diff --git a/CVE-2014-1912-recvfrom_into.patch b/CVE-2014-1912-recvfrom_into.patch deleted file mode 100644 index e3029f7..0000000 --- a/CVE-2014-1912-recvfrom_into.patch +++ /dev/null @@ -1,56 +0,0 @@ - -# HG changeset patch -# User Benjamin Peterson -# Date 1389671978 18000 -# Node ID 87673659d8f7ba1623cd4914f09ad3d2ade034e9 -# Parent 2631d33ee7fbd5f0288931ef37872218d511d2e8 -complain when nbytes > buflen to fix possible buffer overflow (closes #20246) - -Index: Python-2.7.6/Lib/test/test_socket.py -=================================================================== ---- Python-2.7.6.orig/Lib/test/test_socket.py 2013-11-10 08:36:40.000000000 +0100 -+++ Python-2.7.6/Lib/test/test_socket.py 2014-02-13 18:04:12.710244327 +0100 -@@ -1616,6 +1616,16 @@ - - _testRecvFromIntoMemoryview = _testRecvFromIntoArray - -+ def testRecvFromIntoSmallBuffer(self): -+ # See issue #20246. -+ buf = bytearray(8) -+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024) -+ -+ def _testRecvFromIntoSmallBuffer(self): -+ with test_support.check_py3k_warnings(): -+ buf = buffer(MSG) -+ self.serv_conn.send(buf) -+ - - TIPC_STYPE = 2000 - TIPC_LOWER = 200 -Index: Python-2.7.6/Misc/ACKS -=================================================================== ---- Python-2.7.6.orig/Misc/ACKS 2013-11-10 08:36:41.000000000 +0100 -+++ Python-2.7.6/Misc/ACKS 2014-02-13 18:04:12.710244327 +0100 -@@ -973,6 +973,7 @@ - Christopher Smith - Gregory P. Smith - Roy Smith -+Ryan Smith-Roberts - Rafal Smotrzyk - Dirk Soede - Paul Sokolovsky -Index: Python-2.7.6/Modules/socketmodule.c -=================================================================== ---- Python-2.7.6.orig/Modules/socketmodule.c 2013-11-10 08:36:41.000000000 +0100 -+++ Python-2.7.6/Modules/socketmodule.c 2014-02-13 18:04:12.711244332 +0100 -@@ -2742,6 +2742,10 @@ - if (recvlen == 0) { - /* If nbytes was not specified, use the buffer's length */ - recvlen = buflen; -+ } else if (recvlen > buflen) { -+ PyErr_SetString(PyExc_ValueError, -+ "nbytes is greater than the length of the buffer"); -+ goto error; - } - - readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr); diff --git a/Python-2.7.6.tar.xz b/Python-2.7.6.tar.xz deleted file mode 100644 index 4914970..0000000 --- a/Python-2.7.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1fd68e81f8bf7386ff239b7faee9ba387129d2cf34eab13350bd8503a0bff6a1 -size 10431288 diff --git a/Python-2.7.7.tar.xz b/Python-2.7.7.tar.xz new file mode 100644 index 0000000..f90ee16 --- /dev/null +++ b/Python-2.7.7.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2983e3cd089b30c50e2b2234f07c2ac4fb8a5df230ab8f2e1133a1d8b208da78 +size 10496500 diff --git a/Python-2.7.7.tar.xz.asc b/Python-2.7.7.tar.xz.asc new file mode 100644 index 0000000..bdd2220 --- /dev/null +++ b/Python-2.7.7.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (GNU/Linux) + +iQIcBAABAgAGBQJTiinXAAoJEATDZ8IYrdT/rp4P/Rnl1l4O3LgrL+F96ASNqzRJ +b2lxcgEzbiuSCxYTsHrNb8nElcl2XozkDb3IOGT9s2dpl0NobcrYkQ5ia0/Tk6XP +mJ4B99mIiFJfAssBBIZglG6I2xiJHaV/XNzZj6NIvGrvyyeuW8GqOOG1KDME4UyQ +JRqnozC0O1YNzaHmppDjRaKea9ualmmLiAC3N2J6svtB97AkKrUsxFPdqLso776T +119ZlZ6MEQx5hs8YgJ+J62gBKzkP/m2yiSu0tf36QUxsYISWlbwjyvqS6cuzRNjl +VXlXyKTq7RcU/10VvLYENnA0U5dXIFKZv4BWCj/4wHmujEz2DenwziXUVb38ot+K +bAXk9OMUVHzzFwny0pLbQxFXOAXopUx3qtcwXSiOoaK72VxqhKqLH/UP6rL7n3tn +Un4wpNYA6pd3O4dZVIbZ3IjfueTasGdKdX6DxLjlvD916w0+zeiYZeohCe/HeT93 ++Yp4tibpexHPqgln+6/M17Oj8ungqyuD6Y91mPyfOhr8FoPK1z/NyLQit8f97Mkl +OJkqOfqoNfOxPPuP1oiN4rb4EttkmFtJ45BOsfsksXDF9IIDKwonOSxDbeTekW8Z +RGg2FKXFsnOSpH+NcEkPizY5vsYB7DUH7NB992ovZmUUmUuAS6n0wNyiUqwtQN60 +sFbdz+EXOO6KTcQx0y3z +=tcoa +-----END PGP SIGNATURE----- diff --git a/python-2.7.3-ssl_ca_path.patch b/python-2.7.3-ssl_ca_path.patch index dd73ebc..32d6b2a 100644 --- a/python-2.7.3-ssl_ca_path.patch +++ b/python-2.7.3-ssl_ca_path.patch @@ -1,16 +1,16 @@ -Index: Python-2.7.5/Modules/_ssl.c +Index: Python-2.7.7/Modules/_ssl.c =================================================================== ---- Python-2.7.5.orig/Modules/_ssl.c -+++ Python-2.7.5/Modules/_ssl.c -@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock, +--- Python-2.7.7.orig/Modules/_ssl.c 2014-06-20 14:34:28.157656595 +0200 ++++ Python-2.7.7/Modules/_ssl.c 2014-06-20 14:35:20.092929774 +0200 +@@ -273,6 +273,7 @@ char *errstr = NULL; int ret; int verification_mode; + struct stat stat_buf; + long options; self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ - if (self == NULL) -@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock, +@@ -331,20 +332,32 @@ if (certreq != PY_SSL_CERT_NONE) { if (cacerts_file == NULL) { diff --git a/python-2.7.4-canonicalize2.patch b/python-2.7.4-canonicalize2.patch index c47d933..d8c83f4 100644 --- a/python-2.7.4-canonicalize2.patch +++ b/python-2.7.4-canonicalize2.patch @@ -1,6 +1,8 @@ ---- a/Python/sysmodule.c -+++ b/Python/sysmodule.c -@@ -1620,7 +1620,20 @@ +Index: Python-2.7.7/Python/sysmodule.c +=================================================================== +--- Python-2.7.7.orig/Python/sysmodule.c 2014-06-20 14:33:06.696228064 +0200 ++++ Python-2.7.7/Python/sysmodule.c 2014-06-20 14:33:10.960250497 +0200 +@@ -1624,7 +1624,20 @@ char *p = NULL; Py_ssize_t n = 0; PyObject *a; @@ -22,7 +24,7 @@ char link[MAXPATHLEN+1]; char argv0copy[2*MAXPATHLEN+1]; int nr = 0; -@@ -1647,7 +1660,8 @@ +@@ -1651,7 +1664,8 @@ } } } @@ -32,7 +34,7 @@ #if SEP == '\\' /* Special case for MS filename syntax */ if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) { char *q; -@@ -1676,11 +1690,6 @@ +@@ -1680,11 +1694,6 @@ } #else /* All other filename syntaxes */ if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) { @@ -44,7 +46,7 @@ p = strrchr(argv0, SEP); } if (p != NULL) { -@@ -1698,6 +1707,9 @@ +@@ -1702,6 +1711,9 @@ a = PyString_FromStringAndSize(argv0, n); if (a == NULL) Py_FatalError("no mem for sys.path insertion"); @@ -54,9 +56,11 @@ if (PyList_Insert(path, 0, a) < 0) Py_FatalError("sys.path.insert(0) failed"); Py_DECREF(a); ---- a/pyconfig.h.in -+++ b/pyconfig.h.in -@@ -106,6 +106,9 @@ +Index: Python-2.7.7/pyconfig.h.in +=================================================================== +--- Python-2.7.7.orig/pyconfig.h.in 2014-05-31 20:58:40.000000000 +0200 ++++ Python-2.7.7/pyconfig.h.in 2014-06-20 14:33:10.961250502 +0200 +@@ -109,6 +109,9 @@ /* Define to 1 if you have the 'chflags' function. */ #undef HAVE_CHFLAGS @@ -66,11 +70,13 @@ /* Define to 1 if you have the `chown' function. */ #undef HAVE_CHOWN ---- a/configure.ac -+++ b/configure.ac -@@ -2913,7 +2913,7 @@ +Index: Python-2.7.7/configure.ac +=================================================================== +--- Python-2.7.7.orig/configure.ac 2014-06-20 14:33:06.694228054 +0200 ++++ Python-2.7.7/configure.ac 2014-06-20 14:33:10.961250502 +0200 +@@ -2935,7 +2935,7 @@ getpriority getresuid getresgid getpwent getspnam getspent getsid getwd \ - initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime \ + initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime mmap \ mremap nice pathconf pause plock poll pthread_init \ - putenv readlink realpath \ + putenv readlink realpath canonicalize_file_name \ diff --git a/python-2.7.4-no-REUSEPORT.patch b/python-2.7.4-no-REUSEPORT.patch deleted file mode 100644 index 46cf4f3..0000000 --- a/python-2.7.4-no-REUSEPORT.patch +++ /dev/null @@ -1,19 +0,0 @@ -Index: Python-2.7.4/Lib/test/test_support.py -=================================================================== ---- Python-2.7.4.orig/Lib/test/test_support.py 2013-04-06 16:02:32.000000000 +0200 -+++ Python-2.7.4/Lib/test/test_support.py 2013-05-09 17:46:46.789663295 +0200 -@@ -371,10 +371,10 @@ - if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR) == 1: - raise TestFailed("tests should never set the SO_REUSEADDR " \ - "socket option on TCP/IP sockets!") -- if hasattr(socket, 'SO_REUSEPORT'): -- if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1: -- raise TestFailed("tests should never set the SO_REUSEPORT " \ -- "socket option on TCP/IP sockets!") -+# if hasattr(socket, 'SO_REUSEPORT'): -+# if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1: -+# raise TestFailed("tests should never set the SO_REUSEPORT " \ -+# "socket option on TCP/IP sockets!") - if hasattr(socket, 'SO_EXCLUSIVEADDRUSE'): - sock.setsockopt(socket.SOL_SOCKET, socket.SO_EXCLUSIVEADDRUSE, 1) - diff --git a/python-2.7.6-bdist-rpm.patch b/python-2.7.6-bdist-rpm.patch deleted file mode 100644 index 465d388..0000000 --- a/python-2.7.6-bdist-rpm.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: Python-2.7.6/Lib/distutils/command/bdist_rpm.py -=================================================================== ---- Python-2.7.6.orig/Lib/distutils/command/bdist_rpm.py 2013-11-10 08:36:40.000000000 +0100 -+++ Python-2.7.6/Lib/distutils/command/bdist_rpm.py 2014-02-11 19:19:26.739708837 +0100 -@@ -14,6 +14,7 @@ - from distutils.file_util import write_file - from distutils.errors import (DistutilsOptionError, DistutilsPlatformError, - DistutilsFileError, DistutilsExecError) -+from distutils.sysconfig import get_python_version - from distutils import log - - class bdist_rpm (Command): diff --git a/python-2.7.6-docs-html.tar.bz2 b/python-2.7.6-docs-html.tar.bz2 deleted file mode 100644 index d9c47e4..0000000 --- a/python-2.7.6-docs-html.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b04dc7c5fa328ad9009cc0f43e2136ef14824246fc596fae0830bb5ece529ab3 -size 4482212 diff --git a/python-2.7.6-docs-pdf-a4.tar.bz2 b/python-2.7.6-docs-pdf-a4.tar.bz2 deleted file mode 100644 index 58244b9..0000000 --- a/python-2.7.6-docs-pdf-a4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5ca5209a8cbf8d966eff6611cfe8accf38040a63534d5c050730fba47a24e703 -size 10321047 diff --git a/python-2.7.6-docs-pdf-letter.tar.bz2 b/python-2.7.6-docs-pdf-letter.tar.bz2 deleted file mode 100644 index 7c7bb15..0000000 --- a/python-2.7.6-docs-pdf-letter.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ff9b65247b5ad74a86793630eda5063af25b925bcc8dd2910765640a1463401d -size 10380021 diff --git a/python-2.7.6-imaplib.patch b/python-2.7.6-imaplib.patch deleted file mode 100644 index 5af60ab..0000000 --- a/python-2.7.6-imaplib.patch +++ /dev/null @@ -1,59 +0,0 @@ - -# HG changeset patch -# User R David Murray -# Date 1388775562 18000 -# Node ID dd906f4ab9237020a7a275c2d361fa288e553481 -# Parent 69b5f692455306c98aa27ecea17e6290787ebd3f -closes 16039: CVE-2013-1752: limit line length in imaplib readline calls. - -diff --git a/Lib/imaplib.py b/Lib/imaplib.py ---- a/Lib/imaplib.py -+++ b/Lib/imaplib.py -@@ -35,6 +35,15 @@ IMAP4_PORT = 143 - IMAP4_SSL_PORT = 993 - AllowedVersions = ('IMAP4REV1', 'IMAP4') # Most recent first - -+# Maximal line length when calling readline(). This is to prevent -+# reading arbitrary length lines. RFC 3501 and 2060 (IMAP 4rev1) -+# don't specify a line length. RFC 2683 however suggests limiting client -+# command lines to 1000 octets and server command lines to 8000 octets. -+# We have selected 10000 for some extra margin and since that is supposedly -+# also what UW and Panda IMAP does. -+_MAXLINE = 10000 -+ -+ - # Commands - - Commands = { -@@ -237,7 +246,10 @@ class IMAP4: - - def readline(self): - """Read line from remote.""" -- return self.file.readline() -+ line = self.file.readline(_MAXLINE + 1) -+ if len(line) > _MAXLINE: -+ raise self.error("got more than %d bytes" % _MAXLINE) -+ return line - - - def send(self, data): -diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py ---- a/Lib/test/test_imaplib.py -+++ b/Lib/test/test_imaplib.py -@@ -165,6 +165,16 @@ class BaseThreadedNetworkedTests(unittes - self.imap_class, *server.server_address) - - -+ def test_linetoolong(self): -+ class TooLongHandler(SimpleIMAPHandler): -+ def handle(self): -+ # Send a very long response line -+ self.wfile.write('* OK ' + imaplib._MAXLINE*'x' + '\r\n') -+ -+ with self.reaped_server(TooLongHandler) as server: -+ self.assertRaises(imaplib.IMAP4.error, -+ self.imap_class, *server.server_address) -+ - class ThreadedNetworkedTests(BaseThreadedNetworkedTests): - - server_class = SocketServer.TCPServer diff --git a/python-2.7.6-sqlite-3.8.4-tests.patch b/python-2.7.6-sqlite-3.8.4-tests.patch deleted file mode 100644 index 7044b31..0000000 --- a/python-2.7.6-sqlite-3.8.4-tests.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Benjamin Peterson -Date: Wed, 12 Mar 2014 21:51:52 -0500 -Subject: [PATCH] weaken callback count inequality (closes #20901) -Upstream: committed -References: https://bugzilla.novell.com/show_bug.cgi?id=867887 http://bugs.python.org/issue20901 http://hg.python.org/cpython/rev/1763e27a182d - -Fixes test failures with SQLite 3.8.4 - -[ 296s] test test_sqlite failed -- Traceback (most recent call last): -[ 296s] File "/home/abuild/rpmbuild/BUILD/Python-2.7.6/Lib/sqlite3/test/hooks.py", line 165, in CheckOpcodeCount -[ 296s] self.assertTrue(first_count > second_count) -[ 296s] AssertionError: False is not true - ---- - Lib/sqlite3/test/hooks.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: Python-2.7.6/Lib/sqlite3/test/hooks.py -=================================================================== ---- Python-2.7.6.orig/Lib/sqlite3/test/hooks.py 2014-03-14 20:32:55.000000000 +0000 -+++ Python-2.7.6/Lib/sqlite3/test/hooks.py 2014-03-14 20:34:07.000000000 +0000 -@@ -162,7 +162,7 @@ class ProgressTests(unittest.TestCase): - create table bar (a, b) - """) - second_count = len(progress_calls) -- self.assertTrue(first_count > second_count) -+ self.assertTrue(first_count >= second_count) - - def CheckCancelOperation(self): - """ diff --git a/python-2.7.7-docs-html.tar.bz2 b/python-2.7.7-docs-html.tar.bz2 new file mode 100644 index 0000000..22f3ffa --- /dev/null +++ b/python-2.7.7-docs-html.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0086dea3641d7b311425339357c52dd2ba5694f0d4d2c9ae1782e898707a8bd6 +size 4494590 diff --git a/python-2.7.7-docs-pdf-a4.tar.bz2 b/python-2.7.7-docs-pdf-a4.tar.bz2 new file mode 100644 index 0000000..2f39d8b --- /dev/null +++ b/python-2.7.7-docs-pdf-a4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6fc5eef11803c9b84aaab30c09c20ffd492f105089fe918e93ec1d65b6b87a6a +size 10728634 diff --git a/python-2.7.7-docs-pdf-letter.tar.bz2 b/python-2.7.7-docs-pdf-letter.tar.bz2 new file mode 100644 index 0000000..73af103 --- /dev/null +++ b/python-2.7.7-docs-pdf-letter.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fdc09f1a41744ac664d86241072f9525d2c6edb46919b0c197da0eb3e1ffff7d +size 10779787 diff --git a/python-base.changes b/python-base.changes index 1d02c55..f2c5770 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Fri Jun 20 13:11:34 UTC 2014 - jmatejek@suse.com + +- update to 2.7.7 + * bugfix-only release, over a hundred bugs fixed + * backported hmac.compare_digest from python3, first step of PEP 466 +- drop upstreamed patches: + * CVE-2014-1912-recvfrom_into.patch + * python-2.7.4-no-REUSEPORT.patch + * python-2.7.6-bdist-rpm.patch + * python-2.7.6-imaplib.patch + * python-2.7.6-sqlite-3.8.4-tests.patch +- refresh patches: + * python-2.7.3-ssl_ca_path.patch + * python-2.7.4-canonicalize2.patch + * xmlrpc_gzip_27.patch +- added python keyring and signature for the main tarball + ------------------------------------------------------------------- Sat Mar 15 08:05:41 UTC 2014 - schwab@suse.de diff --git a/python-base.spec b/python-base.spec index 66f1a17..b1c9173 100644 --- a/python-base.spec +++ b/python-base.spec @@ -17,7 +17,7 @@ Name: python-base -Version: 2.7.6 +Version: 2.7.7 Release: 0 Summary: Python Interpreter base package License: Python-2.0 @@ -26,6 +26,8 @@ Url: http://www.python.org/ %define tarversion %{version} %define tarname Python-%{tarversion} Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz +Source4: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz.asc +Source6: python.keyring Source1: macros.python Source2: baselibs.conf Source3: README.SUSE @@ -47,21 +49,14 @@ Patch18: python-2.7.3-ssl_ca_path.patch Patch20: python-bundle-lang.patch # PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module Patch22: python-2.7.4-aarch64.patch -Patch23: python-2.7.4-no-REUSEPORT.patch Patch24: python-bsddb6.diff # PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module Patch25: libffi-ppc64le.diff # CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client Patch26: xmlrpc_gzip_27.patch # CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib -Patch27: python-2.7.6-imaplib.patch Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch -# [bnc#857470] add missing import to bdist_rpm command -Patch30: python-2.7.6-bdist-rpm.patch -# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into -Patch31: CVE-2014-1912-recvfrom_into.patch -Patch32: python-2.7.6-sqlite-3.8.4-tests.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -149,16 +144,11 @@ other applications. %patch18 -p1 %patch20 -p1 %patch22 -p1 -%patch23 -p1 %patch24 -p1 %patch25 -p0 %patch26 -p1 -%patch27 -p1 %patch28 -p1 %patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/python-doc.changes b/python-doc.changes index e9ba256..79a03ed 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jun 20 13:46:40 UTC 2014 - jmatejek@suse.com + +- update to 2.7.7 + ------------------------------------------------------------------- Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de diff --git a/python-doc.spec b/python-doc.spec index 70a7deb..9f1d023 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -16,7 +16,7 @@ # Name: python-doc -Version: 2.7.6 +Version: 2.7.7 Release: 0 Summary: Additional Package Documentation for Python License: Python-2.0 @@ -52,21 +52,14 @@ Patch18: python-2.7.3-ssl_ca_path.patch Patch20: python-bundle-lang.patch # PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module Patch22: python-2.7.4-aarch64.patch -Patch23: python-2.7.4-no-REUSEPORT.patch Patch24: python-bsddb6.diff # PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module Patch25: libffi-ppc64le.diff # CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client Patch26: xmlrpc_gzip_27.patch # CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib -Patch27: python-2.7.6-imaplib.patch Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch -# [bnc#857470] add missing import to bdist_rpm command -Patch30: python-2.7.6-bdist-rpm.patch -# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into -Patch31: CVE-2014-1912-recvfrom_into.patch -Patch32: python-2.7.6-sqlite-3.8.4-tests.patch # COMMON-PATCH-END Provides: pyth_doc Provides: pyth_ps @@ -108,16 +101,11 @@ Python, and Macintosh Module Reference in PDF format. %patch18 -p1 %patch20 -p1 %patch22 -p1 -%patch23 -p1 %patch24 -p1 %patch25 -p0 %patch26 -p1 -%patch27 -p1 %patch28 -p1 %patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/python.changes b/python.changes index ddb7264..2051f51 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jun 20 13:46:22 UTC 2014 - jmatejek@suse.com + +- update to 2.7.7 + * bugfix-only release, over a hundred bugs fixed + ------------------------------------------------------------------- Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..9893ebe Binary files /dev/null and b/python.keyring differ diff --git a/python.spec b/python.spec index 39ddef6..9799d22 100644 --- a/python.spec +++ b/python.spec @@ -16,7 +16,7 @@ # Name: python -Version: 2.7.6 +Version: 2.7.7 Release: 0 Summary: Python Interpreter License: Python-2.0 @@ -53,21 +53,14 @@ Patch18: python-2.7.3-ssl_ca_path.patch Patch20: python-bundle-lang.patch # PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module Patch22: python-2.7.4-aarch64.patch -Patch23: python-2.7.4-no-REUSEPORT.patch Patch24: python-bsddb6.diff # PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module Patch25: libffi-ppc64le.diff # CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client Patch26: xmlrpc_gzip_27.patch # CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib -Patch27: python-2.7.6-imaplib.patch Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch -# [bnc#857470] add missing import to bdist_rpm command -Patch30: python-2.7.6-bdist-rpm.patch -# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into -Patch31: CVE-2014-1912-recvfrom_into.patch -Patch32: python-2.7.6-sqlite-3.8.4-tests.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -185,16 +178,11 @@ implementation of the standard Unix DBM databases. %patch18 -p1 %patch20 -p1 %patch22 -p1 -%patch23 -p1 %patch24 -p1 %patch25 -p0 %patch26 -p1 -%patch27 -p1 %patch28 -p1 %patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/xmlrpc_gzip_27.patch b/xmlrpc_gzip_27.patch index d0f9ac4..a6dc1a9 100644 --- a/xmlrpc_gzip_27.patch +++ b/xmlrpc_gzip_27.patch @@ -1,7 +1,8 @@ -diff --git a/Doc/library/xmlrpclib.rst b/Doc/library/xmlrpclib.rst ---- a/Doc/library/xmlrpclib.rst -+++ b/Doc/library/xmlrpclib.rst -@@ -120,6 +120,15 @@ +Index: Python-2.7.7/Doc/library/xmlrpclib.rst +=================================================================== +--- Python-2.7.7.orig/Doc/library/xmlrpclib.rst 2014-05-31 20:58:38.000000000 +0200 ++++ Python-2.7.7/Doc/library/xmlrpclib.rst 2014-06-20 14:51:40.282081132 +0200 +@@ -127,6 +127,15 @@ *__dict__* attribute and don't have a base class that is marshalled in a special way. @@ -17,74 +18,10 @@ diff --git a/Doc/library/xmlrpclib.rst b/Doc/library/xmlrpclib.rst .. seealso:: -diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py ---- a/Lib/test/test_xmlrpc.py -+++ b/Lib/test/test_xmlrpc.py -@@ -19,6 +19,11 @@ - threading = None - - try: -+ import gzip -+except ImportError: -+ gzip = None -+ -+try: - unicode - except NameError: - have_unicode = False -@@ -731,7 +736,7 @@ - with cm: - p.pow(6, 8) - -- def test_gsip_response(self): -+ def test_gzip_response(self): - t = self.Transport() - p = xmlrpclib.ServerProxy(URL, transport=t) - old = self.requestHandler.encode_threshold -@@ -744,6 +749,27 @@ - self.requestHandler.encode_threshold = old - self.assertTrue(a>b) - -+ def test_gzip_decode_limit(self): -+ data = '\0' * xmlrpclib.MAX_GZIP_DECODE -+ encoded = xmlrpclib.gzip_encode(data) -+ decoded = xmlrpclib.gzip_decode(encoded) -+ self.assertEqual(len(decoded), xmlrpclib.MAX_GZIP_DECODE) -+ -+ data = '\0' * (xmlrpclib.MAX_GZIP_DECODE + 1) -+ encoded = xmlrpclib.gzip_encode(data) -+ -+ with self.assertRaisesRegexp(ValueError, -+ "max gzipped payload length exceeded"): -+ xmlrpclib.gzip_decode(encoded) -+ -+ oldmax = xmlrpclib.MAX_GZIP_DECODE -+ try: -+ xmlrpclib.MAX_GZIP_DECODE = -1 -+ xmlrpclib.gzip_decode(encoded) -+ finally: -+ xmlrpclib.MAX_GZIP_DECODE = oldmax -+ -+ - #Test special attributes of the ServerProxy object - class ServerProxyTestCase(unittest.TestCase): - def setUp(self): -@@ -1011,11 +1037,8 @@ - xmlrpc_tests.append(SimpleServerTestCase) - xmlrpc_tests.append(KeepaliveServerTestCase1) - xmlrpc_tests.append(KeepaliveServerTestCase2) -- try: -- import gzip -+ if gzip is not None: - xmlrpc_tests.append(GzipServerTestCase) -- except ImportError: -- pass #gzip not supported in this build - xmlrpc_tests.append(MultiPathServerTestCase) - xmlrpc_tests.append(ServerProxyTestCase) - xmlrpc_tests.append(FailingServerTestCase) -diff --git a/Lib/xmlrpclib.py b/Lib/xmlrpclib.py ---- a/Lib/xmlrpclib.py -+++ b/Lib/xmlrpclib.py +Index: Python-2.7.7/Lib/xmlrpclib.py +=================================================================== +--- Python-2.7.7.orig/Lib/xmlrpclib.py 2014-05-31 20:58:39.000000000 +0200 ++++ Python-2.7.7/Lib/xmlrpclib.py 2014-06-20 14:51:40.282081132 +0200 @@ -49,6 +49,7 @@ # 2003-07-12 gp Correct marshalling of Faults # 2003-10-31 mvl Add multicall support @@ -122,3 +59,56 @@ diff --git a/Lib/xmlrpclib.py b/Lib/xmlrpclib.py return decoded ## +Index: Python-2.7.7/Lib/test/test_xmlrpc.py +=================================================================== +--- Python-2.7.7.orig/Lib/test/test_xmlrpc.py 2014-05-31 20:58:39.000000000 +0200 ++++ Python-2.7.7/Lib/test/test_xmlrpc.py 2014-06-20 14:51:59.993184645 +0200 +@@ -24,6 +24,11 @@ + gzip = None + + try: ++ import gzip ++except ImportError: ++ gzip = None ++ ++try: + unicode + except NameError: + have_unicode = False +@@ -737,7 +742,7 @@ + with cm: + p.pow(6, 8) + +- def test_gsip_response(self): ++ def test_gzip_response(self): + t = self.Transport() + p = xmlrpclib.ServerProxy(URL, transport=t) + old = self.requestHandler.encode_threshold +@@ -750,6 +755,27 @@ + self.requestHandler.encode_threshold = old + self.assertTrue(a>b) + ++ def test_gzip_decode_limit(self): ++ data = '\0' * xmlrpclib.MAX_GZIP_DECODE ++ encoded = xmlrpclib.gzip_encode(data) ++ decoded = xmlrpclib.gzip_decode(encoded) ++ self.assertEqual(len(decoded), xmlrpclib.MAX_GZIP_DECODE) ++ ++ data = '\0' * (xmlrpclib.MAX_GZIP_DECODE + 1) ++ encoded = xmlrpclib.gzip_encode(data) ++ ++ with self.assertRaisesRegexp(ValueError, ++ "max gzipped payload length exceeded"): ++ xmlrpclib.gzip_decode(encoded) ++ ++ oldmax = xmlrpclib.MAX_GZIP_DECODE ++ try: ++ xmlrpclib.MAX_GZIP_DECODE = -1 ++ xmlrpclib.gzip_decode(encoded) ++ finally: ++ xmlrpclib.MAX_GZIP_DECODE = oldmax ++ ++ + #Test special attributes of the ServerProxy object + class ServerProxyTestCase(unittest.TestCase): + def setUp(self):