pool/python
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 238381 from devel:languages:python:Factory

Browse Source 
- update to 2.7.7
  * bugfix-only release, over a hundred bugs fixed
  * backported hmac.compare_digest from python3, first step of PEP 466
- drop upstreamed patches:
  * CVE-2014-1912-recvfrom_into.patch
  * python-2.7.4-no-REUSEPORT.patch
  * python-2.7.6-bdist-rpm.patch
  * python-2.7.6-imaplib.patch
  * python-2.7.6-sqlite-3.8.4-tests.patch
- refresh patches:
  * python-2.7.3-ssl_ca_path.patch
  * python-2.7.4-canonicalize2.patch
  * xmlrpc_gzip_27.patch
- added python keyring and signature for the main tarball

OBS-URL: https://build.opensuse.org/request/show/238381
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=106
This commit is contained in:
Stephan Kulow 2014-06-25 13:24:03 +00:00 committed by Git OBS Bridge
commit f32b030398
24 changed files with 150 additions and 318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2014-1912-recvfrom_into.patch
View File

@ -1,56 +0,0 @@
# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1389671978 18000
# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9
# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8
complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
Index: Python-2.7.6/Lib/test/test_socket.py
===================================================================
--- Python-2.7.6.orig/Lib/test/test_socket.py 2013-11-10 08:36:40.000000000 +0100
+++ Python-2.7.6/Lib/test/test_socket.py 2014-02-13 18:04:12.710244327 +0100
@@ -1616,6 +1616,16 @@
_testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ def testRecvFromIntoSmallBuffer(self):
+ # See issue #20246.
+ buf = bytearray(8)
+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
+
+ def _testRecvFromIntoSmallBuffer(self):
+ with test_support.check_py3k_warnings():
+ buf = buffer(MSG)
+ self.serv_conn.send(buf)
+
TIPC_STYPE = 2000
TIPC_LOWER = 200
Index: Python-2.7.6/Misc/ACKS
===================================================================
--- Python-2.7.6.orig/Misc/ACKS 2013-11-10 08:36:41.000000000 +0100
+++ Python-2.7.6/Misc/ACKS 2014-02-13 18:04:12.710244327 +0100
@@ -973,6 +973,7 @@
Christopher Smith
Gregory P. Smith
Roy Smith
+Ryan Smith-Roberts
Rafal Smotrzyk
Dirk Soede
Paul Sokolovsky
Index: Python-2.7.6/Modules/socketmodule.c
===================================================================
--- Python-2.7.6.orig/Modules/socketmodule.c 2013-11-10 08:36:41.000000000 +0100
+++ Python-2.7.6/Modules/socketmodule.c 2014-02-13 18:04:12.711244332 +0100
@@ -2742,6 +2742,10 @@
if (recvlen == 0) {
/* If nbytes was not specified, use the buffer's length */
recvlen = buflen;
+ } else if (recvlen > buflen) {
+ PyErr_SetString(PyExc_ValueError,
+ "nbytes is greater than the length of the buffer");
+ goto error;
}
readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);

3
Python-2.7.6.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1fd68e81f8bf7386ff239b7faee9ba387129d2cf34eab13350bd8503a0bff6a1
size 10431288

3
Python-2.7.7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2983e3cd089b30c50e2b2234f07c2ac4fb8a5df230ab8f2e1133a1d8b208da78
size 10496500

17
Python-2.7.7.tar.xz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTiinXAAoJEATDZ8IYrdT/rp4P/Rnl1l4O3LgrL+F96ASNqzRJ
b2lxcgEzbiuSCxYTsHrNb8nElcl2XozkDb3IOGT9s2dpl0NobcrYkQ5ia0/Tk6XP
mJ4B99mIiFJfAssBBIZglG6I2xiJHaV/XNzZj6NIvGrvyyeuW8GqOOG1KDME4UyQ
JRqnozC0O1YNzaHmppDjRaKea9ualmmLiAC3N2J6svtB97AkKrUsxFPdqLso776T
119ZlZ6MEQx5hs8YgJ+J62gBKzkP/m2yiSu0tf36QUxsYISWlbwjyvqS6cuzRNjl
VXlXyKTq7RcU/10VvLYENnA0U5dXIFKZv4BWCj/4wHmujEz2DenwziXUVb38ot+K
bAXk9OMUVHzzFwny0pLbQxFXOAXopUx3qtcwXSiOoaK72VxqhKqLH/UP6rL7n3tn
Un4wpNYA6pd3O4dZVIbZ3IjfueTasGdKdX6DxLjlvD916w0+zeiYZeohCe/HeT93
+Yp4tibpexHPqgln+6/M17Oj8ungqyuD6Y91mPyfOhr8FoPK1z/NyLQit8f97Mkl
OJkqOfqoNfOxPPuP1oiN4rb4EttkmFtJ45BOsfsksXDF9IIDKwonOSxDbeTekW8Z
RGg2FKXFsnOSpH+NcEkPizY5vsYB7DUH7NB992ovZmUUmUuAS6n0wNyiUqwtQN60
sFbdz+EXOO6KTcQx0y3z
=tcoa
-----END PGP SIGNATURE-----

12
python-2.7.3-ssl_ca_path.patch
View File

@ -1,16 +1,16 @@
Index: Python-2.7.5/Modules/_ssl.c
Index: Python-2.7.7/Modules/_ssl.c
===================================================================
--- Python-2.7.5.orig/Modules/_ssl.c
+++ Python-2.7.5/Modules/_ssl.c
@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
--- Python-2.7.7.orig/Modules/_ssl.c 2014-06-20 14:34:28.157656595 +0200
+++ Python-2.7.7/Modules/_ssl.c 2014-06-20 14:35:20.092929774 +0200
@@ -273,6 +273,7 @@
char *errstr = NULL;
int ret;
int verification_mode;
+ struct stat stat_buf;
long options;
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
if (self == NULL)
@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock,
@@ -331,20 +332,32 @@
if (certreq != PY_SSL_CERT_NONE) {
if (cacerts_file == NULL) {

32
python-2.7.4-canonicalize2.patch
View File

@ -1,6 +1,8 @@
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1620,7 +1620,20 @@
Index: Python-2.7.7/Python/sysmodule.c
===================================================================
--- Python-2.7.7.orig/Python/sysmodule.c 2014-06-20 14:33:06.696228064 +0200
+++ Python-2.7.7/Python/sysmodule.c 2014-06-20 14:33:10.960250497 +0200
@@ -1624,7 +1624,20 @@
char *p = NULL;
Py_ssize_t n = 0;
PyObject *a;
@ -22,7 +24,7 @@
char link[MAXPATHLEN+1];
char argv0copy[2*MAXPATHLEN+1];
int nr = 0;
@@ -1647,7 +1660,8 @@
@@ -1651,7 +1664,8 @@
}
}
}
@ -32,7 +34,7 @@
#if SEP == '\\' /* Special case for MS filename syntax */
if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) {
char *q;
@@ -1676,11 +1690,6 @@
@@ -1680,11 +1694,6 @@
}
#else /* All other filename syntaxes */
if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) {
@ -44,7 +46,7 @@
p = strrchr(argv0, SEP);
}
if (p != NULL) {
@@ -1698,6 +1707,9 @@
@@ -1702,6 +1711,9 @@
a = PyString_FromStringAndSize(argv0, n);
if (a == NULL)
Py_FatalError("no mem for sys.path insertion");
@ -54,9 +56,11 @@
if (PyList_Insert(path, 0, a) < 0)
Py_FatalError("sys.path.insert(0) failed");
Py_DECREF(a);
--- a/pyconfig.h.in
+++ b/pyconfig.h.in
@@ -106,6 +106,9 @@
Index: Python-2.7.7/pyconfig.h.in
===================================================================
--- Python-2.7.7.orig/pyconfig.h.in 2014-05-31 20:58:40.000000000 +0200
+++ Python-2.7.7/pyconfig.h.in 2014-06-20 14:33:10.961250502 +0200
@@ -109,6 +109,9 @@
/* Define to 1 if you have the 'chflags' function. */
#undef HAVE_CHFLAGS
@ -66,11 +70,13 @@
/* Define to 1 if you have the `chown' function. */
#undef HAVE_CHOWN
--- a/configure.ac
+++ b/configure.ac
@@ -2913,7 +2913,7 @@
Index: Python-2.7.7/configure.ac
===================================================================
--- Python-2.7.7.orig/configure.ac 2014-06-20 14:33:06.694228054 +0200
+++ Python-2.7.7/configure.ac 2014-06-20 14:33:10.961250502 +0200
@@ -2935,7 +2935,7 @@
getpriority getresuid getresgid getpwent getspnam getspent getsid getwd \
initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime \
initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime mmap \
mremap nice pathconf pause plock poll pthread_init \
- putenv readlink realpath \
+ putenv readlink realpath canonicalize_file_name \

19
python-2.7.4-no-REUSEPORT.patch
View File

@ -1,19 +0,0 @@
Index: Python-2.7.4/Lib/test/test_support.py
===================================================================
--- Python-2.7.4.orig/Lib/test/test_support.py 2013-04-06 16:02:32.000000000 +0200
+++ Python-2.7.4/Lib/test/test_support.py 2013-05-09 17:46:46.789663295 +0200
@@ -371,10 +371,10 @@
if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR) == 1:
raise TestFailed("tests should never set the SO_REUSEADDR " \
"socket option on TCP/IP sockets!")
- if hasattr(socket, 'SO_REUSEPORT'):
- if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1:
- raise TestFailed("tests should never set the SO_REUSEPORT " \
- "socket option on TCP/IP sockets!")
+# if hasattr(socket, 'SO_REUSEPORT'):
+# if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1:
+# raise TestFailed("tests should never set the SO_REUSEPORT " \
+# "socket option on TCP/IP sockets!")
if hasattr(socket, 'SO_EXCLUSIVEADDRUSE'):
sock.setsockopt(socket.SOL_SOCKET, socket.SO_EXCLUSIVEADDRUSE, 1)

12
python-2.7.6-bdist-rpm.patch
View File

@ -1,12 +0,0 @@
Index: Python-2.7.6/Lib/distutils/command/bdist_rpm.py
===================================================================
--- Python-2.7.6.orig/Lib/distutils/command/bdist_rpm.py 2013-11-10 08:36:40.000000000 +0100
+++ Python-2.7.6/Lib/distutils/command/bdist_rpm.py 2014-02-11 19:19:26.739708837 +0100
@@ -14,6 +14,7 @@
from distutils.file_util import write_file
from distutils.errors import (DistutilsOptionError, DistutilsPlatformError,
DistutilsFileError, DistutilsExecError)
+from distutils.sysconfig import get_python_version
from distutils import log
class bdist_rpm (Command):

3
python-2.7.6-docs-html.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b04dc7c5fa328ad9009cc0f43e2136ef14824246fc596fae0830bb5ece529ab3
size 4482212

3
python-2.7.6-docs-pdf-a4.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5ca5209a8cbf8d966eff6611cfe8accf38040a63534d5c050730fba47a24e703
size 10321047

3
python-2.7.6-docs-pdf-letter.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ff9b65247b5ad74a86793630eda5063af25b925bcc8dd2910765640a1463401d
size 10380021

59
python-2.7.6-imaplib.patch
View File

@ -1,59 +0,0 @@
# HG changeset patch
# User R David Murray <rdmurray@bitdance.com>
# Date 1388775562 18000
# Node ID dd906f4ab9237020a7a275c2d361fa288e553481
# Parent 69b5f692455306c98aa27ecea17e6290787ebd3f
closes 16039: CVE-2013-1752: limit line length in imaplib readline calls.
diff --git a/Lib/imaplib.py b/Lib/imaplib.py
--- a/Lib/imaplib.py
+++ b/Lib/imaplib.py
@@ -35,6 +35,15 @@ IMAP4_PORT = 143
IMAP4_SSL_PORT = 993
AllowedVersions = ('IMAP4REV1', 'IMAP4') # Most recent first
+# Maximal line length when calling readline(). This is to prevent
+# reading arbitrary length lines. RFC 3501 and 2060 (IMAP 4rev1)
+# don't specify a line length. RFC 2683 however suggests limiting client
+# command lines to 1000 octets and server command lines to 8000 octets.
+# We have selected 10000 for some extra margin and since that is supposedly
+# also what UW and Panda IMAP does.
+_MAXLINE = 10000
+
+
# Commands
Commands = {
@@ -237,7 +246,10 @@ class IMAP4:
def readline(self):
"""Read line from remote."""
- return self.file.readline()
+ line = self.file.readline(_MAXLINE + 1)
+ if len(line) > _MAXLINE:
+ raise self.error("got more than %d bytes" % _MAXLINE)
+ return line
def send(self, data):
diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py
--- a/Lib/test/test_imaplib.py
+++ b/Lib/test/test_imaplib.py
@@ -165,6 +165,16 @@ class BaseThreadedNetworkedTests(unittes
self.imap_class, *server.server_address)
+ def test_linetoolong(self):
+ class TooLongHandler(SimpleIMAPHandler):
+ def handle(self):
+ # Send a very long response line
+ self.wfile.write('* OK ' + imaplib._MAXLINE*'x' + '\r\n')
+
+ with self.reaped_server(TooLongHandler) as server:
+ self.assertRaises(imaplib.IMAP4.error,
+ self.imap_class, *server.server_address)
+
class ThreadedNetworkedTests(BaseThreadedNetworkedTests):
server_class = SocketServer.TCPServer

30
python-2.7.6-sqlite-3.8.4-tests.patch
View File

@ -1,30 +0,0 @@
From: Benjamin Peterson <benjamin@python.org>
Date: Wed, 12 Mar 2014 21:51:52 -0500
Subject: [PATCH] weaken callback count inequality (closes #20901)
Upstream: committed
References: https://bugzilla.novell.com/show_bug.cgi?id=867887 http://bugs.python.org/issue20901 http://hg.python.org/cpython/rev/1763e27a182d
Fixes test failures with SQLite 3.8.4
[ 296s] test test_sqlite failed -- Traceback (most recent call last):
[ 296s] File "/home/abuild/rpmbuild/BUILD/Python-2.7.6/Lib/sqlite3/test/hooks.py", line 165, in CheckOpcodeCount
[ 296s] self.assertTrue(first_count > second_count)
[ 296s] AssertionError: False is not true
---
Lib/sqlite3/test/hooks.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: Python-2.7.6/Lib/sqlite3/test/hooks.py
===================================================================
--- Python-2.7.6.orig/Lib/sqlite3/test/hooks.py 2014-03-14 20:32:55.000000000 +0000
+++ Python-2.7.6/Lib/sqlite3/test/hooks.py 2014-03-14 20:34:07.000000000 +0000
@@ -162,7 +162,7 @@ class ProgressTests(unittest.TestCase):
create table bar (a, b)
""")
second_count = len(progress_calls)
- self.assertTrue(first_count > second_count)
+ self.assertTrue(first_count >= second_count)
def CheckCancelOperation(self):
"""

3
python-2.7.7-docs-html.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0086dea3641d7b311425339357c52dd2ba5694f0d4d2c9ae1782e898707a8bd6
size 4494590

3
python-2.7.7-docs-pdf-a4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6fc5eef11803c9b84aaab30c09c20ffd492f105089fe918e93ec1d65b6b87a6a
size 10728634

3
python-2.7.7-docs-pdf-letter.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fdc09f1a41744ac664d86241072f9525d2c6edb46919b0c197da0eb3e1ffff7d
size 10779787

18
python-base.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Fri Jun 20 13:11:34 UTC 2014 - jmatejek@suse.com
- update to 2.7.7
* bugfix-only release, over a hundred bugs fixed
* backported hmac.compare_digest from python3, first step of PEP 466
- drop upstreamed patches:
* CVE-2014-1912-recvfrom_into.patch
* python-2.7.4-no-REUSEPORT.patch
* python-2.7.6-bdist-rpm.patch
* python-2.7.6-imaplib.patch
* python-2.7.6-sqlite-3.8.4-tests.patch
- refresh patches:
* python-2.7.3-ssl_ca_path.patch
* python-2.7.4-canonicalize2.patch
* xmlrpc_gzip_27.patch
- added python keyring and signature for the main tarball
-------------------------------------------------------------------
Sat Mar 15 08:05:41 UTC 2014 - schwab@suse.de

16
python-base.spec
View File

@ -17,7 +17,7 @@
Name: python-base
Version: 2.7.6
Version: 2.7.7
Release: 0
Summary: Python Interpreter base package
License: Python-2.0
@ -26,6 +26,8 @@ Url: http://www.python.org/
%define tarversion %{version}
%define tarname Python-%{tarversion}
Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz
Source4: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz.asc
Source6: python.keyring
Source1: macros.python
Source2: baselibs.conf
Source3: README.SUSE
@ -47,21 +49,14 @@ Patch18: python-2.7.3-ssl_ca_path.patch
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
Patch23: python-2.7.4-no-REUSEPORT.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch27: python-2.7.6-imaplib.patch
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# [bnc#857470] add missing import to bdist_rpm command
Patch30: python-2.7.6-bdist-rpm.patch
# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
Patch31: CVE-2014-1912-recvfrom_into.patch
Patch32: python-2.7.6-sqlite-3.8.4-tests.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@ -149,16 +144,11 @@ other applications.
%patch18 -p1
%patch20 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac

5
python-doc.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Jun 20 13:46:40 UTC 2014 - jmatejek@suse.com
- update to 2.7.7
-------------------------------------------------------------------
Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de

14
python-doc.spec
View File

@ -16,7 +16,7 @@
#
Name: python-doc
Version: 2.7.6
Version: 2.7.7
Release: 0
Summary: Additional Package Documentation for Python
License: Python-2.0
@ -52,21 +52,14 @@ Patch18: python-2.7.3-ssl_ca_path.patch
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
Patch23: python-2.7.4-no-REUSEPORT.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch27: python-2.7.6-imaplib.patch
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# [bnc#857470] add missing import to bdist_rpm command
Patch30: python-2.7.6-bdist-rpm.patch
# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
Patch31: CVE-2014-1912-recvfrom_into.patch
Patch32: python-2.7.6-sqlite-3.8.4-tests.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@ -108,16 +101,11 @@ Python, and Macintosh Module Reference in PDF format.
%patch18 -p1
%patch20 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac

6
python.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jun 20 13:46:22 UTC 2014 - jmatejek@suse.com
- update to 2.7.7
* bugfix-only release, over a hundred bugs fixed
-------------------------------------------------------------------
Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de

BIN
python.keyring Normal file
View File

Binary file not shown.

14
python.spec
View File

@ -16,7 +16,7 @@
#
Name: python
Version: 2.7.6
Version: 2.7.7
Release: 0
Summary: Python Interpreter
License: Python-2.0
@ -53,21 +53,14 @@ Patch18: python-2.7.3-ssl_ca_path.patch
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
Patch23: python-2.7.4-no-REUSEPORT.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch27: python-2.7.6-imaplib.patch
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# [bnc#857470] add missing import to bdist_rpm command
Patch30: python-2.7.6-bdist-rpm.patch
# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
Patch31: CVE-2014-1912-recvfrom_into.patch
Patch32: python-2.7.6-sqlite-3.8.4-tests.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@ -185,16 +178,11 @@ implementation of the standard Unix DBM databases.
%patch18 -p1
%patch20 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac

134
xmlrpc_gzip_27.patch
View File

@ -1,7 +1,8 @@
diff --git a/Doc/library/xmlrpclib.rst b/Doc/library/xmlrpclib.rst
--- a/Doc/library/xmlrpclib.rst
+++ b/Doc/library/xmlrpclib.rst
@@ -120,6 +120,15 @@
Index: Python-2.7.7/Doc/library/xmlrpclib.rst
===================================================================
--- Python-2.7.7.orig/Doc/library/xmlrpclib.rst 2014-05-31 20:58:38.000000000 +0200
+++ Python-2.7.7/Doc/library/xmlrpclib.rst 2014-06-20 14:51:40.282081132 +0200
@@ -127,6 +127,15 @@
*__dict__* attribute and don't have a base class that is marshalled in a
special way.
@ -17,74 +18,10 @@ diff --git a/Doc/library/xmlrpclib.rst b/Doc/library/xmlrpclib.rst
.. seealso::
diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
--- a/Lib/test/test_xmlrpc.py
+++ b/Lib/test/test_xmlrpc.py
@@ -19,6 +19,11 @@
threading = None
try:
+ import gzip
+except ImportError:
+ gzip = None
+
+try:
unicode
except NameError:
have_unicode = False
@@ -731,7 +736,7 @@
with cm:
p.pow(6, 8)
- def test_gsip_response(self):
+ def test_gzip_response(self):
t = self.Transport()
p = xmlrpclib.ServerProxy(URL, transport=t)
old = self.requestHandler.encode_threshold
@@ -744,6 +749,27 @@
self.requestHandler.encode_threshold = old
self.assertTrue(a>b)
+ def test_gzip_decode_limit(self):
+ data = '\0' * xmlrpclib.MAX_GZIP_DECODE
+ encoded = xmlrpclib.gzip_encode(data)
+ decoded = xmlrpclib.gzip_decode(encoded)
+ self.assertEqual(len(decoded), xmlrpclib.MAX_GZIP_DECODE)
+
+ data = '\0' * (xmlrpclib.MAX_GZIP_DECODE + 1)
+ encoded = xmlrpclib.gzip_encode(data)
+
+ with self.assertRaisesRegexp(ValueError,
+ "max gzipped payload length exceeded"):
+ xmlrpclib.gzip_decode(encoded)
+
+ oldmax = xmlrpclib.MAX_GZIP_DECODE
+ try:
+ xmlrpclib.MAX_GZIP_DECODE = -1
+ xmlrpclib.gzip_decode(encoded)
+ finally:
+ xmlrpclib.MAX_GZIP_DECODE = oldmax
+
+
#Test special attributes of the ServerProxy object
class ServerProxyTestCase(unittest.TestCase):
def setUp(self):
@@ -1011,11 +1037,8 @@
xmlrpc_tests.append(SimpleServerTestCase)
xmlrpc_tests.append(KeepaliveServerTestCase1)
xmlrpc_tests.append(KeepaliveServerTestCase2)
- try:
- import gzip
+ if gzip is not None:
xmlrpc_tests.append(GzipServerTestCase)
- except ImportError:
- pass #gzip not supported in this build
xmlrpc_tests.append(MultiPathServerTestCase)
xmlrpc_tests.append(ServerProxyTestCase)
xmlrpc_tests.append(FailingServerTestCase)
diff --git a/Lib/xmlrpclib.py b/Lib/xmlrpclib.py
--- a/Lib/xmlrpclib.py
+++ b/Lib/xmlrpclib.py
Index: Python-2.7.7/Lib/xmlrpclib.py
===================================================================
--- Python-2.7.7.orig/Lib/xmlrpclib.py 2014-05-31 20:58:39.000000000 +0200
+++ Python-2.7.7/Lib/xmlrpclib.py 2014-06-20 14:51:40.282081132 +0200
@@ -49,6 +49,7 @@
# 2003-07-12 gp Correct marshalling of Faults
# 2003-10-31 mvl Add multicall support
@ -122,3 +59,56 @@ diff --git a/Lib/xmlrpclib.py b/Lib/xmlrpclib.py
return decoded
##
Index: Python-2.7.7/Lib/test/test_xmlrpc.py
===================================================================
--- Python-2.7.7.orig/Lib/test/test_xmlrpc.py 2014-05-31 20:58:39.000000000 +0200
+++ Python-2.7.7/Lib/test/test_xmlrpc.py 2014-06-20 14:51:59.993184645 +0200
@@ -24,6 +24,11 @@
gzip = None
try:
+ import gzip
+except ImportError:
+ gzip = None
+
+try:
unicode
except NameError:
have_unicode = False
@@ -737,7 +742,7 @@
with cm:
p.pow(6, 8)
- def test_gsip_response(self):
+ def test_gzip_response(self):
t = self.Transport()
p = xmlrpclib.ServerProxy(URL, transport=t)
old = self.requestHandler.encode_threshold
@@ -750,6 +755,27 @@
self.requestHandler.encode_threshold = old
self.assertTrue(a>b)
+ def test_gzip_decode_limit(self):
+ data = '\0' * xmlrpclib.MAX_GZIP_DECODE
+ encoded = xmlrpclib.gzip_encode(data)
+ decoded = xmlrpclib.gzip_decode(encoded)
+ self.assertEqual(len(decoded), xmlrpclib.MAX_GZIP_DECODE)
+
+ data = '\0' * (xmlrpclib.MAX_GZIP_DECODE + 1)
+ encoded = xmlrpclib.gzip_encode(data)
+
+ with self.assertRaisesRegexp(ValueError,
+ "max gzipped payload length exceeded"):
+ xmlrpclib.gzip_decode(encoded)
+
+ oldmax = xmlrpclib.MAX_GZIP_DECODE
+ try:
+ xmlrpclib.MAX_GZIP_DECODE = -1
+ xmlrpclib.gzip_decode(encoded)
+ finally:
+ xmlrpclib.MAX_GZIP_DECODE = oldmax
+
+
#Test special attributes of the ServerProxy object
class ServerProxyTestCase(unittest.TestCase):
def setUp(self):