commit d1f8eb6041dba3a72f1a2b42f938e75f2919be54 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:14:30 2019 -0400 Package init diff --git a/00102-2.7.13-lib64.patch b/00102-2.7.13-lib64.patch new file mode 100644 index 0000000..02d3f6c --- /dev/null +++ b/00102-2.7.13-lib64.patch @@ -0,0 +1,193 @@ +diff --git a/Lib/distutils/command/install.py b/Lib/distutils/command/install.py +index b9f1c6c..7b23714 100644 +--- a/Lib/distutils/command/install.py ++++ b/Lib/distutils/command/install.py +@@ -42,14 +42,14 @@ else: + INSTALL_SCHEMES = { + 'unix_prefix': { + 'purelib': '$base/lib/python$py_version_short/site-packages', +- 'platlib': '$platbase/lib/python$py_version_short/site-packages', ++ 'platlib': '$platbase/lib64/python$py_version_short/site-packages', + 'headers': '$base/include/python$py_version_short/$dist_name', + 'scripts': '$base/bin', + 'data' : '$base', + }, + 'unix_home': { + 'purelib': '$base/lib/python', +- 'platlib': '$base/lib/python', ++ 'platlib': '$base/lib64/python', + 'headers': '$base/include/python/$dist_name', + 'scripts': '$base/bin', + 'data' : '$base', +diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py +index 031f809..ec5d584 100644 +--- a/Lib/distutils/sysconfig.py ++++ b/Lib/distutils/sysconfig.py +@@ -120,8 +120,12 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None): + prefix = plat_specific and EXEC_PREFIX or PREFIX + + if os.name == "posix": ++ if plat_specific or standard_lib: ++ lib = "lib64" ++ else: ++ lib = "lib" + libpython = os.path.join(prefix, +- "lib", "python" + get_python_version()) ++ lib, "python" + get_python_version()) + if standard_lib: + return libpython + else: +diff --git a/Lib/site.py b/Lib/site.py +index c360802..868b7cb 100644 +--- a/Lib/site.py ++++ b/Lib/site.py +@@ -288,12 +288,16 @@ def getsitepackages(): + if sys.platform in ('os2emx', 'riscos'): + sitepackages.append(os.path.join(prefix, "Lib", "site-packages")) + elif os.sep == '/': ++ sitepackages.append(os.path.join(prefix, "lib64", ++ "python" + sys.version[:3], ++ "site-packages")) + sitepackages.append(os.path.join(prefix, "lib", + "python" + sys.version[:3], + "site-packages")) + sitepackages.append(os.path.join(prefix, "lib", "site-python")) + else: + sitepackages.append(prefix) ++ sitepackages.append(os.path.join(prefix, "lib64", "site-packages")) + sitepackages.append(os.path.join(prefix, "lib", "site-packages")) + return sitepackages + +diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py +index b4384ee..349f688 100644 +--- a/Lib/test/test_site.py ++++ b/Lib/test/test_site.py +@@ -254,17 +254,20 @@ class HelperFunctionsTests(unittest.TestCase): + self.assertEqual(dirs[0], wanted) + elif os.sep == '/': + # OS X, Linux, FreeBSD, etc +- self.assertEqual(len(dirs), 2) +- wanted = os.path.join('xoxo', 'lib', 'python' + sys.version[:3], ++ self.assertEqual(len(dirs), 3) ++ wanted = os.path.join('xoxo', 'lib64', 'python' + sys.version[:3], + 'site-packages') + self.assertEqual(dirs[0], wanted) +- wanted = os.path.join('xoxo', 'lib', 'site-python') ++ wanted = os.path.join('xoxo', 'lib', 'python' + sys.version[:3], ++ 'site-packages') + self.assertEqual(dirs[1], wanted) ++ wanted = os.path.join('xoxo', 'lib', 'site-python') ++ self.assertEqual(dirs[2], wanted) + else: + # other platforms + self.assertEqual(len(dirs), 2) + self.assertEqual(dirs[0], 'xoxo') +- wanted = os.path.join('xoxo', 'lib', 'site-packages') ++ wanted = os.path.join('xoxo', 'lib64', 'site-packages') + self.assertEqual(dirs[1], wanted) + + def test_no_home_directory(self): +diff --git a/Makefile.pre.in b/Makefile.pre.in +index 4f59dd3..877698c 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -110,7 +110,7 @@ LIBDIR= @libdir@ + MANDIR= @mandir@ + INCLUDEDIR= @includedir@ + CONFINCLUDEDIR= $(exec_prefix)/include +-SCRIPTDIR= $(prefix)/lib ++SCRIPTDIR= $(prefix)/lib64 + + # Detailed destination directories + BINLIBDEST= $(LIBDIR)/python$(VERSION) +diff --git a/Modules/Setup.dist b/Modules/Setup.dist +index 2cf35a9..c4c88cb 100644 +--- a/Modules/Setup.dist ++++ b/Modules/Setup.dist +@@ -231,7 +231,7 @@ crypt cryptmodule.c # -lcrypt # crypt(3); needs -lcrypt on some systems + # Some more UNIX dependent modules -- off by default, since these + # are not supported by all UNIX systems: + +-nis nismodule.c -lnsl -ltirpc -I/usr/include/tirpc -I/usr/include/nsl -L/usr/lib/nsl ++nis nismodule.c -lnsl -ltirpc -I/usr/include/tirpc -I/usr/include/nsl -L/usr/lib64/nsl + termios termios.c # Steen Lumholt's termios module + resource resource.c # Jeremy Hylton's rlimit interface + +@@ -416,7 +416,7 @@ gdbm gdbmmodule.c -lgdbm + # Edit the variables DB and DBLIBVERto point to the db top directory + # and the subdirectory of PORT where you built it. + DBINC=/usr/include/libdb +-DBLIB=/usr/lib ++DBLIB=/usr/lib64 + _bsddb _bsddb.c -I$(DBINC) -L$(DBLIB) -ldb + + # Historical Berkeley DB 1.85 +@@ -462,7 +462,7 @@ cPickle cPickle.c + # Andrew Kuchling's zlib module. + # This require zlib 1.1.3 (or later). + # See http://www.gzip.org/zlib/ +-zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib -lz ++zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib64 -lz + + # Interface to the Expat XML parser + # More information on Expat can be found at www.libexpat.org. +diff --git a/Modules/getpath.c b/Modules/getpath.c +index fd33a01..c5c86fd 100644 +--- a/Modules/getpath.c ++++ b/Modules/getpath.c +@@ -108,7 +108,7 @@ static char prefix[MAXPATHLEN+1]; + static char exec_prefix[MAXPATHLEN+1]; + static char progpath[MAXPATHLEN+1]; + static char *module_search_path = NULL; +-static char lib_python[] = "lib/python" VERSION; ++static char lib_python[] = "lib64/python" VERSION; + + static void + reduce(char *dir) +@@ -548,7 +548,7 @@ calculate_path(void) + fprintf(stderr, + "Could not find platform dependent libraries \n"); + strncpy(exec_prefix, EXEC_PREFIX, MAXPATHLEN); +- joinpath(exec_prefix, "lib/lib-dynload"); ++ joinpath(exec_prefix, "lib64/lib-dynload"); + } + /* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */ + +diff --git a/setup.py b/setup.py +index 0288a6b..7905f6f 100644 +--- a/setup.py ++++ b/setup.py +@@ -456,7 +456,7 @@ class PyBuildExt(build_ext): + def detect_modules(self): + # Ensure that /usr/local is always used + if not cross_compiling: +- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib') ++ add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib64') + add_dir_to_list(self.compiler.include_dirs, '/usr/local/include') + if cross_compiling: + self.add_gcc_paths() +@@ -782,11 +782,11 @@ class PyBuildExt(build_ext): + elif curses_library: + readline_libs.append(curses_library) + elif self.compiler.find_library_file(lib_dirs + +- ['/usr/lib/termcap'], ++ ['/usr/lib64/termcap'], + 'termcap'): + readline_libs.append('termcap') + exts.append( Extension('readline', ['readline.c'], +- library_dirs=['/usr/lib/termcap'], ++ library_dirs=['/usr/lib64/termcap'], + extra_link_args=readline_extra_link_args, + libraries=readline_libs) ) + else: +@@ -821,8 +821,8 @@ class PyBuildExt(build_ext): + if krb5_h: + ssl_incs += krb5_h + ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs, +- ['/usr/local/ssl/lib', +- '/usr/contrib/ssl/lib/' ++ ['/usr/local/ssl/lib64', ++ '/usr/contrib/ssl/lib64/' + ] ) + + if (ssl_incs is not None and diff --git a/00104-lib64-fix-for-test_install.patch b/00104-lib64-fix-for-test_install.patch new file mode 100644 index 0000000..7852bf6 --- /dev/null +++ b/00104-lib64-fix-for-test_install.patch @@ -0,0 +1,13 @@ +--- Python-2.7.2/Lib/distutils/tests/test_install.py.lib64 2011-09-08 17:51:57.851405376 -0400 ++++ Python-2.7.2/Lib/distutils/tests/test_install.py 2011-09-08 18:40:46.754205096 -0400 +@@ -41,8 +41,9 @@ class InstallTestCase(support.TempdirMan + self.assertEqual(got, expected) + + libdir = os.path.join(destination, "lib", "python") ++ platlibdir = os.path.join(destination, "lib64", "python") + check_path(cmd.install_lib, libdir) +- check_path(cmd.install_platlib, libdir) ++ check_path(cmd.install_platlib, platlibdir) + check_path(cmd.install_purelib, libdir) + check_path(cmd.install_headers, + os.path.join(destination, "include", "python", "foopkg")) diff --git a/00121-add-Modules-to-build-path.patch b/00121-add-Modules-to-build-path.patch new file mode 100644 index 0000000..6e3294d --- /dev/null +++ b/00121-add-Modules-to-build-path.patch @@ -0,0 +1,13 @@ +--- Python-2.7.5/Lib/site.py.orig 2013-05-16 12:47:55.000000000 +0200 ++++ Python-2.7.5/Lib/site.py 2013-05-16 12:56:20.089058109 +0200 +@@ -529,6 +529,10 @@ def main(): + + abs__file__() + known_paths = removeduppaths() ++ from sysconfig import is_python_build ++ if is_python_build(): ++ from _sysconfigdata import build_time_vars ++ sys.path.append(os.path.join(build_time_vars['abs_builddir'], 'Modules')) + if ENABLE_USER_SITE is None: + ENABLE_USER_SITE = check_enableusersite() + known_paths = addusersitepackages(known_paths) diff --git a/00165-crypt-module-salt-backport.patch b/00165-crypt-module-salt-backport.patch new file mode 100644 index 0000000..0040aae --- /dev/null +++ b/00165-crypt-module-salt-backport.patch @@ -0,0 +1,292 @@ +diff --git a/Doc/library/crypt.rst b/Doc/library/crypt.rst +index 91464ef..6ee64d6 100644 +--- a/Doc/library/crypt.rst ++++ b/Doc/library/crypt.rst +@@ -16,9 +16,9 @@ + + This module implements an interface to the :manpage:`crypt(3)` routine, which is + a one-way hash function based upon a modified DES algorithm; see the Unix man +-page for further details. Possible uses include allowing Python scripts to +-accept typed passwords from the user, or attempting to crack Unix passwords with +-a dictionary. ++page for further details. Possible uses include storing hashed passwords ++so you can check passwords without storing the actual password, or attempting ++to crack Unix passwords with a dictionary. + + .. index:: single: crypt(3) + +@@ -27,15 +27,81 @@ the :manpage:`crypt(3)` routine in the running system. Therefore, any + extensions available on the current implementation will also be available on + this module. + ++Hashing Methods ++--------------- + +-.. function:: crypt(word, salt) ++The :mod:`crypt` module defines the list of hashing methods (not all methods ++are available on all platforms): ++ ++.. data:: METHOD_SHA512 ++ ++ A Modular Crypt Format method with 16 character salt and 86 character ++ hash. This is the strongest method. ++ ++.. versionadded:: 3.3 ++ ++.. data:: METHOD_SHA256 ++ ++ Another Modular Crypt Format method with 16 character salt and 43 ++ character hash. ++ ++.. versionadded:: 3.3 ++ ++.. data:: METHOD_MD5 ++ ++ Another Modular Crypt Format method with 8 character salt and 22 ++ character hash. ++ ++.. versionadded:: 3.3 ++ ++.. data:: METHOD_CRYPT ++ ++ The traditional method with a 2 character salt and 13 characters of ++ hash. This is the weakest method. ++ ++.. versionadded:: 3.3 ++ ++ ++Module Attributes ++----------------- ++ ++ ++.. attribute:: methods ++ ++ A list of available password hashing algorithms, as ++ ``crypt.METHOD_*`` objects. This list is sorted from strongest to ++ weakest, and is guaranteed to have at least ``crypt.METHOD_CRYPT``. ++ ++.. versionadded:: 3.3 ++ ++ ++Module Functions ++---------------- ++ ++The :mod:`crypt` module defines the following functions: ++ ++.. function:: crypt(word, salt=None) + + *word* will usually be a user's password as typed at a prompt or in a graphical +- interface. *salt* is usually a random two-character string which will be used +- to perturb the DES algorithm in one of 4096 ways. The characters in *salt* must +- be in the set ``[./a-zA-Z0-9]``. Returns the hashed password as a string, which +- will be composed of characters from the same alphabet as the salt (the first two +- characters represent the salt itself). ++ interface. The optional *salt* is either a string as returned from ++ :func:`mksalt`, one of the ``crypt.METHOD_*`` values (though not all ++ may be available on all platforms), or a full encrypted password ++ including salt, as returned by this function. If *salt* is not ++ provided, the strongest method will be used (as returned by ++ :func:`methods`. ++ ++ Checking a password is usually done by passing the plain-text password ++ as *word* and the full results of a previous :func:`crypt` call, ++ which should be the same as the results of this call. ++ ++ *salt* (either a random 2 or 16 character string, possibly prefixed with ++ ``$digit$`` to indicate the method) which will be used to perturb the ++ encryption algorithm. The characters in *salt* must be in the set ++ ``[./a-zA-Z0-9]``, with the exception of Modular Crypt Format which ++ prefixes a ``$digit$``. ++ ++ Returns the hashed password as a string, which will be composed of ++ characters from the same alphabet as the salt. + + .. index:: single: crypt(3) + +@@ -43,6 +109,27 @@ this module. + different sizes in the *salt*, it is recommended to use the full crypted + password as salt when checking for a password. + ++.. versionchanged:: 3.3 ++ Before version 3.3, *salt* must be specified as a string and cannot ++ accept ``crypt.METHOD_*`` values (which don't exist anyway). ++ ++ ++.. function:: mksalt(method=None) ++ ++ Return a randomly generated salt of the specified method. If no ++ *method* is given, the strongest method available as returned by ++ :func:`methods` is used. ++ ++ The return value is a string either of 2 characters in length for ++ ``crypt.METHOD_CRYPT``, or 19 characters starting with ``$digit$`` and ++ 16 random characters from the set ``[./a-zA-Z0-9]``, suitable for ++ passing as the *salt* argument to :func:`crypt`. ++ ++.. versionadded:: 3.3 ++ ++Examples ++-------- ++ + A simple example illustrating typical use:: + + import crypt, getpass, pwd +@@ -59,3 +146,11 @@ A simple example illustrating typical use:: + else: + return 1 + ++To generate a hash of a password using the strongest available method and ++check it against the original:: ++ ++ import crypt ++ ++ hashed = crypt.crypt(plaintext) ++ if hashed != crypt.crypt(plaintext, hashed): ++ raise "Hashed version doesn't validate against original" +diff --git a/Lib/crypt.py b/Lib/crypt.py +new file mode 100644 +index 0000000..bf0a416 +--- /dev/null ++++ b/Lib/crypt.py +@@ -0,0 +1,71 @@ ++"""Wrapper to the POSIX crypt library call and associated functionality. ++ ++Note that the ``methods`` and ``METHOD_*`` attributes are non-standard ++extensions to Python 2.7, backported from 3.3""" ++ ++import _crypt ++import string as _string ++from random import SystemRandom as _SystemRandom ++from collections import namedtuple as _namedtuple ++ ++ ++_saltchars = _string.ascii_letters + _string.digits + './' ++_sr = _SystemRandom() ++ ++ ++class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')): ++ ++ """Class representing a salt method per the Modular Crypt Format or the ++ legacy 2-character crypt method.""" ++ ++ def __repr__(self): ++ return '' % self.name ++ ++ ++def mksalt(method=None): ++ """Generate a salt for the specified method. ++ ++ If not specified, the strongest available method will be used. ++ ++ This is a non-standard extension to Python 2.7, backported from 3.3 ++ """ ++ if method is None: ++ method = methods[0] ++ s = '$%s$' % method.ident if method.ident else '' ++ s += ''.join(_sr.sample(_saltchars, method.salt_chars)) ++ return s ++ ++ ++def crypt(word, salt=None): ++ """Return a string representing the one-way hash of a password, with a salt ++ prepended. ++ ++ If ``salt`` is not specified or is ``None``, the strongest ++ available method will be selected and a salt generated. Otherwise, ++ ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as ++ returned by ``crypt.mksalt()``. ++ ++ Note that these are non-standard extensions to Python 2.7's crypt.crypt() ++ entrypoint, backported from 3.3: the standard Python 2.7 crypt.crypt() ++ entrypoint requires two strings as the parameters, and does not support ++ keyword arguments. ++ """ ++ if salt is None or isinstance(salt, _Method): ++ salt = mksalt(salt) ++ return _crypt.crypt(word, salt) ++ ++ ++# available salting/crypto methods ++METHOD_CRYPT = _Method('CRYPT', None, 2, 13) ++METHOD_MD5 = _Method('MD5', '1', 8, 34) ++METHOD_SHA256 = _Method('SHA256', '5', 16, 63) ++METHOD_SHA512 = _Method('SHA512', '6', 16, 106) ++ ++methods = [] ++for _method in (METHOD_SHA512, METHOD_SHA256, METHOD_MD5): ++ _result = crypt('', _method) ++ if _result and len(_result) == _method.total_size: ++ methods.append(_method) ++methods.append(METHOD_CRYPT) ++del _result, _method ++ +diff --git a/Lib/test/test_crypt.py b/Lib/test/test_crypt.py +index 7cd9c71..b061a55 100644 +--- a/Lib/test/test_crypt.py ++++ b/Lib/test/test_crypt.py +@@ -16,6 +16,25 @@ class CryptTestCase(unittest.TestCase): + self.assertEqual(cr2, cr) + + ++ def test_salt(self): ++ self.assertEqual(len(crypt._saltchars), 64) ++ for method in crypt.methods: ++ salt = crypt.mksalt(method) ++ self.assertEqual(len(salt), ++ method.salt_chars + (3 if method.ident else 0)) ++ ++ def test_saltedcrypt(self): ++ for method in crypt.methods: ++ pw = crypt.crypt('assword', method) ++ self.assertEqual(len(pw), method.total_size) ++ pw = crypt.crypt('assword', crypt.mksalt(method)) ++ self.assertEqual(len(pw), method.total_size) ++ ++ def test_methods(self): ++ # Gurantee that METHOD_CRYPT is the last method in crypt.methods. ++ self.assertTrue(len(crypt.methods) >= 1) ++ self.assertEqual(crypt.METHOD_CRYPT, crypt.methods[-1]) ++ + def test_main(): + test_support.run_unittest(CryptTestCase) + +diff --git a/Modules/Setup.dist b/Modules/Setup.dist +index 2712f06..3ea4f0c 100644 +--- a/Modules/Setup.dist ++++ b/Modules/Setup.dist +@@ -225,7 +225,7 @@ _ssl _ssl.c \ + # + # First, look at Setup.config; configure may have set this for you. + +-crypt cryptmodule.c # -lcrypt # crypt(3); needs -lcrypt on some systems ++_crypt _cryptmodule.c -lcrypt # crypt(3); needs -lcrypt on some systems + + + # Some more UNIX dependent modules -- off by default, since these +diff --git a/Modules/cryptmodule.c b/Modules/cryptmodule.c +index 76de54f..7c69ca6 100644 +--- a/Modules/cryptmodule.c ++++ b/Modules/cryptmodule.c +@@ -43,7 +43,7 @@ static PyMethodDef crypt_methods[] = { + }; + + PyMODINIT_FUNC +-initcrypt(void) ++init_crypt(void) + { +- Py_InitModule("crypt", crypt_methods); ++ Py_InitModule("_crypt", crypt_methods); + } +diff --git a/setup.py b/setup.py +index b787487..c60ac35 100644 +--- a/setup.py ++++ b/setup.py +@@ -798,7 +798,7 @@ class PyBuildExt(build_ext): + libs = ['crypt'] + else: + libs = [] +- exts.append( Extension('crypt', ['cryptmodule.c'], libraries=libs) ) ++ exts.append( Extension('_crypt', ['_cryptmodule.c'], libraries=libs) ) + + # CSV files + exts.append( Extension('_csv', ['_csv.c']) ) diff --git a/00187-add-RPATH-to-pyexpat.patch b/00187-add-RPATH-to-pyexpat.patch new file mode 100644 index 0000000..0ac5227 --- /dev/null +++ b/00187-add-RPATH-to-pyexpat.patch @@ -0,0 +1,25 @@ +diff -r e8b8279ca118 setup.py +--- a/setup.py Sun Jul 21 21:57:52 2013 -0400 ++++ b/setup.py Tue Aug 20 09:45:31 2013 +0200 +@@ -1480,12 +1480,21 @@ + 'expat/xmltok_impl.h' + ] + ++ # Add an explicit RPATH to pyexpat.so pointing at the directory ++ # containing the system expat (which has the extra XML_SetHashSalt ++ # symbol), to avoid an ImportError with a link error if there's an ++ # LD_LIBRARY_PATH containing a "vanilla" build of expat (without the ++ # symbol) (rhbz#833271): ++ EXPAT_RPATH = '/usr/lib64' if sys.maxint == 0x7fffffffffffffff else '/usr/lib' ++ ++ + exts.append(Extension('pyexpat', + define_macros = define_macros, + include_dirs = expat_inc, + libraries = expat_lib, + sources = ['pyexpat.c'] + expat_sources, + depends = expat_depends, ++ extra_link_args = ['-Wl,-rpath,%s' % EXPAT_RPATH] + )) + + # Fredrik Lundh's cElementTree module. Note that this also diff --git a/00189-use-rpm-wheels.patch b/00189-use-rpm-wheels.patch new file mode 100644 index 0000000..76a1324 --- /dev/null +++ b/00189-use-rpm-wheels.patch @@ -0,0 +1,70 @@ +diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py +index 5021ebf..1903cc0 100644 +--- a/Lib/ensurepip/__init__.py ++++ b/Lib/ensurepip/__init__.py +@@ -1,9 +1,10 @@ + #!/usr/bin/env python2 + from __future__ import print_function + ++import distutils.version ++import glob + import os + import os.path +-import pkgutil + import shutil + import sys + import tempfile +@@ -12,9 +13,19 @@ import tempfile + __all__ = ["version", "bootstrap"] + + +-_SETUPTOOLS_VERSION = "40.6.2" ++_WHEEL_DIR = "/usr/share/python-wheels/" + +-_PIP_VERSION = "18.1" ++def _get_most_recent_wheel_version(pkg): ++ prefix = os.path.join(_WHEEL_DIR, "{}-".format(pkg)) ++ suffix = "-py2.py3-none-any.whl" ++ pattern = "{}*{}".format(prefix, suffix) ++ versions = (p[len(prefix):-len(suffix)] for p in glob.glob(pattern)) ++ return str(max(versions, key=distutils.version.LooseVersion)) ++ ++ ++_SETUPTOOLS_VERSION = _get_most_recent_wheel_version("setuptools") ++ ++_PIP_VERSION = _get_most_recent_wheel_version("pip") + + _PROJECTS = [ + ("setuptools", _SETUPTOOLS_VERSION), +@@ -28,8 +39,13 @@ def _run_pip(args, additional_paths=None): + sys.path = additional_paths + sys.path + + # Install the bundled software +- import pip._internal +- return pip._internal.main(args) ++ try: ++ # pip 10 ++ from pip._internal import main ++ except ImportError: ++ # pip 9 ++ from pip import main ++ return main(args) + + + def version(): +@@ -100,12 +116,9 @@ def _bootstrap(root=None, upgrade=False, user=False, + additional_paths = [] + for project, version in _PROJECTS: + wheel_name = "{}-{}-py2.py3-none-any.whl".format(project, version) +- whl = pkgutil.get_data( +- "ensurepip", +- "_bundled/{}".format(wheel_name), +- ) +- with open(os.path.join(tmpdir, wheel_name), "wb") as fp: +- fp.write(whl) ++ with open(os.path.join(_WHEEL_DIR, wheel_name), "rb") as sfp: ++ with open(os.path.join(tmpdir, wheel_name), "wb") as fp: ++ fp.write(sfp.read()) + + additional_paths.append(os.path.join(tmpdir, wheel_name)) + diff --git a/00193-enable-loading-sqlite-extensions.patch b/00193-enable-loading-sqlite-extensions.patch new file mode 100644 index 0000000..36d053a --- /dev/null +++ b/00193-enable-loading-sqlite-extensions.patch @@ -0,0 +1,11 @@ +--- Python-2.7.5/setup.py.orig 2013-05-11 20:32:54.000000000 -0700 ++++ Python-2.7.5/setup.py 2014-02-18 14:16:07.999004901 -0800 +@@ -1168,7 +1168,7 @@ class PyBuildExt(build_ext): + sqlite_defines.append(('MODULE_NAME', '\\"sqlite3\\"')) + + # Comment this out if you want the sqlite3 module to be able to load extensions. +- sqlite_defines.append(("SQLITE_OMIT_LOAD_EXTENSION", "1")) ++ #sqlite_defines.append(("SQLITE_OMIT_LOAD_EXTENSION", "1")) + + if host_platform == 'darwin': + # In every directory on the search path search for a dynamic diff --git a/0342-bpo-36126-Fix-ref-count-leakage-in-structseq_repr.-G.patch b/0342-bpo-36126-Fix-ref-count-leakage-in-structseq_repr.-G.patch new file mode 100644 index 0000000..b941ed9 --- /dev/null +++ b/0342-bpo-36126-Fix-ref-count-leakage-in-structseq_repr.-G.patch @@ -0,0 +1,25 @@ +From 69b4a17f342146d6b7a73975a37678db9916aa75 Mon Sep 17 00:00:00 2001 +From: "Gao, Xiang" +Date: Thu, 28 Feb 2019 08:18:48 -0500 +Subject: [PATCH 342/362] bpo-36126: Fix ref count leakage in structseq_repr. + (GH-12035) + +--- + Objects/structseq.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Objects/structseq.c b/Objects/structseq.c +index 3e45840..aee9528 100644 +--- a/Objects/structseq.c ++++ b/Objects/structseq.c +@@ -266,6 +266,7 @@ structseq_repr(PyStructSequence *obj) + + val = PyTuple_GetItem(tup, i); + if (cname == NULL || val == NULL) { ++ Py_DECREF(tup); + return NULL; + } + repr = PyObject_Repr(val); +-- +1.8.3.1 + diff --git a/0349-2.7-bpo-13096-Fix-memory-leak-in-ctypes-POINTER-hand.patch b/0349-2.7-bpo-13096-Fix-memory-leak-in-ctypes-POINTER-hand.patch new file mode 100644 index 0000000..0c61867 --- /dev/null +++ b/0349-2.7-bpo-13096-Fix-memory-leak-in-ctypes-POINTER-hand.patch @@ -0,0 +1,34 @@ +From 710dcfd2f4bee034894a39026388f9c21ea976f1 Mon Sep 17 00:00:00 2001 +From: stratakis +Date: Mon, 4 Mar 2019 16:40:25 +0100 +Subject: [PATCH 349/362] [2.7] bpo-13096: Fix memory leak in ctypes POINTER + handling of large values (GH-12100) + +--- + Misc/NEWS.d/next/Library/2019-03-04-16-13-01.bpo-13096.SGPt_n.rst | 1 + + Modules/_ctypes/callproc.c | 1 + + 2 files changed, 2 insertions(+) + create mode 100644 Misc/NEWS.d/next/Library/2019-03-04-16-13-01.bpo-13096.SGPt_n.rst + +diff --git a/Misc/NEWS.d/next/Library/2019-03-04-16-13-01.bpo-13096.SGPt_n.rst b/Misc/NEWS.d/next/Library/2019-03-04-16-13-01.bpo-13096.SGPt_n.rst +new file mode 100644 +index 0000000..2bf49c8 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2019-03-04-16-13-01.bpo-13096.SGPt_n.rst +@@ -0,0 +1 @@ ++Fix memory leak in ctypes POINTER handling of large values. +diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c +index 2097342..defcde1 100644 +--- a/Modules/_ctypes/callproc.c ++++ b/Modules/_ctypes/callproc.c +@@ -1831,6 +1831,7 @@ POINTER(PyObject *self, PyObject *cls) + "s(O){}", + buf, + &PyCPointer_Type); ++ PyMem_Free(buf); + if (result == NULL) + return result; + key = PyLong_FromVoidPtr(result); +-- +1.8.3.1 + diff --git a/0350-2.7-bpo-36179-Fix-ref-leaks-in-_hashopenssl-GH-12158.patch b/0350-2.7-bpo-36179-Fix-ref-leaks-in-_hashopenssl-GH-12158.patch new file mode 100644 index 0000000..9cf26b7 --- /dev/null +++ b/0350-2.7-bpo-36179-Fix-ref-leaks-in-_hashopenssl-GH-12158.patch @@ -0,0 +1,75 @@ +From 84b5ac9ba6fd71ba9d0ef98e2a166a35189b263f Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 4 Mar 2019 18:10:45 +0100 +Subject: [PATCH 350/362] [2.7] bpo-36179: Fix ref leaks in _hashopenssl + (GH-12158) (GH-12166) + +Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in +out-of-memory cases. Thanks to Charalampos Stratakis. + +Signed-off-by: Christian Heimes + +https://bugs.python.org/issue36179. +(cherry picked from commit b7bc283ab6a23ee98784400ebffe7fe410232a2e) + +Co-authored-by: Christian Heimes + + + +https://bugs.python.org/issue36179 +--- + .../next/Library/2019-03-04-10-42-46.bpo-36179.jEyuI-.rst | 2 ++ + Modules/_hashopenssl.c | 14 ++++++++------ + 2 files changed, 10 insertions(+), 6 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2019-03-04-10-42-46.bpo-36179.jEyuI-.rst + +diff --git a/Misc/NEWS.d/next/Library/2019-03-04-10-42-46.bpo-36179.jEyuI-.rst b/Misc/NEWS.d/next/Library/2019-03-04-10-42-46.bpo-36179.jEyuI-.rst +new file mode 100644 +index 0000000..61a9877 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2019-03-04-10-42-46.bpo-36179.jEyuI-.rst +@@ -0,0 +1,2 @@ ++Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in ++out-of-memory cases. +diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c +index de69f6f..78445eb 100644 +--- a/Modules/_hashopenssl.c ++++ b/Modules/_hashopenssl.c +@@ -133,12 +133,6 @@ newEVPobject(PyObject *name) + if (retval == NULL) + return NULL; + +- retval->ctx = EVP_MD_CTX_new(); +- if (retval->ctx == NULL) { +- PyErr_NoMemory(); +- return NULL; +- } +- + /* save the name for .name to return */ + Py_INCREF(name); + retval->name = name; +@@ -146,6 +140,13 @@ newEVPobject(PyObject *name) + retval->lock = NULL; + #endif + ++ retval->ctx = EVP_MD_CTX_new(); ++ if (retval->ctx == NULL) { ++ Py_DECREF(retval); ++ PyErr_NoMemory(); ++ return NULL; ++ } ++ + return retval; + } + +@@ -205,6 +206,7 @@ EVP_copy(EVPobject *self, PyObject *unused) + return NULL; + + if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { ++ Py_DECREF(newobj); + return _setException(PyExc_ValueError); + } + return (PyObject *)newobj; +-- +1.8.3.1 + diff --git a/0351-2.7-bpo-36149-Fix-potential-use-of-uninitialized-mem.patch b/0351-2.7-bpo-36149-Fix-potential-use-of-uninitialized-mem.patch new file mode 100644 index 0000000..505772b --- /dev/null +++ b/0351-2.7-bpo-36149-Fix-potential-use-of-uninitialized-mem.patch @@ -0,0 +1,49 @@ +From d9bf7f4198871132714cfe7d702baaa02206e9f1 Mon Sep 17 00:00:00 2001 +From: "T. Wouters" +Date: Mon, 4 Mar 2019 10:52:07 -0800 +Subject: [PATCH 351/362] [2.7] bpo-36149 Fix potential use of uninitialized + memory in cPickle (#12105) + +Fix off-by-one bug in cPickle that caused it to use uninitialised memory on truncated pickles read from FILE*s. +--- + .../2019-02-28-13-52-18.bpo-36149.GJdnh4.rst | 2 ++ + Modules/cPickle.c | 13 ++++++++----- + 2 files changed, 10 insertions(+), 5 deletions(-) + create mode 100644 Misc/NEWS.d/next/Core and Builtins/2019-02-28-13-52-18.bpo-36149.GJdnh4.rst + +diff --git a/Misc/NEWS.d/next/Core and Builtins/2019-02-28-13-52-18.bpo-36149.GJdnh4.rst b/Misc/NEWS.d/next/Core and Builtins/2019-02-28-13-52-18.bpo-36149.GJdnh4.rst +new file mode 100644 +index 0000000..672db6c +--- /dev/null ++++ b/Misc/NEWS.d/next/Core and Builtins/2019-02-28-13-52-18.bpo-36149.GJdnh4.rst +@@ -0,0 +1,2 @@ ++Fix use of uninitialized memory in cPickle when reading a truncated pickle ++from a file object. +diff --git a/Modules/cPickle.c b/Modules/cPickle.c +index 914ebb3..f7c6fec 100644 +--- a/Modules/cPickle.c ++++ b/Modules/cPickle.c +@@ -586,12 +586,15 @@ readline_file(Unpicklerobject *self, char **s) + while (1) { + Py_ssize_t bigger; + char *newbuf; +- for (; i < (self->buf_size - 1); i++) { +- if (feof(self->fp) || +- (self->buf[i] = getc(self->fp)) == '\n') { +- self->buf[i + 1] = '\0'; ++ while (i < (self->buf_size - 1)) { ++ int newchar = getc(self->fp); ++ if (newchar != EOF) { ++ self->buf[i++] = newchar; ++ } ++ if (newchar == EOF || newchar == '\n') { ++ self->buf[i] = '\0'; + *s = self->buf; +- return i + 1; ++ return i; + } + } + if (self->buf_size > (PY_SSIZE_T_MAX >> 1)) { +-- +1.8.3.1 + diff --git a/0353-2.7-bpo-36186-Fix-linuxaudiodev.linux_audio_device-e.patch b/0353-2.7-bpo-36186-Fix-linuxaudiodev.linux_audio_device-e.patch new file mode 100644 index 0000000..d7a83a6 --- /dev/null +++ b/0353-2.7-bpo-36186-Fix-linuxaudiodev.linux_audio_device-e.patch @@ -0,0 +1,41 @@ +From b2aefd77e1da438aed649d018d6aa504ec35eac8 Mon Sep 17 00:00:00 2001 +From: stratakis +Date: Wed, 6 Mar 2019 15:11:56 +0100 +Subject: [PATCH 353/362] [2.7] bpo-36186: Fix + linuxaudiodev.linux_audio_device() error handling (GH-12163) + +Fix linuxaudiodev.linux_audio_device() error handling: +close the internal file descriptor if it fails to open the device. +--- + Misc/NEWS.d/next/Library/2019-03-04-16-39-16.bpo-36186.Hqw1A_.rst | 1 + + Modules/linuxaudiodev.c | 2 ++ + 2 files changed, 3 insertions(+) + create mode 100644 Misc/NEWS.d/next/Library/2019-03-04-16-39-16.bpo-36186.Hqw1A_.rst + +diff --git a/Misc/NEWS.d/next/Library/2019-03-04-16-39-16.bpo-36186.Hqw1A_.rst b/Misc/NEWS.d/next/Library/2019-03-04-16-39-16.bpo-36186.Hqw1A_.rst +new file mode 100644 +index 0000000..a14d155 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2019-03-04-16-39-16.bpo-36186.Hqw1A_.rst +@@ -0,0 +1 @@ ++Fix linuxaudiodev.linux_audio_device() error handling: close the internal file descriptor if it fails to open the device. +diff --git a/Modules/linuxaudiodev.c b/Modules/linuxaudiodev.c +index 7fe20ae..f5135d9 100644 +--- a/Modules/linuxaudiodev.c ++++ b/Modules/linuxaudiodev.c +@@ -126,10 +126,12 @@ newladobject(PyObject *arg) + } + if (imode == O_WRONLY && ioctl(fd, SNDCTL_DSP_NONBLOCK, NULL) == -1) { + PyErr_SetFromErrnoWithFilename(LinuxAudioError, basedev); ++ close(fd); + return NULL; + } + if (ioctl(fd, SNDCTL_DSP_GETFMTS, &afmts) == -1) { + PyErr_SetFromErrnoWithFilename(LinuxAudioError, basedev); ++ close(fd); + return NULL; + } + /* Create and initialize the object */ +-- +1.8.3.1 + diff --git a/0354-bpo-36147-Fix-a-memory-leak-in-ctypes-s_get-GH-12102.patch b/0354-bpo-36147-Fix-a-memory-leak-in-ctypes-s_get-GH-12102.patch new file mode 100644 index 0000000..9a9f15f --- /dev/null +++ b/0354-bpo-36147-Fix-a-memory-leak-in-ctypes-s_get-GH-12102.patch @@ -0,0 +1,54 @@ +From 098b139816f379271b8d4de2561b5805dd47d229 Mon Sep 17 00:00:00 2001 +From: stratakis +Date: Wed, 6 Mar 2019 15:14:06 +0100 +Subject: [PATCH 354/362] bpo-36147: Fix a memory leak in ctypes s_get() + (GH-12102) + +The s_get() function leaks the result variable on low memory. +Partially backport commit 19b52545df898ec911c44e29f75badb902924c0 +to fix it. +--- + Modules/_ctypes/cfield.c | 26 +++++++++----------------- + 1 file changed, 9 insertions(+), 17 deletions(-) + +diff --git a/Modules/_ctypes/cfield.c b/Modules/_ctypes/cfield.c +index 46f041b..1b495fc 100644 +--- a/Modules/_ctypes/cfield.c ++++ b/Modules/_ctypes/cfield.c +@@ -1291,24 +1291,16 @@ U_set(void *ptr, PyObject *value, Py_ssize_t length) + static PyObject * + s_get(void *ptr, Py_ssize_t size) + { +- PyObject *result; +- size_t slen; ++ Py_ssize_t i; ++ char *p; + +- result = PyString_FromString((char *)ptr); +- if (!result) +- return NULL; +- /* chop off at the first NUL character, if any. +- * On error, result will be deallocated and set to NULL. +- */ +- slen = strlen(PyString_AS_STRING(result)); +- size = min(size, (Py_ssize_t)slen); +- if (result->ob_refcnt == 1) { +- /* shorten the result */ +- _PyString_Resize(&result, size); +- return result; +- } else +- /* cannot shorten the result */ +- return PyString_FromStringAndSize(ptr, size); ++ p = (char *)ptr; ++ for (i = 0; i < size; ++i) { ++ if (*p++ == '\0') ++ break; ++ } ++ ++ return PyBytes_FromStringAndSize((char *)ptr, (Py_ssize_t)i); + } + + static PyObject * +-- +1.8.3.1 + diff --git a/0357-bpo-36140-Fix-an-incorrect-check-in-msidb_getsummary.patch b/0357-bpo-36140-Fix-an-incorrect-check-in-msidb_getsummary.patch new file mode 100644 index 0000000..a462c7b --- /dev/null +++ b/0357-bpo-36140-Fix-an-incorrect-check-in-msidb_getsummary.patch @@ -0,0 +1,30 @@ +From b19943ec97b80db97dd93ed714615f757cc12ad3 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Thu, 7 Mar 2019 10:49:15 -0800 +Subject: [PATCH 357/362] bpo-36140: Fix an incorrect check in + msidb_getsummaryinformation() (GH-12074) + +(cherry picked from commit bf94cc7b496a379e1f604aa2e4080bb70ca4020e) + +Co-authored-by: Zackery Spytz +--- + PC/_msi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/PC/_msi.c b/PC/_msi.c +index 4000f00..3c46d83 100644 +--- a/PC/_msi.c ++++ b/PC/_msi.c +@@ -894,7 +894,7 @@ msidb_getsummaryinformation(msiobj *db, PyObject *args) + return msierror(status); + + oresult = PyObject_NEW(struct msiobj, &summary_Type); +- if (!result) { ++ if (!oresult) { + MsiCloseHandle(result); + return NULL; + } +-- +1.8.3.1 + diff --git a/0358-2.7-IDLE-Fix-typo-in-keybindingDialog.py-GH-2322-GH-.patch b/0358-2.7-IDLE-Fix-typo-in-keybindingDialog.py-GH-2322-GH-.patch new file mode 100644 index 0000000..6cf0290 --- /dev/null +++ b/0358-2.7-IDLE-Fix-typo-in-keybindingDialog.py-GH-2322-GH-.patch @@ -0,0 +1,27 @@ +From 498468d9c3f53d9cfdd79cf1dc83251316d6d3df Mon Sep 17 00:00:00 2001 +From: Terry Jan Reedy +Date: Thu, 7 Mar 2019 22:16:07 -0500 +Subject: [PATCH 358/362] [2.7] IDLE: Fix typo in keybindingDialog.py (GH-2322) + (GH-12231) + +Cherry picked by hand from a0e911b +--- + Lib/idlelib/keybindingDialog.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Lib/idlelib/keybindingDialog.py b/Lib/idlelib/keybindingDialog.py +index 755f1af..9713c79 100644 +--- a/Lib/idlelib/keybindingDialog.py ++++ b/Lib/idlelib/keybindingDialog.py +@@ -182,7 +182,7 @@ class GetKeysDialog(Toplevel): + + def LoadFinalKeyList(self): + #these tuples are also available for use in validity checks +- self.functionKeys=('F1','F2','F2','F4','F5','F6','F7','F8','F9', ++ self.functionKeys=('F1','F2','F3','F4','F5','F6','F7','F8','F9', + 'F10','F11','F12') + self.alphanumKeys=tuple(string.ascii_lowercase+string.digits) + self.punctuationKeys=tuple('~!@#%^&*()_-+={}[]|;:,.<>/?') +-- +1.8.3.1 + diff --git a/CVE-2019-9740.patch b/CVE-2019-9740.patch new file mode 100644 index 0000000..426900a --- /dev/null +++ b/CVE-2019-9740.patch @@ -0,0 +1,221 @@ +diff --git a/Lib/httplib.py b/Lib/httplib.py +index 60a8fb4..1b41c34 100644 +--- a/Lib/httplib.py ++++ b/Lib/httplib.py +@@ -247,6 +247,16 @@ _MAXHEADERS = 100 + _is_legal_header_name = re.compile(r'\A[^:\s][^:\r\n]*\Z').match + _is_illegal_header_value = re.compile(r'\n(?![ \t])|\r(?![ \t\n])').search + ++# These characters are not allowed within HTTP URL paths. ++# See https://tools.ietf.org/html/rfc3986#section-3.3 and the ++# https://tools.ietf.org/html/rfc3986#appendix-A pchar definition. ++# Prevents CVE-2019-9740. Includes control characters such as \r\n. ++# Restrict non-ASCII characters above \x7f (0x80-0xff). ++_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f-\xff]') ++# Arguably only these _should_ allowed: ++# _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") ++# We are more lenient for assumed real world compatibility purposes. ++ + # We always set the Content-Length header for these methods because some + # servers will otherwise respond with a 411 + _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} +@@ -927,6 +937,12 @@ class HTTPConnection: + self._method = method + if not url: + url = '/' ++ # Prevent CVE-2019-9740. ++ match = _contains_disallowed_url_pchar_re.search(url) ++ if match: ++ raise InvalidURL("URL can't contain control characters. %r " ++ "(found at least %r)" ++ % (url, match.group())) + hdr = '%s %s %s' % (method, url, self._http_vsn_str) + + self._output(hdr) +diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +index 1ce9201..bdc6e78 100644 +--- a/Lib/test/test_urllib.py ++++ b/Lib/test/test_urllib.py +@@ -9,6 +9,10 @@ import os + import sys + import mimetools + import tempfile ++try: ++ import ssl ++except ImportError: ++ ssl = None + + from test import test_support + from base64 import b64encode +@@ -257,6 +261,33 @@ class urlopen_HttpTests(unittest.TestCase, FakeHTTPMixin): + finally: + self.unfakehttp() + ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_control_char_rejected(self): ++ for char_no in range(0, 0x21) + range(0x7f, 0x100): ++ char = chr(char_no) ++ schemeless_url = "//localhost:7777/test%s/" % char ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ try: ++ # urllib quotes the URL so there is no injection. ++ resp = urllib.urlopen("http:" + schemeless_url) ++ self.assertNotIn(char, resp.geturl()) ++ finally: ++ self.unfakehttp() ++ ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_newline_header_injection_rejected(self): ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123" ++ schemeless_url = "//" + host + ":8080/test/?test=a" ++ try: ++ # urllib quotes the URL so there is no injection. ++ resp = urllib.urlopen("http:" + schemeless_url) ++ self.assertNotIn(' ', resp.geturl()) ++ self.assertNotIn('\r', resp.geturl()) ++ self.assertNotIn('\n', resp.geturl()) ++ finally: ++ self.unfakehttp() ++ + def test_read_bogus(self): + # urlopen() should raise IOError for many error codes. + self.fakehttp('''HTTP/1.1 401 Authentication Required +diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py +index 6d24d5d..d13f86f 100644 +--- a/Lib/test/test_urllib2.py ++++ b/Lib/test/test_urllib2.py +@@ -1,5 +1,5 @@ + import unittest +-from test import test_support ++from test import support + from test import test_urllib + + import os +@@ -15,6 +15,9 @@ try: + except ImportError: + ssl = None + ++from test.test_urllib import FakeHTTPMixin ++ ++ + # XXX + # Request + # CacheFTPHandler (hard to write) +@@ -683,7 +686,7 @@ class HandlerTests(unittest.TestCase): + h = urllib2.FileHandler() + o = h.parent = MockOpener() + +- TESTFN = test_support.TESTFN ++ TESTFN = support.TESTFN + urlpath = sanepathname2url(os.path.abspath(TESTFN)) + towrite = "hello, world\n" + urls = [ +@@ -1154,7 +1157,7 @@ class HandlerTests(unittest.TestCase): + opener.add_handler(auth_handler) + opener.add_handler(http_handler) + msg = "Basic Auth Realm was unquoted" +- with test_support.check_warnings((msg, UserWarning)): ++ with support.check_warnings((msg, UserWarning)): + self._test_basic_auth(opener, auth_handler, "Authorization", + realm, http_handler, password_manager, + "http://acme.example.com/protected", +@@ -1262,7 +1265,7 @@ class HandlerTests(unittest.TestCase): + self.assertEqual(len(http_handler.requests), 1) + self.assertFalse(http_handler.requests[0].has_header(auth_header)) + +-class MiscTests(unittest.TestCase): ++class MiscTests(unittest.TestCase, FakeHTTPMixin): + + def test_build_opener(self): + class MyHTTPHandler(urllib2.HTTPHandler): pass +@@ -1317,6 +1320,52 @@ class MiscTests(unittest.TestCase): + "Unsupported digest authentication algorithm 'invalid'" + ) + ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_control_char_rejected(self): ++ for char_no in range(0, 0x21) + range(0x7f, 0x100): ++ char = chr(char_no) ++ schemeless_url = "//localhost:7777/test%s/" % char ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ try: ++ # We explicitly test urllib.request.urlopen() instead of the top ++ # level 'def urlopen()' function defined in this... (quite ugly) ++ # test suite. They use different url opening codepaths. Plain ++ # urlopen uses FancyURLOpener which goes via a codepath that ++ # calls urllib.parse.quote() on the URL which makes all of the ++ # above attempts at injection within the url _path_ safe. ++ escaped_char_repr = repr(char).replace('\\', r'\\') ++ InvalidURL = httplib.InvalidURL ++ with self.assertRaisesRegexp( ++ InvalidURL, "contain control.*" + escaped_char_repr): ++ urllib2.urlopen("http:" + schemeless_url) ++ with self.assertRaisesRegexp( ++ InvalidURL, "contain control.*" + escaped_char_repr): ++ urllib2.urlopen("https:" + schemeless_url) ++ finally: ++ self.unfakehttp() ++ ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_newline_header_injection_rejected(self): ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123" ++ schemeless_url = "//" + host + ":8080/test/?test=a" ++ try: ++ # We explicitly test urllib.request.urlopen() instead of the top ++ # level 'def urlopen()' function defined in this... (quite ugly) ++ # test suite. They use different url opening codepaths. Plain ++ # urlopen uses FancyURLOpener which goes via a codepath that ++ # calls urllib.parse.quote() on the URL which makes all of the ++ # above attempts at injection within the url _path_ safe. ++ InvalidURL = httplib.InvalidURL ++ with self.assertRaisesRegexp( ++ InvalidURL, r"contain control.*\\r.*(found at least . .)"): ++ urllib2.urlopen("http:" + schemeless_url) ++ with self.assertRaisesRegexp(InvalidURL, r"contain control.*\\n"): ++ urllib2.urlopen("https:" + schemeless_url) ++ finally: ++ self.unfakehttp() ++ ++ + + class RequestTests(unittest.TestCase): + +@@ -1412,14 +1461,14 @@ class RequestTests(unittest.TestCase): + + def test_main(verbose=None): + from test import test_urllib2 +- test_support.run_doctest(test_urllib2, verbose) +- test_support.run_doctest(urllib2, verbose) ++ support.run_doctest(test_urllib2, verbose) ++ support.run_doctest(urllib2, verbose) + tests = (TrivialTests, + OpenerDirectorTests, + HandlerTests, + MiscTests, + RequestTests) +- test_support.run_unittest(*tests) ++ support.run_unittest(*tests) + + if __name__ == "__main__": + test_main(verbose=True) +diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py +index 36b3be6..90ccb30 100644 +--- a/Lib/test/test_xmlrpc.py ++++ b/Lib/test/test_xmlrpc.py +@@ -659,7 +659,13 @@ class SimpleServerTestCase(BaseServerTestCase): + def test_partial_post(self): + # Check that a partial POST doesn't make the server loop: issue #14001. + conn = httplib.HTTPConnection(ADDR, PORT) +- conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye') ++ conn.send('POST /RPC2 HTTP/1.0\r\n' ++ 'Content-Length: 100\r\n\r\n' ++ 'bye HTTP/1.1\r\n' ++ 'Host: %s:%s\r\n' ++ 'Accept-Encoding: identity\r\n' ++ 'Content-Length: 0\r\n\r\n' ++ % (ADDR, PORT)) + conn.close() + + class SimpleServerEncodingTestCase(BaseServerTestCase): diff --git a/Python-2.7.16.tar.xz b/Python-2.7.16.tar.xz new file mode 100644 index 0000000..bd3ef4d Binary files /dev/null and b/Python-2.7.16.tar.xz differ diff --git a/python-2.6-rpath.patch b/python-2.6-rpath.patch new file mode 100644 index 0000000..33d7cf6 --- /dev/null +++ b/python-2.6-rpath.patch @@ -0,0 +1,12 @@ +diff -up Python-2.6/configure.ac.rpath Python-2.6/configure.ac +--- Python-2.6/configure.ac.rpath 2008-11-24 02:51:06.000000000 -0500 ++++ Python-2.6/configure.ac 2008-11-24 02:51:21.000000000 -0500 +@@ -729,7 +729,7 @@ if test $enable_shared = "yes"; then + ;; + OSF*) + LDLIBRARY='libpython$(VERSION).so' +- BLDLIBRARY='-rpath $(LIBDIR) -L. -lpython$(VERSION)' ++ BLDLIBRARY='-L. -lpython$(VERSION)' + RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} + ;; + atheos*) diff --git a/python-2.7-lib64-sysconfig.patch b/python-2.7-lib64-sysconfig.patch new file mode 100644 index 0000000..0cef361 --- /dev/null +++ b/python-2.7-lib64-sysconfig.patch @@ -0,0 +1,44 @@ +diff -up Python-2.7/Lib/sysconfig.py.lib64-sysconfig Python-2.7/Lib/sysconfig.py +--- Python-2.7/Lib/sysconfig.py.lib64-sysconfig 2010-07-08 14:18:41.386898476 -0400 ++++ Python-2.7/Lib/sysconfig.py 2010-07-08 14:22:02.837896461 -0400 +@@ -7,20 +7,20 @@ from os.path import pardir, realpath + + _INSTALL_SCHEMES = { + 'posix_prefix': { +- 'stdlib': '{base}/lib/python{py_version_short}', +- 'platstdlib': '{platbase}/lib/python{py_version_short}', ++ 'stdlib': '{base}/lib64/python{py_version_short}', ++ 'platstdlib': '{platbase}/lib64/python{py_version_short}', + 'purelib': '{base}/lib/python{py_version_short}/site-packages', +- 'platlib': '{platbase}/lib/python{py_version_short}/site-packages', ++ 'platlib': '{platbase}/lib64/python{py_version_short}/site-packages', + 'include': '{base}/include/python{py_version_short}', + 'platinclude': '{platbase}/include/python{py_version_short}', + 'scripts': '{base}/bin', + 'data': '{base}', + }, + 'posix_home': { +- 'stdlib': '{base}/lib/python', +- 'platstdlib': '{base}/lib/python', ++ 'stdlib': '{base}/lib64/python', ++ 'platstdlib': '{base}/lib64/python', + 'purelib': '{base}/lib/python', +- 'platlib': '{base}/lib/python', ++ 'platlib': '{base}/lib64/python', + 'include': '{base}/include/python', + 'platinclude': '{base}/include/python', + 'scripts': '{base}/bin', +@@ -65,10 +65,10 @@ _INSTALL_SCHEMES = { + 'data' : '{userbase}', + }, + 'posix_user': { +- 'stdlib': '{userbase}/lib/python{py_version_short}', +- 'platstdlib': '{userbase}/lib/python{py_version_short}', ++ 'stdlib': '{userbase}/lib64/python{py_version_short}', ++ 'platstdlib': '{userbase}/lib64/python{py_version_short}', + 'purelib': '{userbase}/lib/python{py_version_short}/site-packages', +- 'platlib': '{userbase}/lib/python{py_version_short}/site-packages', ++ 'platlib': '{userbase}/lib64/python{py_version_short}/site-packages', + 'include': '{userbase}/include/python{py_version_short}', + 'scripts': '{userbase}/bin', + 'data' : '{userbase}', diff --git a/python-2.7.1-config.patch b/python-2.7.1-config.patch new file mode 100644 index 0000000..4b076db --- /dev/null +++ b/python-2.7.1-config.patch @@ -0,0 +1,284 @@ +diff --git a/Modules/Setup.dist b/Modules/Setup.dist +index bbc9222..2cf35a9 100644 +--- a/Modules/Setup.dist ++++ b/Modules/Setup.dist +@@ -153,7 +153,7 @@ GLHACK=-Dclear=__GLclear + # modules are to be built as shared libraries (see above for more + # detail; also note that *static* reverses this effect): + +-#*shared* ++*shared* + + # GNU readline. Unlike previous Python incarnations, GNU readline is + # now incorporated in an optional module, configured in the Setup file +@@ -163,33 +163,33 @@ GLHACK=-Dclear=__GLclear + # it, depending on your system -- see the GNU readline instructions. + # It's okay for this to be a shared library, too. + +-#readline readline.c -lreadline -ltermcap ++readline readline.c -lreadline -ltermcap + + + # Modules that should always be present (non UNIX dependent): + +-#array arraymodule.c # array objects +-#cmath cmathmodule.c _math.c # -lm # complex math library functions +-#math mathmodule.c _math.c # -lm # math library functions, e.g. sin() +-#_struct _struct.c # binary structure packing/unpacking +-#time timemodule.c # -lm # time operations and variables +-#operator operator.c # operator.add() and similar goodies +-#_testcapi _testcapimodule.c # Python C API test module +-#_random _randommodule.c # Random number generator +-#_collections _collectionsmodule.c # Container types ++array arraymodule.c # array objects ++cmath cmathmodule.c _math.c # -lm # complex math library functions ++math mathmodule.c _math.c # -lm # math library functions, e.g. sin() ++_struct _struct.c # binary structure packing/unpacking ++time timemodule.c # -lm # time operations and variables ++operator operator.c # operator.add() and similar goodies ++_testcapi _testcapimodule.c # Python C API test module ++_random _randommodule.c # Random number generator ++_collections _collectionsmodule.c # Container types + #_heapq _heapqmodule.c # Heapq type +-#itertools itertoolsmodule.c # Functions creating iterators for efficient looping +-#strop stropmodule.c # String manipulations +-#_functools _functoolsmodule.c # Tools for working with functions and callable objects ++itertools itertoolsmodule.c # Functions creating iterators for efficient looping ++strop stropmodule.c # String manipulations ++_functools _functoolsmodule.c # Tools for working with functions and callable objects + #_elementtree -I$(srcdir)/Modules/expat -DHAVE_EXPAT_CONFIG_H -DUSE_PYEXPAT_CAPI _elementtree.c # elementtree accelerator + #_pickle _pickle.c # pickle accelerator + #datetime datetimemodule.c # date/time type +-#_bisect _bisectmodule.c # Bisection algorithms ++_bisect _bisectmodule.c # Bisection algorithms + +-#unicodedata unicodedata.c # static Unicode character database ++unicodedata unicodedata.c # static Unicode character database + + # access to ISO C locale support +-#_locale _localemodule.c # -lintl ++_locale _localemodule.c # -lintl + + # Standard I/O baseline + #_io -I$(srcdir)/Modules/_io _io/bufferedio.c _io/bytesio.c _io/fileio.c _io/iobase.c _io/_iomodule.c _io/stringio.c _io/textio.c +@@ -199,41 +199,41 @@ GLHACK=-Dclear=__GLclear + # (If you have a really backward UNIX, select and socket may not be + # supported...) + +-#fcntl fcntlmodule.c # fcntl(2) and ioctl(2) +-#spwd spwdmodule.c # spwd(3) +-#grp grpmodule.c # grp(3) +-#select selectmodule.c # select(2); not on ancient System V ++fcntl fcntlmodule.c # fcntl(2) and ioctl(2) ++spwd spwdmodule.c # spwd(3) ++grp grpmodule.c # grp(3) ++select selectmodule.c # select(2); not on ancient System V + + # Memory-mapped files (also works on Win32). +-#mmap mmapmodule.c ++mmap mmapmodule.c + + # CSV file helper +-#_csv _csv.c ++_csv _csv.c + + # Socket module helper for socket(2) +-#_socket socketmodule.c timemodule.c ++_socket socketmodule.c timemodule.c + + # Socket module helper for SSL support; you must comment out the other + # socket line above, and possibly edit the SSL variable: + #SSL=/usr/local/ssl +-#_ssl _ssl.c \ +-# -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ +-# -L$(SSL)/lib -lssl -lcrypto ++_ssl _ssl.c \ ++ -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ ++ -L$(SSL)/lib -lssl -lcrypto + + # The crypt module is now disabled by default because it breaks builds + # on many systems (where -lcrypt is needed), e.g. Linux (I believe). + # + # First, look at Setup.config; configure may have set this for you. + +-#crypt cryptmodule.c # -lcrypt # crypt(3); needs -lcrypt on some systems ++crypt cryptmodule.c # -lcrypt # crypt(3); needs -lcrypt on some systems + + + # Some more UNIX dependent modules -- off by default, since these + # are not supported by all UNIX systems: + +-#nis nismodule.c -lnsl # Sun yellow pages -- not everywhere +-#termios termios.c # Steen Lumholt's termios module +-#resource resource.c # Jeremy Hylton's rlimit interface ++nis nismodule.c -lnsl -ltirpc -I/usr/include/tirpc -I/usr/include/nsl -L/usr/lib/nsl ++termios termios.c # Steen Lumholt's termios module ++resource resource.c # Jeremy Hylton's rlimit interface + + + # Multimedia modules -- off by default. +@@ -241,8 +241,8 @@ GLHACK=-Dclear=__GLclear + # #993173 says audioop works on 64-bit platforms, though. + # These represent audio samples or images as strings: + +-#audioop audioop.c # Operations on audio samples +-#imageop imageop.c # Operations on images ++audioop audioop.c # Operations on audio samples ++imageop imageop.c # Operations on images + + + # Note that the _md5 and _sha modules are normally only built if the +@@ -252,14 +252,14 @@ GLHACK=-Dclear=__GLclear + # Message-Digest Algorithm, described in RFC 1321. The necessary files + # md5.c and md5.h are included here. + +-#_md5 md5module.c md5.c ++_md5 md5module.c md5.c + + + # The _sha module implements the SHA checksum algorithms. + # (NIST's Secure Hash Algorithms.) +-#_sha shamodule.c +-#_sha256 sha256module.c +-#_sha512 sha512module.c ++_sha shamodule.c ++_sha256 sha256module.c ++_sha512 sha512module.c + + + # SGI IRIX specific modules -- off by default. +@@ -306,12 +306,12 @@ GLHACK=-Dclear=__GLclear + # A Linux specific module -- off by default; this may also work on + # some *BSDs. + +-#linuxaudiodev linuxaudiodev.c ++linuxaudiodev linuxaudiodev.c + + + # George Neville-Neil's timing module: + +-#timing timingmodule.c ++timing timingmodule.c + + + # The _tkinter module. +@@ -326,7 +326,7 @@ GLHACK=-Dclear=__GLclear + # every system. + + # *** Always uncomment this (leave the leading underscore in!): +-# _tkinter _tkinter.c tkappinit.c -DWITH_APPINIT \ ++_tkinter _tkinter.c tkappinit.c -DWITH_APPINIT \ + # *** Uncomment and edit to reflect where your Tcl/Tk libraries are: + # -L/usr/local/lib \ + # *** Uncomment and edit to reflect where your Tcl/Tk headers are: +@@ -336,7 +336,7 @@ GLHACK=-Dclear=__GLclear + # *** Or uncomment this for Solaris: + # -I/usr/openwin/include \ + # *** Uncomment and edit for Tix extension only: +-# -DWITH_TIX -ltix8.1.8.2 \ ++ -DWITH_TIX -ltix \ + # *** Uncomment and edit for BLT extension only: + # -DWITH_BLT -I/usr/local/blt/blt8.0-unoff/include -lBLT8.0 \ + # *** Uncomment and edit for PIL (TkImaging) extension only: +@@ -345,7 +345,7 @@ GLHACK=-Dclear=__GLclear + # *** Uncomment and edit for TOGL extension only: + # -DWITH_TOGL togl.c \ + # *** Uncomment and edit to reflect your Tcl/Tk versions: +-# -ltk8.2 -ltcl8.2 \ ++ -ltk -ltcl \ + # *** Uncomment and edit to reflect where your X11 libraries are: + # -L/usr/X11R6/lib \ + # *** Or uncomment this for Solaris: +@@ -355,7 +355,7 @@ GLHACK=-Dclear=__GLclear + # *** Uncomment for AIX: + # -lld \ + # *** Always uncomment this; X11 libraries to link with: +-# -lX11 ++ -lX11 + + # Lance Ellinghaus's syslog module + #syslog syslogmodule.c # syslog daemon interface +@@ -377,7 +377,7 @@ GLHACK=-Dclear=__GLclear + # it is a highly experimental and dangerous device for calling + # *arbitrary* C functions in *arbitrary* shared libraries: + +-#dl dlmodule.c ++dl dlmodule.c + + + # Modules that provide persistent dictionary-like semantics. You will +@@ -400,7 +400,7 @@ GLHACK=-Dclear=__GLclear + # + # First, look at Setup.config; configure may have set this for you. + +-#gdbm gdbmmodule.c -I/usr/local/include -L/usr/local/lib -lgdbm ++gdbm gdbmmodule.c -lgdbm + + + # Sleepycat Berkeley DB interface. +@@ -415,11 +415,9 @@ GLHACK=-Dclear=__GLclear + # + # Edit the variables DB and DBLIBVERto point to the db top directory + # and the subdirectory of PORT where you built it. +-#DB=/usr/local/BerkeleyDB.4.0 +-#DBLIBVER=4.0 +-#DBINC=$(DB)/include +-#DBLIB=$(DB)/lib +-#_bsddb _bsddb.c -I$(DBINC) -L$(DBLIB) -ldb-$(DBLIBVER) ++DBINC=/usr/include/libdb ++DBLIB=/usr/lib ++_bsddb _bsddb.c -I$(DBINC) -L$(DBLIB) -ldb + + # Historical Berkeley DB 1.85 + # +@@ -434,14 +432,14 @@ GLHACK=-Dclear=__GLclear + + + # Helper module for various ascii-encoders +-#binascii binascii.c ++binascii binascii.c + + # Fred Drake's interface to the Python parser +-#parser parsermodule.c ++parser parsermodule.c + + # cStringIO and cPickle +-#cStringIO cStringIO.c +-#cPickle cPickle.c ++cStringIO cStringIO.c ++cPickle cPickle.c + + + # Lee Busby's SIGFPE modules. +@@ -464,7 +462,7 @@ GLHACK=-Dclear=__GLclear + # Andrew Kuchling's zlib module. + # This require zlib 1.1.3 (or later). + # See http://www.gzip.org/zlib/ +-#zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib -lz ++zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib -lz + + # Interface to the Expat XML parser + # More information on Expat can be found at www.libexpat.org. +@@ -475,14 +473,14 @@ GLHACK=-Dclear=__GLclear + # Hye-Shik Chang's CJKCodecs + + # multibytecodec is required for all the other CJK codec modules +-#_multibytecodec cjkcodecs/multibytecodec.c +- +-#_codecs_cn cjkcodecs/_codecs_cn.c +-#_codecs_hk cjkcodecs/_codecs_hk.c +-#_codecs_iso2022 cjkcodecs/_codecs_iso2022.c +-#_codecs_jp cjkcodecs/_codecs_jp.c +-#_codecs_kr cjkcodecs/_codecs_kr.c +-#_codecs_tw cjkcodecs/_codecs_tw.c ++_multibytecodec cjkcodecs/multibytecodec.c ++ ++_codecs_cn cjkcodecs/_codecs_cn.c ++_codecs_hk cjkcodecs/_codecs_hk.c ++_codecs_iso2022 cjkcodecs/_codecs_iso2022.c ++_codecs_jp cjkcodecs/_codecs_jp.c ++_codecs_kr cjkcodecs/_codecs_kr.c ++_codecs_tw cjkcodecs/_codecs_tw.c + + # Example -- included for reference only: + # xx xxmodule.c diff --git a/python2-CVE-2019-9948-1.patch b/python2-CVE-2019-9948-1.patch new file mode 100644 index 0000000..675a9b9 --- /dev/null +++ b/python2-CVE-2019-9948-1.patch @@ -0,0 +1,50 @@ +From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001 +From: push0ebp +Date: Thu, 14 Feb 2019 02:05:46 +0900 +Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary + URL scheme in urllib + +--- + Lib/test/test_urllib.py | 12 ++++++++++++ + Lib/urllib.py | 5 ++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +index 1ce9201c0693..e5f210e62a18 100644 +--- a/Lib/test/test_urllib.py ++++ b/Lib/test/test_urllib.py +@@ -1023,6 +1023,18 @@ def open_spam(self, url): + "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"), + "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/") + ++ def test_local_file_open(self): ++ class DummyURLopener(urllib.URLopener): ++ def open_local_file(self, url): ++ return url ++ self.assertEqual(DummyURLopener().open( ++ 'local-file://example'), '//example') ++ self.assertEqual(DummyURLopener().open( ++ 'local_file://example'), '//example') ++ self.assertRaises(IOError, urllib.urlopen, ++ 'local-file://example') ++ self.assertRaises(IOError, urllib.urlopen, ++ 'local_file://example') + + # Just commented them out. + # Can't really tell why keep failing in windows and sparc. +diff --git a/Lib/urllib.py b/Lib/urllib.py +index d85504a5cb7e..a24e9a5c68fb 100644 +--- a/Lib/urllib.py ++++ b/Lib/urllib.py +@@ -203,7 +203,10 @@ def open(self, fullurl, data=None): + name = 'open_' + urltype + self.type = urltype + name = name.replace('-', '_') +- if not hasattr(self, name): ++ ++ # bpo-35907: # disallow the file reading with the type not allowed ++ if not hasattr(self, name) or \ ++ (self == _urlopener and name == 'open_local_file'): + if proxy: + return self.open_unknown_proxy(proxy, fullurl, data) + else: diff --git a/python2-CVE-2019-9948-2.patch b/python2-CVE-2019-9948-2.patch new file mode 100644 index 0000000..acdbc94 --- /dev/null +++ b/python2-CVE-2019-9948-2.patch @@ -0,0 +1,22 @@ +From b86392511acd4cd30dc68711fa22f9f93228715a Mon Sep 17 00:00:00 2001 +From: "blurb-it[bot]" +Date: Wed, 13 Feb 2019 17:21:11 +0000 +Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blurb?= + =?UTF-8?q?=5Fit.?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + .../NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst | 1 + + 1 file changed, 1 insertion(+) + create mode 100644 Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst + +diff --git a/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst b/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst +new file mode 100644 +index 000000000000..8118a5f40583 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst +@@ -0,0 +1 @@ ++Avoid file reading as disallowing the unnecessary URL scheme in urllib.urlopen +\ No newline at end of file diff --git a/python2.spec b/python2.spec new file mode 100644 index 0000000..0a123ce --- /dev/null +++ b/python2.spec @@ -0,0 +1,299 @@ +%global pybasever 2.7 +%global pylibdir %{_libdir}/python%{pybasever} +%global tools_dir %{pylibdir}/Tools +%global demo_dir %{pylibdir}/Demo +%global dynload_dir %{pylibdir}/lib-dynload +%global site_packages %{pylibdir}/site-packages +%undefine __brp_python_bytecompile +%undefine py_auto_byte_compile +%undefine _debuginfo_subpackages +Name: python2 +Version: 2.7.16 +Release: 2 +Summary: Python is an interpreted, interactive object-oriented programming language suitable +License: Python +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz +#custom modifications +Patch0: python-2.7.1-config.patch +Patch16: python-2.6-rpath.patch +Patch102: 00102-2.7.13-lib64.patch +Patch103: python-2.7-lib64-sysconfig.patch +Patch104: 00104-lib64-fix-for-test_install.patch +Patch121: 00121-add-Modules-to-build-path.patch +Patch165: 00165-crypt-module-salt-backport.patch +Patch187: 00187-add-RPATH-to-pyexpat.patch +Patch189: 00189-use-rpm-wheels.patch +Patch193: 00193-enable-loading-sqlite-extensions.patch +#upstream patches +Patch6035: 0342-bpo-36126-Fix-ref-count-leakage-in-structseq_repr.-G.patch +Patch6036: 0349-2.7-bpo-13096-Fix-memory-leak-in-ctypes-POINTER-hand.patch +Patch6037: 0350-2.7-bpo-36179-Fix-ref-leaks-in-_hashopenssl-GH-12158.patch +Patch6038: 0351-2.7-bpo-36149-Fix-potential-use-of-uninitialized-mem.patch +Patch6039: 0353-2.7-bpo-36186-Fix-linuxaudiodev.linux_audio_device-e.patch +Patch6040: 0354-bpo-36147-Fix-a-memory-leak-in-ctypes-s_get-GH-12102.patch +Patch6041: 0357-bpo-36140-Fix-an-incorrect-check-in-msidb_getsummary.patch +Patch6042: 0358-2.7-IDLE-Fix-typo-in-keybindingDialog.py-GH-2322-GH-.patch +Patch6044: python2-CVE-2019-9948-1.patch +Patch6045: python2-CVE-2019-9948-2.patch +Patch6047: CVE-2019-9740.patch + +BuildRequires: libdb-devel libffi-devel valgrind-devel ncurses-devel expat-devel readline-devel +BuildRequires: openssl-devel libtirpc-devel tcl-devel tk-devel glibc-devel libnsl2-devel +BuildRequires: zlib-devel tix-devel gdbm-devel sqlite-devel chrpath + +Requires: expat glibc gdbm python-setuptools-wheel python-pip-wheel + +Recommends: python2-setuptools python2-pip + +Provides: python = %{version}-%{release} +Provides: python27 = %{version}-%{release} +Provides: python(abi) = %{pybasever} + +Obsoletes: python-libs < %{version}-%{release} +Obsoletes: python-libs%{?_isa} < %{version}-%{release} +Obsoletes: %{name}-libs < %{version}-%{release} +Obsoletes: %{name}-libs%{?_isa} < %{version}-%{release} + +Provides: python-libs = %{version}-%{release} +Provides: python-libs%{?_isa} = %{version}-%{release} +Provides: %{name}-libs = %{version}-%{release} +Provides: %{name}-libs%{?_isa} = %{version}-%{release} + +Obsoletes: python-unversioned-command < %{version}-%{release} +Provides: python-unversioned-command = %{version}-%{release} + +%description +Python 2.x series is the old version that is incompatible with the 3.x series. +The EOL of Python 2.x upstream is January 2020, there will no updates, +Our suggestions for switching to Python3 as soon as possible. + +%package tkinter +Summary: A graphical user interface for the Python 2 scripting language +Requires: %{name} = %{version}-%{release} + +Obsoletes: tkinter < %{version}-%{release} +Obsoletes: tkinter%{?_isa} < %{version}-%{release} +Obsoletes: tkinter2 < %{version}-%{release} +Obsoletes: tkinter2%{?_isa} < %{version}-%{release} +Obsoletes: python-tkinter < %{version}-%{release} +Obsoletes: python-tkinter%{?_isa} < %{version}-%{release} + +Provides: tkinter = %{version}-%{release} +Provides: tkinter%{?_isa} = %{version}-%{release} +Provides: tkinter2 = %{version}-%{release} +Provides: tkinter2%{?_isa} = %{version}-%{release} +Provides: python-tkinter = %{version}-%{release} +Provides: python-tkinter%{?_isa} = %{version}-%{release} + +%description tkinter +The Tkinter (Tk interface) program is an graphical user interface for +the Python 2 scripting language. + + +%package devel +Summary: Development files for %{name} +Requires: %{name} = %{version}-%{release} +Requires: python-rpm-macros +Requires: python2-rpm-macros +Requires: pkgconfig +Requires: python2-setuptools +Requires: openEuler-rpm-config +Requires: python3-rpm-generators +Provides: python-devel = %{version}-%{release} +Provides: python-devel%{?_isa} = %{version}-%{release} + +Obsoletes: python-test < %{version}-%{release} +Obsoletes: python-test%{?_isa} < %{version}-%{release} + +Provides: python-test = %{version}-%{release} +Provides: python-test%{?_isa} = %{version}-%{release} + +%description devel +This package contains libraries and header files used to build applications +with and native libraries for Python2. + +%package tools +Summary: A collection of development tools included with Python 2 +Requires: %{name} = %{version}-%{release} +Requires: %{name}-tkinter = %{version}-%{release} +Provides: python-tools = %{version}-%{release} +Provides: python-tools%{?_isa} = %{version}-%{release} + +%description tools +This package includes several tools to help with the development of Python 2 +programs, including IDLE (an IDE with editing and debugging facilities), a +color editor (pynche), and a python gettext program (pygettext.py). + +%package help +Summary: Man pages for %{name} +BuildArch: noarch + +%description help +%{summary}. + +%prep +%autosetup -n Python-%{version} -p1 + +mv Modules/cryptmodule.c Modules/_cryptmodule.c + +%build +%configure \ + --enable-ipv6 \ + --enable-shared \ + --enable-unicode=ucs4 \ + --with-dbmliborder=gdbm:ndbm:bdb \ + --with-system-expat \ + --with-system-ffi \ + --with-dtrace \ + --with-tapset-install-dir=%{tapsetdir} \ + --with-valgrind + +%make_build + +#Fix "WARNING: mangling shebang" +pybuilddir=$(pwd) +LD_LIBRARY_PATH=$pybuilddir \ + ./python $pybuilddir/Tools/scripts/pathfix.py -i "%{_bindir}/python2" \ + $pybuilddir + +%install + +%make_install + +install -d -m755 %{buildroot}/%{_prefix}/lib/python%{pybasever}/site-packages + +mv %{buildroot}%{_bindir}/idle %{buildroot}%{_bindir}/idle%{pybasever} +%{__ln_s} idle%{pybasever} %{buildroot}%{_bindir}/idle2 +%{__ln_s} idle2 %{buildroot}%{_bindir}/idle + +mv %{buildroot}%{_bindir}/pydoc %{buildroot}%{_bindir}/pydoc%{pybasever} +%{__ln_s} pydoc%{pybasever} %{buildroot}%{_bindir}/pydoc2 +%{__ln_s} pydoc2 %{buildroot}%{_bindir}/pydoc + +mv %{buildroot}%{_bindir}/smtpd.py %{buildroot}%{_bindir}/smtpd%{pybasever}.py +%{__ln_s} smtpd%{pybasever}.py %{buildroot}%{_bindir}/smtpd2.py +%{__ln_s} smtpd2.py %{buildroot}%{_bindir}/smtpd.py + +rm -f %{buildroot}%{pylibdir}/LICENSE.txt +find %{buildroot} -name "*.bat" | xargs rm -f + +# Ensure the libs readable +%{__chmod} 755 %{buildroot}%{dynload_dir}/*.so +%{__chmod} 755 %{buildroot}%{_libdir}/libpython%{pybasever}.so.1.0 + +chrpath -d $(find %{buildroot} -name pyexpat.so) + +%check +#make test || : + +%files +%defattr(-,root,root) +%license LICENSE +%doc README +%{_bindir}/pydoc* +%{_bindir}/{python,python2,python%{pybasever}} + +%dir %{_prefix}/lib/python%{pybasever} +%dir %{_prefix}/lib/python%{pybasever}/site-packages + +%{_libdir}/libpython%{pybasever}.so.1.0 + +%dir %{pylibdir} +%{dynload_dir}/ +%exclude %{dynload_dir}/_ctypes_test.so +%exclude %{dynload_dir}/_tkinter.so + +%dir %{site_packages} +%{site_packages}/README +%{pylibdir}/*.py* +%{pylibdir}/*.doc +%{pylibdir}/*.egg-info +%dir %{pylibdir}/bsddb +%{pylibdir}/bsddb/*.py* +%dir %{pylibdir}/compiler +%{pylibdir}/compiler/*.py* +%dir %{pylibdir}/ctypes +%{pylibdir}/ctypes/*.py* +%{pylibdir}/ctypes/macholib +%dir %{pylibdir}/curses +%{pylibdir}/curses/*.py* +%dir %{pylibdir}/distutils +%{pylibdir}/distutils/*.py* +%{pylibdir}/distutils/README +%{pylibdir}/distutils/command +%exclude %{pylibdir}/distutils/command/*.exe +%dir %{pylibdir}/email +%{pylibdir}/email/*.py* +%{pylibdir}/email/mime +%{pylibdir}/encodings +%{pylibdir}/hotshot +%{pylibdir}/idlelib +%{pylibdir}/importlib +%dir %{pylibdir}/json +%{pylibdir}/json/*.py* +%{pylibdir}/lib2to3 +%exclude %{pylibdir}/lib2to3/tests +%{pylibdir}/logging +%{pylibdir}/multiprocessing +%{pylibdir}/plat-linux2 +%{pylibdir}/pydoc_data +%dir %{pylibdir}/sqlite3 +%{pylibdir}/sqlite3/*.py* +%{pylibdir}/unittest +%{pylibdir}/wsgiref +%{pylibdir}/xml +%dir %{pylibdir}/ensurepip +%{pylibdir}/ensurepip/*.py* +%exclude %{pylibdir}/ensurepip/_bundled +%dir %{pylibdir}/test +%{pylibdir}/test/__init__.py* +%{pylibdir}/test/support/ +%{pylibdir}/test/script_helper.py* +%{pylibdir}/test/test_support.py* + + +%files tkinter +%defattr(-,root,root) +%{pylibdir}/lib-tk +%{dynload_dir}/_tkinter.so + +%files devel +%defattr(-,root,root) +#Development files +%{pylibdir}/config/ +%{_includedir}/python%{pybasever}/*.h +%{_libdir}/pkgconfig/python*.pc +%{_libdir}/libpython%{pybasever}.so +%{_bindir}/python*-config + +#Tests +%{pylibdir}/bsddb/test +%{pylibdir}/ctypes/test +%{pylibdir}/distutils/tests +%{pylibdir}/email/test +%{pylibdir}/json/tests +%{pylibdir}/lib2to3/tests +%{pylibdir}/sqlite3/test +%{pylibdir}/test/* +%exclude %{pylibdir}/test/__init__.py* +%exclude %{pylibdir}/test/support/ +%exclude %{pylibdir}/test/script_helper.py* +%exclude %{pylibdir}/test/test_support.py* +%{dynload_dir}/_ctypes_test.so + +%files tools +%{_bindir}/idle* +%{_bindir}/smtpd*.py* +%exclude %{_bindir}/2to3* + +%files help +%defattr(-,root,root) +%{_mandir}/man1/python*.1.* + +%changelog +* Wed Sep 26 2019 openEuler Buildteam - 2.7.16-2 +- Package init + +* Tue Sep 25 2019 openEuler Buildteam - 2.7.16-1 +- Package init