Compare commits
No commits in common. "rawhide" and "f33" have entirely different histories.
@ -1,407 +0,0 @@
|
||||
From 7ea7122d59e21063b58d5e5a88228041ae6b66c1 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <encukou@gmail.com>
|
||||
Date: Fri, 3 Jun 2022 11:43:35 +0200
|
||||
Subject: [PATCH] 00382-cve-2015-20107.patch
|
||||
|
||||
00382 #
|
||||
Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
|
||||
|
||||
Upstream: https://github.com/python/cpython/issues/68966
|
||||
|
||||
Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
|
||||
|
||||
Backported from python3.
|
||||
---
|
||||
lib-python/2.7/mailcap.py | 29 +++-
|
||||
lib-python/2.7/test/mailcap.txt | 39 +++++
|
||||
lib-python/2.7/test/test_mailcap.py | 259 ++++++++++++++++++++++++++++
|
||||
3 files changed, 325 insertions(+), 2 deletions(-)
|
||||
create mode 100644 lib-python/2.7/test/mailcap.txt
|
||||
create mode 100644 lib-python/2.7/test/test_mailcap.py
|
||||
|
||||
diff --git a/lib-python/2.7/mailcap.py b/lib-python/2.7/mailcap.py
|
||||
index 04077ba..1108b44 100644
|
||||
--- a/lib-python/2.7/mailcap.py
|
||||
+++ b/lib-python/2.7/mailcap.py
|
||||
@@ -1,9 +1,18 @@
|
||||
"""Mailcap file handling. See RFC 1524."""
|
||||
|
||||
import os
|
||||
+import warnings
|
||||
+import re
|
||||
|
||||
__all__ = ["getcaps","findmatch"]
|
||||
|
||||
+
|
||||
+_find_unsafe = re.compile(r'[^\xa1-\xff\w@+=:,./-]').search
|
||||
+
|
||||
+class UnsafeMailcapInput(Warning):
|
||||
+ """Warning raised when refusing unsafe input"""
|
||||
+
|
||||
+
|
||||
# Part 1: top-level interface.
|
||||
|
||||
def getcaps():
|
||||
@@ -144,15 +153,22 @@ def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]):
|
||||
entry to use.
|
||||
|
||||
"""
|
||||
+ if _find_unsafe(filename):
|
||||
+ msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,)
|
||||
+ warnings.warn(msg, UnsafeMailcapInput)
|
||||
+ return None, None
|
||||
entries = lookup(caps, MIMEtype, key)
|
||||
# XXX This code should somehow check for the needsterminal flag.
|
||||
for e in entries:
|
||||
if 'test' in e:
|
||||
test = subst(e['test'], filename, plist)
|
||||
+ if test is None:
|
||||
+ continue
|
||||
if test and os.system(test) != 0:
|
||||
continue
|
||||
command = subst(e[key], MIMEtype, filename, plist)
|
||||
- return command, e
|
||||
+ if command is not None:
|
||||
+ return command, e
|
||||
return None, None
|
||||
|
||||
def lookup(caps, MIMEtype, key=None):
|
||||
@@ -184,6 +200,10 @@ def subst(field, MIMEtype, filename, plist=[]):
|
||||
elif c == 's':
|
||||
res = res + filename
|
||||
elif c == 't':
|
||||
+ if _find_unsafe(MIMEtype):
|
||||
+ msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,)
|
||||
+ warnings.warn(msg, UnsafeMailcapInput)
|
||||
+ return None
|
||||
res = res + MIMEtype
|
||||
elif c == '{':
|
||||
start = i
|
||||
@@ -191,7 +211,12 @@ def subst(field, MIMEtype, filename, plist=[]):
|
||||
i = i+1
|
||||
name = field[start:i]
|
||||
i = i+1
|
||||
- res = res + findparam(name, plist)
|
||||
+ param = findparam(name, plist)
|
||||
+ if _find_unsafe(param):
|
||||
+ msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name)
|
||||
+ warnings.warn(msg, UnsafeMailcapInput)
|
||||
+ return None
|
||||
+ res = res + param
|
||||
# XXX To do:
|
||||
# %n == number of parts if type is multipart/*
|
||||
# %F == list of alternating type and filename for parts
|
||||
diff --git a/lib-python/2.7/test/mailcap.txt b/lib-python/2.7/test/mailcap.txt
|
||||
new file mode 100644
|
||||
index 0000000..08a76e6
|
||||
--- /dev/null
|
||||
+++ b/lib-python/2.7/test/mailcap.txt
|
||||
@@ -0,0 +1,39 @@
|
||||
+# Mailcap file for test_mailcap; based on RFC 1524
|
||||
+# Referred to by test_mailcap.py
|
||||
+
|
||||
+#
|
||||
+# This is a comment.
|
||||
+#
|
||||
+
|
||||
+application/frame; showframe %s; print="cat %s | lp"
|
||||
+application/postscript; ps-to-terminal %s;\
|
||||
+ needsterminal
|
||||
+application/postscript; ps-to-terminal %s; \
|
||||
+ compose=idraw %s
|
||||
+application/x-dvi; xdvi %s
|
||||
+application/x-movie; movieplayer %s; compose=moviemaker %s; \
|
||||
+ description="Movie"; \
|
||||
+ x11-bitmap="/usr/lib/Zmail/bitmaps/movie.xbm"
|
||||
+application/*; echo "This is \"%t\" but \
|
||||
+ is 50 \% Greek to me" \; cat %s; copiousoutput
|
||||
+
|
||||
+audio/basic; showaudio %s; compose=audiocompose %s; edit=audiocompose %s;\
|
||||
+description="An audio fragment"
|
||||
+audio/* ; /usr/local/bin/showaudio %t
|
||||
+
|
||||
+image/rgb; display %s
|
||||
+#image/gif; display %s
|
||||
+image/x-xwindowdump; display %s
|
||||
+
|
||||
+# The continuation char shouldn't \
|
||||
+# make a difference in a comment.
|
||||
+
|
||||
+message/external-body; showexternal %s %{access-type} %{name} %{site} \
|
||||
+ %{directory} %{mode} %{server}; needsterminal; composetyped = extcompose %s; \
|
||||
+ description="A reference to data stored in an external location"
|
||||
+
|
||||
+text/richtext; shownonascii iso-8859-8 -e richtext -p %s; test=test "`echo \
|
||||
+ %{charset} | tr '[A-Z]' '[a-z]'`" = iso-8859-8; copiousoutput
|
||||
+
|
||||
+video/*; animate %s
|
||||
+video/mpeg; mpeg_play %s
|
||||
\ No newline at end of file
|
||||
diff --git a/lib-python/2.7/test/test_mailcap.py b/lib-python/2.7/test/test_mailcap.py
|
||||
new file mode 100644
|
||||
index 0000000..35da7fb
|
||||
--- /dev/null
|
||||
+++ b/lib-python/2.7/test/test_mailcap.py
|
||||
@@ -0,0 +1,259 @@
|
||||
+import copy
|
||||
+import os
|
||||
+import sys
|
||||
+import test.support
|
||||
+import unittest
|
||||
+from test import support as os_helper
|
||||
+from test import support as warnings_helper
|
||||
+from collections import OrderedDict
|
||||
+
|
||||
+import mailcap
|
||||
+
|
||||
+
|
||||
+# Location of mailcap file
|
||||
+MAILCAPFILE = test.support.findfile("mailcap.txt")
|
||||
+
|
||||
+# Dict to act as mock mailcap entry for this test
|
||||
+# The keys and values should match the contents of MAILCAPFILE
|
||||
+
|
||||
+MAILCAPDICT = {
|
||||
+ 'application/x-movie':
|
||||
+ [{'compose': 'moviemaker %s',
|
||||
+ 'x11-bitmap': '"/usr/lib/Zmail/bitmaps/movie.xbm"',
|
||||
+ 'description': '"Movie"',
|
||||
+ 'view': 'movieplayer %s',
|
||||
+ 'lineno': 4}],
|
||||
+ 'application/*':
|
||||
+ [{'copiousoutput': '',
|
||||
+ 'view': 'echo "This is \\"%t\\" but is 50 \\% Greek to me" \\; cat %s',
|
||||
+ 'lineno': 5}],
|
||||
+ 'audio/basic':
|
||||
+ [{'edit': 'audiocompose %s',
|
||||
+ 'compose': 'audiocompose %s',
|
||||
+ 'description': '"An audio fragment"',
|
||||
+ 'view': 'showaudio %s',
|
||||
+ 'lineno': 6}],
|
||||
+ 'video/mpeg':
|
||||
+ [{'view': 'mpeg_play %s', 'lineno': 13}],
|
||||
+ 'application/postscript':
|
||||
+ [{'needsterminal': '', 'view': 'ps-to-terminal %s', 'lineno': 1},
|
||||
+ {'compose': 'idraw %s', 'view': 'ps-to-terminal %s', 'lineno': 2}],
|
||||
+ 'application/x-dvi':
|
||||
+ [{'view': 'xdvi %s', 'lineno': 3}],
|
||||
+ 'message/external-body':
|
||||
+ [{'composetyped': 'extcompose %s',
|
||||
+ 'description': '"A reference to data stored in an external location"',
|
||||
+ 'needsterminal': '',
|
||||
+ 'view': 'showexternal %s %{access-type} %{name} %{site} %{directory} %{mode} %{server}',
|
||||
+ 'lineno': 10}],
|
||||
+ 'text/richtext':
|
||||
+ [{'test': 'test "`echo %{charset} | tr \'[A-Z]\' \'[a-z]\'`" = iso-8859-8',
|
||||
+ 'copiousoutput': '',
|
||||
+ 'view': 'shownonascii iso-8859-8 -e richtext -p %s',
|
||||
+ 'lineno': 11}],
|
||||
+ 'image/x-xwindowdump':
|
||||
+ [{'view': 'display %s', 'lineno': 9}],
|
||||
+ 'audio/*':
|
||||
+ [{'view': '/usr/local/bin/showaudio %t', 'lineno': 7}],
|
||||
+ 'video/*':
|
||||
+ [{'view': 'animate %s', 'lineno': 12}],
|
||||
+ 'application/frame':
|
||||
+ [{'print': '"cat %s | lp"', 'view': 'showframe %s', 'lineno': 0}],
|
||||
+ 'image/rgb':
|
||||
+ [{'view': 'display %s', 'lineno': 8}]
|
||||
+}
|
||||
+
|
||||
+# In Python 2, mailcap doesn't return line numbers.
|
||||
+# This test suite is copied from Python 3.11; for easier backporting we keep
|
||||
+# data from there and remove the lineno.
|
||||
+# So, for Python 2, MAILCAPDICT_DEPRECATED is the same as MAILCAPDICT
|
||||
+MAILCAPDICT_DEPRECATED = MAILCAPDICT
|
||||
+for entry_list in MAILCAPDICT_DEPRECATED.values():
|
||||
+ for entry in entry_list:
|
||||
+ entry.pop('lineno')
|
||||
+
|
||||
+
|
||||
+class HelperFunctionTest(unittest.TestCase):
|
||||
+
|
||||
+ def test_listmailcapfiles(self):
|
||||
+ # The return value for listmailcapfiles() will vary by system.
|
||||
+ # So verify that listmailcapfiles() returns a list of strings that is of
|
||||
+ # non-zero length.
|
||||
+ mcfiles = mailcap.listmailcapfiles()
|
||||
+ self.assertIsInstance(mcfiles, list)
|
||||
+ for m in mcfiles:
|
||||
+ self.assertIsInstance(m, str)
|
||||
+ with os_helper.EnvironmentVarGuard() as env:
|
||||
+ # According to RFC 1524, if MAILCAPS env variable exists, use that
|
||||
+ # and only that.
|
||||
+ if "MAILCAPS" in env:
|
||||
+ env_mailcaps = env["MAILCAPS"].split(os.pathsep)
|
||||
+ else:
|
||||
+ env_mailcaps = ["/testdir1/.mailcap", "/testdir2/mailcap"]
|
||||
+ env["MAILCAPS"] = os.pathsep.join(env_mailcaps)
|
||||
+ mcfiles = mailcap.listmailcapfiles()
|
||||
+ self.assertEqual(env_mailcaps, mcfiles)
|
||||
+
|
||||
+ def test_readmailcapfile(self):
|
||||
+ # Test readmailcapfile() using test file. It should match MAILCAPDICT.
|
||||
+ with open(MAILCAPFILE, 'r') as mcf:
|
||||
+ d = mailcap.readmailcapfile(mcf)
|
||||
+ self.assertDictEqual(d, MAILCAPDICT_DEPRECATED)
|
||||
+
|
||||
+ def test_lookup(self):
|
||||
+ # Test without key
|
||||
+
|
||||
+ # In Python 2, 'video/mpeg' is tried before 'video/*'
|
||||
+ # (unfixed bug: https://github.com/python/cpython/issues/59182 )
|
||||
+ # So, these are in reverse order:
|
||||
+ expected = [{'view': 'mpeg_play %s', },
|
||||
+ {'view': 'animate %s', }]
|
||||
+ actual = mailcap.lookup(MAILCAPDICT, 'video/mpeg')
|
||||
+ self.assertListEqual(expected, actual)
|
||||
+
|
||||
+ # Test with key
|
||||
+ key = 'compose'
|
||||
+ expected = [{'edit': 'audiocompose %s',
|
||||
+ 'compose': 'audiocompose %s',
|
||||
+ 'description': '"An audio fragment"',
|
||||
+ 'view': 'showaudio %s',
|
||||
+ }]
|
||||
+ actual = mailcap.lookup(MAILCAPDICT, 'audio/basic', key)
|
||||
+ self.assertListEqual(expected, actual)
|
||||
+
|
||||
+ # Test on user-defined dicts without line numbers
|
||||
+ expected = [{'view': 'mpeg_play %s'}, {'view': 'animate %s'}]
|
||||
+ actual = mailcap.lookup(MAILCAPDICT_DEPRECATED, 'video/mpeg')
|
||||
+ self.assertListEqual(expected, actual)
|
||||
+
|
||||
+ def test_subst(self):
|
||||
+ plist = ['id=1', 'number=2', 'total=3']
|
||||
+ # test case: ([field, MIMEtype, filename, plist=[]], <expected string>)
|
||||
+ test_cases = [
|
||||
+ (["", "audio/*", "foo.txt"], ""),
|
||||
+ (["echo foo", "audio/*", "foo.txt"], "echo foo"),
|
||||
+ (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
|
||||
+ (["echo %t", "audio/*", "foo.txt"], None),
|
||||
+ (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
|
||||
+ (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
|
||||
+ (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
|
||||
+ (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3")
|
||||
+ ]
|
||||
+ for tc in test_cases:
|
||||
+ self.assertEqual(mailcap.subst(*tc[0]), tc[1])
|
||||
+
|
||||
+class GetcapsTest(unittest.TestCase):
|
||||
+
|
||||
+ def test_mock_getcaps(self):
|
||||
+ # Test mailcap.getcaps() using mock mailcap file in this dir.
|
||||
+ # Temporarily override any existing system mailcap file by pointing the
|
||||
+ # MAILCAPS environment variable to our mock file.
|
||||
+ with os_helper.EnvironmentVarGuard() as env:
|
||||
+ env["MAILCAPS"] = MAILCAPFILE
|
||||
+ caps = mailcap.getcaps()
|
||||
+ self.assertDictEqual(caps, MAILCAPDICT)
|
||||
+
|
||||
+ def test_system_mailcap(self):
|
||||
+ # Test mailcap.getcaps() with mailcap file(s) on system, if any.
|
||||
+ caps = mailcap.getcaps()
|
||||
+ self.assertIsInstance(caps, dict)
|
||||
+ mailcapfiles = mailcap.listmailcapfiles()
|
||||
+ existingmcfiles = [mcf for mcf in mailcapfiles if os.path.exists(mcf)]
|
||||
+ if existingmcfiles:
|
||||
+ # At least 1 mailcap file exists, so test that.
|
||||
+ for (k, v) in caps.items():
|
||||
+ self.assertIsInstance(k, str)
|
||||
+ self.assertIsInstance(v, list)
|
||||
+ for e in v:
|
||||
+ self.assertIsInstance(e, dict)
|
||||
+ else:
|
||||
+ # No mailcap files on system. getcaps() should return empty dict.
|
||||
+ self.assertEqual({}, caps)
|
||||
+
|
||||
+
|
||||
+class FindmatchTest(unittest.TestCase):
|
||||
+
|
||||
+ def test_findmatch(self):
|
||||
+
|
||||
+ # default findmatch arguments
|
||||
+ c = MAILCAPDICT
|
||||
+ fname = "foo.txt"
|
||||
+ plist = ["access-type=default", "name=john", "site=python.org",
|
||||
+ "directory=/tmp", "mode=foo", "server=bar"]
|
||||
+ audio_basic_entry = {
|
||||
+ 'edit': 'audiocompose %s',
|
||||
+ 'compose': 'audiocompose %s',
|
||||
+ 'description': '"An audio fragment"',
|
||||
+ 'view': 'showaudio %s',
|
||||
+ }
|
||||
+ audio_entry = {"view": "/usr/local/bin/showaudio %t", }
|
||||
+ video_entry = {'view': 'animate %s', }
|
||||
+ mpeg_entry = {'view': 'mpeg_play %s', }
|
||||
+ message_entry = {
|
||||
+ 'composetyped': 'extcompose %s',
|
||||
+ 'description': '"A reference to data stored in an external location"', 'needsterminal': '',
|
||||
+ 'view': 'showexternal %s %{access-type} %{name} %{site} %{directory} %{mode} %{server}',
|
||||
+ }
|
||||
+
|
||||
+ # test case: (findmatch args, findmatch keyword args, expected output)
|
||||
+ # positional args: caps, MIMEtype
|
||||
+ # keyword args: key="view", filename="/dev/null", plist=[]
|
||||
+ # output: (command line, mailcap entry)
|
||||
+ cases = [
|
||||
+ ([{}, "video/mpeg"], {}, (None, None)),
|
||||
+ ([c, "foo/bar"], {}, (None, None)),
|
||||
+
|
||||
+ # In Python 2, 'video/mpeg' is tried before 'video/*'
|
||||
+ # (unfixed bug: https://github.com/python/cpython/issues/59182 )
|
||||
+ #([c, "video/mpeg"], {}, ('animate /dev/null', video_entry)),
|
||||
+ ([c, "video/mpeg"], {}, ('mpeg_play /dev/null', mpeg_entry)),
|
||||
+
|
||||
+ ([c, "audio/basic", "edit"], {}, ("audiocompose /dev/null", audio_basic_entry)),
|
||||
+ ([c, "audio/basic", "compose"], {}, ("audiocompose /dev/null", audio_basic_entry)),
|
||||
+ ([c, "audio/basic", "description"], {}, ('"An audio fragment"', audio_basic_entry)),
|
||||
+ ([c, "audio/basic", "foobar"], {}, (None, None)),
|
||||
+ ([c, "video/*"], {"filename": fname}, ("animate %s" % fname, video_entry)),
|
||||
+ ([c, "audio/basic", "compose"],
|
||||
+ {"filename": fname},
|
||||
+ ("audiocompose %s" % fname, audio_basic_entry)),
|
||||
+ ([c, "audio/basic"],
|
||||
+ {"key": "description", "filename": fname},
|
||||
+ ('"An audio fragment"', audio_basic_entry)),
|
||||
+ ([c, "audio/*"],
|
||||
+ {"filename": fname},
|
||||
+ (None, None)),
|
||||
+ ([c, "audio/wav"],
|
||||
+ {"filename": fname},
|
||||
+ ("/usr/local/bin/showaudio audio/wav", audio_entry)),
|
||||
+ ([c, "message/external-body"],
|
||||
+ {"plist": plist},
|
||||
+ ("showexternal /dev/null default john python.org /tmp foo bar", message_entry))
|
||||
+ ]
|
||||
+ self._run_cases(cases)
|
||||
+
|
||||
+ @unittest.skipUnless(os.name == "posix", "Requires 'test' command on system")
|
||||
+ @unittest.skipIf(sys.platform == "vxworks", "'test' command is not supported on VxWorks")
|
||||
+ def test_test(self):
|
||||
+ # findmatch() will automatically check any "test" conditions and skip
|
||||
+ # the entry if the check fails.
|
||||
+ caps = {"test/pass": [{"test": "test 1 -eq 1"}],
|
||||
+ "test/fail": [{"test": "test 1 -eq 0"}]}
|
||||
+ # test case: (findmatch args, findmatch keyword args, expected output)
|
||||
+ # positional args: caps, MIMEtype, key ("test")
|
||||
+ # keyword args: N/A
|
||||
+ # output: (command line, mailcap entry)
|
||||
+ cases = [
|
||||
+ # findmatch will return the mailcap entry for test/pass because it evaluates to true
|
||||
+ ([caps, "test/pass", "test"], {}, ("test 1 -eq 1", {"test": "test 1 -eq 1"})),
|
||||
+ # findmatch will return None because test/fail evaluates to false
|
||||
+ ([caps, "test/fail", "test"], {}, (None, None))
|
||||
+ ]
|
||||
+ self._run_cases(cases)
|
||||
+
|
||||
+ def _run_cases(self, cases):
|
||||
+ for c in cases:
|
||||
+ self.assertEqual(mailcap.findmatch(*c[0], **c[1]), c[2])
|
||||
+
|
||||
+
|
||||
+def test_main():
|
||||
+ test.support.run_unittest(HelperFunctionTest, GetcapsTest, FindmatchTest)
|
||||
--
|
||||
2.35.3
|
||||
|
143
pypy.spec
143
pypy.spec
@ -1,12 +1,8 @@
|
||||
# Note: When this is updated to 7.4,
|
||||
# the installation layout will change in a backwards-incompatible way.
|
||||
# That'll be a good time to rename this to pypy2.7 and adapt %%pypyprefix to be
|
||||
# %%{_libdir}/pypy%%{pyversion} (see e.g. pypy3.7 or pypy3.8 for inspiration).
|
||||
%global basever 7.3
|
||||
Name: pypy
|
||||
Version: %{basever}.11
|
||||
Version: %{basever}.1
|
||||
%global pyversion 2.7
|
||||
Release: 2%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: Python implementation with a Just-In-Time compiler
|
||||
|
||||
# PyPy is MIT
|
||||
@ -22,11 +18,6 @@ Summary: Python implementation with a Just-In-Time compiler
|
||||
License: MIT and Python and UCD and BSD and (ASL 2.0 or BSD)
|
||||
URL: http://pypy.org/
|
||||
|
||||
# https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
|
||||
%if 0%{?fedora} >= 37 || 0%{?rhel} >= 10
|
||||
ExcludeArch: %{ix86}
|
||||
%endif
|
||||
|
||||
# High-level configuration of the build:
|
||||
|
||||
# Whether to use RPM build wheels from the python-{pip,setuptools}-wheel package
|
||||
@ -132,6 +123,10 @@ ExcludeArch: %{ix86}
|
||||
# Easy way to enable/disable verbose logging:
|
||||
%global verbose_logs 0
|
||||
|
||||
# Forcibly use the shadow-stack option for detecting GC roots, rather than
|
||||
# relying on hacking up generated assembler with regexps:
|
||||
%global shadow_stack 1
|
||||
|
||||
# Easy way to turn off the selftests:
|
||||
%global run_selftests 1
|
||||
|
||||
@ -144,12 +139,14 @@ ExcludeArch: %{ix86}
|
||||
# We refer to this subdir of the source tree in a few places during the build:
|
||||
%global goal_dir pypy/goal
|
||||
|
||||
%ifarch %{ix86} x86_64 %{arm}
|
||||
%global _package_note_linker gold
|
||||
%endif
|
||||
|
||||
# Turn off the brp-python-bytecompile postprocessing script
|
||||
# We manually invoke it later on, using the freshly built pypy binary
|
||||
%global __os_install_post \
|
||||
%(echo '%{__os_install_post}' | sed -e 's!/usr/lib[^[:space:]]*/brp-python-bytecompile[[:space:]].*$!!g')
|
||||
|
||||
# Source and patches:
|
||||
Source0: https://downloads.python.org/pypy/pypy%{pyversion}-v%{version}-src.tar.bz2
|
||||
Source0: https://bitbucket.org/pypy/pypy/downloads/pypy%{pyversion}-v%{version}-src.tar.bz2
|
||||
|
||||
# Supply various useful RPM macros for building python modules against pypy:
|
||||
# __pypy, pypy_sitelib, pypy_sitearch
|
||||
@ -178,16 +175,6 @@ Patch2: 009-add-libxcrypt-support.patch
|
||||
# We conditionally apply this, but we use autosetup, so we use Source here
|
||||
Source189: 189-use-rpm-wheels.patch
|
||||
|
||||
# 00382 #
|
||||
# Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
|
||||
#
|
||||
# Upstream: https://github.com/python/cpython/issues/68966
|
||||
#
|
||||
# Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
|
||||
#
|
||||
# Backported from python3.
|
||||
Patch382: 382-cve-2015-20107.patch
|
||||
|
||||
# Build-time requirements:
|
||||
|
||||
# pypy's can be rebuilt using itself, rather than with CPython; doing so
|
||||
@ -221,9 +208,6 @@ BuildRequires: expat-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: gdbm-devel
|
||||
BuildRequires: chrpath
|
||||
|
||||
BuildRequires: python-rpm-macros
|
||||
|
||||
%ifnarch s390
|
||||
BuildRequires: valgrind-devel
|
||||
%endif
|
||||
@ -400,9 +384,6 @@ Build of PyPy with support for micro-threads for massive concurrency
|
||||
%prep
|
||||
%autosetup -n pypy%{pyversion}-v%{version}-src -p1 -S git
|
||||
|
||||
# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1954999
|
||||
%{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}}
|
||||
|
||||
%if %{with rpmwheels}
|
||||
%apply_patch -m %(basename %{SOURCE189}) %{SOURCE189}
|
||||
rm lib-python/2.7/ensurepip/_bundled/*.whl
|
||||
@ -436,9 +417,6 @@ find lib-python/%{pylibver} -name "*.py" -exec \
|
||||
ln -s lib_pypy/cffi/_pycparser pycparser
|
||||
%endif
|
||||
|
||||
# Remove windows executable binaries
|
||||
rm lib-python/2.7/distutils/command/*.exe
|
||||
|
||||
%build
|
||||
%ifarch s390x
|
||||
# pypy3 requires z10 at least
|
||||
@ -498,6 +476,7 @@ BuildPyPy() {
|
||||
# How will we track garbage-collection roots in the generated code?
|
||||
# http://pypy.readthedocs.org/en/latest/config/translation.gcrootfinder.html
|
||||
|
||||
%if 0%{shadow_stack}
|
||||
# This is the most portable option, and avoids a reliance on non-guaranteed
|
||||
# behaviors within GCC's code generator: use an explicitly-maintained stack
|
||||
# of root pointers:
|
||||
@ -505,6 +484,27 @@ BuildPyPy() {
|
||||
|
||||
export CFLAGS=$(echo "$RPM_OPT_FLAGS" | sed -e 's/-g//')
|
||||
|
||||
%else
|
||||
# Go with the default, which is "asmgcc"
|
||||
|
||||
%global gcrootfinder_options %{nil}
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=588941#c18
|
||||
# The generated Makefile compiles the .c files into assembler (.s), rather
|
||||
# than direct to .o It then post-processes this assembler to locate
|
||||
# garbage-collection roots (building .lbl.s and .gcmap files, and a
|
||||
# "gcmaptable.s"). (The modified .lbl.s files have extra code injected
|
||||
# within them).
|
||||
# Unfortunately, the code to do this:
|
||||
# pypy-1.4/pypy/translator/c/gcc/trackgcroot.py
|
||||
# doesn't interract well with the results of using our standard build flags.
|
||||
# For now, filter our CFLAGS of everything that could be conflicting with
|
||||
# pypy. Need to check these and reenable ones that are okay later.
|
||||
# Filed as https://bugzilla.redhat.com/show_bug.cgi?id=666966
|
||||
export CFLAGS=$(echo "$RPM_OPT_FLAGS" | sed -e 's/-Wp,-D_FORTIFY_SOURCE=2//' -e 's/-fexceptions//' -e 's/-fstack-protector//' -e 's/--param=ssp-buffer-size=4//' -e 's/-O2//' -e 's/-fasynchronous-unwind-tables//' -e 's/-march=i686//' -e 's/-mtune=atom//')
|
||||
|
||||
%endif
|
||||
|
||||
# The generated C code leads to many thousands of warnings of the form:
|
||||
# warning: variable 'l_v26003' set but not used [-Wunused-but-set-variable]
|
||||
# Suppress them:
|
||||
@ -576,7 +576,7 @@ mkdir -p %{buildroot}/%{pypyprefix}
|
||||
|
||||
|
||||
# Run installing script, archive-name %{name}-%{basever} in %{buildroot}/%{_libdir} == %{pypyprefix}
|
||||
%{bootstrap_python_interp} pypy/tool/release/package.py --archive-name %{name}-%{basever} --builddir %{buildroot}/%{_libdir} --no-embedded-dependencies
|
||||
%{bootstrap_python_interp} pypy/tool/release/package.py --archive-name %{name}-%{basever} --builddir %{buildroot}/%{_libdir}
|
||||
|
||||
# Remove shebang lines from .py files that aren't executable, and
|
||||
# remove executability from .py files that don't have a shebang line:
|
||||
@ -598,12 +598,19 @@ find \
|
||||
execstack --clear-execstack %{buildroot}/%{pypyprefix}/bin/pypy
|
||||
|
||||
# Bytecompile all of the .py files we ship, using our pypy binary, giving us
|
||||
# .pyc files for pypy.
|
||||
# .pyc files for pypy. The script actually does the work twice (passing in -O
|
||||
# the second time) but it's simplest to reuse that script.
|
||||
#
|
||||
# The script has special-casing for .py files below
|
||||
# /usr/lib{64}/python[0-9].[0-9]
|
||||
# but given that we're installing into a different path, the supplied "default"
|
||||
# implementation gets used instead.
|
||||
#
|
||||
# Note that some of the test files deliberately contain syntax errors, so
|
||||
# we are running it in subshell, to be able to ignore the failures and not to terminate the build.
|
||||
(%{py_byte_compile %{buildroot}%{pypyprefix}/bin/pypy %{buildroot}%{pypyprefix}}) || :
|
||||
|
||||
# we pass 0 for the second argument ("errors_terminate"):
|
||||
/usr/lib/rpm/brp-python-bytecompile \
|
||||
%{buildroot}%{pypyprefix}/bin/%{name} \
|
||||
0
|
||||
|
||||
%{buildroot}%{pypyprefix}/bin/%{name} -c 'import _tkinter'
|
||||
%{buildroot}%{pypyprefix}/bin/%{name} -c 'import Tkinter'
|
||||
@ -850,7 +857,7 @@ CheckPyPy %{name}-c-stackless
|
||||
%{_bindir}/%{name}
|
||||
%{_bindir}/%{name}%{pylibver}
|
||||
%{_bindir}/%{name}%{pymajorlibver}
|
||||
%{pypyprefix}/bin/
|
||||
%{pypyprefix}/bin/%{name}
|
||||
|
||||
%files devel
|
||||
%dir %{pypy_include_dir}
|
||||
@ -867,62 +874,6 @@ CheckPyPy %{name}-c-stackless
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.11-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Fri Dec 30 2022 Miro Hrončok <mhroncok@redhat.com> - 7.3.11-1
|
||||
- Update to 7.3.11
|
||||
- Fixes: rhbz#2147521
|
||||
|
||||
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.9-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Mon Jul 18 2022 Miro Hrončok <mhroncok@redhat.com> - 7.3.9-3
|
||||
- Use OpenSSL 3 on Fedora 36+
|
||||
- https://fedoraproject.org/wiki/Changes/OpenSSL3.0
|
||||
- https://fedoraproject.org/wiki/Changes/DeprecateOpensslCompat
|
||||
|
||||
* Tue Jun 28 2022 Charalampos Stratakis <cstratak@redhat.com> - 7.3.9-2
|
||||
- Security fix for CVE-2015-20107
|
||||
- Fixes: rhbz#2075390
|
||||
|
||||
* Wed Mar 30 2022 Miro Hrončok <mhroncok@redhat.com> - 7.3.9-1
|
||||
- Update to 7.3.9
|
||||
- Fixes: rhbz#2069872
|
||||
|
||||
* Tue Mar 01 2022 Miro Hrončok <mhroncok@redhat.com> - 7.3.8-1
|
||||
- Update to 7.3.8
|
||||
- Fixes: rhbz#2046555
|
||||
|
||||
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.6-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Sat Jan 08 2022 Miro Hrončok <mhroncok@redhat.com> - 7.3.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34
|
||||
|
||||
* Tue Oct 26 2021 Tomáš Hrnčiar <thrnciar@redhat.com> - 7.3.6-1
|
||||
- Update to 7.3.6
|
||||
- Remove windows executable binaries
|
||||
- Fixes: rhbz#2003681
|
||||
- Fixes: rhbz#2005457
|
||||
|
||||
* Mon Sep 20 2021 Miro Hrončok <mhroncok@redhat.com> - 7.3.5-2
|
||||
- Explicitly buildrequire OpenSSL 1.1, as Python 2 is not compatible with OpenSSL 3.0
|
||||
|
||||
* Mon Aug 16 2021 Miro Hrončok <mhroncok@redhat.com> - 7.3.5-1
|
||||
- Update to 7.3.5
|
||||
- Fixes: rhbz#1992600
|
||||
|
||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Wed Jul 21 2021 Tomas Hrnciar <thrnciar@redhat.com> - 7.3.4-2
|
||||
- Replace removed /usr/lib/rpm/brp-python-bytecompile with %%py_byte_compile macros
|
||||
- Fixes: rhbz#1976656
|
||||
|
||||
* Tue May 25 2021 Miro Hrončok <mhroncok@redhat.com> - 7.3.4-1
|
||||
- Update to 7.3.4
|
||||
|
||||
* Tue May 25 2021 Miro Hrončok <mhroncok@redhat.com> - 7.3.1-4
|
||||
- Provide missing bundled library information
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (pypy2.7-v7.3.11-src.tar.bz2) = 31fd93fe3e761fd096ff52c2a0afa40f78e4df700deb911e221d1682b35e8374c9deac7ba19b474f7ca7a366d3ae9b36ebaf78e81c4ec8306431fd0873daea55
|
||||
SHA512 (pypy2.7-v7.3.1-src.tar.bz2) = 1bec44fa0fc4b1186e25f69303f9e332df32184be990d86fba41c40152664a93bd65eabf4dded133371271402cea9b150b60c13bce89d1004b276f0908c0b8f1
|
||||
|
Loading…
Reference in New Issue
Block a user