Accepting request 1003076 from home:bmwiedemann:branches:devel:languages:python:Factory

- Add bpo34990-2038-problem-compileall.patch making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171), backport of fix to Python 2.7. OBS-URL: https://build.opensuse.org/request/show/1003076 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=332
2022-09-15 07:46:07 +00:00 · 2022-09-15 07:46:07 +00:00 · eb3f10bd75
commit eb3f10bd75
parent de85457a6c
7 changed files with 169 additions and 0 deletions
--- a/bpo34990-2038-problem-compileall.patch
+++ b/bpo34990-2038-problem-compileall.patch
@ -0,0 +1,142 @@
 From 9d3b6b2472f7c7ef841e652825de652bc8af85d7 Mon Sep 17 00:00:00 2001
 From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
 Date: Tue, 24 Aug 2021 08:07:31 -0700
 Subject: [PATCH] [3.9] bpo-34990: Treat the pyc header's mtime in compileall
 as an unsigned int (GH-19708)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 (cherry picked from commit bb21e28fd08f894ceff2405544a2f257d42b1354)
 Co-authored-by: Ammar Askar <ammar@ammaraskar.com>
 Co-authored-by: Stéphane Wirtel <stephane@wirtel.be>
 ported to python-2.7 by Bernhard M. Wiedemann <bwiedemann suse de>
 diff --git a/Lib/compileall.py b/Lib/compileall.py
 index 5cfa8be..193147e 100644
 --- a/Lib/compileall.py
 +++ b/Lib/compileall.py
@@ -85,7 +85,7 @@ def compile_file(fullname, ddir=None, force=0, rx=None, quiet=0):
             if not force:
                 try:
                     mtime = int(os.stat(fullname).st_mtime)
 -                    expect = struct.pack('<4sl', imp.get_magic(), mtime)
 +                    expect = struct.pack('<4sL', imp.get_magic(), mtime & 0xFFFFFFFF)
                     cfile = fullname + (__debug__ and 'c' or 'o')
                     with open(cfile, 'rb') as chandle:
                         actual = chandle.read(8)
 diff --git a/Lib/test/test_compileall.py b/Lib/test/test_compileall.py
 index d3a26db..0907f59 100644
 --- a/Lib/test/test_compileall.py
 +++ b/Lib/test/test_compileall.py
@@ -28,7 +28,7 @@ class CompileallTests(unittest.TestCase):
         with open(self.bc_path, 'rb') as file:
             data = file.read(8)
         mtime = int(os.stat(self.source_path).st_mtime)
 -        compare = struct.pack('<4sl', imp.get_magic(), mtime)
 +        compare = struct.pack('<4sL', imp.get_magic(), mtime & 0xFFFFFFFF)
         return data, compare
     @unittest.skipUnless(hasattr(os, 'stat'), 'test needs os.stat()')
@@ -48,7 +48,7 @@ class CompileallTests(unittest.TestCase):
     def test_mtime(self):
         # Test a change in mtime leads to a new .pyc.
 -        self.recreation_check(struct.pack('<4sl', imp.get_magic(), 1))
 +        self.recreation_check(struct.pack('<4sL', imp.get_magic(), 1))
     def test_magic_number(self):
         # Test a change in mtime leads to a new .pyc.
 diff --git a/Lib/test/test_zipimport.py b/Lib/test/test_zipimport.py
 index a66738a..e333582 100644
 --- a/Lib/test/test_zipimport.py
 +++ b/Lib/test/test_zipimport.py
@@ -27,13 +27,7 @@ raise_src = 'def do_raise(): raise TypeError\n'
 def make_pyc(co, mtime):
     data = marshal.dumps(co)
 -    if type(mtime) is type(0.0):
 -        # Mac mtimes need a bit of special casing
 -        if mtime < 0x7fffffff:
 -            mtime = int(mtime)
 -        else:
 -            mtime = int(-0x100000000L + long(mtime))
 -    pyc = imp.get_magic() + struct.pack("<i", int(mtime)) + data
 +    pyc = imp.get_magic() + struct.pack("<L", int(mtime) & 0xFFFFFFFF) + data
     return pyc
 def module_path_to_dotted_name(path):
@@ -184,6 +178,14 @@ class UncompressedZipImportTestCase(ImportHooksBaseTestCase):
                  TESTMOD + pyc_ext: (NOW, badtime_pyc)}
         self.doTest(".py", files, TESTMOD)
 +    def test2038MTime(self):
 +        # Make sure we can handle mtimes larger than what a 32-bit signed number
 +        # can hold.
 +        twenty_thirty_eight_pyc = make_pyc(test_co, 2**32 - 1)
 +        files = {TESTMOD + ".py": (NOW, test_src),
 +                 TESTMOD + pyc_ext: (NOW, twenty_thirty_eight_pyc)}
 +        self.doTest(".py", files, TESTMOD)
 +
     def testPackage(self):
         packdir = TESTPACK + os.sep
         files = {packdir + "__init__" + pyc_ext: (NOW, test_pyc),
 ==========
 Author: Bernhard M. Wiedemann <bwiedemann suse de>
 Date: 2022-09-13
 More y2038 fixes that are only needed for python2.7
 diff --git a/Lib/compiler/pycodegen.py b/Lib/compiler/pycodegen.py
 index 6515945..21d52bb 100644
 --- a/Lib/compiler/pycodegen.py
 +++ b/Lib/compiler/pycodegen.py
@@ -128,7 +128,7 @@ class Module(AbstractCompileMode):
         # to indicate the type of the value.  simplest way to get the
         # same effect is to call marshal and then skip the code.
         mtime = os.path.getmtime(self.filename)
 -        mtime = struct.pack('<i', mtime)
 +        mtime = struct.pack('<L', mtime & 0xFFFFFFFF)
         return self.MAGIC + mtime
 class LocalNameFinder:
 diff --git a/Lib/test/test_gzip.py b/Lib/test/test_gzip.py
 index cdb1af5..6344ef2 100644
 --- a/Lib/test/test_gzip.py
 +++ b/Lib/test/test_gzip.py
@@ -265,7 +265,7 @@ class TestGzip(unittest.TestCase):
             self.assertEqual(flagsByte, '\x08') # only the FNAME flag is set
             mtimeBytes = fRead.read(4)
 -            self.assertEqual(mtimeBytes, struct.pack('<i', mtime)) # little-endian
 +            self.assertEqual(mtimeBytes, struct.pack('<L', mtime & 0xFFFFFFFF)) # little-endian
             xflByte = fRead.read(1)
             self.assertEqual(xflByte, '\x02') # maximum compression
 diff --git a/Python/import.c b/Python/import.c
 index b79354b..3efd17f 100644
 --- a/Python/import.c
 +++ b/Python/import.c
@@ -810,7 +810,7 @@ check_compiled_module(char *pathname, time_t mtime, char *cpathname)
 {
     FILE *fp;
     long magic;
 -    long pyc_mtime;
 +    unsigned long pyc_mtime;
     fp = fopen(cpathname, "rb");
     if (fp == NULL)
@@ -823,7 +823,7 @@ check_compiled_module(char *pathname, time_t mtime, char *cpathname)
         return NULL;
     }
     pyc_mtime = PyMarshal_ReadLongFromFile(fp);
 -    if (pyc_mtime != mtime) {
 +    if ((pyc_mtime&0xFFFFFFFF) != (((unsigned long)mtime)&0xFFFFFFFF)) {
         if (Py_VerboseFlag)
             PySys_WriteStderr("# %s has bad mtime\n", cpathname);
         fclose(fp);
--- a/python-base.changes
+++ b/python-base.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Sep 13 04:06:02 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>
 - Add bpo34990-2038-problem-compileall.patch making compileall.py
  compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 2.7.
 -------------------------------------------------------------------
 Wed Sep  7 04:46:44 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
--- a/python-base.spec
+++ b/python-base.spec
@ -133,6 +133,7 @@ Patch70:        CVE-2015-20107-mailcap-unsafe-filenames.patch
 # PATCH-FIX-UPSTREAM CVE-2021-28861 bsc#1202624
 # Coerce // to / in Lib/BaseHTTPServer.py
 Patch71:        CVE-2021-28861-double-slash-path.patch
 Patch72:        bpo34990-2038-problem-compileall.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@ -270,6 +271,7 @@ other applications.
 %patch69 -p1
 %patch70 -p1
 %patch71 -p1
 %patch72 -p1
 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar
--- a/python-doc.changes
+++ b/python-doc.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Sep 13 04:06:02 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>
 - Add bpo34990-2038-problem-compileall.patch making compileall.py
  compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 2.7.
 -------------------------------------------------------------------
 Wed Sep  7 04:46:44 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
--- a/python-doc.spec
+++ b/python-doc.spec
@ -132,6 +132,7 @@ Patch70:        CVE-2015-20107-mailcap-unsafe-filenames.patch
 # PATCH-FIX-UPSTREAM CVE-2021-28861 bsc#1202624
 # Coerce // to / in Lib/BaseHTTPServer.py
 Patch71:        CVE-2021-28861-double-slash-path.patch
 Patch72:        bpo34990-2038-problem-compileall.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc = %{version}
 Provides:       pyth_ps = %{version}
@ -207,6 +208,7 @@ Python, and Macintosh Module Reference in PDF format.
 %patch69 -p1
 %patch70 -p1
 %patch71 -p1
 %patch72 -p1
 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar
--- a/python.changes
+++ b/python.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Sep 13 04:06:02 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>
 - Add bpo34990-2038-problem-compileall.patch making compileall.py
  compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 2.7.
 -------------------------------------------------------------------
 Wed Sep  7 04:46:44 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
--- a/python.spec
+++ b/python.spec
@ -132,6 +132,7 @@ Patch70:        CVE-2015-20107-mailcap-unsafe-filenames.patch
 # PATCH-FIX-UPSTREAM CVE-2021-28861 bsc#1202624
 # Coerce // to / in Lib/BaseHTTPServer.py
 Patch71:        CVE-2021-28861-double-slash-path.patch
 Patch72:        bpo34990-2038-problem-compileall.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@ -323,6 +324,7 @@ that rely on earlier non-verification behavior.
 %patch69 -p1
 %patch70 -p1
 %patch71 -p1
 %patch72 -p1
 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar