +617,8 @@ move_finalizers(PyGC_Head *unreachable, PyGC_Head *finalizers) for (gc = unreachable->gc.gc_next; gc != unreachable; gc = next) { PyObject *op = FROM_GC(gc); @@ -210,7 +213,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo next = gc->gc.gc_next; if (has_finalizer(op)) { -@@ -570,7 +643,7 @@ handle_weakrefs(PyGC_Head *unreachable, +@@ -621,7 +694,7 @@ handle_weakrefs(PyGC_Head *unreachable, PyGC_Head *old) PyWeakReference **wrlist; op = FROM_GC(gc); @@ -219,7 +222,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo next = gc->gc.gc_next; if (! PyType_SUPPORTS_WEAKREFS(Py_TYPE(op))) -@@ -591,9 +664,9 @@ handle_weakrefs(PyGC_Head *unreachable, +@@ -642,9 +715,9 @@ handle_weakrefs(PyGC_Head *unreachable, PyGC_Head *old) * the callback pointer intact. Obscure: it also * changes *wrlist. */ @@ -231,7 +234,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo if (wr->wr_callback == NULL) continue; /* no callback */ -@@ -627,7 +700,7 @@ handle_weakrefs(PyGC_Head *unreachable, +@@ -678,7 +751,7 @@ handle_weakrefs(PyGC_Head *unreachable, PyGC_Head *old) */ if (IS_TENTATIVELY_UNREACHABLE(wr)) continue; @@ -240,7 +243,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo /* Create a new reference so that wr can't go away * before we can process it again. -@@ -636,7 +709,8 @@ handle_weakrefs(PyGC_Head *unreachable, +@@ -687,7 +760,8 @@ handle_weakrefs(PyGC_Head *unreachable, PyGC_Head *old) /* Move wr to wrcb_to_call, for the next pass. */ wrasgc = AS_GC(wr); @@ -250,7 +253,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo next isn't, so they can't be the same */ gc_list_move(wrasgc, &wrcb_to_call); -@@ -652,11 +726,11 @@ handle_weakrefs(PyGC_Head *unreachable, +@@ -703,11 +777,11 @@ handle_weakrefs(PyGC_Head *unreachable, PyGC_Head *old) gc = wrcb_to_call.gc.gc_next; op = FROM_GC(gc); @@ -265,7 +268,7 @@ diff -up Python-2.7.3/Modules/gcmodule.c.gc-assertions Python-2.7.3/Modules/gcmo /* copy-paste of weakrefobject.c's handle_callback() */ temp = PyObject_CallFunctionObjArgs(callback, wr, NULL); -@@ -759,7 +833,7 @@ delete_garbage(PyGC_Head *collectable, P +@@ -807,7 +881,7 @@ delete_garbage(PyGC_Head *collectable, PyGC_Head *old) PyGC_Head *gc = collectable->gc.gc_next; PyObject *op = FROM_GC(gc); diff --git a/SOURCES/00173-workaround-ENOPROTOOPT-in-bind_port.patch b/SOURCES/00173-workaround-ENOPROTOOPT-in-bind_port.patch index 3e83d67..12cb711 100644 --- a/SOURCES/00173-workaround-ENOPROTOOPT-in-bind_port.patch +++ b/SOURCES/00173-workaround-ENOPROTOOPT-in-bind_port.patch @@ -1,7 +1,8 @@ -diff -up Python-2.7.3/Lib/test/test_support.py.rhbz913732 Python-2.7.3/Lib/test/test_support.py ---- Python-2.7.3/Lib/test/test_support.py.rhbz913732 2013-03-04 16:11:53.757315921 -0500 -+++ Python-2.7.3/Lib/test/test_support.py 2013-03-04 16:12:11.331314722 -0500 -@@ -304,7 +304,8 @@ def bind_port(sock, host=HOST): +diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py +index 9effddd..a950228 100644 +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -526,7 +526,8 @@ def bind_port(sock, host=HOST): if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR) == 1: raise TestFailed("tests should never set the SO_REUSEADDR " \ "socket option on TCP/IP sockets!") @@ -11,4 +12,3 @@ diff -up Python-2.7.3/Lib/test/test_support.py.rhbz913732 Python-2.7.3/Lib/test/ try: if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1: raise TestFailed("tests should never set the SO_REUSEPORT " \ - "socket option on TCP/IP sockets!") diff --git a/SOURCES/00189-gdb-py-bt-dont-raise-exception-from-eval.patch b/SOURCES/00189-gdb-py-bt-dont-raise-exception-from-eval.patch index 4ef2a5d..45f9eb3 100644 --- a/SOURCES/00189-gdb-py-bt-dont-raise-exception-from-eval.patch +++ b/SOURCES/00189-gdb-py-bt-dont-raise-exception-from-eval.patch @@ -1,11 +1,13 @@ ---- Python-2.7.5-orig/Tools/gdb/libpython.py 2013-05-12 03:32:54.000000000 +0000 -+++ Python-2.7.5-orig/Tools/gdb/libpython.py 2013-09-15 09:56:25.494000000 +0000 -@@ -887,6 +887,8 @@ +diff --git a/Tools/gdb/libpython.py b/Tools/gdb/libpython.py +index 9def56e..d98cb2d 100755 +--- a/Tools/gdb/libpython.py ++++ b/Tools/gdb/libpython.py +@@ -938,6 +938,8 @@ class PyFrameObjectPtr(PyObjectPtr): newline character''' if self.is_optimized_out(): return '(frame information optimized out)' + if self.filename() == '': + return '(in an eval block)' - filename = self.filename() - try: - f = open(filename, 'r') + + lineno = self.current_line_num() + if lineno is None: diff --git a/SOURCES/00198-add-rewheel-module.patch b/SOURCES/00198-add-rewheel-module.patch index 029f24f..173a387 100644 --- a/SOURCES/00198-add-rewheel-module.patch +++ b/SOURCES/00198-add-rewheel-module.patch @@ -1,5 +1,5 @@ diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py -index 14c9adb..e20104e 100644 +index 5021ebf..63c763a 100644 --- a/Lib/ensurepip/__init__.py +++ b/Lib/ensurepip/__init__.py @@ -7,6 +7,7 @@ import pkgutil @@ -7,22 +7,22 @@ index 14c9adb..e20104e 100644 import sys import tempfile +from ensurepip import rewheel - - + + __all__ = ["version", "bootstrap"] -@@ -43,6 +44,8 @@ def _run_pip(args, additional_paths=None): - +@@ -29,6 +30,8 @@ def _run_pip(args, additional_paths=None): + # Install the bundled software - import pip + import pip._internal + if args[0] in ["install", "list", "wheel"]: + args.append('--pre') - pip.main(args) - - -@@ -93,21 +96,40 @@ def bootstrap(root=None, upgrade=False, user=False, + return pip._internal.main(args) + + +@@ -93,21 +96,40 @@ def _bootstrap(root=None, upgrade=False, user=False, # omit pip and easy_install os.environ["ENSUREPIP_OPTIONS"] = "install" - + + whls = [] + rewheel_dir = None + # try to see if we have system-wide versions of _PROJECTS @@ -67,7 +67,7 @@ index 14c9adb..e20104e 100644 + additional_paths.append(os.path.join(tmpdir, os.path.basename(whl))) + if rewheel_dir: + shutil.rmtree(rewheel_dir) - + # Construct the arguments to be passed to the pip command args = ["install", "--no-index", "--find-links", tmpdir] diff --git a/Lib/ensurepip/rewheel/__init__.py b/Lib/ensurepip/rewheel/__init__.py @@ -235,15 +235,15 @@ index 0000000..75c2094 + pass # bad RECORD or empty line + return to_write, to_omit diff --git a/Makefile.pre.in b/Makefile.pre.in -index ca33158..44bdde5 100644 +index ebc1293..7bf53d5 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1066,7 +1066,7 @@ LIBSUBDIRS= lib-tk lib-tk/test lib-tk/test/test_tkinter \ - test/tracedmodules \ - encodings compiler hotshot \ - email email/mime email/test email/test/data \ +@@ -1065,7 +1065,7 @@ LIBSUBDIRS= lib-tk lib-tk/test lib-tk/test/test_tkinter \ + test/tracedmodules \ + encodings compiler hotshot \ + email email/mime email/test email/test/data \ - ensurepip ensurepip/_bundled \ + ensurepip ensurepip/_bundled ensurepip/rewheel\ - json json/tests \ - sqlite3 sqlite3/test \ - logging bsddb bsddb/test csv importlib wsgiref \ + json json/tests \ + sqlite3 sqlite3/test \ + logging bsddb bsddb/test csv importlib wsgiref \ diff --git a/SOURCES/00231-cprofile-sort-option.patch b/SOURCES/00231-cprofile-sort-option.patch deleted file mode 100644 index 92e0150..0000000 --- a/SOURCES/00231-cprofile-sort-option.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0fba878e37390b581b95b31ff7d42041c9a3a370 Mon Sep 17 00:00:00 2001 -From: Charalampos Stratakis -Date: Tue, 12 Apr 2016 14:17:32 +0200 -Subject: [PATCH] add choices for sort option of cProfile for better output - message - ---- - Lib/cProfile.py | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/Lib/cProfile.py b/Lib/cProfile.py -index b2efd04..02acd4e 100755 ---- a/Lib/cProfile.py -+++ b/Lib/cProfile.py -@@ -161,7 +161,7 @@ def label(code): - # ____________________________________________________________ - - def main(): -- import os, sys -+ import os, pstats, sys - from optparse import OptionParser - usage = "cProfile.py [-o output_file_path] [-s sort] scriptfile [arg] ..." - parser = OptionParser(usage=usage) -@@ -170,7 +170,8 @@ def main(): - help="Save stats to ", default=None) - parser.add_option('-s', '--sort', dest="sort", - help="Sort order when printing to stdout, based on pstats.Stats class", -- default=-1) -+ default=-1, -+ choices=list(pstats.Stats.sort_arg_dict_default.keys())) - - if not sys.argv[1:]: - parser.print_usage() --- -2.5.5 - diff --git a/SOURCES/00320-CVE-2019-9636.patch b/SOURCES/00320-CVE-2019-9636.patch index a307907..adb977f 100644 --- a/SOURCES/00320-CVE-2019-9636.patch +++ b/SOURCES/00320-CVE-2019-9636.patch @@ -1,8 +1,8 @@ diff --git a/Doc/library/urlparse.rst b/Doc/library/urlparse.rst -index b933dda..412c4ea 100644 +index 22249da..0989c88 100644 --- a/Doc/library/urlparse.rst +++ b/Doc/library/urlparse.rst -@@ -119,6 +119,12 @@ The :mod:`urlparse` module defines the following functions: +@@ -119,12 +119,22 @@ The :mod:`urlparse` module defines the following functions: See section :ref:`urlparse-result-object` for more information on the result object. @@ -15,19 +15,17 @@ index b933dda..412c4ea 100644 .. versionchanged:: 2.5 Added attributes to return value. -@@ -126,6 +132,11 @@ The :mod:`urlparse` module defines the following functions: + .. versionchanged:: 2.7 Added IPv6 URL parsing capabilities. - + .. versionchanged:: 2.7.17 + Characters that affect netloc parsing under NFKC normalization will + now raise :exc:`ValueError`. + -+ - .. function:: parse_qs(qs[, keep_blank_values[, strict_parsing]]) - Parse a query string given as a string argument (data of type -@@ -220,11 +231,21 @@ The :mod:`urlparse` module defines the following functions: + .. function:: parse_qs(qs[, keep_blank_values[, strict_parsing[, max_num_fields]]]) + +@@ -232,11 +242,21 @@ The :mod:`urlparse` module defines the following functions: See section :ref:`urlparse-result-object` for more information on the result object. @@ -50,7 +48,7 @@ index b933dda..412c4ea 100644 .. function:: urlunsplit(parts) diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py -index 4e1ded7..1830d0b 100644 +index 4e1ded7..6fd1071 100644 --- a/Lib/test/test_urlparse.py +++ b/Lib/test/test_urlparse.py @@ -1,4 +1,6 @@ @@ -60,7 +58,7 @@ index 4e1ded7..1830d0b 100644 import unittest import urlparse -@@ -624,6 +626,29 @@ class UrlParseTestCase(unittest.TestCase): +@@ -624,6 +626,35 @@ class UrlParseTestCase(unittest.TestCase): self.assertEqual(urlparse.urlparse("http://www.python.org:80"), ('http','www.python.org:80','','','','')) @@ -79,6 +77,12 @@ index 4e1ded7..1830d0b 100644 + self.assertIn(u'\u2100', denorm_chars) + self.assertIn(u'\uFF03', denorm_chars) + ++ # bpo-36742: Verify port separators are ignored when they ++ # existed prior to decomposition ++ urlparse.urlsplit(u'http://\u30d5\u309a:80') ++ with self.assertRaises(ValueError): ++ urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380') ++ + for scheme in [u"http", u"https", u"ftp"]: + for c in denorm_chars: + url = u"{}://netloc{}false.netloc/path".format(scheme, c) @@ -91,10 +95,10 @@ index 4e1ded7..1830d0b 100644 test_support.run_unittest(UrlParseTestCase) diff --git a/Lib/urlparse.py b/Lib/urlparse.py -index 4cd3d67..55e9928 100644 +index f7c2b03..f08e0fe 100644 --- a/Lib/urlparse.py +++ b/Lib/urlparse.py -@@ -165,6 +165,21 @@ def _splitnetloc(url, start=0): +@@ -165,6 +165,24 @@ def _splitnetloc(url, start=0): delim = min(delim, wdelim) # use earliest delim position return url[start:delim], url[delim:] # return (domain, rest) @@ -104,19 +108,22 @@ index 4cd3d67..55e9928 100644 + # looking for characters like \u2100 that expand to 'a/c' + # IDNA uses NFKC equivalence, so normalize for this check + import unicodedata -+ netloc2 = unicodedata.normalize('NFKC', netloc) -+ if netloc == netloc2: ++ n = netloc.rpartition('@')[2] # ignore anything to the left of '@' ++ n = n.replace(':', '') # ignore characters already included ++ n = n.replace('#', '') # but not the surrounding text ++ n = n.replace('?', '') ++ netloc2 = unicodedata.normalize('NFKC', n) ++ if n == netloc2: + return -+ _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay + for c in '/?#@:': + if c in netloc2: -+ raise ValueError("netloc '" + netloc2 + "' contains invalid " + ++ raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + def urlsplit(url, scheme='', allow_fragments=True): """Parse a URL into 5 components: :///?# -@@ -193,6 +208,7 @@ def urlsplit(url, scheme='', allow_fragments=True): +@@ -193,6 +211,7 @@ def urlsplit(url, scheme='', allow_fragments=True): url, fragment = url.split('#', 1) if '?' in url: url, query = url.split('?', 1) @@ -124,7 +131,7 @@ index 4cd3d67..55e9928 100644 v = SplitResult(scheme, netloc, url, query, fragment) _parse_cache[key] = v return v -@@ -216,6 +232,7 @@ def urlsplit(url, scheme='', allow_fragments=True): +@@ -216,6 +235,7 @@ def urlsplit(url, scheme='', allow_fragments=True): url, fragment = url.split('#', 1) if '?' in url: url, query = url.split('?', 1) diff --git a/SOURCES/00324-disallow-control-chars-in-http-urls.patch b/SOURCES/00324-disallow-control-chars-in-http-urls.patch new file mode 100644 index 0000000..426900a --- /dev/null +++ b/SOURCES/00324-disallow-control-chars-in-http-urls.patch @@ -0,0 +1,221 @@ +diff --git a/Lib/httplib.py b/Lib/httplib.py +index 60a8fb4..1b41c34 100644 +--- a/Lib/httplib.py ++++ b/Lib/httplib.py +@@ -247,6 +247,16 @@ _MAXHEADERS = 100 + _is_legal_header_name = re.compile(r'\A[^:\s][^:\r\n]*\Z').match + _is_illegal_header_value = re.compile(r'\n(?![ \t])|\r(?![ \t\n])').search + ++# These characters are not allowed within HTTP URL paths. ++# See https://tools.ietf.org/html/rfc3986#section-3.3 and the ++# https://tools.ietf.org/html/rfc3986#appendix-A pchar definition. ++# Prevents CVE-2019-9740. Includes control characters such as \r\n. ++# Restrict non-ASCII characters above \x7f (0x80-0xff). ++_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f-\xff]') ++# Arguably only these _should_ allowed: ++# _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") ++# We are more lenient for assumed real world compatibility purposes. ++ + # We always set the Content-Length header for these methods because some + # servers will otherwise respond with a 411 + _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} +@@ -927,6 +937,12 @@ class HTTPConnection: + self._method = method + if not url: + url = '/' ++ # Prevent CVE-2019-9740. ++ match = _contains_disallowed_url_pchar_re.search(url) ++ if match: ++ raise InvalidURL("URL can't contain control characters. %r " ++ "(found at least %r)" ++ % (url, match.group())) + hdr = '%s %s %s' % (method, url, self._http_vsn_str) + + self._output(hdr) +diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +index 1ce9201..bdc6e78 100644 +--- a/Lib/test/test_urllib.py ++++ b/Lib/test/test_urllib.py +@@ -9,6 +9,10 @@ import os + import sys + import mimetools + import tempfile ++try: ++ import ssl ++except ImportError: ++ ssl = None + + from test import test_support + from base64 import b64encode +@@ -257,6 +261,33 @@ class urlopen_HttpTests(unittest.TestCase, FakeHTTPMixin): + finally: + self.unfakehttp() + ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_control_char_rejected(self): ++ for char_no in range(0, 0x21) + range(0x7f, 0x100): ++ char = chr(char_no) ++ schemeless_url = "//localhost:7777/test%s/" % char ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ try: ++ # urllib quotes the URL so there is no injection. ++ resp = urllib.urlopen("http:" + schemeless_url) ++ self.assertNotIn(char, resp.geturl()) ++ finally: ++ self.unfakehttp() ++ ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_newline_header_injection_rejected(self): ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123" ++ schemeless_url = "//" + host + ":8080/test/?test=a" ++ try: ++ # urllib quotes the URL so there is no injection. ++ resp = urllib.urlopen("http:" + schemeless_url) ++ self.assertNotIn(' ', resp.geturl()) ++ self.assertNotIn('\r', resp.geturl()) ++ self.assertNotIn('\n', resp.geturl()) ++ finally: ++ self.unfakehttp() ++ + def test_read_bogus(self): + # urlopen() should raise IOError for many error codes. + self.fakehttp('''HTTP/1.1 401 Authentication Required +diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py +index 6d24d5d..d13f86f 100644 +--- a/Lib/test/test_urllib2.py ++++ b/Lib/test/test_urllib2.py +@@ -1,5 +1,5 @@ + import unittest +-from test import test_support ++from test import support + from test import test_urllib + + import os +@@ -15,6 +15,9 @@ try: + except ImportError: + ssl = None + ++from test.test_urllib import FakeHTTPMixin ++ ++ + # XXX + # Request + # CacheFTPHandler (hard to write) +@@ -683,7 +686,7 @@ class HandlerTests(unittest.TestCase): + h = urllib2.FileHandler() + o = h.parent = MockOpener() + +- TESTFN = test_support.TESTFN ++ TESTFN = support.TESTFN + urlpath = sanepathname2url(os.path.abspath(TESTFN)) + towrite = "hello, world\n" + urls = [ +@@ -1154,7 +1157,7 @@ class HandlerTests(unittest.TestCase): + opener.add_handler(auth_handler) + opener.add_handler(http_handler) + msg = "Basic Auth Realm was unquoted" +- with test_support.check_warnings((msg, UserWarning)): ++ with support.check_warnings((msg, UserWarning)): + self._test_basic_auth(opener, auth_handler, "Authorization", + realm, http_handler, password_manager, + "http://acme.example.com/protected", +@@ -1262,7 +1265,7 @@ class HandlerTests(unittest.TestCase): + self.assertEqual(len(http_handler.requests), 1) + self.assertFalse(http_handler.requests[0].has_header(auth_header)) + +-class MiscTests(unittest.TestCase): ++class MiscTests(unittest.TestCase, FakeHTTPMixin): + + def test_build_opener(self): + class MyHTTPHandler(urllib2.HTTPHandler): pass +@@ -1317,6 +1320,52 @@ class MiscTests(unittest.TestCase): + "Unsupported digest authentication algorithm 'invalid'" + ) + ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_control_char_rejected(self): ++ for char_no in range(0, 0x21) + range(0x7f, 0x100): ++ char = chr(char_no) ++ schemeless_url = "//localhost:7777/test%s/" % char ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ try: ++ # We explicitly test urllib.request.urlopen() instead of the top ++ # level 'def urlopen()' function defined in this... (quite ugly) ++ # test suite. They use different url opening codepaths. Plain ++ # urlopen uses FancyURLOpener which goes via a codepath that ++ # calls urllib.parse.quote() on the URL which makes all of the ++ # above attempts at injection within the url _path_ safe. ++ escaped_char_repr = repr(char).replace('\\', r'\\') ++ InvalidURL = httplib.InvalidURL ++ with self.assertRaisesRegexp( ++ InvalidURL, "contain control.*" + escaped_char_repr): ++ urllib2.urlopen("http:" + schemeless_url) ++ with self.assertRaisesRegexp( ++ InvalidURL, "contain control.*" + escaped_char_repr): ++ urllib2.urlopen("https:" + schemeless_url) ++ finally: ++ self.unfakehttp() ++ ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_newline_header_injection_rejected(self): ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123" ++ schemeless_url = "//" + host + ":8080/test/?test=a" ++ try: ++ # We explicitly test urllib.request.urlopen() instead of the top ++ # level 'def urlopen()' function defined in this... (quite ugly) ++ # test suite. They use different url opening codepaths. Plain ++ # urlopen uses FancyURLOpener which goes via a codepath that ++ # calls urllib.parse.quote() on the URL which makes all of the ++ # above attempts at injection within the url _path_ safe. ++ InvalidURL = httplib.InvalidURL ++ with self.assertRaisesRegexp( ++ InvalidURL, r"contain control.*\\r.*(found at least . .)"): ++ urllib2.urlopen("http:" + schemeless_url) ++ with self.assertRaisesRegexp(InvalidURL, r"contain control.*\\n"): ++ urllib2.urlopen("https:" + schemeless_url) ++ finally: ++ self.unfakehttp() ++ ++ + + class RequestTests(unittest.TestCase): + +@@ -1412,14 +1461,14 @@ class RequestTests(unittest.TestCase): + + def test_main(verbose=None): + from test import test_urllib2 +- test_support.run_doctest(test_urllib2, verbose) +- test_support.run_doctest(urllib2, verbose) ++ support.run_doctest(test_urllib2, verbose) ++ support.run_doctest(urllib2, verbose) + tests = (TrivialTests, + OpenerDirectorTests, + HandlerTests, + MiscTests, + RequestTests) +- test_support.run_unittest(*tests) ++ support.run_unittest(*tests) + + if __name__ == "__main__": + test_main(verbose=True) +diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py +index 36b3be6..90ccb30 100644 +--- a/Lib/test/test_xmlrpc.py ++++ b/Lib/test/test_xmlrpc.py +@@ -659,7 +659,13 @@ class SimpleServerTestCase(BaseServerTestCase): + def test_partial_post(self): + # Check that a partial POST doesn't make the server loop: issue #14001. + conn = httplib.HTTPConnection(ADDR, PORT) +- conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye') ++ conn.send('POST /RPC2 HTTP/1.0\r\n' ++ 'Content-Length: 100\r\n\r\n' ++ 'bye HTTP/1.1\r\n' ++ 'Host: %s:%s\r\n' ++ 'Accept-Encoding: identity\r\n' ++ 'Content-Length: 0\r\n\r\n' ++ % (ADDR, PORT)) + conn.close() + + class SimpleServerEncodingTestCase(BaseServerTestCase): diff --git a/SOURCES/python-2.7.1-config.patch b/SOURCES/python-2.7.1-config.patch index 6976d5c..a887ec8 100644 --- a/SOURCES/python-2.7.1-config.patch +++ b/SOURCES/python-2.7.1-config.patch @@ -1,5 +1,7 @@ ---- Python-2.7.4/Modules/Setup.dist.rhconfig 2013-04-06 16:02:34.000000000 +0200 -+++ Python-2.7.4/Modules/Setup.dist 2013-04-08 10:05:16.369985654 +0200 +diff --git a/Modules/Setup.dist b/Modules/Setup.dist +index bbc9222..2fcbb3f 100644 +--- a/Modules/Setup.dist ++++ b/Modules/Setup.dist @@ -153,7 +153,7 @@ GLHACK=-Dclear=__GLclear # modules are to be built as shared libraries (see above for more # detail; also note that *static* reverses this effect): @@ -9,7 +11,7 @@ # GNU readline. Unlike previous Python incarnations, GNU readline is # now incorporated in an optional module, configured in the Setup file -@@ -163,77 +163,77 @@ GLHACK=-Dclear=__GLclear +@@ -163,33 +163,33 @@ GLHACK=-Dclear=__GLclear # it, depending on your system -- see the GNU readline instructions. # It's okay for this to be a shared library, too. @@ -59,9 +61,7 @@ # Standard I/O baseline #_io -I$(srcdir)/Modules/_io _io/bufferedio.c _io/bytesio.c _io/fileio.c _io/iobase.c _io/_iomodule.c _io/stringio.c _io/textio.c - - - # Modules with some UNIX dependencies -- on by default: +@@ -199,41 +199,41 @@ GLHACK=-Dclear=__GLclear # (If you have a really backward UNIX, select and socket may not be # supported...) @@ -117,7 +117,7 @@ # Multimedia modules -- off by default. -@@ -238,8 +238,8 @@ GLHACK=-Dclear=__GLclear +@@ -241,8 +241,8 @@ GLHACK=-Dclear=__GLclear # #993173 says audioop works on 64-bit platforms, though. # These represent audio samples or images as strings: @@ -128,7 +128,7 @@ # Note that the _md5 and _sha modules are normally only built if the -@@ -249,14 +249,14 @@ GLHACK=-Dclear=__GLclear +@@ -252,14 +252,14 @@ GLHACK=-Dclear=__GLclear # Message-Digest Algorithm, described in RFC 1321. The necessary files # md5.c and md5.h are included here. @@ -147,7 +147,7 @@ # SGI IRIX specific modules -- off by default. -@@ -303,12 +303,12 @@ GLHACK=-Dclear=__GLclear +@@ -306,12 +306,12 @@ GLHACK=-Dclear=__GLclear # A Linux specific module -- off by default; this may also work on # some *BSDs. @@ -162,7 +162,7 @@ # The _tkinter module. -@@ -323,7 +323,7 @@ GLHACK=-Dclear=__GLclear +@@ -326,7 +326,7 @@ GLHACK=-Dclear=__GLclear # every system. # *** Always uncomment this (leave the leading underscore in!): @@ -171,7 +171,7 @@ # *** Uncomment and edit to reflect where your Tcl/Tk libraries are: # -L/usr/local/lib \ # *** Uncomment and edit to reflect where your Tcl/Tk headers are: -@@ -333,7 +333,7 @@ GLHACK=-Dclear=__GLclear +@@ -336,7 +336,7 @@ GLHACK=-Dclear=__GLclear # *** Or uncomment this for Solaris: # -I/usr/openwin/include \ # *** Uncomment and edit for Tix extension only: @@ -180,7 +180,7 @@ # *** Uncomment and edit for BLT extension only: # -DWITH_BLT -I/usr/local/blt/blt8.0-unoff/include -lBLT8.0 \ # *** Uncomment and edit for PIL (TkImaging) extension only: -@@ -342,7 +342,7 @@ GLHACK=-Dclear=__GLclear +@@ -345,7 +345,7 @@ GLHACK=-Dclear=__GLclear # *** Uncomment and edit for TOGL extension only: # -DWITH_TOGL togl.c \ # *** Uncomment and edit to reflect your Tcl/Tk versions: @@ -189,7 +189,7 @@ # *** Uncomment and edit to reflect where your X11 libraries are: # -L/usr/X11R6/lib \ # *** Or uncomment this for Solaris: -@@ -352,7 +352,7 @@ GLHACK=-Dclear=__GLclear +@@ -355,7 +355,7 @@ GLHACK=-Dclear=__GLclear # *** Uncomment for AIX: # -lld \ # *** Always uncomment this; X11 libraries to link with: @@ -198,7 +198,7 @@ # Lance Ellinghaus's syslog module #syslog syslogmodule.c # syslog daemon interface -@@ -374,7 +374,7 @@ GLHACK=-Dclear=__GLclear +@@ -377,7 +377,7 @@ GLHACK=-Dclear=__GLclear # it is a highly experimental and dangerous device for calling # *arbitrary* C functions in *arbitrary* shared libraries: @@ -207,7 +207,7 @@ # Modules that provide persistent dictionary-like semantics. You will -@@ -397,7 +397,7 @@ GLHACK=-Dclear=__GLclear +@@ -400,7 +400,7 @@ GLHACK=-Dclear=__GLclear # # First, look at Setup.config; configure may have set this for you. @@ -216,7 +216,7 @@ # Sleepycat Berkeley DB interface. -@@ -412,11 +412,9 @@ GLHACK=-Dclear=__GLclear +@@ -415,11 +415,9 @@ GLHACK=-Dclear=__GLclear # # Edit the variables DB and DBLIBVERto point to the db top directory # and the subdirectory of PORT where you built it. @@ -231,7 +231,7 @@ # Historical Berkeley DB 1.85 # -@@ -431,14 +430,14 @@ GLHACK=-Dclear=__GLclear +@@ -434,14 +432,14 @@ GLHACK=-Dclear=__GLclear # Helper module for various ascii-encoders @@ -250,7 +250,7 @@ # Lee Busby's SIGFPE modules. -@@ -461,7 +460,7 @@ GLHACK=-Dclear=__GLclear +@@ -464,7 +462,7 @@ GLHACK=-Dclear=__GLclear # Andrew Kuchling's zlib module. # This require zlib 1.1.3 (or later). # See http://www.gzip.org/zlib/ @@ -258,20 +258,21 @@ +zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib -lz # Interface to the Expat XML parser - # -@@ -480,14 +479,14 @@ GLHACK=-Dclear=__GLclear + # More information on Expat can be found at www.libexpat.org. +@@ -475,14 +473,14 @@ GLHACK=-Dclear=__GLclear # Hye-Shik Chang's CJKCodecs # multibytecodec is required for all the other CJK codec modules -#_multibytecodec cjkcodecs/multibytecodec.c -+_multibytecodec cjkcodecs/multibytecodec.c - +- -#_codecs_cn cjkcodecs/_codecs_cn.c -#_codecs_hk cjkcodecs/_codecs_hk.c -#_codecs_iso2022 cjkcodecs/_codecs_iso2022.c -#_codecs_jp cjkcodecs/_codecs_jp.c -#_codecs_kr cjkcodecs/_codecs_kr.c -#_codecs_tw cjkcodecs/_codecs_tw.c ++_multibytecodec cjkcodecs/multibytecodec.c ++ +_codecs_cn cjkcodecs/_codecs_cn.c +_codecs_hk cjkcodecs/_codecs_hk.c +_codecs_iso2022 cjkcodecs/_codecs_iso2022.c diff --git a/SOURCES/python-2.7.1-fix_test_abc_with_COUNT_ALLOCS.patch b/SOURCES/python-2.7.1-fix_test_abc_with_COUNT_ALLOCS.patch deleted file mode 100644 index bb38281..0000000 --- a/SOURCES/python-2.7.1-fix_test_abc_with_COUNT_ALLOCS.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up Python-2.7.1/Lib/test/test_abc.py.cache_leak Python-2.7.1/Lib/test/test_abc.py ---- Python-2.7.1/Lib/test/test_abc.py.cache_leak 2010-12-28 18:06:35.551938356 -0500 -+++ Python-2.7.1/Lib/test/test_abc.py 2010-12-28 18:09:09.021059202 -0500 -@@ -3,6 +3,8 @@ - - """Unit tests for abc.py.""" - -+import sys -+ - import unittest, weakref - from test import test_support - -@@ -229,8 +231,12 @@ class TestABC(unittest.TestCase): - # Trigger cache. - C().f() - del C -- test_support.gc_collect() -- self.assertEqual(r(), None) -+ # This doesn't work in our debug build, presumably due to its use -+ # of COUNT_ALLOCS, which makes heap-allocated types immortal (once -+ # they've ever had an instance): -+ if not hasattr(sys, 'getcounts'): -+ test_support.gc_collect() -+ self.assertEqual(r(), None) - - def test_main(): - test_support.run_unittest(TestABC) diff --git a/SOURCES/python-2.7.3-debug-build.patch b/SOURCES/python-2.7.3-debug-build.patch index b7ba7ba..814f51b 100644 --- a/SOURCES/python-2.7.3-debug-build.patch +++ b/SOURCES/python-2.7.3-debug-build.patch @@ -1,25 +1,5 @@ -From 898f93aa206e577dfe854c59bc62d0cea09cd5ed Mon Sep 17 00:00:00 2001 -From: Tomas Orsava -Date: Tue, 10 Jan 2017 16:19:50 +0100 -Subject: [PATCH] Patch to support building both optimized vs debug stacks DSO - ABIs, - -sharing the same .py and .pyc files, using "_d.so" to signify a debug build of -an extension module. ---- - Lib/distutils/command/build_ext.py | 7 ++++- - Lib/distutils/sysconfig.py | 5 ++-- - Lib/distutils/tests/test_install.py | 3 +- - Makefile.pre.in | 56 ++++++++++++++++++++----------------- - Misc/python-config.in | 2 +- - Modules/makesetup | 2 +- - Python/dynload_shlib.c | 11 ++++++-- - Python/sysmodule.c | 6 ++++ - configure.ac | 14 ++++++++-- - 9 files changed, 69 insertions(+), 37 deletions(-) - diff --git a/Lib/distutils/command/build_ext.py b/Lib/distutils/command/build_ext.py -index 2c68be3..029d144 100644 +index 86a85c1..086b2b7 100644 --- a/Lib/distutils/command/build_ext.py +++ b/Lib/distutils/command/build_ext.py @@ -677,7 +677,10 @@ class build_ext (Command): @@ -67,7 +47,7 @@ index 3e7f077..ec5d584 100644 def parse_config_h(fp, g=None): diff --git a/Lib/distutils/tests/test_install.py b/Lib/distutils/tests/test_install.py -index 78fac46..d1d0931 100644 +index c72ae0b..8ec2111 100644 --- a/Lib/distutils/tests/test_install.py +++ b/Lib/distutils/tests/test_install.py @@ -20,8 +20,9 @@ from distutils.tests import support @@ -82,10 +62,10 @@ index 78fac46..d1d0931 100644 diff --git a/Makefile.pre.in b/Makefile.pre.in -index 997a2fc..467e782 100644 +index 5ccd3ae..2c43611 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -116,8 +116,8 @@ SCRIPTDIR= $(prefix)/lib64 +@@ -115,8 +115,8 @@ SCRIPTDIR= $(prefix)/lib64 # Detailed destination directories BINLIBDEST= $(LIBDIR)/python$(VERSION) LIBDEST= $(SCRIPTDIR)/python$(VERSION) @@ -96,7 +76,7 @@ index 997a2fc..467e782 100644 LIBP= $(LIBDIR)/python$(VERSION) # Symbols used for using shared libraries -@@ -131,6 +131,12 @@ DESTSHARED= $(BINLIBDEST)/lib-dynload +@@ -130,6 +130,12 @@ DESTSHARED= $(BINLIBDEST)/lib-dynload EXE= @EXEEXT@ BUILDEXE= @BUILDEXEEXT@ @@ -109,7 +89,7 @@ index 997a2fc..467e782 100644 # Short name and location for Mac OS X Python framework UNIVERSALSDK=@UNIVERSALSDK@ PYTHONFRAMEWORK= @PYTHONFRAMEWORK@ -@@ -197,8 +203,8 @@ LIBOBJDIR= Python/ +@@ -196,8 +202,8 @@ LIBOBJDIR= Python/ LIBOBJS= @LIBOBJS@ UNICODE_OBJS= @UNICODE_OBJS@ @@ -118,9 +98,9 @@ index 997a2fc..467e782 100644 +PYTHON= python$(DEBUG_SUFFIX)$(EXE) +BUILDPYTHON= python$(DEBUG_SUFFIX)$(BUILDEXE) + PYTHON_FOR_REGEN=@PYTHON_FOR_REGEN@ PYTHON_FOR_BUILD=@PYTHON_FOR_BUILD@ - _PYTHON_HOST_PLATFORM=@_PYTHON_HOST_PLATFORM@ -@@ -547,7 +553,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o +@@ -528,7 +534,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o _TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build @@ -129,7 +109,7 @@ index 997a2fc..467e782 100644 if test $(INSTSONAME) != $(LDLIBRARY); then \ $(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \ $(LN) -f $(INSTSONAME) $@; \ -@@ -954,18 +960,18 @@ bininstall: altbininstall +@@ -977,18 +983,18 @@ bininstall: altbininstall then rm -f $(DESTDIR)$(BINDIR)/$(PYTHON); \ else true; \ fi @@ -159,7 +139,7 @@ index 997a2fc..467e782 100644 # Install the interpreter with $(VERSION) affixed # This goes into $(exec_prefix) -@@ -978,7 +984,7 @@ altbininstall: $(BUILDPYTHON) +@@ -1001,7 +1007,7 @@ altbininstall: $(BUILDPYTHON) else true; \ fi; \ done @@ -168,7 +148,7 @@ index 997a2fc..467e782 100644 if test -f $(LDLIBRARY); then \ if test -n "$(DLLLIBRARY)" ; then \ $(INSTALL_SHARED) $(DLLLIBRARY) $(DESTDIR)$(BINDIR); \ -@@ -1148,10 +1154,11 @@ $(srcdir)/Lib/$(PLATDIR): +@@ -1172,10 +1178,11 @@ $(srcdir)/Lib/$(PLATDIR): fi; \ cd $(srcdir)/Lib/$(PLATDIR); $(RUNSHARED) ./regen @@ -182,7 +162,7 @@ index 997a2fc..467e782 100644 # Install the include files INCLDIRSTOMAKE=$(INCLUDEDIR) $(CONFINCLUDEDIR) $(INCLUDEPY) $(CONFINCLUDEPY) -@@ -1172,13 +1179,13 @@ inclinstall: +@@ -1196,13 +1203,13 @@ inclinstall: $(INSTALL_DATA) pyconfig.h $(DESTDIR)$(CONFINCLUDEPY)/pyconfig.h # Install the library and miscellaneous stuff needed for extending/embedding @@ -194,12 +174,12 @@ index 997a2fc..467e782 100644 # pkgconfig directory LIBPC= $(LIBDIR)/pkgconfig --libainstall: all python-config -+libainstall: all python$(DEBUG_SUFFIX)-config +-libainstall: @DEF_MAKE_RULE@ python-config ++libainstall: @DEF_MAKE_RULE@ python$(DEBUG_SUFFIX)-config @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC); \ do \ if test ! -d $(DESTDIR)$$i; then \ -@@ -1194,11 +1201,10 @@ libainstall: all python-config +@@ -1218,11 +1225,10 @@ libainstall: @DEF_MAKE_RULE@ python-config $(INSTALL_DATA) Modules/Setup $(DESTDIR)$(LIBPL)/Setup $(INSTALL_DATA) Modules/Setup.local $(DESTDIR)$(LIBPL)/Setup.local $(INSTALL_DATA) Modules/Setup.config $(DESTDIR)$(LIBPL)/Setup.config @@ -227,7 +207,7 @@ index a09e07c..c1691ef 100644 libs += getvar('SYSLIBS').split() # add the prefix/lib/pythonX.Y/config dir, but only if there is no diff --git a/Modules/makesetup b/Modules/makesetup -index 1bffcbf..f0bc743 100755 +index db5c47e..e6ddaba 100755 --- a/Modules/makesetup +++ b/Modules/makesetup @@ -233,7 +233,7 @@ sed -e 's/[ ]*#.*//' -e '/^[ ]*$/d' | @@ -243,14 +223,15 @@ diff --git a/Python/dynload_shlib.c b/Python/dynload_shlib.c index 17ebab1..02a94aa 100644 --- a/Python/dynload_shlib.c +++ b/Python/dynload_shlib.c -@@ -46,11 +46,16 @@ const struct filedescr _PyImport_DynLoadFiletab[] = { +@@ -45,12 +45,17 @@ const struct filedescr _PyImport_DynLoadFiletab[] = { + {".EXE", "rb", C_EXTENSION}, {"module.exe", "rb", C_EXTENSION}, {"MODULE.EXE", "rb", C_EXTENSION}, - #else ++#else +#ifdef Py_DEBUG + {"_d.so", "rb", C_EXTENSION}, + {"module_d.so", "rb", C_EXTENSION}, -+#else + #else {".so", "rb", C_EXTENSION}, {"module.so", "rb", C_EXTENSION}, -#endif @@ -264,10 +245,10 @@ index 17ebab1..02a94aa 100644 }; diff --git a/Python/sysmodule.c b/Python/sysmodule.c -index aeff38a..183e3cc 100644 +index 97c3eeb..95bfb40 100644 --- a/Python/sysmodule.c +++ b/Python/sysmodule.c -@@ -1524,6 +1524,12 @@ _PySys_Init(void) +@@ -1577,6 +1577,12 @@ _PySys_Init(void) PyString_FromString("legacy")); #endif @@ -281,10 +262,10 @@ index aeff38a..183e3cc 100644 if (PyErr_Occurred()) return NULL; diff --git a/configure.ac b/configure.ac -index 0a902c7..5caedb7 100644 +index 579dfd3..dd84c56 100644 --- a/configure.ac +++ b/configure.ac -@@ -764,7 +764,7 @@ AC_SUBST(LIBRARY) +@@ -778,7 +778,7 @@ AC_SUBST(LIBRARY) AC_MSG_CHECKING(LIBRARY) if test -z "$LIBRARY" then @@ -293,7 +274,7 @@ index 0a902c7..5caedb7 100644 fi AC_MSG_RESULT($LIBRARY) -@@ -910,8 +910,8 @@ if test $enable_shared = "yes"; then +@@ -924,8 +924,8 @@ if test $enable_shared = "yes"; then INSTSONAME="$LDLIBRARY".$SOVERSION ;; Linux*|GNU*|NetBSD*|FreeBSD*|DragonFly*|OpenBSD*) @@ -304,7 +285,7 @@ index 0a902c7..5caedb7 100644 RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} case $ac_sys_system in FreeBSD*) -@@ -1040,6 +1040,14 @@ else AC_MSG_RESULT(no); Py_DEBUG='false' +@@ -1051,6 +1051,14 @@ else AC_MSG_RESULT(no); Py_DEBUG='false' fi], [AC_MSG_RESULT(no)]) @@ -319,6 +300,3 @@ index 0a902c7..5caedb7 100644 # XXX Shouldn't the code above that fiddles with BASECFLAGS and OPT be # merged with this chunk of code? --- -2.11.0 - diff --git a/SOURCES/python-2.7.3-lib64.patch b/SOURCES/python-2.7.3-lib64.patch index 48fa9eb..d51df57 100644 --- a/SOURCES/python-2.7.3-lib64.patch +++ b/SOURCES/python-2.7.3-lib64.patch @@ -1,20 +1,3 @@ -From 0708de697e2e905387e969134fb4d832c769d9d8 Mon Sep 17 00:00:00 2001 -From: Tomas Orsava -Date: Tue, 10 Jan 2017 11:37:03 +0100 -Subject: [PATCH] Fixup various paths throughout the build and in distutils - from "lib" to "lib64" - ---- - Lib/distutils/command/install.py | 4 ++-- - Lib/distutils/sysconfig.py | 6 +++++- - Lib/site.py | 4 ++++ - Lib/test/test_site.py | 11 +++++++---- - Makefile.pre.in | 2 +- - Modules/Setup.dist | 4 ++-- - Modules/getpath.c | 6 +++--- - setup.py | 10 +++++----- - 8 files changed, 29 insertions(+), 18 deletions(-) - diff --git a/Lib/distutils/command/install.py b/Lib/distutils/command/install.py index b9f1c6c..7b23714 100644 --- a/Lib/distutils/command/install.py @@ -37,10 +20,10 @@ index b9f1c6c..7b23714 100644 'scripts': '$base/bin', 'data' : '$base', diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py -index 068d1ba..3e7f077 100644 +index 031f809..ec5d584 100644 --- a/Lib/distutils/sysconfig.py +++ b/Lib/distutils/sysconfig.py -@@ -119,8 +119,12 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None): +@@ -120,8 +120,12 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None): prefix = plat_specific and EXEC_PREFIX or PREFIX if os.name == "posix": @@ -76,10 +59,10 @@ index c360802..868b7cb 100644 return sitepackages diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py -index d9a9324..64dd8e9 100644 +index b4384ee..5e8a726 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py -@@ -235,17 +235,20 @@ class HelperFunctionsTests(unittest.TestCase): +@@ -254,17 +254,20 @@ class HelperFunctionsTests(unittest.TestCase): self.assertEqual(dirs[0], wanted) elif os.sep == '/': # OS X, Linux, FreeBSD, etc @@ -103,12 +86,12 @@ index d9a9324..64dd8e9 100644 + wanted = os.path.join('xoxo', 'lib64', 'site-packages') self.assertEqual(dirs[1], wanted) - class PthFile(object): + def test_no_home_directory(self): diff --git a/Makefile.pre.in b/Makefile.pre.in -index c0ad978..997a2fc 100644 +index 0e43da0..2c43611 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -111,7 +111,7 @@ LIBDIR= @libdir@ +@@ -110,7 +110,7 @@ LIBDIR= @libdir@ MANDIR= @mandir@ INCLUDEDIR= @includedir@ CONFINCLUDEDIR= $(exec_prefix)/include @@ -118,7 +101,7 @@ index c0ad978..997a2fc 100644 # Detailed destination directories BINLIBDEST= $(LIBDIR)/python$(VERSION) diff --git a/Modules/Setup.dist b/Modules/Setup.dist -index fbfa1c1..138fb33 100644 +index 2775a27..00e5f18 100644 --- a/Modules/Setup.dist +++ b/Modules/Setup.dist @@ -416,7 +416,7 @@ gdbm gdbmmodule.c -lgdbm @@ -138,7 +121,7 @@ index fbfa1c1..138fb33 100644 +zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib64 -lz # Interface to the Expat XML parser - # + # More information on Expat can be found at www.libexpat.org. diff --git a/Modules/getpath.c b/Modules/getpath.c index fd33a01..5b0eae6 100644 --- a/Modules/getpath.c @@ -171,7 +154,7 @@ index fd33a01..5b0eae6 100644 /* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */ diff --git a/setup.py b/setup.py -index 75d63b7..9fe7634 100644 +index 06a11f8..fa284aa 100644 --- a/setup.py +++ b/setup.py @@ -456,7 +456,7 @@ class PyBuildExt(build_ext): @@ -208,6 +191,3 @@ index 75d63b7..9fe7634 100644 ] ) if (ssl_incs is not None and --- -2.11.0 - diff --git a/SPECS/python.spec b/SPECS/python.spec index 0901180..555bdb1 100644 --- a/SPECS/python.spec +++ b/SPECS/python.spec @@ -121,8 +121,8 @@ Summary: An interpreted, interactive, object-oriented programming language Name: %{?scl_prefix}%{python} # Remember to also rebase python-docs when changing this: -Version: 2.7.13 -Release: 6%{?dist} +Version: 2.7.16 +Release: 4%{?dist} License: Python Group: Development/Languages %{?scl:Requires: %{scl}-runtime} @@ -341,9 +341,6 @@ Patch7: python-2.5.1-sqlite-encoding.patch # (rhbz:307221) Patch10: python-2.7rc1-binutils-no-dep.patch -# Upstream as of Python 2.7.3: -# Patch11: python-2.7rc1-codec-ascii-tolower.patch - # Add various constants to the socketmodule (rhbz#436560): # TODO: these patches were added in 2.5.1-22 and 2.5.1-24 but appear not to # have been sent upstream yet: @@ -359,9 +356,6 @@ Patch16: python-2.6-rpath.patch # super() as it's an old-style class Patch17: python-2.6.4-distutils-rpath.patch -# Patch setup.py so that it links against db-4.8: -# Patch54: doesn't apply to rhel < 7 - # 00055 # # Systemtap support: add statically-defined probe points # Patch based on upstream bug: http://bugs.python.org/issue4111 @@ -370,9 +364,6 @@ Patch17: python-2.6.4-distutils-rpath.patch # for 2.7rc1 by dmalcolm: Patch55: 00055-systemtap.patch -# Upstream as of Python 2.7.4 -# Patch101: 00101-lib64-regex.patch - # Only used when "%{_lib}" == "lib64" # Fixup various paths throughout the build and in distutils from "lib" to "lib64", # and add the /usr/lib64/pythonMAJOR.MINOR/site-packages to sitedirs, in front of @@ -476,9 +467,6 @@ Patch113: 00113-more-configuration-flags.patch # Not yet sent upstream Patch114: 00114-statvfs-f_flag-constants.patch -# Upstream as of Python 2.7.3: -# Patch115: make-pydoc-more-robust-001.patch - # Upstream r79310 removed the "Modules" directory from sys.path when Python is # running from the build directory on POSIX to fix a unit test (issue #8205). # This seems to have broken the compileall.py done in "make install": it cannot @@ -496,26 +484,6 @@ Patch114: 00114-statvfs-f_flag-constants.patch # This patch adds the build Modules directory to build path. Patch121: 00121-add-Modules-to-build-path.patch -# 00125 # -# COUNT_ALLOCS is useful for debugging, but the upstream behaviour of always -# emitting debug info to stdout on exit is too verbose and makes it harder to -# use the debug build. Add a "PYTHONDUMPCOUNTS" environment variable which -# must be set to enable the output on exit -# Not yet sent upstream -Patch125: 00125-less-verbose-COUNT_ALLOCS.patch - -# Upstream as of Python 2.7.5 -# Patch126: fix-dbm_contains-on-64bit-bigendian.patch - -# Upstream as of Python 2.7.5 -# Patch127: fix-test_structmember-on-64bit-bigendian.patch - -# 2.7.1 (in r84230) added a test to test_abc which fails if python is -# configured with COUNT_ALLOCS, which is the case for our debug build -# (the COUNT_ALLOCS instrumentation keeps "C" alive). -# Not yet sent upstream -Patch128: python-2.7.1-fix_test_abc_with_COUNT_ALLOCS.patch - # 00130 # # Add "--extension-suffix" option to python-config and python-debug-config # (rhbz#732808) @@ -558,11 +526,6 @@ Patch132: 00132-add-rpmbuild-hooks-to-unittest.patch # "dl" is deprecated, and test_dl doesn't work on 64-bit builds: Patch133: 00133-skip-test_dl.patch -# 00134 # -# Fix a failure in test_sys.py when configured with COUNT_ALLOCS enabled -# Not yet sent upstream -Patch134: 00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch - # 00135 # # Skip "test_callback_in_cycle_resurrection" in a debug build, where it fails: # Not yet sent upstream @@ -592,11 +555,6 @@ Patch139: 00139-skip-test_float-known-failure-on-arm.patch # which appears to be a libffi bug Patch140: 00140-skip-test_ctypes-known-failure-on-sparc.patch -# 00141 # -# Fix test_gc's test_newinstance case when configured with COUNT_ALLOCS: -# Not yet sent upstream -Patch141: 00141-fix-test_gc_with_COUNT_ALLOCS.patch - # 00142 # # Some pty tests fail when run in mock (rhbz#714627): Patch142: 00142-skip-failing-pty-tests-in-rpmbuild.patch @@ -611,10 +569,6 @@ Patch143: 00143-tsc-on-ppc.patch # (Optionally) disable the gdbm module: Patch144: 00144-no-gdbm.patch -# 00145 # -# Upstream as of Python 2.7.3: -# Patch145: 00145-force-sys-platform-to-be-linux2.patch - # 00146 # # Support OpenSSL FIPS mode (e.g. when OPENSSL_FORCE_FIPS_MODE=1 is set) # - handle failures from OpenSSL (e.g. on attempts to use MD5 in a @@ -639,28 +593,6 @@ Patch146: 00146-hashlib-fips.patch # Sent upstream as http://bugs.python.org/issue14785 Patch147: 00147-add-debug-malloc-stats.patch -# 00148 # -# Upstream as of Python 2.7.3: -# Patch148: 00148-gdbm-1.9-magic-values.patch - -# 00149 # -# python3.spec's -# Patch149: 00149-backport-issue11254-pycache-bytecompilation-fix.patch -# is not relevant for Python 2 - -# 00150 # -# python3.spec has: -# Patch150: 00150-disable-rAssertAlmostEqual-cmath-on-ppc.patch -# as a workaround for a glibc bug on PPC (bz #750811) - -# 00151 # -# Upstream as of Python 2.7.3: -# Patch151: 00151-fork-deadlock.patch - -# 00152 # -# python3.spec has: -# Patch152: 00152-fix-test-gdb-regex.patch - # 00153 # # Strip out lines of the form "warning: Unable to open ..." from gdb's stderr # when running test_gdb.py; also cope with change to gdb in F17 onwards in @@ -668,10 +600,6 @@ Patch147: 00147-add-debug-malloc-stats.patch # Not yet sent upstream Patch153: 00153-fix-test_gdb-noise.patch -# 00154 # -# python3.spec on f15 has: -# Patch154: 00154-skip-urllib-test-requiring-working-DNS.patch - # 00155 # # Avoid allocating thunks in ctypes unless absolutely necessary, to avoid # generating SELinux denials on "import ctypes" and "import uuid" when @@ -701,37 +629,6 @@ Patch156: 00156-gdb-autoload-safepath.patch # (rhbz#697470) Patch157: 00157-uid-gid-overflows.patch -# Upstream as of Python 2.7.4 -# Patch158: 00158-fix-hashlib-leak.patch - -# From F18 on, there is a libdb4 package, that replaces db4. It places header -# files in "/usr/include/libdb4", not in "/usr/include/db4", this patch -# fixes this. -# Downstream only modification. -# Patch159: Doesn't apply to rhel < 7 - -# 00160 # -# python3.spec's -# Patch160: 00160-disable-test_fs_holes-in-rpm-build.patch -# is not relevant for Python 2 - -# 00161 # -# python3.spec has: -# Patch161: 00161-fix-test_tools-directory.patch -# which will likely become relevant for Python 2 next time we rebase - -# 00162 # -# python3.spec has: -# Patch162: 00162-distutils-sysconfig-fix-CC-options.patch - -# 00163 # -# python3.spec has: -# Patch163: 00163-disable-parts-of-test_socket-in-rpm-build.patch - -# 00164 # -# python3.spec has: -# Patch164: 00164-disable-interrupted_write-tests-on-ppc.patch - # 00165 # # Backport to Python 2 from Python 3.3 of improvements to the "crypt" module # adding precanned ways of salting a password (rhbz#835021) @@ -741,17 +638,6 @@ Patch157: 00157-uid-gid-overflows.patch # within 2.7 Patch165: 00165-crypt-module-salt-backport.patch -# 00166 # -# Bulletproof the gdb debugging hooks against the case where co_filename for -# a frame can't be read from the inferior process (rhbz#912025) -# -# Not yet sent upstream -# ----- -# The original issue was a build failure on ARM, as that is no longer the case -# and the patch doesn't apply cleanly, I'm dropping it. However, should the -# issue arise again, the patch can be trivially rebased. -# Patch166: 00166-fix-fake-repr-in-gdb-hooks.patch - # 00167 # # Don't run any of the stack navigation tests in test_gdb when Python is # optimized, since there appear to be many different ways in which gdb can @@ -792,12 +678,6 @@ Patch169: 00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch # (rhbz#850013) Patch170: 00170-gc-assertions.patch -# Upstream as of Python 2.7.4 -# Patch171: 00171-raise-correct-exception-when-dev-urandom-is-missing.patch - -# Upstream as of Python 2.7.4 -# Patch172: 00172-use-poll-for-multiprocessing-socket-connection.patch - # 00173 # # Workaround for ENOPROTOOPT seen in Koji within # test.test_support.bind_port() @@ -812,30 +692,6 @@ Patch173: 00173-workaround-ENOPROTOOPT-in-bind_port.patch # e.g. cmpi-bindings under systemd (rhbz#817554): Patch174: 00174-fix-for-usr-move.patch -# 00175 # -# Upstream as of Python 2.7.5 -# Patch175: 00175-fix-configure-Wformat.patch - -# 00176 # -# python3.spec had: -# Patch176: 00176-upstream-issue16754-so-extension.patch -# doesn't affect python2 - -# 00177 # -# python3.spec has -# Patch177: 00177-platform-unicode.patch -# Does not affect python2 - -# 00178 # -# python3.spec has -# Patch178: 00178-dont-duplicate-flags-in-sysconfig.patch -# Does not affect python2 AFAICS (different sysconfig values initialization) - -# 00179 # -# python3.spec has -# Patch179: 00179-dont-raise-error-on-gdb-corrupted-frames-in-backtrace.patch -# Doesn't seem to affect python2 - # 00180 # # Enable building on ppc64p7 # Not appropriate for upstream, Fedora-specific naming @@ -850,24 +706,6 @@ Patch180: 00180-python-add-support-for-ppc64p7.patch # Doesn't apply to Python 3, where this is fixed otherwise and works. Patch181: 00181-allow-arbitrary-timeout-in-condition-wait.patch -# 00182 # -# Upstream as of Python 2.7.7 -# Patch182: python-2.7.5-memory-leak-marshalc.patch - -# 00183 # -# Upstream as of Python 2.7.7 -# Patch183: 00183-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch - -# 00184 # -# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=979696 -# Fixes build of ctypes against libffi with multilib wrapper -# Python recognizes ffi.h only if it contains "#define LIBFFI_H", -# but the wrapper doesn't contain that, which makes the build fail -# We patch this by also accepting "#define ffi_wrapper_h" -# --- -# Fixed upstream: http://bugs.python.org/issue26661 -# Patch184: 00184-ctypes-should-build-with-libffi-multilib-wrapper.patch - # 00185 # # Makes urllib2 honor "no_proxy" enviroment variable for "ftp:" URLs # when ftp_proxy is set @@ -887,109 +725,14 @@ Patch187: 00187-add-RPATH-to-pyexpat.patch # rhbz#1008154 (patch by Attila Fazekas) Patch189: 00189-gdb-py-bt-dont-raise-exception-from-eval.patch -# 00190 # -# Upstream as of Python 2.7.8 -#Patch190: 00190-get_python_version.patch - # 00191 # # # Disabling NOOP test as it fails without internet connection Patch191: 00191-disable-NOOP.patch -# 00192 # -# Upstream as of Python 2.7.8 -# Patch192: 00192-buffer-overflow.patch - -# 00194 # -# Upstream as of Python 2.7.8 -# Patch194: 00194-fix-tests-with-sqlite-3.8.4.patch - -# Since openssl-1.0.1h-5.fc21 SSLv2 and SSLV3 protocols -# are disabled by default in openssl, according the comment in openssl -# patch this affects only SSLv23_method, this patch enables SSLv2 -# and SSLv3 when SSLv23_method is used -# UPDATE: SSL3 was again enabled in openssl so I am disabling this patch -# UPDATE: If you will later try to re-enable it again please see rhbz#1156519 -# check if (self->ctx == NULL) is needed -# Patch195: 00195-enable-sslv23-in-ssl.patch - -# Fix for CVE-2013-1752 -# - multiple unbound readline() DoS flaws in python stdlib -# rhbz#1046174 -# ----- -# Already upstream -# Patch196: CVE-2013-1752.patch - -# Fix for CVE-2013-1753 -# - XMLRPC library unrestricted decompression of HTTP responses using gzip -# enconding -# rhbz#1046170 -# ----- -# Already upstream -# Patch197: xmlrpc_gzip_27_parameter.patch - # 00198 # Patch198: 00198-add-rewheel-module.patch -# ================== PEP466=========================== -# Massive backport of PEP466 and relevant other fixes -# ==================================================== -# REMOVED after rebasing to 2.7.13 as it already contains this PEP -# ================rhbz#1111461======================== -# 00213 # -# Fix %S, %R and %V formats of PyUnicode_FromFormat(). -# http://bugs.python.org/issue122023 -# Patch213: 00213-pep466-pyunicode_fromformat-fix-formats.patch - -# 00214 # -# Backport SSL module from Python3 -# http://bugs.python.org/issue21308 -# Patch214: 00214-pep466-backport-py3-ssl-changes.patch - -# 00215 # -# OpenSSL disabled various ciphers and protocols -# we have to reflect it in tests -# Patch215: 00215-pep466-reflect-openssl-settings-ssltests.patch - -# 00216 # -# fix load_verify_locations on unicode paths -# http://bugs.python.org/issue22244 -# Patch216: 00216-pep466-fix-load-verify-locs-unicode.patch - -# 00217 # -# backport hashlib changes -# http://bugs.python.org/issue21307 -# Patch217: 00217-pep466-backport-hashlib-algorithm-consts.patch - -# 00218 # -# update os.urandom -# http://bugs.python.org/issue21305 -# Patch218: 00218-pep466-backport-urandom-pers-fd.patch - -# 00219 # -# Lib/ssl.py still references _ssl.sslwrap -# http://bugs.python.org/issue22523 -# Patch219: 00219-pep466-fix-referenced-sslwrap.patch - -# 00220 # -# allow passing cert/ssl information to urllib2.urlopen and httplib.HTTPSConnection -# Patch220: 00220-pep466-allow-passing-ssl-urrlib-httplib.patch - -# 00221 # -# Patch214 remove sslwrap from _ssl.c this so we have to reimplement it -# Patch221: 00221-pep466-backport-sslwrap-c-ssl.patch - -# 00222 # -# test_ssl: fails on recent libressl version with BAD_DH_P_LENGTH -# https://bugs.python.org/issue23844 -# Patch222: 00222-add-2014-bit-dh-key.patch - -# 00223 # -# PEP 476: verify HTTPS certificates by default -# http://bugs.python.org/issue22417 -# Resolves:rhbz#1219110 -# Patch223: 00223-pep476-verify-certs-by-default.patch - # 00224 # # Re-add file based configuration to toggle HTTPS verification on and off # Note: The 'platform_default' is now set to enabled @@ -997,81 +740,20 @@ Patch198: 00198-add-rewheel-module.patch # Resolves: rhbz#1417838 and previously rhbz#1219108 Patch224: 00224-PEP-493-Re-add-file-based-configuration-of-HTTPS-ver.patch -# 00227 # -# Make load_cert_chain function of SSLContext accept -# keyfile which is set to None -# Resolves: rhbz#1250611 -# Patch227: 00227-accept-none-keyfile-loadcertchain.patch - -# 00228 # -# Backport SSLSocket.version function -# Resolves: rhbz#1259421 -# Patch228: 00228-backport-ssl-version.patch - -# ================== !PEP466 =========================== - -# 00229 # -# Initialize OpenSSL_add_all_digests in _hashlib -# Resolves: rhbz#1318319 -# ----- -# Already upstream -# Patch229: 00229-fix-hashlib-openssl-init.patch - -# 00230 # -# Adjusted tests to determine existence or lack of SSLv2 support -# Resolves: rhbz#1319703 -# ----- -# Upstream test suite was adjusted and Python now doesn't fail to build without -# this patch, therefore I'm dropping it. -# Patch230: 00230-adjusted-tests-to-determine-if-SSLv2-is-enabled-or-not.patch - -# 00231 # -# Add choices for sort option of cProfile for better output message -# http://bugs.python.org/issue23420 -# Resolves: rhbz#1319655 -Patch231: 00231-cprofile-sort-option.patch - -# 00232 # -# Fix for iteration over files vith very long lines -# http://bugs.python.org/issue22526 -# Resolves: rhbz#1329141 -# ----- -# Already upstream -# Patch232: 00232-use-Py_ssize_t-for-file-offset-and-length-computations-in-iteration.patch - -# 00237 # -# CVE-2016-0772 python: smtplib StartTLS stripping attack -# https://bugzilla.redhat.com/show_bug.cgi?id=1303647 -# Raise an error when STARTTLS fails -# Resolves: rhbz#1346358 -# ----- -# FIXED UPSTREAM: https://hg.python.org/cpython/rev/b3ce713fb9be -# Patch237: 00237-CVE-2016-0772-smtplib.patch - -# 00238 # -# CVE-2016-5699 python: http protocol steam injection attack -# https://bugzilla.redhat.com/show_bug.cgi?id=1303699 -# Disabled HTTP header injections in httplib -# Resolves: rhbz#1346358 -# ----- -# FIXED UPSTREAM: https://hg.python.org/cpython/rev/1c45047c5102 -# Patch238: 00238-CVE-2016-5699-httplib.patch - -# 00242 # -# HTTPoxy attack (CVE-2016-1000110) -# https://httpoxy.org/ -# Based on a patch by RĂ©mi Rampin -# Resolves: rhbz#1359167 -# ----- -# FIXED UPSTREAM: http://bugs.python.org/issue27568 -# Patch242: 00242-CVE-2016-1000110-httpoxy.patch - # 00320 # # Security fix for CVE-2019-9636: Information Disclosure due to urlsplit improper NFKC normalization -# FIXED UPSTREAM: https://bugs.python.org/issue36216 +# FIXED UPSTREAM: https://bugs.python.org/issue36216 and https://bugs.python.org/issue36742 # Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689326 Patch320: 00320-CVE-2019-9636.patch +# 00324 # +# Disallow control chars in http URLs +# Security fix for CVE-2019-9740 and CVE-2019-9947 +# Fixed upstream: https://bugs.python.org/issue30458 +# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1709403 +# and https://bugzilla.redhat.com/show_bug.cgi?id=1709407 +Patch324: 00324-disallow-control-chars-in-http-urls.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora 17 onwards, @@ -1336,11 +1018,6 @@ done %patch6 -p1 -b .plural %patch7 -p1 -# Try not disabling egg-infos, bz#414711 -#patch50 -p1 -b .egginfo -# patch54: doesn't apply to rhel < 7 - -# patch101: upstream as of Python 2.7.4 %if "%{_lib}" == "lib64" %patch102 -p1 -b .lib64 %patch103 -p1 -b .lib64-sysconfig @@ -1348,7 +1025,6 @@ done %endif %patch10 -p1 -b .binutils-no-dep -# patch11: upstream as of Python 2.7.3 %patch13 -p1 -b .socketmodule %patch14 -p1 -b .socketmodule2 %patch16 -p1 -b .rpath @@ -1366,13 +1042,7 @@ done %patch114 -p1 -b .statvfs-f-flag-constants -# patch115: upstream as of Python 2.7.3 - %patch121 -p1 -%patch125 -p1 -b .less-verbose-COUNT_ALLOCS -# 00126: upstream as of Python 2.7.5 -# 00127: upstream as of Python 2.7.5 -%patch128 -p1 %patch130 -p1 @@ -1382,7 +1052,6 @@ done %patch132 -p1 %patch133 -p1 -%patch134 -p1 %patch135 -p1 %patch136 -p1 %patch137 -p1 @@ -1393,87 +1062,37 @@ done %ifarch %{sparc} %patch140 -p1 %endif -%patch141 -p1 %patch142 -p1 %patch143 -p1 -b .tsc-on-ppc %if !%{with_gdbm} %patch144 -p1 %endif -# 00145: upstream as of Python 2.7.3 %patch146 -p1 %patch147 -p1 -# 00148: upstream as of Python 2.7.3 -# 00149: not for python 2 -# 00150: not for python 2 -# 00151: upstream as of Python 2.7.3 -# 00152: not for python 2 -%patch153 -p0 -# 00154: not for python 2 +%patch153 -p1 %patch155 -p1 %patch156 -p1 %patch157 -p1 -# 00158: upstream as of Python 2.7.4 -# 00159: not for rhel < 7 -# 00160: not for python 2 -# 00161: not for python 2 yet -# 00162: not for python 2 yet -# 00163: not for python 2 yet -# 00164: not for python 2 yet %patch165 -p1 mv Modules/cryptmodule.c Modules/_cryptmodule.c -# 00166: no longer needed %patch167 -p1 %patch168 -p1 %patch169 -p1 %patch170 -p1 -# 00171: upstream as of Python 2.7.4 -# 00171: upstream as of Python 2.7.4 %patch173 -p1 %patch174 -p1 -b .fix-for-usr-move -# 00175: upstream as of Python 2.7.5 -# 00176: not for python 2 -# 00177: not for python 2 -# 00178: not for python 2 -# 00179: not for python 2 %patch180 -p1 %patch181 -p1 -# 00182: upstream as of Python 2.7.7 -# 00183: upstream as of Python 2.7.7 -# 00184: upstream as of Python 2.7.7 %patch185 -p1 %patch187 -p1 %patch189 -p1 %patch191 -p1 -# 00196: upstream as of Python 2.7.9 -# 00197: upstream as of Python 2.7.9 - %if 0%{with_rewheel} %patch198 -p1 %endif - -# 00213: PEP 466 backport, upstream as of 2.7.9 -# 00214: PEP 466 backport, upstream as of 2.7.9 -# 00215: PEP 466 backport, upstream as of 2.7.9 -# 00216: PEP 466 backport, upstream as of 2.7.9 -# 00217: PEP 466 backport, upstream as of 2.7.9 -# 00218: PEP 466 backport, upstream as of 2.7.9 -# 00219: PEP 466 backport, upstream as of 2.7.9 -# 00220: PEP 466 backport, upstream as of 2.7.9 -# 00221: PEP 466 backport, upstream as of 2.7.9 -# 00222: PEP 466 backport, upstream as of 2.7.9 -# 00223: PEP 466 backport, upstream as of 2.7.9 %patch224 -p1 -# 00227: PEP 466 backport, upstream as of 2.7.9 -# 00228: PEP 466 backport, upstream as of 2.7.9 - -# 00229: upstream -# 00230: no longer needed -%patch231 -p1 -# 00232: upstream -# 00237: upstream -# 00238: upstream -# 00242: upstream %patch320 -p1 +%patch324 -p1 # This shouldn't be necesarry, but is right now (2.2a3) find -name "*~" |xargs rm -f @@ -2348,6 +1967,23 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Mon May 20 2019 Victor Stinner - 2.7.16-4 +- Fix regression in the crypt module introduced in update to Python 2.7.16 + (fix the name of the _crypt module init function). + +* Wed May 15 2019 Charalampos Stratakis - 2.7.16-3 +- Disallow control chars in http URLs +- Fixes CVE-2019-9740 and CVE-2019-9947 +Resolves: rhbz#1709403 and rhbz#1709407 + +* Mon May 13 2019 Charalampos Stratakis - 2.7.16-2 +- Updated fix for CVE-2019-9636 +Resolves: rhbz#1709329 + +* Thu Apr 25 2019 Charalampos Stratakis - 2.7.16-1 +- Update to 2.7.16 +Resolves: rhbz#1709388, rhbz#1709381, rhbz#1709360 + * Tue Mar 26 2019 Charalampos Stratakis - 2.7.13-6 - Security fix for CVE-2019-9636 Resolves: rhbz#1689325