rpms
/
python3.12
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rebased to Python 3.5.2

This commit is contained in:
Tomas Orsava 2016-08-15 12:39:18 +02:00
parent 77a5f91947
commit 6cd1c5f463
12 changed files with 128 additions and 428 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
00102-lib64.patch
View File

@ -1,6 +1,8 @@
--- Python-3.4.0b1/Lib/distutils/command/install.py.lib64 2013-11-24 21:36:54.000000000 +0100
+++ Python-3.4.0b1/Lib/distutils/command/install.py 2013-11-27 11:10:43.821150774 +0100
@@ -45,14 +45,14 @@ else:
diff --git a/Lib/distutils/command/install.py b/Lib/distutils/command/install.py
index 67db007..b16fe0f 100644
--- a/Lib/distutils/command/install.py
+++ b/Lib/distutils/command/install.py
@@ -30,14 +30,14 @@ WINDOWS_SCHEME = {
INSTALL_SCHEMES = {
'unix_prefix': {
'purelib': '$base/lib/python$py_version_short/site-packages',
@ -17,9 +19,11 @@
'headers': '$base/include/python/$dist_name',
'scripts': '$base/bin',
'data' : '$base',
--- Python-3.4.0b1/Lib/distutils/sysconfig.py.lib64 2013-11-24 21:36:54.000000000 +0100
+++ Python-3.4.0b1/Lib/distutils/sysconfig.py 2013-11-27 11:10:43.821150774 +0100
@@ -141,8 +141,12 @@
diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py
index e5c493d..a4846eb 100644
--- a/Lib/distutils/sysconfig.py
+++ b/Lib/distutils/sysconfig.py
@@ -132,8 +132,12 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None):
prefix = plat_specific and EXEC_PREFIX or PREFIX
if os.name == "posix":
@ -33,9 +37,11 @@
if standard_lib:
return libpython
else:
--- Python-3.4.0b1/Lib/site.py.lib64 2013-11-24 21:36:54.000000000 +0100
+++ Python-3.4.0b1/Lib/site.py 2013-11-27 11:10:43.822150773 +0100
@@ -304,11 +304,15 @@
diff --git a/Lib/site.py b/Lib/site.py
index 3f78ef5..ad1033e 100644
--- a/Lib/site.py
+++ b/Lib/site.py
@@ -303,11 +303,15 @@ def getsitepackages(prefixes=None):
seen.add(prefix)
if os.sep == '/':
@ -51,9 +57,11 @@
sitepackages.append(os.path.join(prefix, "lib", "site-packages"))
if sys.platform == "darwin":
# for framework builds *only* we add the standard Apple
--- Python-3.4.0b1/Lib/sysconfig.py.lib64 2013-11-24 21:36:54.000000000 +0100
+++ Python-3.4.0b1/Lib/sysconfig.py 2013-11-27 11:10:43.822150773 +0100
@@ -20,10 +20,10 @@
diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
index 61451b2..b021cce 100644
--- a/Lib/sysconfig.py
+++ b/Lib/sysconfig.py
@@ -20,10 +20,10 @@ __all__ = [
_INSTALL_SCHEMES = {
'posix_prefix': {
@ -67,7 +75,7 @@
'include':
'{installed_base}/include/python{py_version_short}{abiflags}',
'platinclude':
@@ -61,10 +61,10 @@
@@ -61,10 +61,10 @@ _INSTALL_SCHEMES = {
'data': '{userbase}',
},
'posix_user': {
@ -81,9 +89,11 @@
'include': '{userbase}/include/python{py_version_short}',
'scripts': '{userbase}/bin',
'data': '{userbase}',
--- Python-3.4.0b1/Lib/test/test_site.py.lib64 2013-11-24 21:36:55.000000000 +0100
+++ Python-3.4.0b1/Lib/test/test_site.py 2013-11-27 11:10:43.822150773 +0100
@@ -244,8 +244,8 @@
diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py
index da20a3d..f38ce06 100644
--- a/Lib/test/test_site.py
+++ b/Lib/test/test_site.py
@@ -248,8 +248,8 @@ class HelperFunctionsTests(unittest.TestCase):
self.assertEqual(dirs[1], wanted)
elif os.sep == '/':
# OS X non-framwework builds, Linux, FreeBSD, etc
@ -94,9 +104,11 @@
'site-packages')
self.assertEqual(dirs[0], wanted)
else:
--- Python-3.4.0b1/Makefile.pre.in.lib64 2013-11-27 11:10:43.814150786 +0100
+++ Python-3.4.0b1/Makefile.pre.in 2013-11-27 11:10:43.823150771 +0100
@@ -115,7 +115,7 @@
diff --git a/Makefile.pre.in b/Makefile.pre.in
index 58d4258..e8364f0 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -125,7 +125,7 @@ LIBDIR= @libdir@
MANDIR= @mandir@
INCLUDEDIR= @includedir@
CONFINCLUDEDIR= $(exec_prefix)/include
@ -105,20 +117,11 @@
ABIFLAGS= @ABIFLAGS@
# Detailed destination directories
--- Python-3.4.0b1/Modules/getpath.c.lib64 2013-11-24 21:36:56.000000000 +0100
+++ Python-3.4.0b1/Modules/getpath.c 2013-11-27 11:17:33.619449704 +0100
@@ -122,8 +122,8 @@
#endif
#ifndef PYTHONPATH
-#define PYTHONPATH PREFIX "/lib/python" VERSION ":" \
- EXEC_PREFIX "/lib/python" VERSION "/lib-dynload"
+#define PYTHONPATH PREFIX "/lib64/python" VERSION ":" \
+ EXEC_PREFIX "/lib64/python" VERSION "/lib-dynload"
#endif
#ifndef LANDMARK
@@ -498,7 +498,7 @@
diff --git a/Modules/getpath.c b/Modules/getpath.c
index 18deb60..27ca814 100644
--- a/Modules/getpath.c
+++ b/Modules/getpath.c
@@ -494,7 +494,7 @@ calculate_path(void)
_pythonpath = Py_DecodeLocale(PYTHONPATH, NULL);
_prefix = Py_DecodeLocale(PREFIX, NULL);
_exec_prefix = Py_DecodeLocale(EXEC_PREFIX, NULL);
@ -127,7 +130,7 @@
if (!_pythonpath || !_prefix || !_exec_prefix || !lib_python) {
Py_FatalError(
@@ -687,7 +687,7 @@
@@ -683,7 +683,7 @@ calculate_path(void)
}
else
wcsncpy(zip_path, _prefix, MAXPATHLEN);
@ -136,7 +139,7 @@
bufsz = wcslen(zip_path); /* Replace "00" with version */
zip_path[bufsz - 6] = VERSION[0];
zip_path[bufsz - 5] = VERSION[2];
@@ -699,7 +699,7 @@
@@ -695,7 +695,7 @@ calculate_path(void)
fprintf(stderr,
"Could not find platform dependent libraries <exec_prefix>\n");
wcsncpy(exec_prefix, _exec_prefix, MAXPATHLEN);
@ -145,9 +148,11 @@
}
/* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */
--- Python-3.4.0b1/setup.py.lib64 2013-11-24 21:36:56.000000000 +0100
+++ Python-3.4.0b1/setup.py 2013-11-27 11:10:43.824150769 +0100
@@ -441,7 +441,7 @@
diff --git a/setup.py b/setup.py
index be33c46..f2779cc 100644
--- a/setup.py
+++ b/setup.py
@@ -492,7 +492,7 @@ class PyBuildExt(build_ext):
# directories (i.e. '.' and 'Include') must be first. See issue
# 10520.
if not cross_compiling:
@ -156,7 +161,7 @@
add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
# only change this for cross builds for 3.3, issues on Mageia
if cross_compiling:
@@ -718,11 +718,11 @@
@@ -780,11 +780,11 @@ class PyBuildExt(build_ext):
elif curses_library:
readline_libs.append(curses_library)
elif self.compiler.find_library_file(lib_dirs +
@ -170,7 +175,7 @@
extra_link_args=readline_extra_link_args,
libraries=readline_libs) )
else:
@@ -759,8 +759,8 @@
@@ -821,8 +821,8 @@ class PyBuildExt(build_ext):
if krb5_h:
ssl_incs += krb5_h
ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs,

93
00146-hashlib-fips.patch
View File

@ -1,6 +1,8 @@
--- Python-3.4.0b1/Lib/hashlib.py.hashlib-fips 2013-11-24 21:36:54.000000000 +0100
+++ Python-3.4.0b1/Lib/hashlib.py 2013-11-27 11:45:17.073617547 +0100
@@ -23,6 +23,16 @@
diff --git a/Lib/hashlib.py b/Lib/hashlib.py
index 316cece..b7ad879 100644
--- a/Lib/hashlib.py
+++ b/Lib/hashlib.py
@@ -23,6 +23,16 @@ the zlib module.
Choose your hash function wisely. Some have known collision weaknesses.
sha384 and sha512 will be slow on 32 bit platforms.
@ -17,7 +19,7 @@
Hash objects have these methods:
- update(arg): Update the hash object with the bytes in arg. Repeated calls
are equivalent to a single call with the concatenation of all
@@ -63,6 +73,19 @@
@@ -62,6 +72,18 @@ algorithms_available = set(__always_supported)
__all__ = __always_supported + ('new', 'algorithms_guaranteed',
'algorithms_available', 'pbkdf2_hmac')
@ -33,11 +35,10 @@
+ kwargs.pop('usedforsecurity')
+ return func(*args, **kwargs)
+ return inner
+
__builtin_constructor_cache = {}
@@ -108,34 +131,41 @@
@@ -100,31 +122,39 @@ def __get_openssl_constructor(name):
f = getattr(_hashlib, 'openssl_' + name)
# Allow the C module to raise ValueError. The function will be
# defined but the hash not actually available thanks to OpenSSL.
@ -88,11 +89,8 @@
+ # because we want to make sure that Fedora uses everything from OpenSSL
return __get_builtin_constructor(name)(data)
-
try:
import _hashlib
new = __hash_new
@@ -215,7 +245,10 @@
@@ -207,7 +237,10 @@ for __func_name in __always_supported:
# try them all, some may not work due to the OpenSSL
# version not supporting that algorithm.
try:
@ -104,14 +102,17 @@
except ValueError:
import logging
logging.exception('code for hash %s was not found.', __func_name)
@@ -223,3 +256,4 @@
@@ -215,3 +248,4 @@ for __func_name in __always_supported:
# Cleanup locals()
del __always_supported, __func_name, __get_hash
del __py_new, __hash_new, __get_openssl_constructor
+del __ignore_usedforsecurity
--- Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-27 11:55:42.769601363 +0100
+++ Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-28 09:33:03.929008508 +0100
@@ -24,7 +24,22 @@
\ No newline at end of file
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
index c9b113e..60e2392 100644
--- a/Lib/test/test_hashlib.py
+++ b/Lib/test/test_hashlib.py
@@ -24,7 +24,22 @@ from test.support import _4G, bigmemtest, import_fresh_module
COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount')
c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
@ -135,7 +136,7 @@
def hexstr(s):
assert isinstance(s, bytes), repr(s)
@@ -34,6 +49,16 @@
@@ -34,6 +49,16 @@ def hexstr(s):
r += h[(i >> 4) & 0xF] + h[i & 0xF]
return r
@ -152,7 +153,7 @@
class HashLibTestCase(unittest.TestCase):
supported_hash_names = ( 'md5', 'MD5', 'sha1', 'SHA1',
@@ -66,11 +91,11 @@
@@ -63,11 +88,11 @@ class HashLibTestCase(unittest.TestCase):
# For each algorithm, test the direct constructor and the use
# of hashlib.new given the algorithm name.
for algorithm, constructors in self.constructors_to_test.items():
@ -167,7 +168,7 @@
constructors.add(_test_algorithm_via_hashlib_new)
_hashlib = self._conditional_import_module('_hashlib')
@@ -82,26 +107,12 @@
@@ -79,27 +104,12 @@ class HashLibTestCase(unittest.TestCase):
for algorithm, constructors in self.constructors_to_test.items():
constructor = getattr(_hashlib, 'openssl_'+algorithm, None)
if constructor:
@ -192,10 +193,11 @@
- if _sha512:
- add_builtin_constructor('sha384')
- add_builtin_constructor('sha512')
-
super(HashLibTestCase, self).__init__(*args, **kwargs)
@@ -157,9 +169,6 @@
@property
@@ -148,9 +158,6 @@ class HashLibTestCase(unittest.TestCase):
else:
del sys.modules['_md5']
self.assertRaises(TypeError, get_builtin_constructor, 3)
@ -205,7 +207,7 @@
def test_hexdigest(self):
for cons in self.hash_constructors:
@@ -558,6 +567,65 @@
@@ -433,6 +440,64 @@ class HashLibTestCase(unittest.TestCase):
self.assertEqual(expected_hash, hasher.hexdigest())
@ -267,21 +269,23 @@
+
+ m = _hashlib.new('md5', b'abc\n', usedforsecurity=False)
+ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
+
class KDFTests(unittest.TestCase):
@@ -639,6 +707,7 @@
with self.assertRaisesRegex(ValueError, 'unsupported hash type'):
pbkdf2('unknown', b'pass', b'salt', 1)
@@ -516,7 +581,7 @@ class KDFTests(unittest.TestCase):
out = pbkdf2(hash_name='sha1', password=b'password', salt=b'salt',
iterations=1, dklen=None)
self.assertEqual(out, self.pbkdf2_results['sha1'][0][0])
-
+ @unittest.skip('skipped on Fedora, as we always use OpenSSL pbkdf2_hmac')
def test_pbkdf2_hmac_py(self):
self._test_pbkdf2_hmac(py_hashlib.pbkdf2_hmac)
--- Python-3.4.0b1/Modules/_hashopenssl.c.hashlib-fips 2013-11-24 21:36:56.000000000 +0100
+++ Python-3.4.0b1/Modules/_hashopenssl.c 2013-11-27 12:01:57.443537463 +0100
@@ -19,6 +19,8 @@
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 44765ac..b8cf490 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -20,6 +20,8 @@
/* EVP is the preferred interface to hashing in OpenSSL */
@ -290,7 +294,7 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
/* We use the object interface to discover what hashes OpenSSL supports. */
@@ -48,11 +50,19 @@
@@ -45,11 +47,19 @@ typedef struct {
static PyTypeObject EVPtype;
@ -314,7 +318,7 @@
DEFINE_CONSTS_FOR_NEW(md5)
DEFINE_CONSTS_FOR_NEW(sha1)
@@ -97,6 +107,48 @@
@@ -92,6 +102,48 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len)
}
}
@ -363,7 +367,7 @@
/* Internal methods for a hash object */
static void
@@ -281,15 +333,16 @@
@@ -259,15 +311,16 @@ EVP_repr(EVPobject *self)
static int
EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
{
@ -383,7 +387,7 @@
return -1;
}
@@ -310,7 +363,12 @@
@@ -288,7 +341,12 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
PyBuffer_Release(&view);
return -1;
}
@ -397,7 +401,7 @@
self->name = name_obj;
Py_INCREF(self->name);
@@ -394,7 +452,8 @@
@@ -372,7 +430,8 @@ static PyTypeObject EVPtype = {
static PyObject *
EVPnew(PyObject *name_obj,
const EVP_MD *digest, const EVP_MD_CTX *initial_ctx,
@ -407,7 +411,7 @@
{
EVPobject *self;
@@ -409,7 +468,12 @@
@@ -387,7 +446,12 @@ EVPnew(PyObject *name_obj,
if (initial_ctx) {
EVP_MD_CTX_copy(&self->ctx, initial_ctx);
} else {
@ -421,7 +425,7 @@
}
if (cp && len) {
@@ -433,21 +497,29 @@
@@ -411,21 +475,29 @@ PyDoc_STRVAR(EVP_new__doc__,
An optional string argument may be provided and will be\n\
automatically hashed.\n\
\n\
@ -455,17 +459,17 @@
return NULL;
}
@@ -461,7 +533,8 @@
@@ -439,7 +511,8 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
digest = EVP_get_digestbyname(name);
- ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len);
+ ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len,
+ usedforsecurity);
+ usedforsecurity);
if (data_obj)
PyBuffer_Release(&view);
@@ -742,57 +815,115 @@
@@ -722,57 +795,114 @@ generate_hash_name_list(void)
/*
@ -508,8 +512,8 @@
+ return implement_specific_EVP_new(self, args, kwdict, \
+ "|Oi:" #NAME, \
+ &cached_info_ ## NAME ); \
+ }
+
}
+static PyObject *
+implement_specific_EVP_new(PyObject *self, PyObject *args, PyObject *kwdict,
+ const char *format,
@ -554,8 +558,8 @@
+ } else {
+ PyErr_SetString(PyExc_ValueError, "Error initializing hash");
+ }
}
+ }
+
+ if (data_obj)
+ PyBuffer_Release(&view);
+
@ -614,11 +618,10 @@
+ }
+ }
+}
+
GEN_CONSTRUCTOR(md5)
GEN_CONSTRUCTOR(sha1)
@@ -843,13 +974,10 @@
@@ -819,13 +949,10 @@ PyInit__hashlib(void)
{
PyObject *m, *openssl_md_meth_names;

12
00200-gettext-plural-fix.patch
View File

@ -1,12 +0,0 @@
diff -up Python-2.5.1/Lib/gettext.py.plural Python-2.5.1/Lib/gettext.py
--- Python-2.5.1/Lib/gettext.py.plural 2007-09-10 11:38:57.000000000 -0400
+++ Python-2.5.1/Lib/gettext.py 2007-09-10 11:39:00.000000000 -0400
@@ -299,6 +299,8 @@ class GNUTranslations(NullTranslations):
item = b_item.decode().strip()
if not item:
continue
+ if item.startswith("#"):
+ continue
if ':' in item:
k, v = item.split(':', 1)
k = k.strip().lower()

10
00201-fix-memory-leak-in-gdbm.patch
View File

@ -1,10 +0,0 @@
--- Modules/_gdbmmodule.c.orig 2013-07-08 14:54:27.803790151 +0200
+++ Modules/_gdbmmodule.c 2013-07-08 14:55:25.006672443 +0200
@@ -106,6 +106,7 @@
if(okey.dsize) free(okey.dptr);
okey=key;
}
+ if(okey.dsize) free(okey.dptr);
dp->di_size = size;
}
return dp->di_size;

11
00203-disable-threading-test-koji.patch
View File

@ -1,11 +0,0 @@
diff -up Python-3.4.3/Lib/test/test_threading.py.mstuchli Python-3.4.3/Lib/test/test_threading.py
--- Python-3.4.3/Lib/test/test_threading.py.mstuchli 2015-03-10 10:00:42.917355215 +0100
+++ Python-3.4.3/Lib/test/test_threading.py 2015-03-10 10:00:47.735373842 +0100
@@ -988,6 +988,7 @@ class ThreadingExceptionTests(BaseTestCa
self.assertIn("ZeroDivisionError", err)
self.assertNotIn("Unhandled exception", err)
+ @unittest.skip('Fails in Koji due to mishandled signals')
def test_print_exception_stderr_is_none_1(self):
script = r"""if True:
import sys

56
00207-math-once.patch
View File

@ -1,56 +0,0 @@
--- Python-3.5.1/Makefile.pre.in.kh 2015-12-17 05:51:08.466546157 -0500
+++ Python-3.5.1/Makefile.pre.in 2015-12-17 05:52:26.207761635 -0500
@@ -587,11 +587,15 @@ pybuilddir.txt: $(BUILDPYTHON)
exit 1 ; \
fi
+# This is shared by the math and cmath modules
+Modules/_math.o: Modules/_math.c Modules/_math.h
+ $(CC) -c $(CCSHARED) $(PY_CORE_CFLAGS) -o $@ $<
+
# Build the shared modules
# Under GNU make, MAKEFLAGS are sorted and normalized; the 's' for
# -s, --silent or --quiet is always the first char.
# Under BSD make, MAKEFLAGS might be " -s -v x=y".
-sharedmods: $(BUILDPYTHON) pybuilddir.txt
+sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o
@case "$$MAKEFLAGS" in \
*\ -s*|s*) quiet="-q";; \
*) quiet="";; \
--- Python-3.5.1/Misc/NEWS.kh 2015-12-17 05:53:40.898929946 -0500
+++ Python-3.5.1/Misc/NEWS 2015-12-17 05:54:28.599676136 -0500
@@ -464,6 +464,10 @@ Build
- Issue #24986: It is now possible to build Python on Windows without errors
when external libraries are not available.
+- Issue #24421: Compile Modules/_math.c once, before building extensions.
+ Previously it could fail to compile properly if the math and cmath builds
+ were concurrent.
+
Windows
-------
--- Python-3.5.1/setup.py.kh 2015-12-17 06:38:30.950955607 -0500
+++ Python-3.5.1/setup.py 2015-12-17 06:42:32.074722493 -0500
@@ -582,13 +582,17 @@ class PyBuildExt(build_ext):
# array objects
exts.append( Extension('array', ['arraymodule.c']) )
+
+ shared_math = 'Modules/_math.o'
# complex math library functions
- exts.append( Extension('cmath', ['cmathmodule.c', '_math.c'],
- depends=['_math.h'],
+ exts.append( Extension('cmath', ['cmathmodule.c'],
+ extra_objects=[shared_math],
+ depends=['_math.h', shared_math],
libraries=math_libs) )
# math library functions, e.g. sin()
- exts.append( Extension('math', ['mathmodule.c', '_math.c'],
- depends=['_math.h'],
+ exts.append( Extension('math', ['mathmodule.c'],
+ extra_objects=[shared_math],
+ depends=['_math.h', shared_math],
libraries=math_libs) )
# time libraries: librt may be needed for clock_gettime()

11
00208-disable-test_with_pip-on-ppc.patch
View File

@ -1,11 +0,0 @@
diff -up Python-3.5.1/Lib/test/test_venv.py.1292467 Python-3.5.1/Lib/test/test_venv.py
--- Python-3.5.1/Lib/test/test_venv.py.1292467 2015-12-21 13:37:44.740190595 +0100
+++ Python-3.5.1/Lib/test/test_venv.py 2015-12-21 13:40:25.707911828 +0100
@@ -319,6 +319,7 @@ class EnsurePipTest(BaseTest):
# Requesting pip fails without SSL (http://bugs.python.org/issue19744)
@unittest.skipIf(ssl is None, ensurepip._MISSING_SSL_MESSAGE)
+ @unittest.skip('rhbz#1292467')
def test_with_pip(self):
rmtree(self.env_dir)
with EnvironmentVarGuard() as envvars:

35
00237-Raise-an-error-when-STARTTLS-fails.patch
View File

@ -1,35 +0,0 @@
From 761db274ca898f8a92348ed5979d3d3c1b0d634a Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Fri, 17 Jun 2016 16:08:11 +0200
Subject: [PATCH] Raise an error when STARTTLS fails
CVE-2016-0772 python: smtplib StartTLS stripping attack
rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
rhbz#1346345: https://bugzilla.redhat.com/show_bug.cgi?id=1346345
Based on an upstream change by Benjamin Peterson <benjamin@python.org>
- in changeset 101887:d590114c2394 3.4
- https://hg.python.org/cpython/rev/d590114c2394
---
Lib/smtplib.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index 4756973..dfbf5f9 100755
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -773,6 +773,11 @@ class SMTP:
self.ehlo_resp = None
self.esmtp_features = {}
self.does_esmtp = 0
+ else:
+ # RFC 3207:
+ # 501 Syntax error (no parameters allowed)
+ # 454 TLS not available due to temporary reason
+ raise SMTPResponseException(resp, reply)
return (resp, reply)
def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
--
2.5.5

39
00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch
View File

@ -1,39 +0,0 @@
From 531dfa4bcfe55d5cd1524425944b07c5b02bddf9 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Fri, 8 Jul 2016 17:16:41 +0200
Subject: [PATCH] CVE-2016-5636 fix
---
Modules/zipimport.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
index 06abb31..4d0d1de 100644
--- a/Modules/zipimport.c
+++ b/Modules/zipimport.c
@@ -1076,6 +1076,10 @@ get_data(PyObject *archive, PyObject *toc_entry)
&date, &crc)) {
return NULL;
}
+ if (data_size < 0) {
+ PyErr_Format(ZipImportError, "negative data size");
+ return NULL;
+ }
fp = _Py_fopen_obj(archive, "rb");
if (!fp)
@@ -1112,6 +1116,11 @@ get_data(PyObject *archive, PyObject *toc_entry)
}
file_offset += l; /* Start of file data */
+ if (data_size > LONG_MAX - 1) {
+ fclose(fp);
+ PyErr_NoMemory();
+ return NULL;
+ }
bytes_size = compress == 0 ? data_size : data_size + 1;
if (bytes_size == 0)
bytes_size++;
--
2.7.4

57
00242-CVE-2016-1000110-httpoxy.patch
View File

@ -1,20 +1,8 @@
# HG changeset patch
# User Senthil Kumaran <senthil@uthcode.com>
# Date 1469947146 25200
# Node ID a0ac52ed8f7918222603b584ec8fc93d9b7bc0a5
# Parent 4cb94e561e2db9865fb4d752f2bceefca4c6819a# Parent 3c19023c9fec5a615c25598468b44fade89049ce
[merge from 3.4] - Prevent HTTPoxy attack (CVE-2016-1000110)
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue #27568 Reported and patch contributed by Rémi Rampin.
diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst
index 24a4156..d2c7991 100644
--- a/Doc/howto/urllib2.rst
+++ b/Doc/howto/urllib2.rst
@@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ han
@@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ handler: ::
through a proxy. However, this can be enabled by extending urllib.request as
shown in the recipe [#]_.
@ -27,11 +15,12 @@ diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst
Sockets and Layers
==================
diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst
index 6c1bfb8..1291aeb 100644
--- a/Doc/library/urllib.request.rst
+++ b/Doc/library/urllib.request.rst
@@ -166,6 +166,16 @@ The :mod:`urllib.request` module defines the following functions:
cannot find it, looks for proxy information from Mac OSX System
Configuration for Mac OS X and Windows Systems Registry for Windows.
@@ -173,6 +173,16 @@ The :mod:`urllib.request` module defines the following functions:
If both lowercase and uppercase environment variables exist (and disagree),
lowercase is preferred.
+ .. note::
+
@ -46,25 +35,25 @@ diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst
The following classes are provided:
@@ -275,6 +285,12 @@ The following classes are provided:
@@ -280,6 +290,11 @@ The following classes are provided:
list of hostname suffixes, optionally with ``:port`` appended, for example
``cern.ch,ncsa.uiuc.edu,some.host:8080``.
To disable autodetected proxy pass an empty dictionary.
+ .. note::
+ .. note::
+
+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set;
+ see the documentation on :func:`~urllib.request.getproxies`.
+
+
.. class:: HTTPPasswordMgr()
diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
index 5d05f8d..c26c52a 100644
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -225,6 +225,18 @@ class ProxyTests(unittest.TestCase):
self.env.set('NO_PROXY', 'localhost, anotherdomain.com, newdomain.com')
self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com'))
@@ -232,6 +232,18 @@ class ProxyTests(unittest.TestCase):
self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com:8888'))
self.assertTrue(urllib.request.proxy_bypass_environment('newdomain.com:1234'))
+ def test_proxy_cgi_ignore(self):
+ try:
@ -78,13 +67,14 @@ diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+ self.env.unset('REQUEST_METHOD')
+ self.env.unset('HTTP_PROXY')
+
class urlopen_HttpTests(unittest.TestCase, FakeHTTPMixin, FakeFTPMixin):
"""Test urlopen() opening a fake http connection."""
def test_proxy_bypass_environment_host_match(self):
bypass = urllib.request.proxy_bypass_environment
self.env.set('NO_PROXY',
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index 1731fe3..3be327d 100644
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -2394,6 +2394,12 @@ def getproxies_environment():
@@ -2412,6 +2412,12 @@ def getproxies_environment():
name = name.lower()
if value and name[-6:] == '_proxy':
proxies[name[:-6]] = value
@ -93,8 +83,7 @@ diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
+ # header from the client
+ # If "proxy" is lowercase, it will still be used thanks to the next block
+ if 'REQUEST_METHOD' in os.environ:
+ proxies.pop('http', None)
return proxies
def proxy_bypass_environment(host):
+ proxies.pop('http', None)
for name, value in os.environ.items():
if name[-6:] == '_proxy':
name = name.lower()

72
05000-autotool-intermediates.patch
View File

@ -1,72 +0,0 @@
diff -up ./configure.autotool-intermediates ./configure
--- ./configure.autotool-intermediates 2013-04-09 14:52:49.831773426 +0200
+++ ./configure 2013-04-09 14:52:53.204765347 +0200
@@ -802,6 +802,8 @@ with_thread
enable_ipv6
with_doc_strings
with_tsc
+with_count_allocs
+with_call_profile
with_pymalloc
with_valgrind
with_systemtap
@@ -1479,6 +1481,8 @@ Optional Packages:
deprecated; use --with(out)-threads
--with(out)-doc-strings disable/enable documentation strings
--with(out)-tsc enable/disable timestamp counter profile
+ --with(out)count-allocs enable/disable per-type instance accounting
+ --with(out)-call-profile enable/disable statistics on function call invocation
--with(out)-pymalloc disable/enable specialized mallocs
--with-valgrind Enable Valgrind support
--with(out)-systemtap disable/enable SystemTap support
@@ -10117,6 +10121,50 @@ $as_echo "#define WITH_TSC 1" >>confdefs
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
+else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-count-allocs" >&5
+$as_echo_n "checking for --with-count-allocs... " >&6; }
+
+# Check whether --with-count-allocs was given.
+if test "${with_count_allocs+set}" = set; then :
+ withval=$with_count_allocs;
+if test "$withval" != no
+then
+
+$as_echo "#define COUNT_ALLOCS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-call-profile" >&5
+$as_echo_n "checking for --with-call-profile... " >&6; }
+
+# Check whether --with-call-profile was given.
+if test "${with_call_profile+set}" = set; then :
+ withval=$with_call_profile;
+if test "$withval" != no
+then
+
+$as_echo "#define CALL_PROFILE 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi

75
python3.spec
View File

@ -111,8 +111,8 @@
# ==================
Summary: Version 3 of the Python programming language aka Python 3000
Name: python3
Version: %{pybasever}.1
Release: 15%{?dist}
Version: %{pybasever}.2
Release: 1%{?dist}
License: Python
Group: Development/Languages
@ -382,31 +382,6 @@ Patch188: 00188-fix-lib2to3-tests-when-hashlib-doesnt-compile-properly.patch
Patch189: 00189-add-rewheel-module.patch
%endif
# 00194 #
# Tests requiring SIGHUP to work don't work in Koji
# see rhbz#1088233
Patch194: temporarily-disable-tests-requiring-SIGHUP.patch
# 00196 #
# Fix test_gdb failure on ppc64le
Patch196: 00196-test-gdb-match-addr-before-builtin.patch
# 00200 #
# Fix for gettext plural form headers (lines that begin with "#")
# Note: Backported from scl
Patch200: 00200-gettext-plural-fix.patch
# 00201 #
# Fixes memory leak in gdbm module (rhbz#977308)
# This was upstreamed as a part of bigger patch, but for our purposes
# this is ok: http://bugs.python.org/issue18404
# Note: Backported from scl
Patch201: 00201-fix-memory-leak-in-gdbm.patch
# 00203 #
# test_threading fails in koji dues to it's handling of signals
Patch203: 00203-disable-threading-test-koji.patch
# 00205 #
# LIBPL variable in makefile takes LIBPL from configure.ac
# but the LIBPL variable defined there doesn't respect libdir macro
@ -417,40 +392,12 @@ Patch205: 00205-make-libpl-respect-lib64.patch
# by debian but fedora infra uses only eabi without hf
Patch206: 00206-remove-hf-from-arm-triplet.patch
# 00207 #
# Avoid truncated _math.o files caused by parallel builds
# modified version of https://bugs.python.org/issue24421
# rhbz#1292461
Patch207: 00207-math-once.patch
# 00208 #
# test_with_pip (test.test_venv.EnsurePipTest) fails on ppc64*
# rhbz#1292467
Patch208: 00208-disable-test_with_pip-on-ppc.patch
# 00209 #
# Fix test breakage with version 2.2.0 of Expat
# rhbz#1353918: https://bugzilla.redhat.com/show_bug.cgi?id=1353918
# FIXED UPSTREAM: http://bugs.python.org/issue27369
Patch209: 00209-fix-test-pyexpat-failure.patch
# 00237 #
# CVE-2016-0772 python: smtplib StartTLS stripping attack
# rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
# rhbz#1346345: https://bugzilla.redhat.com/show_bug.cgi?id=1346345
# FIXED UPSTREAM: https://hg.python.org/cpython/rev/d590114c2394
# Raise an error when STARTTLS fails
Patch237: 00237-Raise-an-error-when-STARTTLS-fails.patch
# 00241 #
# CVE-2016-5636: http://seclists.org/oss-sec/2016/q2/560
# rhbz#1345859: https://bugzilla.redhat.com/show_bug.cgi?id=1345859
# https://hg.python.org/cpython/rev/10dad6da1b28/
# https://hg.python.org/cpython/rev/5533a9e02b21
# Fix possible integer overflow and heap corruption in zipimporter.get_data()
# FIXED UPSTREAM: https://bugs.python.org/issue26171
Patch241: 00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch
# 00242 #
# HTTPoxy attack (CVE-2016-1000110)
# https://httpoxy.org/
@ -659,7 +606,7 @@ for f in md5module.c sha1module.c sha256module.c sha512module.c; do
done
%if 0%{with_rewheel}
%global pip_version 7.1.0
%global pip_version 8.1.2
sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/ensurepip/__init__.py
%endif
@ -696,16 +643,9 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en
%patch189 -p1
%endif
%patch194 -p1
%patch196 -p1
%patch203 -p1
%patch205 -p1
%patch206 -p1
%patch207 -p1
%patch208 -p1
%patch209 -p1
%patch237 -p1
%patch241 -p1
%patch242 -p1
%patch243 -p1
@ -1612,6 +1552,15 @@ rm -fr %{buildroot}
# ======================================================
%changelog
* Mon Aug 15 2016 Tomas Orsava <torsava@redhat.com> - 3.5.2-1
- Rebased to version 3.5.2
- Set to work with pip version 8.1.2
- Removed patches 207, 237, 241 as fixes are already contained in Python 3.5.2
- Removed arch or environment specific patches 194, 196, 203, and 208
as test builds indicate they are no longer needed
- Updated patches 102, 146, and 242 to work with the new Python codebase
- Removed patches 200, 201, 5000 which weren't even being applied
* Tue Aug 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 3.5.1-15
- Fix for CVE-2016-1000110 HTTPoxy attack
- SPEC file cleanup