From 4c23f429dcb16a018cc7b8a4bb4ef044657bf199 Mon Sep 17 00:00:00 2001 From: Robert Kuska Date: Fri, 18 Jul 2014 16:26:31 +0200 Subject: [PATCH] Update to 2.7.8 --- 00146-hashlib-fips.patch | 144 ++++++++++++++--------------- 00147-add-debug-malloc-stats.patch | 2 +- python.spec | 8 +- 3 files changed, 78 insertions(+), 76 deletions(-) diff --git a/00146-hashlib-fips.patch b/00146-hashlib-fips.patch index c67eb3b..696aa29 100644 --- a/00146-hashlib-fips.patch +++ b/00146-hashlib-fips.patch @@ -39,7 +39,7 @@ diff -up Python-2.7.2/Lib/hashlib.py.hashlib-fips Python-2.7.2/Lib/hashlib.py - update(arg): Update the hash object with the string arg. Repeated calls are equivalent to a single call with the concatenation of all @@ -63,74 +80,39 @@ algorithms = __always_supported - __all__ = __always_supported + ('new', 'algorithms') + __all__ = __always_supported + ('new', 'algorithms', 'pbkdf2_hmac') -def __get_builtin_constructor(name): @@ -269,9 +269,9 @@ diff -up Python-2.7.2/Lib/test/test_hashlib.py.hashlib-fips Python-2.7.2/Lib/tes def test_unicode(self): @@ -354,6 +335,70 @@ class HashLibTestCase(unittest.TestCase) - self.assertEqual(expected_hash, hasher.hexdigest()) + + def test_issue9146(self): + # Ensure that various ways to use "MD5" from "hashlib" don't segfault: + m = hashlib.md5(usedforsecurity=False) @@ -336,12 +336,58 @@ diff -up Python-2.7.2/Lib/test/test_hashlib.py.hashlib-fips Python-2.7.2/Lib/tes + + + - def test_main(): - test_support.run_unittest(HashLibTestCase) + class KDFTests(unittest.TestCase): + pbkdf2_test_vectors = [ + (b'password', b'salt', 1, None), +diff -up Python-2.7.2/Modules/Setup.dist.hashlib-fips Python-2.7.2/Modules/Setup.dist +--- Python-2.7.2/Modules/Setup.dist.hashlib-fips 2011-09-14 00:21:26.163252001 -0400 ++++ Python-2.7.2/Modules/Setup.dist 2011-09-14 00:21:26.201252001 -0400 +@@ -248,14 +248,14 @@ imageop imageop.c # Operations on images + # Message-Digest Algorithm, described in RFC 1321. The necessary files + # md5.c and md5.h are included here. -diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_hashopenssl.c ---- Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips 2011-06-11 11:46:26.000000000 -0400 -+++ Python-2.7.2/Modules/_hashopenssl.c 2011-09-14 00:21:26.199252001 -0400 +-_md5 md5module.c md5.c ++#_md5 md5module.c md5.c + + + # The _sha module implements the SHA checksum algorithms. + # (NIST's Secure Hash Algorithms.) +-_sha shamodule.c +-_sha256 sha256module.c +-_sha512 sha512module.c ++#_sha shamodule.c ++#_sha256 sha256module.c ++#_sha512 sha512module.c + + + # SGI IRIX specific modules -- off by default. +diff -up Python-2.7.2/setup.py.hashlib-fips Python-2.7.2/setup.py +--- Python-2.7.2/setup.py.hashlib-fips 2011-09-14 00:21:25.722252001 -0400 ++++ Python-2.7.2/setup.py 2011-09-14 00:21:26.203252001 -0400 +@@ -768,21 +768,6 @@ class PyBuildExt(build_ext): + print ("warning: openssl 0x%08x is too old for _hashlib" % + openssl_ver) + missing.append('_hashlib') +- if COMPILED_WITH_PYDEBUG or not have_usable_openssl: +- # The _sha module implements the SHA1 hash algorithm. +- exts.append( Extension('_sha', ['shamodule.c']) ) +- # The _md5 module implements the RSA Data Security, Inc. MD5 +- # Message-Digest Algorithm, described in RFC 1321. The +- # necessary files md5.c and md5.h are included here. +- exts.append( Extension('_md5', +- sources = ['md5module.c', 'md5.c'], +- depends = ['md5.h']) ) +- +- min_sha2_openssl_ver = 0x00908000 +- if COMPILED_WITH_PYDEBUG or openssl_ver < min_sha2_openssl_ver: +- # OpenSSL doesn't do these until 0.9.8 so we'll bring our own hash +- exts.append( Extension('_sha256', ['sha256module.c']) ) +- exts.append( Extension('_sha512', ['sha512module.c']) ) + + # Modules that provide persistent dictionary-like semantics. You will + # probably want to arrange for at least one of them to be available on +--- Python-2.7.8/Modules/_hashopenssl.c.orig 2014-06-30 04:05:41.000000000 +0200 ++++ Python-2.7.8/Modules/_hashopenssl.c 2014-07-14 14:21:59.546386572 +0200 @@ -36,6 +36,8 @@ #endif @@ -349,9 +395,9 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ +#include +#include #include - - #define MUNCH_SIZE INT_MAX -@@ -65,11 +67,19 @@ typedef struct { + #include + #include +@@ -67,11 +69,19 @@ static PyTypeObject EVPtype; @@ -375,7 +421,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ DEFINE_CONSTS_FOR_NEW(md5) DEFINE_CONSTS_FOR_NEW(sha1) -@@ -115,6 +125,48 @@ EVP_hash(EVPobject *self, const void *vp +@@ -117,6 +127,48 @@ } } @@ -424,7 +470,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ /* Internal methods for a hash object */ static void -@@ -313,14 +365,15 @@ EVP_repr(PyObject *self) +@@ -315,14 +367,15 @@ static int EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) { @@ -443,7 +489,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ return -1; } -@@ -336,7 +389,12 @@ EVP_tp_init(EVPobject *self, PyObject *a +@@ -338,7 +391,12 @@ PyBuffer_Release(&view); return -1; } @@ -457,7 +503,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ self->name = name_obj; Py_INCREF(self->name); -@@ -420,7 +478,8 @@ static PyTypeObject EVPtype = { +@@ -422,7 +480,8 @@ static PyObject * EVPnew(PyObject *name_obj, const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, @@ -467,7 +513,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ { EVPobject *self; -@@ -435,7 +494,12 @@ EVPnew(PyObject *name_obj, +@@ -437,7 +496,12 @@ if (initial_ctx) { EVP_MD_CTX_copy(&self->ctx, initial_ctx); } else { @@ -481,7 +527,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ } if (cp && len) { -@@ -459,20 +523,28 @@ PyDoc_STRVAR(EVP_new__doc__, +@@ -461,20 +525,28 @@ An optional string argument may be provided and will be\n\ automatically hashed.\n\ \n\ @@ -514,7 +560,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ return NULL; } -@@ -484,58 +556,118 @@ EVP_new(PyObject *self, PyObject *args, +@@ -487,7 +559,7 @@ digest = EVP_get_digestbyname(name); ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, @@ -523,7 +569,8 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ PyBuffer_Release(&view); return ret_obj; - } +@@ -713,51 +785,111 @@ + #endif /* - * This macro generates constructor function definitions for specific @@ -539,7 +586,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ #define GEN_CONSTRUCTOR(NAME) \ static PyObject * \ - EVP_new_ ## NAME (PyObject *self, PyObject *args) \ -+ EVP_new_ ## NAME (PyObject *self, PyObject *args, PyObject *kwdict) \ ++ EVP_new_ ## NAME (PyObject *self, PyObject *args, PyObject *kwdict) \ { \ - Py_buffer view = { 0 }; \ - PyObject *ret_obj; \ @@ -555,9 +602,9 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ - (unsigned char*)view.buf, view.len); \ - PyBuffer_Release(&view); \ - return ret_obj; \ -+ return implement_specific_EVP_new(self, args, kwdict, \ -+ "|s*i:" #NAME, \ -+ &cached_info_ ## NAME ); \ ++ return implement_specific_EVP_new(self, args, kwdict, \ ++ "|s*i:" #NAME, \ ++ &cached_info_ ## NAME ); \ } +static PyObject * @@ -565,7 +612,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ + const char *format, + EVPCachedInfo *cached_info) +{ -+ static char *kwlist[] = {"string", "usedforsecurity", NULL}; ++ static char *kwlist[] = {"string", "usedforsecurity", NULL}; + Py_buffer view = { 0 }; + int usedforsecurity = 1; + int idx; @@ -631,7 +678,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ + + Try to initialize a context for each hash twice, once with + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW and once without. -+ ++ + Any that have errors during initialization will end up wit a NULL ctx_ptrs + entry, and err_msgs will be set (unless we're very low on memory) +*/ @@ -664,7 +711,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ GEN_CONSTRUCTOR(md5) GEN_CONSTRUCTOR(sha1) #ifdef _OPENSSL_SUPPORTS_SHA2 -@@ -565,13 +700,10 @@ init_hashlib(void) +@@ -794,13 +926,10 @@ { PyObject *m; @@ -680,50 +727,3 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ Py_TYPE(&EVPtype) = &PyType_Type; if (PyType_Ready(&EVPtype) < 0) return; -diff -up Python-2.7.2/Modules/Setup.dist.hashlib-fips Python-2.7.2/Modules/Setup.dist ---- Python-2.7.2/Modules/Setup.dist.hashlib-fips 2011-09-14 00:21:26.163252001 -0400 -+++ Python-2.7.2/Modules/Setup.dist 2011-09-14 00:21:26.201252001 -0400 -@@ -248,14 +248,14 @@ imageop imageop.c # Operations on images - # Message-Digest Algorithm, described in RFC 1321. The necessary files - # md5.c and md5.h are included here. - --_md5 md5module.c md5.c -+#_md5 md5module.c md5.c - - - # The _sha module implements the SHA checksum algorithms. - # (NIST's Secure Hash Algorithms.) --_sha shamodule.c --_sha256 sha256module.c --_sha512 sha512module.c -+#_sha shamodule.c -+#_sha256 sha256module.c -+#_sha512 sha512module.c - - - # SGI IRIX specific modules -- off by default. -diff -up Python-2.7.2/setup.py.hashlib-fips Python-2.7.2/setup.py ---- Python-2.7.2/setup.py.hashlib-fips 2011-09-14 00:21:25.722252001 -0400 -+++ Python-2.7.2/setup.py 2011-09-14 00:21:26.203252001 -0400 -@@ -768,21 +768,6 @@ class PyBuildExt(build_ext): - print ("warning: openssl 0x%08x is too old for _hashlib" % - openssl_ver) - missing.append('_hashlib') -- if COMPILED_WITH_PYDEBUG or not have_usable_openssl: -- # The _sha module implements the SHA1 hash algorithm. -- exts.append( Extension('_sha', ['shamodule.c']) ) -- # The _md5 module implements the RSA Data Security, Inc. MD5 -- # Message-Digest Algorithm, described in RFC 1321. The -- # necessary files md5.c and md5.h are included here. -- exts.append( Extension('_md5', -- sources = ['md5module.c', 'md5.c'], -- depends = ['md5.h']) ) -- -- min_sha2_openssl_ver = 0x00908000 -- if COMPILED_WITH_PYDEBUG or openssl_ver < min_sha2_openssl_ver: -- # OpenSSL doesn't do these until 0.9.8 so we'll bring our own hash -- exts.append( Extension('_sha256', ['sha256module.c']) ) -- exts.append( Extension('_sha512', ['sha512module.c']) ) - - # Modules that provide persistent dictionary-like semantics. You will - # probably want to arrange for at least one of them to be available on diff --git a/00147-add-debug-malloc-stats.patch b/00147-add-debug-malloc-stats.patch index 6777619..0d783f5 100644 --- a/00147-add-debug-malloc-stats.patch +++ b/00147-add-debug-malloc-stats.patch @@ -362,7 +362,7 @@ diff -up Python-2.7.2/Objects/obmalloc.c.add-debug-malloc-stats Python-2.7.2/Obj if (unused_arena_objects == NULL) { uint i; @@ -588,11 +586,9 @@ new_arena(void) - } + arenaobj->address = (uptr)address; ++narenas_currently_allocated; -#ifdef PYMALLOC_DEBUG diff --git a/python.spec b/python.spec index 038f347..bccb8be 100644 --- a/python.spec +++ b/python.spec @@ -105,8 +105,8 @@ Summary: An interpreted, interactive, object-oriented programming language Name: %{python} # Remember to also rebase python-docs when changing this: -Version: 2.7.7 -Release: 3%{?dist} +Version: 2.7.8 +Release: 1%{?dist} License: Python Group: Development/Languages Requires: %{python}-libs%{?_isa} = %{version}-%{release} @@ -877,7 +877,6 @@ Patch193: 00193-enable-loading-sqlite-extensions.patch # FIXED UPSTREAM #Patch194: 00194-fix-tests-with-sqlite-3.8.4.patch - # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora 17 onwards, @@ -2068,6 +2067,9 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Mon Jul 14 2014 Robert Kuska - 2.7.8-1 +- Update to 2.7.8 + * Fri Jul 11 2014 Dan HorĂ¡k - 2.7.7-3 - rebuilt for updated libffi ABI on ppc64le