rpms
/
python3.11
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove patches fixed upstream 

Remove patches:

* 00291-setup-Link-ctypes-against-dl-explicitly.patch
  Fixed upstream: https://bugs.python.org/issue32647
* 00292-restore-PyExc_RecursionErrorInst-symbol.patch
  Fixed upstream: https://bugs.python.org/issue30697
* 00294-define-TLS-cipher-suite-on-build-time.patch
  Fixed upstream: https://bugs.python.org/issue31429
* 00301-pathfix-add-n-option-for-no-backup.patch
  Fixed upstream: https://bugs.python.org/issue32885
* 00302-fix-multiprocessing-regression-on-newer-glibcs.patch
  Fixed upstream: https://bugs.python.org/issue33329

Note: the ctypes issue has been fixed differently (better fix)
upstream.
This commit is contained in:
Victor Stinner 2018-12-18 15:41:35 +01:00
parent 1092d478f5
commit 0e0fe4ff87
6 changed files with 0 additions and 525 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
00291-setup-Link-ctypes-against-dl-explicitly.patch
View File

@ -1,25 +0,0 @@
From aae2ef0bace0e38f4ee5aaa4642aa32450a84216 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Tue, 23 Jan 2018 14:43:43 +0100
Subject: [PATCH] setup: Link ctypes against dl explicitly
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index c23628a2a9..9e40bb53e6 100644
--- a/setup.py
+++ b/setup.py
@@ -1935,7 +1935,7 @@ class PyBuildExt(build_ext):
self.use_system_libffi = False
include_dirs = []
extra_compile_args = []
- extra_link_args = []
+ extra_link_args = ['-ldl']
sources = ['_ctypes/_ctypes.c',
'_ctypes/callbacks.c',
'_ctypes/callproc.c',
--
2.16.1

106
00292-restore-PyExc_RecursionErrorInst-symbol.patch
View File

@ -1,106 +0,0 @@
diff --git a/Doc/whatsnew/3.6.rst b/Doc/whatsnew/3.6.rst
index 847b50140a6..570dc3ed6fe 100644
--- a/Doc/whatsnew/3.6.rst
+++ b/Doc/whatsnew/3.6.rst
@@ -1852,10 +1852,10 @@ Build and C API Changes
* The :c:func:`PyUnicode_FSConverter` and :c:func:`PyUnicode_FSDecoder`
functions will now accept :term:`path-like objects <path-like object>`.
-* The ``PyExc_RecursionErrorInst`` singleton that was part of the public API
- has been removed as its members being never cleared may cause a segfault
- during finalization of the interpreter. Contributed by Xavier de Gaye in
- :issue:`22898` and :issue:`30697`.
+* The ``PyExc_RecursionErrorInst`` singleton is not used anymore as its members
+ being never cleared may cause a segfault during finalization of the
+ interpreter. Contributed by Xavier de Gaye in :issue:`22898` and
+ :issue:`30697`.
Other Improvements
diff --git a/Include/pyerrors.h b/Include/pyerrors.h
index c28c1373f82..8c1dbc5047b 100644
--- a/Include/pyerrors.h
+++ b/Include/pyerrors.h
@@ -219,6 +219,8 @@ PyAPI_DATA(PyObject *) PyExc_IOError;
PyAPI_DATA(PyObject *) PyExc_WindowsError;
#endif
+PyAPI_DATA(PyObject *) PyExc_RecursionErrorInst;
+
/* Predefined warning categories */
PyAPI_DATA(PyObject *) PyExc_Warning;
PyAPI_DATA(PyObject *) PyExc_UserWarning;
diff --git a/Misc/NEWS.d/next/C API/2017-12-20-15-23-06.bpo-30697.v9FmgG.rst b/Misc/NEWS.d/next/C API/2017-12-20-15-23-06.bpo-30697.v9FmgG.rst
new file mode 100644
index 00000000000..28f74ad4f30
--- /dev/null
+++ b/Misc/NEWS.d/next/C API/2017-12-20-15-23-06.bpo-30697.v9FmgG.rst
@@ -0,0 +1 @@
+Restore PyExc_RecursionErrorInst in 3.6
diff --git a/Objects/exceptions.c b/Objects/exceptions.c
index df4899372a5..271e293e325 100644
--- a/Objects/exceptions.c
+++ b/Objects/exceptions.c
@@ -2430,6 +2430,12 @@ SimpleExtendsException(PyExc_Warning, ResourceWarning,
+/* Pre-computed RecursionError instance for when recursion depth is reached.
+ Meant to be used when normalizing the exception for exceeding the recursion
+ depth will cause its own infinite recursion.
+*/
+PyObject *PyExc_RecursionErrorInst = NULL;
+
#define PRE_INIT(TYPE) \
if (!(_PyExc_ ## TYPE.tp_flags & Py_TPFLAGS_READY)) { \
if (PyType_Ready(&_PyExc_ ## TYPE) < 0) \
@@ -2691,11 +2697,37 @@ _PyExc_Init(PyObject *bltinmod)
ADD_ERRNO(TimeoutError, ETIMEDOUT);
preallocate_memerrors();
+
+ if (!PyExc_RecursionErrorInst) {
+ PyExc_RecursionErrorInst = BaseException_new(&_PyExc_RecursionError, NULL, NULL);
+ if (!PyExc_RecursionErrorInst)
+ Py_FatalError("Cannot pre-allocate RecursionError instance for "
+ "recursion errors");
+ else {
+ PyBaseExceptionObject *err_inst =
+ (PyBaseExceptionObject *)PyExc_RecursionErrorInst;
+ PyObject *args_tuple;
+ PyObject *exc_message;
+ exc_message = PyUnicode_FromString("maximum recursion depth exceeded");
+ if (!exc_message)
+ Py_FatalError("cannot allocate argument for RecursionError "
+ "pre-allocation");
+ args_tuple = PyTuple_Pack(1, exc_message);
+ if (!args_tuple)
+ Py_FatalError("cannot allocate tuple for RecursionError "
+ "pre-allocation");
+ Py_DECREF(exc_message);
+ if (BaseException_init(err_inst, args_tuple, NULL))
+ Py_FatalError("init of pre-allocated RecursionError failed");
+ Py_DECREF(args_tuple);
+ }
+ }
}
void
_PyExc_Fini(void)
{
+ Py_CLEAR(PyExc_RecursionErrorInst);
free_preallocated_memerrors();
Py_CLEAR(errnomap);
}
diff --git a/PC/python3.def b/PC/python3.def
index 4fc4a6814ee..ff70718fc37 100644
--- a/PC/python3.def
+++ b/PC/python3.def
@@ -224,6 +224,7 @@ EXPORTS
PyExc_PermissionError=python36.PyExc_PermissionError DATA
PyExc_ProcessLookupError=python36.PyExc_ProcessLookupError DATA
PyExc_RecursionError=python36.PyExc_RecursionError DATA
+ PyExc_RecursionErrorInst=python36.PyExc_RecursionErrorInst DATA
PyExc_ReferenceError=python36.PyExc_ReferenceError DATA
PyExc_ResourceWarning=python36.PyExc_ResourceWarning DATA
PyExc_RuntimeError=python36.PyExc_RuntimeError DATA

228
00294-define-TLS-cipher-suite-on-build-time.patch
View File

@ -1,228 +0,0 @@
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 1f3a31a..b54a684 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -116,6 +116,7 @@ except ImportError:
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_TLSv1_3
+from _ssl import _DEFAULT_CIPHERS
from _ssl import _OPENSSL_API_VERSION
@@ -174,48 +175,7 @@ else:
CHANNEL_BINDING_TYPES = []
-# Disable weak or insecure ciphers by default
-# (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL')
-# Enable a better set of ciphers by default
-# This list has been explicitly chosen to:
-# * TLS 1.3 ChaCha20 and AES-GCM cipher suites
-# * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
-# * Prefer ECDHE over DHE for better performance
-# * Prefer AEAD over CBC for better performance and security
-# * Prefer AES-GCM over ChaCha20 because most platforms have AES-NI
-# (ChaCha20 needs OpenSSL 1.1.0 or patched 1.0.2)
-# * Prefer any AES-GCM and ChaCha20 over any AES-CBC for better
-# performance and security
-# * Then Use HIGH cipher suites as a fallback
-# * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs
-# for security reasons
-_DEFAULT_CIPHERS = (
- 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:'
- 'TLS13-AES-128-GCM-SHA256:'
- 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
- 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
- '!aNULL:!eNULL:!MD5:!3DES'
- )
-
-# Restricted and more secure ciphers for the server side
-# This list has been explicitly chosen to:
-# * TLS 1.3 ChaCha20 and AES-GCM cipher suites
-# * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
-# * Prefer ECDHE over DHE for better performance
-# * Prefer AEAD over CBC for better performance and security
-# * Prefer AES-GCM over ChaCha20 because most platforms have AES-NI
-# * Prefer any AES-GCM and ChaCha20 over any AES-CBC for better
-# performance and security
-# * Then Use HIGH cipher suites as a fallback
-# * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and
-# 3DES for security reasons
-_RESTRICTED_SERVER_CIPHERS = (
- 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:'
- 'TLS13-AES-128-GCM-SHA256:'
- 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
- 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
- '!aNULL:!eNULL:!MD5:!DSS:!RC4:!3DES'
-)
+_RESTRICTED_SERVER_CIPHERS = _DEFAULT_CIPHERS
class CertificateError(ValueError):
@@ -389,8 +349,6 @@ class SSLContext(_SSLContext):
def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs):
self = _SSLContext.__new__(cls, protocol)
- if protocol != _SSLv2_IF_EXISTS:
- self.set_ciphers(_DEFAULT_CIPHERS)
return self
def __init__(self, protocol=PROTOCOL_TLS):
@@ -505,8 +463,6 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
# verify certs and host name in client mode
context.verify_mode = CERT_REQUIRED
context.check_hostname = True
- elif purpose == Purpose.CLIENT_AUTH:
- context.set_ciphers(_RESTRICTED_SERVER_CIPHERS)
if cafile or capath or cadata:
context.load_verify_locations(cafile, capath, cadata)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 54644e1..799100c 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -18,6 +18,7 @@ import asyncore
import weakref
import platform
import functools
+import sysconfig
try:
import ctypes
except ImportError:
@@ -36,7 +37,7 @@ PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
HOST = support.HOST
IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
-
+PY_SSL_DEFAULT_CIPHERS = sysconfig.get_config_var('PY_SSL_DEFAULT_CIPHERS')
def data_file(*name):
return os.path.join(os.path.dirname(__file__), *name)
@@ -889,6 +890,19 @@ class ContextTests(unittest.TestCase):
with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
ctx.set_ciphers("^$:,;?*'dorothyx")
+ @unittest.skipUnless(PY_SSL_DEFAULT_CIPHERS == 1,
+ "Test applies only to Python default ciphers")
+ def test_python_ciphers(self):
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ ciphers = ctx.get_ciphers()
+ for suite in ciphers:
+ name = suite['name']
+ self.assertNotIn("PSK", name)
+ self.assertNotIn("SRP", name)
+ self.assertNotIn("MD5", name)
+ self.assertNotIn("RC4", name)
+ self.assertNotIn("3DES", name)
+
@unittest.skipIf(ssl.OPENSSL_VERSION_INFO < (1, 0, 2, 0, 0), 'OpenSSL too old')
def test_get_ciphers(self):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index df8c6a7..e23a569 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -206,6 +206,31 @@ SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
#endif /* OpenSSL < 1.1.0 or LibreSSL */
+/* Default cipher suites */
+#ifndef PY_SSL_DEFAULT_CIPHERS
+#define PY_SSL_DEFAULT_CIPHERS 1
+#endif
+
+#if PY_SSL_DEFAULT_CIPHERS == 0
+ #ifndef PY_SSL_DEFAULT_CIPHER_STRING
+ #error "Py_SSL_DEFAULT_CIPHERS 0 needs Py_SSL_DEFAULT_CIPHER_STRING"
+ #endif
+#elif PY_SSL_DEFAULT_CIPHERS == 1
+/* Python custom selection of sensible ciper suites
+ * DEFAULT: OpenSSL's default cipher list. Since 1.0.2 the list is in sensible order.
+ * !aNULL:!eNULL: really no NULL ciphers
+ * !MD5:!3DES:!DES:!RC4:!IDEA:!SEED: no weak or broken algorithms on old OpenSSL versions.
+ * !aDSS: no authentication with discrete logarithm DSA algorithm
+ * !SRP:!PSK: no secure remote password or pre-shared key authentication
+ */
+ #define PY_SSL_DEFAULT_CIPHER_STRING "DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK"
+#elif PY_SSL_DEFAULT_CIPHERS == 2
+/* Ignored in SSLContext constructor, only used to as _ssl.DEFAULT_CIPHER_STRING */
+ #define PY_SSL_DEFAULT_CIPHER_STRING SSL_DEFAULT_CIPHER_LIST
+#else
+ #error "Unsupported PY_SSL_DEFAULT_CIPHERS"
+#endif
+
enum py_ssl_error {
/* these mirror ssl.h */
@@ -2739,7 +2764,12 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
/* A bare minimum cipher list without completely broken cipher suites.
* It's far from perfect but gives users a better head start. */
if (proto_version != PY_SSL_VERSION_SSL2) {
- result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL:!MD5");
+#if PY_SSL_DEFAULT_CIPHERS == 2
+ /* stick to OpenSSL's default settings */
+ result = 1;
+#else
+ result = SSL_CTX_set_cipher_list(ctx, PY_SSL_DEFAULT_CIPHER_STRING);
+#endif
} else {
/* SSLv2 needs MD5 */
result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL");
@@ -5279,6 +5309,9 @@ PyInit__ssl(void)
(PyObject *)&PySSLSession_Type) != 0)
return NULL;
+ PyModule_AddStringConstant(m, "_DEFAULT_CIPHERS",
+ PY_SSL_DEFAULT_CIPHER_STRING);
+
PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
PY_SSL_ERROR_ZERO_RETURN);
PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
diff --git a/configure.ac b/configure.ac
index 7ea62f8..4b42393 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5555,6 +5555,42 @@ if test "$have_getrandom" = yes; then
[Define to 1 if the getrandom() function is available])
fi
+# ssl module default cipher suite string
+AH_TEMPLATE(PY_SSL_DEFAULT_CIPHERS,
+ [Default cipher suites list for ssl module.
+ 1: Python's preferred selection, 2: leave OpenSSL defaults untouched, 0: custom string])
+AH_TEMPLATE(PY_SSL_DEFAULT_CIPHER_STRING,
+ [Cipher suite string for PY_SSL_DEFAULT_CIPHERS=0]
+)
+AC_MSG_CHECKING(for --with-ssl-default-suites)
+AC_ARG_WITH(ssl-default-suites,
+ AS_HELP_STRING([--with-ssl-default-suites=@<:@python|openssl|STRING@:>@],
+ [Override default cipher suites string,
+ python: use Python's preferred selection (default),
+ openssl: leave OpenSSL's defaults untouched,
+ STRING: use a custom string,
+ PROTOCOL_SSLv2 ignores the setting]),
+[
+AC_MSG_RESULT($withval)
+case "$withval" in
+ python)
+ AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 1)
+ ;;
+ openssl)
+ AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 2)
+ ;;
+ *)
+ AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 0)
+ AC_DEFINE_UNQUOTED(PY_SSL_DEFAULT_CIPHER_STRING, "$withval")
+ ;;
+esac
+],
+[
+AC_MSG_RESULT(python)
+AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 1)
+])
+
+
# generate output files
AC_CONFIG_FILES(Makefile.pre Modules/Setup.config Misc/python.pc Misc/python-config.sh)
AC_CONFIG_FILES([Modules/ld_so_aix], [chmod +x Modules/ld_so_aix])

104
00301-pathfix-add-n-option-for-no-backup.patch
View File

@ -1,104 +0,0 @@
From 5affd5c29eb1493cb31ef3cfdde15538ac134689 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Tue, 13 Mar 2018 10:56:43 +0100
Subject: [PATCH] bpo-32885: Tools/scripts/pathfix.py: Add -n option for no
backup~ (#5772)
Creating backup files with ~ suffix can be undesirable in some environment,
such as when building RPM packages. Instead of requiring the user to remove
those files manually, option -n was added, that simply disables this feature.
-n was selected because 2to3 has the same option with this behavior.
---
Misc/ACKS | 1 +
.../2018-02-20-12-16-47.bpo-32885.dL5x7C.rst | 2 ++
Tools/scripts/pathfix.py | 28 +++++++++++++++-------
3 files changed, 23 insertions(+), 8 deletions(-)
create mode 100644 Misc/NEWS.d/next/Tools-Demos/2018-02-20-12-16-47.bpo-32885.dL5x7C.rst
diff --git a/Misc/ACKS b/Misc/ACKS
index d8179c8b03ab..d752d8a35434 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -687,6 +687,7 @@ Ken Howard
Brad Howes
Mike Hoy
Ben Hoyt
+Miro Hrončok
Chiu-Hsiang Hsu
Chih-Hao Huang
Christian Hudon
diff --git a/Misc/NEWS.d/next/Tools-Demos/2018-02-20-12-16-47.bpo-32885.dL5x7C.rst b/Misc/NEWS.d/next/Tools-Demos/2018-02-20-12-16-47.bpo-32885.dL5x7C.rst
new file mode 100644
index 000000000000..e003e1d84fd0
--- /dev/null
+++ b/Misc/NEWS.d/next/Tools-Demos/2018-02-20-12-16-47.bpo-32885.dL5x7C.rst
@@ -0,0 +1,2 @@
+Add an ``-n`` flag for ``Tools/scripts/pathfix.py`` to disbale automatic
+backup creation (files with ``~`` suffix).
diff --git a/Tools/scripts/pathfix.py b/Tools/scripts/pathfix.py
index 562bbc737812..c5bf984306a3 100755
--- a/Tools/scripts/pathfix.py
+++ b/Tools/scripts/pathfix.py
@@ -7,8 +7,9 @@
# Directories are searched recursively for files whose name looks
# like a python module.
# Symbolic links are always ignored (except as explicit directory
-# arguments). Of course, the original file is kept as a back-up
-# (with a "~" attached to its name).
+# arguments).
+# The original file is kept as a back-up (with a "~" attached to its name),
+# -n flag can be used to disable this.
#
# Undoubtedly you can do this using find and sed or perl, but this is
# a nice example of Python code that recurses down a directory tree
@@ -31,14 +32,17 @@
new_interpreter = None
preserve_timestamps = False
+create_backup = True
+
def main():
global new_interpreter
global preserve_timestamps
- usage = ('usage: %s -i /interpreter -p file-or-directory ...\n' %
+ global create_backup
+ usage = ('usage: %s -i /interpreter -p -n file-or-directory ...\n' %
sys.argv[0])
try:
- opts, args = getopt.getopt(sys.argv[1:], 'i:p')
+ opts, args = getopt.getopt(sys.argv[1:], 'i:pn')
except getopt.error as msg:
err(str(msg) + '\n')
err(usage)
@@ -48,6 +52,8 @@ def main():
new_interpreter = a.encode()
if o == '-p':
preserve_timestamps = True
+ if o == '-n':
+ create_backup = False
if not new_interpreter or not new_interpreter.startswith(b'/') or \
not args:
err('-i option or file-or-directory missing\n')
@@ -134,10 +140,16 @@ def fix(filename):
except OSError as msg:
err('%s: warning: chmod failed (%r)\n' % (tempname, msg))
# Then make a backup of the original file as filename~
- try:
- os.rename(filename, filename + '~')
- except OSError as msg:
- err('%s: warning: backup failed (%r)\n' % (filename, msg))
+ if create_backup:
+ try:
+ os.rename(filename, filename + '~')
+ except OSError as msg:
+ err('%s: warning: backup failed (%r)\n' % (filename, msg))
+ else:
+ try:
+ os.remove(filename)
+ except OSError as msg:
+ err('%s: warning: removing failed (%r)\n' % (filename, msg))
# Now move the temp file to the original file
try:
os.rename(tempname, filename)

55
00302-fix-multiprocessing-regression-on-newer-glibcs.patch
View File

@ -1,55 +0,0 @@
From a3febe3cba14b89885f42ca2f0224096a52885f6 Mon Sep 17 00:00:00 2001
From: Antoine Pitrou <antoine@python.org>
Date: Mon, 23 Apr 2018 13:19:42 +0200
Subject: [PATCH] bpo-33329: Fix multiprocessing regression on newer glibcs
Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some
reserved signal numbers between 1 and NSIG. The `range(1, NSIG)` idiom
is commonly used to select all signals for blocking with `pthread_sigmask`.
So we ignore the sigaddset() return value until we expose sigfillset()
to provide a better idiom.
---
.../next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst | 1 +
Modules/signalmodule.c | 14 ++++++++------
2 files changed, 9 insertions(+), 6 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst
diff --git a/Misc/NEWS.d/next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst b/Misc/NEWS.d/next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst
new file mode 100644
index 000000000000..d1a4e56d04b9
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst
@@ -0,0 +1 @@
+Fix multiprocessing regression on newer glibcs
diff --git a/Modules/signalmodule.c b/Modules/signalmodule.c
index 791616014384..35fd87e2d1e7 100644
--- a/Modules/signalmodule.c
+++ b/Modules/signalmodule.c
@@ -819,7 +819,6 @@ iterable_to_sigset(PyObject *iterable, sigset_t *mask)
int result = -1;
PyObject *iterator, *item;
long signum;
- int err;
sigemptyset(mask);
@@ -841,11 +840,14 @@ iterable_to_sigset(PyObject *iterable, sigset_t *mask)
Py_DECREF(item);
if (signum == -1 && PyErr_Occurred())
goto error;
- if (0 < signum && signum < NSIG)
- err = sigaddset(mask, (int)signum);
- else
- err = 1;
- if (err) {
+ if (0 < signum && signum < NSIG) {
+ /* bpo-33329: ignore sigaddset() return value as it can fail
+ * for some reserved signals, but we want the `range(1, NSIG)`
+ * idiom to allow selecting all valid signals.
+ */
+ (void) sigaddset(mask, (int)signum);
+ }
+ else {
PyErr_Format(PyExc_ValueError,
"signal number %ld out of range", signum);
goto error;

7
python3.spec
View File

@ -300,12 +300,6 @@ Patch251: 00251-change-user-install-location.patch
# Upstream uses Debian-style architecture naming. Change to match Fedora.
Patch274: 00274-fix-arch-names.patch
# 00291 #
# Build fails with undefined references to dlopen / dlsym otherwise.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1537489
# and: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19
Patch291: 00291-setup-Link-ctypes-against-dl-explicitly.patch
# 00312 #
# Revert "bpo-6721: Hold logging locks across fork() 3b699932e5ac3e7
# This is a TEMPORARY WORKAROUND for an urgent Fedora bug
@ -659,7 +653,6 @@ rm Lib/ensurepip/_bundled/*.whl
%patch205 -p1
%patch251 -p1
%patch274 -p1
%patch291 -p1
%patch312 -p1
%patch313 -p1
%patch315 -p1