rpm/python
SHA256
1
0
Fork 0
forked from pool/python
Code Pull Requests Activity

- update to 2.7.9

Browse Source 
* contains full backport of ssl module from Python 3.4 (PEP466)
  * HTTPS certificate validation enabled by default (PEP476)
  * SSLv3 disabled by default
  * backported ensurepip module (PEP477)
  * fixes several missing CVEs from last release: CVE-2013-1752,
    CVE-2013-1753
  * dozens of minor bugfixes
- dropped upstreamed patches: python-2.7.6-poplib.patch,
  smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
- dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it
  with ssl module from Python 3
- libffi was upgraded upstream, seems to contain our changes,
  so dropping libffi-ppc64le.diff as well
- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
  "import ssl" from test_urllib2_localnet that caused it to fail without ssl
- drop HTML doc tarball, build HTML documentation from source

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=170
This commit is contained in:
Jan Matejek 2014-12-15 15:06:19 +00:00 committed by Git OBS Bridge
parent 0a6b898b31
commit cc099c9e1e
21 changed files with 92 additions and 2168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Python-2.7.8.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:edde10a0cb7d14e2735e682882d5b287028d1485c456758154c19573db68075a
size 10525244

17
Python-2.7.8.tar.xz.asc
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTsMzVAAoJEATDZ8IYrdT/CxkQAIfecKxGpMHg9ID5QuwHcYJE
GjF9JnassnCdrpHWDqe8+iYJhEPpmbLsVP34ZKeYkvvEh6eBJSUeAw2tL/ok7mIJ
yELB4bSYuztLQdh5T5CRSRq409AmDTDauuWDoaXmm9Qg5ydsEEY1YZwWEZwHO2Kb
Se8IKfMv0/AYQ9HwHAhaeIABBG9G1oCJUc1gkQTYjxz9+JwruJVrRIKwD4vWysVF
FkTshos6QEV0HajAdcJisQ7BcgRyzgw4AKLiMdFFax/2NwaH6E0lqno4vb3E64Od
wk6HPJ1qm63bfbxNje4TqCRzO2VJiVxM7KHTr/OUjFJlJLxNIYxMPl0CWMNauWVQ
LqpTp12raMWb+OasvBPguEpbg8JSGhFw677+VkI/Vq67kojFRVuR55KHZqtd6RDC
V6mGVgl+Z/Pfz9JzWr8qHCuFrfydE2eOHUh5MH2ylcDk5f69WDKxLZeeRzbrPzHj
/GCILORil4gWuXFivk3Uk09uiO56ceYcsBYAYuFrT+K45tHsAboPZ8Yt526+lP8Q
eVBWApElC/GI5ksp6vbGJfXo3z3xORLSrS2UDuHap7/mBS91E7Hc13BNjt+gjNDO
dXxeJWYDk0iVC+HP2igbQPFVGy39BMDD7rDQ2SnoPWbJlJrEeJQULUoRPpk17kTw
X9vqhK54dxLgaLR+2MOS
=LDrl
-----END PGP SIGNATURE-----

3
Python-2.7.9.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:90d27e14ea7e03570026850e2e50ba71ad20b7eb31035aada1cf3def8f8d4916
size 12164712

17
Python-2.7.9.tar.xz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJUiG4+AAoJEATDZ8IYrdT/zYAP/1lhrY4Ekwxm91lue05vilrN
zkCk7aOKr351dxA+UPjJrej3FI2GOlWaE8DWdL0S45+bBqNsbm4Zuo3wGHcHFgBw
CEA7gBVDLaaWPAh3paKkgraCGLnFiEDOmvvOoJpY2FaLJoufkr3UCgP9WyR7SGCw
qpEQkZtSuCeDKKPXmrIQ8FhnTfwoRvbojejZEhORJz3V4O1He03P5ZgR81D2Cdbz
XAqnWj/Y3957iUFgRsl2GQZpkXsfnCrQ9s1Oy8zGXXCCQUR3DK2IbynRTTJjAFeJ
OM5naSDMtSfQ3evSv21yJcjl6mn9HfhXLWUNpTF16lMDSt+/bxX3DpCMDC4ocOU1
lzlJHO/Ai5eAiM5uFc8e++jas1kJ998N5eW5TsPAsEyQE+LJo0DcO9t9McaPy7cc
wAF0YbKesaKUpbIh9WkkDrIe4HmM+701zkJVxasYXbZiiPrKmmi15fLCbqifV4/F
yP5z5uG7btvaJRKdSqCSxsctIpNB5PYCFXZj8bKE1Sx97MEUIUQYyKK2ls6mmJeC
pe5wAR/uZm1Edkxxo2o9qrN+2AQQXeM5jHei1E3tw6SYw+G5UMn8uPmyUdcbB/Gr
7nLPOyGl+AqjzGG4qYb0Er8/vNfpCvL28o3YOjCEJbwFRITjQYwaaf5NG45sYACg
pVQey4v6mVEtL3D+BkFi
=TuqU
-----END PGP SIGNATURE-----

1757
libffi-ppc64le.diff
View File

File diff suppressed because it is too large Load Diff

12
python-2.7-urllib2-localnet-ssl.patch Normal file
View File

@ -0,0 +1,12 @@
Index: Python-2.7.9/Lib/test/test_urllib2_localnet.py
===================================================================
--- Python-2.7.9.orig/Lib/test/test_urllib2_localnet.py 2014-12-10 16:59:48.000000000 +0100
+++ Python-2.7.9/Lib/test/test_urllib2_localnet.py 2014-12-15 13:57:25.013615707 +0100
@@ -5,7 +5,6 @@
import BaseHTTPServer
import unittest
import hashlib
-import ssl
from test import test_support

55
python-2.7.3-ssl_ca_path.patch
View File

@ -1,55 +0,0 @@
Index: Python-2.7.7/Modules/_ssl.c
===================================================================
--- Python-2.7.7.orig/Modules/_ssl.c 2014-06-20 14:34:28.157656595 +0200
+++ Python-2.7.7/Modules/_ssl.c 2014-06-20 14:35:20.092929774 +0200
@@ -273,6 +273,7 @@
char *errstr = NULL;
int ret;
int verification_mode;
+ struct stat stat_buf;
long options;
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
@@ -331,20 +332,32 @@
if (certreq != PY_SSL_CERT_NONE) {
if (cacerts_file == NULL) {
- errstr = ERRSTR("No root certificates specified for "
- "verification of other-side certificates.");
- goto fail;
- } else {
PySSL_BEGIN_ALLOW_THREADS
- ret = SSL_CTX_load_verify_locations(self->ctx,
- cacerts_file,
- NULL);
+ ret = SSL_CTX_set_default_verify_paths(self->ctx);
PySSL_END_ALLOW_THREADS
- if (ret != 1) {
- _setSSLError(NULL, 0, __FILE__, __LINE__);
- goto fail;
+ } else {
+ /* If cacerts_file is a directory-based cert store, pass it as the
+ third parameter, CApath, instead
+ */
+ if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
+ PySSL_BEGIN_ALLOW_THREADS
+ ret = SSL_CTX_load_verify_locations(self->ctx,
+ NULL,
+ cacerts_file);
+ PySSL_END_ALLOW_THREADS
+ } else {
+ PySSL_BEGIN_ALLOW_THREADS
+ ret = SSL_CTX_load_verify_locations(self->ctx,
+ cacerts_file,
+ NULL);
+ PySSL_END_ALLOW_THREADS
}
}
+
+ if (ret != 1) {
+ _setSSLError(NULL, 0, __FILE__, __LINE__);
+ goto fail;
+ }
}
if (key_file) {
PySSL_BEGIN_ALLOW_THREADS

63
python-2.7.6-poplib.patch
View File

@ -1,63 +0,0 @@
# HG changeset patch
# User Georg Brandl <georg@python.org>
# Date 1382855033 -3600
# Node ID 68029048c9c6833b71c3121e5178f7f57f21b565
# Parent 10d0edadbcddfd983c2c6c22d06c5a535197f8bf
Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
Index: Python-2.7.6/Lib/poplib.py
===================================================================
--- Python-2.7.6.orig/Lib/poplib.py 2013-11-10 08:36:40.000000000 +0100
+++ Python-2.7.6/Lib/poplib.py 2014-02-07 18:45:45.454259311 +0100
@@ -32,6 +32,12 @@
LF = '\n'
CRLF = CR+LF
+# maximal line length when calling readline(). This is to prevent
+# reading arbitrary lenght lines. RFC 1939 limits POP3 line length to
+# 512 characters, including CRLF. We have selected 2048 just to be on
+# the safe side.
+_MAXLINE = 2048
+
class POP3:
@@ -103,7 +109,10 @@
# Raise error_proto('-ERR EOF') if the connection is closed.
def _getline(self):
- line = self.file.readline()
+ line = self.file.readline(_MAXLINE + 1)
+ if len(line) > _MAXLINE:
+ raise error_proto('line too long')
+
if self._debugging > 1: print '*get*', repr(line)
if not line: raise error_proto('-ERR EOF')
octets = len(line)
Index: Python-2.7.6/Lib/test/test_poplib.py
===================================================================
--- Python-2.7.6.orig/Lib/test/test_poplib.py 2013-11-10 08:36:40.000000000 +0100
+++ Python-2.7.6/Lib/test/test_poplib.py 2014-02-07 18:44:24.419856656 +0100
@@ -81,7 +81,7 @@
def cmd_list(self, arg):
if arg:
- self.push('+OK %s %s' %(arg, arg))
+ self.push('+OK %s %s' % (arg, arg))
else:
self.push('+OK')
asynchat.async_chat.push(self, LIST_RESP)
@@ -198,6 +198,10 @@
113)
self.assertEqual(self.client.retr('foo'), expected)
+ def test_too_long_lines(self):
+ self.assertRaises(poplib.error_proto, self.client._shortcmd,
+ 'echo +%s' % ((poplib._MAXLINE + 10) * 'a'))
+
def test_dele(self):
self.assertOK(self.client.dele('foo'))

3
python-2.7.8-docs-html.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b1b969be6dab30a1820320340579f6cc5b23c25acdd3e7de0d212574439978bf
size 4487849

3
python-2.7.8-docs-pdf-a4.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1a217af2067e4deda02cbc83a169aa2399dcb4e72465c352ed4e98b9c1a94a18
size 10907347

3
python-2.7.8-docs-pdf-letter.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3aebf5c70d2e6561093a33ce8c0481dd025e0ac553971579ee5a3a033b78593f
size 10961584

3
python-2.7.9-docs-pdf-a4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1691a5f9fd00e85aba3393863d344a627b812b7ff8cd1ad20dd3cd73384e04dd
size 10680004

3
python-2.7.9-docs-pdf-letter.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ca72f5664ca8bdb6ef081f25cde3a14affec466631df517449a022d8f26be13b
size 10735024

20
python-base.changes
View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com
- update to 2.7.9
* contains full backport of ssl module from Python 3.4 (PEP466)
* HTTPS certificate validation enabled by default (PEP476)
* SSLv3 disabled by default
* backported ensurepip module (PEP477)
* fixes several missing CVEs from last release: CVE-2013-1752,
CVE-2013-1753
* dozens of minor bugfixes
- dropped upstreamed patches: python-2.7.6-poplib.patch,
smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
- dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it
with ssl module from Python 3
- libffi was upgraded upstream, seems to contain our changes,
so dropping libffi-ppc64le.diff as well
- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
"import ssl" from test_urllib2_localnet that caused it to fail without ssl
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com

22
python-base.spec
View File

@ -17,7 +17,7 @@
Name: python-base Name: python-base
Version: 2.7.8 Version: 2.7.9
Release: 0 Release: 0
Summary: Python Interpreter base package Summary: Python Interpreter base package
License: Python-2.0 License: Python-2.0
@ -43,22 +43,15 @@ Patch8: python-2.6b3-curses-panel.patch
Patch10: sparc_longdouble.patch Patch10: sparc_longdouble.patch
Patch13: python-2.7.2-fix_date_time_compiler.patch Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch17: remove-static-libpython.diff Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle. # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
Patch20: python-bundle-lang.patch Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module # PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch Patch22: python-2.7.4-aarch64.patch
Patch24: python-bsddb6.diff Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module # PATCH-FIX-OPENSUSE remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch31: python-2.7.7-mhlib-linkcount.patch Patch31: python-2.7.7-mhlib-linkcount.patch
# PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test
Patch32: python-2.7-urllib2-localnet-ssl.patch
# COMMON-PATCH-END # COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3) %define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake BuildRequires: automake
@ -143,15 +136,11 @@ other applications.
%patch10 -p1 %patch10 -p1
%patch13 -p1 %patch13 -p1
%patch17 -p1 %patch17 -p1
%patch18 -p1
%patch20 -p1 %patch20 -p1
%patch22 -p1 %patch22 -p1
%patch24 -p1 %patch24 -p1
%patch25 -p0
%patch26 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1 %patch31 -p1
%patch32 -p1
# drop Autoconf version requirement # drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac sed -i 's/^version_required/dnl version_required/' configure.ac
@ -334,6 +323,7 @@ cp Makefile Makefile.pre.in Makefile.pre %{buildroot}%{_libdir}/python%{python_v
%{_libdir}/python%{python_version}/distutils %{_libdir}/python%{python_version}/distutils
%{_libdir}/python%{python_version}/email %{_libdir}/python%{python_version}/email
%{_libdir}/python%{python_version}/encodings %{_libdir}/python%{python_version}/encodings
%{_libdir}/python%{python_version}/ensurepip
%{_libdir}/python%{python_version}/hotshot %{_libdir}/python%{python_version}/hotshot
%{_libdir}/python%{python_version}/importlib %{_libdir}/python%{python_version}/importlib
%{_libdir}/python%{python_version}/json %{_libdir}/python%{python_version}/json

6
python-doc.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com
- update to 2.7.9
- drop HTML doc tarball, build HTML documentation from source
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 30 15:32:07 UTC 2014 - jmatejek@suse.com Tue Sep 30 15:32:07 UTC 2014 - jmatejek@suse.com

34
python-doc.spec
View File

@ -16,7 +16,7 @@
# #
Name: python-doc Name: python-doc
Version: 2.7.8 Version: 2.7.9
Release: 0 Release: 0
Summary: Additional Package Documentation for Python Summary: Additional Package Documentation for Python
License: Python-2.0 License: Python-2.0
@ -26,15 +26,12 @@ Url: http://www.python.org/
Source0: %{tarname}.tar.xz Source0: %{tarname}.tar.xz
# docs for current version are regenerated every day # docs for current version are regenerated every day
# this messes with autobuild "file changed" checks # this messes with autobuild "file changed" checks
#Source1: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-html.tar.bz2
#Source2: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-pdf-a4.tar.bz2 #Source2: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-pdf-a4.tar.bz2
#Source3: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-pdf-letter.tar.bz2 #Source3: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-pdf-letter.tar.bz2
Source1: python-%{version}-docs-html.tar.bz2
Source2: python-%{version}-docs-pdf-a4.tar.bz2 Source2: python-%{version}-docs-pdf-a4.tar.bz2
Source3: python-%{version}-docs-pdf-letter.tar.bz2 Source3: python-%{version}-docs-pdf-letter.tar.bz2
%if 0%{suse_version} <= 1210 BuildRequires: python-Sphinx
BuildRequires: xz BuildRequires: xz
%endif
# COMMON-PATCH-BEGIN # COMMON-PATCH-BEGIN
Patch1: python-2.7-dirs.patch Patch1: python-2.7-dirs.patch
Patch2: python-distutils-rpm-8.patch Patch2: python-distutils-rpm-8.patch
@ -46,22 +43,15 @@ Patch8: python-2.6b3-curses-panel.patch
Patch10: sparc_longdouble.patch Patch10: sparc_longdouble.patch
Patch13: python-2.7.2-fix_date_time_compiler.patch Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch17: remove-static-libpython.diff Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle. # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
Patch20: python-bundle-lang.patch Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module # PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch Patch22: python-2.7.4-aarch64.patch
Patch24: python-bsddb6.diff Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module # PATCH-FIX-OPENSUSE remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch31: python-2.7.7-mhlib-linkcount.patch Patch31: python-2.7.7-mhlib-linkcount.patch
# PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test
Patch32: python-2.7-urllib2-localnet-ssl.patch
# COMMON-PATCH-END # COMMON-PATCH-END
Provides: pyth_doc Provides: pyth_doc
Provides: pyth_ps Provides: pyth_ps
@ -100,28 +90,26 @@ Python, and Macintosh Module Reference in PDF format.
%patch10 -p1 %patch10 -p1
%patch13 -p1 %patch13 -p1
%patch17 -p1 %patch17 -p1
%patch18 -p1
%patch20 -p1 %patch20 -p1
%patch22 -p1 %patch22 -p1
%patch24 -p1 %patch24 -p1
%patch25 -p0
%patch26 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1 %patch31 -p1
%patch32 -p1
# drop Autoconf version requirement # drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac sed -i 's/^version_required/dnl version_required/' configure.ac
# COMMON-PREP-END # COMMON-PREP-END
%build %build
# nothing to do (...whistles innocently) pushd Doc
make html
popd
%install %install
export PDOCS=%{buildroot}%{_docdir}/python export PDOCS=%{buildroot}%{_docdir}/python
install -d -m 755 $PDOCS/Misc install -d -m 755 $PDOCS/Misc
tar xfj %{SOURCE1} -C $PDOCS/ rm Doc/build/html/.buildinfo
mv $PDOCS/python-%{version}-docs-html $PDOCS/html mv Doc/build/html $PDOCS/html
tar xfj %{SOURCE2} -C $PDOCS tar xfj %{SOURCE2} -C $PDOCS
mv $PDOCS/docs-pdf $PDOCS/paper-a4 mv $PDOCS/docs-pdf $PDOCS/paper-a4
tar xfj %{SOURCE3} -C $PDOCS tar xfj %{SOURCE3} -C $PDOCS

5
python.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com
- update to 2.7.9
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Oct 18 20:05:00 UTC 2014 - crrodriguez@opensuse.org Sat Oct 18 20:05:00 UTC 2014 - crrodriguez@opensuse.org

25
python.spec
View File

@ -16,7 +16,7 @@
# #
Name: python Name: python
Version: 2.7.8 Version: 2.7.9
Release: 0 Release: 0
Summary: Python Interpreter Summary: Python Interpreter
License: Python-2.0 License: Python-2.0
@ -47,22 +47,15 @@ Patch8: python-2.6b3-curses-panel.patch
Patch10: sparc_longdouble.patch Patch10: sparc_longdouble.patch
Patch13: python-2.7.2-fix_date_time_compiler.patch Patch13: python-2.7.2-fix_date_time_compiler.patch
Patch17: remove-static-libpython.diff Patch17: remove-static-libpython.diff
# PATCH-FIX-OPENSUSE python-2.7.3-ssl_ca_path.patch [bnc#761501] -- Support directory-based certificate stores with the ca_certs parameter of SSL functions
Patch18: python-2.7.3-ssl_ca_path.patch
# PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle. # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 dimstar@opensuse.org -- gettext: when looking in default_localedir also check in locale-bundle.
Patch20: python-bundle-lang.patch Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module # PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch Patch22: python-2.7.4-aarch64.patch
Patch24: python-bsddb6.diff Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module # PATCH-FIX-OPENSUSE remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
Patch31: python-2.7.7-mhlib-linkcount.patch Patch31: python-2.7.7-mhlib-linkcount.patch
# PATCH-FIX-UPSTREAM remove unconditional "import ssl" from test
Patch32: python-2.7-urllib2-localnet-ssl.patch
# COMMON-PATCH-END # COMMON-PATCH-END
BuildRequires: automake BuildRequires: automake
BuildRequires: db-devel BuildRequires: db-devel
@ -177,23 +170,16 @@ implementation of the standard Unix DBM databases.
%patch10 -p1 %patch10 -p1
%patch13 -p1 %patch13 -p1
%patch17 -p1 %patch17 -p1
%patch18 -p1
%patch20 -p1 %patch20 -p1
%patch22 -p1 %patch22 -p1
%patch24 -p1 %patch24 -p1
%patch25 -p0
%patch26 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1 %patch31 -p1
%patch32 -p1
# drop Autoconf version requirement # drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac sed -i 's/^version_required/dnl version_required/' configure.ac
# COMMON-PREP-END # COMMON-PREP-END
# remove newslist.py because of bad license
rm Demo/scripts/newslist.*
%build %build
# necessary for correct linking with GDBM: # necessary for correct linking with GDBM:
export SUSE_ASNEEDED=0 export SUSE_ASNEEDED=0
@ -268,6 +254,7 @@ rm -r %{buildroot}%{_libdir}/python%{python_version}/ctypes
rm -r %{buildroot}%{_libdir}/python%{python_version}/distutils rm -r %{buildroot}%{_libdir}/python%{python_version}/distutils
rm -r %{buildroot}%{_libdir}/python%{python_version}/email rm -r %{buildroot}%{_libdir}/python%{python_version}/email
rm -r %{buildroot}%{_libdir}/python%{python_version}/encodings rm -r %{buildroot}%{_libdir}/python%{python_version}/encodings
rm -r %{buildroot}%{_libdir}/python%{python_version}/ensurepip
rm -r %{buildroot}%{_libdir}/python%{python_version}/hotshot rm -r %{buildroot}%{_libdir}/python%{python_version}/hotshot
rm -r %{buildroot}%{_libdir}/python%{python_version}/importlib rm -r %{buildroot}%{_libdir}/python%{python_version}/importlib
rm -r %{buildroot}%{_libdir}/python%{python_version}/json rm -r %{buildroot}%{_libdir}/python%{python_version}/json

92
smtplib_maxline-2.7.patch
View File

@ -1,92 +0,0 @@
diff -r 44ac81e6d584 Lib/smtplib.py
--- a/Lib/smtplib.py Sun Oct 20 16:57:07 2013 +0300
+++ b/Lib/smtplib.py Sun Oct 20 17:44:15 2013 +0300
@@ -57,6 +57,7 @@
SMTP_PORT = 25
SMTP_SSL_PORT = 465
CRLF = "\r\n"
+_MAXLINE = 8192 # more than 8 times larger than RFC 821, 4.5.3
OLDSTYLE_AUTH = re.compile(r"auth=(.*)", re.I)
@@ -179,10 +180,14 @@
def __init__(self, sslobj):
self.sslobj = sslobj
- def readline(self):
+ def readline(self, size=-1):
+ if size < 0:
+ size = None
str = ""
chr = None
while chr != "\n":
+ if size is not None and len(str) >= size:
+ break
chr = self.sslobj.read(1)
if not chr:
break
@@ -353,7 +358,7 @@
self.file = self.sock.makefile('rb')
while 1:
try:
- line = self.file.readline()
+ line = self.file.readline(_MAXLINE + 1)
except socket.error as e:
self.close()
raise SMTPServerDisconnected("Connection unexpectedly closed: "
@@ -363,6 +368,8 @@
raise SMTPServerDisconnected("Connection unexpectedly closed")
if self.debuglevel > 0:
print>>stderr, 'reply:', repr(line)
+ if len(line) > _MAXLINE:
+ raise SMTPResponseException(500, "Line too long.")
resp.append(line[4:].strip())
code = line[:3]
# Check that the error code is syntactically correct.
diff -r 44ac81e6d584 Lib/test/test_smtplib.py
--- a/Lib/test/test_smtplib.py Sun Oct 20 16:57:07 2013 +0300
+++ b/Lib/test/test_smtplib.py Sun Oct 20 17:44:15 2013 +0300
@@ -292,6 +292,33 @@
HOST, self.port, 'localhost', 3)
+@unittest.skipUnless(threading, 'Threading required for this test.')
+class TooLongLineTests(unittest.TestCase):
+ respdata = '250 OK' + ('.' * smtplib._MAXLINE * 2) + '\n'
+
+ def setUp(self):
+ self.old_stdout = sys.stdout
+ self.output = StringIO.StringIO()
+ sys.stdout = self.output
+
+ self.evt = threading.Event()
+ self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ self.sock.settimeout(15)
+ self.port = test_support.bind_port(self.sock)
+ servargs = (self.evt, self.respdata, self.sock)
+ threading.Thread(target=server, args=servargs).start()
+ self.evt.wait()
+ self.evt.clear()
+
+ def tearDown(self):
+ self.evt.wait()
+ sys.stdout = self.old_stdout
+
+ def testLineTooLong(self):
+ self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP,
+ HOST, self.port, 'localhost', 3)
+
+
sim_users = {'Mr.A@somewhere.com':'John A',
'Ms.B@somewhere.com':'Sally B',
'Mrs.C@somewhereesle.com':'Ruth C',
@@ -511,7 +538,8 @@
def test_main(verbose=None):
test_support.run_unittest(GeneralTests, DebuggingServerTests,
NonConnectingTests,
- BadHELOServerTests, SMTPSimTests)
+ BadHELOServerTests, SMTPSimTests,
+ TooLongLineTests)
if __name__ == '__main__':
test_main()

114
xmlrpc_gzip_27.patch
View File

@ -1,114 +0,0 @@
Index: Python-2.7.7/Doc/library/xmlrpclib.rst
===================================================================
--- Python-2.7.7.orig/Doc/library/xmlrpclib.rst 2014-05-31 20:58:38.000000000 +0200
+++ Python-2.7.7/Doc/library/xmlrpclib.rst 2014-06-20 14:51:40.282081132 +0200
@@ -127,6 +127,15 @@
*__dict__* attribute and don't have a base class that is marshalled in a
special way.
+.. data:: MAX_GZIP_DECODE
+
+ The module constant specifies the amount of bytes that are decompressed by
+ :func:`gzip_decode`. The default value is *20 MB*. A value of *-1* disables
+ the protection.
+
+ .. versionadded:: 2.7.4
+ The constant was added to strengthen the module against gzip bomb
+ attacks.
.. seealso::
Index: Python-2.7.7/Lib/xmlrpclib.py
===================================================================
--- Python-2.7.7.orig/Lib/xmlrpclib.py 2014-05-31 20:58:39.000000000 +0200
+++ Python-2.7.7/Lib/xmlrpclib.py 2014-06-20 14:51:40.282081132 +0200
@@ -49,6 +49,7 @@
# 2003-07-12 gp Correct marshalling of Faults
# 2003-10-31 mvl Add multicall support
# 2004-08-20 mvl Bump minimum supported Python version to 2.1
+# 2013-01-20 ch Add workaround for gzip bomb vulnerability
#
# Copyright (c) 1999-2002 by Secret Labs AB.
# Copyright (c) 1999-2002 by Fredrik Lundh.
@@ -147,6 +148,10 @@
except ImportError:
gzip = None #python can be built without zlib/gzip support
+# Limit the maximum amount of decoded data that is decompressed. The
+# limit prevents gzip bomb attacks.
+MAX_GZIP_DECODE = 20 * 1024 * 1024 # 20 MB
+
# --------------------------------------------------------------------
# Internal stuff
@@ -1178,11 +1183,16 @@
f = StringIO.StringIO(data)
gzf = gzip.GzipFile(mode="rb", fileobj=f)
try:
- decoded = gzf.read()
+ if MAX_GZIP_DECODE < 0: # no limit
+ decoded = gzf.read()
+ else:
+ decoded = gzf.read(MAX_GZIP_DECODE + 1)
except IOError:
raise ValueError("invalid data")
f.close()
gzf.close()
+ if MAX_GZIP_DECODE >= 0 and len(decoded) > MAX_GZIP_DECODE:
+ raise ValueError("max gzipped payload length exceeded")
return decoded
##
Index: Python-2.7.7/Lib/test/test_xmlrpc.py
===================================================================
--- Python-2.7.7.orig/Lib/test/test_xmlrpc.py 2014-05-31 20:58:39.000000000 +0200
+++ Python-2.7.7/Lib/test/test_xmlrpc.py 2014-06-20 14:51:59.993184645 +0200
@@ -24,6 +24,11 @@
gzip = None
try:
+ import gzip
+except ImportError:
+ gzip = None
+
+try:
unicode
except NameError:
have_unicode = False
@@ -737,7 +742,7 @@
with cm:
p.pow(6, 8)
- def test_gsip_response(self):
+ def test_gzip_response(self):
t = self.Transport()
p = xmlrpclib.ServerProxy(URL, transport=t)
old = self.requestHandler.encode_threshold
@@ -750,6 +755,27 @@
self.requestHandler.encode_threshold = old
self.assertTrue(a>b)
+ def test_gzip_decode_limit(self):
+ data = '\0' * xmlrpclib.MAX_GZIP_DECODE
+ encoded = xmlrpclib.gzip_encode(data)
+ decoded = xmlrpclib.gzip_decode(encoded)
+ self.assertEqual(len(decoded), xmlrpclib.MAX_GZIP_DECODE)
+
+ data = '\0' * (xmlrpclib.MAX_GZIP_DECODE + 1)
+ encoded = xmlrpclib.gzip_encode(data)
+
+ with self.assertRaisesRegexp(ValueError,
+ "max gzipped payload length exceeded"):
+ xmlrpclib.gzip_decode(encoded)
+
+ oldmax = xmlrpclib.MAX_GZIP_DECODE
+ try:
+ xmlrpclib.MAX_GZIP_DECODE = -1
+ xmlrpclib.gzip_decode(encoded)
+ finally:
+ xmlrpclib.MAX_GZIP_DECODE = oldmax
+
+
#Test special attributes of the ServerProxy object
class ServerProxyTestCase(unittest.TestCase):
def setUp(self):