update to 3.7.9

00102-lib64.patch

@@ -155,7 +155,7 @@ index 85e737b..2a1fc79 100644
      /* Replace "00" with version */
      size_t bufsz = wcslen(calculate->zip_path);
 @@ -867,7 +867,7 @@ calculate_init(PyCalculatePath *calculate,
-     if (!calculate->prefix) {
+     if (!calculate->exec_prefix) {
          return DECODE_LOCALE_ERR("EXEC_PREFIX define", len);
      }
 -    calculate->lib_python = Py_DecodeLocale("lib/python" VERSION, &len);
@@ -163,6 +163,7 @@ index 85e737b..2a1fc79 100644
      if (!calculate->lib_python) {
          return DECODE_LOCALE_ERR("EXEC_PREFIX define", len);
      }
+     
 diff --git a/setup.py b/setup.py
 index f1933f7..450cd8a 100644
 --- a/setup.py

00189-use-rpm-wheels.patch

@@ -9,6 +9,7 @@ index 4748ba4..fc02255 100644
  import os.path
 -import pkgutil
  import sys
+ import runpy
  import tempfile
  
  
@@ -16,9 +17,9 @@ index 4748ba4..fc02255 100644
  
 +_WHEEL_DIR = "/usr/share/python-wheels/"
  
--_SETUPTOOLS_VERSION = "40.8.0"
+-_SETUPTOOLS_VERSION = "47.1.0"
  
--_PIP_VERSION = "19.0.3"
+-_PIP_VERSION = "20.1.1"
 +def _get_most_recent_wheel_version(pkg):
 +    prefix = os.path.join(_WHEEL_DIR, "{}-".format(pkg))
 +    suffix = "-py2.py3-none-any.whl"
@@ -33,10 +34,12 @@ index 4748ba4..fc02255 100644
  
  _PROJECTS = [
      ("setuptools", _SETUPTOOLS_VERSION),
+--- a/Lib/ensurepip/__init__.py
++++ b/Lib/ensurepip/__init__.py
 @@ -94,12 +105,9 @@ def _bootstrap(*, root=None, upgrade=False, user=False,
          additional_paths = []
-         for project, version in _PROJECTS:
-             wheel_name = "{}-{}-py2.py3-none-any.whl".format(project, version)
+         for project, version, py_tag in _PROJECTS:
+             wheel_name = "{}-{}-{}-none-any.whl".format(project, version, py_tag)
 -            whl = pkgutil.get_data(
 -                "ensurepip",
 -                "_bundled/{}".format(wheel_name),

CVE-2019-16056.patch

@@ -1,133 +0,0 @@
-From e170d5de8a7e8561388d38007195b5edf5f1fc82 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Fri, 9 Aug 2019 01:30:33 -0700
-Subject: [PATCH] bpo-34155: Dont parse domains containing @ (GH-13079)
-
-Before:
-
-        >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
-        (Address(display_name='', username='a', domain='malicious.org'),)
-
-        >>> parseaddr('a@malicious.org@important.com')
-        ('', 'a@malicious.org')
-
-    After:
-
-        >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
-        (Address(display_name='', username='', domain=''),)
-
-        >>> parseaddr('a@malicious.org@important.com')
-        ('', 'a@')
-
-https://bugs.python.org/issue34155
-(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)
-
-Co-authored-by: jpic <jpic@users.noreply.github.com>
-Signed-off-by: hehuazhen <hehuazhen@huawei.com>
----
- Lib/email/_header_value_parser.py                          |  2 ++
- Lib/email/_parseaddr.py                                    | 11 ++++++++++-
- Lib/test/test_email/test__header_value_parser.py           | 10 ++++++++++
- Lib/test/test_email/test_email.py                          | 14 ++++++++++++++
- .../next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst |  1 +
- 5 files changed, 37 insertions(+), 1 deletion(-)
- create mode 100644 Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-
-diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
-index fc00b4a..bbc026e 100644
---- a/Lib/email/_header_value_parser.py
-+++ b/Lib/email/_header_value_parser.py
-@@ -1582,6 +1582,8 @@ def get_domain(value):
-         token, value = get_dot_atom(value)
-     except errors.HeaderParseError:
-         token, value = get_atom(value)
-+    if value and value[0] == '@':
-+        raise errors.HeaderParseError('Invalid Domain')
-     if leader is not None:
-         token[:0] = [leader]
-     domain.append(token)
-diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
-index cdfa372..41ff6f8 100644
---- a/Lib/email/_parseaddr.py
-+++ b/Lib/email/_parseaddr.py
-@@ -379,7 +379,12 @@ class AddrlistClass:
-         aslist.append('@')
-         self.pos += 1
-         self.gotonext()
--        return EMPTYSTRING.join(aslist) + self.getdomain()
-+        domain = self.getdomain()
-+        if not domain:
-+            # Invalid domain, return an empty address instead of returning a
-+            # local part to denote failed parsing.
-+            return EMPTYSTRING
-+        return EMPTYSTRING.join(aslist) + domain
- 
-     def getdomain(self):
-         """Get the complete domain name from an address."""
-@@ -394,6 +399,10 @@ class AddrlistClass:
-             elif self.field[self.pos] == '.':
-                 self.pos += 1
-                 sdlist.append('.')
-+            elif self.field[self.pos] == '@':
-+                # bpo-34155: Don't parse domains with two `@` like
-+                # `a@malicious.org@important.com`.
-+                return EMPTYSTRING
-             elif self.field[self.pos] in self.atomends:
-                 break
-             else:
-diff --git a/Lib/test/test_email/test__header_value_parser.py b/Lib/test/test_email/test__header_value_parser.py
-index 693487b..7dc4de1 100644
---- a/Lib/test/test_email/test__header_value_parser.py
-+++ b/Lib/test/test_email/test__header_value_parser.py
-@@ -1438,6 +1438,16 @@ class TestParser(TestParserMixin, TestEmailBase):
-         self.assertEqual(addr_spec.domain, 'example.com')
-         self.assertEqual(addr_spec.addr_spec, 'star.a.star@example.com')
- 
-+    def test_get_addr_spec_multiple_domains(self):
-+        with self.assertRaises(errors.HeaderParseError):
-+            parser.get_addr_spec('star@a.star@example.com')
-+
-+        with self.assertRaises(errors.HeaderParseError):
-+            parser.get_addr_spec('star@a@example.com')
-+
-+        with self.assertRaises(errors.HeaderParseError):
-+            parser.get_addr_spec('star@172.17.0.1@example.com')
-+
-     # get_obs_route
- 
-     def test_get_obs_route_simple(self):
-diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py
-index c29cc56..aa77588 100644
---- a/Lib/test/test_email/test_email.py
-+++ b/Lib/test/test_email/test_email.py
-@@ -3041,6 +3041,20 @@ class TestMiscellaneous(TestEmailBase):
-         self.assertEqual(utils.parseaddr('<>'), ('', ''))
-         self.assertEqual(utils.formataddr(utils.parseaddr('<>')), '')
- 
-+    def test_parseaddr_multiple_domains(self):
-+        self.assertEqual(
-+            utils.parseaddr('a@b@c'),
-+            ('', '')
-+        )
-+        self.assertEqual(
-+            utils.parseaddr('a@b.c@c'),
-+            ('', '')
-+        )
-+        self.assertEqual(
-+            utils.parseaddr('a@172.17.0.1@c'),
-+            ('', '')
-+        )
-+
-     def test_noquote_dump(self):
-         self.assertEqual(
-             utils.formataddr(('A Silly Person', 'person@dom.ain')),
-diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-new file mode 100644
-index 0000000..50292e2
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-@@ -0,0 +1 @@
-+Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.
--- 
-1.8.3.1

CVE-2019-16935.patch

@@ -1,79 +0,0 @@
-From 0fe421c4875a031a83b4f0d804464af3a613985c Mon Sep 17 00:00:00 2001
-From: Dong-hee Na <donghee.na92@gmail.com>
-Date: Sat, 28 Sep 2019 04:59:37 +0900
-Subject: [PATCH] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373)
-
-Escape the server title of xmlrpc.server.DocXMLRPCServer
-when rendering the document page as HTML.
----
- Lib/test/test_docxmlrpc.py                               | 16 ++++++++++++++++
- Lib/xmlrpc/server.py                                     |  3 ++-
- .../Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst    |  3 +++
- 3 files changed, 21 insertions(+), 1 deletion(-)
- create mode 100644 Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
-
-diff --git a/Lib/test/test_docxmlrpc.py b/Lib/test/test_docxmlrpc.py
-index f077f05..3821565 100644
---- a/Lib/test/test_docxmlrpc.py
-+++ b/Lib/test/test_docxmlrpc.py
-@@ -1,5 +1,6 @@
- from xmlrpc.server import DocXMLRPCServer
- import http.client
-+import re
- import sys
- import threading
- from test import support
-@@ -193,6 +194,21 @@ class DocXMLRPCHTTPGETServer(unittest.TestCase):
-              b'method_annotation</strong></a>(x: bytes)</dt></dl>'),
-             response.read())
- 
-+    def test_server_title_escape(self):
-+        # bpo-38243: Ensure that the server title and documentation
-+        # are escaped for HTML.
-+        self.serv.set_server_title('test_title<script>')
-+        self.serv.set_server_documentation('test_documentation<script>')
-+        self.assertEqual('test_title<script>', self.serv.server_title)
-+        self.assertEqual('test_documentation<script>',
-+                self.serv.server_documentation)
-+
-+        generated = self.serv.generate_html_documentation()
-+        title = re.search(r'<title>(.+?)</title>', generated).group()
-+        documentation = re.search(r'<p><tt>(.+?)</tt></p>', generated).group()
-+        self.assertEqual('<title>Python: test_title&lt;script&gt;</title>', title)
-+        self.assertEqual('<p><tt>test_documentation&lt;script&gt;</tt></p>', documentation)
-+
- 
- if __name__ == '__main__':
-     unittest.main()
-diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
-index f1c467e..32aba4d 100644
---- a/Lib/xmlrpc/server.py
-+++ b/Lib/xmlrpc/server.py
-@@ -108,6 +108,7 @@ from xmlrpc.client import Fault, dumps, loads, gzip_encode, gzip_decode
- from http.server import BaseHTTPRequestHandler
- from functools import partial
- from inspect import signature
-+import html
- import http.server
- import socketserver
- import sys
-@@ -894,7 +895,7 @@ class XMLRPCDocGenerator:
-                                 methods
-                             )
- 
--        return documenter.page(self.server_title, documentation)
-+        return documenter.page(html.escape(self.server_title), documentation)
- 
- class DocXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
-     """XML-RPC and documentation request handler class.
-diff --git a/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
-new file mode 100644
-index 0000000..98d7be1
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
-@@ -0,0 +1,3 @@
-+Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer`
-+when rendering the document page as HTML.
-+(Contributed by Dong-hee Na in :issue:`38243`.)
--- 
-1.8.3.1

CVE-2019-9674.patch

@@ -32,9 +32,9 @@ index 6fb03a0..6fa0a28 100644
 --- a/Doc/library/zipfile.rst
 +++ b/Doc/library/zipfile.rst
 @@ -730,5 +730,45 @@ Command-line options
-
+ 
     Test whether the zipfile is valid or not.
-
+ 
 +Decompression pitfalls
 +----------------------
 +
@@ -74,7 +74,7 @@ index 6fb03a0..6fa0a28 100644
 +For example, when extracting the same archive twice,
 +it overwrites files without asking.
 +
-
+ 
 +.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb
  .. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
 diff --git a/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst

python3-add-generic-os-support.patch

@@ -4,13 +4,13 @@ index 6ab06b5..8d41a4b 100755
 +++ b/Lib/platform.py
 @@ -297,7 +297,7 @@ _release_version = re.compile(r'([^0-9]+)'
  # and http://www.die.net/doc/linux/man/man1/lsb_release.1.html
-
+ 
  _supported_dists = (
 -    'SuSE', 'debian', 'fedora', 'redhat', 'centos',
 +    'SuSE', 'debian', 'fedora', 'redhat', 'centos', 'generic_os',
      'mandrake', 'mandriva', 'rocks', 'slackware', 'yellowdog', 'gentoo',
      'UnitedLinux', 'turbolinux', 'arch', 'mageia')
-
+ 
 @@ -367,6 +367,8 @@ def _linux_distribution(distname, version, id, supported_dists,
          return distname, version, id
      etc.sort()

python3.spec

@@ -2,8 +2,8 @@ Name: python3
 Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 
-Version: 3.7.4
-Release: 11
+Version: 3.7.9
+Release: 1
 License: Python
 
 %global branchversion 3.7
@@ -101,11 +101,8 @@ Patch205: 00205-make-libpl-respect-lib64.patch
 Patch251: 00251-change-user-install-location.patch
 Patch316: 00316-mark-bdist_wininst-unsupported.patch
 
-Patch6000:	CVE-2019-16056.patch
-Patch6001:	CVE-2019-16935.patch
-Patch6002:	CVE-2019-17514.patch
-Patch6003:	CVE-2019-9674.patch
-Patch6004:	backport-CVE-2019-20907.patch
+Patch6000:	CVE-2019-17514.patch
+Patch6001:	CVE-2019-9674.patch
 
 Patch9000: python3-add-generic-os-support.patch
 
@@ -197,9 +194,6 @@ rm Lib/ensurepip/_bundled/*.whl
 
 %patch6000 -p1
 %patch6001 -p1
-%patch6002 -p1
-%patch6003 -p1
-%patch6004 -p1
 
 %patch9000 -p1
 
@@ -803,6 +797,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 
 %changelog
+* Mon Aug 31 2020 shixuantong<shixuantong@huawei.com> - 3.7.9-1
+- Type:NA
+- ID:NA
+- SUG:NA
+- DESC:update version to 3.7.9
+
 * Tue Aug 4 2020 wenzhanli<wenzhanli2@huawei.com> - 3.7.4-11
 - Type:cves
 - ID:NA