pool/python
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory

Browse Source 
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch 
  removing unnecessary (and potentially harmful) URL scheme
  local-file://.

- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
  Characters in the netloc attribute that decompose under NFKC
  normalization (as used by the IDNA encoding) into any of ``/``,
  ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
  URL is decomposed before parsing, or is not a Unicode string,
  no error will be raised.
  Upstream commits e37ef41 and 507bd8c.

- Update to 2.7.16:
  * bugfix-only release: complete list of changes on
    https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
  * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
    which are fully included in the tarball.
  * Updated patches to apply cleanly:
        CVE-2019-5010-null-defer-x509-cert-DOS.patch
        bpo36160-init-sysconfig_vars.patch
        do-not-use-non-ascii-in-test_ssl.patch
        openssl-111-middlebox-compat.patch
        openssl-111-ssl_options.patch
        python-2.5.1-sqlite.patch
        python-2.6-gettext-plurals.patch
        python-2.7-dirs.patch
        python-2.7.2-fix_date_time_compiler.patch
        python-2.7.4-canonicalize2.patch
        python-2.7.5-multilib.patch
        python-2.7.9-ssl_ca_path.patch

OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241
This commit is contained in:
Matej Cepl 2019-04-08 22:40:36 +00:00 committed by Git OBS Bridge
parent c457f4f6ba
commit 88ffffeead
30 changed files with 476 additions and 456 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
View File

@ -1,50 +0,0 @@
From add531a1e55b0a739b0f42582f1c9747e5649ace Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@python.org>
Date: Tue, 28 Aug 2018 22:12:56 -0700
Subject: [PATCH] closes bpo-34540: Convert shutil._call_external_zip to use
subprocess rather than distutils.spawn.
---
Lib/shutil.py | 16 ++++++++++------
.../2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst | 3 +++
2 files changed, 13 insertions(+), 6 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst
--- a/Lib/shutil.py
+++ b/Lib/shutil.py
@@ -396,17 +396,21 @@ def _make_tarball(base_name, base_dir, c
return archive_name
-def _call_external_zip(base_dir, zip_filename, verbose=False, dry_run=False):
+def _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger):
# XXX see if we want to keep an external call here
if verbose:
zipoptions = "-r"
else:
zipoptions = "-rq"
- from distutils.errors import DistutilsExecError
- from distutils.spawn import spawn
+ cmd = ["zip", zipoptions, zip_filename, base_dir]
+ if logger is not None:
+ logger.info(' '.join(cmd))
+ if dry_run:
+ return
+ import subprocess
try:
- spawn(["zip", zipoptions, zip_filename, base_dir], dry_run=dry_run)
- except DistutilsExecError:
+ subprocess.check_call(cmd)
+ except subprocess.CalledProcessError:
# XXX really should distinguish between "couldn't find
# external 'zip' command" and "zip failed".
raise ExecError, \
@@ -440,7 +444,7 @@ def _make_zipfile(base_name, base_dir, v
zipfile = None
if zipfile is None:
- _call_external_zip(base_dir, zip_filename, verbose, dry_run)
+ _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger)
else:
if logger is not None:
logger.info("creating '%s' and adding '%s' to it",

52
CVE-2019-5010-null-defer-x509-cert-DOS.patch
View File

@ -22,44 +22,11 @@ Co-authored-by: Christian Heimes <christian@python.org>
create mode 100644 Lib/test/talos-2019-0758.pem
create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
--- /dev/null
+++ b/Lib/test/talos-2019-0758.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApKgAwIBAgIBAjALBgkqhkiG9w0BAQswHzELMAkGA1UEBhMCVUsxEDAO
+BgNVBAMTB2NvZHktY2EwHhcNMTgwNjE4MTgwMDU4WhcNMjgwNjE0MTgwMDU4WjA7
+MQswCQYDVQQGEwJVSzEsMCoGA1UEAxMjY29kZW5vbWljb24tdm0tMi50ZXN0Lmxh
+bC5jaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC63fGB
+J80A9Av1GB0bptslKRIUtJm8EeEu34HkDWbL6AJY0P8WfDtlXjlPaLqFa6sqH6ES
+V48prSm1ZUbDSVL8R6BYVYpOlK8/48xk4pGTgRzv69gf5SGtQLwHy8UPBKgjSZoD
+5a5k5wJXGswhKFFNqyyxqCvWmMnJWxXTt2XDCiWc4g4YAWi4O4+6SeeHVAV9rV7C
+1wxqjzKovVe2uZOHjKEzJbbIU6JBPb6TRfMdRdYOw98n1VXDcKVgdX2DuuqjCzHP
+WhU4Tw050M9NaK3eXp4Mh69VuiKoBGOLSOcS8reqHIU46Reg0hqeL8LIL6OhFHIF
+j7HR6V1X6F+BfRS/AgMBAAGjgdYwgdMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUOktp
+HQjxDXXUg8prleY9jeLKeQ4wTwYDVR0jBEgwRoAUx6zgPygZ0ZErF9sPC4+5e2Io
+UU+hI6QhMB8xCzAJBgNVBAYTAlVLMRAwDgYDVQQDEwdjb2R5LWNhggkA1QEAuwb7
+2s0wCQYDVR0SBAIwADAuBgNVHREEJzAlgiNjb2Rlbm9taWNvbi12bS0yLnRlc3Qu
+bGFsLmNpc2NvLmNvbTAOBgNVHQ8BAf8EBAMCBaAwCwYDVR0fBAQwAjAAMAsGCSqG
+SIb3DQEBCwOCAQEAvqantx2yBlM11RoFiCfi+AfSblXPdrIrHvccepV4pYc/yO6p
+t1f2dxHQb8rWH3i6cWag/EgIZx+HJQvo0rgPY1BFJsX1WnYf1/znZpkUBGbVmlJr
+t/dW1gSkNS6sPsM0Q+7HPgEv8CPDNK5eo7vU2seE0iWOkxSyVUuiCEY9ZVGaLVit
+p0C78nZ35Pdv4I+1cosmHl28+es1WI22rrnmdBpH8J1eY6WvUw2xuZHLeNVN0TzV
+Q3qq53AaCWuLOD1AjESWuUCxMZTK9DPS4JKXTK8RLyDeqOvJGjsSWp3kL0y3GaQ+
+10T1rfkKJub2+m9A9duin1fn6tHc2wSvB7m3DA==
+-----END CERTIFICATE-----
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -72,6 +72,7 @@ NONEXISTINGCERT = data_file("XXXnonexist
BADKEY = data_file("badkey.pem")
NOKIACERT = data_file("nokia.pem")
NULLBYTECERT = data_file("nullbytecert.pem")
+TALOS_INVALID_CRLDP = data_file("talos-2019-0758.pem")
DHFILE = data_file("dh1024.pem")
BYTES_DHFILE = DHFILE.encode(sys.getfilesystemencoding())
@@ -227,6 +228,27 @@ class BasicSocketTests(unittest.TestCase
self.assertEqual(p['crlDistributionPoints'],
('http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',))
@@ -256,6 +256,27 @@ class BasicSocketTests(unittest.TestCase
}
)
+ def test_parse_cert_CVE_2019_5010(self):
+ p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
@ -91,16 +58,3 @@ Co-authored-by: Christian Heimes <christian@python.org>
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
+not handle CRL distribution points with empty DP or URI correctly. A
+malicious or buggy certificate can result into segfault.
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1222,6 +1222,10 @@ _get_crl_dp(X509 *certificate) {
STACK_OF(GENERAL_NAME) *gns;
dp = sk_DIST_POINT_value(dps, i);
+ if (dp->distpoint == NULL) {
+ /* Ignore empty DP value, CVE-2019-5010 */
+ continue;
+ }
gns = dp->distpoint->name.fullname;
for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {

133
CVE-2019-9636-netloc-no-decompose-characters.patch Normal file
View File

@ -0,0 +1,133 @@
--- a/Doc/library/urlparse.rst
+++ b/Doc/library/urlparse.rst
@@ -119,12 +119,22 @@ The :mod:`urlparse` module defines the f
See section :ref:`urlparse-result-object` for more information on the result
object.
+ Characters in the :attr:`netloc` attribute that decompose under NFKC
+ normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
+ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
+ decomposed before parsing, or is not a Unicode string, no error will be
+ raised.
+
.. versionchanged:: 2.5
Added attributes to return value.
.. versionchanged:: 2.7
Added IPv6 URL parsing capabilities.
+ .. versionchanged:: 2.7.17
+ Characters that affect netloc parsing under NFKC normalization will
+ now raise :exc:`ValueError`.
+
.. function:: parse_qs(qs[, keep_blank_values[, strict_parsing[, max_num_fields]]])
@@ -232,11 +242,21 @@ The :mod:`urlparse` module defines the f
See section :ref:`urlparse-result-object` for more information on the result
object.
+ Characters in the :attr:`netloc` attribute that decompose under NFKC
+ normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
+ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
+ decomposed before parsing, or is not a Unicode string, no error will be
+ raised.
+
.. versionadded:: 2.2
.. versionchanged:: 2.5
Added attributes to return value.
+ .. versionchanged:: 2.7.17
+ Characters that affect netloc parsing under NFKC normalization will
+ now raise :exc:`ValueError`.
+
.. function:: urlunsplit(parts)
--- a/Lib/test/test_urlparse.py
+++ b/Lib/test/test_urlparse.py
@@ -1,4 +1,6 @@
from test import test_support
+import sys
+import unicodedata
import unittest
import urlparse
@@ -624,6 +626,29 @@ class UrlParseTestCase(unittest.TestCase
self.assertEqual(urlparse.urlparse("http://www.python.org:80"),
('http','www.python.org:80','','','',''))
+ def test_urlsplit_normalization(self):
+ # Certain characters should never occur in the netloc,
+ # including under normalization.
+ # Ensure that ALL of them are detected and cause an error
+ illegal_chars = u'/:#?@'
+ hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars}
+ denorm_chars = [
+ c for c in map(unichr, range(128, sys.maxunicode))
+ if (hex_chars & set(unicodedata.decomposition(c).split()))
+ and c not in illegal_chars
+ ]
+ # Sanity check that we found at least one such character
+ self.assertIn(u'\u2100', denorm_chars)
+ self.assertIn(u'\uFF03', denorm_chars)
+
+ for scheme in [u"http", u"https", u"ftp"]:
+ for c in denorm_chars:
+ url = u"{}://netloc{}false.netloc/path".format(scheme, c)
+ if test_support.verbose:
+ print "Checking %r" % url
+ with self.assertRaises(ValueError):
+ urlparse.urlsplit(url)
+
def test_main():
test_support.run_unittest(UrlParseTestCase)
--- a/Lib/urlparse.py
+++ b/Lib/urlparse.py
@@ -165,6 +165,21 @@ def _splitnetloc(url, start=0):
delim = min(delim, wdelim) # use earliest delim position
return url[start:delim], url[delim:] # return (domain, rest)
+def _checknetloc(netloc):
+ if not netloc or not isinstance(netloc, unicode):
+ return
+ # looking for characters like \u2100 that expand to 'a/c'
+ # IDNA uses NFKC equivalence, so normalize for this check
+ import unicodedata
+ netloc2 = unicodedata.normalize('NFKC', netloc)
+ if netloc == netloc2:
+ return
+ _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
+ for c in '/?#@:':
+ if c in netloc2:
+ raise ValueError("netloc '" + netloc2 + "' contains invalid " +
+ "characters under NFKC normalization")
+
def urlsplit(url, scheme='', allow_fragments=True):
"""Parse a URL into 5 components:
<scheme>://<netloc>/<path>?<query>#<fragment>
@@ -193,6 +208,7 @@ def urlsplit(url, scheme='', allow_fragm
url, fragment = url.split('#', 1)
if '?' in url:
url, query = url.split('?', 1)
+ _checknetloc(netloc)
v = SplitResult(scheme, netloc, url, query, fragment)
_parse_cache[key] = v
return v
@@ -216,6 +232,7 @@ def urlsplit(url, scheme='', allow_fragm
url, fragment = url.split('#', 1)
if '?' in url:
url, query = url.split('?', 1)
+ _checknetloc(netloc)
v = SplitResult(scheme, netloc, url, query, fragment)
_parse_cache[key] = v
return v
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
@@ -0,0 +1,3 @@
+Changes urlsplit() to raise ValueError when the URL contains characters that
+decompose under IDNA encoding (NFKC-normalization) into characters that
+affect how the URL is parsed.
\ No newline at end of file

73
CVE-2019-9948-avoid_local-file.patch Normal file
View File

@ -0,0 +1,73 @@
From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
From: push0ebp <push0ebp@shl-MacBook-Pro.local>
Date: Thu, 14 Feb 2019 02:05:46 +0900
Subject: [PATCH 1/2] bpo-35907: Avoid file reading as disallowing the
unnecessary URL scheme in urllib
---
Lib/test/test_urllib.py | 12 ++++++++++++
Lib/urllib.py | 5 ++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
index 1ce9201c0693..e5f210e62a18 100644
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -1023,6 +1023,18 @@ def open_spam(self, url):
"spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
"//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
+ def test_local_file_open(self):
+ class DummyURLopener(urllib.URLopener):
+ def open_local_file(self, url):
+ return url
+ self.assertEqual(DummyURLopener().open(
+ 'local-file://example'), '//example')
+ self.assertEqual(DummyURLopener().open(
+ 'local_file://example'), '//example')
+ self.assertRaises(IOError, urllib.urlopen,
+ 'local-file://example')
+ self.assertRaises(IOError, urllib.urlopen,
+ 'local_file://example')
# Just commented them out.
# Can't really tell why keep failing in windows and sparc.
diff --git a/Lib/urllib.py b/Lib/urllib.py
index d85504a5cb7e..a24e9a5c68fb 100644
--- a/Lib/urllib.py
+++ b/Lib/urllib.py
@@ -203,7 +203,10 @@ def open(self, fullurl, data=None):
name = 'open_' + urltype
self.type = urltype
name = name.replace('-', '_')
- if not hasattr(self, name):
+
+ # bpo-35907: # disallow the file reading with the type not allowed
+ if not hasattr(self, name) or \
+ (self == _urlopener and name == 'open_local_file'):
if proxy:
return self.open_unknown_proxy(proxy, fullurl, data)
else:
From b86392511acd4cd30dc68711fa22f9f93228715a Mon Sep 17 00:00:00 2001
From: "blurb-it[bot]" <blurb-it[bot]@users.noreply.github.com>
Date: Wed, 13 Feb 2019 17:21:11 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?=
=?UTF-8?q?rb=5Fit.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst | 1 +
1 file changed, 1 insertion(+)
create mode 100644 Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
diff --git a/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst b/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
new file mode 100644
index 000000000000..8118a5f40583
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
@@ -0,0 +1 @@
+Avoid file reading as disallowing the unnecessary URL scheme in urllib.urlopen
\ No newline at end of file

3
Python-2.7.15.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:22d9b1ac5b26135ad2b8c2901a9413537e08749a753356ee913c84dbd2df5574
size 12642436

16
Python-2.7.15.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCAAGBQJa5lMMAAoJEATDZ8IYrdT/kZoP/jxQcZQLglI/4Vor+bzGuvad
+uCJFnI37p98ByUdzqcF6ryKzbWoCkswr5+HMT2gVnxIfUV37rBa/cPLaHlTG+ZI
dqFo87XCNeLiPNnAFk32Vq+NHFw1OhmlZfP7UnxYtomAtF2U2qUi1rfU3KHNpQuR
rxsYD1A+5Sy5nWvpCOJ6x8tG6FFgCeHLfbrg6KtB10MqByXKXiOcp9VgdMBr0TwW
Kesq0PuTr88lOQ9qIAS44SsCu2dfls1l+YLf41JtH0zBQryQyxDgfHnNf13PqRzH
CekC3GwcV2Yw5MiSmsqEQtOag3RDggE+8mV5JAs1YmRMQ8wt3fit6EIhmATEwc4Z
LfNxJrwhD8NoTTZ4jOI9hZW0BPBfdf0ezZa38ImWsOymP7m9Z+GrX1LMPxCn+68X
PWxLS+sbLIyPD4XXPCeoMyX8cUz6/Z4XT8vtg1+Tud+nXjs8xA6i3eFt0MzxNGqg
yixVnYp8ZMwImkF31g4tOAbEue0BXWRzm3GDGfOkiCN6YZ7BruC7YylgLMaXMrMV
BoJN4bDcNgoyoqhYY1pV62Yu+n3WrBD4ch3kPtmJG1Gk5jCDXuH+y9tWetWrLqTZ
EJA8GAGVLz9qdm+yfvWGYpRezb3ErH/fOF8qXvoOY/B5jEyh1xPgnqmOYuIsPZLX
mihaoYBkGZpfDfCGutcm
=2GQo
-----END PGP SIGNATURE-----

3
Python-2.7.16.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f222ef602647eecb6853681156d32de4450a2c39f4de93bd5b20235f2e660ed7
size 12752104

16
Python-2.7.16.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAlx6zU8ACgkQBMNnwhit
1P+xUg//dE6dUc6NlwUzLD+MsvegKz5vXJXjPvhEsShcdaiedWsdfr22PeAXsook
fqEYALONUetv5LTWIlMpR8sNefxw7GCeIsk4ze7aXKNnh0HsZ6LJYny1Eh0aL9Mu
5tpJfvSC8Gxp2IR/vQOGMibNEuU6gpcUA0XPgKi6RvHI1iXbo71NaSuM7Ypi/6t9
X6ZBGGU0TOP7QDdFHwSs+KzfU0uLpzadWHoksTv6lESTK9BmNlKY2CdUkjbxdD/z
72UZKaLBqCwKC6znpTrZRLzdzdeRGhlnzW1LTNmdsQOj70zRwYvE8/kXVlIF5zJo
7y4SyL54+/B+M5fXsxemY1If8kc5sHFhLouzI1gd5nfiGoebWMDE+gjkBTMr5r9i
/J5DLUYHLd0/B9Yf6sz+O6kTqYwjp0SIhcIDhQRWKre4vNc0Jy6rpogA6ILl2pFo
VRctsjnqLyfhp1wfrBq4h18fjEw48itu9rWKea/DC+4oudHzAuSP9dv8RkLVD+GR
buV1lXSIsPE2sYBrc1KvRud475W3I8zPZ25VVsZ/uRJdj4HehcTwiN7poSZ4T7My
Mz4grC5b3HDveFT4N6TbL1RgbSKL9Xm3mh+LF0u6uFN466ahmdzjAj3+uCJ98TkU
4aZvrLgiPTkWOyBD0Y8WXsdiAblTRucGStm5SbqvnXUgB9N3rNA=
=XmAm
-----END PGP SIGNATURE-----

29
bpo36160-init-sysconfig_vars.patch Normal file
View File

@ -0,0 +1,29 @@
From 603a4461e3c889b06a5d78e57594ebbc580f1c03 Mon Sep 17 00:00:00 2001
From: Ivan Pozdeev <vano@mail.mipt.ru>
Date: Fri, 1 Mar 2019 21:44:24 +0300
Subject: [PATCH] Fix AttributeError on sysconfig._CONFIG_VARS.clear() if
test_site is run separately
---
Lib/test/test_site.py | 4 +++-
.../next/Tests/2019-03-01-21-45-13.bpo-36160.4JjrqB.rst | 2 ++
2 files changed, 5 insertions(+), 1 deletion(-)
create mode 100644 Misc/NEWS.d/next/Tests/2019-03-01-21-45-13.bpo-36160.4JjrqB.rst
--- a/Lib/test/test_site.py
+++ b/Lib/test/test_site.py
@@ -47,6 +47,9 @@ def setUpModule():
else:
raise
+ # sysconfig._CONFIG_VARS is None until the first call to this function
+ sysconfig.get_config_vars()
+
def tearDownModule():
sys.path[:] = OLD_SYS_PATH
--- /dev/null
+++ b/Misc/NEWS.d/next/Tests/2019-03-01-21-45-13.bpo-36160.4JjrqB.rst
@@ -0,0 +1,2 @@
+Fix AttributeError on sysconfig._CONFIG_VARS.clear() if test_site is run
+separately

20
do-not-use-non-ascii-in-test_ssl.patch
View File

@ -1,11 +1,11 @@
--- Python-2.7.15.orig/Lib/test/test_ssl.py 2018-04-30 00:47:33.000000000 +0200
+++ Python-2.7.15/Lib/test/test_ssl.py 2018-05-21 21:23:23.905940795 +0200
@@ -1001,7 +1001,7 @@
with self.assertRaises(ssl.SSLError) as cm:
ctx.load_dh_params(CERTFILE)
with support.temp_dir() as d:
- fname = os.path.join(d, u'dhpäräm.pem')
+ fname = os.path.join(d, u'dhparam.pem')
shutil.copy(DHFILE, fname)
ctx.load_dh_params(fname)
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1021,7 +1021,7 @@ class ContextTests(unittest.TestCase):
def test_load_dh_params(self):
- filename = u'dhpäräm.pem'
+ filename = u'dhparam.pem'
fs_encoding = sys.getfilesystemencoding()
try:
filename.encode(fs_encoding)

14
openssl-111-middlebox-compat.patch
View File

@ -11,16 +11,14 @@ https://bugs.python.org/issue34834
Lib/test/test_ssl.py | 5 +++++
1 file changed, 5 insertions(+)
Index: Python-2.7.15/Lib/test/test_ssl.py
===================================================================
--- Python-2.7.15.orig/Lib/test/test_ssl.py 2018-10-29 13:32:59.190865648 +0100
+++ Python-2.7.15/Lib/test/test_ssl.py 2018-10-29 13:41:01.857624490 +0100
@@ -777,8 +777,12 @@ class ContextTests(unittest.TestCase):
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -807,8 +807,12 @@ class ContextTests(unittest.TestCase):
default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
# SSLContext also enables these by default
default |= (ssl.OP_NO_COMPRESSION | ssl.OP_CIPHER_SERVER_PREFERENCE |
- ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE |
- ssl.OP_ENABLE_MIDDLEBOX_COMPAT)
default |= (OP_NO_COMPRESSION | OP_CIPHER_SERVER_PREFERENCE |
- OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE |
- OP_ENABLE_MIDDLEBOX_COMPAT)
+ ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE)
+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
+ # define MIDDLEBOX constant, as python2.7 does not know about it

26
openssl-111-ssl_options.patch
View File

@ -1,13 +1,17 @@
Index: Python-2.7.15/Lib/test/test_ssl.py
===================================================================
--- Python-2.7.15.orig/Lib/test/test_ssl.py 2018-10-29 13:41:01.857624490 +0100
+++ Python-2.7.15/Lib/test/test_ssl.py 2018-10-29 14:04:59.674004321 +0100
@@ -776,7 +776,7 @@ class ContextTests(unittest.TestCase):
# OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -807,12 +807,8 @@ class ContextTests(unittest.TestCase):
default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
# SSLContext also enables these by default
- default |= (ssl.OP_NO_COMPRESSION | ssl.OP_CIPHER_SERVER_PREFERENCE |
+ default |= (ssl.OP_NO_COMPRESSION |
ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE)
if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
# define MIDDLEBOX constant, as python2.7 does not know about it
default |= (OP_NO_COMPRESSION | OP_CIPHER_SERVER_PREFERENCE |
- ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE)
- if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
- # define MIDDLEBOX constant, as python2.7 does not know about it
- # but it is used by default.
- OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L
- default |= OP_ENABLE_MIDDLEBOX_COMPAT
+ OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE |
+ OP_ENABLE_MIDDLEBOX_COMPAT)
self.assertEqual(default, ctx.options)
ctx.options |= ssl.OP_NO_TLSv1
self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)

137
openssl-111.patch
View File

@ -1,137 +0,0 @@
From 9e32244ea7d2621030f040b0f4e5af89480ecc0f Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Wed, 15 Aug 2018 09:07:28 +0200
Subject: [PATCH] [2.7] bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)
(GH-8760)
Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.
Also update multissltests to test with latest OpenSSL.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 3e630c541b35c96bfe5619165255e559f577ee71)
Co-authored-by: Christian Heimes <christian@python.org>
---
Doc/library/ssl.rst | 8 ++--
Lib/test/test_ssl.py | 37 +++++++++++--------
.../2018-05-18-21-50-47.bpo-33570.7CZy4t.rst | 3 ++
3 files changed, 27 insertions(+), 21 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
Index: Python-2.7.15/Doc/library/ssl.rst
===================================================================
--- Python-2.7.15.orig/Doc/library/ssl.rst
+++ Python-2.7.15/Doc/library/ssl.rst
@@ -291,11 +291,6 @@ purposes.
3DES was dropped from the default cipher string.
- .. versionchanged:: 2.7.15
-
- TLS 1.3 cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
- and TLS_CHACHA20_POLY1305_SHA256 were added to the default cipher string.
-
.. function:: _https_verify_certificates(enable=True)
Specifies whether or not server certificates are verified when creating
@@ -1176,6 +1171,9 @@ to speed up repeated connections from th
when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will
give the currently selected cipher.
+ OpenSSL 1.1.1 has TLS 1.3 cipher suites enabled by default. The suites
+ cannot be disabled with :meth:`~SSLContext.set_ciphers`.
+
.. method:: SSLContext.set_alpn_protocols(protocols)
Specify which protocols the socket should advertise during the SSL/TLS
Index: Python-2.7.15/Lib/test/test_ssl.py
===================================================================
--- Python-2.7.15.orig/Lib/test/test_ssl.py
+++ Python-2.7.15/Lib/test/test_ssl.py
@@ -775,8 +775,10 @@ class ContextTests(unittest.TestCase):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
# OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
- if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0):
- default |= ssl.OP_NO_COMPRESSION
+ # SSLContext also enables these by default
+ default |= (ssl.OP_NO_COMPRESSION | ssl.OP_CIPHER_SERVER_PREFERENCE |
+ ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE |
+ ssl.OP_ENABLE_MIDDLEBOX_COMPAT)
self.assertEqual(default, ctx.options)
ctx.options |= ssl.OP_NO_TLSv1
self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
@@ -2765,19 +2767,24 @@ else:
sock.do_handshake()
self.assertEqual(cm.exception.errno, errno.ENOTCONN)
- def test_default_ciphers(self):
- context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
- try:
- # Force a set of weak ciphers on our client context
- context.set_ciphers("DES")
- except ssl.SSLError:
- self.skipTest("no DES cipher available")
- with ThreadedEchoServer(CERTFILE,
- ssl_version=ssl.PROTOCOL_SSLv23,
- chatty=False) as server:
- with closing(context.wrap_socket(socket.socket())) as s:
- with self.assertRaises(ssl.SSLError):
- s.connect((HOST, server.port))
+ def test_no_shared_ciphers(self):
+ server_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ server_context.load_cert_chain(SIGNED_CERTFILE)
+ client_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ client_context.verify_mode = ssl.CERT_REQUIRED
+ client_context.check_hostname = True
+
+ # OpenSSL enables all TLS 1.3 ciphers, enforce TLS 1.2 for test
+ client_context.options |= ssl.OP_NO_TLSv1_3
+ # Force different suites on client and master
+ client_context.set_ciphers("AES128")
+ server_context.set_ciphers("AES256")
+ with ThreadedEchoServer(context=server_context) as server:
+ s = client_context.wrap_socket(
+ socket.socket(),
+ server_hostname="localhost")
+ with self.assertRaises(ssl.SSLError):
+ s.connect((HOST, server.port))
self.assertIn("no shared cipher", str(server.conn_errors[0]))
def test_version_basic(self):
@@ -2805,12 +2812,12 @@ else:
ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
)
with ThreadedEchoServer(context=context) as server:
- with context.wrap_socket(socket.socket()) as s:
+ with closing(context.wrap_socket(socket.socket())) as s:
s.connect((HOST, server.port))
self.assertIn(s.cipher()[0], [
- 'TLS13-AES-256-GCM-SHA384',
- 'TLS13-CHACHA20-POLY1305-SHA256',
- 'TLS13-AES-128-GCM-SHA256',
+ 'TLS_AES_256_GCM_SHA384',
+ 'TLS_CHACHA20_POLY1305_SHA256',
+ 'TLS_AES_128_GCM_SHA256',
])
@unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
@@ -2819,6 +2826,7 @@ else:
# should be enabled by default on SSL contexts.
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.load_cert_chain(CERTFILE)
+ context.options |= ssl.OP_NO_TLSv1_3
# Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
# explicitly using the 'ECCdraft' cipher alias. Otherwise,
# our default cipher list should prefer ECDH-based ciphers
Index: Python-2.7.15/Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
===================================================================
--- /dev/null
+++ Python-2.7.15/Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
@@ -0,0 +1,3 @@
+Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
+1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
+default.

2
python-2.5.1-sqlite.patch
View File

@ -1,6 +1,6 @@
--- a/Modules/_sqlite/cursor.c
+++ b/Modules/_sqlite/cursor.c
@@ -837,6 +837,9 @@
@@ -829,6 +829,9 @@ PyObject* pysqlite_cursor_executescript(
goto error;
}

6
python-2.6-gettext-plurals.patch
View File

@ -1,8 +1,6 @@
Index: Lib/gettext.py
===================================================================
--- a/Lib/gettext.py.orig
--- a/Lib/gettext.py
+++ b/Lib/gettext.py
@@ -311,8 +311,9 @@ class GNUTranslations(NullTranslations):
@@ -387,8 +387,9 @@ class GNUTranslations(NullTranslations):
self._charset = v.split('charset=')[1]
elif k == 'plural-forms':
v = v.split(';')

2
python-2.7-dirs.patch
View File

@ -1,6 +1,6 @@
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -106,7 +106,7 @@
@@ -110,7 +110,7 @@ LIBDIR= @libdir@
MANDIR= @mandir@
INCLUDEDIR= @includedir@
CONFINCLUDEDIR= $(exec_prefix)/include

3
python-2.7.15-docs-pdf-a4.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bbf77aefc548510b72b18f20be35543754a2f0be4fb3139362166f76ba16d846
size 11453397

3
python-2.7.15-docs-pdf-letter.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bc0c23f8c232fa60e0f1183269b30a4e995cdb2ff1a5b212c5ef96a0486b8edf
size 11453167

3
python-2.7.16-docs-pdf-a4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b35b997446031dcda1fc7fb9bc4f24e8e3615d09b038ee802e6b88d3b3d27182
size 11420205

3
python-2.7.16-docs-pdf-letter.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4157eadddf1d5d892820f16752119910f0e9d3264e55616c6ebf0445854a47fe
size 11420016

8
python-2.7.2-fix_date_time_compiler.patch
View File

@ -1,8 +1,6 @@
Index: Python-2.7.14/Makefile.pre.in
===================================================================
--- Python-2.7.14.orig/Makefile.pre.in
+++ Python-2.7.14/Makefile.pre.in
@@ -638,8 +638,15 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -647,8 +647,15 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
-DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \
-DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \
-DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \

30
python-2.7.4-canonicalize2.patch
View File

@ -1,8 +1,6 @@
Index: Python-2.7.7/Python/sysmodule.c
===================================================================
--- Python-2.7.7.orig/Python/sysmodule.c 2014-06-20 14:33:06.696228064 +0200
+++ Python-2.7.7/Python/sysmodule.c 2014-06-20 14:33:10.960250497 +0200
@@ -1624,7 +1624,20 @@
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1638,7 +1638,20 @@ PySys_SetArgvEx(int argc, char **argv, i
char *p = NULL;
Py_ssize_t n = 0;
PyObject *a;
@ -24,7 +22,7 @@ Index: Python-2.7.7/Python/sysmodule.c
char link[MAXPATHLEN+1];
char argv0copy[2*MAXPATHLEN+1];
int nr = 0;
@@ -1651,7 +1664,8 @@
@@ -1665,7 +1678,8 @@ PySys_SetArgvEx(int argc, char **argv, i
}
}
}
@ -34,7 +32,7 @@ Index: Python-2.7.7/Python/sysmodule.c
#if SEP == '\\' /* Special case for MS filename syntax */
if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) {
char *q;
@@ -1680,11 +1694,6 @@
@@ -1694,11 +1708,6 @@ PySys_SetArgvEx(int argc, char **argv, i
}
#else /* All other filename syntaxes */
if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) {
@ -46,7 +44,7 @@ Index: Python-2.7.7/Python/sysmodule.c
p = strrchr(argv0, SEP);
}
if (p != NULL) {
@@ -1702,6 +1711,9 @@
@@ -1716,6 +1725,9 @@ PySys_SetArgvEx(int argc, char **argv, i
a = PyString_FromStringAndSize(argv0, n);
if (a == NULL)
Py_FatalError("no mem for sys.path insertion");
@ -56,10 +54,8 @@ Index: Python-2.7.7/Python/sysmodule.c
if (PyList_Insert(path, 0, a) < 0)
Py_FatalError("sys.path.insert(0) failed");
Py_DECREF(a);
Index: Python-2.7.7/pyconfig.h.in
===================================================================
--- Python-2.7.7.orig/pyconfig.h.in 2014-05-31 20:58:40.000000000 +0200
+++ Python-2.7.7/pyconfig.h.in 2014-06-20 14:33:10.961250502 +0200
--- a/pyconfig.h.in
+++ b/pyconfig.h.in
@@ -109,6 +109,9 @@
/* Define to 1 if you have the 'chflags' function. */
#undef HAVE_CHFLAGS
@ -70,13 +66,11 @@ Index: Python-2.7.7/pyconfig.h.in
/* Define to 1 if you have the `chown' function. */
#undef HAVE_CHOWN
Index: Python-2.7.7/configure.ac
===================================================================
--- Python-2.7.7.orig/configure.ac 2014-06-20 14:33:06.694228054 +0200
+++ Python-2.7.7/configure.ac 2014-06-20 14:33:10.961250502 +0200
@@ -2935,7 +2935,7 @@
--- a/configure.ac
+++ b/configure.ac
@@ -3159,7 +3159,7 @@ AC_CHECK_FUNCS(alarm setitimer getitimer
getpriority getresuid getresgid getpwent getspnam getspent getsid getwd \
initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime mmap \
initgroups kill killpg lchown lstat mkfifo mknod mktime mmap \
mremap nice pathconf pause plock poll pthread_init \
- putenv readlink realpath \
+ putenv readlink realpath canonicalize_file_name \

113
python-2.7.5-multilib.patch
View File

@ -1,8 +1,6 @@
Index: Python-2.7.14/configure.ac
===================================================================
--- Python-2.7.14.orig/configure.ac
+++ Python-2.7.14/configure.ac
@@ -758,6 +758,41 @@ SunOS*)
--- a/configure.ac
+++ b/configure.ac
@@ -773,6 +773,41 @@ SunOS*)
;;
esac
@ -44,10 +42,8 @@ Index: Python-2.7.14/configure.ac
AC_SUBST(LIBRARY)
AC_MSG_CHECKING(LIBRARY)
Index: Python-2.7.14/Include/pythonrun.h
===================================================================
--- Python-2.7.14.orig/Include/pythonrun.h
+++ Python-2.7.14/Include/pythonrun.h
--- a/Include/pythonrun.h
+++ b/Include/pythonrun.h
@@ -108,6 +108,8 @@ PyAPI_FUNC(char *) Py_GetPath(void);
/* In their own files */
PyAPI_FUNC(const char *) Py_GetVersion(void);
@ -57,10 +53,8 @@ Index: Python-2.7.14/Include/pythonrun.h
PyAPI_FUNC(const char *) Py_GetCopyright(void);
PyAPI_FUNC(const char *) Py_GetCompiler(void);
PyAPI_FUNC(const char *) Py_GetBuildInfo(void);
Index: Python-2.7.14/Lib/distutils/command/install.py
===================================================================
--- Python-2.7.14.orig/Lib/distutils/command/install.py
+++ Python-2.7.14/Lib/distutils/command/install.py
--- a/Lib/distutils/command/install.py
+++ b/Lib/distutils/command/install.py
@@ -22,6 +22,8 @@ from site import USER_BASE
from site import USER_SITE
@ -79,10 +73,8 @@ Index: Python-2.7.14/Lib/distutils/command/install.py
'headers': '$base/include/python$py_version_short/$dist_name',
'scripts': '$base/bin',
'data' : '$base',
Index: Python-2.7.14/Lib/distutils/sysconfig.py
===================================================================
--- Python-2.7.14.orig/Lib/distutils/sysconfig.py
+++ Python-2.7.14/Lib/distutils/sysconfig.py
--- a/Lib/distutils/sysconfig.py
+++ b/Lib/distutils/sysconfig.py
@@ -119,8 +119,11 @@ def get_python_lib(plat_specific=0, stan
prefix = plat_specific and EXEC_PREFIX or PREFIX
@ -97,10 +89,8 @@ Index: Python-2.7.14/Lib/distutils/sysconfig.py
if standard_lib:
return libpython
else:
Index: Python-2.7.14/Lib/pydoc.py
===================================================================
--- Python-2.7.14.orig/Lib/pydoc.py
+++ Python-2.7.14/Lib/pydoc.py
--- a/Lib/pydoc.py
+++ b/Lib/pydoc.py
@@ -375,7 +375,7 @@ class Doc:
docmodule = docclass = docroutine = docother = docproperty = docdata = fail
@ -110,10 +100,8 @@ Index: Python-2.7.14/Lib/pydoc.py
"python"+sys.version[0:3])):
"""Return the location of module docs or None"""
Index: Python-2.7.14/Lib/site.py
===================================================================
--- Python-2.7.14.orig/Lib/site.py
+++ Python-2.7.14/Lib/site.py
--- a/Lib/site.py
+++ b/Lib/site.py
@@ -231,29 +231,38 @@ def getuserbase():
USER_BASE = get_config_var('userbase')
return USER_BASE
@ -197,10 +185,8 @@ Index: Python-2.7.14/Lib/site.py
return sitepackages
def addsitepackages(known_paths):
Index: Python-2.7.14/Lib/sysconfig.py
===================================================================
--- Python-2.7.14.orig/Lib/sysconfig.py
+++ Python-2.7.14/Lib/sysconfig.py
--- a/Lib/sysconfig.py
+++ b/Lib/sysconfig.py
@@ -7,10 +7,10 @@ from os.path import pardir, realpath
_INSTALL_SCHEMES = {
@ -229,10 +215,8 @@ Index: Python-2.7.14/Lib/sysconfig.py
'include': '{userbase}/include/python{py_version_short}',
'scripts': '{userbase}/bin',
'data' : '{userbase}',
Index: Python-2.7.14/Lib/test/test_dl.py
===================================================================
--- Python-2.7.14.orig/Lib/test/test_dl.py
+++ Python-2.7.14/Lib/test/test_dl.py
--- a/Lib/test/test_dl.py
+++ b/Lib/test/test_dl.py
@@ -4,10 +4,11 @@
import unittest
from test.test_support import verbose, import_module
@ -247,11 +231,9 @@ Index: Python-2.7.14/Lib/test/test_dl.py
('/usr/bin/cygwin1.dll', 'getpid'),
('/usr/lib/libc.dylib', 'getpid'),
]
Index: Python-2.7.14/Lib/test/test_site.py
===================================================================
--- Python-2.7.14.orig/Lib/test/test_site.py
+++ Python-2.7.14/Lib/test/test_site.py
@@ -252,12 +252,16 @@ class HelperFunctionsTests(unittest.Test
--- a/Lib/test/test_site.py
+++ b/Lib/test/test_site.py
@@ -254,12 +254,16 @@ class HelperFunctionsTests(unittest.Test
self.assertEqual(dirs[0], wanted)
elif os.sep == '/':
# OS X, Linux, FreeBSD, etc
@ -271,10 +253,21 @@ Index: Python-2.7.14/Lib/test/test_site.py
else:
# other platforms
self.assertEqual(len(dirs), 2)
Index: Python-2.7.14/Lib/trace.py
===================================================================
--- Python-2.7.14.orig/Lib/trace.py
+++ Python-2.7.14/Lib/trace.py
@@ -305,7 +309,11 @@ class HelperFunctionsTests(unittest.Test
known_paths = set()
site.addusersitepackages(known_paths)
- self.assertEqual(fake_isdir.arg, user_site)
+ # value of user_site cannot be used for comparison, because
+ # the following assert mistakenly assumes 'platlib' and
+ # 'purelib' directories are same.
+ self.assertEqual(fake_isdir.arg,
+ site.getusersitepackages('platlib'))
self.assertFalse(known_paths)
--- a/Lib/trace.py
+++ b/Lib/trace.py
@@ -754,10 +754,10 @@ def main(argv=None):
# should I also call expanduser? (after all, could use $HOME)
@ -288,10 +281,8 @@ Index: Python-2.7.14/Lib/trace.py
"python" + sys.version[:3]))
s = os.path.normpath(s)
ignore_dirs.append(s)
Index: Python-2.7.14/Makefile.pre.in
===================================================================
--- Python-2.7.14.orig/Makefile.pre.in
+++ Python-2.7.14/Makefile.pre.in
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -91,6 +91,8 @@ PY_CFLAGS= $(CFLAGS) $(CPPFLAGS) $(CFLAG
# Machine-dependent subdirectories
@ -301,7 +292,7 @@ Index: Python-2.7.14/Makefile.pre.in
# Multiarch directory (may be empty)
MULTIARCH= @MULTIARCH@
@@ -644,6 +646,7 @@ Modules/getpath.o: $(srcdir)/Modules/get
@@ -653,6 +655,7 @@ Modules/getpath.o: $(srcdir)/Modules/get
-DEXEC_PREFIX='"$(exec_prefix)"' \
-DVERSION='"$(VERSION)"' \
-DVPATH='"$(VPATH)"' \
@ -309,7 +300,7 @@ Index: Python-2.7.14/Makefile.pre.in
-o $@ $(srcdir)/Modules/getpath.c
Modules/python.o: $(srcdir)/Modules/python.c
@@ -692,7 +695,7 @@ regen-ast:
@@ -701,7 +704,7 @@ regen-ast:
Python/compile.o Python/symtable.o Python/ast.o: $(srcdir)/Include/graminit.h $(srcdir)/Include/Python-ast.h
Python/getplatform.o: $(srcdir)/Python/getplatform.c
@ -318,10 +309,8 @@ Index: Python-2.7.14/Makefile.pre.in
Python/importdl.o: $(srcdir)/Python/importdl.c
$(CC) -c $(PY_CFLAGS) -I$(DLINCLDIR) -o $@ $(srcdir)/Python/importdl.c
Index: Python-2.7.14/Modules/getpath.c
===================================================================
--- Python-2.7.14.orig/Modules/getpath.c
+++ Python-2.7.14/Modules/getpath.c
--- a/Modules/getpath.c
+++ b/Modules/getpath.c
@@ -100,6 +100,8 @@
#error "PREFIX, EXEC_PREFIX, VERSION, and VPATH must be constant defined"
#endif
@ -340,10 +329,8 @@ Index: Python-2.7.14/Modules/getpath.c
static void
reduce(char *dir)
Index: Python-2.7.14/Python/getplatform.c
===================================================================
--- Python-2.7.14.orig/Python/getplatform.c
+++ Python-2.7.14/Python/getplatform.c
--- a/Python/getplatform.c
+++ b/Python/getplatform.c
@@ -10,3 +10,23 @@ Py_GetPlatform(void)
{
return PLATFORM;
@ -368,10 +355,8 @@ Index: Python-2.7.14/Python/getplatform.c
+{
+ return LIB;
+}
Index: Python-2.7.14/Python/sysmodule.c
===================================================================
--- Python-2.7.14.orig/Python/sysmodule.c
+++ Python-2.7.14/Python/sysmodule.c
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1437,6 +1437,10 @@ _PySys_Init(void)
PyString_FromString(Py_GetCopyright()));
SET_SYS_FROM_STRING("platform",
@ -383,10 +368,8 @@ Index: Python-2.7.14/Python/sysmodule.c
SET_SYS_FROM_STRING("executable",
PyString_FromString(Py_GetProgramFullPath()));
SET_SYS_FROM_STRING("prefix",
Index: Python-2.7.14/setup.py
===================================================================
--- Python-2.7.14.orig/setup.py
+++ Python-2.7.14/setup.py
--- a/setup.py
+++ b/setup.py
@@ -456,7 +456,7 @@ class PyBuildExt(build_ext):
def detect_modules(self):
# Ensure that /usr/local is always used
@ -410,7 +393,7 @@ Index: Python-2.7.14/setup.py
extra_link_args=readline_extra_link_args,
libraries=readline_libs) )
else:
@@ -1941,18 +1941,17 @@ class PyBuildExt(build_ext):
@@ -1933,18 +1933,17 @@ class PyBuildExt(build_ext):
# Check for various platform-specific directories
if host_platform == 'sunos5':
include_dirs.append('/usr/openwin/include')

8
python-2.7.9-ssl_ca_path.patch
View File

@ -1,8 +1,6 @@
Index: Python-2.7.9/Lib/ssl.py
===================================================================
--- Python-2.7.9.orig/Lib/ssl.py 2014-12-10 16:59:40.000000000 +0100
+++ Python-2.7.9/Lib/ssl.py 2015-02-25 17:28:19.538808314 +0100
@@ -504,7 +504,15 @@
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -537,7 +537,15 @@ class SSLSocket(socket):
self._context = SSLContext(ssl_version)
self._context.verify_mode = cert_reqs
if ca_certs:

44
python-base.changes
View File

@ -1,3 +1,47 @@
-------------------------------------------------------------------
Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <mcepl@suse.com>
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
-------------------------------------------------------------------
Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <mcepl@suse.com>
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
Upstream commits e37ef41 and 507bd8c.
-------------------------------------------------------------------
Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <mcepl@suse.com>
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
python-bsddb6.diff
remove-static-libpython.diff
* Update python-2.7.5-multilib.patch to pass with new platlib
regime.
-------------------------------------------------------------------
Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com

21
python-base.spec
View File

@ -17,7 +17,7 @@
Name: python-base
Version: 2.7.15
Version: 2.7.16
Release: 0
Summary: Python Interpreter base package
License: Python-2.0
@ -61,11 +61,6 @@ Patch38: reproducible.patch
Patch40: python-skip_random_failing_tests.patch
# PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263
Patch41: python-sorted_tar.patch
# https://github.com/python/cpython/pull/8771
Patch42: openssl-111.patch
# PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch mcepl@suse.com
# Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch
Patch43: CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834)
Patch47: openssl-111-middlebox-compat.patch
# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
@ -74,6 +69,15 @@ Patch48: openssl-111-ssl_options.patch
# https://github.com/python/cpython/pull/11569
# Fix segfault in ssl's cert parser
Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch
# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
# Initialize sysconfig variables in test_site.
Patch50: bpo36160-init-sysconfig_vars.patch
# PATCH-FIX-UPSTREAM CVE-2019-9636-netloc-no-decompose-characters.patch bsc#1129346 mcepl@suse.com
# https://bugs.python.org/issue36216
Patch51: CVE-2019-9636-netloc-no-decompose-characters.patch
# PATCH-FIX-UPSTREAM CVE-2019-9948-avoid_local-file.patch bsc#1130847 mcepl@suse.com
# removing unnecessary (and potentially harmful) URL scheme local-file://
Patch52: CVE-2019-9948-avoid_local-file.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@ -181,11 +185,12 @@ other applications.
%patch40 -p1
%endif
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac

60
python-bsddb6.diff
View File

@ -16,10 +16,8 @@ This patch was partially autogenerated:
setup.py | 6 +-
6 files changed, 120 insertions(+), 41 deletions(-)
Index: Python-2.7.14/Lib/bsddb/test/test_all.py
===================================================================
--- Python-2.7.14.orig/Lib/bsddb/test/test_all.py
+++ Python-2.7.14/Lib/bsddb/test/test_all.py
--- a/Lib/bsddb/test/test_all.py
+++ b/Lib/bsddb/test/test_all.py
@@ -74,8 +74,9 @@ if sys.version_info[0] >= 3 :
key = key.decode(charset)
return (key, value.decode(charset))
@ -56,10 +54,8 @@ Index: Python-2.7.14/Lib/bsddb/test/test_all.py
print 'My pid: %s' % os.getpid()
print '-=' * 38
Index: Python-2.7.14/Lib/bsddb/test/test_misc.py
===================================================================
--- Python-2.7.14.orig/Lib/bsddb/test/test_misc.py
+++ Python-2.7.14/Lib/bsddb/test/test_misc.py
--- a/Lib/bsddb/test/test_misc.py
+++ b/Lib/bsddb/test/test_misc.py
@@ -46,8 +46,9 @@ class MiscTestCase(unittest.TestCase):
d[repr(i)] = repr(100*i)
db.close()
@ -72,10 +68,8 @@ Index: Python-2.7.14/Lib/bsddb/test/test_misc.py
db.close()
# http://sourceforge.net/tracker/index.php?func=detail&aid=1708868&group_id=13900&atid=313900
Index: Python-2.7.14/Lib/bsddb/test/test_replication.py
===================================================================
--- Python-2.7.14.orig/Lib/bsddb/test/test_replication.py
+++ Python-2.7.14/Lib/bsddb/test/test_replication.py
--- a/Lib/bsddb/test/test_replication.py
+++ b/Lib/bsddb/test/test_replication.py
@@ -165,21 +165,10 @@ class DBReplicationManager(DBReplication
# is not generated if the master has no new transactions.
# This is solved in BDB 4.6 (#15542).
@ -124,10 +118,8 @@ Index: Python-2.7.14/Lib/bsddb/test/test_replication.py
while (time.time()<timeout) and not (self.confirmed_master and
self.client_startupdone) :
time.sleep(0.02)
Index: Python-2.7.14/Modules/_bsddb.c
===================================================================
--- Python-2.7.14.orig/Modules/_bsddb.c
+++ Python-2.7.14/Modules/_bsddb.c
--- a/Modules/_bsddb.c
+++ b/Modules/_bsddb.c
@@ -124,10 +124,14 @@ typedef int Py_ssize_t;
#define NUMBER_Check PyLong_Check
#define NUMBER_AsLong PyLong_AsLong
@ -162,7 +154,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
/* The same, when the value is a time_t */
static void _addTimeTToDict(PyObject* dict, char *name, time_t value)
{
@@ -2655,13 +2671,21 @@ _default_cmp(const DBT *leftKey,
@@ -2677,13 +2693,21 @@ _default_cmp(const DBT *leftKey,
static int
_db_compareCallback(DB* db,
const DBT *leftKey,
@ -185,7 +177,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
if (self == NULL || self->btCompareCallback == NULL) {
MYDB_BEGIN_BLOCK_THREADS;
PyErr_SetString(PyExc_TypeError,
@@ -2769,13 +2793,21 @@ DB_set_bt_compare(DBObject* self, PyObje
@@ -2791,13 +2815,21 @@ DB_set_bt_compare(DBObject* self, PyObje
static int
_db_dupCompareCallback(DB* db,
const DBT *leftKey,
@ -208,7 +200,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
if (self == NULL || self->dupCompareCallback == NULL) {
MYDB_BEGIN_BLOCK_THREADS;
PyErr_SetString(PyExc_TypeError,
@@ -3554,13 +3586,14 @@ Py_ssize_t DB_length(PyObject* _self)
@@ -3576,13 +3608,14 @@ Py_ssize_t DB_length(PyObject* _self)
err = self->db->stat(self->db, /*txnid*/ NULL, &sp, 0);
MYDB_END_ALLOW_THREADS;
@ -226,7 +218,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
free(sp);
return size;
}
@@ -8398,12 +8431,22 @@ static PyObject*
@@ -8420,12 +8453,22 @@ static PyObject*
DBSequence_get(DBSequenceObject* self, PyObject* args, PyObject* kwargs)
{
int err, flags = 0;
@ -250,7 +242,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
return NULL;
CHECK_SEQUENCE_NOT_CLOSED(self)
@@ -8533,8 +8576,19 @@ DBSequence_remove(DBSequenceObject* self
@@ -8555,8 +8598,19 @@ DBSequence_remove(DBSequenceObject* self
static PyObject*
DBSequence_set_cachesize(DBSequenceObject* self, PyObject* args)
{
@ -272,7 +264,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
return NULL;
CHECK_SEQUENCE_NOT_CLOSED(self)
@@ -8549,7 +8603,11 @@ DBSequence_set_cachesize(DBSequenceObjec
@@ -8571,7 +8625,11 @@ DBSequence_set_cachesize(DBSequenceObjec
static PyObject*
DBSequence_get_cachesize(DBSequenceObject* self)
{
@ -285,7 +277,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
CHECK_SEQUENCE_NOT_CLOSED(self)
@@ -8678,6 +8736,9 @@ DBSequence_stat(DBSequenceObject* self,
@@ -8700,6 +8758,9 @@ DBSequence_stat(DBSequenceObject* self,
#define MAKE_INT_ENTRY(name) _addIntToDict(dict_stat, #name, sp->st_##name)
@ -295,7 +287,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
#define MAKE_LONG_LONG_ENTRY(name) _addDb_seq_tToDict(dict_stat, #name, sp->st_##name)
MAKE_INT_ENTRY(wait);
@@ -8687,10 +8748,15 @@ DBSequence_stat(DBSequenceObject* self,
@@ -8709,10 +8770,15 @@ DBSequence_stat(DBSequenceObject* self,
MAKE_LONG_LONG_ENTRY(last_value);
MAKE_LONG_LONG_ENTRY(min);
MAKE_LONG_LONG_ENTRY(max);
@ -311,7 +303,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
#undef MAKE_LONG_LONG_ENTRY
free(sp);
@@ -8992,7 +9058,7 @@ static PyMethodDef DBEnv_methods[] = {
@@ -9014,7 +9080,7 @@ static PyMethodDef DBEnv_methods[] = {
{"txn_recover", (PyCFunction)DBEnv_txn_recover, METH_NOARGS},
#if (DBVER < 48)
{"set_rpc_server", (PyCFunction)DBEnv_set_rpc_server,
@ -320,7 +312,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
#endif
{"set_mp_max_openfd", (PyCFunction)DBEnv_set_mp_max_openfd, METH_VARARGS},
{"get_mp_max_openfd", (PyCFunction)DBEnv_get_mp_max_openfd, METH_NOARGS},
@@ -9964,6 +10030,10 @@ PyMODINIT_FUNC PyInit__bsddb(void) /
@@ -9986,6 +10052,10 @@ PyMODINIT_FUNC PyInit__bsddb(void) /
ADD_INT(d, DB_LOG_ZERO);
#endif
@ -331,7 +323,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
#if (DBVER >= 44)
ADD_INT(d, DB_DSYNC_DB);
#endif
@@ -10024,6 +10094,10 @@ PyMODINIT_FUNC PyInit__bsddb(void) /
@@ -10046,6 +10116,10 @@ PyMODINIT_FUNC PyInit__bsddb(void) /
ADD_INT(d, DB_EVENT_REG_PANIC);
#endif
@ -342,7 +334,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
#if (DBVER >=52)
ADD_INT(d, DB_EVENT_REP_SITE_ADDED);
ADD_INT(d, DB_EVENT_REP_SITE_REMOVED);
@@ -10128,6 +10202,20 @@ PyMODINIT_FUNC PyInit__bsddb(void) /
@@ -10150,6 +10224,20 @@ PyMODINIT_FUNC PyInit__bsddb(void) /
ADD_INT(d, DB_REP_CONF_INMEM);
#endif
@ -363,10 +355,8 @@ Index: Python-2.7.14/Modules/_bsddb.c
ADD_INT(d, DB_TIMEOUT);
#if (DBVER >= 50)
Index: Python-2.7.14/Modules/bsddb.h
===================================================================
--- Python-2.7.14.orig/Modules/bsddb.h
+++ Python-2.7.14/Modules/bsddb.h
--- a/Modules/bsddb.h
+++ b/Modules/bsddb.h
@@ -110,7 +110,7 @@
#error "eek! DBVER can't handle minor versions > 9"
#endif
@ -376,10 +366,8 @@ Index: Python-2.7.14/Modules/bsddb.h
/* Python object definitions */
Index: Python-2.7.14/setup.py
===================================================================
--- Python-2.7.14.orig/setup.py
+++ Python-2.7.14/setup.py
--- a/setup.py
+++ b/setup.py
@@ -905,7 +905,7 @@ class PyBuildExt(build_ext):
# a release. Most open source OSes come with one or more
# versions of BerkeleyDB already installed.

21
python-doc.spec
View File

@ -17,7 +17,7 @@
Name: python-doc
Version: 2.7.15
Version: 2.7.16
Release: 0
Summary: Additional Package Documentation for Python
License: Python-2.0
@ -61,11 +61,6 @@ Patch38: reproducible.patch
Patch40: python-skip_random_failing_tests.patch
# PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263
Patch41: python-sorted_tar.patch
# https://github.com/python/cpython/pull/8771
Patch42: openssl-111.patch
# PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch mcepl@suse.com
# Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch
Patch43: CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834)
Patch47: openssl-111-middlebox-compat.patch
# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
@ -74,6 +69,15 @@ Patch48: openssl-111-ssl_options.patch
# https://github.com/python/cpython/pull/11569
# Fix segfault in ssl's cert parser
Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch
# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
# Initialize sysconfig variables in test_site.
Patch50: bpo36160-init-sysconfig_vars.patch
# PATCH-FIX-UPSTREAM CVE-2019-9636-netloc-no-decompose-characters.patch bsc#1129346 mcepl@suse.com
# https://bugs.python.org/issue36216
Patch51: CVE-2019-9636-netloc-no-decompose-characters.patch
# PATCH-FIX-UPSTREAM CVE-2019-9948-avoid_local-file.patch bsc#1130847 mcepl@suse.com
# removing unnecessary (and potentially harmful) URL scheme local-file://
Patch52: CVE-2019-9948-avoid_local-file.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@ -127,11 +131,12 @@ Python, and Macintosh Module Reference in PDF format.
%patch40 -p1
%endif
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac

21
python.spec
View File

@ -17,7 +17,7 @@
Name: python
Version: 2.7.15
Version: 2.7.16
Release: 0
Summary: Python Interpreter
License: Python-2.0
@ -66,11 +66,6 @@ Patch38: reproducible.patch
Patch40: python-skip_random_failing_tests.patch
# PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263
Patch41: python-sorted_tar.patch
# https://github.com/python/cpython/pull/8771
Patch42: openssl-111.patch
# PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch mcepl@suse.com
# Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch
Patch43: CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834)
Patch47: openssl-111-middlebox-compat.patch
# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
@ -79,6 +74,15 @@ Patch48: openssl-111-ssl_options.patch
# https://github.com/python/cpython/pull/11569
# Fix segfault in ssl's cert parser
Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch
# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
# Initialize sysconfig variables in test_site.
Patch50: bpo36160-init-sysconfig_vars.patch
# PATCH-FIX-UPSTREAM CVE-2019-9636-netloc-no-decompose-characters.patch bsc#1129346 mcepl@suse.com
# https://bugs.python.org/issue36216
Patch51: CVE-2019-9636-netloc-no-decompose-characters.patch
# PATCH-FIX-UPSTREAM CVE-2019-9948-avoid_local-file.patch bsc#1130847 mcepl@suse.com
# removing unnecessary (and potentially harmful) URL scheme local-file://
Patch52: CVE-2019-9948-avoid_local-file.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@ -233,11 +237,12 @@ that rely on earlier non-verification behavior.
%patch40 -p1
%endif
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac

12
remove-static-libpython.diff
View File

@ -1,8 +1,6 @@
Index: Python-2.7.6/Makefile.pre.in
===================================================================
--- Python-2.7.6.orig/Makefile.pre.in 2013-11-19 17:36:56.968106247 +0100
+++ Python-2.7.6/Makefile.pre.in 2013-11-19 17:36:56.972106270 +0100
@@ -438,7 +438,7 @@
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -488,7 +488,7 @@ coverage-report: regen-grammar
# Build the interpreter
@ -11,7 +9,7 @@ Index: Python-2.7.6/Makefile.pre.in
$(LINKCC) $(LDFLAGS) $(LINKFORSHARED) -o $@ \
Modules/python.o \
$(BLDLIBRARY) $(LIBS) $(MODLIBS) $(SYSLIBS) $(LDLAST)
@@ -465,18 +465,6 @@
@@ -529,18 +529,6 @@ sharedmods: $(BUILDPYTHON) pybuilddir.tx
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
$(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build
@ -30,7 +28,7 @@ Index: Python-2.7.6/Makefile.pre.in
libpython$(VERSION).so: $(LIBRARY_OBJS)
if test $(INSTSONAME) != $(LDLIBRARY); then \
$(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \
@@ -1094,18 +1082,6 @@
@@ -1220,18 +1208,6 @@ libainstall: @DEF_MAKE_RULE@ python-conf
else true; \
fi; \
done