2008-09-24 00:12:56 +02:00
#
2011-02-17 18:32:10 +01:00
# spec file for package python-base
2008-09-24 00:12:56 +02:00
#
2022-02-06 08:47:48 +01:00
# Copyright (c) 2022 SUSE LLC
2008-09-24 00:12:56 +02:00
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
2018-09-27 16:11:14 +02:00
# Please submit bugfixes or comments via https://bugs.opensuse.org/
2008-09-24 00:12:56 +02:00
#
2020-02-08 22:33:28 +01:00
%define so_version 2_7-1_0
2008-09-24 00:12:56 +02:00
Name : python-base
2020-04-23 11:28:38 +02:00
Version : 2.7.18
2011-12-08 14:04:48 +01:00
Release : 0
Summary : Python Interpreter base package
2013-07-08 15:12:23 +02:00
License : Python-2.0
2008-09-24 00:12:56 +02:00
Group : Development/Languages/Python
2019-12-03 12:26:41 +01:00
URL : http://www.python.org/
2012-04-17 16:57:13 +02:00
%define tarversion %{version}
2011-12-08 14:04:48 +01:00
%define tarname Python-%{tarversion}
2013-06-03 17:40:08 +02:00
Source0 : http://www.python.org/ftp/python/%{version} /%{tarname} .tar.xz
2014-06-20 15:47:06 +02:00
Source4 : http://www.python.org/ftp/python/%{version} /%{tarname} .tar.xz.asc
Source6 : python.keyring
2016-12-02 16:37:55 +01:00
Source1 : macros.python2
2009-12-21 23:06:46 +01:00
Source2 : baselibs.conf
2010-09-03 17:55:49 +02:00
Source3 : README.SUSE
2013-12-06 11:30:57 +01:00
Source5 : local.pth
2021-09-25 23:16:13 +02:00
# Fixed bundled wheels
Source10 : setuptools-44.1.1-py2.py3-none-any.whl
2022-02-26 13:44:02 +01:00
Source11 : pip-20.0.2-py2.py3-none-any.whl
2021-09-25 23:16:13 +02:00
# For Patch 66
Source66 : recursion.tar
2019-01-20 02:08:59 +01:00
Source99 : python-base-rpmlintrc
2011-08-24 15:28:09 +02:00
# COMMON-PATCH-BEGIN
2010-09-03 17:55:49 +02:00
Patch1 : python-2.7-dirs.patch
Patch2 : python-distutils-rpm-8.patch
2013-06-03 17:40:08 +02:00
Patch3 : python-2.7.5-multilib.patch
2011-08-24 15:28:09 +02:00
Patch4 : python-2.5.1-sqlite.patch
2013-05-09 18:15:40 +02:00
Patch5 : python-2.7.4-canonicalize2.patch
2011-08-24 15:28:09 +02:00
Patch7 : python-2.6-gettext-plurals.patch
Patch8 : python-2.6b3-curses-panel.patch
2011-12-08 14:04:48 +01:00
Patch10 : sparc_longdouble.patch
2011-08-24 15:28:09 +02:00
Patch13 : python-2.7.2-fix_date_time_compiler.patch
2019-12-03 12:26:41 +01:00
Patch17 : remove-static-libpython.patch
2012-08-06 18:21:50 +02:00
# PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
Patch20 : python-bundle-lang.patch
2014-12-22 17:49:53 +01:00
# PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64
Patch22 : python-2.7-libffi-aarch64.patch
2019-12-03 12:26:41 +01:00
Patch24 : python-bsddb6.patch
2015-02-25 17:42:06 +01:00
# PATCH-FIX-UPSTREAM accept directory-based CA paths as well
Patch33 : python-2.7.9-ssl_ca_path.patch
2018-05-22 10:06:13 +02:00
# PATCH-FIX-UPSTREAM do not use non-ASCII filename in test_ssl.py
Patch35 : do-not-use-non-ascii-in-test_ssl.patch
2017-03-24 18:13:29 +01:00
# PATCH-FIX-UPSTREAM bmwiedemann@suse.de -- allow python packages to build reproducibly
Patch38 : reproducible.patch
2018-02-02 13:44:43 +01:00
# bypass boo#1078485 random failing tests
Patch40 : python-skip_random_failing_tests.patch
2018-02-20 14:42:29 +01:00
# PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263
Patch41 : python-sorted_tar.patch
2018-10-29 16:14:27 +01:00
# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834)
Patch47 : openssl-111-middlebox-compat.patch
# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
Patch48 : openssl-111-ssl_options.patch
2019-01-20 02:08:59 +01:00
# PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 mcepl@suse.com
2019-11-12 15:04:49 +01:00
# gh#python/cpython#11569
2019-01-20 02:08:59 +01:00
# Fix segfault in ssl's cert parser
Patch49 : CVE-2019-5010-null-defer-x509-cert-DOS.patch
2019-04-09 00:40:36 +02:00
# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
# Initialize sysconfig variables in test_site.
Patch50 : bpo36160-init-sysconfig_vars.patch
2019-11-12 15:04:49 +01:00
# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 psimons@suse.com
# Add check for channels of wav file in Lib/wave.py
Patch51 : CVE-2017-18207.patch
# PATCH-FIX-UPSTREAM gh#python/cpython#12341
2019-09-25 17:35:20 +02:00
Patch55 : bpo36302-sort-module-sources.patch
2019-11-05 08:55:07 +01:00
# Fix installation in /usr/local (boo#1071941), adapted from Fedora
# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch
# Set values of prefix and exec_prefix in distutils install command
# to /usr/local if executable is /usr/bin/python* and RPM build
# is not detected to make pip and distutils install into separate location
Patch56 : adapted-from-F00251-change-user-install-location.patch
2020-01-28 15:39:17 +01:00
# Switch couple of tests failing on acient SLE-12
Patch57 : python-2.7.17-switch-off-failing-SSL-tests.patch
2020-02-06 23:15:44 +01:00
# PATCH-FIX-UPSTREAM CVE-2020-8492-urllib-ReDoS.patch bsc#1162367 mcepl@suse.com
# Fixes Python urrlib allowed an HTTP server to conduct Regular
# Expression Denial of Service (ReDoS)
Patch58 : CVE-2020-8492-urllib-ReDoS.patch
2020-02-08 23:22:43 +01:00
# PATCH-FIX-UPSTREAM CVE-2019-9674-zip-bomb.patch bsc#1162825 mcepl@suse.com
# Improve documentation warning against the possible zip bombs
Patch59 : CVE-2019-9674-zip-bomb.patch
2020-05-30 14:23:29 +02:00
# PATCH-FIX-UPSTREAM configure_PYTHON_FOR_REGEN.patch bsc#1078326 mcepl@suse.com
# PYTHON_FOR_REGEN value is set very weird upstream
Patch60 : configure_PYTHON_FOR_REGEN.patch
2021-01-31 19:01:03 +01:00
# PATCH-FIX-SLE CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch bsc#1181126 mcepl@suse.com
# buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution
Patch61 : CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
2021-02-26 23:02:43 +01:00
# PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com
# this patch makes things totally awesome
Patch62 : CVE-2021-23336-only-amp-as-query-sep.patch
2021-08-26 23:32:53 +02:00
# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63 : CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
2021-08-26 08:56:34 +02:00
# PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
Patch64 : CVE-2021-3733-fix-ReDoS-in-request.patch
# PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build
Patch65 : sphinx-update-removed-function.patch
2021-09-25 23:16:13 +02:00
# PATCH-FIX-UPSTREAM CVE-2019-20907_tarfile-inf-loop.patch bsc#1174091 mcepl@suse.com
# avoid possible infinite loop in specifically crafted tarball (CVE-2019-20907)
# REQUIRES SOURCE 66
Patch66 : CVE-2019-20907_tarfile-inf-loop.patch
# PATCH-FIX-UPSTREAM CVE-2020-26116-httplib-header-injection.patch bsc#1177211
# Fixes httplib to disallow control characters in method to avoid header
# injection
Patch67 : CVE-2020-26116-httplib-header-injection.patch
2022-02-06 08:47:48 +01:00
# PATCH-FIX-UPSTREAM CVE-2021-4189-ftplib-trust-PASV-resp.patch bsc#1194146 mcepl@suse.com
# Make ftplib not trust the PASV response. (gh#python/cpython#24838)
Patch68 : CVE-2021-4189-ftplib-trust-PASV-resp.patch
2022-02-09 17:52:05 +01:00
# PATCH-FIX-UPSTREAM CVE-2022-0391-urllib_parse-newline-parsing.patch bsc#1195396 mcepl@suse.com
# whole long discussion is on bpo#43882
# fix for santization URLs containing ASCII newline and tabs in urllib.parse
Patch69 : CVE-2022-0391-urllib_parse-newline-parsing.patch
2022-06-09 18:47:44 +02:00
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com
# avoid the command injection in the mailcap module.
Patch70 : CVE-2015-20107-mailcap-unsafe-filenames.patch
2022-09-07 06:48:27 +02:00
# PATCH-FIX-UPSTREAM CVE-2021-28861 bsc#1202624
# Coerce // to / in Lib/BaseHTTPServer.py
Patch71 : CVE-2021-28861-double-slash-path.patch
2022-09-15 09:46:07 +02:00
Patch72 : bpo34990-2038-problem-compileall.patch
2022-11-09 20:07:01 +01:00
# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com
# Avoid DoS by decoding IDNA for too long domain names
Patch73 : CVE-2022-45061-DoS-by-IDNA-decode.patch
2011-08-24 15:28:09 +02:00
# COMMON-PATCH-END
2011-12-08 14:31:32 +01:00
%define python_version %(echo %{tarversion} | head -c 3)
2011-12-08 14:04:48 +01:00
BuildRequires : automake
2013-07-08 15:12:23 +02:00
BuildRequires : fdupes
BuildRequires : libbz2-devel
2020-01-19 20:12:15 +01:00
%if %{suse_version} >= 1500
2017-08-21 14:25:25 +02:00
BuildRequires : libnsl-devel
2020-01-10 17:04:59 +01:00
%endif
2011-12-08 14:04:48 +01:00
BuildRequires : pkg-config
2022-02-18 12:02:04 +01:00
%if 0%{?suse_version} >= 1550
2021-10-15 15:31:18 +02:00
# The provider for python(abi) is in rpm-build-python
BuildRequires : rpm-build-python
2022-02-18 12:02:04 +01:00
%endif
2013-06-03 17:40:08 +02:00
BuildRequires : xz
2011-12-08 14:04:48 +01:00
BuildRequires : zlib-devel
2017-01-05 12:54:43 +01:00
#!BuildIgnore: python
2012-10-16 07:26:27 +02:00
# for the test suite
BuildRequires : netcfg
2011-12-08 14:04:48 +01:00
# explicitly, see bnc#697251:
2020-02-08 22:33:28 +01:00
Requires : libpython%{so_version} = %{version} -%{release}
2008-10-13 16:53:57 +02:00
Provides : %{name} = %{python_version}
2011-12-08 14:04:48 +01:00
# bug437293
%ifarch ppc64
Obsoletes : python-64bit
%endif
2014-01-14 11:02:19 +01:00
Provides : python-ctypes = 1.1.0
Obsoletes : python-ctypes < 1.1.0
2017-08-28 15:29:37 +02:00
Provides : python-argparse = 1.4.0.1
Obsoletes : python-argparse < 1.4.0.1
Provides : python2-argparse = 1.4.0.1
2011-12-08 14:04:48 +01:00
BuildRoot : %{_tmppath} /%{name} -%{version} -build
2011-05-31 20:00:07 +02:00
2016-12-02 16:37:55 +01:00
Provides : python2-base = %{version}
2008-09-24 00:12:56 +02:00
%description
Python is an interpreted, object-oriented programming language, and is
often compared to Tcl, Perl, Scheme, or Java. You can find an overview
of Python in the documentation and tutorials included in the python-doc
(HTML) or python-doc-pdf (PDF) packages.
This package contains all of stand-alone Python files, minus binary
modules that would pull in extra dependencies.
%package -n python-devel
Summary : Include Files and Libraries Mandatory for Building Python Modules
Group : Development/Languages/Python
2011-12-08 14:04:48 +01:00
Requires : glibc-devel
2013-07-08 15:12:23 +02:00
Requires : python = %{version}
2012-07-31 14:36:53 +02:00
Requires : python-base = %{version} -%{release}
2016-12-02 16:37:55 +01:00
Provides : python2-devel = %{version}
2020-02-03 20:32:19 +01:00
# provide testsuite namespace that was split in python3 to ease dependencies
Provides : python-testsuite = %{version}
Provides : python2-testsuite = %{version}
2008-09-24 00:12:56 +02:00
%description -n python-devel
The Python programming language's interpreter can be extended with
dynamically loaded extensions and can be embedded in other programs.
This package contains header files, a static library, and development
tools for building Python modules, extending the Python interpreter or
embedding Python in applications.
%package -n python-xml
Summary : A Python XML Interface
Group : Development/Libraries/Python
2012-07-31 14:36:53 +02:00
Requires : python-base = %{version} -%{release}
2011-01-18 10:08:19 +01:00
# pyxml used to live out of tree
Provides : pyxml = 0.8.5
Obsoletes : pyxml < 0.8.5
2016-12-02 16:37:55 +01:00
Provides : python2-xml = %{version}
2008-09-24 00:12:56 +02:00
%description -n python-xml
The expat module is a Python interface to the expat XML parser. Since
Python2.x, it is part of the core Python distribution.
2020-02-08 22:33:28 +01:00
%package -n libpython%{so_version}
2008-09-24 00:12:56 +02:00
Summary : Python Interpreter shared library
Group : Development/Languages/Python
2010-09-03 17:55:49 +02:00
%description -n libpython2_7-1_0
2008-09-24 00:12:56 +02:00
Python is an interpreted, object-oriented programming language, and is
often compared to Tcl, Perl, Scheme, or Java. You can find an overview
of Python in the documentation and tutorials included in the python-doc
(HTML) or python-doc-pdf (PDF) packages.
2013-05-09 18:15:40 +02:00
This package contains libpython2.7 shared library for embedding in
2008-09-24 00:12:56 +02:00
other applications.
%prep
%setup -q -n %{tarname}
# patching
2011-08-24 15:28:09 +02:00
# COMMON-PREP-BEGIN
2010-09-03 17:55:49 +02:00
%patch1 -p1
%patch2 -p1
2013-06-03 12:24:54 +02:00
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch7 -p1
%patch8 -p1
2011-08-24 15:28:09 +02:00
%patch10 -p1
2013-06-03 12:24:54 +02:00
%patch13 -p1
%patch17 -p1
2012-08-06 18:21:50 +02:00
%patch20 -p1
2013-06-03 17:40:08 +02:00
%patch22 -p1
2013-08-16 13:26:52 +02:00
%patch24 -p1
2015-02-25 17:42:06 +01:00
%patch33 -p1
2015-09-10 16:02:25 +02:00
%patch35 -p1
2017-03-24 18:13:29 +01:00
%patch38 -p1
2018-02-02 13:44:43 +01:00
%ifarch ppc ppc64 ppc64le
%patch40 -p1
%endif
2018-02-20 14:42:29 +01:00
%patch41 -p1
2020-01-28 15:39:17 +01:00
%if %{suse_version} >= 1500
2018-10-29 16:14:27 +01:00
%patch47 -p1
%patch48 -p1
2020-01-28 15:39:17 +01:00
%else
%patch57 -p1
%endif
2019-01-20 02:08:59 +01:00
%patch49 -p1
2019-04-09 00:40:36 +02:00
%patch50 -p1
2019-11-12 15:04:49 +01:00
%patch51 -p1
2019-09-25 17:35:20 +02:00
%patch55 -p1
2019-11-05 08:55:07 +01:00
%patch56 -p1
2020-02-06 23:15:44 +01:00
%patch58 -p1
2020-02-08 23:22:43 +01:00
%patch59 -p1
2020-05-30 14:23:29 +02:00
%patch60 -p1
2021-01-31 19:01:03 +01:00
%patch61 -p1
2021-02-26 23:02:43 +01:00
%patch62 -p1
2021-08-10 06:45:07 +02:00
%patch63 -p1
Accepting request 911251 from home:fusionfuture:branches:devel:languages:python:Factory
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
request (bpo#43075, boo#1189287).
- Add missing security announcement to
bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
old: devel:languages:python:Factory/python
new: home:fusionfuture:branches:devel:languages:python:Factory/python rev None
Index: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
===================================================================
--- bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (revision 296)
+++ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (revision 3)
@@ -19,3 +19,8 @@
self.status = status
self.reason = reason.strip()
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst
+@@ -0,0 +1,2 @@
++mod:`http.client` now avoids infinitely reading potential HTTP headers after a
++``100 Continue`` status response from the server.
Index: python-base.changes
===================================================================
--- python-base.changes (revision 296)
+++ python-base.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python-base.spec
===================================================================
--- python-base.spec (revision 296)
+++ python-base.spec (revision 3)
@@ -105,6 +105,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@@ -233,6 +235,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: python-doc.changes
===================================================================
--- python-doc.changes (revision 296)
+++ python-doc.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python-doc.spec
===================================================================
--- python-doc.spec (revision 296)
+++ python-doc.spec (revision 3)
@@ -107,6 +107,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@@ -177,6 +179,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: python.changes
===================================================================
--- python.changes (revision 296)
+++ python.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python.spec
===================================================================
--- python.spec (revision 296)
+++ python.spec (revision 3)
@@ -107,6 +107,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@@ -291,6 +293,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: bpo43075-fix-ReDoS-in-request.patch
===================================================================
--- bpo43075-fix-ReDoS-in-request.patch (added)
+++ bpo43075-fix-ReDoS-in-request.patch (revision 3)
@@ -0,0 +1,15 @@
+--- a/Lib/urllib2.py
++++ b/Lib/urllib2.py
+@@ -856,7 +856,7 @@ class AbstractBasicAuthHandler:
+
+ # allow for double- and single-quoted realm values
+ # (single quotes are a violation of the RFC, but appear in the wild)
+- rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t]+)[ \t]+'
++ rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t,]+)[ \t]+'
+ 'realm=(["\']?)([^"\']*)\\2', re.I)
+
+ # XXX could pre-emptively send auth info already accepted (RFC 2617,
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
+@@ -0,0 +1 @@
++Fix Regular Expression Denial of Service (ReDoS) vulnerability in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
OBS-URL: https://build.opensuse.org/request/show/911251
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=297
2021-08-10 14:55:29 +02:00
%patch64 -p1
2021-08-26 08:56:34 +02:00
%patch65 -p1
2021-09-25 23:16:13 +02:00
%patch66 -p1
%patch67 -p1
2022-02-06 08:47:48 +01:00
%patch68 -p1
2022-02-09 17:52:05 +01:00
%patch69 -p1
2022-06-09 18:47:44 +02:00
%patch70 -p1
2022-09-07 06:48:27 +02:00
%patch71 -p1
2022-09-15 09:46:07 +02:00
%patch72 -p1
2022-11-09 20:07:01 +01:00
%patch73 -p1
2021-09-25 23:16:13 +02:00
# For patch 66
cp -v %{SOURCE66} Lib/test/recursion.tar
2010-03-12 17:36:40 +01:00
2011-05-24 17:33:04 +02:00
# drop Autoconf version requirement
2013-05-09 18:15:40 +02:00
sed -i 's/^version_required/dnl version_required/' configure.ac
# COMMON-PREP-END
2008-09-24 00:12:56 +02:00
2021-09-25 23:16:13 +02:00
# Replace bundled wheels with the updates ones
rm -v Lib/ensurepip/_bundled/*.whl
cp -v %{SOURCE10} %{SOURCE11} Lib/ensurepip/_bundled/
STVER=$(basename %{SOURCE10} |cut -d- -f2)
PIPVER=$(basename %{SOURCE11} |cut -d- -f2)
sed -i -e " s / ^ \ ( \ s * _ S E T U P T O O L S _ V E R S I O N \ s \ + = \ s \ + \ ) \" [ 0 - 9 . ] \ + \" / \1 \" $ { S T V E R } \" / " \
-e " s / ^ \ ( \ s * _ P I P _ V E R S I O N \ s \ + = \ s \ + \ ) \" [ 0 - 9 . ] \ + \" / \1 \" $ { P I P V E R } \" / " \
Lib/ensurepip/__init__.py
2022-03-02 01:59:44 +01:00
cp -p %{SOURCE1} macros.python2
%if %{suse_version} < 1500
# on SLE12 and SLE11 the python2 modules will still be called python-xxxx
# as this SPEC file is used on SLE12, keep it in here for the time being
sed -i -e 's/python2_package_prefix python2/python2_package_prefix python/' macros.python2
%endif
2008-09-24 00:12:56 +02:00
%build
2019-05-29 11:09:16 +02:00
%define _lto_cflags %{nil}
2017-01-05 12:54:43 +01:00
export OPT=" %{optflags} - D O P E N S S L _ L O A D _ C O N F - f w r a p v "
2011-05-24 17:33:04 +02:00
2008-09-24 00:12:56 +02:00
autoreconf -f -i . # Modules/_ctypes/libffi
2011-05-24 17:33:04 +02:00
# provide a stable timestamp
2011-12-08 14:04:48 +01:00
touch -r %{SOURCE0} Makefile.pre.in
2011-05-24 17:33:04 +02:00
2008-09-24 00:12:56 +02:00
# prevent make from trying to rebuild asdl stuff, which requires existing
# python installation
touch Parser/asdl* Python/Python-ast.c Include/Python-ast.h
2011-05-24 17:33:04 +02:00
2011-12-08 14:04:48 +01:00
%configure \
2008-09-24 00:12:56 +02:00
--docdir=%{_docdir} /python \
--with-fpectl \
2010-01-29 18:51:47 +01:00
--enable-ipv6 \
2008-09-24 00:12:56 +02:00
--enable-shared \
--enable-unicode=ucs4
2011-05-24 17:33:04 +02:00
2014-03-17 18:14:24 +01:00
%if 0%{?do_profiling}
target=profile-opt
%else
target=all
%endif
2016-06-30 14:56:08 +02:00
LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH \
2014-03-17 18:14:24 +01:00
make %{?_smp_mflags} $target
2008-09-24 00:12:56 +02:00
%check
# on hppa, the threading of glibc is quite broken. The tests just stop
# at some point, and the machine does not build anything more until a
2011-12-08 14:04:48 +01:00
# timeout several hours later.
2013-06-27 18:01:09 +02:00
%ifnarch hppa
2010-09-03 17:55:49 +02:00
# test_file(2k) fails in autobuild env - "stdin.seek(-1)" wrongly succeeds. probably an issue with autobuild's stdin
2008-09-24 00:12:56 +02:00
# test_urllib2 relies on being able to resolve local address, which is notoriously impossible in autobuild
2019-07-19 13:20:26 +02:00
# test_urllib2_localnet randomly fails out
EXCLUDE=" t e s t _ u r l l i b 2 t e s t _ u r l l i b 2 _ l o c a l n e t t e s t _ f i l e t e s t _ f i l e 2 k "
2008-10-22 18:44:23 +02:00
# test_nis and test_threading are AWFULLY slow.
2014-03-17 18:14:24 +01:00
EXCLUDE=" $ E X C L U D E t e s t _ n i s t e s t _ t h r e a d i n g "
2011-05-24 17:33:04 +02:00
# test_gdb fails if gdb with (different) python support is part of the buildsystem
2014-03-17 18:14:24 +01:00
EXCLUDE=" $ E X C L U D E t e s t _ g d b "
2008-10-22 18:44:23 +02:00
%ifarch ia64
# test_smtplib's testSend is known to be broken and on ia64 it actually fails most of the time, preventing the build.
2014-03-17 18:14:24 +01:00
EXCLUDE=" $ E X C L U D E t e s t _ s m t p l i b "
2008-10-22 18:44:23 +02:00
%endif
2012-03-29 19:02:42 +02:00
# test_unicode fails in Factory
2014-03-17 18:14:24 +01:00
EXCLUDE=" $ E X C L U D E t e s t _ u n i c o d e "
2013-06-27 18:01:09 +02:00
%if 0%{?qemu_user_space_build}
# test_asyncore fails because of unimplemented sockopt
2014-03-17 18:14:24 +01:00
EXCLUDE=" $ E X C L U D E t e s t _ a s y n c o r e t e s t _ m m a p "
2013-07-02 10:17:32 +02:00
# emulation is unreliable
2014-10-22 15:32:56 +02:00
EXCLUDE=" $ E X C L U D E t e s t _ m u l t i p r o c e s s i n g t e s t _ t h r e a d "
2014-03-17 18:14:24 +01:00
# qemu bug (siginterrupt handling)
EXCLUDE=" $ E X C L U D E t e s t _ s i g n a l "
%endif
2018-01-02 16:34:11 +01:00
%ifarch s390 s390x
# test_regrtest tries to segfault the interpreter by dereferencing a NULL pointer, but that doesn't
# actually produce a segfault on S390
EXCLUDE=" $ E X C L U D E t e s t _ r e g r t e s t "
%endif
2014-01-02 14:28:57 +01:00
# This test (part of test_uuid) requires real network interfaces
# so that ifconfig output has "HWaddr <something>". Some kvm instances
# don't have any such interface breaking the uuid module test.
2014-03-17 18:14:24 +01:00
EXCLUDE=" $ E X C L U D E t e s t _ u u i d "
2014-01-02 14:28:57 +01:00
2018-02-02 13:44:43 +01:00
# bypass boo#1078485
# many flaky tests if osc build in loop on ppc64le
%ifarch ppc ppc64 ppc64le
2018-02-06 10:03:38 +01:00
EXCLUDE=" $ E X C L U D E t e s t _ a s y n c h a t t e s t _ a s y n c o r e t e s t _ d i r c a c h e t e s t _ m u l t i p r o c e s s i n g t e s t _ n n t p l i b t e s t _ q u e u e t e s t _ s i g n a l t e s t _ s o c k e t t e s t _ s u b p r o c e s s t e s t _ t e l n e t l i b t e s t _ x m l r p c "
2018-02-02 13:44:43 +01:00
%endif
2008-09-24 00:12:56 +02:00
# Limit virtual memory to avoid spurious failures
if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then
ulimit -v 10000000 || :
fi
2021-09-25 23:16:13 +02:00
make test TESTOPTS=" - l - w - x $ E X C L U D E " TESTPYTHONOPTS=" - R "
2008-09-24 00:12:56 +02:00
# use network, be verbose:
#make test TESTOPTS="-l -u network -v"
%endif
%install
# replace rest of /usr/local/bin/python or /usr/bin/python2.5 with /usr/bin/python
2016-06-30 14:56:08 +02:00
find . -name '*.py' -type f | grep -vE " ^ . / P a r s e r / | ^ . / P y t h o n / " \
| xargs grep -lE '^#! *(/usr/.*bin/(env +)?)?python' \
| xargs sed -r -i -e '1s@^#![[:space:]]*(/usr/(local/)?bin/(env +)?)?python([0-9]+\.[0-9]+)?@#!/usr/bin/python@'
2008-09-24 00:12:56 +02:00
# the grep inbetween makes it much faster
########################################
# install it
########################################
2011-12-08 14:04:48 +01:00
%make_install OPT=" %{optflags} - f P I C "
2013-12-06 11:30:57 +01:00
install -m 644 %{SOURCE5} %{buildroot} %{_libdir} /python%{python_version} /site-packages/_local.pth
2018-12-20 01:22:31 +01:00
install -d -m 755 %{buildroot} %{_rpmconfigdir} /macros.d/
2022-03-02 01:59:44 +01:00
install -m 644 macros.python2 %{buildroot} %{_rpmconfigdir} /macros.d/
2021-11-02 20:29:32 +01:00
2009-08-07 22:04:34 +02:00
# make sure /usr/lib/python/site-packages exists even on lib64 machines
2011-12-08 14:04:48 +01:00
mkdir -p %{buildroot} %{_prefix} /lib/python%{python_version} /site-packages
2008-09-24 00:12:56 +02:00
########################################
# some cleanups
########################################
# remove hard links and replace them with symlinks
for dir in bin include %{_lib} ; do
2011-12-08 14:04:48 +01:00
rm -f %{buildroot} /%{_prefix} /$dir/python
ln -s python%{python_version} %{buildroot} /%{_prefix} /$dir/python
2008-09-24 00:12:56 +02:00
done
2011-12-08 14:04:48 +01:00
CLEANUP_DIR=" %{buildroot} %{_libdir} / p y t h o n %{python_version} "
2010-02-05 13:55:54 +01:00
# don't distribute precompiled windows installers (duh)
rm -f $CLEANUP_DIR/distutils/command/*.exe
2013-11-21 16:55:48 +01:00
# kill imageop.so - it used to be insecure and it is deprecated anyway
2008-09-24 00:12:56 +02:00
rm -f $CLEANUP_DIR/lib-dynload/imageop.so
2012-04-17 16:57:13 +02:00
# link shared library instead of static library that tools expect
ln -s ../../libpython%{python_version} .so %{buildroot} %{_libdir} /python%{python_version} /config/libpython%{python_version} .so
2008-09-24 00:12:56 +02:00
# remove various things that don't need to be in python-base
2011-12-08 14:04:48 +01:00
rm %{buildroot} %{_bindir} /idle
2011-08-24 15:28:09 +02:00
rm -rf $CLEANUP_DIR/{curses,bsddb,idlelib,lib-tk,sqlite3}
2008-09-24 00:12:56 +02:00
rm $CLEANUP_DIR/ssl.py*
# does not work without _ssl.so anyway
# replace duplicate .pyo/.pyc with hardlinks
2011-12-08 14:04:48 +01:00
%fdupes %{buildroot} /%{_libdir} /python%{python_version}
2008-09-24 00:12:56 +02:00
########################################
# documentation
########################################
2011-12-08 14:04:48 +01:00
export PDOCS=%{buildroot} %{_docdir} /%{name}
2008-09-24 00:12:56 +02:00
install -d -m 755 $PDOCS
2011-12-08 14:04:48 +01:00
install -c -m 644 %{SOURCE3} $PDOCS/
2008-09-24 00:12:56 +02:00
install -c -m 644 LICENSE $PDOCS/
install -c -m 644 README $PDOCS/
2011-12-08 14:04:48 +01:00
ln -s python%{python_version} .1.gz %{buildroot} %{_mandir} /man1/python.1.gz
2008-09-24 00:12:56 +02:00
########################################
# devel
########################################
# install Makefile.pre.in and Makefile.pre
2011-12-08 14:04:48 +01:00
cp Makefile Makefile.pre.in Makefile.pre %{buildroot} %{_libdir} /python%{python_version} /config/
2008-09-24 00:12:56 +02:00
2011-12-08 14:04:48 +01:00
%post -n libpython2_7-1_0 -p %{run_ldconfig}
%postun -n libpython2_7-1_0 -p %{run_ldconfig}
2008-09-24 00:12:56 +02:00
%files -n python-devel
%defattr (-, root, root)
%{_libdir} /python%{python_version} /config/*
2009-02-08 02:28:20 +01:00
%exclude %{_libdir} /python%{python_version} /config/Setup
%exclude %{_libdir} /python%{python_version} /config/Makefile
2008-09-24 00:12:56 +02:00
%defattr (644, root, root, 755)
%{_libdir} /libpython*.so
2010-09-03 17:55:49 +02:00
%{_libdir} /pkgconfig/python-%{python_version} .pc
%{_libdir} /pkgconfig/python.pc
2012-03-29 16:11:03 +02:00
%{_libdir} /pkgconfig/python2.pc
2008-09-24 00:12:56 +02:00
%{_includedir} /python*
2009-02-08 02:28:20 +01:00
%exclude %{_includedir} /python%{python_version} /pyconfig.h
2008-09-24 00:12:56 +02:00
%{_libdir} /python%{python_version} /test
%defattr (755, root, root)
%{_bindir} /python-config
2012-03-29 16:11:03 +02:00
%{_bindir} /python2-config
2008-09-24 00:12:56 +02:00
%{_bindir} /python%{python_version} -config
%files -n python-xml
%defattr (644, root, root, 755)
%{_libdir} /python%{python_version} /xml
%{_libdir} /python%{python_version} /lib-dynload/pyexpat.so
2010-09-03 17:55:49 +02:00
%files -n libpython2_7-1_0
2008-09-24 00:12:56 +02:00
%defattr (644, root, root)
%{_libdir} /libpython*.so.*
%files
%defattr (644, root, root, 755)
2018-12-20 01:22:31 +01:00
%{_rpmconfigdir} /macros.d/macros.python2
2008-09-24 00:12:56 +02:00
%dir %{_docdir} /%{name}
%doc %{_docdir} /%{name} /README
%doc %{_docdir} /%{name} /LICENSE
%doc %{_docdir} /%{name} /README.SUSE
%doc %{_mandir} /man1/python.1*
2013-05-09 18:15:40 +02:00
%doc %{_mandir} /man1/python2.1*
2010-09-03 17:55:49 +02:00
%doc %{_mandir} /man1/python%{python_version} .1*
2008-09-24 00:12:56 +02:00
%dir %{_includedir} /python%{python_version}
%{_includedir} /python%{python_version} /pyconfig.h
%{_libdir} /python
2011-12-08 14:04:48 +01:00
%dir %{_prefix} /lib/python%{python_version}
%dir %{_prefix} /lib/python%{python_version} /site-packages
2008-09-24 00:12:56 +02:00
%dir %{_libdir} /python%{python_version}
%dir %{_libdir} /python%{python_version} /config
%{_libdir} /python%{python_version} /config/Setup
%{_libdir} /python%{python_version} /config/Makefile
%{_libdir} /python%{python_version} /*.*
%{_libdir} /python%{python_version} /compiler
%{_libdir} /python%{python_version} /ctypes
%{_libdir} /python%{python_version} /distutils
%{_libdir} /python%{python_version} /email
%{_libdir} /python%{python_version} /encodings
2014-12-15 16:06:19 +01:00
%{_libdir} /python%{python_version} /ensurepip
2008-09-24 00:12:56 +02:00
%{_libdir} /python%{python_version} /hotshot
2010-09-03 17:55:49 +02:00
%{_libdir} /python%{python_version} /importlib
2008-09-24 00:12:56 +02:00
%{_libdir} /python%{python_version} /json
%{_libdir} /python%{python_version} /lib2to3
%{_libdir} /python%{python_version} /logging
%{_libdir} /python%{python_version} /multiprocessing
%{_libdir} /python%{python_version} /plat-*
2010-09-03 17:55:49 +02:00
%{_libdir} /python%{python_version} /pydoc_data
2010-10-04 15:38:36 +02:00
%{_libdir} /python%{python_version} /unittest
2008-09-24 00:12:56 +02:00
%{_libdir} /python%{python_version} /wsgiref
%dir %{_libdir} /python%{python_version} /site-packages
%{_libdir} /python%{python_version} /site-packages/README
2008-10-13 16:53:57 +02:00
%{_libdir} /python%{python_version} /site-packages/_local.pth
2008-09-24 00:12:56 +02:00
%dir %{_libdir} /python%{python_version} /lib-dynload
%{_libdir} /python%{python_version} /lib-dynload/_bisect.so
2011-12-08 14:04:48 +01:00
#%%{_libdir}/python%%{python_version}/lib-dynload/_bytesio.so
2008-09-24 00:12:56 +02:00
%{_libdir} /python%{python_version} /lib-dynload/_csv.so
%{_libdir} /python%{python_version} /lib-dynload/_collections.so
%{_libdir} /python%{python_version} /lib-dynload/_ctypes.so
%{_libdir} /python%{python_version} /lib-dynload/_ctypes_test.so
%{_libdir} /python%{python_version} /lib-dynload/_elementtree.so
2011-12-08 14:04:48 +01:00
#%%{_libdir}/python%%{python_version}/lib-dynload/_fileio.so
2008-09-24 00:12:56 +02:00
%{_libdir} /python%{python_version} /lib-dynload/_functools.so
%{_libdir} /python%{python_version} /lib-dynload/_heapq.so
%{_libdir} /python%{python_version} /lib-dynload/_hotshot.so
2010-09-03 17:55:49 +02:00
%{_libdir} /python%{python_version} /lib-dynload/_io.so
2008-09-24 00:12:56 +02:00
%{_libdir} /python%{python_version} /lib-dynload/_json.so
%{_libdir} /python%{python_version} /lib-dynload/_locale.so
%{_libdir} /python%{python_version} /lib-dynload/_lsprof.so
%{_libdir} /python%{python_version} /lib-dynload/_md5.so
%{_libdir} /python%{python_version} /lib-dynload/_multiprocessing.so
%{_libdir} /python%{python_version} /lib-dynload/_random.so
%{_libdir} /python%{python_version} /lib-dynload/_sha.so
%{_libdir} /python%{python_version} /lib-dynload/_sha256.so
%{_libdir} /python%{python_version} /lib-dynload/_sha512.so
%{_libdir} /python%{python_version} /lib-dynload/_socket.so
%{_libdir} /python%{python_version} /lib-dynload/_struct.so
%{_libdir} /python%{python_version} /lib-dynload/_testcapi.so
%{_libdir} /python%{python_version} /lib-dynload/array.so
2013-11-21 16:55:48 +01:00
%{_libdir} /python%{python_version} /lib-dynload/audioop.so
2008-09-24 00:12:56 +02:00
%{_libdir} /python%{python_version} /lib-dynload/binascii.so
%{_libdir} /python%{python_version} /lib-dynload/bz2.so
%{_libdir} /python%{python_version} /lib-dynload/cPickle.so
%{_libdir} /python%{python_version} /lib-dynload/cStringIO.so
%{_libdir} /python%{python_version} /lib-dynload/cmath.so
%{_libdir} /python%{python_version} /lib-dynload/crypt.so
%{_libdir} /python%{python_version} /lib-dynload/datetime.so
%{_libdir} /python%{python_version} /lib-dynload/fcntl.so
%{_libdir} /python%{python_version} /lib-dynload/future_builtins.so
%{_libdir} /python%{python_version} /lib-dynload/grp.so
%{_libdir} /python%{python_version} /lib-dynload/itertools.so
%{_libdir} /python%{python_version} /lib-dynload/linuxaudiodev.so
%{_libdir} /python%{python_version} /lib-dynload/math.so
%{_libdir} /python%{python_version} /lib-dynload/mmap.so
%{_libdir} /python%{python_version} /lib-dynload/nis.so
%{_libdir} /python%{python_version} /lib-dynload/operator.so
%{_libdir} /python%{python_version} /lib-dynload/ossaudiodev.so
%{_libdir} /python%{python_version} /lib-dynload/parser.so
%{_libdir} /python%{python_version} /lib-dynload/resource.so
%{_libdir} /python%{python_version} /lib-dynload/select.so
%{_libdir} /python%{python_version} /lib-dynload/spwd.so
%{_libdir} /python%{python_version} /lib-dynload/strop.so
%{_libdir} /python%{python_version} /lib-dynload/syslog.so
%{_libdir} /python%{python_version} /lib-dynload/termios.so
%{_libdir} /python%{python_version} /lib-dynload/time.so
%{_libdir} /python%{python_version} /lib-dynload/unicodedata.so
%{_libdir} /python%{python_version} /lib-dynload/zlib.so
%{_libdir} /python%{python_version} /lib-dynload/_codecs*.so
%{_libdir} /python%{python_version} /lib-dynload/_multibytecodec.so
2012-03-29 16:11:03 +02:00
%{_libdir} /python%{python_version} /lib-dynload/Python-%{tarversion} -py%{python_version} .egg-info
2008-09-24 00:12:56 +02:00
# these modules don't support 64-bit arches (disabled by setup.py)
2013-12-06 11:30:57 +01:00
%ifnarch alpha ia64 x86_64 s390x ppc64 ppc64le sparc64 aarch64
2008-09-24 00:12:56 +02:00
# requires sizeof(int) == sizeof(long) == sizeof(char*)
%{_libdir} /python%{python_version} /lib-dynload/dl.so
%endif
%attr (755, root, root) %{_bindir} /pydoc
%attr (755, root, root) %{_bindir} /python
%attr (755, root, root) %{_bindir} /python%{python_version}
%attr (755, root, root) %{_bindir} /smtpd.py
%{_bindir} /python2
2012-01-04 17:23:21 +01:00
%exclude %{_bindir} /2to3
2008-09-24 00:12:56 +02:00
%changelog
