pool/python
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 265739 from devel:languages:python:Factory

Browse Source 
- update to 2.7.9
  * contains full backport of ssl module from Python 3.4 (PEP466)
  * HTTPS certificate validation enabled by default (PEP476)
  * SSLv3 disabled by default (bnc#901715)
  * backported ensurepip module (PEP477)
  * fixes several missing CVEs from last release: CVE-2013-1752,
    CVE-2013-1753
  * dozens of minor bugfixes
- dropped upstreamed patches: python-2.7.6-poplib.patch,
  smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
- dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it
  with ssl module from Python 3
- libffi was upgraded upstream, seems to contain our changes,
  so dropping libffi-ppc64le.diff as well
- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
  "import ssl" from test_urllib2_localnet that caused it to fail without ssl
- drop HTML doc tarball, build HTML documentation from source
- set fixed doc build date, lower sphinx requirement (for older openSUSE)

OBS-URL: https://build.opensuse.org/request/show/265739
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=111
This commit is contained in:
Stephan Kulow 2014-12-21 11:04:15 +00:00 committed by Git OBS Bridge
commit 032a0b15da
21 changed files with 101 additions and 2168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Python-2.7.8.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:edde10a0cb7d14e2735e682882d5b287028d1485c456758154c19573db68075a
size 10525244

17
Python-2.7.8.tar.xz.asc
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTsMzVAAoJEATDZ8IYrdT/CxkQAIfecKxGpMHg9ID5QuwHcYJE
GjF9JnassnCdrpHWDqe8+iYJhEPpmbLsVP34ZKeYkvvEh6eBJSUeAw2tL/ok7mIJ
yELB4bSYuztLQdh5T5CRSRq409AmDTDauuWDoaXmm9Qg5ydsEEY1YZwWEZwHO2Kb
Se8IKfMv0/AYQ9HwHAhaeIABBG9G1oCJUc1gkQTYjxz9+JwruJVrRIKwD4vWysVF
FkTshos6QEV0HajAdcJisQ7BcgRyzgw4AKLiMdFFax/2NwaH6E0lqno4vb3E64Od
wk6HPJ1qm63bfbxNje4TqCRzO2VJiVxM7KHTr/OUjFJlJLxNIYxMPl0CWMNauWVQ
LqpTp12raMWb+OasvBPguEpbg8JSGhFw677+VkI/Vq67kojFRVuR55KHZqtd6RDC
V6mGVgl+Z/Pfz9JzWr8qHCuFrfydE2eOHUh5MH2ylcDk5f69WDKxLZeeRzbrPzHj
/GCILORil4gWuXFivk3Uk09uiO56ceYcsBYAYuFrT+K45tHsAboPZ8Yt526+lP8Q
eVBWApElC/GI5ksp6vbGJfXo3z3xORLSrS2UDuHap7/mBS91E7Hc13BNjt+gjNDO
dXxeJWYDk0iVC+HP2igbQPFVGy39BMDD7rDQ2SnoPWbJlJrEeJQULUoRPpk17kTw
X9vqhK54dxLgaLR+2MOS
=LDrl
-----END PGP SIGNATURE-----

3
Python-2.7.9.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:90d27e14ea7e03570026850e2e50ba71ad20b7eb31035aada1cf3def8f8d4916
size 12164712

17
Python-2.7.9.tar.xz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJUiG4+AAoJEATDZ8IYrdT/zYAP/1lhrY4Ekwxm91lue05vilrN
zkCk7aOKr351dxA+UPjJrej3FI2GOlWaE8DWdL0S45+bBqNsbm4Zuo3wGHcHFgBw
CEA7gBVDLaaWPAh3paKkgraCGLnFiEDOmvvOoJpY2FaLJoufkr3UCgP9WyR7SGCw
qpEQkZtSuCeDKKPXmrIQ8FhnTfwoRvbojejZEhORJz3V4O1He03P5ZgR81D2Cdbz
XAqnWj/Y3957iUFgRsl2GQZpkXsfnCrQ9s1Oy8zGXXCCQUR3DK2IbynRTTJjAFeJ
OM5naSDMtSfQ3evSv21yJcjl6mn9HfhXLWUNpTF16lMDSt+/bxX3DpCMDC4ocOU1
lzlJHO/Ai5eAiM5uFc8e++jas1kJ998N5eW5TsPAsEyQE+LJo0DcO9t9McaPy7cc
wAF0YbKesaKUpbIh9WkkDrIe4HmM+701zkJVxasYXbZiiPrKmmi15fLCbqifV4/F
yP5z5uG7btvaJRKdSqCSxsctIpNB5PYCFXZj8bKE1Sx97MEUIUQYyKK2ls6mmJeC
pe5wAR/uZm1Edkxxo2o9qrN+2AQQXeM5jHei1E3tw6SYw+G5UMn8uPmyUdcbB/Gr
7nLPOyGl+AqjzGG4qYb0Er8/vNfpCvL28o3YOjCEJbwFRITjQYwaaf5NG45sYACg
pVQey4v6mVEtL3D+BkFi
=TuqU
-----END PGP SIGNATURE-----

1757
libffi-ppc64le.diff
View File

File diff suppressed because it is too large Load Diff

12
python-2.7-urllib2-localnet-ssl.patch Normal file
View File

@ -0,0 +1,12 @@
Index: Python-2.7.9/Lib/test/test_urllib2_localnet.py
===================================================================
--- Python-2.7.9.orig/Lib/test/test_urllib2_localnet.py 2014-12-10 16:59:48.000000000 +0100
+++ Python-2.7.9/Lib/test/test_urllib2_localnet.py 2014-12-15 13:57:25.013615707 +0100
@@ -5,7 +5,6 @@
import BaseHTTPServer
import unittest
import hashlib
-import ssl
from test import test_support

55
python-2.7.3-ssl_ca_path.patch
View File

@ -1,55 +0,0 @@
Index: Python-2.7.7/Modules/_ssl.c
===================================================================
--- Python-2.7.7.orig/Modules/_ssl.c 2014-06-20 14:34:28.157656595 +0200
+++ Python-2.7.7/Modules/_ssl.c 2014-06-20 14:35:20.092929774 +0200
@@ -273,6 +273,7 @@
char *errstr = NULL;
int ret;
int verification_mode;
+ struct stat stat_buf;
long options;
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
@@ -331,20 +332,32 @@
if (certreq != PY_SSL_CERT_NONE) {
if (cacerts_file == NULL) {
- errstr = ERRSTR("No root certificates specified for "
- "verification of other-side certificates.");
- goto fail;
- } else {
PySSL_BEGIN_ALLOW_THREADS
- ret = SSL_CTX_load_verify_locations(self->ctx,
- cacerts_file,
- NULL);
+ ret = SSL_CTX_set_default_verify_paths(self->ctx);
PySSL_END_ALLOW_THREADS
- if (ret != 1) {
- _setSSLError(NULL, 0, __FILE__, __LINE__);
- goto fail;
+ } else {
+ /* If cacerts_file is a directory-based cert store, pass it as the
+ third parameter, CApath, instead
+ */
+ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
+ PySSL_BEGIN_ALLOW_THREADS
+ ret = SSL_CTX_load_verify_locations(self->ctx,
+ NULL,
+ cacerts_file);
+ PySSL_END_ALLOW_THREADS
+ } else {
+ PySSL_BEGIN_ALLOW_THREADS
+ ret = SSL_CTX_load_verify_locations(self->ctx,
+ cacerts_file,
+ NULL);
+ PySSL_END_ALLOW_THREADS
}
}
+
+ if (ret != 1) {
+ _setSSLError(NULL, 0, __FILE__, __LINE__);
+ goto fail;
+ }
}
if (key_file) {
PySSL_BEGIN_ALLOW_THREADS

63
python-2.7.6-poplib.patch
View File

@ -1,63 +0,0 @@
# HG changeset patch
# User Georg Brandl <georg@python.org>
# Date 1382855033 -3600
# Node ID 68029048c9c6833b71c3121e5178f7f57f21b565
# Parent 10d0edadbcddfd983c2c6c22d06c5a535197f8bf
Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
Index: Python-2.7.6/Lib/poplib.py
===================================================================
--- Python-2.7.6.orig/Lib/poplib.py 2013-11-10 08:36:40.000000000 +0100
+++ Python-2.7.6/Lib/poplib.py 2014-02-07 18:45:45.454259311 +0100
@@ -32,6 +32,12 @@
LF = '\n'
CRLF = CR+LF
+# maximal line length when calling readline(). This is to prevent
+# reading arbitrary lenght lines. RFC 1939 limits POP3 line length to
+# 512 characters, including CRLF. We have selected 2048 just to be on
+# the safe side.
+_MAXLINE = 2048
+
class POP3:
@@ -103,7 +109,10 @@
# Raise error_proto('-ERR EOF') if the connection is closed.
def _getline(self):
- line = self.file.readline()
+ line = self.file.readline(_MAXLINE + 1)
+ if len(line) > _MAXLINE:
+ raise error_proto('line too long')
+
if self._debugging > 1: print '*get*', repr(line)
if not line: raise error_proto('-ERR EOF')
octets = len(line)
Index: Python-2.7.6/Lib/test/test_poplib.py
===================================================================
--- Python-2.7.6.orig/Lib/test/test_poplib.py 2013-11-10 08:36:40.000000000 +0100
+++ Python-2.7.6/Lib/test/test_poplib.py 2014-02-07 18:44:24.419856656 +0100
@@ -81,7 +81,7 @@
def cmd_list(self, arg):
if arg:
- self.push('+OK %s %s' %(arg, arg))
+ self.push('+OK %s %s' % (arg, arg))
else:
self.push('+OK')
asynchat.async_chat.push(self, LIST_RESP)
@@ -198,6 +198,10 @@
113)
self.assertEqual(self.client.retr('foo'), expected)
+ def test_too_long_lines(self):
+ self.assertRaises(poplib.error_proto, self.client._shortcmd,
+ 'echo +%s' % ((poplib._MAXLINE + 10) * 'a'))
+
def test_dele(self):
self.assertOK(self.client.dele('foo'))

3
python-2.7.8-docs-html.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b1b969be6dab30a1820320340579f6cc5b23c25acdd3e7de0d212574439978bf
size 4487849

3
python-2.7.8-docs-pdf-a4.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1a217af2067e4deda02cbc83a169aa2399dcb4e72465c352ed4e98b9c1a94a18
size 10907347

3
python-2.7.8-docs-pdf-letter.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3aebf5c70d2e6561093a33ce8c0481dd025e0ac553971579ee5a3a033b78593f
size 10961584

3
python-2.7.9-docs-pdf-a4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1691a5f9fd00e85aba3393863d344a627b812b7ff8cd1ad20dd3cd73384e04dd
size 10680004

3
python-2.7.9-docs-pdf-letter.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ca72f5664ca8bdb6ef081f25cde3a14affec466631df517449a022d8f26be13b
size 10735024

20
python-base.changes
View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com
- update to 2.7.9
* contains full backport of ssl module from Python 3.4 (PEP466)
* HTTPS certificate validation enabled by default (PEP476)
* SSLv3 disabled by default (bnc#901715)
* backported ensurepip module (PEP477)
* fixes several missing CVEs from last release: CVE-2013-1752,
CVE-2013-1753
* dozens of minor bugfixes
- dropped upstreamed patches: python-2.7.6-poplib.patch,
smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
- dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it
with ssl module from Python 3
- libffi was upgraded upstream, seems to contain our changes,
so dropping libffi-ppc64le.diff as well
- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
"import ssl" from test_urllib2_localnet that caused it to fail without ssl
-------------------------------------------------------------------
Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com

22
python-base.spec
View File

@ -17,7 +17,7 @@
Name: python-base
Version: 2.7.8
Version: 2.7.9
Release: 0
Summary: Python Interpreter base package
License: Python-2.0
@ -43,22 +43,15 @@ Patch8: python-2.6b3-curses-panel.patch
Patch10: sparc_longdouble.patch
Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
# PATCH-FIX-OPENSUSE remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch31: python-2.7.7-mhlib-linkcount.patch
# PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test
Patch32: python-2.7-urllib2-localnet-ssl.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@ -143,15 +136,11 @@ other applications.
%patch10 -p1
%patch13 -p1
%patch17 -p1
%patch18 -p1
%patch20 -p1
%patch22 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1
%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
@ -334,6 +323,7 @@ cp Makefile Makefile.pre.in Makefile.pre %{buildroot}%{_libdir}/python%{python_v
%{_libdir}/python%{python_version}/distutils
%{_libdir}/python%{python_version}/email
%{_libdir}/python%{python_version}/encodings
%{_libdir}/python%{python_version}/ensurepip
%{_libdir}/python%{python_version}/hotshot
%{_libdir}/python%{python_version}/importlib
%{_libdir}/python%{python_version}/json

7
python-doc.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com
- update to 2.7.9
- drop HTML doc tarball, build HTML documentation from source
- set fixed doc build date, lower sphinx requirement (for older openSUSE)
-------------------------------------------------------------------
Tue Sep 30 15:32:07 UTC 2014 - jmatejek@suse.com

42
python-doc.spec
View File

@ -16,7 +16,7 @@
#
Name: python-doc
Version: 2.7.8
Version: 2.7.9
Release: 0
Summary: Additional Package Documentation for Python
License: Python-2.0
@ -26,15 +26,12 @@ Url: http://www.python.org/
Source0: %{tarname}.tar.xz
# docs for current version are regenerated every day
# this messes with autobuild "file changed" checks
#Source1: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-html.tar.bz2
#Source2: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-pdf-a4.tar.bz2
#Source3: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-pdf-letter.tar.bz2
Source1: python-%{version}-docs-html.tar.bz2
Source2: python-%{version}-docs-pdf-a4.tar.bz2
Source3: python-%{version}-docs-pdf-letter.tar.bz2
%if 0%{suse_version} <= 1210
BuildRequires: python-Sphinx
BuildRequires: xz
%endif
# COMMON-PATCH-BEGIN
Patch1: python-2.7-dirs.patch
Patch2: python-distutils-rpm-8.patch
@ -46,22 +43,15 @@ Patch8: python-2.6b3-curses-panel.patch
Patch10: sparc_longdouble.patch
Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
# PATCH-FIX-OPENSUSE remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch31: python-2.7.7-mhlib-linkcount.patch
# PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test
Patch32: python-2.7-urllib2-localnet-ssl.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@ -100,28 +90,34 @@ Python, and Macintosh Module Reference in PDF format.
%patch10 -p1
%patch13 -p1
%patch17 -p1
%patch18 -p1
%patch20 -p1
%patch22 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1
%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
# COMMON-PREP-END
%build
# nothing to do (...whistles innocently)
TODAY_DATE=`date -r %{S:0} "+%B %d, %Y"`
# TODO use not date of tarball but date of latest patch
pushd Doc
sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py
%if 0%{?suse_version} < 1320
# lower sphinx version requirement, docs seem to work fine with 1.1
sed -i "s/^needs_sphinx = .*/needs_sphinx = '1.1'/" conf.py
%endif
make html
popd
%install
export PDOCS=%{buildroot}%{_docdir}/python
install -d -m 755 $PDOCS/Misc
tar xfj %{SOURCE1} -C $PDOCS/
mv $PDOCS/python-%{version}-docs-html $PDOCS/html
rm Doc/build/html/.buildinfo
mv Doc/build/html $PDOCS/html
tar xfj %{SOURCE2} -C $PDOCS
mv $PDOCS/docs-pdf $PDOCS/paper-a4
tar xfj %{SOURCE3} -C $PDOCS

5
python.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com
- update to 2.7.9
-------------------------------------------------------------------
Sat Oct 18 20:05:00 UTC 2014 - crrodriguez@opensuse.org

25
python.spec
View File

@ -16,7 +16,7 @@
#
Name: python
Version: 2.7.8
Version: 2.7.9
Release: 0
Summary: Python Interpreter
License: Python-2.0
@ -47,22 +47,15 @@ Patch8: python-2.6b3-curses-panel.patch
Patch10: sparc_longdouble.patch
Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
# PATCH-FIX-OPENSUSE remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch31: python-2.7.7-mhlib-linkcount.patch
# PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test
Patch32: python-2.7-urllib2-localnet-ssl.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@ -177,23 +170,16 @@ implementation of the standard Unix DBM databases.
%patch10 -p1
%patch13 -p1
%patch17 -p1
%patch18 -p1
%patch20 -p1
%patch22 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1
%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
# COMMON-PREP-END
# remove newslist.py because of bad license
rm Demo/scripts/newslist.*
%build
# necessary for correct linking with GDBM:
export SUSE_ASNEEDED=0
@ -268,6 +254,7 @@ rm -r %{buildroot}%{_libdir}/python%{python_version}/ctypes
rm -r %{buildroot}%{_libdir}/python%{python_version}/distutils
rm -r %{buildroot}%{_libdir}/python%{python_version}/email
rm -r %{buildroot}%{_libdir}/python%{python_version}/encodings
rm -r %{buildroot}%{_libdir}/python%{python_version}/ensurepip
rm -r %{buildroot}%{_libdir}/python%{python_version}/hotshot
rm -r %{buildroot}%{_libdir}/python%{python_version}/importlib
rm -r %{buildroot}%{_libdir}/python%{python_version}/json

92
smtplib_maxline-2.7.patch
View File

@ -1,92 +0,0 @@
diff -r 44ac81e6d584 Lib/smtplib.py
--- a/Lib/smtplib.py Sun Oct 20 16:57:07 2013 +0300
+++ b/Lib/smtplib.py Sun Oct 20 17:44:15 2013 +0300
@@ -57,6 +57,7 @@
SMTP_PORT = 25
SMTP_SSL_PORT = 465
CRLF = "\r\n"
+_MAXLINE = 8192 # more than 8 times larger than RFC 821, 4.5.3
OLDSTYLE_AUTH = re.compile(r"auth=(.*)", re.I)
@@ -179,10 +180,14 @@
def __init__(self, sslobj):
self.sslobj = sslobj
- def readline(self):
+ def readline(self, size=-1):
+ if size < 0:
+ size = None
str = ""
chr = None
while chr != "\n":
+ if size is not None and len(str) >= size:
+ break
chr = self.sslobj.read(1)
if not chr:
break
@@ -353,7 +358,7 @@
self.file = self.sock.makefile('rb')
while 1:
try:
- line = self.file.readline()
+ line = self.file.readline(_MAXLINE + 1)
except socket.error as e:
self.close()
raise SMTPServerDisconnected("Connection unexpectedly closed: "
@@ -363,6 +368,8 @@
raise SMTPServerDisconnected("Connection unexpectedly closed")
if self.debuglevel > 0:
print>>stderr, 'reply:', repr(line)
+ if len(line) > _MAXLINE:
+ raise SMTPResponseException(500, "Line too long.")
resp.append(line[4:].strip())
code = line[:3]
# Check that the error code is syntactically correct.
diff -r 44ac81e6d584 Lib/test/test_smtplib.py
--- a/Lib/test/test_smtplib.py Sun Oct 20 16:57:07 2013 +0300
+++ b/Lib/test/test_smtplib.py Sun Oct 20 17:44:15 2013 +0300
@@ -292,6 +292,33 @@
HOST, self.port, 'localhost', 3)
+@unittest.skipUnless(threading, 'Threading required for this test.')
+class TooLongLineTests(unittest.TestCase):
+ respdata = '250 OK' + ('.' * smtplib._MAXLINE * 2) + '\n'
+
+ def setUp(self):
+ self.old_stdout = sys.stdout
+ self.output = StringIO.StringIO()
+ sys.stdout = self.output
+
+ self.evt = threading.Event()
+ self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ self.sock.settimeout(15)
+ self.port = test_support.bind_port(self.sock)
+ servargs = (self.evt, self.respdata, self.sock)
+ threading.Thread(target=server, args=servargs).start()
+ self.evt.wait()
+ self.evt.clear()
+
+ def tearDown(self):
+ self.evt.wait()
+ sys.stdout = self.old_stdout
+
+ def testLineTooLong(self):
+ self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP,
+ HOST, self.port, 'localhost', 3)
+
+
sim_users = {'Mr.A@somewhere.com':'John A',
'Ms.B@somewhere.com':'Sally B',
'Mrs.C@somewhereesle.com':'Ruth C',
@@ -511,7 +538,8 @@
def test_main(verbose=None):
test_support.run_unittest(GeneralTests, DebuggingServerTests,
NonConnectingTests,
- BadHELOServerTests, SMTPSimTests)
+ BadHELOServerTests, SMTPSimTests,
+ TooLongLineTests)
if __name__ == '__main__':
test_main()

114
xmlrpc_gzip_27.patch
View File

@ -1,114 +0,0 @@
Index: Python-2.7.7/Doc/library/xmlrpclib.rst
===================================================================
--- Python-2.7.7.orig/Doc/library/xmlrpclib.rst 2014-05-31 20:58:38.000000000 +0200
+++ Python-2.7.7/Doc/library/xmlrpclib.rst 2014-06-20 14:51:40.282081132 +0200
@@ -127,6 +127,15 @@
*__dict__* attribute and don't have a base class that is marshalled in a
special way.
+.. data:: MAX_GZIP_DECODE
+
+ The module constant specifies the amount of bytes that are decompressed by
+ :func:`gzip_decode`. The default value is *20 MB*. A value of *-1* disables
+ the protection.
+
+ .. versionadded:: 2.7.4
+ The constant was added to strengthen the module against gzip bomb
+ attacks.
.. seealso::
Index: Python-2.7.7/Lib/xmlrpclib.py
===================================================================
--- Python-2.7.7.orig/Lib/xmlrpclib.py 2014-05-31 20:58:39.000000000 +0200
+++ Python-2.7.7/Lib/xmlrpclib.py 2014-06-20 14:51:40.282081132 +0200
@@ -49,6 +49,7 @@
# 2003-07-12 gp Correct marshalling of Faults
# 2003-10-31 mvl Add multicall support
# 2004-08-20 mvl Bump minimum supported Python version to 2.1
+# 2013-01-20 ch Add workaround for gzip bomb vulnerability
#
# Copyright (c) 1999-2002 by Secret Labs AB.
# Copyright (c) 1999-2002 by Fredrik Lundh.
@@ -147,6 +148,10 @@
except ImportError:
gzip = None #python can be built without zlib/gzip support
+# Limit the maximum amount of decoded data that is decompressed. The
+# limit prevents gzip bomb attacks.
+MAX_GZIP_DECODE = 20 * 1024 * 1024 # 20 MB
+
# --------------------------------------------------------------------
# Internal stuff
@@ -1178,11 +1183,16 @@
f = StringIO.StringIO(data)
gzf = gzip.GzipFile(mode="rb", fileobj=f)
try:
- decoded = gzf.read()
+ if MAX_GZIP_DECODE < 0: # no limit
+ decoded = gzf.read()
+ else:
+ decoded = gzf.read(MAX_GZIP_DECODE + 1)
except IOError:
raise ValueError("invalid data")
f.close()
gzf.close()
+ if MAX_GZIP_DECODE >= 0 and len(decoded) > MAX_GZIP_DECODE:
+ raise ValueError("max gzipped payload length exceeded")
return decoded
##
Index: Python-2.7.7/Lib/test/test_xmlrpc.py
===================================================================
--- Python-2.7.7.orig/Lib/test/test_xmlrpc.py 2014-05-31 20:58:39.000000000 +0200
+++ Python-2.7.7/Lib/test/test_xmlrpc.py 2014-06-20 14:51:59.993184645 +0200
@@ -24,6 +24,11 @@
gzip = None
try:
+ import gzip
+except ImportError:
+ gzip = None
+
+try:
unicode
except NameError:
have_unicode = False
@@ -737,7 +742,7 @@
with cm:
p.pow(6, 8)
- def test_gsip_response(self):
+ def test_gzip_response(self):
t = self.Transport()
p = xmlrpclib.ServerProxy(URL, transport=t)
old = self.requestHandler.encode_threshold
@@ -750,6 +755,27 @@
self.requestHandler.encode_threshold = old
self.assertTrue(a>b)
+ def test_gzip_decode_limit(self):
+ data = '\0' * xmlrpclib.MAX_GZIP_DECODE
+ encoded = xmlrpclib.gzip_encode(data)
+ decoded = xmlrpclib.gzip_decode(encoded)
+ self.assertEqual(len(decoded), xmlrpclib.MAX_GZIP_DECODE)
+
+ data = '\0' * (xmlrpclib.MAX_GZIP_DECODE + 1)
+ encoded = xmlrpclib.gzip_encode(data)
+
+ with self.assertRaisesRegexp(ValueError,
+ "max gzipped payload length exceeded"):
+ xmlrpclib.gzip_decode(encoded)
+
+ oldmax = xmlrpclib.MAX_GZIP_DECODE
+ try:
+ xmlrpclib.MAX_GZIP_DECODE = -1
+ xmlrpclib.gzip_decode(encoded)
+ finally:
+ xmlrpclib.MAX_GZIP_DECODE = oldmax
+
+
#Test special attributes of the ServerProxy object
class ServerProxyTestCase(unittest.TestCase):
def setUp(self):