diff --git a/Python-2.7.2.tar.bz2 b/Python-2.7.2.tar.bz2 deleted file mode 100644 index ea229aa..0000000 --- a/Python-2.7.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5057eb067eb5b5a6040dbd0e889e06550bde9ec041dadaa855ee9490034cbdab -size 11754834 diff --git a/Python-2.7.3rc2.tar.bz2 b/Python-2.7.3rc2.tar.bz2 new file mode 100644 index 0000000..e416595 --- /dev/null +++ b/Python-2.7.3rc2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:752759ea956bfc4e9638753f68e9a2c96a40677053a4d6720f1a476a984f7bbe +size 11801113 diff --git a/pypirc-secure.diff b/pypirc-secure.diff new file mode 100644 index 0000000..73f22ef --- /dev/null +++ b/pypirc-secure.diff @@ -0,0 +1,30 @@ +# HG changeset patch +# User Philip Jenvey +# Date 1322701507 28800 +# Branch 2.7 +# Node ID e7c20a8476a0e2ca18f8040864cbc400818d8f24 +# Parent 3ecddf168f1f554a17a047384fe0b02f2d688277 +create the .pypirc securely + +diff -r 3ecddf168f1f -r e7c20a8476a0 Lib/distutils/config.py +--- a/Lib/distutils/config.py Tue Nov 29 00:53:09 2011 +0100 ++++ b/Lib/distutils/config.py Wed Nov 30 17:05:07 2011 -0800 +@@ -42,16 +42,8 @@ + def _store_pypirc(self, username, password): + """Creates a default .pypirc file.""" + rc = self._get_rc_file() +- f = open(rc, 'w') +- try: +- f.write(DEFAULT_PYPIRC % (username, password)) +- finally: +- f.close() +- try: +- os.chmod(rc, 0600) +- except OSError: +- # should do something better here +- pass ++ with os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0600), 'w') as fp: ++ fp.write(DEFAULT_PYPIRC % (username, password)) + + def _read_pypirc(self): + """Reads the .pypirc file.""" diff --git a/python-2.7.2-linux3.patch b/python-2.7.2-linux3.patch deleted file mode 100644 index fa2a7a8..0000000 --- a/python-2.7.2-linux3.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- configure.in -+++ configure.in -@@ -293,6 +293,7 @@ - MACHDEP="$ac_md_system$ac_md_release" - - case $MACHDEP in -+ linux*) MACHDEP="linux2";; - cygwin*) MACHDEP="cygwin";; - darwin*) MACHDEP="darwin";; - atheos*) MACHDEP="atheos";; ---- Misc/NEWS -+++ Misc/NEWS -@@ -1,6 +1,8 @@ - Python News - +++++++++++ - -+- Issue #12326: sys.platform is now always 'linux2' on Linux, even if Python -+ is compiled on Linux 3. - - What's New in Python 2.7.2? - =========================== diff --git a/python-2.7rc2-canonicalize2.patch b/python-2.7.3rc2-canonicalize2.patch similarity index 83% rename from python-2.7rc2-canonicalize2.patch rename to python-2.7.3rc2-canonicalize2.patch index 70bc231..53c43b1 100644 --- a/python-2.7rc2-canonicalize2.patch +++ b/python-2.7.3rc2-canonicalize2.patch @@ -1,8 +1,8 @@ Index: Python/sysmodule.c =================================================================== ---- Python/sysmodule.c.orig -+++ Python/sysmodule.c -@@ -1671,7 +1671,20 @@ PySys_SetArgvEx(int argc, char **argv, i +--- Python/sysmodule.c.orig 2012-03-28 20:13:00.000000000 +0200 ++++ Python/sysmodule.c 2012-03-28 20:13:00.000000000 +0200 +@@ -1620,7 +1620,20 @@ char *p = NULL; Py_ssize_t n = 0; PyObject *a; @@ -24,7 +24,7 @@ Index: Python/sysmodule.c char link[MAXPATHLEN+1]; char argv0copy[2*MAXPATHLEN+1]; int nr = 0; -@@ -1698,7 +1711,8 @@ PySys_SetArgvEx(int argc, char **argv, i +@@ -1647,7 +1660,8 @@ } } } @@ -34,7 +34,7 @@ Index: Python/sysmodule.c #if SEP == '\\' /* Special case for MS filename syntax */ if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) { char *q; -@@ -1727,11 +1741,6 @@ PySys_SetArgvEx(int argc, char **argv, i +@@ -1676,11 +1690,6 @@ } #else /* All other filename syntaxes */ if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) { @@ -46,7 +46,7 @@ Index: Python/sysmodule.c p = strrchr(argv0, SEP); } if (p != NULL) { -@@ -1749,6 +1758,9 @@ PySys_SetArgvEx(int argc, char **argv, i +@@ -1698,6 +1707,9 @@ a = PyString_FromStringAndSize(argv0, n); if (a == NULL) Py_FatalError("no mem for sys.path insertion"); @@ -58,9 +58,9 @@ Index: Python/sysmodule.c Py_DECREF(a); Index: configure.in =================================================================== ---- configure.in.orig -+++ configure.in -@@ -2728,7 +2728,7 @@ AC_CHECK_FUNCS(alarm setitimer getitimer +--- configure.in.orig 2012-03-28 20:13:00.000000000 +0200 ++++ configure.in 2012-03-28 20:13:00.000000000 +0200 +@@ -2761,7 +2761,7 @@ getpriority getresuid getresgid getpwent getspnam getspent getsid getwd \ initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime \ mremap nice pathconf pause plock poll pthread_init \ @@ -71,10 +71,10 @@ Index: configure.in setlocale setregid setreuid setsid setpgid setpgrp setuid setvbuf snprintf \ Index: pyconfig.h.in =================================================================== ---- pyconfig.h.in.orig -+++ pyconfig.h.in -@@ -97,6 +97,9 @@ - /* Define to 1 if you have the `chflags' function. */ +--- pyconfig.h.in.orig 2012-03-16 02:26:39.000000000 +0100 ++++ pyconfig.h.in 2012-03-28 20:13:00.000000000 +0200 +@@ -106,6 +106,9 @@ + /* Define to 1 if you have the 'chflags' function. */ #undef HAVE_CHFLAGS +/* Define to 1 if you have the `canonicalize_file_name' function. */ diff --git a/python-2.7.2-multilib.patch b/python-2.7.3rc2-multilib.patch similarity index 77% rename from python-2.7.2-multilib.patch rename to python-2.7.3rc2-multilib.patch index bc86cbf..8f1975f 100644 --- a/python-2.7.2-multilib.patch +++ b/python-2.7.3rc2-multilib.patch @@ -1,6 +1,8 @@ ---- configure.in -+++ configure.in -@@ -629,6 +629,41 @@ +Index: configure.in +=================================================================== +--- configure.in.orig 2012-03-16 02:26:39.000000000 +0100 ++++ configure.in 2012-03-28 20:09:13.000000000 +0200 +@@ -630,6 +630,41 @@ ;; esac @@ -42,8 +44,10 @@ AC_SUBST(LIBRARY) AC_MSG_CHECKING(LIBRARY) ---- Include/pythonrun.h -+++ Include/pythonrun.h +Index: Include/pythonrun.h +=================================================================== +--- Include/pythonrun.h.orig 2012-03-16 02:26:31.000000000 +0100 ++++ Include/pythonrun.h 2012-03-28 20:09:13.000000000 +0200 @@ -108,6 +108,8 @@ /* In their own files */ PyAPI_FUNC(const char *) Py_GetVersion(void); @@ -53,8 +57,10 @@ PyAPI_FUNC(const char *) Py_GetCopyright(void); PyAPI_FUNC(const char *) Py_GetCompiler(void); PyAPI_FUNC(const char *) Py_GetBuildInfo(void); ---- Lib/distutils/command/install.py -+++ Lib/distutils/command/install.py +Index: Lib/distutils/command/install.py +=================================================================== +--- Lib/distutils/command/install.py.orig 2012-03-28 20:09:11.000000000 +0200 ++++ Lib/distutils/command/install.py 2012-03-28 20:09:13.000000000 +0200 @@ -22,6 +22,8 @@ from site import USER_SITE @@ -73,8 +79,10 @@ 'headers': '$base/include/python$py_version_short/$dist_name', 'scripts': '$base/bin', 'data' : '$base', ---- Lib/distutils/sysconfig.py -+++ Lib/distutils/sysconfig.py +Index: Lib/distutils/sysconfig.py +=================================================================== +--- Lib/distutils/sysconfig.py.orig 2012-03-16 02:26:31.000000000 +0100 ++++ Lib/distutils/sysconfig.py 2012-03-28 20:09:13.000000000 +0200 @@ -114,8 +114,11 @@ prefix = plat_specific and EXEC_PREFIX or PREFIX @@ -89,8 +97,10 @@ if standard_lib: return libpython else: ---- Lib/pydoc.py -+++ Lib/pydoc.py +Index: Lib/pydoc.py +=================================================================== +--- Lib/pydoc.py.orig 2012-03-16 02:26:33.000000000 +0100 ++++ Lib/pydoc.py 2012-03-28 20:09:13.000000000 +0200 @@ -352,7 +352,7 @@ docloc = os.environ.get("PYTHONDOCS", @@ -100,8 +110,10 @@ "python"+sys.version[0:3]) if (isinstance(object, type(os)) and (object.__name__ in ('errno', 'exceptions', 'gc', 'imp', ---- Lib/site.py -+++ Lib/site.py +Index: Lib/site.py +=================================================================== +--- Lib/site.py.orig 2012-03-16 02:26:33.000000000 +0100 ++++ Lib/site.py 2012-03-28 20:09:13.000000000 +0200 @@ -300,13 +300,18 @@ if sys.platform in ('os2emx', 'riscos'): sitepackages.append(os.path.join(prefix, "Lib", "site-packages")) @@ -124,8 +136,10 @@ if sys.platform == "darwin": # for framework builds *only* we add the standard Apple # locations. ---- Lib/sysconfig.py -+++ Lib/sysconfig.py +Index: Lib/sysconfig.py +=================================================================== +--- Lib/sysconfig.py.orig 2012-03-16 02:26:33.000000000 +0100 ++++ Lib/sysconfig.py 2012-03-28 20:09:13.000000000 +0200 @@ -7,10 +7,10 @@ _INSTALL_SCHEMES = { @@ -154,8 +168,10 @@ 'include': '{userbase}/include/python{py_version_short}', 'scripts': '{userbase}/bin', 'data' : '{userbase}', ---- Lib/test/test_dl.py -+++ Lib/test/test_dl.py +Index: Lib/test/test_dl.py +=================================================================== +--- Lib/test/test_dl.py.orig 2012-03-16 02:26:34.000000000 +0100 ++++ Lib/test/test_dl.py 2012-03-28 20:09:13.000000000 +0200 @@ -5,10 +5,11 @@ import unittest from test.test_support import verbose, import_module @@ -170,12 +186,14 @@ ('/usr/bin/cygwin1.dll', 'getpid'), ('/usr/lib/libc.dylib', 'getpid'), ] ---- Lib/test/test_site.py -+++ Lib/test/test_site.py -@@ -227,12 +227,16 @@ - wanted = os.path.join('xoxo', 'Lib', 'site-packages') - self.assertEqual(dirs[0], wanted) +Index: Lib/test/test_site.py +=================================================================== +--- Lib/test/test_site.py.orig 2012-03-16 02:26:34.000000000 +0100 ++++ Lib/test/test_site.py 2012-03-28 20:11:10.000000000 +0200 +@@ -241,12 +241,16 @@ + self.assertEqual(dirs[2], wanted) elif os.sep == '/': + # OS X non-framwework builds, Linux, FreeBSD, etc - self.assertEqual(len(dirs), 2) wanted = os.path.join('xoxo', 'lib', 'python' + sys.version[:3], 'site-packages') @@ -190,11 +208,13 @@ + wanted = os.path.join('xoxo', sys.lib, 'site-python') + self.assertTrue(wanted in dirs) else: + # other platforms self.assertEqual(len(dirs), 2) - self.assertEqual(dirs[0], 'xoxo') ---- Lib/trace.py -+++ Lib/trace.py -@@ -762,10 +762,10 @@ +Index: Lib/trace.py +=================================================================== +--- Lib/trace.py.orig 2012-03-16 02:26:34.000000000 +0100 ++++ Lib/trace.py 2012-03-28 20:09:13.000000000 +0200 +@@ -754,10 +754,10 @@ # should I also call expanduser? (after all, could use $HOME) s = s.replace("$prefix", @@ -207,8 +227,10 @@ "python" + sys.version[:3])) s = os.path.normpath(s) ignore_dirs.append(s) ---- Makefile.pre.in -+++ Makefile.pre.in +Index: Makefile.pre.in +=================================================================== +--- Makefile.pre.in.orig 2012-03-28 20:09:11.000000000 +0200 ++++ Makefile.pre.in 2012-03-28 20:09:13.000000000 +0200 @@ -81,6 +81,8 @@ # Machine-dependent subdirectories @@ -218,7 +240,7 @@ # Install prefix for architecture-independent files prefix= @prefix@ -@@ -532,6 +534,7 @@ +@@ -533,6 +535,7 @@ -DEXEC_PREFIX='"$(exec_prefix)"' \ -DVERSION='"$(VERSION)"' \ -DVPATH='"$(VPATH)"' \ @@ -226,7 +248,7 @@ -o $@ $(srcdir)/Modules/getpath.c Modules/python.o: $(srcdir)/Modules/python.c -@@ -566,7 +569,7 @@ +@@ -567,7 +570,7 @@ Python/compile.o Python/symtable.o Python/ast.o: $(GRAMMAR_H) $(AST_H) Python/getplatform.o: $(srcdir)/Python/getplatform.c @@ -235,8 +257,10 @@ Python/importdl.o: $(srcdir)/Python/importdl.c $(CC) -c $(PY_CFLAGS) -I$(DLINCLDIR) -o $@ $(srcdir)/Python/importdl.c ---- Modules/getpath.c -+++ Modules/getpath.c +Index: Modules/getpath.c +=================================================================== +--- Modules/getpath.c.orig 2012-03-16 02:26:37.000000000 +0100 ++++ Modules/getpath.c 2012-03-28 20:09:13.000000000 +0200 @@ -116,9 +116,11 @@ #define EXEC_PREFIX PREFIX #endif @@ -260,8 +284,10 @@ static void reduce(char *dir) ---- Python/getplatform.c -+++ Python/getplatform.c +Index: Python/getplatform.c +=================================================================== +--- Python/getplatform.c.orig 2012-03-16 02:26:38.000000000 +0100 ++++ Python/getplatform.c 2012-03-28 20:09:13.000000000 +0200 @@ -10,3 +10,23 @@ { return PLATFORM; @@ -286,9 +312,11 @@ +{ + return LIB; +} ---- Python/sysmodule.c -+++ Python/sysmodule.c -@@ -1416,6 +1416,10 @@ +Index: Python/sysmodule.c +=================================================================== +--- Python/sysmodule.c.orig 2012-03-16 02:26:39.000000000 +0100 ++++ Python/sysmodule.c 2012-03-28 20:09:13.000000000 +0200 +@@ -1419,6 +1419,10 @@ PyString_FromString(Py_GetCopyright())); SET_SYS_FROM_STRING("platform", PyString_FromString(Py_GetPlatform())); @@ -299,8 +327,10 @@ SET_SYS_FROM_STRING("executable", PyString_FromString(Py_GetProgramFullPath())); SET_SYS_FROM_STRING("prefix", ---- setup.py -+++ setup.py +Index: setup.py +=================================================================== +--- setup.py.orig 2012-03-16 02:26:39.000000000 +0100 ++++ setup.py 2012-03-28 20:09:13.000000000 +0200 @@ -369,7 +369,7 @@ def detect_modules(self): diff --git a/python-base.changes b/python-base.changes index ecf4980..cbb4056 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Mar 28 18:19:18 UTC 2012 - jmatejek@suse.com + +- update to 2.7.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) + ------------------------------------------------------------------- Thu Feb 16 12:33:44 UTC 2012 - dvaleev@suse.com diff --git a/python-base.spec b/python-base.spec index 314477d..83e4e47 100644 --- a/python-base.spec +++ b/python-base.spec @@ -18,13 +18,14 @@ Name: python-base -Version: 2.7.2 +Version: 2.7.2.99rc2 Release: 0 License: Python-2.0 Summary: Python Interpreter base package Url: http://www.python.org/ Group: Development/Languages/Python -%define tarversion %{version} +#%%define tarversion %{version} +%define tarversion 2.7.3rc2 %define tarname Python-%{tarversion} Source0: %{tarname}.tar.bz2 Source1: macros.python @@ -35,19 +36,18 @@ Source5: _local.pth # COMMON-PATCH-BEGIN Patch1: python-2.7-dirs.patch Patch2: python-distutils-rpm-8.patch -Patch3: python-2.7.2-multilib.patch +Patch3: python-2.7.3rc2-multilib.patch Patch4: python-2.5.1-sqlite.patch -Patch5: python-2.7rc2-canonicalize2.patch +Patch5: python-2.7.3rc2-canonicalize2.patch Patch6: python-2.7rc2-configure.patch Patch7: python-2.6-gettext-plurals.patch Patch8: python-2.6b3-curses-panel.patch Patch9: python-2.7.1-distutils_test_path.patch Patch10: sparc_longdouble.patch -Patch11: python-2.7.2-linux3.patch Patch12: http://psf.upfronthosting.co.za/roundup/tracker/file19029/python-test_structmembers.patch Patch13: python-2.7.2-fix_date_time_compiler.patch -Patch14: python-2.7.1-urllib-noproxy.patch Patch15: python-2.7.2-disable-tests-in-test_io.patch +Patch16: pypirc-secure.diff # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -125,15 +125,13 @@ other applications. %patch8 %patch9 -p1 %patch10 -p1 -%patch11 %patch12 %patch13 -%patch14 -p1 - #skip test_io test for ppc,ppc64 as it broken. %ifarch ppc ppc64 %patch15 -p1 %endif +%patch16 -p1 # COMMON-PREP-END # drop Autoconf version requirement diff --git a/python-doc.spec b/python-doc.spec index a2ca8df..3987a6c 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -24,8 +24,9 @@ License: Python-2.0 Summary: Additional Package Documentation for Python Url: http://www.python.org/ Group: Development/Languages/Python -%define pyver 2.7.2 -%define tarname Python-%{pyver} +%define pyver 2.7.2.99rc2 +#%%define tarname Python-%{pyver} +%define tarname Python-2.7.3rc2 Source0: %{tarname}.tar.bz2 Source1: python-%{version}-docs-html.tar.bz2 Source2: python-%{version}-docs-pdf-a4.tar.bz2 diff --git a/python.spec b/python.spec index 165f35a..28c1605 100644 --- a/python.spec +++ b/python.spec @@ -16,13 +16,14 @@ # Name: python -Version: 2.7.2 +Version: 2.7.2.99rc2 Release: 0 License: Python-2.0 Summary: Python Interpreter Url: http://www.python.org/ Group: Development/Languages/Python -%define tarversion %{version} +#%%define tarversion %{version} +%define tarversion 2.7.3rc2 %define tarname Python-%{tarversion} Source0: %{tarname}.tar.bz2 Source1: README.SUSE @@ -39,19 +40,18 @@ Source4: python.csh # COMMON-PATCH-BEGIN Patch1: python-2.7-dirs.patch Patch2: python-distutils-rpm-8.patch -Patch3: python-2.7.2-multilib.patch +Patch3: python-2.7.3rc2-multilib.patch Patch4: python-2.5.1-sqlite.patch -Patch5: python-2.7rc2-canonicalize2.patch +Patch5: python-2.7.3rc2-canonicalize2.patch Patch6: python-2.7rc2-configure.patch Patch7: python-2.6-gettext-plurals.patch Patch8: python-2.6b3-curses-panel.patch Patch9: python-2.7.1-distutils_test_path.patch Patch10: sparc_longdouble.patch -Patch11: python-2.7.2-linux3.patch Patch12: http://psf.upfronthosting.co.za/roundup/tracker/file19029/python-test_structmembers.patch Patch13: python-2.7.2-fix_date_time_compiler.patch -Patch14: python-2.7.1-urllib-noproxy.patch Patch15: python-2.7.2-disable-tests-in-test_io.patch +Patch16: pypirc-secure.diff # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -165,15 +165,13 @@ implementation of the standard Unix DBM databases. %patch8 %patch9 -p1 %patch10 -p1 -%patch11 %patch12 %patch13 -%patch14 -p1 - #skip test_io test for ppc,ppc64 as it broken. %ifarch ppc ppc64 %patch15 -p1 %endif +%patch16 -p1 # COMMON-PREP-END # drop Autoconf version requirement