Update to 5.9 (#1504427)
This commit is contained in:
parent
79816c5293
commit
6eb88b1784
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,3 +1,5 @@
|
||||
/pypy3-2.4.0-src.tar.bz2
|
||||
/pypy3.3-v5.2.0-alpha1-src.tar.bz2
|
||||
/pypy3.3-v5.5.0-alpha-src.tar.bz2
|
||||
/pypy3-v5.7.0-src.tar.bz2
|
||||
/pypy3-v5.9.0-src.tar.bz2
|
||||
|
@ -1,35 +0,0 @@
|
||||
From 4c0f6a6fe6c71009ab4a6b3716e70af021e04904 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
|
||||
Date: Sat, 2 Jul 2016 20:18:12 +0200
|
||||
Subject: [PATCH] Raise an error when STARTTLS fails
|
||||
|
||||
CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||
rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
|
||||
rhbz#1351680: https://bugzilla.redhat.com/show_bug.cgi?id=1351680
|
||||
|
||||
Based on an upstream change by Benjamin Peterson <benjamin@python.org>
|
||||
- in changeset 101887:d590114c2394 3.4
|
||||
- https://hg.python.org/cpython/rev/d590114c2394
|
||||
---
|
||||
lib-python/3/smtplib.py | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/lib-python/3/smtplib.py b/lib-python/3/smtplib.py
|
||||
index 57f181b..5656cc6 100755
|
||||
--- a/lib-python/3/smtplib.py
|
||||
+++ b/lib-python/3/smtplib.py
|
||||
@@ -680,6 +680,11 @@ class SMTP:
|
||||
self.ehlo_resp = None
|
||||
self.esmtp_features = {}
|
||||
self.does_esmtp = 0
|
||||
+ else:
|
||||
+ # RFC 3207:
|
||||
+ # 501 Syntax error (no parameters allowed)
|
||||
+ # 454 TLS not available due to temporary reason
|
||||
+ raise SMTPResponseException(resp, reply)
|
||||
return (resp, reply)
|
||||
|
||||
def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
|
||||
--
|
||||
2.9.0
|
||||
|
@ -1,163 +0,0 @@
|
||||
From 9a8db191cf8a3557a24e91081bf434d581b98c5a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
|
||||
Date: Sat, 2 Jul 2016 20:20:58 +0200
|
||||
Subject: [PATCH] Disabled HTTP header injections in http.client.
|
||||
|
||||
CVE-2016-5699 python: http protocol steam injection attack
|
||||
rhbz#1303699: https://bugzilla.redhat.com/show_bug.cgi?id=1303699
|
||||
rhbz#1351687: https://bugzilla.redhat.com/show_bug.cgi?id=1351687
|
||||
|
||||
Based on an upstream change by Demian Brecht and Serhiy Storchaka
|
||||
- in changeset 94952:bf3e1c9b80e9 3.4
|
||||
- https://hg.python.org/cpython/rev/bf3e1c9b80e9
|
||||
---
|
||||
lib-python/3/http/client.py | 37 +++++++++++++++++++++++++
|
||||
lib-python/3/test/test_httplib.py | 57 +++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 94 insertions(+)
|
||||
|
||||
diff --git a/lib-python/3/http/client.py b/lib-python/3/http/client.py
|
||||
index e05c84d..476d6c8 100644
|
||||
--- a/lib-python/3/http/client.py
|
||||
+++ b/lib-python/3/http/client.py
|
||||
@@ -70,6 +70,7 @@ import email.parser
|
||||
import email.message
|
||||
import io
|
||||
import os
|
||||
+import re
|
||||
import socket
|
||||
import collections
|
||||
from urllib.parse import urlsplit
|
||||
@@ -217,6 +218,34 @@ _MAXLINE = 65536
|
||||
_MAXHEADERS = 100
|
||||
|
||||
|
||||
+# Header name/value ABNF (http://tools.ietf.org/html/rfc7230#section-3.2)
|
||||
+#
|
||||
+# VCHAR = %x21-7E
|
||||
+# obs-text = %x80-FF
|
||||
+# header-field = field-name ":" OWS field-value OWS
|
||||
+# field-name = token
|
||||
+# field-value = *( field-content / obs-fold )
|
||||
+# field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
|
||||
+# field-vchar = VCHAR / obs-text
|
||||
+#
|
||||
+# obs-fold = CRLF 1*( SP / HTAB )
|
||||
+# ; obsolete line folding
|
||||
+# ; see Section 3.2.4
|
||||
+
|
||||
+# token = 1*tchar
|
||||
+#
|
||||
+# tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
|
||||
+# / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
|
||||
+# / DIGIT / ALPHA
|
||||
+# ; any VCHAR, except delimiters
|
||||
+#
|
||||
+# VCHAR defined in http://tools.ietf.org/html/rfc5234#appendix-B.1
|
||||
+
|
||||
+# the patterns for both name and value are more leniant than RFC
|
||||
+# definitions to allow for backwards compatibility
|
||||
+_is_legal_header_name = re.compile(b'^[^:\s][^:\r\n]*$').match
|
||||
+_is_illegal_header_value = re.compile(b'\n(?![ \t])|\r(?![ \t\n])').search
|
||||
+
|
||||
class HTTPMessage(email.message.Message):
|
||||
# XXX The only usage of this method is in
|
||||
# http.server.CGIHTTPRequestHandler. Maybe move the code there so
|
||||
@@ -1035,12 +1064,20 @@ class HTTPConnection:
|
||||
|
||||
if hasattr(header, 'encode'):
|
||||
header = header.encode('ascii')
|
||||
+
|
||||
+ if not _is_legal_header_name(header):
|
||||
+ raise ValueError('Invalid header name %r' % (header,))
|
||||
+
|
||||
values = list(values)
|
||||
for i, one_value in enumerate(values):
|
||||
if hasattr(one_value, 'encode'):
|
||||
values[i] = one_value.encode('latin-1')
|
||||
elif isinstance(one_value, int):
|
||||
values[i] = str(one_value).encode('ascii')
|
||||
+
|
||||
+ if _is_illegal_header_value(values[i]):
|
||||
+ raise ValueError('Invalid header value %r' % (values[i],))
|
||||
+
|
||||
value = b'\r\n\t'.join(values)
|
||||
header = header + b': ' + value
|
||||
self._output(header)
|
||||
diff --git a/lib-python/3/test/test_httplib.py b/lib-python/3/test/test_httplib.py
|
||||
index c8ded92..fd71bea 100644
|
||||
--- a/lib-python/3/test/test_httplib.py
|
||||
+++ b/lib-python/3/test/test_httplib.py
|
||||
@@ -134,6 +134,33 @@ class HeaderTests(TestCase):
|
||||
conn.putheader('Content-length', 42)
|
||||
self.assertIn(b'Content-length: 42', conn._buffer)
|
||||
|
||||
+ conn.putheader('Foo', ' bar ')
|
||||
+ self.assertIn(b'Foo: bar ', conn._buffer)
|
||||
+ conn.putheader('Bar', '\tbaz\t')
|
||||
+ self.assertIn(b'Bar: \tbaz\t', conn._buffer)
|
||||
+ conn.putheader('Authorization', 'Bearer mytoken')
|
||||
+ self.assertIn(b'Authorization: Bearer mytoken', conn._buffer)
|
||||
+ conn.putheader('IterHeader', 'IterA', 'IterB')
|
||||
+ self.assertIn(b'IterHeader: IterA\r\n\tIterB', conn._buffer)
|
||||
+ conn.putheader('LatinHeader', b'\xFF')
|
||||
+ self.assertIn(b'LatinHeader: \xFF', conn._buffer)
|
||||
+ conn.putheader('Utf8Header', b'\xc3\x80')
|
||||
+ self.assertIn(b'Utf8Header: \xc3\x80', conn._buffer)
|
||||
+ conn.putheader('C1-Control', b'next\x85line')
|
||||
+ self.assertIn(b'C1-Control: next\x85line', conn._buffer)
|
||||
+ conn.putheader('Embedded-Fold-Space', 'is\r\n allowed')
|
||||
+ self.assertIn(b'Embedded-Fold-Space: is\r\n allowed', conn._buffer)
|
||||
+ conn.putheader('Embedded-Fold-Tab', 'is\r\n\tallowed')
|
||||
+ self.assertIn(b'Embedded-Fold-Tab: is\r\n\tallowed', conn._buffer)
|
||||
+ conn.putheader('Key Space', 'value')
|
||||
+ self.assertIn(b'Key Space: value', conn._buffer)
|
||||
+ conn.putheader('KeySpace ', 'value')
|
||||
+ self.assertIn(b'KeySpace : value', conn._buffer)
|
||||
+ conn.putheader(b'Nonbreak\xa0Space', 'value')
|
||||
+ self.assertIn(b'Nonbreak\xa0Space: value', conn._buffer)
|
||||
+ conn.putheader(b'\xa0NonbreakSpace', 'value')
|
||||
+ self.assertIn(b'\xa0NonbreakSpace: value', conn._buffer)
|
||||
+
|
||||
def test_ipv6host_header(self):
|
||||
# Default host header on IPv6 transaction should wrapped by [] if
|
||||
# its actual IPv6 address
|
||||
@@ -153,6 +180,36 @@ class HeaderTests(TestCase):
|
||||
conn.request('GET', '/foo')
|
||||
self.assertTrue(sock.data.startswith(expected))
|
||||
|
||||
+ def test_invalid_headers(self):
|
||||
+ conn = client.HTTPConnection('example.com')
|
||||
+ conn.sock = FakeSocket('')
|
||||
+ conn.putrequest('GET', '/')
|
||||
+
|
||||
+ # http://tools.ietf.org/html/rfc7230#section-3.2.4, whitespace is no
|
||||
+ # longer allowed in header names
|
||||
+ cases = (
|
||||
+ (b'Invalid\r\nName', b'ValidValue'),
|
||||
+ (b'Invalid\rName', b'ValidValue'),
|
||||
+ (b'Invalid\nName', b'ValidValue'),
|
||||
+ (b'\r\nInvalidName', b'ValidValue'),
|
||||
+ (b'\rInvalidName', b'ValidValue'),
|
||||
+ (b'\nInvalidName', b'ValidValue'),
|
||||
+ (b' InvalidName', b'ValidValue'),
|
||||
+ (b'\tInvalidName', b'ValidValue'),
|
||||
+ (b'Invalid:Name', b'ValidValue'),
|
||||
+ (b':InvalidName', b'ValidValue'),
|
||||
+ (b'ValidName', b'Invalid\r\nValue'),
|
||||
+ (b'ValidName', b'Invalid\rValue'),
|
||||
+ (b'ValidName', b'Invalid\nValue'),
|
||||
+ (b'ValidName', b'InvalidValue\r\n'),
|
||||
+ (b'ValidName', b'InvalidValue\r'),
|
||||
+ (b'ValidName', b'InvalidValue\n'),
|
||||
+ )
|
||||
+ for name, value in cases:
|
||||
+ with self.subTest((name, value)):
|
||||
+ with self.assertRaisesRegex(ValueError, 'Invalid header'):
|
||||
+ conn.putheader(name, value)
|
||||
+
|
||||
|
||||
class BasicTest(TestCase):
|
||||
def test_status_lines(self):
|
||||
--
|
||||
2.9.0
|
||||
|
@ -1,30 +1,37 @@
|
||||
diff --git pypy3-v5.5.0-src/lib-python/3/test/regrtest.py pypy3-v5.5.0-src/lib-python/3/test/regrtest.py-new
|
||||
index 8d18a9297a..e99322ebe1 100755
|
||||
--- pypy3-v5.5.0-src/lib-python/3/test/regrtest.py
|
||||
+++ pypy3-v5.5.0-src/lib-python/3/test/regrtest.py-new
|
||||
@@ -169,7 +169,6 @@ option '-uall,-gui'.
|
||||
import importlib
|
||||
commit ea4d6a12548eea7ce0424feea13a499fb7085e96
|
||||
Author: rpm-build <rpm-build>
|
||||
Date: Wed Mar 29 04:31:55 2017 +0200
|
||||
|
||||
011-no-faulthandler.patch
|
||||
|
||||
diff --git a/lib-python/3/test/regrtest.py b/lib-python/3/test/regrtest.py
|
||||
index c1d85f6..3d3072c 100755
|
||||
--- a/lib-python/3/test/regrtest.py
|
||||
+++ b/lib-python/3/test/regrtest.py
|
||||
@@ -124,7 +124,6 @@ import importlib
|
||||
|
||||
import argparse
|
||||
import builtins
|
||||
-import faulthandler
|
||||
import getopt
|
||||
import io
|
||||
import json
|
||||
@@ -197,6 +196,10 @@ try:
|
||||
import multiprocessing.process
|
||||
import locale
|
||||
@@ -152,7 +151,10 @@ try:
|
||||
import _multiprocessing, multiprocessing.process
|
||||
except ImportError:
|
||||
multiprocessing = None
|
||||
-
|
||||
+try:
|
||||
+ import faulthandler
|
||||
+except ImportError:
|
||||
+ faulthandler = None
|
||||
|
||||
|
||||
# Some times __path__ and __file__ are not absolute (e.g. while running from
|
||||
@@ -283,17 +286,18 @@ def main(tests=None, testdir=None, verbose=0, quiet=False,
|
||||
# Lib/) and, if we change the CWD to run the tests in a temporary dir, some
|
||||
@@ -486,17 +488,18 @@ def main(tests=None, **kwargs):
|
||||
directly to set the values that would normally be set by flags
|
||||
on the command line.
|
||||
"""
|
||||
|
||||
- # Display the Python traceback on fatal errors (e.g. segfault)
|
||||
- faulthandler.enable(all_threads=True)
|
||||
-
|
||||
@ -51,3 +58,37 @@ index 8d18a9297a..e99322ebe1 100755
|
||||
|
||||
replace_stdout()
|
||||
|
||||
diff --git a/lib-python/3/test/support/__init__.py b/lib-python/3/test/support/__init__.py
|
||||
index 5d7f308..4424637 100644
|
||||
--- a/lib-python/3/test/support/__init__.py
|
||||
+++ b/lib-python/3/test/support/__init__.py
|
||||
@@ -6,7 +6,6 @@ if __name__ != 'test.support':
|
||||
import collections.abc
|
||||
import contextlib
|
||||
import errno
|
||||
-import faulthandler
|
||||
import fnmatch
|
||||
import functools
|
||||
import gc
|
||||
@@ -65,6 +64,11 @@ try:
|
||||
except ImportError:
|
||||
resource = None
|
||||
|
||||
+try:
|
||||
+ import faulthandler
|
||||
+except ImportError:
|
||||
+ faulthandler = None
|
||||
+
|
||||
__all__ = [
|
||||
# globals
|
||||
"PIPE_MAX_SIZE", "verbose", "max_memuse", "use_resources", "failfast",
|
||||
@@ -2060,7 +2064,8 @@ def start_threads(threads, unlock=None):
|
||||
finally:
|
||||
started = [t for t in started if t.isAlive()]
|
||||
if started:
|
||||
- faulthandler.dump_traceback(sys.stdout)
|
||||
+ if faulthandler is not None:
|
||||
+ faulthandler.dump_traceback(sys.stdout)
|
||||
raise AssertionError('Unable to join %d threads' % len(started))
|
||||
|
||||
@contextlib.contextmanager
|
||||
|
50
pypy3.spec
50
pypy3.spec
@ -1,6 +1,7 @@
|
||||
Name: pypy3
|
||||
Version: 5.5.0
|
||||
Release: 6%{?dist}
|
||||
Version: 5.9.0
|
||||
%global pyversion 3.5
|
||||
Release: 1%{?dist}
|
||||
Summary: Python 3 implementation with a Just-In-Time compiler
|
||||
|
||||
# LGPL and another free license we'd need to ask spot about are present in some
|
||||
@ -131,7 +132,7 @@ ExcludeArch: aarch64
|
||||
%(echo '%{__os_install_post}' | sed -e 's!/usr/lib[^[:space:]]*/brp-python-bytecompile[[:space:]].*$!!g')
|
||||
|
||||
# Source and patches:
|
||||
Source0: https://bitbucket.org/pypy/pypy/downloads/pypy3.3-v%{version}-alpha-src.tar.bz2
|
||||
Source0: https://bitbucket.org/pypy/pypy/downloads/pypy3-v%{version}-src.tar.bz2
|
||||
|
||||
# Supply various useful RPM macros for building python modules against pypy:
|
||||
# __pypy, pypy_sitelib, pypy_sitearch
|
||||
@ -141,36 +142,21 @@ Source2: macros.pypy3
|
||||
# set to indicate progress.
|
||||
# This obscures useful messages, and may waste CPU cycles, so suppress it, and
|
||||
# merely render dots:
|
||||
Patch0: 001-nevertty.patch
|
||||
Patch1: 001-nevertty.patch
|
||||
|
||||
# Patch pypy.translator.platform so that stdout from "make" etc gets logged,
|
||||
# rather than just stderr, so that the command-line invocations of the compiler
|
||||
# and linker are captured:
|
||||
Patch1: 006-always-log-stdout.patch
|
||||
Patch6: 006-always-log-stdout.patch
|
||||
|
||||
# Disable the printing of a quote from IRC on startup (these are stored in
|
||||
# ROT13 form in lib_pypy/_pypy_irc_topic.py). Some are cute, but some could
|
||||
# cause confusion for end-users (and many are in-jokes within the PyPy
|
||||
# community that won't make sense outside of it). [Sorry to be a killjoy]
|
||||
Patch2: 007-remove-startup-message.patch
|
||||
|
||||
|
||||
# CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||
# rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
|
||||
# rhbz#1351680: https://bugzilla.redhat.com/show_bug.cgi?id=1351680
|
||||
# FIXED UPSTREAM: https://hg.python.org/cpython/rev/d590114c2394
|
||||
# Raise an error when STARTTLS fails
|
||||
Patch4: 009-raise-an-error-when-STARTTLS-fails.patch
|
||||
|
||||
# CVE-2016-5699 python: http protocol steam injection attack
|
||||
# rhbz#1303699: https://bugzilla.redhat.com/show_bug.cgi?id=1303699
|
||||
# rhbz#1351687: https://bugzilla.redhat.com/show_bug.cgi?id=1351687
|
||||
# FIXED UPSTREAM: https://hg.python.org/cpython/rev/bf3e1c9b80e9
|
||||
# Disabled HTTP header injections in http.client
|
||||
Patch5: 010-disabled-HTTP-header-injections-in-http.client.patch
|
||||
Patch7: 007-remove-startup-message.patch
|
||||
|
||||
# It seems ppc64 has no faulthandler
|
||||
Patch6: 011-no-faulthandler.patch
|
||||
Patch11: 011-no-faulthandler.patch
|
||||
|
||||
# Build-time requirements:
|
||||
|
||||
@ -186,12 +172,14 @@ Patch6: 011-no-faulthandler.patch
|
||||
%if 0%{use_self_when_building}
|
||||
# pypy3 can only be build with pypy2
|
||||
BuildRequires: pypy
|
||||
# no pypy-pycparser available ATM
|
||||
%global bootstrap_python_interp pypy
|
||||
%else
|
||||
|
||||
|
||||
# pypy3 can only be build with python2
|
||||
BuildRequires: python2-devel
|
||||
BuildRequires: python-pycparser
|
||||
%global bootstrap_python_interp python
|
||||
|
||||
%endif
|
||||
@ -523,8 +511,9 @@ find \
|
||||
|
||||
mkdir -p %{buildroot}/%{pypyprefix}/site-packages
|
||||
|
||||
ln -s %{pypyprefix}/bin/pypy3.3 %{buildroot}/%{_bindir}/pypy3.3
|
||||
ln -s pypy3.3 %{buildroot}/%{_bindir}/pypy3
|
||||
ln -s ./pypy3 %{buildroot}%{pypyprefix}/bin/pypy%{pyversion}
|
||||
ln -s %{pypyprefix}/bin/pypy%{pyversion} %{buildroot}%{_bindir}/pypy%{pyversion}
|
||||
ln -s pypy%{pyversion} %{buildroot}%{_bindir}/pypy3
|
||||
|
||||
# pypy uses .pyc files by default (--objspace-usepycfiles), but has a slightly
|
||||
# different bytecode format to CPython. It doesn't use .pyo files: the -O flag
|
||||
@ -790,10 +779,10 @@ CheckPyPy() {
|
||||
#pypy/goal/pypy pypy/test_all.py --resultlog=pypyjit_new.log
|
||||
|
||||
%if %{run_selftests}
|
||||
CheckPyPy pypy-c
|
||||
CheckPyPy %{name}-c
|
||||
|
||||
%if 0%{with_stackless}
|
||||
CheckPyPy pypy3-stackless
|
||||
CheckPyPy %{name}-stackless
|
||||
%endif
|
||||
|
||||
%endif # run_selftests
|
||||
@ -821,7 +810,7 @@ CheckPyPy pypy3-stackless
|
||||
%license LICENSE
|
||||
%doc README.rst
|
||||
%{_bindir}/pypy3
|
||||
%{_bindir}/pypy3.3
|
||||
%{_bindir}/pypy%{pyversion}
|
||||
%{pypyprefix}/bin/
|
||||
|
||||
%exclude %{_libdir}/%{name}-%{version}.tar.bz2
|
||||
@ -840,6 +829,13 @@ CheckPyPy pypy3-stackless
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Oct 20 2017 Miro Hrončok <mhroncok@redhat.com> - 5.9.0-1
|
||||
- Update to 5.9 (#1504427)
|
||||
- Remove merged patches
|
||||
- Reindex the patches to match the filenames
|
||||
- Rebase the faulthandler Patch11
|
||||
- BR python-pycparser
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.5.0-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user