rpms
/
python2
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to Python 2.7.13 

Refactored patches: 10, 102 112, 167, 180, 191

Dropped patches: 184, 200, 209, 242, 247
This commit is contained in:
Charalampos Stratakis 2017-01-11 20:20:31 +01:00
parent 09c5a2e117
commit 202761631b
13 changed files with 106 additions and 1343 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
00010-2.7.12-binutils-no-dep.patch
View File

@ -1,15 +0,0 @@
diff --git a/Lib/ctypes/util.py b/Lib/ctypes/util.py
index b2c514d..d92af0c 100644
--- a/Lib/ctypes/util.py
+++ b/Lib/ctypes/util.py
@@ -139,7 +139,9 @@ elif os.name == "posix":
finally:
rv = f.close()
if rv == 10:
- raise OSError, 'objdump command not found'
+ return os.path.basename(f) # This is good for GLibc, I think,
+ # and a dep on binutils is big (for
+ # live CDs).
res = re.search(r'\sSONAME\s+([^\s]+)', dump)
if not res:
return None

21
00010-2.7.13-binutils-no-dep.patch Normal file
View File

@ -0,0 +1,21 @@
diff --git a/Lib/ctypes/util.py b/Lib/ctypes/util.py
index ab10ec5..923d1b7 100644
--- a/Lib/ctypes/util.py
+++ b/Lib/ctypes/util.py
@@ -140,11 +140,15 @@ elif os.name == "posix":
# assuming GNU binutils / ELF
if not f:
return None
- cmd = 'if ! type objdump >/dev/null 2>&1; then exit; fi;' \
+ cmd = 'if ! type objdump >/dev/null 2>&1; then exit 10; fi;' \
'objdump -p -j .dynamic 2>/dev/null "$1"'
proc = subprocess.Popen((cmd, '_get_soname', f), shell=True,
stdout=subprocess.PIPE)
[dump, _] = proc.communicate()
+ if proc.returncode == 10:
+ return os.path.basename(f) # This is good for GLibc, I think,
+ # and a dep on binutils is big (for
+ # live CDs).
res = re.search(br'\sSONAME\s+([^\s]+)', dump)
if not res:
return None

24
00102-2.7.12-lib64.patch → 00102-2.7.13-lib64.patch
View File

@ -38,7 +38,7 @@ index 068d1ba..3e7f077 100644
return libpython
else:
diff --git a/Lib/site.py b/Lib/site.py
index e8433b4..e8e6b50 100644
index c360802..868b7cb 100644
--- a/Lib/site.py
+++ b/Lib/site.py
@@ -288,12 +288,16 @@ def getsitepackages():
@ -56,16 +56,16 @@ index e8433b4..e8e6b50 100644
sitepackages.append(prefix)
+ sitepackages.append(os.path.join(prefix, "lib64", "site-packages"))
sitepackages.append(os.path.join(prefix, "lib", "site-packages"))
if sys.platform == "darwin":
# for framework builds *only* we add the standard Apple
return sitepackages
diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py
index 78c4809..3b9e74d 100644
index d9a9324..e411e5c 100644
--- a/Lib/test/test_site.py
+++ b/Lib/test/test_site.py
@@ -246,17 +246,20 @@ class HelperFunctionsTests(unittest.TestCase):
self.assertEqual(dirs[2], wanted)
@@ -235,17 +235,20 @@ class HelperFunctionsTests(unittest.TestCase):
self.assertEqual(dirs[0], wanted)
elif os.sep == '/':
# OS X non-framwework builds, Linux, FreeBSD, etc
# OS X, Linux, FreeBSD, etc
- self.assertEqual(len(dirs), 2)
- wanted = os.path.join('xoxo', 'lib', 'python' + sys.version[:3],
+ self.assertEqual(len(dirs), 3)
@ -88,7 +88,7 @@ index 78c4809..3b9e74d 100644
class PthFile(object):
diff --git a/Makefile.pre.in b/Makefile.pre.in
index 5741a4c..0faa5c5 100644
index adae76b..ecb27f3 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -111,7 +111,7 @@ LIBDIR= @libdir@
@ -101,7 +101,7 @@ index 5741a4c..0faa5c5 100644
# Detailed destination directories
BINLIBDEST= $(LIBDIR)/python$(VERSION)
diff --git a/Modules/Setup.dist b/Modules/Setup.dist
index c70a0d6..051fd41 100644
index fbfa1c1..138fb33 100644
--- a/Modules/Setup.dist
+++ b/Modules/Setup.dist
@@ -416,7 +416,7 @@ gdbm gdbmmodule.c -lgdbm
@ -123,7 +123,7 @@ index c70a0d6..051fd41 100644
# Interface to the Expat XML parser
#
diff --git a/Modules/getpath.c b/Modules/getpath.c
index 428684c..9ef6711 100644
index fd33a01..c5c86fd 100644
--- a/Modules/getpath.c
+++ b/Modules/getpath.c
@@ -108,7 +108,7 @@ static char prefix[MAXPATHLEN+1];
@ -135,7 +135,7 @@ index 428684c..9ef6711 100644
static void
reduce(char *dir)
@@ -550,7 +550,7 @@ calculate_path(void)
@@ -548,7 +548,7 @@ calculate_path(void)
fprintf(stderr,
"Could not find platform dependent libraries <exec_prefix>\n");
strncpy(exec_prefix, EXEC_PREFIX, MAXPATHLEN);
@ -145,7 +145,7 @@ index 428684c..9ef6711 100644
/* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */
diff --git a/setup.py b/setup.py
index 55c4f5d..19efe82 100644
index 99ac359..859b6c4 100644
--- a/setup.py
+++ b/setup.py
@@ -456,7 +456,7 @@ class PyBuildExt(build_ext):

65
00112-2.7.12-debug-build.patch → 00112-2.7.13-debug-build.patch
View File

@ -1,8 +1,28 @@
From 898f93aa206e577dfe854c59bc62d0cea09cd5ed Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Tue, 10 Jan 2017 16:19:50 +0100
Subject: [PATCH] Patch to support building both optimized vs debug stacks DSO
ABIs,
sharing the same .py and .pyc files, using "_d.so" to signify a debug build of
an extension module.
---
Lib/distutils/command/build_ext.py | 7 ++++-
Lib/distutils/sysconfig.py | 5 ++--
Lib/distutils/tests/test_install.py | 3 +-
Makefile.pre.in | 56 ++++++++++++++++++++-----------------
Misc/python-config.in | 2 +-
Modules/makesetup | 2 +-
Python/dynload_shlib.c | 11 ++++++--
Python/sysmodule.c | 6 ++++
configure.ac | 14 ++++++++--
9 files changed, 69 insertions(+), 37 deletions(-)
diff --git a/Lib/distutils/command/build_ext.py b/Lib/distutils/command/build_ext.py
index 3a49454..07fd2ae 100644
index 2c68be3..029d144 100644
--- a/Lib/distutils/command/build_ext.py
+++ b/Lib/distutils/command/build_ext.py
@@ -676,7 +676,10 @@ class build_ext (Command):
@@ -677,7 +677,10 @@ class build_ext (Command):
so_ext = get_config_var('SO')
if os.name == 'nt' and self.debug:
return os.path.join(*ext_path) + '_d' + so_ext
@ -14,7 +34,7 @@ index 3a49454..07fd2ae 100644
def get_export_symbols (self, ext):
"""Return the list of symbols that a shared extension has to
@@ -761,6 +764,8 @@ class build_ext (Command):
@@ -762,6 +765,8 @@ class build_ext (Command):
template = "python%d.%d"
pythonlib = (template %
(sys.hexversion >> 24, (sys.hexversion >> 16) & 0xff))
@ -24,7 +44,7 @@ index 3a49454..07fd2ae 100644
else:
return ext.libraries
diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py
index 068d1ba..031f809 100644
index 3e7f077..ec5d584 100644
--- a/Lib/distutils/sysconfig.py
+++ b/Lib/distutils/sysconfig.py
@@ -90,7 +90,8 @@ def get_python_inc(plat_specific=0, prefix=None):
@ -37,7 +57,7 @@ index 068d1ba..031f809 100644
elif os.name == "nt":
return os.path.join(prefix, "include")
elif os.name == "os2":
@@ -244,7 +245,7 @@ def get_makefile_filename():
@@ -248,7 +249,7 @@ def get_makefile_filename():
if python_build:
return os.path.join(project_base, "Makefile")
lib_dir = get_python_lib(plat_specific=1, standard_lib=1)
@ -62,10 +82,10 @@ index 78fac46..d1d0931 100644
diff --git a/Makefile.pre.in b/Makefile.pre.in
index 5741a4c..d13ba40 100644
index 997a2fc..467e782 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -116,8 +116,8 @@ SCRIPTDIR= $(prefix)/lib
@@ -116,8 +116,8 @@ SCRIPTDIR= $(prefix)/lib64
# Detailed destination directories
BINLIBDEST= $(LIBDIR)/python$(VERSION)
LIBDEST= $(SCRIPTDIR)/python$(VERSION)
@ -98,9 +118,9 @@ index 5741a4c..d13ba40 100644
+PYTHON= python$(DEBUG_SUFFIX)$(EXE)
+BUILDPYTHON= python$(DEBUG_SUFFIX)$(BUILDEXE)
cross_compiling=@cross_compiling@
PYTHON_FOR_BUILD=@PYTHON_FOR_BUILD@
@@ -549,7 +555,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o
_PYTHON_HOST_PLATFORM=@_PYTHON_HOST_PLATFORM@
@@ -547,7 +553,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
$(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build
@ -109,7 +129,7 @@ index 5741a4c..d13ba40 100644
if test $(INSTSONAME) != $(LDLIBRARY); then \
$(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \
$(LN) -f $(INSTSONAME) $@; \
@@ -979,18 +985,18 @@ bininstall: altbininstall
@@ -954,18 +960,18 @@ bininstall: altbininstall
then rm -f $(DESTDIR)$(BINDIR)/$(PYTHON); \
else true; \
fi
@ -139,7 +159,7 @@ index 5741a4c..d13ba40 100644
# Install the interpreter with $(VERSION) affixed
# This goes into $(exec_prefix)
@@ -1003,7 +1009,7 @@ altbininstall: $(BUILDPYTHON)
@@ -978,7 +984,7 @@ altbininstall: $(BUILDPYTHON)
else true; \
fi; \
done
@ -148,7 +168,7 @@ index 5741a4c..d13ba40 100644
if test -f $(LDLIBRARY); then \
if test -n "$(DLLLIBRARY)" ; then \
$(INSTALL_SHARED) $(DLLLIBRARY) $(DESTDIR)$(BINDIR); \
@@ -1173,10 +1179,11 @@ $(srcdir)/Lib/$(PLATDIR):
@@ -1148,10 +1154,11 @@ $(srcdir)/Lib/$(PLATDIR):
fi; \
cd $(srcdir)/Lib/$(PLATDIR); $(RUNSHARED) ./regen
@ -162,7 +182,7 @@ index 5741a4c..d13ba40 100644
# Install the include files
INCLDIRSTOMAKE=$(INCLUDEDIR) $(CONFINCLUDEDIR) $(INCLUDEPY) $(CONFINCLUDEPY)
@@ -1197,13 +1204,13 @@ inclinstall:
@@ -1172,13 +1179,13 @@ inclinstall:
$(INSTALL_DATA) pyconfig.h $(DESTDIR)$(CONFINCLUDEPY)/pyconfig.h
# Install the library and miscellaneous stuff needed for extending/embedding
@ -179,7 +199,7 @@ index 5741a4c..d13ba40 100644
@for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC); \
do \
if test ! -d $(DESTDIR)$$i; then \
@@ -1219,11 +1226,10 @@ libainstall: all python-config
@@ -1194,11 +1201,10 @@ libainstall: all python-config
$(INSTALL_DATA) Modules/Setup $(DESTDIR)$(LIBPL)/Setup
$(INSTALL_DATA) Modules/Setup.local $(DESTDIR)$(LIBPL)/Setup.local
$(INSTALL_DATA) Modules/Setup.config $(DESTDIR)$(LIBPL)/Setup.config
@ -207,7 +227,7 @@ index a09e07c..c1691ef 100644
libs += getvar('SYSLIBS').split()
# add the prefix/lib/pythonX.Y/config dir, but only if there is no
diff --git a/Modules/makesetup b/Modules/makesetup
index 8862c36..0d4ae4e 100755
index 1bffcbf..f0bc743 100755
--- a/Modules/makesetup
+++ b/Modules/makesetup
@@ -233,7 +233,7 @@ sed -e 's/[ ]*#.*//' -e '/^[ ]*$/d' |
@ -244,10 +264,10 @@ index 17ebab1..02a94aa 100644
};
diff --git a/Python/sysmodule.c b/Python/sysmodule.c
index 609578b..6ee9639 100644
index aeff38a..183e3cc 100644
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1577,6 +1577,12 @@ _PySys_Init(void)
@@ -1524,6 +1524,12 @@ _PySys_Init(void)
PyString_FromString("legacy"));
#endif
@ -261,10 +281,10 @@ index 609578b..6ee9639 100644
if (PyErr_Occurred())
return NULL;
diff --git a/configure.ac b/configure.ac
index cce1be7..acb496b 100644
index 0a902c7..5caedb7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -761,7 +761,7 @@ AC_SUBST(LIBRARY)
@@ -764,7 +764,7 @@ AC_SUBST(LIBRARY)
AC_MSG_CHECKING(LIBRARY)
if test -z "$LIBRARY"
then
@ -273,7 +293,7 @@ index cce1be7..acb496b 100644
fi
AC_MSG_RESULT($LIBRARY)
@@ -907,8 +907,8 @@ if test $enable_shared = "yes"; then
@@ -910,8 +910,8 @@ if test $enable_shared = "yes"; then
INSTSONAME="$LDLIBRARY".$SOVERSION
;;
Linux*|GNU*|NetBSD*|FreeBSD*|DragonFly*|OpenBSD*)
@ -284,7 +304,7 @@ index cce1be7..acb496b 100644
RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
case $ac_sys_system in
FreeBSD*)
@@ -1051,6 +1051,14 @@ else AC_MSG_RESULT(no); Py_DEBUG='false'
@@ -1040,6 +1040,14 @@ else AC_MSG_RESULT(no); Py_DEBUG='false'
fi],
[AC_MSG_RESULT(no)])
@ -299,3 +319,6 @@ index cce1be7..acb496b 100644
# XXX Shouldn't the code above that fiddles with BASECFLAGS and OPT be
# merged with this chunk of code?
--
2.11.0

20
00167-disable-stack-navigation-tests-when-optimized-in-test_gdb.patch
View File

@ -1,10 +1,12 @@
diff -up Python-2.7.3/Lib/test/test_gdb.py.disable-stack-navigation-tests-when-optimized-in-test_gdb Python-2.7.3/Lib/test/test_gdb.py
--- Python-2.7.3/Lib/test/test_gdb.py.disable-stack-navigation-tests-when-optimized-in-test_gdb 2013-02-20 12:27:05.669526425 -0500
+++ Python-2.7.3/Lib/test/test_gdb.py 2013-02-20 12:27:05.715526422 -0500
@@ -653,10 +653,10 @@ class PyListTests(DebuggerTests):
diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py
index 3354b34..10ba0e5 100644
--- a/Lib/test/test_gdb.py
+++ b/Lib/test/test_gdb.py
@@ -725,11 +725,10 @@ class PyListTests(DebuggerTests):
' 2 \n'
' 3 def foo(a, b, c):\n',
bt)
-
+@unittest.skipUnless(HAS_PYUP_PYDOWN, "test requires py-up/py-down commands")
+@unittest.skipIf(python_is_optimized(),
+ "Python was compiled with optimizations")
@ -15,7 +17,7 @@ diff -up Python-2.7.3/Lib/test/test_gdb.py.disable-stack-navigation-tests-when-o
def test_pyup_command(self):
'Verify that the "py-up" command works'
bt = self.get_stack_trace(script=self.get_sample_script(),
@@ -667,7 +667,6 @@ class StackNavigationTests(DebuggerTests
@@ -740,7 +739,6 @@ class StackNavigationTests(DebuggerTests):
baz\(a, b, c\)
$''')
@ -23,15 +25,17 @@ diff -up Python-2.7.3/Lib/test/test_gdb.py.disable-stack-navigation-tests-when-o
def test_down_at_bottom(self):
'Verify handling of "py-down" at the bottom of the stack'
bt = self.get_stack_trace(script=self.get_sample_script(),
@@ -675,7 +674,6 @@ $''')
@@ -748,9 +746,6 @@ $''')
self.assertEndsWith(bt,
'Unable to find a newer python frame\n')
- @unittest.skipUnless(HAS_PYUP_PYDOWN, "test requires py-up/py-down commands")
- @unittest.skipIf(python_is_optimized(),
- "Python was compiled with optimizations")
def test_up_at_top(self):
'Verify handling of "py-up" at the top of the stack'
bt = self.get_stack_trace(script=self.get_sample_script(),
@@ -683,9 +681,6 @@ $''')
@@ -758,9 +753,6 @@ $''')
self.assertEndsWith(bt,
'Unable to find an older python frame\n')

11
00180-python-add-support-for-ppc64p7.patch
View File

@ -1,12 +1,13 @@
diff -r de35eae9048a config.sub
--- a/config.sub Wed Apr 24 23:33:20 2013 +0200
+++ b/config.sub Thu Apr 25 08:51:00 2013 +0200
@@ -1008,7 +1008,7 @@
diff --git a/config.sub b/config.sub
index 3478c1f..e422173 100755
--- a/config.sub
+++ b/config.sub
@@ -1040,7 +1040,7 @@ case $basic_machine in
;;
ppc64) basic_machine=powerpc64-unknown
;;
- ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
ppc64le | powerpc64little)
basic_machine=powerpc64le-unknown

12
00184-ctypes-should-build-with-libffi-multilib-wrapper.patch
View File

@ -1,12 +0,0 @@
--- Python-3.3.2/setup.py.orig 2013-07-01 15:23:24.377711044 +0200
+++ Python-3.3.2/setup.py 2013-07-01 15:23:34.094676496 +0200
@@ -1882,7 +1882,8 @@
if not line:
ffi_inc = None
break
- if line.startswith('#define LIBFFI_H'):
+ if line.startswith('#define LIBFFI_H') or \
+ line.startswith('#define ffi_wrapper_h'):
break
ffi_lib = None
if ffi_inc is not None:

6
00191-disable-NOOP.patch
View File

@ -1,12 +1,12 @@
diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py
index 81806c9..e7881b9 100644
index 1bb6690..28ed25d 100644
--- a/Lib/test/test_smtplib.py
+++ b/Lib/test/test_smtplib.py
@@ -182,6 +182,7 @@ class DebuggingServerTests(unittest.TestCase):
smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=3)
smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=15)
smtp.quit()
+ @unittest._skipInRpmBuild("Does not work in network-free environment")
def testNOOP(self):
smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=3)
smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=15)
expected = (250, 'Ok')

11
00200-skip-thread-test.patch
View File

@ -1,11 +0,0 @@
diff -up Python-2.7.11/Lib/test/test_gdb.py.old Python-2.7.11/Lib/test/test_gdb.py
--- Python-2.7.11/Lib/test/test_gdb.py.old 2015-12-24 19:12:46.167487914 +0100
+++ Python-2.7.11/Lib/test/test_gdb.py 2015-12-24 19:13:48.833057910 +0100
@@ -801,6 +801,7 @@ Traceback \(most recent call first\):
foo\(1, 2, 3\)
''')
+ @unittest._skipInRpmBuild('this test fail within rpmbuild')
@unittest.skipUnless(thread,
"Python was compiled without thread support")
def test_threads(self):

18
00209-fix-test-pyexpat-failure.patch
View File

@ -1,18 +0,0 @@
diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py
index eba9058..2c8a164 100644
--- a/Lib/test/test_pyexpat.py
+++ b/Lib/test/test_pyexpat.py
@@ -610,11 +610,9 @@ class MalformedInputText(unittest.TestCase):
def test2(self):
xml = "<?xml version\xc2\x85='1.0'?>\r\n"
parser = expat.ParserCreate()
- try:
+ err_pattern = r'XML declaration not well-formed: line 1, column \d+'
+ with self.assertRaisesRegexp(expat.ExpatError, err_pattern):
parser.Parse(xml, True)
- self.fail()
- except expat.ExpatError as e:
- self.assertEqual(str(e), 'XML declaration not well-formed: line 1, column 14')
class ForeignDTDTests(unittest.TestCase):
"""

111
00242-CVE-2016-1000110-httpoxy.patch
View File

@ -1,111 +0,0 @@
# HG changeset patch
# User Senthil Kumaran <senthil@uthcode.com>
# Date 1469882993 25200
# Node ID ba915d561667fa0584ad89f8d5a844fd43803c0d
# Parent c8c1ea94379a7706638f1571988576d504d7fc98
Prevent HTTPoxy attack (CVE-2016-1000110)
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue reported and patch contributed by Rémi Rampin.
diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst
--- a/Doc/howto/urllib2.rst
+++ b/Doc/howto/urllib2.rst
@@ -525,6 +525,11 @@ setting up a `Basic Authentication`_ han
through a proxy. However, this can be enabled by extending urllib2 as
shown in the recipe [#]_.
+.. note::
+
+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; see
+ the documentation on :func:`~urllib.getproxies`.
+
Sockets and Layers
==================
diff --git a/Doc/library/urllib.rst b/Doc/library/urllib.rst
--- a/Doc/library/urllib.rst
+++ b/Doc/library/urllib.rst
@@ -295,6 +295,16 @@ Utility functions
If both lowercase and uppercase environment variables exist (and disagree),
lowercase is preferred.
+ .. note::
+
+ If the environment variable ``REQUEST_METHOD`` is set, which usually
+ indicates your script is running in a CGI environment, the environment
+ variable ``HTTP_PROXY`` (uppercase ``_PROXY``) will be ignored. This is
+ because that variable can be injected by a client using the "Proxy:"
+ HTTP header. If you need to use an HTTP proxy in a CGI environment,
+ either use ``ProxyHandler`` explicitly, or make sure the variable name
+ is in lowercase (or at least the ``_proxy`` suffix).
+
.. note::
urllib also exposes certain utility functions like splittype, splithost and
others parsing URL into various components. But it is recommended to use
diff --git a/Doc/library/urllib2.rst b/Doc/library/urllib2.rst
--- a/Doc/library/urllib2.rst
+++ b/Doc/library/urllib2.rst
@@ -229,6 +229,11 @@ The following classes are provided:
To disable autodetected proxy pass an empty dictionary.
+ .. note::
+
+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set;
+ see the documentation on :func:`~urllib.getproxies`.
+
.. class:: HTTPPasswordMgr()
diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -170,6 +170,18 @@ class ProxyTests(unittest.TestCase):
self.assertTrue(urllib.proxy_bypass_environment('anotherdomain.com:8888'))
self.assertTrue(urllib.proxy_bypass_environment('newdomain.com:1234'))
+ def test_proxy_cgi_ignore(self):
+ try:
+ self.env.set('HTTP_PROXY', 'http://somewhere:3128')
+ proxies = urllib.getproxies_environment()
+ self.assertEqual('http://somewhere:3128', proxies['http'])
+ self.env.set('REQUEST_METHOD', 'GET')
+ proxies = urllib.getproxies_environment()
+ self.assertNotIn('http', proxies)
+ finally:
+ self.env.unset('REQUEST_METHOD')
+ self.env.unset('HTTP_PROXY')
+
def test_proxy_bypass_environment_host_match(self):
bypass = urllib.proxy_bypass_environment
self.env.set('NO_PROXY',
diff --git a/Lib/urllib.py b/Lib/urllib.py
--- a/Lib/urllib.py
+++ b/Lib/urllib.py
@@ -1380,12 +1380,21 @@ def getproxies_environment():
If you need a different way, you can pass a proxies dictionary to the
[Fancy]URLopener constructor.
"""
+ # Get all variables
proxies = {}
for name, value in os.environ.items():
name = name.lower()
if value and name[-6:] == '_proxy':
proxies[name[:-6]] = value
+ # CVE-2016-1000110 - If we are running as CGI script, forget HTTP_PROXY
+ # (non-all-lowercase) as it may be set from the web server by a "Proxy:"
+ # header from the client
+ # If "proxy" is lowercase, it will still be used thanks to the next block
+ if 'REQUEST_METHOD' in os.environ:
+ proxies.pop('http', None)
+
+ # Get lowercase variables
for name, value in os.environ.items():
if name[-6:] == '_proxy':
name = name.lower()

1088
00247-port-ssl-and-hashlib-to-OpenSSL-1.1.0.patch
View File

File diff suppressed because it is too large Load Diff

47
python2.spec
View File

@ -102,8 +102,8 @@
Summary: An interpreted, interactive, object-oriented programming language
Name: %{python}
# Remember to also rebase python-docs when changing this:
Version: 2.7.12
Release: 9%{?dist}
Version: 2.7.13
Release: 1%{?dist}
License: Python
Group: Development/Languages
Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@ -310,7 +310,7 @@ Patch7: python-2.5.1-sqlite-encoding.patch
# SONAME from a library; we avoid this, apparently to minimize space
# requirements on the live CD:
# (rhbz:307221)
Patch10: 00010-2.7.12-binutils-no-dep.patch
Patch10: 00010-2.7.13-binutils-no-dep.patch
# Upstream as of Python 2.7.3:
# Patch11: python-2.7rc1-codec-ascii-tolower.patch
@ -343,7 +343,7 @@ Patch55: 00055-systemtap.patch
# and add the /usr/lib64/pythonMAJOR.MINOR/site-packages to sitedirs, in front of
# /usr/lib/pythonMAJOR.MINOR/site-packages
# Not upstream
Patch102: 00102-2.7.12-lib64.patch
Patch102: 00102-2.7.13-lib64.patch
# Python 2.7 split out much of the path-handling from distutils/sysconfig.py to
# a new sysconfig.py (in r77704).
@ -424,7 +424,7 @@ Patch111: 00111-no-static-lib.patch
#
# See also patch 130 below
#
Patch112: 00112-2.7.12-debug-build.patch
Patch112: 00112-2.7.13-debug-build.patch
# 00113 #
@ -702,14 +702,6 @@ Patch180: 00180-python-add-support-for-ppc64p7.patch
# Doesn't apply to Python 3, where this is fixed otherwise and works.
Patch181: 00181-allow-arbitrary-timeout-in-condition-wait.patch
# 00184 #
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=979696
# Fixes build of ctypes against libffi with multilib wrapper
# Python recognizes ffi.h only if it contains "#define LIBFFI_H",
# but the wrapper doesn't contain that, which makes the build fail
# We patch this by also accepting "#define ffi_wrapper_h"
Patch184: 00184-ctypes-should-build-with-libffi-multilib-wrapper.patch
# 00185 #
# Makes urllib2 honor "no_proxy" enviroment variable for "ftp:" URLs
# when ftp_proxy is set
@ -749,27 +741,6 @@ Patch198: 00198-add-rewheel-module.patch
# I skip test for now
Patch200: 00200-skip-thread-test.patch
# 00209 #
# Fix test breakage with version 2.2.0 of Expat
# rhbz#1353919: https://bugzilla.redhat.com/show_bug.cgi?id=1353919
# FIXED UPSTREAM: http://bugs.python.org/issue27369
Patch209: 00209-fix-test-pyexpat-failure.patch
# 00242 #
# HTTPoxy attack (CVE-2016-1000110)
# https://httpoxy.org/
# FIXED UPSTREAM: http://bugs.python.org/issue27568
# Based on a patch by Rémi Rampin
# Resolves: rhbz#1359175
Patch242: 00242-CVE-2016-1000110-httpoxy.patch
# 00247 #
# Port ssl and hashlib modules to OpenSSL 1.1.0.
# As of F26, OpenSSL is rebased to 1.1.0, so in order for python
# to not FTBFS we need to backport this patch from 2.7.13
# FIXED UPSTREAM: https://bugs.python.org/issue26470
Patch247: 00247-port-ssl-and-hashlib-to-OpenSSL-1.1.0.patch
# (New patches go here ^^^)
#
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1076,7 +1047,6 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
%patch174 -p1 -b .fix-for-usr-move
%patch180 -p1
%patch181 -p1
%patch184 -p1
%patch185 -p1
%patch187 -p1
%patch189 -p1
@ -1085,10 +1055,6 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
%if 0%{with_rewheel}
%patch198 -p1
%endif
%patch200 -p1
%patch209 -p1
%patch242 -p1
%patch247 -p1
# This shouldn't be necesarry, but is right now (2.2a3)
@ -1952,6 +1918,9 @@ rm -fr %{buildroot}
# ======================================================
%changelog
* Wed Jan 11 2017 Charalampos Stratakis <cstratak@redhat.com> - 2.7.13-1
- Update to 2.7.13
* Thu Oct 27 2016 Charalampos Stratakis <cstratak@redhat.com> - 2.7.12-9
- Rename package to python2 and also rename the subpackages accordingly
- Provide and obsolete python and the respective subpackages to ensure a clean