From 8d39a136b6384b481d070b7a5d8251ffe18aa2a71e22d827829d3fc1f9b0f303 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 28 Apr 2021 17:38:20 +0000 Subject: [PATCH 1/2] =?UTF-8?q?-=20Update=20to=203.8.9:=20=20=20-=20bpo#42?= =?UTF-8?q?988=20(bsc#1183374)=20CVE-2021-3426:=20Remove=20the=20getfile?= =?UTF-8?q?=20=20=20=20=20feature=20of=20the=20pydoc=20module=20which=20co?= =?UTF-8?q?uld=20be=20abused=20to=20read=20=20=20=20=20arbitrary=20files?= =?UTF-8?q?=20on=20the=20disk=20(directory=20traversal=20=20=20=20=20vulne?= =?UTF-8?q?rability).=20Moreover,=20even=20source=20code=20of=20Python=20m?= =?UTF-8?q?odules=20=20=20=20=20can=20contain=20sensitive=20data=20like=20?= =?UTF-8?q?passwords.=20Vulnerability=20=20=20=20=20reported=20by=20David?= =?UTF-8?q?=20Schw=C3=B6rer.=20=20=20-=20bpo-43285:=20ftplib=20no=20longer?= =?UTF-8?q?=20trusts=20the=20IP=20address=20value=20=20=20=20=20returned?= =?UTF-8?q?=20from=20the=20server=20in=20response=20to=20the=20PASV=20comm?= =?UTF-8?q?and=20by=20=20=20=20=20default.=20This=20prevents=20a=20malicio?= =?UTF-8?q?us=20FTP=20server=20from=20using=20the=20=20=20=20=20response?= =?UTF-8?q?=20to=20probe=20IPv4=20address=20and=20port=20combinations=20on?= =?UTF-8?q?=20the=20=20=20=20=20client=20network.=20=20=20-=20Code=20that?= =?UTF-8?q?=20requires=20the=20former=20vulnerable=20behavior=20may=20set?= =?UTF-8?q?=20=20=20=20=20a=20trust=5Fserver=5Fpasv=5Fipv4=5Faddress=20att?= =?UTF-8?q?ribute=20on=20their=20=20=20=20=20ftplib.FTP=20instances=20to?= =?UTF-8?q?=20True=20to=20re-enable=20it.=20=20=20-=20bpo-43439:=20Add=20a?= =?UTF-8?q?udit=20hooks=20for=20gc.get=5Fobjects(),=20=20=20=20=20gc.get?= =?UTF-8?q?=5Freferrers()=20and=20gc.get=5Freferents().=20Patch=20by=20Pab?= =?UTF-8?q?lo=20=20=20=20=20Galindo.=20=20=20-=20bpo-43660:=20Fix=20crash?= =?UTF-8?q?=20that=20happens=20when=20replacing=20sys.stderr=20=20=20=20?= =?UTF-8?q?=20with=20a=20callable=20that=20can=20remove=20the=20object=20w?= =?UTF-8?q?hile=20an=20exception=20=20=20=20=20is=20being=20printed.=20Pat?= =?UTF-8?q?ch=20by=20Pablo=20Galindo.=20=20=20-=20bpo-35883:=20Python=20no?= =?UTF-8?q?=20longer=20fails=20at=20startup=20with=20a=20fatal=20=20=20=20?= =?UTF-8?q?=20error=20if=20a=20command=20line=20argument=20contains=20an?= =?UTF-8?q?=20invalid=20Unicode=20=20=20=20=20character.=20The=20Py=5FDeco?= =?UTF-8?q?deLocale()=20function=20now=20escapes=20byte=20=20=20=20=20sequ?= =?UTF-8?q?ences=20which=20would=20be=20decoded=20as=20Unicode=20character?= =?UTF-8?q?s=20=20=20=20=20outside=20the=20[U+0000;=20U+10ffff]=20range.?= =?UTF-8?q?=20=20=20-=20bpo-43406:=20Fix=20a=20possible=20race=20condition?= =?UTF-8?q?=20where=20=20=20=20=20PyErr=5FCheckSignals=20tries=20to=20exec?= =?UTF-8?q?ute=20a=20non-Python=20signal=20=20=20=20=20handler.=20=20=20-?= =?UTF-8?q?=20bpo-35930:=20Raising=20an=20exception=20raised=20in=20a=20?= =?UTF-8?q?=E2=80=9Cfuture=E2=80=9D=20instance?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=62 --- F00102-lib64.patch | 26 +- Python-3.8.8.tar.xz | 3 - Python-3.8.8.tar.xz.asc | 16 -- Python-3.8.9.tar.xz | 3 + Python-3.8.9.tar.xz.asc | 16 ++ SUSE-FEDORA-multilib.patch | 533 +++++++++++++++++++------------------ python38.changes | 86 ++++++ python38.spec | 2 +- 8 files changed, 393 insertions(+), 292 deletions(-) delete mode 100644 Python-3.8.8.tar.xz delete mode 100644 Python-3.8.8.tar.xz.asc create mode 100644 Python-3.8.9.tar.xz create mode 100644 Python-3.8.9.tar.xz.asc diff --git a/F00102-lib64.patch b/F00102-lib64.patch index e1a179e..e356233 100644 --- a/F00102-lib64.patch +++ b/F00102-lib64.patch @@ -19,17 +19,17 @@ Co-authored-by: Petr Viktorin Co-authored-by: Miro Hrončok Co-authored-by: Iryna Shcherbina --- - Lib/distutils/command/install.py | 4 ++-- - Lib/distutils/sysconfig.py | 6 +++++- - Lib/distutils/tests/test_install.py | 3 ++- - Lib/site.py | 4 ++++ - Lib/sysconfig.py | 12 ++++++------ - Lib/test/test_site.py | 4 ++-- - Makefile.pre.in | 2 +- - Modules/getpath.c | 6 +++--- - configure | 4 ++-- - configure.ac | 4 ++-- - setup.py | 6 +++--- + Lib/distutils/command/install.py | 4 ++-- + Lib/distutils/sysconfig.py | 6 +++++- + Lib/distutils/tests/test_install.py | 3 ++- + Lib/site.py | 4 ++++ + Lib/sysconfig.py | 12 ++++++------ + Lib/test/test_site.py | 4 ++-- + Makefile.pre.in | 2 +- + Modules/getpath.c | 6 +++--- + configure | 4 ++-- + configure.ac | 4 ++-- + setup.py | 6 +++--- 11 files changed, 32 insertions(+), 23 deletions(-) --- a/Lib/distutils/command/install.py @@ -183,7 +183,7 @@ Co-authored-by: Iryna Shcherbina } --- a/configure +++ b/configure -@@ -15233,9 +15233,9 @@ fi +@@ -15222,9 +15222,9 @@ fi if test x$PLATFORM_TRIPLET = x; then @@ -197,7 +197,7 @@ Co-authored-by: Iryna Shcherbina --- a/configure.ac +++ b/configure.ac -@@ -4691,9 +4691,9 @@ fi +@@ -4698,9 +4698,9 @@ fi dnl define LIBPL after ABIFLAGS and LDVERSION is defined. AC_SUBST(PY_ENABLE_SHARED) if test x$PLATFORM_TRIPLET = x; then diff --git a/Python-3.8.8.tar.xz b/Python-3.8.8.tar.xz deleted file mode 100644 index 0281145..0000000 --- a/Python-3.8.8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7c664249ff77e443d6ea0e4cf0e587eae918ca3c48d081d1915fe2a1f1bcc5cc -size 18271736 diff --git a/Python-3.8.8.tar.xz.asc b/Python-3.8.8.tar.xz.asc deleted file mode 100644 index cea117b..0000000 --- a/Python-3.8.8.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmAvnWsACgkQsmmV4xAl -BWg3AxAAgyphcmlW0p0WgLASBlOIXy/vOLqihJp8v1PDQaAnWA1FdEagfoqcQXTH -LDf3Dt5snlzOu2z5LKFlWgDmCtImLbpkRBeTIDaUGJNCXPY0EgjodEBL09KfJJTl -cUtb8mmJQHxAq9IBRGBc55XO7PY8VAxc+8yMl6dzGmPStVps7zKRqhUmH33u3asV -HKhT1ENlNe4ZYs4j9wbZjZynam6OVKQ75S9wA9KE9WHMsAYs9DVWO8tGXPxRBZuA -d5Y3lx164kyz2UMju5LvlsCSdKNLQq2/Tdz1h+Lnc1yepqyq43Kt4rhyDZ6Su3LX -D3fdyHBMjL3eXj3rPwYMzFTy05y9cTN8OODv16Yd/8WhiadiyDrlF5Vwgr8pGk15 -gpfiwuOyGkTfbl4HLUwM/7gb/ca/W2XTJXz+Izb+AhOFsdtNQ9F35zawvmlxGC/J -WjyordAlC0Lnjgtf/hI9oIVy0f/927hfY3KNDglYVNbrwtoREjcEBMWeEoUuYK73 -LfFZms6ujvaPfTri1ygDcv+m8l6wJTOPysb7jtBWVyZr9D/Xl7PuRMvI0mflOvCq -IdFsoMm+7OKicgUjfBVkggFp7kf+Vv7nFV2WLHtJHphoSZ710Yn7ie1E0gO1pRyV -MsHbYiEu5uAVfEX/aXCjUZbgkrEchO6+4FHZy5MXsxO1gUX+ubI= -=KNuF ------END PGP SIGNATURE----- diff --git a/Python-3.8.9.tar.xz b/Python-3.8.9.tar.xz new file mode 100644 index 0000000..b7aaef9 --- /dev/null +++ b/Python-3.8.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5e391f3ec45da2954419cab0beaefd8be38895ea5ce33577c3ec14940c4b9572 +size 18271948 diff --git a/Python-3.8.9.tar.xz.asc b/Python-3.8.9.tar.xz.asc new file mode 100644 index 0000000..60fcd20 --- /dev/null +++ b/Python-3.8.9.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmBm/igACgkQsmmV4xAl +BWiJUQ/+KTgmV3FEBL25Yjtude5KgsjyCia1HYhkD2ou/rI8ATZcL+buHc8eENlG +0T0h4rDgggTjlBfK6H7Stj8u9GjKpMzj6RHKiOWEue3EuJo3G5JxHubEJ2graOWG +EYPoCFbZPlIt+FVFtXf/NTWic9qVxRRhzhNNzz23EFWToTHQxzt4ay+5y2QCGuC3 +0+6r9lvWurlSR1U2mlRLHtzmt8WyhCq5k3fEITI7eIxBVM1o4/sicE91PuFLnSF3 +Rbo0aG47cDqTJMFV70Q4ztExexAWB6uoPP+j+p25+IVWhO4UUSWTh+nfSvYZQHAC +ceS6POUifhBJI/4OGucRquzzCb6XYtI/Sevs9iFY57wteyxuEZTyhdUO8AS2LOlK +uCIeNvF8g1L1rSNCUHn/zQCbokvH1WSQMbiECJILmDMc2Bi7T5lw2letab/qsciw +63jIWvaagEGoH+YSo/kgUNlgNQVzvgOluXo4jbNQWaQje0CilT5MU/9BkbpbVFpA +IxKQhZ6PTA53f3lgTxCrCNXWigr51+M+GFHXtNxi4gQL7vdtFvZBy+ukl5DfkNfN +3CmL7ffxKI8OQp2kPG2lTGV2NWyQA0eHpUQ0n41os116tj9k6evhWYRsfjFKoNd3 +Nvk2p+niV1GkQDKkHHShTJg0IdUQIXGmhtqMsMQOlnE9ycpOppo= +=qxhm +-----END PGP SIGNATURE----- diff --git a/SUSE-FEDORA-multilib.patch b/SUSE-FEDORA-multilib.patch index 0c41941..9b7fb62 100644 --- a/SUSE-FEDORA-multilib.patch +++ b/SUSE-FEDORA-multilib.patch @@ -1,34 +1,248 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -4688,12 +4688,26 @@ else - LIBPYTHON='' - fi +--- + Lib/distutils/command/install.py | 18 +++++++++--------- + Lib/distutils/sysconfig.py | 7 ++----- + Lib/site.py | 19 +++++++++---------- + Lib/sysconfig.py | 12 ++++++------ + Lib/test/test_embed.py | 10 +++++++--- + Lib/test/test_site.py | 7 +++++-- + Lib/test/test_sysconfig.py | 14 +++++++++++++- + Makefile.pre.in | 6 +++++- + Modules/getpath.c | 24 ++++++++++++------------ + configure | 4 ++-- + configure.ac | 18 ++++++++++++++++-- + setup.py | 6 +++--- + 12 files changed, 89 insertions(+), 56 deletions(-) + +--- a/Lib/distutils/command/install.py ++++ b/Lib/distutils/command/install.py +@@ -30,14 +30,14 @@ WINDOWS_SCHEME = { + INSTALL_SCHEMES = { + 'unix_prefix': { + 'purelib': '$base/lib/python$py_version_short/site-packages', +- 'platlib': '$platbase/lib64/python$py_version_short/site-packages', ++ 'platlib': '$platbase/$platsubdir/python$py_version_short/site-packages', + 'headers': '$base/include/python$py_version_short$abiflags/$dist_name', + 'scripts': '$base/bin', + 'data' : '$base', + }, + 'unix_home': { + 'purelib': '$base/lib/python', +- 'platlib': '$base/lib64/python', ++ 'platlib': '$base/lib/python', + 'headers': '$base/include/python/$dist_name', + 'scripts': '$base/bin', + 'data' : '$base', +@@ -281,7 +281,7 @@ class install(Command): + # about needing recursive variable expansion (shudder). -+# platsubdir must be defined before LIBPL definition -+AC_MSG_CHECKING(for custom platsubdir) -+AC_ARG_WITH(custom-platsubdir, -+ [AS_HELP_STRING([--with-custom-platsubdir=], -+ [set the platsubdir name to a custom string])], -+ [], -+ [with_custom_platsubdir=yes]) -+AS_CASE($with_custom_platsubdir, -+ [yes],[platsubdir=`basename ${libdir}`], -+ [no],[platsubdir=lib], -+ [platsubdir=$with_custom_platsubdir]) -+AC_MSG_RESULT($platsubdir) -+AC_SUBST(platsubdir) + py_version = sys.version.split()[0] +- (prefix, exec_prefix) = get_config_vars('prefix', 'exec_prefix') ++ (prefix, exec_prefix, platsubdir) = get_config_vars('prefix', 'exec_prefix', 'platsubdir') + try: + abiflags = sys.abiflags + except AttributeError: +@@ -298,6 +298,7 @@ class install(Command): + 'sys_exec_prefix': exec_prefix, + 'exec_prefix': exec_prefix, + 'abiflags': abiflags, ++ 'platsubdir': platsubdir, + } + + if HAS_USER_SITE: +@@ -419,12 +420,11 @@ class install(Command): + "must not supply exec-prefix without prefix") + + # self.prefix is set to sys.prefix + /local/ +- # if neither RPM build nor virtual environment is +- # detected to make pip and distutils install packages +- # into the separate location. +- if (not (hasattr(sys, 'real_prefix') or +- sys.prefix != sys.base_prefix) and +- 'RPM_BUILD_ROOT' not in os.environ): ++ # if the executable is /usr/bin/python* and RPM build ++ # is not detected to make pip and distutils install into ++ # the separate location. ++ if (sys.executable.startswith("/usr/bin/python") ++ and 'RPM_BUILD_ROOT' not in os.environ): + addition = "/local" + else: + addition = "" +--- a/Lib/distutils/sysconfig.py ++++ b/Lib/distutils/sysconfig.py +@@ -146,12 +146,9 @@ def get_python_lib(plat_specific=0, stan + prefix = plat_specific and EXEC_PREFIX or PREFIX + + if os.name == "posix": +- if plat_specific or standard_lib: +- lib = "lib64" +- else: +- lib = "lib" ++ libdir = plat_specific and get_config_var("platsubdir") or "lib" + libpython = os.path.join(prefix, +- lib, "python" + get_python_version()) ++ libdir, "python" + get_python_version()) + if standard_lib: + return libpython + else: +--- a/Lib/site.py ++++ b/Lib/site.py +@@ -335,12 +335,18 @@ def getsitepackages(prefixes=None): + seen.add(prefix) + + if os.sep == '/': +- sitepackages.append(os.path.join(prefix, "lib64", ++ from sysconfig import get_config_var ++ platsubdir = get_config_var("platsubdir") ++ sitepackages.append(os.path.join(prefix, platsubdir, + "python" + sys.version[:3], + "site-packages")) +- sitepackages.append(os.path.join(prefix, "lib", ++ sitepackages.append(os.path.join(prefix, platsubdir, + "python%d.%d" % sys.version_info[:2], + "site-packages")) ++ if platsubdir != "lib": ++ sitepackages.append(os.path.join(prefix, "lib", ++ "python%d.%d" % sys.version_info[:2], ++ "site-packages")) + else: + sitepackages.append(prefix) + sitepackages.append(os.path.join(prefix, "lib64", "site-packages")) +@@ -348,14 +354,7 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path +- +- '/usr/local' is included in PREFIXES if RPM build is not detected +- to make packages installed into this location visible. +- +- """ +- if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: +- PREFIXES.insert(0, "/usr/local") ++ """Add site-packages to sys.path""" + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) +--- a/Lib/sysconfig.py ++++ b/Lib/sysconfig.py +@@ -20,10 +20,10 @@ __all__ = [ + + _INSTALL_SCHEMES = { + 'posix_prefix': { +- 'stdlib': '{installed_base}/lib64/python{py_version_short}', +- 'platstdlib': '{platbase}/lib64/python{py_version_short}', ++ 'stdlib': '{installed_base}/{platsubdir}/python{py_version_short}', ++ 'platstdlib': '{platbase}/{platsubdir}/python{py_version_short}', + 'purelib': '{base}/lib/python{py_version_short}/site-packages', +- 'platlib': '{platbase}/lib64/python{py_version_short}/site-packages', ++ 'platlib': '{platbase}/{platsubdir}/python{py_version_short}/site-packages', + 'include': + '{installed_base}/include/python{py_version_short}{abiflags}', + 'platinclude': +@@ -62,10 +62,10 @@ _INSTALL_SCHEMES = { + 'data': '{userbase}', + }, + 'posix_user': { +- 'stdlib': '{userbase}/lib64/python{py_version_short}', +- 'platstdlib': '{userbase}/lib64/python{py_version_short}', ++ 'stdlib': '{userbase}/lib/python{py_version_short}', ++ 'platstdlib': '{userbase}/lib/python{py_version_short}', + 'purelib': '{userbase}/lib/python{py_version_short}/site-packages', +- 'platlib': '{userbase}/lib64/python{py_version_short}/site-packages', ++ 'platlib': '{userbase}/lib/python{py_version_short}/site-packages', + 'include': '{userbase}/include/python{py_version_short}', + 'scripts': '{userbase}/bin', + 'data': '{userbase}', +--- a/Lib/test/test_embed.py ++++ b/Lib/test/test_embed.py +@@ -10,6 +10,7 @@ import re + import shutil + import subprocess + import sys ++import sysconfig + import tempfile + import textwrap + +@@ -1072,12 +1073,13 @@ class InitConfigTests(EmbeddingTestsMixi + return config['config']['module_search_paths'] + else: + ver = sys.version_info ++ platsubdir = sysconfig.get_config_var('platsubdir') + return [ + os.path.join(prefix, 'lib', + f'python{ver.major}{ver.minor}.zip'), +- os.path.join(prefix, 'lib', ++ os.path.join(prefix, platsubdir, + f'python{ver.major}.{ver.minor}'), +- os.path.join(exec_prefix, 'lib', ++ os.path.join(exec_prefix, platsubdir, + f'python{ver.major}.{ver.minor}', 'lib-dynload'), + ] + +@@ -1188,13 +1190,15 @@ class InitConfigTests(EmbeddingTestsMixi + def test_init_pyvenv_cfg(self): + # Test path configuration with pyvenv.cfg configuration file + ++ platsubdir = sysconfig.get_config_var('platsubdir') + - dnl define LIBPL after ABIFLAGS and LDVERSION is defined. - AC_SUBST(PY_ENABLE_SHARED) - if test x$PLATFORM_TRIPLET = x; then -- LIBPL='$(prefix)'"/lib64/python${VERSION}/config-${LDVERSION}" -+ LIBPL='$(prefix)'"/${platsubdir}/python${VERSION}/config-${LDVERSION}" - else -- LIBPL='$(prefix)'"/lib64/python${VERSION}/config-${LDVERSION}-${PLATFORM_TRIPLET}" -+ LIBPL='$(prefix)'"/${platsubdir}/python${VERSION}/config-${LDVERSION}-${PLATFORM_TRIPLET}" - fi - AC_SUBST(LIBPL) + with self.tmpdir_with_python() as tmpdir, \ + tempfile.TemporaryDirectory() as pyvenv_home: + ver = sys.version_info + if not MS_WINDOWS: + lib_dynload = os.path.join(pyvenv_home, +- 'lib', ++ platsubdir, + f'python{ver.major}.{ver.minor}', + 'lib-dynload') + os.makedirs(lib_dynload) +--- a/Lib/test/test_site.py ++++ b/Lib/test/test_site.py +@@ -267,8 +267,11 @@ class HelperFunctionsTests(unittest.Test + dirs = site.getsitepackages() + if os.sep == '/': + # OS X, Linux, FreeBSD, etc +- self.assertEqual(len(dirs), 2) +- wanted = os.path.join('xoxo', 'lib64', ++ self.assertTrue(len(dirs) in (1,2,3), ++ "dirs = {} has len not in (1,2,3).".format(dirs)) ++ ++ platsubdir = sysconfig.get_config_var('platsubdir') ++ wanted = os.path.join('xoxo', platsubdir, + 'python%d.%d' % sys.version_info[:2], + 'site-packages') + self.assertEqual(dirs[0], wanted) +--- a/Lib/test/test_sysconfig.py ++++ b/Lib/test/test_sysconfig.py +@@ -243,6 +243,7 @@ class TestSysConfig(unittest.TestCase): + # is similar to the global posix_prefix one + base = get_config_var('base') + user = get_config_var('userbase') ++ platsubdir = get_config_var("platsubdir") + # the global scheme mirrors the distinction between prefix and + # exec-prefix but not the user scheme, so we have to adapt the paths + # before comparing (issue #9100) +@@ -257,8 +258,19 @@ class TestSysConfig(unittest.TestCase): + # before comparing + global_path = global_path.replace(sys.base_prefix, sys.prefix) + base = base.replace(sys.base_prefix, sys.prefix) ++ ++ if platsubdir != "lib": ++ platbase = os.path.join(base, platsubdir) ++ purebase = os.path.join(base, "lib") ++ userlib = os.path.join(user, "lib") ++ # replace platbase first because usually purebase is a prefix of platbase ++ # /usr/lib is prefix of /usr/lib64 and would get replaced first ++ modified_path = global_path.replace(platbase, userlib, 1).replace(purebase, userlib, 1) ++ else: ++ modified_path = global_path.replace(base, user, 1) ++ + user_path = get_path(name, 'posix_user') +- self.assertEqual(user_path, global_path.replace(base, user, 1)) ++ self.assertEqual(user_path, modified_path) + + def test_main(self): + # just making sure _main() runs and returns things in the stdout --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -137,13 +137,16 @@ exec_prefix= @exec_prefix@ @@ -125,196 +339,9 @@ if (!calculate->lib_python) { return DECODE_LOCALE_ERR("EXEC_PREFIX define", len); } ---- a/Lib/distutils/command/install.py -+++ b/Lib/distutils/command/install.py -@@ -30,14 +30,14 @@ WINDOWS_SCHEME = { - INSTALL_SCHEMES = { - 'unix_prefix': { - 'purelib': '$base/lib/python$py_version_short/site-packages', -- 'platlib': '$platbase/lib64/python$py_version_short/site-packages', -+ 'platlib': '$platbase/$platsubdir/python$py_version_short/site-packages', - 'headers': '$base/include/python$py_version_short$abiflags/$dist_name', - 'scripts': '$base/bin', - 'data' : '$base', - }, - 'unix_home': { - 'purelib': '$base/lib/python', -- 'platlib': '$base/lib64/python', -+ 'platlib': '$base/lib/python', - 'headers': '$base/include/python/$dist_name', - 'scripts': '$base/bin', - 'data' : '$base', -@@ -281,7 +281,7 @@ class install(Command): - # about needing recursive variable expansion (shudder). - - py_version = sys.version.split()[0] -- (prefix, exec_prefix) = get_config_vars('prefix', 'exec_prefix') -+ (prefix, exec_prefix, platsubdir) = get_config_vars('prefix', 'exec_prefix', 'platsubdir') - try: - abiflags = sys.abiflags - except AttributeError: -@@ -298,6 +298,7 @@ class install(Command): - 'sys_exec_prefix': exec_prefix, - 'exec_prefix': exec_prefix, - 'abiflags': abiflags, -+ 'platsubdir': platsubdir, - } - - if HAS_USER_SITE: -@@ -419,12 +420,11 @@ class install(Command): - "must not supply exec-prefix without prefix") - - # self.prefix is set to sys.prefix + /local/ -- # if neither RPM build nor virtual environment is -- # detected to make pip and distutils install packages -- # into the separate location. -- if (not (hasattr(sys, 'real_prefix') or -- sys.prefix != sys.base_prefix) and -- 'RPM_BUILD_ROOT' not in os.environ): -+ # if the executable is /usr/bin/python* and RPM build -+ # is not detected to make pip and distutils install into -+ # the separate location. -+ if (sys.executable.startswith("/usr/bin/python") -+ and 'RPM_BUILD_ROOT' not in os.environ): - addition = "/local" - else: - addition = "" ---- a/Lib/distutils/sysconfig.py -+++ b/Lib/distutils/sysconfig.py -@@ -146,12 +146,9 @@ def get_python_lib(plat_specific=0, stan - prefix = plat_specific and EXEC_PREFIX or PREFIX - - if os.name == "posix": -- if plat_specific or standard_lib: -- lib = "lib64" -- else: -- lib = "lib" -+ libdir = plat_specific and get_config_var("platsubdir") or "lib" - libpython = os.path.join(prefix, -- lib, "python" + get_python_version()) -+ libdir, "python" + get_python_version()) - if standard_lib: - return libpython - else: ---- a/Lib/sysconfig.py -+++ b/Lib/sysconfig.py -@@ -20,10 +20,10 @@ __all__ = [ - - _INSTALL_SCHEMES = { - 'posix_prefix': { -- 'stdlib': '{installed_base}/lib64/python{py_version_short}', -- 'platstdlib': '{platbase}/lib64/python{py_version_short}', -+ 'stdlib': '{installed_base}/{platsubdir}/python{py_version_short}', -+ 'platstdlib': '{platbase}/{platsubdir}/python{py_version_short}', - 'purelib': '{base}/lib/python{py_version_short}/site-packages', -- 'platlib': '{platbase}/lib64/python{py_version_short}/site-packages', -+ 'platlib': '{platbase}/{platsubdir}/python{py_version_short}/site-packages', - 'include': - '{installed_base}/include/python{py_version_short}{abiflags}', - 'platinclude': -@@ -62,10 +62,10 @@ _INSTALL_SCHEMES = { - 'data': '{userbase}', - }, - 'posix_user': { -- 'stdlib': '{userbase}/lib64/python{py_version_short}', -- 'platstdlib': '{userbase}/lib64/python{py_version_short}', -+ 'stdlib': '{userbase}/lib/python{py_version_short}', -+ 'platstdlib': '{userbase}/lib/python{py_version_short}', - 'purelib': '{userbase}/lib/python{py_version_short}/site-packages', -- 'platlib': '{userbase}/lib64/python{py_version_short}/site-packages', -+ 'platlib': '{userbase}/lib/python{py_version_short}/site-packages', - 'include': '{userbase}/include/python{py_version_short}', - 'scripts': '{userbase}/bin', - 'data': '{userbase}', ---- a/Lib/site.py -+++ b/Lib/site.py -@@ -335,12 +335,18 @@ def getsitepackages(prefixes=None): - seen.add(prefix) - - if os.sep == '/': -- sitepackages.append(os.path.join(prefix, "lib64", -+ from sysconfig import get_config_var -+ platsubdir = get_config_var("platsubdir") -+ sitepackages.append(os.path.join(prefix, platsubdir, - "python" + sys.version[:3], - "site-packages")) -- sitepackages.append(os.path.join(prefix, "lib", -+ sitepackages.append(os.path.join(prefix, platsubdir, - "python%d.%d" % sys.version_info[:2], - "site-packages")) -+ if platsubdir != "lib": -+ sitepackages.append(os.path.join(prefix, "lib", -+ "python%d.%d" % sys.version_info[:2], -+ "site-packages")) - else: - sitepackages.append(prefix) - sitepackages.append(os.path.join(prefix, "lib64", "site-packages")) -@@ -348,14 +354,7 @@ def getsitepackages(prefixes=None): - return sitepackages - - def addsitepackages(known_paths, prefixes=None): -- """Add site-packages to sys.path -- -- '/usr/local' is included in PREFIXES if RPM build is not detected -- to make packages installed into this location visible. -- -- """ -- if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: -- PREFIXES.insert(0, "/usr/local") -+ """Add site-packages to sys.path""" - for sitedir in getsitepackages(prefixes): - if os.path.isdir(sitedir): - addsitedir(sitedir, known_paths) ---- a/Lib/test/test_site.py -+++ b/Lib/test/test_site.py -@@ -267,8 +267,11 @@ class HelperFunctionsTests(unittest.Test - dirs = site.getsitepackages() - if os.sep == '/': - # OS X, Linux, FreeBSD, etc -- self.assertEqual(len(dirs), 2) -- wanted = os.path.join('xoxo', 'lib64', -+ self.assertTrue(len(dirs) in (1,2,3), -+ "dirs = {} has len not in (1,2,3).".format(dirs)) -+ -+ platsubdir = sysconfig.get_config_var('platsubdir') -+ wanted = os.path.join('xoxo', platsubdir, - 'python%d.%d' % sys.version_info[:2], - 'site-packages') - self.assertEqual(dirs[0], wanted) ---- a/Lib/test/test_sysconfig.py -+++ b/Lib/test/test_sysconfig.py -@@ -243,6 +243,7 @@ class TestSysConfig(unittest.TestCase): - # is similar to the global posix_prefix one - base = get_config_var('base') - user = get_config_var('userbase') -+ platsubdir = get_config_var("platsubdir") - # the global scheme mirrors the distinction between prefix and - # exec-prefix but not the user scheme, so we have to adapt the paths - # before comparing (issue #9100) -@@ -257,8 +258,19 @@ class TestSysConfig(unittest.TestCase): - # before comparing - global_path = global_path.replace(sys.base_prefix, sys.prefix) - base = base.replace(sys.base_prefix, sys.prefix) -+ -+ if platsubdir != "lib": -+ platbase = os.path.join(base, platsubdir) -+ purebase = os.path.join(base, "lib") -+ userlib = os.path.join(user, "lib") -+ # replace platbase first because usually purebase is a prefix of platbase -+ # /usr/lib is prefix of /usr/lib64 and would get replaced first -+ modified_path = global_path.replace(platbase, userlib, 1).replace(purebase, userlib, 1) -+ else: -+ modified_path = global_path.replace(base, user, 1) -+ - user_path = get_path(name, 'posix_user') -- self.assertEqual(user_path, global_path.replace(base, user, 1)) -+ self.assertEqual(user_path, modified_path) - - def test_main(self): - # just making sure _main() runs and returns things in the stdout --- a/configure +++ b/configure -@@ -15233,9 +15233,9 @@ fi +@@ -15222,9 +15222,9 @@ fi if test x$PLATFORM_TRIPLET = x; then @@ -326,6 +353,37 @@ fi +--- a/configure.ac ++++ b/configure.ac +@@ -4695,12 +4695,26 @@ else + LIBPYTHON='' + fi + ++# platsubdir must be defined before LIBPL definition ++AC_MSG_CHECKING(for custom platsubdir) ++AC_ARG_WITH(custom-platsubdir, ++ [AS_HELP_STRING([--with-custom-platsubdir=], ++ [set the platsubdir name to a custom string])], ++ [], ++ [with_custom_platsubdir=yes]) ++AS_CASE($with_custom_platsubdir, ++ [yes],[platsubdir=`basename ${libdir}`], ++ [no],[platsubdir=lib], ++ [platsubdir=$with_custom_platsubdir]) ++AC_MSG_RESULT($platsubdir) ++AC_SUBST(platsubdir) ++ + dnl define LIBPL after ABIFLAGS and LDVERSION is defined. + AC_SUBST(PY_ENABLE_SHARED) + if test x$PLATFORM_TRIPLET = x; then +- LIBPL='$(prefix)'"/lib64/python${VERSION}/config-${LDVERSION}" ++ LIBPL='$(prefix)'"/${platsubdir}/python${VERSION}/config-${LDVERSION}" + else +- LIBPL='$(prefix)'"/lib64/python${VERSION}/config-${LDVERSION}-${PLATFORM_TRIPLET}" ++ LIBPL='$(prefix)'"/${platsubdir}/python${VERSION}/config-${LDVERSION}-${PLATFORM_TRIPLET}" + fi + AC_SUBST(LIBPL) + --- a/setup.py +++ b/setup.py @@ -649,7 +649,7 @@ class PyBuildExt(build_ext): @@ -351,46 +409,3 @@ extra_link_args=readline_extra_link_args, libraries=readline_libs)) else: ---- a/Lib/test/test_embed.py -+++ b/Lib/test/test_embed.py -@@ -10,6 +10,7 @@ import re - import shutil - import subprocess - import sys -+import sysconfig - import tempfile - import textwrap - -@@ -1072,12 +1073,13 @@ class InitConfigTests(EmbeddingTestsMixi - return config['config']['module_search_paths'] - else: - ver = sys.version_info -+ platsubdir = sysconfig.get_config_var('platsubdir') - return [ - os.path.join(prefix, 'lib', - f'python{ver.major}{ver.minor}.zip'), -- os.path.join(prefix, 'lib', -+ os.path.join(prefix, platsubdir, - f'python{ver.major}.{ver.minor}'), -- os.path.join(exec_prefix, 'lib', -+ os.path.join(exec_prefix, platsubdir, - f'python{ver.major}.{ver.minor}', 'lib-dynload'), - ] - -@@ -1188,13 +1190,15 @@ class InitConfigTests(EmbeddingTestsMixi - def test_init_pyvenv_cfg(self): - # Test path configuration with pyvenv.cfg configuration file - -+ platsubdir = sysconfig.get_config_var('platsubdir') -+ - with self.tmpdir_with_python() as tmpdir, \ - tempfile.TemporaryDirectory() as pyvenv_home: - ver = sys.version_info - - if not MS_WINDOWS: - lib_dynload = os.path.join(pyvenv_home, -- 'lib', -+ platsubdir, - f'python{ver.major}.{ver.minor}', - 'lib-dynload') - os.makedirs(lib_dynload) diff --git a/python38.changes b/python38.changes index b079008..02b2884 100644 --- a/python38.changes +++ b/python38.changes @@ -1,3 +1,89 @@ +------------------------------------------------------------------- +Wed Apr 28 17:32:55 UTC 2021 - Matej Cepl + +- Update to 3.8.9: + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo-43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. + - Code that requires the former vulnerable behavior may set + a trust_server_pasv_ipv4_address attribute on their + ftplib.FTP instances to True to re-enable it. + - bpo-43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo-43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo-35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo-43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo-35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo-43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo-43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo-27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo-43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo-43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo-43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo-42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo-43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo-43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo-27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo-36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo-41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k. + - bpo-43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo-41837: Update macOS installer build to use OpenSSL + 1.1.1j. + - bpo-42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo-43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + ------------------------------------------------------------------- Fri Feb 19 16:40:59 UTC 2021 - Matej Cepl diff --git a/python38.spec b/python38.spec index 28a0265..33142c9 100644 --- a/python38.spec +++ b/python38.spec @@ -87,7 +87,7 @@ %bcond_without profileopt %endif Name: %{python_pkg_name}%{psuffix} -Version: 3.8.8 +Version: 3.8.9 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 From c4ad231e8c96e8cfcf875e371ceca2164d1157013151e9b54b2961c936196fea Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 28 Apr 2021 19:00:43 +0000 Subject: [PATCH 2/2] Add BR autoconf-archive OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=63 --- python38.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/python38.spec b/python38.spec index 33142c9..5e07043 100644 --- a/python38.spec +++ b/python38.spec @@ -151,6 +151,7 @@ Patch28: bpo36302-sort-module-sources.patch Patch29: bpo-31046_ensurepip_honours_prefix.patch # PATCH-FIX-UPSTREAM stop calling removed Sphinx function gh#python/cpython#13236 Patch32: sphinx-update-removed-function.patch +BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes BuildRequires: gmp-devel