From a9f6e899c8c1de12872cc226d440ffaaf5eb6f1d Mon Sep 17 00:00:00 2001
From: Bohuslav Kabrda <bkabrda@redhat.com>
Date: Mon, 26 Aug 2013 09:37:19 +0200
Subject: [PATCH] Sync back/renumber patches to stay consistent with rhel.

---
 00185-urllib2-honors-noproxy-for-ftp.patch    | 12 ++++
 00186-memory-leak-marshalc.patch              | 57 +++++++++++++++++++
 00187-add-RPATH-to-pyexpat.patch              | 25 ++++++++
 ...-hostname-check-bypass-in-SSL-module.patch |  0
 python.spec                                   | 29 +++++++++-
 5 files changed, 120 insertions(+), 3 deletions(-)
 create mode 100644 00185-urllib2-honors-noproxy-for-ftp.patch
 create mode 100644 00186-memory-leak-marshalc.patch
 create mode 100644 00187-add-RPATH-to-pyexpat.patch
 rename 00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch => 00188-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch (100%)

diff --git a/00185-urllib2-honors-noproxy-for-ftp.patch b/00185-urllib2-honors-noproxy-for-ftp.patch
new file mode 100644
index 0000000..b26c4d4
--- /dev/null
+++ b/00185-urllib2-honors-noproxy-for-ftp.patch
@@ -0,0 +1,12 @@
+diff -up Python-2.7.5/Lib/urllib2.py.orig Python-2.7.5/Lib/urllib2.py
+--- Python-2.7.5/Lib/urllib2.py.orig	2013-07-17 12:22:58.595525622 +0200
++++ Python-2.7.5/Lib/urllib2.py	2013-07-17 12:19:59.875898030 +0200
+@@ -728,6 +728,8 @@ class ProxyHandler(BaseHandler):
+         if proxy_type is None:
+             proxy_type = orig_type
+ 
++        req.get_host()
++
+         if req.host and proxy_bypass(req.host):
+             return None
+ 
diff --git a/00186-memory-leak-marshalc.patch b/00186-memory-leak-marshalc.patch
new file mode 100644
index 0000000..19fb175
--- /dev/null
+++ b/00186-memory-leak-marshalc.patch
@@ -0,0 +1,57 @@
+--- Python-2.7.5/Python/marshal.c	2013-05-12 05:32:53.000000000 +0200
++++ /home/rkuska/hg/cpython/Python/marshal.c	2013-07-18 10:33:26.392486235 +0200
+@@ -88,7 +88,7 @@
+ }
+ 
+ static void
+-w_string(char *s, Py_ssize_t n, WFILE *p)
++w_string(const char *s, Py_ssize_t n, WFILE *p)
+ {
+     if (p->fp != NULL) {
+         fwrite(s, 1, n, p->fp);
+@@ -141,6 +141,13 @@
+ # define W_SIZE  w_long
+ #endif
+ 
++static void
++w_pstring(const char *s, Py_ssize_t n, WFILE *p)
++{
++        W_SIZE(n, p);
++        w_string(s, n, p);
++}
++
+ /* We assume that Python longs are stored internally in base some power of
+    2**15; for the sake of portability we'll always read and write them in base
+    exactly 2**15. */
+@@ -338,9 +345,7 @@
+         else {
+             w_byte(TYPE_STRING, p);
+         }
+-        n = PyString_GET_SIZE(v);
+-        W_SIZE(n, p);
+-        w_string(PyString_AS_STRING(v), n, p);
++        w_pstring(PyBytes_AS_STRING(v), PyString_GET_SIZE(v), p);
+     }
+ #ifdef Py_USING_UNICODE
+     else if (PyUnicode_CheckExact(v)) {
+@@ -352,9 +357,7 @@
+             return;
+         }
+         w_byte(TYPE_UNICODE, p);
+-        n = PyString_GET_SIZE(utf8);
+-        W_SIZE(n, p);
+-        w_string(PyString_AS_STRING(utf8), n, p);
++        w_pstring(PyString_AS_STRING(utf8), PyString_GET_SIZE(utf8), p);
+         Py_DECREF(utf8);
+     }
+ #endif
+@@ -441,8 +444,7 @@
+         PyBufferProcs *pb = v->ob_type->tp_as_buffer;
+         w_byte(TYPE_STRING, p);
+         n = (*pb->bf_getreadbuffer)(v, 0, (void **)&s);
+-        W_SIZE(n, p);
+-        w_string(s, n, p);
++        w_pstring(s, n, p);
+     }
+     else {
+         w_byte(TYPE_UNKNOWN, p);
diff --git a/00187-add-RPATH-to-pyexpat.patch b/00187-add-RPATH-to-pyexpat.patch
new file mode 100644
index 0000000..0ac5227
--- /dev/null
+++ b/00187-add-RPATH-to-pyexpat.patch
@@ -0,0 +1,25 @@
+diff -r e8b8279ca118 setup.py
+--- a/setup.py	Sun Jul 21 21:57:52 2013 -0400
++++ b/setup.py	Tue Aug 20 09:45:31 2013 +0200
+@@ -1480,12 +1480,21 @@
+                              'expat/xmltok_impl.h'
+                              ]
+ 
++        # Add an explicit RPATH to pyexpat.so pointing at the directory
++        # containing the system expat (which has the extra XML_SetHashSalt
++        # symbol), to avoid an ImportError with a link error if there's an
++        # LD_LIBRARY_PATH containing a "vanilla" build of expat (without the
++        # symbol) (rhbz#833271):
++        EXPAT_RPATH = '/usr/lib64' if sys.maxint == 0x7fffffffffffffff else '/usr/lib'
++
++
+         exts.append(Extension('pyexpat',
+                               define_macros = define_macros,
+                               include_dirs = expat_inc,
+                               libraries = expat_lib,
+                               sources = ['pyexpat.c'] + expat_sources,
+                               depends = expat_depends,
++                              extra_link_args = ['-Wl,-rpath,%s' % EXPAT_RPATH]
+                               ))
+ 
+         # Fredrik Lundh's cElementTree module.  Note that this also
diff --git a/00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch b/00188-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
similarity index 100%
rename from 00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
rename to 00188-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
diff --git a/python.spec b/python.spec
index 441eb3a..75d4b9a 100644
--- a/python.spec
+++ b/python.spec
@@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language
 Name: %{python}
 # Remember to also rebase python-docs when changing this:
 Version: 2.7.5
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: Python
 Group: Development/Languages
 Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@@ -823,11 +823,28 @@ Patch181: 00181-allow-arbitrary-timeout-in-condition-wait.patch
 Patch184: 00184-ctypes-should-build-with-libffi-multilib-wrapper.patch
 
 # 00185 #
+# Makes urllib2 honor "no_proxy" enviroment variable for "ftp:" URLs
+# when ftp_proxy is set
+Patch185: 00185-urllib2-honors-noproxy-for-ftp.patch
+
+# 00186 #
+# Fix memory leak of variable utf8 in marshal.c
+Patch186: 00186-memory-leak-marshalc.patch
+
+# 00187 #
+# Add an explicit RPATH to pyexpat.so pointing at the directory
+# containing the system expat (which has the extra XML_SetHashSalt
+# symbol), to avoid an ImportError with a link error if there's an
+# LD_LIBRARY_PATH containing a "vanilla" build of expat (without the
+# symbol)
+Patch187: 00187-add-RPATH-to-pyexpat.patch
+
+# 00188 #
 # Fix for CVE-2013-4238 --
-# SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238)
+# SSL module fails to handle NULL bytes inside subjectAltNames general names
 # http://bugs.python.org/issue18709
 # rhbz#998430
-Patch185: 00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
+Patch188: 00188-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
 
 # (New patches go here ^^^)
 #
@@ -1181,6 +1198,9 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
 # 00183: not for python 2
 %patch184 -p1
 %patch185 -p1
+%patch186 -p1
+%patch187 -p1
+%patch188 -p1
 
 
 # This shouldn't be necesarry, but is right now (2.2a3)
@@ -2010,6 +2030,9 @@ rm -fr %{buildroot}
 # ======================================================
 
 %changelog
+* Mon Aug 26 2013 Bohuslav Kabrda <bkabrda@redhat.com> - 2.7.5-5
+- Sync back/renumber patches to stay consistent with rhel.
+
 * Mon Aug 19 2013 Matej Stuchlik <mstuchli@redhat.com> - 2.7.5-4
 - Added fix for CVE-2013-4238 (rhbz#998430)