rpms
/
python3.11
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update to Python 3.4 alpha 4. 

- Refreshed patches: 55 (systemtap), 102 (lib64), 111 (no static lib),
114 (statvfs flags), 132 (unittest rpmbuild hooks), 134 (fix COUNT_ALLOCS in
test_sys), 143 (tsc on ppc64), 146 (hashlib fips), 153 (test gdb noise),
157 (UID+GID overflows), 173 (ENOPROTOOPT in bind_port), 186 (dont raise
from py_compile)
- Removed patches: 129 (test_subprocess nonreadable dir - no longer fails in
Koji), 142 (the mock issue that caused this is fixed)
- Added patch 187 (remove thread atfork) - will be in next version
- Refreshed script for checking pyc and pyo timestamps with new ignored files.
- The fips patch is disabled for now until upstream makes a final decision
what to do with sha3 implementation for 3.4.0.
This commit is contained in:
Bohuslav Kabrda 2013-11-05 12:39:14 +01:00
parent 3dbbc14e76
commit f5250ecae7
20 changed files with 192 additions and 462 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
00055-systemtap.patch
View File

@ -650,8 +650,8 @@ diff -up Python-3.3.0rc2/Makefile.pre.in.systemtap Python-3.3.0rc2/Makefile.pre.
+Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h \
+ $(srcdir)/Python/ceval_systemtap.h @SYSTEMTAPDEPS@
Python/formatter_unicode.o: $(srcdir)/Python/formatter_unicode.c \
$(BYTESTR_DEPS)
Python/frozen.o: Python/importlib.h
@@ -724,6 +726,13 @@ Objects/typeobject.o: $(srcdir)/Objects/
Objects/typeslots.inc: $(srcdir)/Include/typeslots.h $(srcdir)/Objects/typeslots.py
$(PYTHON) $(srcdir)/Objects/typeslots.py < $(srcdir)/Include/typeslots.h > Objects/typeslots.inc
@ -735,8 +735,8 @@ diff -up Python-3.3.0rc2/Python/ceval.c.systemtap Python-3.3.0rc2/Python/ceval.c
+ }
+
Py_LeaveRecursiveCall();
f->f_executing = 0;
tstate->frame = f->f_back;
diff -up Python-3.3.0rc2/Python/ceval_systemtap.h.systemtap Python-3.3.0rc2/Python/ceval_systemtap.h
--- Python-3.3.0rc2/Python/ceval_systemtap.h.systemtap 2012-09-10 09:17:21.122511781 -0400
+++ Python-3.3.0rc2/Python/ceval_systemtap.h 2012-09-10 09:17:21.122511781 -0400

4
00111-no-static-lib.patch
View File

@ -2,7 +2,7 @@ diff -up cpython-59223da36dec/Makefile.pre.in.no-static-lib cpython-59223da36dec
--- cpython-59223da36dec/Makefile.pre.in.no-static-lib 2012-08-07 16:43:43.296466422 -0400
+++ cpython-59223da36dec/Makefile.pre.in 2012-08-07 16:44:13.299464371 -0400
@@ -464,7 +464,7 @@ coverage:
$(MAKE) coverage-lcov
# Build the interpreter
-$(BUILDPYTHON): Modules/python.o $(LIBRARY) $(LDLIBRARY) $(PY3LIBRARY)
@ -11,7 +11,7 @@ diff -up cpython-59223da36dec/Makefile.pre.in.no-static-lib cpython-59223da36dec
platform: $(BUILDPYTHON) pybuilddir.txt
@@ -480,18 +480,6 @@ sharedmods: $(BUILDPYTHON) $(SYSCONFIGDA
$(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
$(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build
-# Build static library

22
00114-statvfs-f_flag-constants.patch
View File

@ -2,38 +2,38 @@ diff -up Python-3.3.0b1/Modules/posixmodule.c.statvfs-f_flag-constants Python-3.
--- Python-3.3.0b1/Modules/posixmodule.c.statvfs-f_flag-constants 2012-06-26 16:19:54.000000000 -0400
+++ Python-3.3.0b1/Modules/posixmodule.c 2012-07-20 13:39:18.595546387 -0400
@@ -11665,6 +11665,35 @@ all_ins(PyObject *d)
if (ins(d, "ST_NOSUID", (long)ST_NOSUID)) return -1;
if (PyModule_AddIntMacro(m, ST_NOSUID)) return -1;
#endif /* ST_NOSUID */
+ /* GNU extensions */
+#ifdef ST_NODEV
+ if (ins(d, "ST_NODEV", (long)ST_NODEV)) return -1;
+ if (PyModule_AddIntMacro(m, ST_NODEV)) return -1;
+#endif /* ST_NODEV */
+#ifdef ST_NOEXEC
+ if (ins(d, "ST_NOEXEC", (long)ST_NOEXEC)) return -1;
+ if (PyModule_AddIntMacro(m, ST_NOEXEC)) return -1;
+#endif /* ST_NOEXEC */
+#ifdef ST_SYNCHRONOUS
+ if (ins(d, "ST_SYNCHRONOUS", (long)ST_SYNCHRONOUS)) return -1;
+ if (PyModule_AddIntMacro(m, ST_SYNCHRONOUS)) return -1;
+#endif /* ST_SYNCHRONOUS */
+#ifdef ST_MANDLOCK
+ if (ins(d, "ST_MANDLOCK", (long)ST_MANDLOCK)) return -1;
+ if (PyModule_AddIntMacro(m, ST_MANDLOCK)) return -1;
+#endif /* ST_MANDLOCK */
+#ifdef ST_WRITE
+ if (ins(d, "ST_WRITE", (long)ST_WRITE)) return -1;
+ if (PyModule_AddIntMacro(m, ST_WRITE)) return -1;
+#endif /* ST_WRITE */
+#ifdef ST_APPEND
+ if (ins(d, "ST_APPEND", (long)ST_APPEND)) return -1;
+ if (PyModule_AddIntMacro(m, ST_APPEND)) return -1;
+#endif /* ST_APPEND */
+#ifdef ST_NOATIME
+ if (ins(d, "ST_NOATIME", (long)ST_NOATIME)) return -1;
+ if (PyModule_AddIntMacro(m, ST_NOATIME)) return -1;
+#endif /* ST_NOATIME */
+#ifdef ST_NODIRATIME
+ if (ins(d, "ST_NODIRATIME", (long)ST_NODIRATIME)) return -1;
+ if (PyModule_AddIntMacro(m, ST_NODIRATIME)) return -1;
+#endif /* ST_NODIRATIME */
+#ifdef ST_RELATIME
+ if (ins(d, "ST_RELATIME", (long)ST_RELATIME)) return -1;
+ if (PyModule_AddIntMacro(m, ST_RELATIME)) return -1;
+#endif /* ST_RELATIME */
+
/* FreeBSD sendfile() constants */
#ifdef SF_NODISKIO
if (ins(d, "SF_NODISKIO", (long)SF_NODISKIO)) return -1;
if (PyModule_AddIntMacro(m, SF_NODISKIO)) return -1;

6
00132-add-rpmbuild-hooks-to-unittest.patch
View File

@ -6,11 +6,11 @@ diff -up Python-3.2.2/Lib/unittest/case.py.add-rpmbuild-hooks-to-unittest Python
import functools
import difflib
+import os
import logging
import pprint
import re
import warnings
@@ -101,6 +102,43 @@ def expectedFailure(func):
return wrapper
raise self.test_case.failureException(msg)
+# Non-standard/downstream-only hooks for handling issues with specific test
@ -50,7 +50,7 @@ diff -up Python-3.2.2/Lib/unittest/case.py.add-rpmbuild-hooks-to-unittest Python
+ func(*args, **kwargs)
+ return wrapper
+
class _AssertRaisesBaseContext(object):
class _AssertRaisesBaseContext(_BaseTestCaseContext):
def __init__(self, expected, test_case, callable_obj=None,
diff -up Python-3.2.2/Lib/unittest/__init__.py.add-rpmbuild-hooks-to-unittest Python-3.2.2/Lib/unittest/__init__.py

4
00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch
View File

@ -4,14 +4,14 @@ diff -up Python-3.3.0b2/Lib/test/test_sys.py.fix-COUNT_ALLOCS-failure-in-test_sy
@@ -835,12 +835,17 @@ class SizeofTest(unittest.TestCase):
# type
# static type: PyTypeObject
s = vsize('P2n15Pl4Pn9Pn11PI')
s = vsize('P2n15Pl4Pn9Pn11PIP')
+ # COUNT_ALLOCS adds a further 3 Py_ssize_t and 2 pointers:
+ if hasattr(sys, 'getcounts'):
+ s += struct.calcsize('3P2P')
check(int, s)
# (PyTypeObject + PyNumberMethods + PyMappingMethods +
# PySequenceMethods + PyBufferProcs + 4P)
s = vsize('P2n15Pl4Pn9Pn11PI') + struct.calcsize('34P 3P 10P 2P 4P')
s = vsize('P2n15Pl4Pn9Pn11PIP') + struct.calcsize('34P 3P 10P 2P 4P')
# Separate block for PyDictKeysObject with 4 entries
s += struct.calcsize("2nPn") + 4*struct.calcsize("n2P")
+ if hasattr(sys, 'getcounts'):

22
00142-skip-failing-pty-tests-in-rpmbuild.patch
View File

@ -1,22 +0,0 @@
diff -up Python-2.7.2/Lib/test/test_openpty.py.skip-failing-pty-tests-in-rpmbuild Python-2.7.2/Lib/test/test_openpty.py
--- Python-2.7.2/Lib/test/test_openpty.py.skip-failing-pty-tests-in-rpmbuild 2011-09-09 05:09:28.698920379 -0400
+++ Python-2.7.2/Lib/test/test_openpty.py 2011-09-09 05:10:54.805914490 -0400
@@ -8,6 +8,7 @@ if not hasattr(os, "openpty"):
class OpenptyTest(unittest.TestCase):
+ @unittest._skipInRpmBuild('sometimes fails in Koji, possibly due to a mock issue (rhbz#714627)')
def test(self):
master, slave = os.openpty()
if not os.isatty(slave):
diff -up Python-2.7.2/Lib/test/test_pty.py.skip-failing-pty-tests-in-rpmbuild Python-2.7.2/Lib/test/test_pty.py
--- Python-2.7.2/Lib/test/test_pty.py.skip-failing-pty-tests-in-rpmbuild 2011-09-09 05:09:36.781919825 -0400
+++ Python-2.7.2/Lib/test/test_pty.py 2011-09-09 05:11:14.741913127 -0400
@@ -109,6 +109,7 @@ class PtyTest(unittest.TestCase):
os.close(master_fd)
+ @unittest._skipInRpmBuild('sometimes fails in Koji, possibly due to a mock issue (rhbz#714627)')
def test_fork(self):
debug("calling pty.fork()")
pid, master_fd = pty.fork()

2
00143-tsc-on-ppc.patch
View File

@ -31,7 +31,7 @@ diff -up Python-2.7.2/Python/ceval.c.tsc-on-ppc Python-2.7.2/Python/ceval.c
-ppc_getcounter(uint64 *v)
+ppc32_getcounter(uint64 *v)
{
- register unsigned long tbu, tb, tbu2;
- unsigned long tbu, tb, tbu2;
+ union { long long ll; long ii[2]; } u;
+ long tmp;

29
00146-hashlib-fips.patch
View File

@ -73,9 +73,9 @@ diff -up Python-3.2.2/Lib/hashlib.py.hashlib-fips Python-3.2.2/Lib/hashlib.py
diff -up Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips Python-3.2.2/Lib/test/test_hashlib.py
--- Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips 2011-09-03 12:16:43.000000000 -0400
+++ Python-3.2.2/Lib/test/test_hashlib.py 2011-09-14 01:45:48.462251974 -0400
@@ -22,6 +22,19 @@ from test.support import _4G, precisionb
# Were we compiled --with-pydebug or with #define Py_DEBUG?
COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount')
@@ -22,6 +22,20 @@ from test.support import _4G, precisionb
c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
py_hashlib = import_fresh_module('hashlib', blocked=['_hashlib'])
+def openssl_enforces_fips():
+ # Use the "openssl" command (if present) to try to determine if the local
@ -90,9 +90,10 @@ diff -up Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips Python-3.2.2/Lib/tes
+ stdout, stderr = p.communicate(input=b'abc')
+ return b'unknown cipher' in stderr
+OPENSSL_ENFORCES_FIPS = openssl_enforces_fips()
+
def hexstr(s):
assert isinstance(s, bytes), repr(s)
h = "0123456789abcdef"
@@ -31,6 +44,16 @@ def hexstr(s):
r += h[(i >> 4) & 0xF] + h[i & 0xF]
return r
@ -146,15 +147,15 @@ diff -up Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips Python-3.2.2/Lib/tes
- self.constructors_to_test['sha384'].add(_sha512.sha384)
- self.constructors_to_test['sha512'].add(_sha512.sha512)
+ constructors.add(suppress_fips(constructor))
super(HashLibTestCase, self).__init__(*args, **kwargs)
_sha3 = self._conditional_import_module('_sha3')
if _sha3:
self.constructors_to_test['sha3_224'].add(_sha3.sha3_224)
@@ -138,7 +146,7 @@ class HashLibTestCase(unittest.TestCase)
def test_hexdigest(self):
for name in self.supported_hash_names:
- h = hashlib.new(name)
+ h = hashlib.new(name, usedforsecurity=False)
for cons in self.hash_constructors:
- h = cons()
+ h = cons(usedforsecurity=False)
assert isinstance(h.digest(), bytes), name
self.assertEqual(hexstr(h.digest()), h.hexdigest())
@ -162,14 +163,14 @@ diff -up Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips Python-3.2.2/Lib/tes
cees = b'c' * 126
for name in self.supported_hash_names:
- m1 = hashlib.new(name)
+ m1 = hashlib.new(name, usedforsecurity=False)
- m1 = cons()
+ m1 = cons(usedforsecurity=False)
m1.update(aas)
m1.update(bees)
m1.update(cees)
- m2 = hashlib.new(name)
+ m2 = hashlib.new(name, usedforsecurity=False)
- m2 = cons()
+ m2 = cons(usedforsecurity=False)
m2.update(aas + bees + cees)
self.assertEqual(m1.digest(), m2.digest())

2
00153-fix-test_gdb-noise.patch
View File

@ -19,8 +19,8 @@
--- Lib/test/test_gdb.py.old 2012-04-11 21:04:01.367073855 -0400
+++ Lib/test/test_gdb.py 2012-04-12 08:52:58.320288761 -0400
@@ -144,6 +153,10 @@
'Do you need "set solib-search-path" or '
'"set sysroot"?',
'warning: Source file is more recent than executable.',
)
+ ignore_patterns += ('warning: Unable to open',
+ 'Missing separate debuginfo for',

12
00157-uid-gid-overflows.patch
View File

@ -4,35 +4,35 @@ diff -up Python-3.3.0b1/Lib/test/test_os.py.uid-gid-overflows Python-3.3.0b1/Lib
@@ -1174,30 +1174,36 @@ if sys.platform != 'win32':
def test_setuid(self):
if os.getuid() != 0:
self.assertRaises(os.error, os.setuid, 0)
self.assertRaises(OSError, os.setuid, 0)
+ self.assertRaises(TypeError, os.setuid, 'not an int')
self.assertRaises(OverflowError, os.setuid, 1<<32)
if hasattr(os, 'setgid'):
def test_setgid(self):
if os.getuid() != 0 and not HAVE_WHEEL_GROUP:
self.assertRaises(os.error, os.setgid, 0)
self.assertRaises(OSError, os.setgid, 0)
+ self.assertRaises(TypeError, os.setgid, 'not an int')
self.assertRaises(OverflowError, os.setgid, 1<<32)
if hasattr(os, 'seteuid'):
def test_seteuid(self):
if os.getuid() != 0:
self.assertRaises(os.error, os.seteuid, 0)
self.assertRaises(OSError, os.seteuid, 0)
+ self.assertRaises(TypeError, os.seteuid, 'not an int')
self.assertRaises(OverflowError, os.seteuid, 1<<32)
if hasattr(os, 'setegid'):
def test_setegid(self):
if os.getuid() != 0 and not HAVE_WHEEL_GROUP:
self.assertRaises(os.error, os.setegid, 0)
self.assertRaises(OSError, os.setegid, 0)
+ self.assertRaises(TypeError, os.setegid, 'not an int')
self.assertRaises(OverflowError, os.setegid, 1<<32)
if hasattr(os, 'setreuid'):
def test_setreuid(self):
if os.getuid() != 0:
self.assertRaises(os.error, os.setreuid, 0, 0)
self.assertRaises(OSError, os.setreuid, 0, 0)
+ self.assertRaises(TypeError, os.setreuid, 'not an int', 0)
+ self.assertRaises(TypeError, os.setreuid, 0, 'not an int')
self.assertRaises(OverflowError, os.setreuid, 1<<32, 0)
@ -41,7 +41,7 @@ diff -up Python-3.3.0b1/Lib/test/test_os.py.uid-gid-overflows Python-3.3.0b1/Lib
@@ -1212,6 +1218,8 @@ if sys.platform != 'win32':
def test_setregid(self):
if os.getuid() != 0 and not HAVE_WHEEL_GROUP:
self.assertRaises(os.error, os.setregid, 0, 0)
self.assertRaises(OSError, os.setregid, 0, 0)
+ self.assertRaises(TypeError, os.setregid, 'not an int', 0)
+ self.assertRaises(TypeError, os.setregid, 0, 'not an int')
self.assertRaises(OverflowError, os.setregid, 1<<32, 0)

5
00173-workaround-ENOPROTOOPT-in-bind_port.patch
View File

@ -1,6 +1,6 @@
diff -up Python-3.3.0/Lib/test/support.py.rhbz913732 Python-3.3.0/Lib/test/support.py
--- Python-3.3.0/Lib/test/support.py.rhbz913732 2013-03-04 16:25:53.885258476 -0500
+++ Python-3.3.0/Lib/test/support.py 2013-03-04 16:25:58.499258157 -0500
--- Python-3.4.0a4/Lib/test/support/__init__.py.rhbz913732 2013-03-04 16:25:53.885258476 -0500
+++ Python-3.4.0a4/Lib/test/support/__init__.py 2013-03-04 16:25:58.499258157 -0500
@@ -544,7 +544,8 @@ def bind_port(sock, host=HOST):
if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR) == 1:
raise TestFailed("tests should never set the SO_REUSEADDR " \
@ -11,4 +11,3 @@ diff -up Python-3.3.0/Lib/test/support.py.rhbz913732 Python-3.3.0/Lib/test/suppo
if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1:
raise TestFailed("tests should never set the SO_REUSEPORT " \
"socket option on TCP/IP sockets!")
diff -up Python-3.3.0/Lib/test/test_support.py.rhbz913732 Python-3.3.0/Lib/test/test_support.py

13
00182-fix-test_gdb-test_threads.patch
View File

@ -1,13 +0,0 @@
diff -up Python-3.3.1/Misc/NEWS.fix-test_gdb-test_threads Python-3.3.1/Misc/NEWS
diff -up Python-3.3.1/Tools/gdb/libpython.py.fix-test_gdb-test_threads Python-3.3.1/Tools/gdb/libpython.py
--- Python-3.3.1/Tools/gdb/libpython.py.fix-test_gdb-test_threads 2013-05-09 12:12:01.621592211 -0400
+++ Python-3.3.1/Tools/gdb/libpython.py 2013-05-09 12:12:01.632592209 -0400
@@ -1465,7 +1465,7 @@ class Frame(object):
# This assumes the _POSIX_THREADS version of Python/ceval_gil.h:
name = self._gdbframe.name()
if name:
- return name.startswith('pthread_cond_timedwait')
+ return 'pthread_cond_timedwait' in name
def is_gc_collect(self):
'''Is this frame "collect" within the garbage-collector?'''

49
00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch
View File

@ -1,49 +0,0 @@
# HG changeset patch
# User Antoine Pitrou <solipsis@pitrou.net>
# Date 1368892602 -7200
# Node ID c627638753e2d25a98950585b259104a025937a9
# Parent 9682241dc8fcb4b1aef083bd30860efa070c3d6d
Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -129,9 +129,16 @@ class CertificateError(ValueError):
pass
-def _dnsname_to_pat(dn):
+def _dnsname_to_pat(dn, max_wildcards=1):
pats = []
for frag in dn.split(r'.'):
+ if frag.count('*') > max_wildcards:
+ # Issue #17980: avoid denials of service by refusing more
+ # than one wildcard per fragment. A survery of established
+ # policy among SSL implementations showed it to be a
+ # reasonable choice.
+ raise CertificateError(
+ "too many wildcards in certificate DNS name: " + repr(dn))
if frag == '*':
# When '*' is a fragment by itself, it matches a non-empty dotless
# fragment.
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -349,6 +349,17 @@ class BasicSocketTests(unittest.TestCase
self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
+ # Issue #17980: avoid denials of service by refusing more than one
+ # wildcard per fragment.
+ cert = {'subject': ((('commonName', 'a*b.com'),),)}
+ ok(cert, 'axxb.com')
+ cert = {'subject': ((('commonName', 'a*b.co*'),),)}
+ ok(cert, 'axxb.com')
+ cert = {'subject': ((('commonName', 'a*b*.com'),),)}
+ with self.assertRaises(ssl.CertificateError) as cm:
+ ssl.match_hostname(cert, 'axxbxxc.com')
+ self.assertIn("too many wildcards", str(cm.exception))
+
def test_server_side(self):
# server_hostname doesn't work for server sockets
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

241
00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
View File

@ -1,241 +0,0 @@
diff -r e0f86c3b3685 Lib/test/nullbytecert.pem
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Lib/test/nullbytecert.pem Sun Aug 11 18:17:23 2013 +0200
@@ -0,0 +1,90 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
+ Validity
+ Not Before: Aug 7 13:11:52 2013 GMT
+ Not After : Aug 7 13:12:52 2013 GMT
+ Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
+ 03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
+ 16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
+ 88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
+ 32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
+ 56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
+ a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
+ 45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
+ ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
+ 90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
+ 7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
+ 68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
+ f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
+ f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
+ ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
+ d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
+ 9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
+ 2f:85
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Alternative Name:
+ *************************************************************
+ WARNING: The values for DNS, email and URI are WRONG. OpenSSL
+ doesn't print the text after a NULL byte.
+ *************************************************************
+ DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
+ Signature Algorithm: sha1WithRSAEncryption
+ ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
+ a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
+ 3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
+ 86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
+ 56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
+ de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
+ 3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
+ 60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
+ d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
+ 25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
+ 1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
+ 4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
+ 0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
+ 5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
+ c1:ca:a9:94
+-----BEGIN CERTIFICATE-----
+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
+-----END CERTIFICATE-----
diff -r e0f86c3b3685 Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py Sun Aug 11 13:04:50 2013 +0300
+++ b/Lib/test/test_ssl.py Sun Aug 11 18:17:23 2013 +0200
@@ -55,6 +55,7 @@
WRONGCERT = data_file("XXXnonexisting.pem")
BADKEY = data_file("badkey.pem")
NOKIACERT = data_file("nokia.pem")
+NULLBYTECERT = data_file("nullbytecert.pem")
DHFILE = data_file("dh512.pem")
BYTES_DHFILE = os.fsencode(DHFILE)
@@ -162,6 +163,27 @@
('DNS', 'projects.forum.nokia.com'))
)
+ def test_parse_cert_CVE_2013_4073(self):
+ p = ssl._ssl._test_decode_cert(NULLBYTECERT)
+ if support.verbose:
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
+ subject = ((('countryName', 'US'),),
+ (('stateOrProvinceName', 'Oregon'),),
+ (('localityName', 'Beaverton'),),
+ (('organizationName', 'Python Software Foundation'),),
+ (('organizationalUnitName', 'Python Core Development'),),
+ (('commonName', 'null.python.org\x00example.org'),),
+ (('emailAddress', 'python-dev@python.org'),))
+ self.assertEqual(p['subject'], subject)
+ self.assertEqual(p['issuer'], subject)
+ self.assertEqual(p['subjectAltName'],
+ (('DNS', 'altnull.python.org\x00example.com'),
+ ('email', 'null@python.org\x00user@example.org'),
+ ('URI', 'http://null.python.org\x00http://example.org'),
+ ('IP Address', '192.0.2.1'),
+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
+ )
+
def test_DER_to_PEM(self):
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
pem = f.read()
@@ -294,6 +316,13 @@
fail(cert, 'foo.a.com')
fail(cert, 'bar.foo.com')
+ # NULL bytes are bad, CVE-2013-4073
+ cert = {'subject': ((('commonName',
+ 'null.python.org\x00example.org'),),)}
+ ok(cert, 'null.python.org\x00example.org') # or raise an error?
+ fail(cert, 'example.org')
+ fail(cert, 'null.python.org')
+
# Slightly fake real-world example
cert = {'notAfter': 'Jun 26 21:41:46 2011 GMT',
'subject': ((('commonName', 'linuxfrz.org'),),),
diff -r e0f86c3b3685 Modules/_ssl.c
--- a/Modules/_ssl.c Sun Aug 11 13:04:50 2013 +0300
+++ b/Modules/_ssl.c Sun Aug 11 18:17:23 2013 +0200
@@ -771,12 +771,14 @@
ext->value->length));
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
-
/* get a rendering of each name in the set of names */
+ int gntype;
+ ASN1_STRING *as = NULL;
name = sk_GENERAL_NAME_value(names, j);
- if (name->type == GEN_DIRNAME) {
-
+ gntype = name-> type;
+ switch (gntype) {
+ case GEN_DIRNAME:
/* we special-case DirName as a tuple of
tuples of attributes */
@@ -798,11 +800,62 @@
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
- } else {
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string
+ correctly. */
+ t = PyTuple_New(2);
+ if (t == NULL)
+ goto fail;
+ switch (gntype) {
+ case GEN_EMAIL:
+ v = PyUnicode_FromString("email");
+ as = name->d.rfc822Name;
+ break;
+ case GEN_DNS:
+ v = PyUnicode_FromString("DNS");
+ as = name->d.dNSName;
+ break;
+ case GEN_URI:
+ v = PyUnicode_FromString("URI");
+ as = name->d.uniformResourceIdentifier;
+ break;
+ }
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 0, v);
+ v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 1, v);
+ break;
+ default:
/* for everything else, we use the OpenSSL print form */
-
+ switch (gntype) {
+ /* check for new general name type */
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ case GEN_IPADD:
+ case GEN_RID:
+ break;
+ default:
+ if (PyErr_WarnFormat(PyExc_RuntimeWarning, 1,
+ "Unknown general name type %d",
+ gntype) == -1) {
+ goto fail;
+ }
+ break;
+ }
(void) BIO_reset(biobuf);
GENERAL_NAME_print(biobuf, name);
len = BIO_gets(biobuf, buf, sizeof(buf)-1);
@@ -829,6 +882,7 @@
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
}
/* and add that rendering to the list */

33
00186-dont-raise-from-py_compile.patch
View File

@ -1,30 +1,3 @@
diff -r 7fa3e824a4ee Lib/py_compile.py
--- a/Lib/py_compile.py Tue Oct 29 22:25:06 2013 -0400
+++ b/Lib/py_compile.py Wed Oct 30 11:08:31 2013 +0100
@@ -108,15 +108,15 @@
byte-compile all installed files (or all files in selected
directories).
"""
- with tokenize.open(file) as f:
- try:
- st = os.fstat(f.fileno())
- except AttributeError:
- st = os.stat(file)
- timestamp = int(st.st_mtime)
- size = st.st_size & 0xFFFFFFFF
- codestring = f.read()
try:
+ with tokenize.open(file) as f:
+ try:
+ st = os.fstat(f.fileno())
+ except AttributeError:
+ st = os.stat(file)
+ timestamp = int(st.st_mtime)
+ size = st.st_size & 0xFFFFFFFF
+ codestring = f.read()
codeobject = builtins.compile(codestring, dfile or file, 'exec',
optimize=optimize)
except Exception as err:
diff -r 7fa3e824a4ee Lib/test/test_py_compile.py
--- a/Lib/test/test_py_compile.py Tue Oct 29 22:25:06 2013 -0400
+++ b/Lib/test/test_py_compile.py Wed Oct 30 11:08:31 2013 +0100
@ -36,6 +9,6 @@ diff -r 7fa3e824a4ee Lib/test/test_py_compile.py
+ bad_coding = os.path.join(os.path.dirname(__file__), 'bad_coding2.py')
+ self.assertIsNone(py_compile.compile(bad_coding, doraise=False))
+
def test_main():
support.run_unittest(PyCompileTests)
def test_relative_path(self):
py_compile.compile(os.path.relpath(self.source_path),
os.path.relpath(self.pyc_path))

89
00187-remove-pthread-atfork.patch Normal file
View File

@ -0,0 +1,89 @@
diff -r 6fdbb81b4020 -r 705f2addd0f0 Modules/_ssl.c
--- a/Modules/_ssl.c Tue Oct 29 12:14:55 2013 +0100
+++ b/Modules/_ssl.c Tue Oct 29 21:11:55 2013 +0100
@@ -19,9 +19,6 @@
#ifdef WITH_THREAD
#include "pythread.h"
-#ifdef HAVE_PTHREAD_ATFORK
-# include <pthread.h>
-#endif
#define PySSL_BEGIN_ALLOW_THREADS_S(save) \
do { if (_ssl_locks_count>0) { (save) = PyEval_SaveThread(); } } while (0)
@@ -2950,64 +2947,6 @@
Returns number of bytes read. Raises SSLError if connection to EGD\n\
fails or if it does not provide enough data to seed PRNG.");
-/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
- *
- * The parent handler seeds the PRNG from pseudo-random data like pid, the
- * current time (miliseconds or seconds) and an uninitialized array.
- * The array contains stack variables that are impossible to predict
- * on most systems, e.g. function return address (subject to ASLR), the
- * stack protection canary and automatic variables.
- * The code is inspired by Apache's ssl_rand_seed() function.
- *
- * Note:
- * The code uses pthread_atfork() until Python has a proper atfork API. The
- * handlers are not removed from the child process. A parent handler is used
- * instead of a child handler because fork() is supposed to be async-signal
- * safe but the handler calls unsafe functions.
- */
-
-#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
-#define PYSSL_RAND_ATFORK 1
-
-static void
-PySSL_RAND_atfork_parent(void)
-{
- struct {
- char stack[128]; /* uninitialized (!) stack data, 128 is an
- arbitrary number. */
- pid_t pid; /* current pid */
- _PyTime_timeval tp; /* current time */
- } seed;
-
-#ifdef WITH_VALGRIND
- VALGRIND_MAKE_MEM_DEFINED(seed.stack, sizeof(seed.stack));
-#endif
- seed.pid = getpid();
- _PyTime_gettimeofday(&(seed.tp));
- RAND_add((unsigned char *)&seed, sizeof(seed), 0.0);
-}
-
-static int
-PySSL_RAND_atfork(void)
-{
- static int registered = 0;
- int retval;
-
- if (registered)
- return 0;
-
- retval = pthread_atfork(NULL, /* prepare */
- PySSL_RAND_atfork_parent, /* parent */
- NULL); /* child */
- if (retval != 0) {
- PyErr_SetFromErrno(PyExc_OSError);
- return -1;
- }
- registered = 1;
- return 0;
-}
-#endif /* HAVE_PTHREAD_ATFORK */
-
#endif /* HAVE_OPENSSL_RAND */
@@ -3623,10 +3561,5 @@
if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r))
return NULL;
-#ifdef PYSSL_RAND_ATFORK
- if (PySSL_RAND_atfork() == -1)
- return NULL;
-#endif
-
return m;
}

2
check-pyc-and-pyo-timestamps.py
View File

@ -16,10 +16,12 @@ not_compiled = [
'test/badsyntax_future7.py',
'test/badsyntax_future8.py',
'test/badsyntax_future9.py',
'test/badsyntax_future10.py',
'test/badsyntax_pep3120.py',
'lib2to3/tests/data/bom.py',
'lib2to3/tests/data/crlf.py',
'lib2to3/tests/data/different_encoding.py',
'lib2to3/tests/data/false_encoding.py',
'lib2to3/tests/data/py2_test_grammar.py',
'.debug-gdb.py',
]

12
python-3.2.1-fix-test-subprocess-with-nonreadable-path-dir.patch
View File

@ -1,12 +0,0 @@
diff -up Python-3.2.1/Lib/test/test_subprocess.py.non-readable-path Python-3.2.1/Lib/test/test_subprocess.py
--- Python-3.2.1/Lib/test/test_subprocess.py.non-readable-path 2011-07-09 02:58:51.000000000 -0400
+++ Python-3.2.1/Lib/test/test_subprocess.py 2011-07-11 11:34:16.284426005 -0400
@@ -618,7 +618,7 @@ class ProcessTestCase(BaseTestCase):
for i in range(1024):
# Windows raises IOError. Others raise OSError.
with self.assertRaises(EnvironmentError) as c:
- subprocess.Popen(['nonexisting_i_hope'],
+ subprocess.Popen(['/usr/bin/nonexisting_i_hope'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
# ignore errors that indicate the command was not found

6
python-3.3.0b1-lib64.patch
View File

@ -39,9 +39,9 @@ diff -up cpython-59223da36dec/Lib/site.py.lib64 cpython-59223da36dec/Lib/site.py
--- cpython-59223da36dec/Lib/site.py.lib64 2012-08-07 06:10:57.000000000 -0400
+++ cpython-59223da36dec/Lib/site.py 2012-08-07 16:41:00.573477549 -0400
@@ -303,12 +303,16 @@ def getsitepackages(prefixes=None):
if sys.platform in ('os2emx', 'riscos'):
sitepackages.append(os.path.join(prefix, "Lib", "site-packages"))
elif os.sep == '/':
seen.add(prefix)
if os.sep == '/':
+ sitepackages.append(os.path.join(prefix, "lib64",
+ "python" + sys.version[:3],
+ "site-packages"))

95
python3.spec
View File

@ -2,10 +2,13 @@
# Conditionals and other variables controlling the build
# ======================================================
%global pybasever 3.3
%global pybasever 3.4
# pybasever without the dot:
%global pyshortver 33
%global pyshortver 34
# prereleasetag
%global prerel a4
%global pylibdir %{_libdir}/python%{pybasever}
%global dynload_dir %{pylibdir}/lib-dynload
@ -35,9 +38,9 @@
# For example,
# foo/bar.py
# now has bytecode at:
# foo/__pycache__/bar.cpython-33.pyc
# foo/__pycache__/bar.cpython-33.pyo
%global bytecode_suffixes .cpython-33.py?
# foo/__pycache__/bar.cpython-34.pyc
# foo/__pycache__/bar.cpython-34.pyo
%global bytecode_suffixes .cpython-34.py?
# Python's configure script defines SOVERSION, and this is used in the Makefile
# to determine INSTSONAME, the name of the libpython DSO:
@ -125,8 +128,8 @@
# ==================
Summary: Version 3 of the Python programming language aka Python 3000
Name: python3
Version: %{pybasever}.2
Release: 7%{?dist}
Version: %{pybasever}.0
Release: %{?prerel:0.}1%{?prerel:.%{prerel}}%{?dist}
License: Python
Group: Development/Languages
@ -187,7 +190,7 @@ BuildRequires: zlib-devel
# Source code and patches
# =======================
Source: http://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz
Source: http://www.python.org/ftp/python/%{version}/Python-%{version}%{?prerel}.tar.xz
# Avoid having various bogus auto-generated Provides lines for the various
# python c modules' SONAMEs:
@ -276,17 +279,6 @@ Patch114: 00114-statvfs-f_flag-constants.patch
# Not yet sent upstream
Patch125: 00125-less-verbose-COUNT_ALLOCS.patch
# In my koji builds, /root/bin is in the PATH for some reason
# This leads to test_subprocess.py failing, due to "test_leaking_fds_on_error"
# trying every dir in PATH for "nonexisting_i_hope", which leads to it raising
# OSError: [Errno 13] Permission denied
# when it tries to read /root/bin, rather than raising "No such file"
#
# Work around this by specifying an absolute path for the non-existant
# executable
# Not yet sent upstream
Patch129: python-3.2.1-fix-test-subprocess-with-nonreadable-path-dir.patch
# 00130 #
# Python 2's:
# Patch130: python-2.7.2-add-extension-suffix-to-python-config.patch
@ -357,10 +349,6 @@ Patch140: python3-arm-skip-failing-fragile-test.patch
# Not yet sent upstream
Patch141: 00141-fix-test_gc_with_COUNT_ALLOCS.patch
# 00142 #
# Some pty tests fail when run in mock (rhbz#714627):
Patch142: 00142-skip-failing-pty-tests-in-rpmbuild.patch
# 00143 #
# Fix the --with-tsc option on ppc64, and rework it on 32-bit ppc to avoid
# aliasing violations (rhbz#698726)
@ -393,7 +381,8 @@ Patch143: 00143-tsc-on-ppc.patch
# - don't build the _md5 and _sha* modules; rely on the _hashlib implementation
# of hashlib
# (rhbz#563986)
Patch146: 00146-hashlib-fips.patch
# TODO: figure out how to update properly for sha3
# Patch146: 00146-hashlib-fips.patch
# 00147 #
# Add a sys._debugmallocstats() function
@ -595,10 +584,8 @@ Patch180: 00180-python-add-support-for-ppc64p7.patch
# Patch182: 00182-fix-test_gdb-test_threads.patch
# 00183 #
# Upstream fix for CVE-2013-2099 (ssl.match_hostname DOS)
# http://bugs.python.org/issue17980
# http://hg.python.org/cpython/rev/c627638753e2
Patch183: 00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch
# Fixed upstream as of Python 3.4.0a4
# Patch183: 00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch
# 00184 #
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=979696
@ -609,20 +596,22 @@ Patch183: 00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch
Patch184: 00184-ctypes-should-build-with-libffi-multilib-wrapper.patch
# 00185 #
# Fix for CVE-2013-4238 --
# SSL module fails to handle NULL bytes inside subjectAltNames general names
# http://bugs.python.org/issue18709
# rhbz#996399
Patch185: 00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
# Fixed upstream as of Python 3.4.0a4
# Patch185: 00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
# 00186 #
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023607
# Fixes the problem of some *.py files not being bytecompiled properly
# during build. This was result of py_compile.compile raising exception
# when trying to convert test file with bad encoding, and thus not
# continuing bytecompilation for other files.
# Previously, this fixed a problem where some *.py files were not being
# bytecompiled properly during build. This was result of py_compile.compile
# raising exception when trying to convert test file with bad encoding, and
# thus not continuing bytecompilation for other files.
# This was fixed upstream, but the test hasn't been merged yet, so we keep it
Patch186: 00186-dont-raise-from-py_compile.patch
# 00187 #
# Temporarily add this upstream patch, should be in next upstream release
Patch187: 00187-remove-pthread-atfork.patch
# (New patches go here ^^^)
#
@ -762,7 +751,7 @@ can load its own extensions.
# ======================================================
%prep
%setup -q -n Python-%{version}
%setup -q -n Python-%{version}%{?prerel}
chmod +x %{SOURCE1}
%if 0%{?with_systemtap}
@ -789,6 +778,7 @@ rm -r Modules/zlib || exit 1
#
# For example, in our builds hashlib.md5 is implemented within _hashlib via
# OpenSSL (and thus respects FIPS mode), and does not fall back to _md5
# TODO: there seems to be no OpenSSL support in Python for sha3, investigate
for f in md5module.c sha1module.c sha256module.c sha512module.c; do
rm Modules/$f
done
@ -816,8 +806,6 @@ done
%patch125 -p1 -b .less-verbose-COUNT_ALLOCS
%patch129 -p1
%ifarch ppc %{power64}
%patch131 -p1
%endif
@ -835,11 +823,10 @@ done
%endif
# 00140: not for python3
%patch141 -p1
%patch142 -p1
%patch143 -p1 -b .tsc-on-ppc
# 00144: not for python3
# 00145: not for python3
%patch146 -p1
#patch146 -p1
# 00147: upstream as of Python 3.3.0
# 00148: upstream as of Python 3.2.3
# 00149: upstream as of Python 3.2.3
@ -880,10 +867,11 @@ done
%patch180 -p1
# 00181: not for python3
# 00182: upstream as of Python 3.3.2
%patch183 -p1
%patch184 -p1
%patch185 -p1
# 00183 upstream as of Python 3.4.0a4
%patch184 -p1
# 00185 upstream as of Python 3.4.0a4
%patch186 -p1
%patch187 -p1
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
# are many differences between 2.6 and the Python 3 library.
@ -982,7 +970,8 @@ BuildPython() {
# missing symbol AnnotateRWLockDestroy
#
# Invoke the build:
make EXTRA_CFLAGS="$CFLAGS" %{?_smp_mflags}
# TODO: it seems that 3.4.0a4 fails without -J1, have to figure out why
make EXTRA_CFLAGS="$CFLAGS -J1" %{?_smp_mflags}
popd
echo FINISHED: BUILD OF PYTHON FOR CONFIGURATION: $ConfDir
@ -1732,6 +1721,20 @@ rm -fr %{buildroot}
# ======================================================
%changelog
* Mon Nov 04 2013 Bohuslav Kabrda <bkabrda@redhat.com> - 3.4.0-0.1.a4
- Update to Python 3.4 alpha 4.
- Refreshed patches: 55 (systemtap), 102 (lib64), 111 (no static lib),
114 (statvfs flags), 132 (unittest rpmbuild hooks), 134 (fix COUNT_ALLOCS in
test_sys), 143 (tsc on ppc64), 146 (hashlib fips), 153 (test gdb noise),
157 (UID+GID overflows), 173 (ENOPROTOOPT in bind_port), 186 (dont raise
from py_compile)
- Removed patches: 129 (test_subprocess nonreadable dir - no longer fails in
Koji), 142 (the mock issue that caused this is fixed)
- Added patch 187 (remove thread atfork) - will be in next version
- Refreshed script for checking pyc and pyo timestamps with new ignored files.
- The fips patch is disabled for now until upstream makes a final decision
what to do with sha3 implementation for 3.4.0.
* Wed Oct 30 2013 Bohuslav Kabrda <bkabrda@redhat.com> - 3.3.2-7
- Bytecompile all *.py files properly during build (rhbz#1023607)