From 202761631bb1008780df41228ff774ffcc0717a8 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 11 Jan 2017 20:20:31 +0100 Subject: [PATCH] Update to Python 2.7.13 Refactored patches: 10, 102 112, 167, 180, 191 Dropped patches: 184, 200, 209, 242, 247 --- 00010-2.7.12-binutils-no-dep.patch | 15 - 00010-2.7.13-binutils-no-dep.patch | 21 + ...12-lib64.patch => 00102-2.7.13-lib64.patch | 24 +- ...ld.patch => 00112-2.7.13-debug-build.patch | 65 +- ...ion-tests-when-optimized-in-test_gdb.patch | 20 +- 00180-python-add-support-for-ppc64p7.patch | 11 +- ...d-build-with-libffi-multilib-wrapper.patch | 12 - 00191-disable-NOOP.patch | 6 +- 00200-skip-thread-test.patch | 11 - 00209-fix-test-pyexpat-failure.patch | 18 - 00242-CVE-2016-1000110-httpoxy.patch | 111 -- ...ort-ssl-and-hashlib-to-OpenSSL-1.1.0.patch | 1088 ----------------- python2.spec | 47 +- 13 files changed, 106 insertions(+), 1343 deletions(-) delete mode 100644 00010-2.7.12-binutils-no-dep.patch create mode 100644 00010-2.7.13-binutils-no-dep.patch rename 00102-2.7.12-lib64.patch => 00102-2.7.13-lib64.patch (93%) rename 00112-2.7.12-debug-build.patch => 00112-2.7.13-debug-build.patch (86%) delete mode 100644 00184-ctypes-should-build-with-libffi-multilib-wrapper.patch delete mode 100644 00200-skip-thread-test.patch delete mode 100644 00209-fix-test-pyexpat-failure.patch delete mode 100644 00242-CVE-2016-1000110-httpoxy.patch delete mode 100644 00247-port-ssl-and-hashlib-to-OpenSSL-1.1.0.patch diff --git a/00010-2.7.12-binutils-no-dep.patch b/00010-2.7.12-binutils-no-dep.patch deleted file mode 100644 index d74dbf9..0000000 --- a/00010-2.7.12-binutils-no-dep.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/Lib/ctypes/util.py b/Lib/ctypes/util.py -index b2c514d..d92af0c 100644 ---- a/Lib/ctypes/util.py -+++ b/Lib/ctypes/util.py -@@ -139,7 +139,9 @@ elif os.name == "posix": - finally: - rv = f.close() - if rv == 10: -- raise OSError, 'objdump command not found' -+ return os.path.basename(f) # This is good for GLibc, I think, -+ # and a dep on binutils is big (for -+ # live CDs). - res = re.search(r'\sSONAME\s+([^\s]+)', dump) - if not res: - return None diff --git a/00010-2.7.13-binutils-no-dep.patch b/00010-2.7.13-binutils-no-dep.patch new file mode 100644 index 0000000..d432623 --- /dev/null +++ b/00010-2.7.13-binutils-no-dep.patch @@ -0,0 +1,21 @@ +diff --git a/Lib/ctypes/util.py b/Lib/ctypes/util.py +index ab10ec5..923d1b7 100644 +--- a/Lib/ctypes/util.py ++++ b/Lib/ctypes/util.py +@@ -140,11 +140,15 @@ elif os.name == "posix": + # assuming GNU binutils / ELF + if not f: + return None +- cmd = 'if ! type objdump >/dev/null 2>&1; then exit; fi;' \ ++ cmd = 'if ! type objdump >/dev/null 2>&1; then exit 10; fi;' \ + 'objdump -p -j .dynamic 2>/dev/null "$1"' + proc = subprocess.Popen((cmd, '_get_soname', f), shell=True, + stdout=subprocess.PIPE) + [dump, _] = proc.communicate() ++ if proc.returncode == 10: ++ return os.path.basename(f) # This is good for GLibc, I think, ++ # and a dep on binutils is big (for ++ # live CDs). + res = re.search(br'\sSONAME\s+([^\s]+)', dump) + if not res: + return None diff --git a/00102-2.7.12-lib64.patch b/00102-2.7.13-lib64.patch similarity index 93% rename from 00102-2.7.12-lib64.patch rename to 00102-2.7.13-lib64.patch index 00c835c..5d20879 100644 --- a/00102-2.7.12-lib64.patch +++ b/00102-2.7.13-lib64.patch @@ -38,7 +38,7 @@ index 068d1ba..3e7f077 100644 return libpython else: diff --git a/Lib/site.py b/Lib/site.py -index e8433b4..e8e6b50 100644 +index c360802..868b7cb 100644 --- a/Lib/site.py +++ b/Lib/site.py @@ -288,12 +288,16 @@ def getsitepackages(): @@ -56,16 +56,16 @@ index e8433b4..e8e6b50 100644 sitepackages.append(prefix) + sitepackages.append(os.path.join(prefix, "lib64", "site-packages")) sitepackages.append(os.path.join(prefix, "lib", "site-packages")) - if sys.platform == "darwin": - # for framework builds *only* we add the standard Apple + return sitepackages + diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py -index 78c4809..3b9e74d 100644 +index d9a9324..e411e5c 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py -@@ -246,17 +246,20 @@ class HelperFunctionsTests(unittest.TestCase): - self.assertEqual(dirs[2], wanted) +@@ -235,17 +235,20 @@ class HelperFunctionsTests(unittest.TestCase): + self.assertEqual(dirs[0], wanted) elif os.sep == '/': - # OS X non-framwework builds, Linux, FreeBSD, etc + # OS X, Linux, FreeBSD, etc - self.assertEqual(len(dirs), 2) - wanted = os.path.join('xoxo', 'lib', 'python' + sys.version[:3], + self.assertEqual(len(dirs), 3) @@ -88,7 +88,7 @@ index 78c4809..3b9e74d 100644 class PthFile(object): diff --git a/Makefile.pre.in b/Makefile.pre.in -index 5741a4c..0faa5c5 100644 +index adae76b..ecb27f3 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -111,7 +111,7 @@ LIBDIR= @libdir@ @@ -101,7 +101,7 @@ index 5741a4c..0faa5c5 100644 # Detailed destination directories BINLIBDEST= $(LIBDIR)/python$(VERSION) diff --git a/Modules/Setup.dist b/Modules/Setup.dist -index c70a0d6..051fd41 100644 +index fbfa1c1..138fb33 100644 --- a/Modules/Setup.dist +++ b/Modules/Setup.dist @@ -416,7 +416,7 @@ gdbm gdbmmodule.c -lgdbm @@ -123,7 +123,7 @@ index c70a0d6..051fd41 100644 # Interface to the Expat XML parser # diff --git a/Modules/getpath.c b/Modules/getpath.c -index 428684c..9ef6711 100644 +index fd33a01..c5c86fd 100644 --- a/Modules/getpath.c +++ b/Modules/getpath.c @@ -108,7 +108,7 @@ static char prefix[MAXPATHLEN+1]; @@ -135,7 +135,7 @@ index 428684c..9ef6711 100644 static void reduce(char *dir) -@@ -550,7 +550,7 @@ calculate_path(void) +@@ -548,7 +548,7 @@ calculate_path(void) fprintf(stderr, "Could not find platform dependent libraries \n"); strncpy(exec_prefix, EXEC_PREFIX, MAXPATHLEN); @@ -145,7 +145,7 @@ index 428684c..9ef6711 100644 /* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */ diff --git a/setup.py b/setup.py -index 55c4f5d..19efe82 100644 +index 99ac359..859b6c4 100644 --- a/setup.py +++ b/setup.py @@ -456,7 +456,7 @@ class PyBuildExt(build_ext): diff --git a/00112-2.7.12-debug-build.patch b/00112-2.7.13-debug-build.patch similarity index 86% rename from 00112-2.7.12-debug-build.patch rename to 00112-2.7.13-debug-build.patch index df4c577..b7ba7ba 100644 --- a/00112-2.7.12-debug-build.patch +++ b/00112-2.7.13-debug-build.patch @@ -1,8 +1,28 @@ +From 898f93aa206e577dfe854c59bc62d0cea09cd5ed Mon Sep 17 00:00:00 2001 +From: Tomas Orsava +Date: Tue, 10 Jan 2017 16:19:50 +0100 +Subject: [PATCH] Patch to support building both optimized vs debug stacks DSO + ABIs, + +sharing the same .py and .pyc files, using "_d.so" to signify a debug build of +an extension module. +--- + Lib/distutils/command/build_ext.py | 7 ++++- + Lib/distutils/sysconfig.py | 5 ++-- + Lib/distutils/tests/test_install.py | 3 +- + Makefile.pre.in | 56 ++++++++++++++++++++----------------- + Misc/python-config.in | 2 +- + Modules/makesetup | 2 +- + Python/dynload_shlib.c | 11 ++++++-- + Python/sysmodule.c | 6 ++++ + configure.ac | 14 ++++++++-- + 9 files changed, 69 insertions(+), 37 deletions(-) + diff --git a/Lib/distutils/command/build_ext.py b/Lib/distutils/command/build_ext.py -index 3a49454..07fd2ae 100644 +index 2c68be3..029d144 100644 --- a/Lib/distutils/command/build_ext.py +++ b/Lib/distutils/command/build_ext.py -@@ -676,7 +676,10 @@ class build_ext (Command): +@@ -677,7 +677,10 @@ class build_ext (Command): so_ext = get_config_var('SO') if os.name == 'nt' and self.debug: return os.path.join(*ext_path) + '_d' + so_ext @@ -14,7 +34,7 @@ index 3a49454..07fd2ae 100644 def get_export_symbols (self, ext): """Return the list of symbols that a shared extension has to -@@ -761,6 +764,8 @@ class build_ext (Command): +@@ -762,6 +765,8 @@ class build_ext (Command): template = "python%d.%d" pythonlib = (template % (sys.hexversion >> 24, (sys.hexversion >> 16) & 0xff)) @@ -24,7 +44,7 @@ index 3a49454..07fd2ae 100644 else: return ext.libraries diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py -index 068d1ba..031f809 100644 +index 3e7f077..ec5d584 100644 --- a/Lib/distutils/sysconfig.py +++ b/Lib/distutils/sysconfig.py @@ -90,7 +90,8 @@ def get_python_inc(plat_specific=0, prefix=None): @@ -37,7 +57,7 @@ index 068d1ba..031f809 100644 elif os.name == "nt": return os.path.join(prefix, "include") elif os.name == "os2": -@@ -244,7 +245,7 @@ def get_makefile_filename(): +@@ -248,7 +249,7 @@ def get_makefile_filename(): if python_build: return os.path.join(project_base, "Makefile") lib_dir = get_python_lib(plat_specific=1, standard_lib=1) @@ -62,10 +82,10 @@ index 78fac46..d1d0931 100644 diff --git a/Makefile.pre.in b/Makefile.pre.in -index 5741a4c..d13ba40 100644 +index 997a2fc..467e782 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -116,8 +116,8 @@ SCRIPTDIR= $(prefix)/lib +@@ -116,8 +116,8 @@ SCRIPTDIR= $(prefix)/lib64 # Detailed destination directories BINLIBDEST= $(LIBDIR)/python$(VERSION) LIBDEST= $(SCRIPTDIR)/python$(VERSION) @@ -98,9 +118,9 @@ index 5741a4c..d13ba40 100644 +PYTHON= python$(DEBUG_SUFFIX)$(EXE) +BUILDPYTHON= python$(DEBUG_SUFFIX)$(BUILDEXE) - cross_compiling=@cross_compiling@ PYTHON_FOR_BUILD=@PYTHON_FOR_BUILD@ -@@ -549,7 +555,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o + _PYTHON_HOST_PLATFORM=@_PYTHON_HOST_PLATFORM@ +@@ -547,7 +553,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o _TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build @@ -109,7 +129,7 @@ index 5741a4c..d13ba40 100644 if test $(INSTSONAME) != $(LDLIBRARY); then \ $(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \ $(LN) -f $(INSTSONAME) $@; \ -@@ -979,18 +985,18 @@ bininstall: altbininstall +@@ -954,18 +960,18 @@ bininstall: altbininstall then rm -f $(DESTDIR)$(BINDIR)/$(PYTHON); \ else true; \ fi @@ -139,7 +159,7 @@ index 5741a4c..d13ba40 100644 # Install the interpreter with $(VERSION) affixed # This goes into $(exec_prefix) -@@ -1003,7 +1009,7 @@ altbininstall: $(BUILDPYTHON) +@@ -978,7 +984,7 @@ altbininstall: $(BUILDPYTHON) else true; \ fi; \ done @@ -148,7 +168,7 @@ index 5741a4c..d13ba40 100644 if test -f $(LDLIBRARY); then \ if test -n "$(DLLLIBRARY)" ; then \ $(INSTALL_SHARED) $(DLLLIBRARY) $(DESTDIR)$(BINDIR); \ -@@ -1173,10 +1179,11 @@ $(srcdir)/Lib/$(PLATDIR): +@@ -1148,10 +1154,11 @@ $(srcdir)/Lib/$(PLATDIR): fi; \ cd $(srcdir)/Lib/$(PLATDIR); $(RUNSHARED) ./regen @@ -162,7 +182,7 @@ index 5741a4c..d13ba40 100644 # Install the include files INCLDIRSTOMAKE=$(INCLUDEDIR) $(CONFINCLUDEDIR) $(INCLUDEPY) $(CONFINCLUDEPY) -@@ -1197,13 +1204,13 @@ inclinstall: +@@ -1172,13 +1179,13 @@ inclinstall: $(INSTALL_DATA) pyconfig.h $(DESTDIR)$(CONFINCLUDEPY)/pyconfig.h # Install the library and miscellaneous stuff needed for extending/embedding @@ -179,7 +199,7 @@ index 5741a4c..d13ba40 100644 @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC); \ do \ if test ! -d $(DESTDIR)$$i; then \ -@@ -1219,11 +1226,10 @@ libainstall: all python-config +@@ -1194,11 +1201,10 @@ libainstall: all python-config $(INSTALL_DATA) Modules/Setup $(DESTDIR)$(LIBPL)/Setup $(INSTALL_DATA) Modules/Setup.local $(DESTDIR)$(LIBPL)/Setup.local $(INSTALL_DATA) Modules/Setup.config $(DESTDIR)$(LIBPL)/Setup.config @@ -207,7 +227,7 @@ index a09e07c..c1691ef 100644 libs += getvar('SYSLIBS').split() # add the prefix/lib/pythonX.Y/config dir, but only if there is no diff --git a/Modules/makesetup b/Modules/makesetup -index 8862c36..0d4ae4e 100755 +index 1bffcbf..f0bc743 100755 --- a/Modules/makesetup +++ b/Modules/makesetup @@ -233,7 +233,7 @@ sed -e 's/[ ]*#.*//' -e '/^[ ]*$/d' | @@ -244,10 +264,10 @@ index 17ebab1..02a94aa 100644 }; diff --git a/Python/sysmodule.c b/Python/sysmodule.c -index 609578b..6ee9639 100644 +index aeff38a..183e3cc 100644 --- a/Python/sysmodule.c +++ b/Python/sysmodule.c -@@ -1577,6 +1577,12 @@ _PySys_Init(void) +@@ -1524,6 +1524,12 @@ _PySys_Init(void) PyString_FromString("legacy")); #endif @@ -261,10 +281,10 @@ index 609578b..6ee9639 100644 if (PyErr_Occurred()) return NULL; diff --git a/configure.ac b/configure.ac -index cce1be7..acb496b 100644 +index 0a902c7..5caedb7 100644 --- a/configure.ac +++ b/configure.ac -@@ -761,7 +761,7 @@ AC_SUBST(LIBRARY) +@@ -764,7 +764,7 @@ AC_SUBST(LIBRARY) AC_MSG_CHECKING(LIBRARY) if test -z "$LIBRARY" then @@ -273,7 +293,7 @@ index cce1be7..acb496b 100644 fi AC_MSG_RESULT($LIBRARY) -@@ -907,8 +907,8 @@ if test $enable_shared = "yes"; then +@@ -910,8 +910,8 @@ if test $enable_shared = "yes"; then INSTSONAME="$LDLIBRARY".$SOVERSION ;; Linux*|GNU*|NetBSD*|FreeBSD*|DragonFly*|OpenBSD*) @@ -284,7 +304,7 @@ index cce1be7..acb496b 100644 RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} case $ac_sys_system in FreeBSD*) -@@ -1051,6 +1051,14 @@ else AC_MSG_RESULT(no); Py_DEBUG='false' +@@ -1040,6 +1040,14 @@ else AC_MSG_RESULT(no); Py_DEBUG='false' fi], [AC_MSG_RESULT(no)]) @@ -299,3 +319,6 @@ index cce1be7..acb496b 100644 # XXX Shouldn't the code above that fiddles with BASECFLAGS and OPT be # merged with this chunk of code? +-- +2.11.0 + diff --git a/00167-disable-stack-navigation-tests-when-optimized-in-test_gdb.patch b/00167-disable-stack-navigation-tests-when-optimized-in-test_gdb.patch index 3fa94fb..9807883 100644 --- a/00167-disable-stack-navigation-tests-when-optimized-in-test_gdb.patch +++ b/00167-disable-stack-navigation-tests-when-optimized-in-test_gdb.patch @@ -1,10 +1,12 @@ -diff -up Python-2.7.3/Lib/test/test_gdb.py.disable-stack-navigation-tests-when-optimized-in-test_gdb Python-2.7.3/Lib/test/test_gdb.py ---- Python-2.7.3/Lib/test/test_gdb.py.disable-stack-navigation-tests-when-optimized-in-test_gdb 2013-02-20 12:27:05.669526425 -0500 -+++ Python-2.7.3/Lib/test/test_gdb.py 2013-02-20 12:27:05.715526422 -0500 -@@ -653,10 +653,10 @@ class PyListTests(DebuggerTests): +diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py +index 3354b34..10ba0e5 100644 +--- a/Lib/test/test_gdb.py ++++ b/Lib/test/test_gdb.py +@@ -725,11 +725,10 @@ class PyListTests(DebuggerTests): + ' 2 \n' ' 3 def foo(a, b, c):\n', bt) - +- +@unittest.skipUnless(HAS_PYUP_PYDOWN, "test requires py-up/py-down commands") +@unittest.skipIf(python_is_optimized(), + "Python was compiled with optimizations") @@ -15,7 +17,7 @@ diff -up Python-2.7.3/Lib/test/test_gdb.py.disable-stack-navigation-tests-when-o def test_pyup_command(self): 'Verify that the "py-up" command works' bt = self.get_stack_trace(script=self.get_sample_script(), -@@ -667,7 +667,6 @@ class StackNavigationTests(DebuggerTests +@@ -740,7 +739,6 @@ class StackNavigationTests(DebuggerTests): baz\(a, b, c\) $''') @@ -23,15 +25,17 @@ diff -up Python-2.7.3/Lib/test/test_gdb.py.disable-stack-navigation-tests-when-o def test_down_at_bottom(self): 'Verify handling of "py-down" at the bottom of the stack' bt = self.get_stack_trace(script=self.get_sample_script(), -@@ -675,7 +674,6 @@ $''') +@@ -748,9 +746,6 @@ $''') self.assertEndsWith(bt, 'Unable to find a newer python frame\n') - @unittest.skipUnless(HAS_PYUP_PYDOWN, "test requires py-up/py-down commands") +- @unittest.skipIf(python_is_optimized(), +- "Python was compiled with optimizations") def test_up_at_top(self): 'Verify handling of "py-up" at the top of the stack' bt = self.get_stack_trace(script=self.get_sample_script(), -@@ -683,9 +681,6 @@ $''') +@@ -758,9 +753,6 @@ $''') self.assertEndsWith(bt, 'Unable to find an older python frame\n') diff --git a/00180-python-add-support-for-ppc64p7.patch b/00180-python-add-support-for-ppc64p7.patch index 022944a..ef94c86 100644 --- a/00180-python-add-support-for-ppc64p7.patch +++ b/00180-python-add-support-for-ppc64p7.patch @@ -1,12 +1,13 @@ -diff -r de35eae9048a config.sub ---- a/config.sub Wed Apr 24 23:33:20 2013 +0200 -+++ b/config.sub Thu Apr 25 08:51:00 2013 +0200 -@@ -1008,7 +1008,7 @@ +diff --git a/config.sub b/config.sub +index 3478c1f..e422173 100755 +--- a/config.sub ++++ b/config.sub +@@ -1040,7 +1040,7 @@ case $basic_machine in ;; ppc64) basic_machine=powerpc64-unknown ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) + ppc64le | powerpc64little) basic_machine=powerpc64le-unknown diff --git a/00184-ctypes-should-build-with-libffi-multilib-wrapper.patch b/00184-ctypes-should-build-with-libffi-multilib-wrapper.patch deleted file mode 100644 index 53d9dae..0000000 --- a/00184-ctypes-should-build-with-libffi-multilib-wrapper.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- Python-3.3.2/setup.py.orig 2013-07-01 15:23:24.377711044 +0200 -+++ Python-3.3.2/setup.py 2013-07-01 15:23:34.094676496 +0200 -@@ -1882,7 +1882,8 @@ - if not line: - ffi_inc = None - break -- if line.startswith('#define LIBFFI_H'): -+ if line.startswith('#define LIBFFI_H') or \ -+ line.startswith('#define ffi_wrapper_h'): - break - ffi_lib = None - if ffi_inc is not None: diff --git a/00191-disable-NOOP.patch b/00191-disable-NOOP.patch index fbe9474..2d4189a 100644 --- a/00191-disable-NOOP.patch +++ b/00191-disable-NOOP.patch @@ -1,12 +1,12 @@ diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py -index 81806c9..e7881b9 100644 +index 1bb6690..28ed25d 100644 --- a/Lib/test/test_smtplib.py +++ b/Lib/test/test_smtplib.py @@ -182,6 +182,7 @@ class DebuggingServerTests(unittest.TestCase): - smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=3) + smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=15) smtp.quit() + @unittest._skipInRpmBuild("Does not work in network-free environment") def testNOOP(self): - smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=3) + smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=15) expected = (250, 'Ok') diff --git a/00200-skip-thread-test.patch b/00200-skip-thread-test.patch deleted file mode 100644 index 90536d1..0000000 --- a/00200-skip-thread-test.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up Python-2.7.11/Lib/test/test_gdb.py.old Python-2.7.11/Lib/test/test_gdb.py ---- Python-2.7.11/Lib/test/test_gdb.py.old 2015-12-24 19:12:46.167487914 +0100 -+++ Python-2.7.11/Lib/test/test_gdb.py 2015-12-24 19:13:48.833057910 +0100 -@@ -801,6 +801,7 @@ Traceback \(most recent call first\): - foo\(1, 2, 3\) - ''') - -+ @unittest._skipInRpmBuild('this test fail within rpmbuild') - @unittest.skipUnless(thread, - "Python was compiled without thread support") - def test_threads(self): diff --git a/00209-fix-test-pyexpat-failure.patch b/00209-fix-test-pyexpat-failure.patch deleted file mode 100644 index f14a19b..0000000 --- a/00209-fix-test-pyexpat-failure.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py -index eba9058..2c8a164 100644 ---- a/Lib/test/test_pyexpat.py -+++ b/Lib/test/test_pyexpat.py -@@ -610,11 +610,9 @@ class MalformedInputText(unittest.TestCase): - def test2(self): - xml = "\r\n" - parser = expat.ParserCreate() -- try: -+ err_pattern = r'XML declaration not well-formed: line 1, column \d+' -+ with self.assertRaisesRegexp(expat.ExpatError, err_pattern): - parser.Parse(xml, True) -- self.fail() -- except expat.ExpatError as e: -- self.assertEqual(str(e), 'XML declaration not well-formed: line 1, column 14') - - class ForeignDTDTests(unittest.TestCase): - """ diff --git a/00242-CVE-2016-1000110-httpoxy.patch b/00242-CVE-2016-1000110-httpoxy.patch deleted file mode 100644 index d644e8c..0000000 --- a/00242-CVE-2016-1000110-httpoxy.patch +++ /dev/null @@ -1,111 +0,0 @@ - -# HG changeset patch -# User Senthil Kumaran -# Date 1469882993 25200 -# Node ID ba915d561667fa0584ad89f8d5a844fd43803c0d -# Parent c8c1ea94379a7706638f1571988576d504d7fc98 -Prevent HTTPoxy attack (CVE-2016-1000110) - -Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which -indicates that the script is in CGI mode. - -Issue reported and patch contributed by Rémi Rampin. - -diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst ---- a/Doc/howto/urllib2.rst -+++ b/Doc/howto/urllib2.rst -@@ -525,6 +525,11 @@ setting up a `Basic Authentication`_ han - through a proxy. However, this can be enabled by extending urllib2 as - shown in the recipe [#]_. - -+.. note:: -+ -+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; see -+ the documentation on :func:`~urllib.getproxies`. -+ - - Sockets and Layers - ================== -diff --git a/Doc/library/urllib.rst b/Doc/library/urllib.rst ---- a/Doc/library/urllib.rst -+++ b/Doc/library/urllib.rst -@@ -295,6 +295,16 @@ Utility functions - If both lowercase and uppercase environment variables exist (and disagree), - lowercase is preferred. - -+ .. note:: -+ -+ If the environment variable ``REQUEST_METHOD`` is set, which usually -+ indicates your script is running in a CGI environment, the environment -+ variable ``HTTP_PROXY`` (uppercase ``_PROXY``) will be ignored. This is -+ because that variable can be injected by a client using the "Proxy:" -+ HTTP header. If you need to use an HTTP proxy in a CGI environment, -+ either use ``ProxyHandler`` explicitly, or make sure the variable name -+ is in lowercase (or at least the ``_proxy`` suffix). -+ - .. note:: - urllib also exposes certain utility functions like splittype, splithost and - others parsing URL into various components. But it is recommended to use -diff --git a/Doc/library/urllib2.rst b/Doc/library/urllib2.rst ---- a/Doc/library/urllib2.rst -+++ b/Doc/library/urllib2.rst -@@ -229,6 +229,11 @@ The following classes are provided: - - To disable autodetected proxy pass an empty dictionary. - -+ .. note:: -+ -+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; -+ see the documentation on :func:`~urllib.getproxies`. -+ - - .. class:: HTTPPasswordMgr() - -diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py ---- a/Lib/test/test_urllib.py -+++ b/Lib/test/test_urllib.py -@@ -170,6 +170,18 @@ class ProxyTests(unittest.TestCase): - self.assertTrue(urllib.proxy_bypass_environment('anotherdomain.com:8888')) - self.assertTrue(urllib.proxy_bypass_environment('newdomain.com:1234')) - -+ def test_proxy_cgi_ignore(self): -+ try: -+ self.env.set('HTTP_PROXY', 'http://somewhere:3128') -+ proxies = urllib.getproxies_environment() -+ self.assertEqual('http://somewhere:3128', proxies['http']) -+ self.env.set('REQUEST_METHOD', 'GET') -+ proxies = urllib.getproxies_environment() -+ self.assertNotIn('http', proxies) -+ finally: -+ self.env.unset('REQUEST_METHOD') -+ self.env.unset('HTTP_PROXY') -+ - def test_proxy_bypass_environment_host_match(self): - bypass = urllib.proxy_bypass_environment - self.env.set('NO_PROXY', -diff --git a/Lib/urllib.py b/Lib/urllib.py ---- a/Lib/urllib.py -+++ b/Lib/urllib.py -@@ -1380,12 +1380,21 @@ def getproxies_environment(): - If you need a different way, you can pass a proxies dictionary to the - [Fancy]URLopener constructor. - """ -+ # Get all variables - proxies = {} - for name, value in os.environ.items(): - name = name.lower() - if value and name[-6:] == '_proxy': - proxies[name[:-6]] = value - -+ # CVE-2016-1000110 - If we are running as CGI script, forget HTTP_PROXY -+ # (non-all-lowercase) as it may be set from the web server by a "Proxy:" -+ # header from the client -+ # If "proxy" is lowercase, it will still be used thanks to the next block -+ if 'REQUEST_METHOD' in os.environ: -+ proxies.pop('http', None) -+ -+ # Get lowercase variables - for name, value in os.environ.items(): - if name[-6:] == '_proxy': - name = name.lower() - diff --git a/00247-port-ssl-and-hashlib-to-OpenSSL-1.1.0.patch b/00247-port-ssl-and-hashlib-to-OpenSSL-1.1.0.patch deleted file mode 100644 index 4ac606a..0000000 --- a/00247-port-ssl-and-hashlib-to-OpenSSL-1.1.0.patch +++ /dev/null @@ -1,1088 +0,0 @@ - -# HG changeset patch -# User Christian Heimes -# Date 1473111433 -7200 -# Node ID 14b611ddaabe404c8cae84c35f553f50e3a068c9 -# Parent 4c91651912d1b3dbedcd8404c61f9e2a4094af93 -Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. - -diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst ---- a/Doc/library/ssl.rst -+++ b/Doc/library/ssl.rst -@@ -322,6 +322,16 @@ purposes. - Random generation - ^^^^^^^^^^^^^^^^^ - -+ .. deprecated:: -+ -+ 2.7.13 OpenSSL has deprecated :func:`ssl.RAND_pseudo_bytes`, use -+ :func:`ssl.RAND_bytes` instead. -+ -+ .. deprecated:: -+ -+ 2.7.13 OpenSSL has deprecated :func:`ssl.RAND_pseudo_bytes`, use -+ :func:`ssl.RAND_bytes` instead. -+ - .. function:: RAND_status() - - Return ``True`` if the SSL pseudo-random number generator has been seeded -@@ -340,7 +350,7 @@ Random generation - See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources - of entropy-gathering daemons. - -- Availability: not available with LibreSSL. -+ Availability: not available with LibreSSL and OpenSSL > 1.1.0 - - .. function:: RAND_add(bytes, entropy) - -@@ -444,6 +454,9 @@ Certificate handling - * :attr:`openssl_capath_env` - OpenSSL's environment key that points to a capath, - * :attr:`openssl_capath` - hard coded path to a capath directory - -+ Availability: LibreSSL ignores the environment vars -+ :attr:`openssl_cafile_env` and :attr:`openssl_capath_env` -+ - .. versionadded:: 2.7.9 - - .. function:: enum_certificates(store_name) -@@ -561,11 +574,19 @@ Constants - - .. versionadded:: 2.7.10 - --.. data:: PROTOCOL_SSLv23 -+.. data:: PROTOCOL_TLS - - Selects the highest protocol version that both the client and server support. - Despite the name, this option can select "TLS" protocols as well as "SSL". - -+ .. versionadded:: 2.7.13 -+ -+.. data:: PROTOCOL_SSLv23 -+ -+ Alias for ``PROTOCOL_TLS``. -+ -+ .. deprecated:: 2.7.13 Use ``PROTOCOL_TLS`` instead. -+ - .. data:: PROTOCOL_SSLv2 - - Selects SSL version 2 as the channel encryption protocol. -@@ -577,6 +598,8 @@ Constants - - SSL version 2 is insecure. Its use is highly discouraged. - -+ .. deprecated:: 2.7.13 OpenSSL has removed support for SSLv2. -+ - .. data:: PROTOCOL_SSLv3 - - Selects SSL version 3 as the channel encryption protocol. -@@ -588,10 +611,20 @@ Constants - - SSL version 3 is insecure. Its use is highly discouraged. - -+ .. deprecated:: 2.7.13 -+ -+ OpenSSL has deprecated all version specific protocols. Use the default -+ protocol with flags like ``OP_NO_SSLv3`` instead. -+ - .. data:: PROTOCOL_TLSv1 - - Selects TLS version 1.0 as the channel encryption protocol. - -+ .. deprecated:: 2.7.13 -+ -+ OpenSSL has deprecated all version specific protocols. Use the default -+ protocol with flags like ``OP_NO_SSLv3`` instead. -+ - .. data:: PROTOCOL_TLSv1_1 - - Selects TLS version 1.1 as the channel encryption protocol. -@@ -599,6 +632,11 @@ Constants - - .. versionadded:: 2.7.9 - -+ .. deprecated:: 2.7.13 -+ -+ OpenSSL has deprecated all version specific protocols. Use the default -+ protocol with flags like ``OP_NO_SSLv3`` instead. -+ - .. data:: PROTOCOL_TLSv1_2 - - Selects TLS version 1.2 as the channel encryption protocol. This is the -@@ -607,6 +645,12 @@ Constants - - .. versionadded:: 2.7.9 - -+ .. deprecated:: 2.7.13 -+ -+ OpenSSL has deprecated all version specific protocols. Use the default -+ protocol with flags like ``OP_NO_SSLv3`` instead. -+ -+ - .. data:: OP_ALL - - Enables workarounds for various bugs present in other SSL implementations. -@@ -1112,6 +1156,9 @@ to speed up repeated connections from th - This method will raise :exc:`NotImplementedError` if :data:`HAS_ALPN` is - False. - -+ OpenSSL 1.1.0+ will abort the handshake and raise :exc:`SSLError` when -+ both sides support ALPN but cannot agree on a protocol. -+ - .. versionadded:: 2.7.10 - - .. method:: SSLContext.set_npn_protocols(protocols) -diff --git a/Lib/ssl.py b/Lib/ssl.py ---- a/Lib/ssl.py -+++ b/Lib/ssl.py -@@ -51,6 +51,7 @@ The following constants identify various - PROTOCOL_SSLv2 - PROTOCOL_SSLv3 - PROTOCOL_SSLv23 -+PROTOCOL_TLS - PROTOCOL_TLSv1 - PROTOCOL_TLSv1_1 - PROTOCOL_TLSv1_2 -@@ -126,7 +127,10 @@ from _ssl import HAS_SNI, HAS_ECDH, HAS_ - - from _ssl import _OPENSSL_API_VERSION - --_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} -+_PROTOCOL_NAMES = {value: name for name, value in globals().items() -+ if name.startswith('PROTOCOL_') -+ and name != 'PROTOCOL_SSLv23'} -+PROTOCOL_SSLv23 = PROTOCOL_TLS - - try: - _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -@@ -408,7 +412,7 @@ def create_default_context(purpose=Purpo - if not isinstance(purpose, _ASN1Object): - raise TypeError(purpose) - -- context = SSLContext(PROTOCOL_SSLv23) -+ context = SSLContext(PROTOCOL_TLS) - - # SSLv2 considered harmful. - context.options |= OP_NO_SSLv2 -@@ -445,7 +449,7 @@ def create_default_context(purpose=Purpo - context.load_default_certs(purpose) - return context - --def _create_unverified_context(protocol=PROTOCOL_SSLv23, cert_reqs=None, -+def _create_unverified_context(protocol=PROTOCOL_TLS, cert_reqs=None, - check_hostname=False, purpose=Purpose.SERVER_AUTH, - certfile=None, keyfile=None, - cafile=None, capath=None, cadata=None): -@@ -518,7 +522,7 @@ class SSLSocket(socket): - - def __init__(self, sock=None, keyfile=None, certfile=None, - server_side=False, cert_reqs=CERT_NONE, -- ssl_version=PROTOCOL_SSLv23, ca_certs=None, -+ ssl_version=PROTOCOL_TLS, ca_certs=None, - do_handshake_on_connect=True, - family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, - suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, -@@ -920,7 +924,7 @@ class SSLSocket(socket): - - def wrap_socket(sock, keyfile=None, certfile=None, - server_side=False, cert_reqs=CERT_NONE, -- ssl_version=PROTOCOL_SSLv23, ca_certs=None, -+ ssl_version=PROTOCOL_TLS, ca_certs=None, - do_handshake_on_connect=True, - suppress_ragged_eofs=True, - ciphers=None): -@@ -989,7 +993,7 @@ def PEM_cert_to_DER_cert(pem_cert_string - d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] - return base64.decodestring(d.encode('ASCII', 'strict')) - --def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): -+def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None): - """Retrieve the certificate from the server at the specified address, - and return it as a PEM-encoded string. - If 'ca_certs' is specified, validate the server cert against it. -diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py ---- a/Lib/test/test_ssl.py -+++ b/Lib/test/test_ssl.py -@@ -26,6 +26,9 @@ ssl = support.import_module("ssl") - - PROTOCOLS = sorted(ssl._PROTOCOL_NAMES) - HOST = support.HOST -+IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL') -+IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) -+ - - def data_file(*name): - return os.path.join(os.path.dirname(__file__), *name) -@@ -164,7 +167,6 @@ class BasicSocketTests(unittest.TestCase - self.assertIn(ssl.HAS_SNI, {True, False}) - self.assertIn(ssl.HAS_ECDH, {True, False}) - -- - def test_random(self): - v = ssl.RAND_status() - if support.verbose: -@@ -281,9 +283,9 @@ class BasicSocketTests(unittest.TestCase - self.assertGreaterEqual(status, 0) - self.assertLessEqual(status, 15) - # Version string as returned by {Open,Libre}SSL, the format might change -- if "LibreSSL" in s: -- self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)), -- (s, t)) -+ if IS_LIBRESSL: -+ self.assertTrue(s.startswith("LibreSSL {:d}".format(major)), -+ (s, t, hex(n))) - else: - self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)), - (s, t)) -@@ -742,15 +744,15 @@ class ContextTests(unittest.TestCase): - def test_options(self): - ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) - # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3, -- ctx.options) -+ default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3) -+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0): -+ default |= ssl.OP_NO_COMPRESSION -+ self.assertEqual(default, ctx.options) - ctx.options |= ssl.OP_NO_TLSv1 -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1, -- ctx.options) -+ self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options) - if can_clear_options(): -- ctx.options = (ctx.options & ~ssl.OP_NO_SSLv2) | ssl.OP_NO_TLSv1 -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_TLSv1 | ssl.OP_NO_SSLv3, -- ctx.options) -+ ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1) -+ self.assertEqual(default, ctx.options) - ctx.options = 0 - self.assertEqual(0, ctx.options) - else: -@@ -1088,6 +1090,7 @@ class ContextTests(unittest.TestCase): - self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH') - - @unittest.skipIf(sys.platform == "win32", "not-Windows specific") -+ @unittest.skipIf(IS_LIBRESSL, "LibreSSL doesn't support env vars") - def test_load_default_certs_env(self): - ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) - with support.EnvironmentVarGuard() as env: -@@ -1534,7 +1537,6 @@ class NetworkedTests(unittest.TestCase): - sys.stdout.write("%s\n" % x) - else: - self.fail("Got server certificate %s for %s:%s!" % (pem, host, port)) -- - pem = ssl.get_server_certificate((host, port), - ca_certs=cert) - if not pem: -@@ -2783,7 +2785,7 @@ else: - with closing(context.wrap_socket(socket.socket())) as s: - self.assertIs(s.version(), None) - s.connect((HOST, server.port)) -- self.assertEqual(s.version(), "TLSv1") -+ self.assertEqual(s.version(), 'TLSv1') - self.assertIs(s.version(), None) - - @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL") -@@ -2925,24 +2927,36 @@ else: - (['http/3.0', 'http/4.0'], None) - ] - for client_protocols, expected in protocol_tests: -- server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) -+ server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) - server_context.load_cert_chain(CERTFILE) - server_context.set_alpn_protocols(server_protocols) -- client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) -+ client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) - client_context.load_cert_chain(CERTFILE) - client_context.set_alpn_protocols(client_protocols) -- stats = server_params_test(client_context, server_context, -- chatty=True, connectionchatty=True) -- -- msg = "failed trying %s (s) and %s (c).\n" \ -- "was expecting %s, but got %%s from the %%s" \ -- % (str(server_protocols), str(client_protocols), -- str(expected)) -- client_result = stats['client_alpn_protocol'] -- self.assertEqual(client_result, expected, msg % (client_result, "client")) -- server_result = stats['server_alpn_protocols'][-1] \ -- if len(stats['server_alpn_protocols']) else 'nothing' -- self.assertEqual(server_result, expected, msg % (server_result, "server")) -+ -+ try: -+ stats = server_params_test(client_context, -+ server_context, -+ chatty=True, -+ connectionchatty=True) -+ except ssl.SSLError as e: -+ stats = e -+ -+ if expected is None and IS_OPENSSL_1_1: -+ # OpenSSL 1.1.0 raises handshake error -+ self.assertIsInstance(stats, ssl.SSLError) -+ else: -+ msg = "failed trying %s (s) and %s (c).\n" \ -+ "was expecting %s, but got %%s from the %%s" \ -+ % (str(server_protocols), str(client_protocols), -+ str(expected)) -+ client_result = stats['client_alpn_protocol'] -+ self.assertEqual(client_result, expected, -+ msg % (client_result, "client")) -+ server_result = stats['server_alpn_protocols'][-1] \ -+ if len(stats['server_alpn_protocols']) else 'nothing' -+ self.assertEqual(server_result, expected, -+ msg % (server_result, "server")) - - def test_selected_npn_protocol(self): - # selected_npn_protocol() is None unless NPN is used - ---- a/Modules/_hashopenssl.c -+++ b/Modules/_hashopenssl.c -@@ -37,8 +37,10 @@ - - /* EVP is the preferred interface to hashing in OpenSSL */ - #include --#include - #include -+/* We use the object interface to discover what hashes OpenSSL supports. */ -+#include -+#include "openssl/err.h" - - #define MUNCH_SIZE INT_MAX - -@@ -50,15 +52,26 @@ - #define HASH_OBJ_CONSTRUCTOR 0 - #endif - --/* Minimum OpenSSL version needed to support sha224 and higher. */ - #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x00908000) - #define _OPENSSL_SUPPORTS_SHA2 - #endif - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) -+/* OpenSSL < 1.1.0 */ -+#define EVP_MD_CTX_new EVP_MD_CTX_create -+#define EVP_MD_CTX_free EVP_MD_CTX_destroy -+#define HAS_FAST_PKCS5_PBKDF2_HMAC 0 -+#include -+#else -+/* OpenSSL >= 1.1.0 */ -+#define HAS_FAST_PKCS5_PBKDF2_HMAC 1 -+#endif -+ -+ - typedef struct { - PyObject_HEAD - PyObject *name; /* name of this hash algorithm */ -- EVP_MD_CTX ctx; /* OpenSSL message digest context */ -+ EVP_MD_CTX *ctx; /* OpenSSL message digest context */ - #ifdef WITH_THREAD - PyThread_type_lock lock; /* OpenSSL context lock */ - #endif -@@ -70,7 +83,6 @@ static PyTypeObject EVPtype; - - #define DEFINE_CONSTS_FOR_NEW(Name) \ - static PyObject *CONST_ ## Name ## _name_obj = NULL; \ -- static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \ - static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; - - DEFINE_CONSTS_FOR_NEW(md5) -@@ -83,19 +95,56 @@ DEFINE_CONSTS_FOR_NEW(sha512) - #endif - - -+/* LCOV_EXCL_START */ -+static PyObject * -+_setException(PyObject *exc) -+{ -+ unsigned long errcode; -+ const char *lib, *func, *reason; -+ -+ errcode = ERR_peek_last_error(); -+ if (!errcode) { -+ PyErr_SetString(exc, "unknown reasons"); -+ return NULL; -+ } -+ ERR_clear_error(); -+ -+ lib = ERR_lib_error_string(errcode); -+ func = ERR_func_error_string(errcode); -+ reason = ERR_reason_error_string(errcode); -+ -+ if (lib && func) { -+ PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); -+ } -+ else if (lib) { -+ PyErr_Format(exc, "[%s] %s", lib, reason); -+ } -+ else { -+ PyErr_SetString(exc, reason); -+ } -+ return NULL; -+} -+/* LCOV_EXCL_STOP */ -+ - static EVPobject * - newEVPobject(PyObject *name) - { - EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); -+ if (retval == NULL) -+ return NULL; -+ -+ retval->ctx = EVP_MD_CTX_new(); -+ if (retval->ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } - - /* save the name for .name to return */ -- if (retval != NULL) { -- Py_INCREF(name); -- retval->name = name; -+ Py_INCREF(name); -+ retval->name = name; - #ifdef WITH_THREAD -- retval->lock = NULL; -+ retval->lock = NULL; - #endif -- } - - return retval; - } -@@ -111,7 +160,7 @@ EVP_hash(EVPobject *self, const void *vp - process = MUNCH_SIZE; - else - process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); -- EVP_DigestUpdate(&self->ctx, (const void*)cp, process); -+ EVP_DigestUpdate(self->ctx, (const void*)cp, process); - len -= process; - cp += process; - } -@@ -126,16 +175,20 @@ EVP_dealloc(EVPobject *self) - if (self->lock != NULL) - PyThread_free_lock(self->lock); - #endif -- EVP_MD_CTX_cleanup(&self->ctx); -+ EVP_MD_CTX_free(self->ctx); - Py_XDECREF(self->name); - PyObject_Del(self); - } - --static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) -+static int -+locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) - { -+ int result; - ENTER_HASHLIB(self); -- EVP_MD_CTX_copy(new_ctx_p, &self->ctx); -+ /* XXX no error reporting */ -+ result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); - LEAVE_HASHLIB(self); -+ return result; - } - - /* External methods for a hash object */ -@@ -151,7 +204,9 @@ EVP_copy(EVPobject *self, PyObject *unus - if ( (newobj = newEVPobject(self->name))==NULL) - return NULL; - -- locked_EVP_MD_CTX_copy(&newobj->ctx, self); -+ if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } - return (PyObject *)newobj; - } - -@@ -162,16 +217,24 @@ static PyObject * - EVP_digest(EVPobject *self, PyObject *unused) - { - unsigned char digest[EVP_MAX_MD_SIZE]; -- EVP_MD_CTX temp_ctx; -+ EVP_MD_CTX *temp_ctx; - PyObject *retval; - unsigned int digest_size; - -- locked_EVP_MD_CTX_copy(&temp_ctx, self); -- digest_size = EVP_MD_CTX_size(&temp_ctx); -- EVP_DigestFinal(&temp_ctx, digest, NULL); -+ temp_ctx = EVP_MD_CTX_new(); -+ if (temp_ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } -+ -+ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } -+ digest_size = EVP_MD_CTX_size(temp_ctx); -+ EVP_DigestFinal(temp_ctx, digest, NULL); - - retval = PyString_FromStringAndSize((const char *)digest, digest_size); -- EVP_MD_CTX_cleanup(&temp_ctx); -+ EVP_MD_CTX_free(temp_ctx); - return retval; - } - -@@ -182,17 +245,25 @@ static PyObject * - EVP_hexdigest(EVPobject *self, PyObject *unused) - { - unsigned char digest[EVP_MAX_MD_SIZE]; -- EVP_MD_CTX temp_ctx; -+ EVP_MD_CTX *temp_ctx; - PyObject *retval; - char *hex_digest; - unsigned int i, j, digest_size; - -+ temp_ctx = EVP_MD_CTX_new(); -+ if (temp_ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } -+ - /* Get the raw (binary) digest value */ -- locked_EVP_MD_CTX_copy(&temp_ctx, self); -- digest_size = EVP_MD_CTX_size(&temp_ctx); -- EVP_DigestFinal(&temp_ctx, digest, NULL); -+ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } -+ digest_size = EVP_MD_CTX_size(temp_ctx); -+ EVP_DigestFinal(temp_ctx, digest, NULL); - -- EVP_MD_CTX_cleanup(&temp_ctx); -+ EVP_MD_CTX_free(temp_ctx); - - /* Create a new string */ - /* NOTE: not thread safe! modifying an already created string object */ -@@ -266,7 +337,7 @@ static PyObject * - EVP_get_block_size(EVPobject *self, void *closure) - { - long block_size; -- block_size = EVP_MD_CTX_block_size(&self->ctx); -+ block_size = EVP_MD_CTX_block_size(self->ctx); - return PyLong_FromLong(block_size); - } - -@@ -274,7 +345,7 @@ static PyObject * - EVP_get_digest_size(EVPobject *self, void *closure) - { - long size; -- size = EVP_MD_CTX_size(&self->ctx); -+ size = EVP_MD_CTX_size(self->ctx); - return PyLong_FromLong(size); - } - -@@ -338,7 +409,7 @@ EVP_tp_init(EVPobject *self, PyObject *a - PyBuffer_Release(&view); - return -1; - } -- EVP_DigestInit(&self->ctx, digest); -+ EVP_DigestInit(self->ctx, digest); - - self->name = name_obj; - Py_INCREF(self->name); -@@ -435,9 +506,9 @@ EVPnew(PyObject *name_obj, - return NULL; - - if (initial_ctx) { -- EVP_MD_CTX_copy(&self->ctx, initial_ctx); -+ EVP_MD_CTX_copy(self->ctx, initial_ctx); - } else { -- EVP_DigestInit(&self->ctx, digest); -+ EVP_DigestInit(self->ctx, digest); - } - - if (cp && len) { -@@ -499,6 +570,7 @@ EVP_new(PyObject *self, PyObject *args, - - #define PY_PBKDF2_HMAC 1 - -+#if !HAS_FAST_PKCS5_PBKDF2_HMAC - /* Improved implementation of PKCS5_PBKDF2_HMAC() - * - * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of -@@ -580,37 +652,8 @@ PKCS5_PBKDF2_HMAC_fast(const char *pass, - HMAC_CTX_cleanup(&hctx_tpl); - return 1; - } -+#endif - --/* LCOV_EXCL_START */ --static PyObject * --_setException(PyObject *exc) --{ -- unsigned long errcode; -- const char *lib, *func, *reason; -- -- errcode = ERR_peek_last_error(); -- if (!errcode) { -- PyErr_SetString(exc, "unknown reasons"); -- return NULL; -- } -- ERR_clear_error(); -- -- lib = ERR_lib_error_string(errcode); -- func = ERR_func_error_string(errcode); -- reason = ERR_reason_error_string(errcode); -- -- if (lib && func) { -- PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); -- } -- else if (lib) { -- PyErr_Format(exc, "[%s] %s", lib, reason); -- } -- else { -- PyErr_SetString(exc, reason); -- } -- return NULL; --} --/* LCOV_EXCL_STOP */ - - PyDoc_STRVAR(pbkdf2_hmac__doc__, - "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ -@@ -692,10 +735,17 @@ pbkdf2_hmac(PyObject *self, PyObject *ar - key = PyBytes_AS_STRING(key_obj); - - Py_BEGIN_ALLOW_THREADS -+#if HAS_FAST_PKCS5_PBKDF2_HMAC -+ retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, -+ (unsigned char *)salt.buf, (int)salt.len, -+ iterations, digest, dklen, -+ (unsigned char *)key); -+#else - retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, - (unsigned char *)salt.buf, (int)salt.len, - iterations, digest, dklen, - (unsigned char *)key); -+#endif - Py_END_ALLOW_THREADS - - if (!retval) { -@@ -807,7 +857,7 @@ generate_hash_name_list(void) - if (CONST_ ## NAME ## _name_obj == NULL) { \ - CONST_ ## NAME ## _name_obj = PyString_FromString(#NAME); \ - if (EVP_get_digestbyname(#NAME)) { \ -- CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \ -+ CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \ - EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \ - } \ - } \ -diff --git a/Modules/_ssl.c b/Modules/_ssl.c ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -52,6 +52,14 @@ - #include - #endif - -+/* Don't warn about deprecated functions */ -+#ifdef __GNUC__ -+#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -+#endif -+#ifdef __clang__ -+#pragma clang diagnostic ignored "-Wdeprecated-declarations" -+#endif -+ - /* Include OpenSSL header files */ - #include "openssl/rsa.h" - #include "openssl/crypto.h" -@@ -87,6 +95,10 @@ struct py_ssl_library_code { - /* Include generated data (error codes) */ - #include "_ssl_data.h" - -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) -+# define OPENSSL_VERSION_1_1 1 -+#endif -+ - /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 - http://www.openssl.org/news/changelog.html - */ -@@ -110,6 +122,70 @@ struct py_ssl_library_code { - # define HAVE_ALPN - #endif - -+#ifndef INVALID_SOCKET /* MS defines this */ -+#define INVALID_SOCKET (-1) -+#endif -+ -+#ifdef OPENSSL_VERSION_1_1 -+/* OpenSSL 1.1.0+ */ -+#ifndef OPENSSL_NO_SSL2 -+#define OPENSSL_NO_SSL2 -+#endif -+#else /* OpenSSL < 1.1.0 */ -+#if defined(WITH_THREAD) -+#define HAVE_OPENSSL_CRYPTO_LOCK -+#endif -+ -+#define TLS_method SSLv23_method -+ -+static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) -+{ -+ return ne->set; -+} -+ -+#ifndef OPENSSL_NO_COMP -+static int COMP_get_type(const COMP_METHOD *meth) -+{ -+ return meth->type; -+} -+ -+static const char *COMP_get_name(const COMP_METHOD *meth) -+{ -+ return meth->name; -+} -+#endif -+ -+static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) -+{ -+ return ctx->default_passwd_callback; -+} -+ -+static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) -+{ -+ return ctx->default_passwd_callback_userdata; -+} -+ -+static int X509_OBJECT_get_type(X509_OBJECT *x) -+{ -+ return x->type; -+} -+ -+static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) -+{ -+ return x->data.x509; -+} -+ -+static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) { -+ return store->objs; -+} -+ -+static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) -+{ -+ return store->param; -+} -+#endif /* OpenSSL < 1.1.0 or LibreSSL */ -+ -+ - enum py_ssl_error { - /* these mirror ssl.h */ - PY_SSL_ERROR_NONE, -@@ -140,7 +216,7 @@ enum py_ssl_cert_requirements { - enum py_ssl_version { - PY_SSL_VERSION_SSL2, - PY_SSL_VERSION_SSL3=1, -- PY_SSL_VERSION_SSL23, -+ PY_SSL_VERSION_TLS, - #if HAVE_TLSv1_2 - PY_SSL_VERSION_TLS1, - PY_SSL_VERSION_TLS1_1, -@@ -681,7 +757,7 @@ static PyObject * - - /* check to see if we've gotten to a new RDN */ - if (rdn_level >= 0) { -- if (rdn_level != entry->set) { -+ if (rdn_level != X509_NAME_ENTRY_set(entry)) { - /* yes, new RDN */ - /* add old RDN to DN */ - rdnt = PyList_AsTuple(rdn); -@@ -698,7 +774,7 @@ static PyObject * - goto fail0; - } - } -- rdn_level = entry->set; -+ rdn_level = X509_NAME_ENTRY_set(entry); - - /* now add this attribute to the current RDN */ - name = X509_NAME_ENTRY_get_object(entry); -@@ -801,18 +877,18 @@ static PyObject * - goto fail; - } - -- p = ext->value->data; -+ p = X509_EXTENSION_get_data(ext)->data; - if (method->it) - names = (GENERAL_NAMES*) - (ASN1_item_d2i(NULL, - &p, -- ext->value->length, -+ X509_EXTENSION_get_data(ext)->length, - ASN1_ITEM_ptr(method->it))); - else - names = (GENERAL_NAMES*) - (method->d2i(NULL, - &p, -- ext->value->length)); -+ X509_EXTENSION_get_data(ext)->length)); - - for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { - /* get a rendering of each name in the set of names */ -@@ -1021,13 +1097,11 @@ static PyObject * - int i, j; - PyObject *lst, *res = NULL; - --#if OPENSSL_VERSION_NUMBER < 0x10001000L -- dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); --#else -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L - /* Calls x509v3_cache_extensions and sets up crldp */ - X509_check_ca(certificate); -- dps = certificate->crldp; - #endif -+ dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); - - if (dps == NULL) - return Py_None; -@@ -1443,9 +1517,9 @@ static PyObject *PySSL_compression(PySSL - if (self->ssl == NULL) - Py_RETURN_NONE; - comp_method = SSL_get_current_compression(self->ssl); -- if (comp_method == NULL || comp_method->type == NID_undef) -+ if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef) - Py_RETURN_NONE; -- short_name = OBJ_nid2sn(comp_method->type); -+ short_name = COMP_get_name(comp_method); - if (short_name == NULL) - Py_RETURN_NONE; - return PyBytes_FromString(short_name); -@@ -1994,7 +2068,7 @@ context_new(PyTypeObject *type, PyObject - { - char *kwlist[] = {"protocol", NULL}; - PySSLContext *self; -- int proto_version = PY_SSL_VERSION_SSL23; -+ int proto_version = PY_SSL_VERSION_TLS; - long options; - SSL_CTX *ctx = NULL; - -@@ -2020,8 +2094,8 @@ context_new(PyTypeObject *type, PyObject - else if (proto_version == PY_SSL_VERSION_SSL2) - ctx = SSL_CTX_new(SSLv2_method()); - #endif -- else if (proto_version == PY_SSL_VERSION_SSL23) -- ctx = SSL_CTX_new(SSLv23_method()); -+ else if (proto_version == PY_SSL_VERSION_TLS) -+ ctx = SSL_CTX_new(TLS_method()); - else - proto_version = -1; - PySSL_END_ALLOW_THREADS -@@ -2067,8 +2141,9 @@ context_new(PyTypeObject *type, PyObject - #ifndef OPENSSL_NO_ECDH - /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use - prime256v1 by default. This is Apache mod_ssl's initialization -- policy, so we should be safe. */ --#if defined(SSL_CTX_set_ecdh_auto) -+ policy, so we should be safe. OpenSSL 1.1 has it enabled by default. -+ */ -+#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1) - SSL_CTX_set_ecdh_auto(self->ctx, 1); - #else - { -@@ -2336,10 +2411,12 @@ static PyObject * - get_verify_flags(PySSLContext *self, void *c) - { - X509_STORE *store; -+ X509_VERIFY_PARAM *param; - unsigned long flags; - - store = SSL_CTX_get_cert_store(self->ctx); -- flags = X509_VERIFY_PARAM_get_flags(store->param); -+ param = X509_STORE_get0_param(store); -+ flags = X509_VERIFY_PARAM_get_flags(param); - return PyLong_FromUnsignedLong(flags); - } - -@@ -2347,22 +2424,24 @@ static int - set_verify_flags(PySSLContext *self, PyObject *arg, void *c) - { - X509_STORE *store; -+ X509_VERIFY_PARAM *param; - unsigned long new_flags, flags, set, clear; - - if (!PyArg_Parse(arg, "k", &new_flags)) - return -1; - store = SSL_CTX_get_cert_store(self->ctx); -- flags = X509_VERIFY_PARAM_get_flags(store->param); -+ param = X509_STORE_get0_param(store); -+ flags = X509_VERIFY_PARAM_get_flags(param); - clear = flags & ~new_flags; - set = ~flags & new_flags; - if (clear) { -- if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) { -+ if (!X509_VERIFY_PARAM_clear_flags(param, clear)) { - _setSSLError(NULL, 0, __FILE__, __LINE__); - return -1; - } - } - if (set) { -- if (!X509_VERIFY_PARAM_set_flags(store->param, set)) { -+ if (!X509_VERIFY_PARAM_set_flags(param, set)) { - _setSSLError(NULL, 0, __FILE__, __LINE__); - return -1; - } -@@ -2537,8 +2616,8 @@ load_cert_chain(PySSLContext *self, PyOb - char *kwlist[] = {"certfile", "keyfile", "password", NULL}; - PyObject *keyfile = NULL, *keyfile_bytes = NULL, *password = NULL; - char *certfile_bytes = NULL; -- pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback; -- void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata; -+ pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx); -+ void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx); - _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 }; - int r; - -@@ -2674,8 +2753,9 @@ static int - cert = d2i_X509_bio(biobuf, NULL); - } else { - cert = PEM_read_bio_X509(biobuf, NULL, -- self->ctx->default_passwd_callback, -- self->ctx->default_passwd_callback_userdata); -+ SSL_CTX_get_default_passwd_cb(self->ctx), -+ SSL_CTX_get_default_passwd_cb_userdata(self->ctx) -+ ); - } - if (cert == NULL) { - break; -@@ -3160,25 +3240,24 @@ static PyObject * - cert_store_stats(PySSLContext *self) - { - X509_STORE *store; -+ STACK_OF(X509_OBJECT) *objs; - X509_OBJECT *obj; -- int x509 = 0, crl = 0, pkey = 0, ca = 0, i; -+ int x509 = 0, crl = 0, ca = 0, i; - - store = SSL_CTX_get_cert_store(self->ctx); -- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { -- obj = sk_X509_OBJECT_value(store->objs, i); -- switch (obj->type) { -+ objs = X509_STORE_get0_objects(store); -+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { -+ obj = sk_X509_OBJECT_value(objs, i); -+ switch (X509_OBJECT_get_type(obj)) { - case X509_LU_X509: - x509++; -- if (X509_check_ca(obj->data.x509)) { -+ if (X509_check_ca(X509_OBJECT_get0_X509(obj))) { - ca++; - } - break; - case X509_LU_CRL: - crl++; - break; -- case X509_LU_PKEY: -- pkey++; -- break; - default: - /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY. - * As far as I can tell they are internal states and never -@@ -3204,6 +3283,7 @@ get_ca_certs(PySSLContext *self, PyObjec - char *kwlist[] = {"binary_form", NULL}; - X509_STORE *store; - PyObject *ci = NULL, *rlist = NULL, *py_binary_mode = Py_False; -+ STACK_OF(X509_OBJECT) *objs; - int i; - int binary_mode = 0; - -@@ -3221,17 +3301,18 @@ get_ca_certs(PySSLContext *self, PyObjec - } - - store = SSL_CTX_get_cert_store(self->ctx); -- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { -+ objs = X509_STORE_get0_objects(store); -+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { - X509_OBJECT *obj; - X509 *cert; - -- obj = sk_X509_OBJECT_value(store->objs, i); -- if (obj->type != X509_LU_X509) { -+ obj = sk_X509_OBJECT_value(objs, i); -+ if (X509_OBJECT_get_type(obj) != X509_LU_X509) { - /* not a x509 cert */ - continue; - } - /* CA for any purpose */ -- cert = obj->data.x509; -+ cert = X509_OBJECT_get0_X509(obj); - if (!X509_check_ca(cert)) { - continue; - } -@@ -3842,10 +3923,12 @@ static PyMethodDef PySSL_methods[] = { - }; - - --#ifdef WITH_THREAD -+#ifdef HAVE_OPENSSL_CRYPTO_LOCK - - /* an implementation of OpenSSL threading operations in terms -- of the Python C thread library */ -+ * of the Python C thread library -+ * Only used up to 1.0.2. OpenSSL 1.1.0+ has its own locking code. -+ */ - - static PyThread_type_lock *_ssl_locks = NULL; - -@@ -3926,7 +4009,7 @@ static int _setup_ssl_threads(void) { - return 1; - } - --#endif /* def HAVE_THREAD */ -+#endif /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */ - - PyDoc_STRVAR(module_doc, - "Implementation module for SSL socket operations. See the socket module\n\ -@@ -3979,11 +4062,16 @@ init_ssl(void) - SSL_load_error_strings(); - SSL_library_init(); - #ifdef WITH_THREAD -+#ifdef HAVE_OPENSSL_CRYPTO_LOCK - /* note that this will start threading if not already started */ - if (!_setup_ssl_threads()) { - return; - } -+#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS) -+ /* OpenSSL 1.1.0 builtin thread support is enabled */ -+ _ssl_locks_count++; - #endif -+#endif /* WITH_THREAD */ - OpenSSL_add_all_algorithms(); - - /* Add symbols to module dict */ -@@ -4136,7 +4224,9 @@ init_ssl(void) - PY_SSL_VERSION_SSL3); - #endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", -- PY_SSL_VERSION_SSL23); -+ PY_SSL_VERSION_TLS); -+ PyModule_AddIntConstant(m, "PROTOCOL_TLS", -+ PY_SSL_VERSION_TLS); - PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", - PY_SSL_VERSION_TLS1); - #if HAVE_TLSv1_2 - -# HG changeset patch -# User Christian Heimes -# Date 1473117039 -7200 -# Node ID 2593ed9a6a629b4fe3f77feb632c9584a3406201 -# Parent fb74947843eb9f39f3a564022c9132a118dabbb0 -Issue #26470: Use short name rather than name for compression name to fix #27958. - -diff --git a/Modules/_ssl.c b/Modules/_ssl.c ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -148,11 +148,6 @@ static int COMP_get_type(const COMP_METH - { - return meth->type; - } -- --static const char *COMP_get_name(const COMP_METHOD *meth) --{ -- return meth->name; --} - #endif - - static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) -@@ -1519,7 +1514,7 @@ static PyObject *PySSL_compression(PySSL - comp_method = SSL_get_current_compression(self->ssl); - if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef) - Py_RETURN_NONE; -- short_name = COMP_get_name(comp_method); -+ short_name = OBJ_nid2sn(COMP_get_type(comp_method)); - if (short_name == NULL) - Py_RETURN_NONE; - return PyBytes_FromString(short_name); diff --git a/python2.spec b/python2.spec index ae312bc..840cc01 100644 --- a/python2.spec +++ b/python2.spec @@ -102,8 +102,8 @@ Summary: An interpreted, interactive, object-oriented programming language Name: %{python} # Remember to also rebase python-docs when changing this: -Version: 2.7.12 -Release: 9%{?dist} +Version: 2.7.13 +Release: 1%{?dist} License: Python Group: Development/Languages Requires: %{python}-libs%{?_isa} = %{version}-%{release} @@ -310,7 +310,7 @@ Patch7: python-2.5.1-sqlite-encoding.patch # SONAME from a library; we avoid this, apparently to minimize space # requirements on the live CD: # (rhbz:307221) -Patch10: 00010-2.7.12-binutils-no-dep.patch +Patch10: 00010-2.7.13-binutils-no-dep.patch # Upstream as of Python 2.7.3: # Patch11: python-2.7rc1-codec-ascii-tolower.patch @@ -343,7 +343,7 @@ Patch55: 00055-systemtap.patch # and add the /usr/lib64/pythonMAJOR.MINOR/site-packages to sitedirs, in front of # /usr/lib/pythonMAJOR.MINOR/site-packages # Not upstream -Patch102: 00102-2.7.12-lib64.patch +Patch102: 00102-2.7.13-lib64.patch # Python 2.7 split out much of the path-handling from distutils/sysconfig.py to # a new sysconfig.py (in r77704). @@ -424,7 +424,7 @@ Patch111: 00111-no-static-lib.patch # # See also patch 130 below # -Patch112: 00112-2.7.12-debug-build.patch +Patch112: 00112-2.7.13-debug-build.patch # 00113 # @@ -702,14 +702,6 @@ Patch180: 00180-python-add-support-for-ppc64p7.patch # Doesn't apply to Python 3, where this is fixed otherwise and works. Patch181: 00181-allow-arbitrary-timeout-in-condition-wait.patch -# 00184 # -# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=979696 -# Fixes build of ctypes against libffi with multilib wrapper -# Python recognizes ffi.h only if it contains "#define LIBFFI_H", -# but the wrapper doesn't contain that, which makes the build fail -# We patch this by also accepting "#define ffi_wrapper_h" -Patch184: 00184-ctypes-should-build-with-libffi-multilib-wrapper.patch - # 00185 # # Makes urllib2 honor "no_proxy" enviroment variable for "ftp:" URLs # when ftp_proxy is set @@ -749,27 +741,6 @@ Patch198: 00198-add-rewheel-module.patch # I skip test for now Patch200: 00200-skip-thread-test.patch -# 00209 # -# Fix test breakage with version 2.2.0 of Expat -# rhbz#1353919: https://bugzilla.redhat.com/show_bug.cgi?id=1353919 -# FIXED UPSTREAM: http://bugs.python.org/issue27369 -Patch209: 00209-fix-test-pyexpat-failure.patch - -# 00242 # -# HTTPoxy attack (CVE-2016-1000110) -# https://httpoxy.org/ -# FIXED UPSTREAM: http://bugs.python.org/issue27568 -# Based on a patch by Rémi Rampin -# Resolves: rhbz#1359175 -Patch242: 00242-CVE-2016-1000110-httpoxy.patch - -# 00247 # -# Port ssl and hashlib modules to OpenSSL 1.1.0. -# As of F26, OpenSSL is rebased to 1.1.0, so in order for python -# to not FTBFS we need to backport this patch from 2.7.13 -# FIXED UPSTREAM: https://bugs.python.org/issue26470 -Patch247: 00247-port-ssl-and-hashlib-to-OpenSSL-1.1.0.patch - # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1076,7 +1047,6 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c %patch174 -p1 -b .fix-for-usr-move %patch180 -p1 %patch181 -p1 -%patch184 -p1 %patch185 -p1 %patch187 -p1 %patch189 -p1 @@ -1085,10 +1055,6 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c %if 0%{with_rewheel} %patch198 -p1 %endif -%patch200 -p1 -%patch209 -p1 -%patch242 -p1 -%patch247 -p1 # This shouldn't be necesarry, but is right now (2.2a3) @@ -1952,6 +1918,9 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Wed Jan 11 2017 Charalampos Stratakis - 2.7.13-1 +- Update to 2.7.13 + * Thu Oct 27 2016 Charalampos Stratakis - 2.7.12-9 - Rename package to python2 and also rename the subpackages accordingly - Provide and obsolete python and the respective subpackages to ensure a clean