Rebased to Python 3.5.2

This commit is contained in:
Tomas Orsava 2016-08-15 12:39:18 +02:00
parent 77a5f91947
commit 6cd1c5f463
12 changed files with 128 additions and 428 deletions

View File

@ -1,6 +1,8 @@
--- Python-3.4.0b1/Lib/distutils/command/install.py.lib64 2013-11-24 21:36:54.000000000 +0100 diff --git a/Lib/distutils/command/install.py b/Lib/distutils/command/install.py
+++ Python-3.4.0b1/Lib/distutils/command/install.py 2013-11-27 11:10:43.821150774 +0100 index 67db007..b16fe0f 100644
@@ -45,14 +45,14 @@ else: --- a/Lib/distutils/command/install.py
+++ b/Lib/distutils/command/install.py
@@ -30,14 +30,14 @@ WINDOWS_SCHEME = {
INSTALL_SCHEMES = { INSTALL_SCHEMES = {
'unix_prefix': { 'unix_prefix': {
'purelib': '$base/lib/python$py_version_short/site-packages', 'purelib': '$base/lib/python$py_version_short/site-packages',
@ -17,9 +19,11 @@
'headers': '$base/include/python/$dist_name', 'headers': '$base/include/python/$dist_name',
'scripts': '$base/bin', 'scripts': '$base/bin',
'data' : '$base', 'data' : '$base',
--- Python-3.4.0b1/Lib/distutils/sysconfig.py.lib64 2013-11-24 21:36:54.000000000 +0100 diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py
+++ Python-3.4.0b1/Lib/distutils/sysconfig.py 2013-11-27 11:10:43.821150774 +0100 index e5c493d..a4846eb 100644
@@ -141,8 +141,12 @@ --- a/Lib/distutils/sysconfig.py
+++ b/Lib/distutils/sysconfig.py
@@ -132,8 +132,12 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None):
prefix = plat_specific and EXEC_PREFIX or PREFIX prefix = plat_specific and EXEC_PREFIX or PREFIX
if os.name == "posix": if os.name == "posix":
@ -33,9 +37,11 @@
if standard_lib: if standard_lib:
return libpython return libpython
else: else:
--- Python-3.4.0b1/Lib/site.py.lib64 2013-11-24 21:36:54.000000000 +0100 diff --git a/Lib/site.py b/Lib/site.py
+++ Python-3.4.0b1/Lib/site.py 2013-11-27 11:10:43.822150773 +0100 index 3f78ef5..ad1033e 100644
@@ -304,11 +304,15 @@ --- a/Lib/site.py
+++ b/Lib/site.py
@@ -303,11 +303,15 @@ def getsitepackages(prefixes=None):
seen.add(prefix) seen.add(prefix)
if os.sep == '/': if os.sep == '/':
@ -51,9 +57,11 @@
sitepackages.append(os.path.join(prefix, "lib", "site-packages")) sitepackages.append(os.path.join(prefix, "lib", "site-packages"))
if sys.platform == "darwin": if sys.platform == "darwin":
# for framework builds *only* we add the standard Apple # for framework builds *only* we add the standard Apple
--- Python-3.4.0b1/Lib/sysconfig.py.lib64 2013-11-24 21:36:54.000000000 +0100 diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
+++ Python-3.4.0b1/Lib/sysconfig.py 2013-11-27 11:10:43.822150773 +0100 index 61451b2..b021cce 100644
@@ -20,10 +20,10 @@ --- a/Lib/sysconfig.py
+++ b/Lib/sysconfig.py
@@ -20,10 +20,10 @@ __all__ = [
_INSTALL_SCHEMES = { _INSTALL_SCHEMES = {
'posix_prefix': { 'posix_prefix': {
@ -67,7 +75,7 @@
'include': 'include':
'{installed_base}/include/python{py_version_short}{abiflags}', '{installed_base}/include/python{py_version_short}{abiflags}',
'platinclude': 'platinclude':
@@ -61,10 +61,10 @@ @@ -61,10 +61,10 @@ _INSTALL_SCHEMES = {
'data': '{userbase}', 'data': '{userbase}',
}, },
'posix_user': { 'posix_user': {
@ -81,9 +89,11 @@
'include': '{userbase}/include/python{py_version_short}', 'include': '{userbase}/include/python{py_version_short}',
'scripts': '{userbase}/bin', 'scripts': '{userbase}/bin',
'data': '{userbase}', 'data': '{userbase}',
--- Python-3.4.0b1/Lib/test/test_site.py.lib64 2013-11-24 21:36:55.000000000 +0100 diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py
+++ Python-3.4.0b1/Lib/test/test_site.py 2013-11-27 11:10:43.822150773 +0100 index da20a3d..f38ce06 100644
@@ -244,8 +244,8 @@ --- a/Lib/test/test_site.py
+++ b/Lib/test/test_site.py
@@ -248,8 +248,8 @@ class HelperFunctionsTests(unittest.TestCase):
self.assertEqual(dirs[1], wanted) self.assertEqual(dirs[1], wanted)
elif os.sep == '/': elif os.sep == '/':
# OS X non-framwework builds, Linux, FreeBSD, etc # OS X non-framwework builds, Linux, FreeBSD, etc
@ -94,9 +104,11 @@
'site-packages') 'site-packages')
self.assertEqual(dirs[0], wanted) self.assertEqual(dirs[0], wanted)
else: else:
--- Python-3.4.0b1/Makefile.pre.in.lib64 2013-11-27 11:10:43.814150786 +0100 diff --git a/Makefile.pre.in b/Makefile.pre.in
+++ Python-3.4.0b1/Makefile.pre.in 2013-11-27 11:10:43.823150771 +0100 index 58d4258..e8364f0 100644
@@ -115,7 +115,7 @@ --- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -125,7 +125,7 @@ LIBDIR= @libdir@
MANDIR= @mandir@ MANDIR= @mandir@
INCLUDEDIR= @includedir@ INCLUDEDIR= @includedir@
CONFINCLUDEDIR= $(exec_prefix)/include CONFINCLUDEDIR= $(exec_prefix)/include
@ -105,20 +117,11 @@
ABIFLAGS= @ABIFLAGS@ ABIFLAGS= @ABIFLAGS@
# Detailed destination directories # Detailed destination directories
--- Python-3.4.0b1/Modules/getpath.c.lib64 2013-11-24 21:36:56.000000000 +0100 diff --git a/Modules/getpath.c b/Modules/getpath.c
+++ Python-3.4.0b1/Modules/getpath.c 2013-11-27 11:17:33.619449704 +0100 index 18deb60..27ca814 100644
@@ -122,8 +122,8 @@ --- a/Modules/getpath.c
#endif +++ b/Modules/getpath.c
@@ -494,7 +494,7 @@ calculate_path(void)
#ifndef PYTHONPATH
-#define PYTHONPATH PREFIX "/lib/python" VERSION ":" \
- EXEC_PREFIX "/lib/python" VERSION "/lib-dynload"
+#define PYTHONPATH PREFIX "/lib64/python" VERSION ":" \
+ EXEC_PREFIX "/lib64/python" VERSION "/lib-dynload"
#endif
#ifndef LANDMARK
@@ -498,7 +498,7 @@
_pythonpath = Py_DecodeLocale(PYTHONPATH, NULL); _pythonpath = Py_DecodeLocale(PYTHONPATH, NULL);
_prefix = Py_DecodeLocale(PREFIX, NULL); _prefix = Py_DecodeLocale(PREFIX, NULL);
_exec_prefix = Py_DecodeLocale(EXEC_PREFIX, NULL); _exec_prefix = Py_DecodeLocale(EXEC_PREFIX, NULL);
@ -127,7 +130,7 @@
if (!_pythonpath || !_prefix || !_exec_prefix || !lib_python) { if (!_pythonpath || !_prefix || !_exec_prefix || !lib_python) {
Py_FatalError( Py_FatalError(
@@ -687,7 +687,7 @@ @@ -683,7 +683,7 @@ calculate_path(void)
} }
else else
wcsncpy(zip_path, _prefix, MAXPATHLEN); wcsncpy(zip_path, _prefix, MAXPATHLEN);
@ -136,7 +139,7 @@
bufsz = wcslen(zip_path); /* Replace "00" with version */ bufsz = wcslen(zip_path); /* Replace "00" with version */
zip_path[bufsz - 6] = VERSION[0]; zip_path[bufsz - 6] = VERSION[0];
zip_path[bufsz - 5] = VERSION[2]; zip_path[bufsz - 5] = VERSION[2];
@@ -699,7 +699,7 @@ @@ -695,7 +695,7 @@ calculate_path(void)
fprintf(stderr, fprintf(stderr,
"Could not find platform dependent libraries <exec_prefix>\n"); "Could not find platform dependent libraries <exec_prefix>\n");
wcsncpy(exec_prefix, _exec_prefix, MAXPATHLEN); wcsncpy(exec_prefix, _exec_prefix, MAXPATHLEN);
@ -145,9 +148,11 @@
} }
/* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */ /* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */
--- Python-3.4.0b1/setup.py.lib64 2013-11-24 21:36:56.000000000 +0100 diff --git a/setup.py b/setup.py
+++ Python-3.4.0b1/setup.py 2013-11-27 11:10:43.824150769 +0100 index be33c46..f2779cc 100644
@@ -441,7 +441,7 @@ --- a/setup.py
+++ b/setup.py
@@ -492,7 +492,7 @@ class PyBuildExt(build_ext):
# directories (i.e. '.' and 'Include') must be first. See issue # directories (i.e. '.' and 'Include') must be first. See issue
# 10520. # 10520.
if not cross_compiling: if not cross_compiling:
@ -156,7 +161,7 @@
add_dir_to_list(self.compiler.include_dirs, '/usr/local/include') add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
# only change this for cross builds for 3.3, issues on Mageia # only change this for cross builds for 3.3, issues on Mageia
if cross_compiling: if cross_compiling:
@@ -718,11 +718,11 @@ @@ -780,11 +780,11 @@ class PyBuildExt(build_ext):
elif curses_library: elif curses_library:
readline_libs.append(curses_library) readline_libs.append(curses_library)
elif self.compiler.find_library_file(lib_dirs + elif self.compiler.find_library_file(lib_dirs +
@ -170,7 +175,7 @@
extra_link_args=readline_extra_link_args, extra_link_args=readline_extra_link_args,
libraries=readline_libs) ) libraries=readline_libs) )
else: else:
@@ -759,8 +759,8 @@ @@ -821,8 +821,8 @@ class PyBuildExt(build_ext):
if krb5_h: if krb5_h:
ssl_incs += krb5_h ssl_incs += krb5_h
ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs, ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs,

View File

@ -1,6 +1,8 @@
--- Python-3.4.0b1/Lib/hashlib.py.hashlib-fips 2013-11-24 21:36:54.000000000 +0100 diff --git a/Lib/hashlib.py b/Lib/hashlib.py
+++ Python-3.4.0b1/Lib/hashlib.py 2013-11-27 11:45:17.073617547 +0100 index 316cece..b7ad879 100644
@@ -23,6 +23,16 @@ --- a/Lib/hashlib.py
+++ b/Lib/hashlib.py
@@ -23,6 +23,16 @@ the zlib module.
Choose your hash function wisely. Some have known collision weaknesses. Choose your hash function wisely. Some have known collision weaknesses.
sha384 and sha512 will be slow on 32 bit platforms. sha384 and sha512 will be slow on 32 bit platforms.
@ -17,7 +19,7 @@
Hash objects have these methods: Hash objects have these methods:
- update(arg): Update the hash object with the bytes in arg. Repeated calls - update(arg): Update the hash object with the bytes in arg. Repeated calls
are equivalent to a single call with the concatenation of all are equivalent to a single call with the concatenation of all
@@ -63,6 +73,19 @@ @@ -62,6 +72,18 @@ algorithms_available = set(__always_supported)
__all__ = __always_supported + ('new', 'algorithms_guaranteed', __all__ = __always_supported + ('new', 'algorithms_guaranteed',
'algorithms_available', 'pbkdf2_hmac') 'algorithms_available', 'pbkdf2_hmac')
@ -33,11 +35,10 @@
+ kwargs.pop('usedforsecurity') + kwargs.pop('usedforsecurity')
+ return func(*args, **kwargs) + return func(*args, **kwargs)
+ return inner + return inner
+
__builtin_constructor_cache = {} __builtin_constructor_cache = {}
@@ -108,34 +131,41 @@ @@ -100,31 +122,39 @@ def __get_openssl_constructor(name):
f = getattr(_hashlib, 'openssl_' + name) f = getattr(_hashlib, 'openssl_' + name)
# Allow the C module to raise ValueError. The function will be # Allow the C module to raise ValueError. The function will be
# defined but the hash not actually available thanks to OpenSSL. # defined but the hash not actually available thanks to OpenSSL.
@ -88,11 +89,8 @@
+ # because we want to make sure that Fedora uses everything from OpenSSL + # because we want to make sure that Fedora uses everything from OpenSSL
return __get_builtin_constructor(name)(data) return __get_builtin_constructor(name)(data)
-
try: @@ -207,7 +237,10 @@ for __func_name in __always_supported:
import _hashlib
new = __hash_new
@@ -215,7 +245,10 @@
# try them all, some may not work due to the OpenSSL # try them all, some may not work due to the OpenSSL
# version not supporting that algorithm. # version not supporting that algorithm.
try: try:
@ -104,14 +102,17 @@
except ValueError: except ValueError:
import logging import logging
logging.exception('code for hash %s was not found.', __func_name) logging.exception('code for hash %s was not found.', __func_name)
@@ -223,3 +256,4 @@ @@ -215,3 +248,4 @@ for __func_name in __always_supported:
# Cleanup locals() # Cleanup locals()
del __always_supported, __func_name, __get_hash del __always_supported, __func_name, __get_hash
del __py_new, __hash_new, __get_openssl_constructor del __py_new, __hash_new, __get_openssl_constructor
+del __ignore_usedforsecurity +del __ignore_usedforsecurity
--- Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-27 11:55:42.769601363 +0100 \ No newline at end of file
+++ Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-28 09:33:03.929008508 +0100 diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
@@ -24,7 +24,22 @@ index c9b113e..60e2392 100644
--- a/Lib/test/test_hashlib.py
+++ b/Lib/test/test_hashlib.py
@@ -24,7 +24,22 @@ from test.support import _4G, bigmemtest, import_fresh_module
COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount') COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount')
c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib']) c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
@ -135,7 +136,7 @@
def hexstr(s): def hexstr(s):
assert isinstance(s, bytes), repr(s) assert isinstance(s, bytes), repr(s)
@@ -34,6 +49,16 @@ @@ -34,6 +49,16 @@ def hexstr(s):
r += h[(i >> 4) & 0xF] + h[i & 0xF] r += h[(i >> 4) & 0xF] + h[i & 0xF]
return r return r
@ -152,7 +153,7 @@
class HashLibTestCase(unittest.TestCase): class HashLibTestCase(unittest.TestCase):
supported_hash_names = ( 'md5', 'MD5', 'sha1', 'SHA1', supported_hash_names = ( 'md5', 'MD5', 'sha1', 'SHA1',
@@ -66,11 +91,11 @@ @@ -63,11 +88,11 @@ class HashLibTestCase(unittest.TestCase):
# For each algorithm, test the direct constructor and the use # For each algorithm, test the direct constructor and the use
# of hashlib.new given the algorithm name. # of hashlib.new given the algorithm name.
for algorithm, constructors in self.constructors_to_test.items(): for algorithm, constructors in self.constructors_to_test.items():
@ -167,7 +168,7 @@
constructors.add(_test_algorithm_via_hashlib_new) constructors.add(_test_algorithm_via_hashlib_new)
_hashlib = self._conditional_import_module('_hashlib') _hashlib = self._conditional_import_module('_hashlib')
@@ -82,26 +107,12 @@ @@ -79,27 +104,12 @@ class HashLibTestCase(unittest.TestCase):
for algorithm, constructors in self.constructors_to_test.items(): for algorithm, constructors in self.constructors_to_test.items():
constructor = getattr(_hashlib, 'openssl_'+algorithm, None) constructor = getattr(_hashlib, 'openssl_'+algorithm, None)
if constructor: if constructor:
@ -192,10 +193,11 @@
- if _sha512: - if _sha512:
- add_builtin_constructor('sha384') - add_builtin_constructor('sha384')
- add_builtin_constructor('sha512') - add_builtin_constructor('sha512')
-
super(HashLibTestCase, self).__init__(*args, **kwargs) super(HashLibTestCase, self).__init__(*args, **kwargs)
@@ -157,9 +169,6 @@ @property
@@ -148,9 +158,6 @@ class HashLibTestCase(unittest.TestCase):
else: else:
del sys.modules['_md5'] del sys.modules['_md5']
self.assertRaises(TypeError, get_builtin_constructor, 3) self.assertRaises(TypeError, get_builtin_constructor, 3)
@ -205,7 +207,7 @@
def test_hexdigest(self): def test_hexdigest(self):
for cons in self.hash_constructors: for cons in self.hash_constructors:
@@ -558,6 +567,65 @@ @@ -433,6 +440,64 @@ class HashLibTestCase(unittest.TestCase):
self.assertEqual(expected_hash, hasher.hexdigest()) self.assertEqual(expected_hash, hasher.hexdigest())
@ -267,21 +269,23 @@
+ +
+ m = _hashlib.new('md5', b'abc\n', usedforsecurity=False) + m = _hashlib.new('md5', b'abc\n', usedforsecurity=False)
+ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1") + self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
+
class KDFTests(unittest.TestCase): class KDFTests(unittest.TestCase):
@@ -639,6 +707,7 @@ @@ -516,7 +581,7 @@ class KDFTests(unittest.TestCase):
with self.assertRaisesRegex(ValueError, 'unsupported hash type'): out = pbkdf2(hash_name='sha1', password=b'password', salt=b'salt',
pbkdf2('unknown', b'pass', b'salt', 1) iterations=1, dklen=None)
self.assertEqual(out, self.pbkdf2_results['sha1'][0][0])
-
+ @unittest.skip('skipped on Fedora, as we always use OpenSSL pbkdf2_hmac') + @unittest.skip('skipped on Fedora, as we always use OpenSSL pbkdf2_hmac')
def test_pbkdf2_hmac_py(self): def test_pbkdf2_hmac_py(self):
self._test_pbkdf2_hmac(py_hashlib.pbkdf2_hmac) self._test_pbkdf2_hmac(py_hashlib.pbkdf2_hmac)
--- Python-3.4.0b1/Modules/_hashopenssl.c.hashlib-fips 2013-11-24 21:36:56.000000000 +0100 diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
+++ Python-3.4.0b1/Modules/_hashopenssl.c 2013-11-27 12:01:57.443537463 +0100 index 44765ac..b8cf490 100644
@@ -19,6 +19,8 @@ --- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -20,6 +20,8 @@
/* EVP is the preferred interface to hashing in OpenSSL */ /* EVP is the preferred interface to hashing in OpenSSL */
@ -290,7 +294,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
/* We use the object interface to discover what hashes OpenSSL supports. */ /* We use the object interface to discover what hashes OpenSSL supports. */
@@ -48,11 +50,19 @@ @@ -45,11 +47,19 @@ typedef struct {
static PyTypeObject EVPtype; static PyTypeObject EVPtype;
@ -314,7 +318,7 @@
DEFINE_CONSTS_FOR_NEW(md5) DEFINE_CONSTS_FOR_NEW(md5)
DEFINE_CONSTS_FOR_NEW(sha1) DEFINE_CONSTS_FOR_NEW(sha1)
@@ -97,6 +107,48 @@ @@ -92,6 +102,48 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len)
} }
} }
@ -363,7 +367,7 @@
/* Internal methods for a hash object */ /* Internal methods for a hash object */
static void static void
@@ -281,15 +333,16 @@ @@ -259,15 +311,16 @@ EVP_repr(EVPobject *self)
static int static int
EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
{ {
@ -383,7 +387,7 @@
return -1; return -1;
} }
@@ -310,7 +363,12 @@ @@ -288,7 +341,12 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
PyBuffer_Release(&view); PyBuffer_Release(&view);
return -1; return -1;
} }
@ -397,7 +401,7 @@
self->name = name_obj; self->name = name_obj;
Py_INCREF(self->name); Py_INCREF(self->name);
@@ -394,7 +452,8 @@ @@ -372,7 +430,8 @@ static PyTypeObject EVPtype = {
static PyObject * static PyObject *
EVPnew(PyObject *name_obj, EVPnew(PyObject *name_obj,
const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, const EVP_MD *digest, const EVP_MD_CTX *initial_ctx,
@ -407,7 +411,7 @@
{ {
EVPobject *self; EVPobject *self;
@@ -409,7 +468,12 @@ @@ -387,7 +446,12 @@ EVPnew(PyObject *name_obj,
if (initial_ctx) { if (initial_ctx) {
EVP_MD_CTX_copy(&self->ctx, initial_ctx); EVP_MD_CTX_copy(&self->ctx, initial_ctx);
} else { } else {
@ -421,7 +425,7 @@
} }
if (cp && len) { if (cp && len) {
@@ -433,21 +497,29 @@ @@ -411,21 +475,29 @@ PyDoc_STRVAR(EVP_new__doc__,
An optional string argument may be provided and will be\n\ An optional string argument may be provided and will be\n\
automatically hashed.\n\ automatically hashed.\n\
\n\ \n\
@ -455,17 +459,17 @@
return NULL; return NULL;
} }
@@ -461,7 +533,8 @@ @@ -439,7 +511,8 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
digest = EVP_get_digestbyname(name); digest = EVP_get_digestbyname(name);
- ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len); - ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len);
+ ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len, + ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len,
+ usedforsecurity); + usedforsecurity);
if (data_obj) if (data_obj)
PyBuffer_Release(&view); PyBuffer_Release(&view);
@@ -742,57 +815,115 @@ @@ -722,57 +795,114 @@ generate_hash_name_list(void)
/* /*
@ -508,8 +512,8 @@
+ return implement_specific_EVP_new(self, args, kwdict, \ + return implement_specific_EVP_new(self, args, kwdict, \
+ "|Oi:" #NAME, \ + "|Oi:" #NAME, \
+ &cached_info_ ## NAME ); \ + &cached_info_ ## NAME ); \
+ } }
+
+static PyObject * +static PyObject *
+implement_specific_EVP_new(PyObject *self, PyObject *args, PyObject *kwdict, +implement_specific_EVP_new(PyObject *self, PyObject *args, PyObject *kwdict,
+ const char *format, + const char *format,
@ -554,8 +558,8 @@
+ } else { + } else {
+ PyErr_SetString(PyExc_ValueError, "Error initializing hash"); + PyErr_SetString(PyExc_ValueError, "Error initializing hash");
+ } + }
} + }
+
+ if (data_obj) + if (data_obj)
+ PyBuffer_Release(&view); + PyBuffer_Release(&view);
+ +
@ -614,11 +618,10 @@
+ } + }
+ } + }
+} +}
+
GEN_CONSTRUCTOR(md5) GEN_CONSTRUCTOR(md5)
GEN_CONSTRUCTOR(sha1) GEN_CONSTRUCTOR(sha1)
@@ -843,13 +974,10 @@ @@ -819,13 +949,10 @@ PyInit__hashlib(void)
{ {
PyObject *m, *openssl_md_meth_names; PyObject *m, *openssl_md_meth_names;

View File

@ -1,12 +0,0 @@
diff -up Python-2.5.1/Lib/gettext.py.plural Python-2.5.1/Lib/gettext.py
--- Python-2.5.1/Lib/gettext.py.plural 2007-09-10 11:38:57.000000000 -0400
+++ Python-2.5.1/Lib/gettext.py 2007-09-10 11:39:00.000000000 -0400
@@ -299,6 +299,8 @@ class GNUTranslations(NullTranslations):
item = b_item.decode().strip()
if not item:
continue
+ if item.startswith("#"):
+ continue
if ':' in item:
k, v = item.split(':', 1)
k = k.strip().lower()

View File

@ -1,10 +0,0 @@
--- Modules/_gdbmmodule.c.orig 2013-07-08 14:54:27.803790151 +0200
+++ Modules/_gdbmmodule.c 2013-07-08 14:55:25.006672443 +0200
@@ -106,6 +106,7 @@
if(okey.dsize) free(okey.dptr);
okey=key;
}
+ if(okey.dsize) free(okey.dptr);
dp->di_size = size;
}
return dp->di_size;

View File

@ -1,11 +0,0 @@
diff -up Python-3.4.3/Lib/test/test_threading.py.mstuchli Python-3.4.3/Lib/test/test_threading.py
--- Python-3.4.3/Lib/test/test_threading.py.mstuchli 2015-03-10 10:00:42.917355215 +0100
+++ Python-3.4.3/Lib/test/test_threading.py 2015-03-10 10:00:47.735373842 +0100
@@ -988,6 +988,7 @@ class ThreadingExceptionTests(BaseTestCa
self.assertIn("ZeroDivisionError", err)
self.assertNotIn("Unhandled exception", err)
+ @unittest.skip('Fails in Koji due to mishandled signals')
def test_print_exception_stderr_is_none_1(self):
script = r"""if True:
import sys

View File

@ -1,56 +0,0 @@
--- Python-3.5.1/Makefile.pre.in.kh 2015-12-17 05:51:08.466546157 -0500
+++ Python-3.5.1/Makefile.pre.in 2015-12-17 05:52:26.207761635 -0500
@@ -587,11 +587,15 @@ pybuilddir.txt: $(BUILDPYTHON)
exit 1 ; \
fi
+# This is shared by the math and cmath modules
+Modules/_math.o: Modules/_math.c Modules/_math.h
+ $(CC) -c $(CCSHARED) $(PY_CORE_CFLAGS) -o $@ $<
+
# Build the shared modules
# Under GNU make, MAKEFLAGS are sorted and normalized; the 's' for
# -s, --silent or --quiet is always the first char.
# Under BSD make, MAKEFLAGS might be " -s -v x=y".
-sharedmods: $(BUILDPYTHON) pybuilddir.txt
+sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o
@case "$$MAKEFLAGS" in \
*\ -s*|s*) quiet="-q";; \
*) quiet="";; \
--- Python-3.5.1/Misc/NEWS.kh 2015-12-17 05:53:40.898929946 -0500
+++ Python-3.5.1/Misc/NEWS 2015-12-17 05:54:28.599676136 -0500
@@ -464,6 +464,10 @@ Build
- Issue #24986: It is now possible to build Python on Windows without errors
when external libraries are not available.
+- Issue #24421: Compile Modules/_math.c once, before building extensions.
+ Previously it could fail to compile properly if the math and cmath builds
+ were concurrent.
+
Windows
-------
--- Python-3.5.1/setup.py.kh 2015-12-17 06:38:30.950955607 -0500
+++ Python-3.5.1/setup.py 2015-12-17 06:42:32.074722493 -0500
@@ -582,13 +582,17 @@ class PyBuildExt(build_ext):
# array objects
exts.append( Extension('array', ['arraymodule.c']) )
+
+ shared_math = 'Modules/_math.o'
# complex math library functions
- exts.append( Extension('cmath', ['cmathmodule.c', '_math.c'],
- depends=['_math.h'],
+ exts.append( Extension('cmath', ['cmathmodule.c'],
+ extra_objects=[shared_math],
+ depends=['_math.h', shared_math],
libraries=math_libs) )
# math library functions, e.g. sin()
- exts.append( Extension('math', ['mathmodule.c', '_math.c'],
- depends=['_math.h'],
+ exts.append( Extension('math', ['mathmodule.c'],
+ extra_objects=[shared_math],
+ depends=['_math.h', shared_math],
libraries=math_libs) )
# time libraries: librt may be needed for clock_gettime()

View File

@ -1,11 +0,0 @@
diff -up Python-3.5.1/Lib/test/test_venv.py.1292467 Python-3.5.1/Lib/test/test_venv.py
--- Python-3.5.1/Lib/test/test_venv.py.1292467 2015-12-21 13:37:44.740190595 +0100
+++ Python-3.5.1/Lib/test/test_venv.py 2015-12-21 13:40:25.707911828 +0100
@@ -319,6 +319,7 @@ class EnsurePipTest(BaseTest):
# Requesting pip fails without SSL (http://bugs.python.org/issue19744)
@unittest.skipIf(ssl is None, ensurepip._MISSING_SSL_MESSAGE)
+ @unittest.skip('rhbz#1292467')
def test_with_pip(self):
rmtree(self.env_dir)
with EnvironmentVarGuard() as envvars:

View File

@ -1,35 +0,0 @@
From 761db274ca898f8a92348ed5979d3d3c1b0d634a Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Fri, 17 Jun 2016 16:08:11 +0200
Subject: [PATCH] Raise an error when STARTTLS fails
CVE-2016-0772 python: smtplib StartTLS stripping attack
rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
rhbz#1346345: https://bugzilla.redhat.com/show_bug.cgi?id=1346345
Based on an upstream change by Benjamin Peterson <benjamin@python.org>
- in changeset 101887:d590114c2394 3.4
- https://hg.python.org/cpython/rev/d590114c2394
---
Lib/smtplib.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index 4756973..dfbf5f9 100755
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -773,6 +773,11 @@ class SMTP:
self.ehlo_resp = None
self.esmtp_features = {}
self.does_esmtp = 0
+ else:
+ # RFC 3207:
+ # 501 Syntax error (no parameters allowed)
+ # 454 TLS not available due to temporary reason
+ raise SMTPResponseException(resp, reply)
return (resp, reply)
def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
--
2.5.5

View File

@ -1,39 +0,0 @@
From 531dfa4bcfe55d5cd1524425944b07c5b02bddf9 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Fri, 8 Jul 2016 17:16:41 +0200
Subject: [PATCH] CVE-2016-5636 fix
---
Modules/zipimport.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
index 06abb31..4d0d1de 100644
--- a/Modules/zipimport.c
+++ b/Modules/zipimport.c
@@ -1076,6 +1076,10 @@ get_data(PyObject *archive, PyObject *toc_entry)
&date, &crc)) {
return NULL;
}
+ if (data_size < 0) {
+ PyErr_Format(ZipImportError, "negative data size");
+ return NULL;
+ }
fp = _Py_fopen_obj(archive, "rb");
if (!fp)
@@ -1112,6 +1116,11 @@ get_data(PyObject *archive, PyObject *toc_entry)
}
file_offset += l; /* Start of file data */
+ if (data_size > LONG_MAX - 1) {
+ fclose(fp);
+ PyErr_NoMemory();
+ return NULL;
+ }
bytes_size = compress == 0 ? data_size : data_size + 1;
if (bytes_size == 0)
bytes_size++;
--
2.7.4

View File

@ -1,20 +1,8 @@
# HG changeset patch
# User Senthil Kumaran <senthil@uthcode.com>
# Date 1469947146 25200
# Node ID a0ac52ed8f7918222603b584ec8fc93d9b7bc0a5
# Parent 4cb94e561e2db9865fb4d752f2bceefca4c6819a# Parent 3c19023c9fec5a615c25598468b44fade89049ce
[merge from 3.4] - Prevent HTTPoxy attack (CVE-2016-1000110)
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue #27568 Reported and patch contributed by Rémi Rampin.
diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst
index 24a4156..d2c7991 100644
--- a/Doc/howto/urllib2.rst --- a/Doc/howto/urllib2.rst
+++ b/Doc/howto/urllib2.rst +++ b/Doc/howto/urllib2.rst
@@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ han @@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ handler: ::
through a proxy. However, this can be enabled by extending urllib.request as through a proxy. However, this can be enabled by extending urllib.request as
shown in the recipe [#]_. shown in the recipe [#]_.
@ -27,11 +15,12 @@ diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst
Sockets and Layers Sockets and Layers
================== ==================
diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst
index 6c1bfb8..1291aeb 100644
--- a/Doc/library/urllib.request.rst --- a/Doc/library/urllib.request.rst
+++ b/Doc/library/urllib.request.rst +++ b/Doc/library/urllib.request.rst
@@ -166,6 +166,16 @@ The :mod:`urllib.request` module defines the following functions: @@ -173,6 +173,16 @@ The :mod:`urllib.request` module defines the following functions:
cannot find it, looks for proxy information from Mac OSX System If both lowercase and uppercase environment variables exist (and disagree),
Configuration for Mac OS X and Windows Systems Registry for Windows. lowercase is preferred.
+ .. note:: + .. note::
+ +
@ -46,25 +35,25 @@ diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst
The following classes are provided: The following classes are provided:
@@ -275,6 +285,12 @@ The following classes are provided: @@ -280,6 +290,11 @@ The following classes are provided:
list of hostname suffixes, optionally with ``:port`` appended, for example
``cern.ch,ncsa.uiuc.edu,some.host:8080``.
To disable autodetected proxy pass an empty dictionary. + .. note::
+ .. note::
+ +
+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; + ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set;
+ see the documentation on :func:`~urllib.request.getproxies`. + see the documentation on :func:`~urllib.request.getproxies`.
+
+ +
.. class:: HTTPPasswordMgr() .. class:: HTTPPasswordMgr()
diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
index 5d05f8d..c26c52a 100644
--- a/Lib/test/test_urllib.py --- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py +++ b/Lib/test/test_urllib.py
@@ -225,6 +225,18 @@ class ProxyTests(unittest.TestCase): @@ -232,6 +232,18 @@ class ProxyTests(unittest.TestCase):
self.env.set('NO_PROXY', 'localhost, anotherdomain.com, newdomain.com') self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com:8888'))
self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com')) self.assertTrue(urllib.request.proxy_bypass_environment('newdomain.com:1234'))
+ def test_proxy_cgi_ignore(self): + def test_proxy_cgi_ignore(self):
+ try: + try:
@ -78,13 +67,14 @@ diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+ self.env.unset('REQUEST_METHOD') + self.env.unset('REQUEST_METHOD')
+ self.env.unset('HTTP_PROXY') + self.env.unset('HTTP_PROXY')
+ +
class urlopen_HttpTests(unittest.TestCase, FakeHTTPMixin, FakeFTPMixin): def test_proxy_bypass_environment_host_match(self):
"""Test urlopen() opening a fake http connection.""" bypass = urllib.request.proxy_bypass_environment
self.env.set('NO_PROXY',
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index 1731fe3..3be327d 100644
--- a/Lib/urllib/request.py --- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py +++ b/Lib/urllib/request.py
@@ -2394,6 +2394,12 @@ def getproxies_environment(): @@ -2412,6 +2412,12 @@ def getproxies_environment():
name = name.lower() name = name.lower()
if value and name[-6:] == '_proxy': if value and name[-6:] == '_proxy':
proxies[name[:-6]] = value proxies[name[:-6]] = value
@ -93,8 +83,7 @@ diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
+ # header from the client + # header from the client
+ # If "proxy" is lowercase, it will still be used thanks to the next block + # If "proxy" is lowercase, it will still be used thanks to the next block
+ if 'REQUEST_METHOD' in os.environ: + if 'REQUEST_METHOD' in os.environ:
+ proxies.pop('http', None) + proxies.pop('http', None)
return proxies for name, value in os.environ.items():
if name[-6:] == '_proxy':
def proxy_bypass_environment(host): name = name.lower()

View File

@ -1,72 +0,0 @@
diff -up ./configure.autotool-intermediates ./configure
--- ./configure.autotool-intermediates 2013-04-09 14:52:49.831773426 +0200
+++ ./configure 2013-04-09 14:52:53.204765347 +0200
@@ -802,6 +802,8 @@ with_thread
enable_ipv6
with_doc_strings
with_tsc
+with_count_allocs
+with_call_profile
with_pymalloc
with_valgrind
with_systemtap
@@ -1479,6 +1481,8 @@ Optional Packages:
deprecated; use --with(out)-threads
--with(out)-doc-strings disable/enable documentation strings
--with(out)-tsc enable/disable timestamp counter profile
+ --with(out)count-allocs enable/disable per-type instance accounting
+ --with(out)-call-profile enable/disable statistics on function call invocation
--with(out)-pymalloc disable/enable specialized mallocs
--with-valgrind Enable Valgrind support
--with(out)-systemtap disable/enable SystemTap support
@@ -10117,6 +10121,50 @@ $as_echo "#define WITH_TSC 1" >>confdefs
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
+else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-count-allocs" >&5
+$as_echo_n "checking for --with-count-allocs... " >&6; }
+
+# Check whether --with-count-allocs was given.
+if test "${with_count_allocs+set}" = set; then :
+ withval=$with_count_allocs;
+if test "$withval" != no
+then
+
+$as_echo "#define COUNT_ALLOCS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-call-profile" >&5
+$as_echo_n "checking for --with-call-profile... " >&6; }
+
+# Check whether --with-call-profile was given.
+if test "${with_call_profile+set}" = set; then :
+ withval=$with_call_profile;
+if test "$withval" != no
+then
+
+$as_echo "#define CALL_PROFILE 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi

View File

@ -111,8 +111,8 @@
# ================== # ==================
Summary: Version 3 of the Python programming language aka Python 3000 Summary: Version 3 of the Python programming language aka Python 3000
Name: python3 Name: python3
Version: %{pybasever}.1 Version: %{pybasever}.2
Release: 15%{?dist} Release: 1%{?dist}
License: Python License: Python
Group: Development/Languages Group: Development/Languages
@ -382,31 +382,6 @@ Patch188: 00188-fix-lib2to3-tests-when-hashlib-doesnt-compile-properly.patch
Patch189: 00189-add-rewheel-module.patch Patch189: 00189-add-rewheel-module.patch
%endif %endif
# 00194 #
# Tests requiring SIGHUP to work don't work in Koji
# see rhbz#1088233
Patch194: temporarily-disable-tests-requiring-SIGHUP.patch
# 00196 #
# Fix test_gdb failure on ppc64le
Patch196: 00196-test-gdb-match-addr-before-builtin.patch
# 00200 #
# Fix for gettext plural form headers (lines that begin with "#")
# Note: Backported from scl
Patch200: 00200-gettext-plural-fix.patch
# 00201 #
# Fixes memory leak in gdbm module (rhbz#977308)
# This was upstreamed as a part of bigger patch, but for our purposes
# this is ok: http://bugs.python.org/issue18404
# Note: Backported from scl
Patch201: 00201-fix-memory-leak-in-gdbm.patch
# 00203 #
# test_threading fails in koji dues to it's handling of signals
Patch203: 00203-disable-threading-test-koji.patch
# 00205 # # 00205 #
# LIBPL variable in makefile takes LIBPL from configure.ac # LIBPL variable in makefile takes LIBPL from configure.ac
# but the LIBPL variable defined there doesn't respect libdir macro # but the LIBPL variable defined there doesn't respect libdir macro
@ -417,40 +392,12 @@ Patch205: 00205-make-libpl-respect-lib64.patch
# by debian but fedora infra uses only eabi without hf # by debian but fedora infra uses only eabi without hf
Patch206: 00206-remove-hf-from-arm-triplet.patch Patch206: 00206-remove-hf-from-arm-triplet.patch
# 00207 #
# Avoid truncated _math.o files caused by parallel builds
# modified version of https://bugs.python.org/issue24421
# rhbz#1292461
Patch207: 00207-math-once.patch
# 00208 #
# test_with_pip (test.test_venv.EnsurePipTest) fails on ppc64*
# rhbz#1292467
Patch208: 00208-disable-test_with_pip-on-ppc.patch
# 00209 # # 00209 #
# Fix test breakage with version 2.2.0 of Expat # Fix test breakage with version 2.2.0 of Expat
# rhbz#1353918: https://bugzilla.redhat.com/show_bug.cgi?id=1353918 # rhbz#1353918: https://bugzilla.redhat.com/show_bug.cgi?id=1353918
# FIXED UPSTREAM: http://bugs.python.org/issue27369 # FIXED UPSTREAM: http://bugs.python.org/issue27369
Patch209: 00209-fix-test-pyexpat-failure.patch Patch209: 00209-fix-test-pyexpat-failure.patch
# 00237 #
# CVE-2016-0772 python: smtplib StartTLS stripping attack
# rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
# rhbz#1346345: https://bugzilla.redhat.com/show_bug.cgi?id=1346345
# FIXED UPSTREAM: https://hg.python.org/cpython/rev/d590114c2394
# Raise an error when STARTTLS fails
Patch237: 00237-Raise-an-error-when-STARTTLS-fails.patch
# 00241 #
# CVE-2016-5636: http://seclists.org/oss-sec/2016/q2/560
# rhbz#1345859: https://bugzilla.redhat.com/show_bug.cgi?id=1345859
# https://hg.python.org/cpython/rev/10dad6da1b28/
# https://hg.python.org/cpython/rev/5533a9e02b21
# Fix possible integer overflow and heap corruption in zipimporter.get_data()
# FIXED UPSTREAM: https://bugs.python.org/issue26171
Patch241: 00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch
# 00242 # # 00242 #
# HTTPoxy attack (CVE-2016-1000110) # HTTPoxy attack (CVE-2016-1000110)
# https://httpoxy.org/ # https://httpoxy.org/
@ -659,7 +606,7 @@ for f in md5module.c sha1module.c sha256module.c sha512module.c; do
done done
%if 0%{with_rewheel} %if 0%{with_rewheel}
%global pip_version 7.1.0 %global pip_version 8.1.2
sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/ensurepip/__init__.py sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/ensurepip/__init__.py
%endif %endif
@ -696,16 +643,9 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en
%patch189 -p1 %patch189 -p1
%endif %endif
%patch194 -p1
%patch196 -p1
%patch203 -p1
%patch205 -p1 %patch205 -p1
%patch206 -p1 %patch206 -p1
%patch207 -p1
%patch208 -p1
%patch209 -p1 %patch209 -p1
%patch237 -p1
%patch241 -p1
%patch242 -p1 %patch242 -p1
%patch243 -p1 %patch243 -p1
@ -1612,6 +1552,15 @@ rm -fr %{buildroot}
# ====================================================== # ======================================================
%changelog %changelog
* Mon Aug 15 2016 Tomas Orsava <torsava@redhat.com> - 3.5.2-1
- Rebased to version 3.5.2
- Set to work with pip version 8.1.2
- Removed patches 207, 237, 241 as fixes are already contained in Python 3.5.2
- Removed arch or environment specific patches 194, 196, 203, and 208
as test builds indicate they are no longer needed
- Updated patches 102, 146, and 242 to work with the new Python codebase
- Removed patches 200, 201, 5000 which weren't even being applied
* Tue Aug 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 3.5.1-15 * Tue Aug 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 3.5.1-15
- Fix for CVE-2016-1000110 HTTPoxy attack - Fix for CVE-2016-1000110 HTTPoxy attack
- SPEC file cleanup - SPEC file cleanup