Accepting request 753190 from devel:languages:python:Factory

- Move /etc/pythonstart script to shared-python-startup package. - Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792 - Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local. - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames. - Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056] - bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812 no error will be raised (CVE-2019-9636). remove-static-libpython.patch - bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623. - bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch OBS-URL: https://build.opensuse.org/request/show/753190 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=144
2019-12-07 14:14:50 +00:00 · 2019-12-07 14:14:50 +00:00 · 8c3fa96793
commit 8c3fa96793
parent 35b7abfdc2 2c21a466d3
15 changed files with 4331 additions and 225 deletions
--- a/CVE-2017-18207.patch
+++ b/CVE-2017-18207.patch
@ -0,0 +1,22 @@
+From ae0ed14794ced2c51c822fc6f0d3ca92064619dd Mon Sep 17 00:00:00 2001
+From: BT123 <abcdyzhang@163.com>
+Date: Fri, 17 Nov 2017 16:45:45 +0800
+Subject: [PATCH] bug in wave.py
+
+---
+ Lib/wave.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+Index: Python-2.7.13/Lib/wave.py
+===================================================================
+--- Python-2.7.13.orig/Lib/wave.py	2018-06-07 17:00:25.370728844 +0000
+++ Python-2.7.13/Lib/wave.py	2018-06-07 17:02:51.768202800 +0000
+@@ -272,6 +272,8 @@ class Wave_read:
+             self._sampwidth = (sampwidth + 7) // 8
+         else:
+             raise Error, 'unknown format: %r' % (wFormatTag,)
+        if self._nchannels == 0:
+            raise Error, "The audio file in wav format should have at least one channel!"
+         self._framesize = self._nchannels * self._sampwidth
+         self._comptype = 'NONE'
+         self._compname = 'not compressed'
--- a/adapted-from-F00251-change-user-install-location.patch
+++ b/adapted-from-F00251-change-user-install-location.patch
@ -0,0 +1,40 @@
+Index: Python-2.7.17/Lib/distutils/command/install.py
+===================================================================
+--- Python-2.7.17.orig/Lib/distutils/command/install.py
+++ Python-2.7.17/Lib/distutils/command/install.py
+@@ -431,8 +431,18 @@ class install (Command):
+                     raise DistutilsOptionError, \
+                           "must not supply exec-prefix without prefix"
+ 
+-                self.prefix = os.path.normpath(sys.prefix)
+-                self.exec_prefix = os.path.normpath(sys.exec_prefix)
+                # self.prefix is set to sys.prefix + /local/
+                # if neither RPM build nor virtual environment is
+                # detected to make pip and distutils install packages
+                # into the separate location.
+                if (not hasattr(sys, 'real_prefix') and
+                    'RPM_BUILD_ROOT' not in os.environ):
+                    addition = "/local"
+                else:
+                    addition = ""
+
+                self.prefix = os.path.normpath(sys.prefix) + addition
+                self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition
+ 
+             else:
+                 if self.exec_prefix is None:
+Index: Python-2.7.17/Lib/site.py
+===================================================================
+--- Python-2.7.17.orig/Lib/site.py
+++ Python-2.7.17/Lib/site.py
+@@ -291,6 +291,10 @@ def getsitepackages():
+     sitepackages = []
+     seen = set()
+ 
+    # '/usr/local' is included in PREFIXES if RPM build is not detected
+    # to make packages installed into this location visible.
+    if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ:
+        PREFIXES.insert(0, "/usr/local")
+     for prefix in PREFIXES:
+         if not prefix or prefix in seen:
+             continue
--- a/macros.python2
+++ b/macros.python2
@ -1,10 +1,8 @@
 # legacy macros. commented but kept for the sake of possible recovery of their values
-#%py_ver			%(python -c "import sys; v=sys.version_info[:2]; print '%%d.%%d'%%v" 2>/dev/null || echo PYTHON-NOT-FOUND)
-#%py_prefix		%(python -c "import sys; print sys.prefix" 2>/dev/null || echo PYTHON-NOT-FOUND)
-#%py_libdir		%{py_prefix}/%{_lib}/python%{py_ver}
-#%py_incdir		%{py_prefix}/include/python%{py_ver}
-#%py_sitedir		%{py_libdir}/site-packages
-#%__python2              /usr/bin/python2
+%py_prefix		%(python -c "import sys; print sys.prefix" 2>/dev/null || echo PYTHON-NOT-FOUND)
+%py_libdir		%{py_prefix}/%{_lib}/python%{py_ver}
+%py_incdir		%{py_prefix}/include/python%{py_ver}
+%py_sitedir		%{py_libdir}/site-packages

 # these might be still in use somewhere
 %py_compile(O)	\
--- a/pre_checkin.sh
+++ b/pre_checkin.sh
@ -9,3 +9,7 @@ for spec in python-doc.spec python.spec; do
  sed -n -e '/COMMON-PREP-END/,$p' $spec;
 } | uniq > $spec.tmp && mv $spec.tmp $spec
 done
+
+# I really don't want to keep all three *.changes files separate
+cp python-base.changes python.changes
+cp python-base.changes python-doc.changes
--- a/python-base.changes
+++ b/python-base.changes
--- a/python-base.spec
+++ b/python-base.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-base
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@ Release:        0
 Summary:        Python Interpreter base package
 License:        Python-2.0
 Group:          Development/Languages/Python
-Url:            http://www.python.org/
+URL:            http://www.python.org/
 %define         tarversion %{version}
 %define         tarname Python-%{tarversion}
 Source0:        http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz
@ -43,12 +43,12 @@ Patch7:         python-2.6-gettext-plurals.patch
 Patch8:         python-2.6b3-curses-panel.patch
 Patch10:        sparc_longdouble.patch
 Patch13:        python-2.7.2-fix_date_time_compiler.patch
-Patch17:        remove-static-libpython.diff
+Patch17:        remove-static-libpython.patch
 # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
 Patch20:        python-bundle-lang.patch
 # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64
 Patch22:        python-2.7-libffi-aarch64.patch
-Patch24:        python-bsddb6.diff
+Patch24:        python-bsddb6.patch
 # PATCH-FIX-UPSTREAM accept directory-based CA paths as well
 Patch33:        python-2.7.9-ssl_ca_path.patch
 # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients
@ -66,14 +66,23 @@ Patch47:        openssl-111-middlebox-compat.patch
 # PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
 Patch48:        openssl-111-ssl_options.patch
 # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 mcepl@suse.com
-# https://github.com/python/cpython/pull/11569
+# gh#python/cpython#11569
 # Fix segfault in ssl's cert parser
 Patch49:        CVE-2019-5010-null-defer-x509-cert-DOS.patch
 # PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
 # Initialize sysconfig variables in test_site.
 Patch50:        bpo36160-init-sysconfig_vars.patch
-# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341
+# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 psimons@suse.com
+# Add check for channels of wav file in Lib/wave.py
+Patch51:        CVE-2017-18207.patch
+# PATCH-FIX-UPSTREAM gh#python/cpython#12341
 Patch55:        bpo36302-sort-module-sources.patch
+# Fix installation in /usr/local (boo#1071941), adapted from Fedora
+# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch
+# Set values of prefix and exec_prefix in distutils install command
+# to /usr/local if executable is /usr/bin/python* and RPM build
+# is not detected to make pip and distutils install into separate location
+Patch56:        adapted-from-F00251-change-user-install-location.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@ -185,7 +194,9 @@ other applications.
 %patch48 -p1
 %patch49 -p1
 %patch50 -p1
+%patch51 -p1
 %patch55 -p1
+%patch56 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
--- a/python-bsddb6.patch
+++ b/python-bsddb6.patch
--- a/python-doc.changes
+++ b/python-doc.changes
--- a/python-doc.spec
+++ b/python-doc.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-doc
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@ Release:        0
 Summary:        Additional Package Documentation for Python
 License:        Python-2.0
 Group:          Development/Languages/Python
-Url:            http://www.python.org/
+URL:            http://www.python.org/
 %define         tarname Python-%{version}
 Source0:        %{tarname}.tar.xz
 # docs for current version are regenerated every day
@ -43,12 +43,12 @@ Patch7:         python-2.6-gettext-plurals.patch
 Patch8:         python-2.6b3-curses-panel.patch
 Patch10:        sparc_longdouble.patch
 Patch13:        python-2.7.2-fix_date_time_compiler.patch
-Patch17:        remove-static-libpython.diff
+Patch17:        remove-static-libpython.patch
 # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
 Patch20:        python-bundle-lang.patch
 # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64
 Patch22:        python-2.7-libffi-aarch64.patch
-Patch24:        python-bsddb6.diff
+Patch24:        python-bsddb6.patch
 # PATCH-FIX-UPSTREAM accept directory-based CA paths as well
 Patch33:        python-2.7.9-ssl_ca_path.patch
 # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients
@ -66,14 +66,23 @@ Patch47:        openssl-111-middlebox-compat.patch
 # PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
 Patch48:        openssl-111-ssl_options.patch
 # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 mcepl@suse.com
-# https://github.com/python/cpython/pull/11569
+# gh#python/cpython#11569
 # Fix segfault in ssl's cert parser
 Patch49:        CVE-2019-5010-null-defer-x509-cert-DOS.patch
 # PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
 # Initialize sysconfig variables in test_site.
 Patch50:        bpo36160-init-sysconfig_vars.patch
-# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341
+# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 psimons@suse.com
+# Add check for channels of wav file in Lib/wave.py
+Patch51:        CVE-2017-18207.patch
+# PATCH-FIX-UPSTREAM gh#python/cpython#12341
 Patch55:        bpo36302-sort-module-sources.patch
+# Fix installation in /usr/local (boo#1071941), adapted from Fedora
+# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch
+# Set values of prefix and exec_prefix in distutils install command
+# to /usr/local if executable is /usr/bin/python* and RPM build
+# is not detected to make pip and distutils install into separate location
+Patch56:        adapted-from-F00251-change-user-install-location.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc
 Provides:       pyth_ps
@ -131,7 +140,9 @@ Python, and Macintosh Module Reference in PDF format.
 %patch48 -p1
 %patch49 -p1
 %patch50 -p1
+%patch51 -p1
 %patch55 -p1
+%patch56 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
--- a/python.changes
+++ b/python.changes
--- a/python.csh
+++ b/python.csh
@ -1,2 +0,0 @@
-# add python startup script for interactive sessions
-setenv PYTHONSTARTUP /etc/pythonstart
--- a/python.sh
+++ b/python.sh
@ -1,2 +0,0 @@
-# add python startup script for interactive sessions
-export PYTHONSTARTUP=/etc/pythonstart
--- a/python.spec
+++ b/python.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -22,14 +22,11 @@ Release:        0
 Summary:        Python Interpreter
 License:        Python-2.0
 Group:          Development/Languages/Python
-Url:            http://www.python.org/
+URL:            http://www.python.org/
 %define         tarversion %{version}
 %define         tarname Python-%{tarversion}
 Source0:        http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz
 Source1:        README.SUSE
-Source2:        pythonstart
-Source3:        python.sh
-Source4:        python.csh
 Source8:        sle_tls_checks_policy.py
 #Source11:       testfiles.tar.bz2
 # issues with copyrighted Unicode testing files
@ -48,12 +45,12 @@ Patch7:         python-2.6-gettext-plurals.patch
 Patch8:         python-2.6b3-curses-panel.patch
 Patch10:        sparc_longdouble.patch
 Patch13:        python-2.7.2-fix_date_time_compiler.patch
-Patch17:        remove-static-libpython.diff
+Patch17:        remove-static-libpython.patch
 # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
 Patch20:        python-bundle-lang.patch
 # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64
 Patch22:        python-2.7-libffi-aarch64.patch
-Patch24:        python-bsddb6.diff
+Patch24:        python-bsddb6.patch
 # PATCH-FIX-UPSTREAM accept directory-based CA paths as well
 Patch33:        python-2.7.9-ssl_ca_path.patch
 # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients
@ -71,14 +68,23 @@ Patch47:        openssl-111-middlebox-compat.patch
 # PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
 Patch48:        openssl-111-ssl_options.patch
 # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 mcepl@suse.com
-# https://github.com/python/cpython/pull/11569
+# gh#python/cpython#11569
 # Fix segfault in ssl's cert parser
 Patch49:        CVE-2019-5010-null-defer-x509-cert-DOS.patch
 # PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
 # Initialize sysconfig variables in test_site.
 Patch50:        bpo36160-init-sysconfig_vars.patch
-# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341
+# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 psimons@suse.com
+# Add check for channels of wav file in Lib/wave.py
+Patch51:        CVE-2017-18207.patch
+# PATCH-FIX-UPSTREAM gh#python/cpython#12341
 Patch55:        bpo36302-sort-module-sources.patch
+# Fix installation in /usr/local (boo#1071941), adapted from Fedora
+# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch
+# Set values of prefix and exec_prefix in distutils install command
+# to /usr/local if executable is /usr/bin/python* and RPM build
+# is not detected to make pip and distutils install into separate location
+Patch56:        adapted-from-F00251-change-user-install-location.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@ -236,7 +242,9 @@ that rely on earlier non-verification behavior.
 %patch48 -p1
 %patch49 -p1
 %patch50 -p1
+%patch51 -p1
 %patch55 -p1
+%patch56 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
@ -420,12 +428,6 @@ install -d -m755 %{buildroot}%{_sysconfdir}/%{idle_name}
        ln -sf /etc/%{idle_name}/$file  %{buildroot}/%{_libdir}/python%{python_version}/idlelib/
    done
 )
-########################################
-# startup script
-########################################
-install -m 644 %{SOURCE2} %{buildroot}/etc
-install -d -m 755 %{buildroot}%{_sysconfdir}/profile.d
-install -m 644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d

 %post -p /sbin/ldconfig

@ -476,8 +478,6 @@ install -m 644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d
 %doc %{_docdir}/%{name}/README
 %doc %{_docdir}/%{name}/LICENSE
 %doc %{_docdir}/%{name}/README.SUSE
-%config %{_sysconfdir}/pythonstart
-%config %{_sysconfdir}/profile.d/python.*
 %dir %{_libdir}/python%{python_version}
 %{_libdir}/python%{python_version}/ssl.py*
 %{_libdir}/python%{python_version}/bsddb
--- a/33
+++ b/33
@ -1,33 +0,0 @@
-# startup script for python to enable saving of interpreter history and
-# enabling name completion
-
-# import needed modules
-import atexit
-import os
-import readline
-import rlcompleter
-
-# where is history saved
-historyPath = os.path.expanduser("~/.pyhistory")
-
-# handler for saving history
-def save_history(historyPath=historyPath):
-    import readline
-    try:
-        readline.write_history_file(historyPath)
-    except:
-        pass
-
-# read history, if it exists
-if os.path.exists(historyPath):
-    readline.set_history_length(10000)
-    readline.read_history_file(historyPath)
-
-# register saving handler
-atexit.register(save_history)
-
-# enable completion
-readline.parse_and_bind('tab: complete')
-
-# cleanup
-del os, atexit, readline, rlcompleter, save_history, historyPath
--- a/remove-static-libpython.patch
+++ b/remove-static-libpython.patch