Hello community, here is the log from the commit of package python for openSUSE:Factory checked in at 2019-12-07 15:14:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python (Old) and /work/SRC/openSUSE:Factory/.python.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python" Sat Dec 7 15:14:50 2019 rev:144 rq:753190 version:2.7.17 Changes: -------- --- /work/SRC/openSUSE:Factory/python/python-base.changes 2019-11-04 17:08:53.768420719 +0100 +++ /work/SRC/openSUSE:Factory/.python.new.4691/python-base.changes 2019-12-07 15:15:26.227795426 +0100 @@ -1,0 +2,19 @@ +Fri Nov 22 13:10:03 CET 2019 - Matej Cepl <[email protected]> + +- Move /etc/pythonstart script to shared-python-startup + package. + +------------------------------------------------------------------- +Tue Nov 5 11:41:40 CET 2019 - Matej Cepl <[email protected]> + +- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from + bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes + bsc#1149792 + +------------------------------------------------------------------- +Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <[email protected]> + +- Add adapted-from-F00251-change-user-install-location.patch fixing + pip/distutils to install into /usr/local. + +------------------------------------------------------------------- @@ -12,0 +32,5 @@ + - python-2.7.14-CVE-2018-1000030-1.patch + - python-2.7.14-CVE-2018-1000030-2.patch +- Renamed remove-static-libpython.diff and python-bsddb6.diff to + remove-static-libpython.patch and python-bsddb6.patch to unify + filenames. @@ -27 +51,8 @@ -Fri Jul 19 13:28:16 CEST 2019 - Matej Cepl <[email protected]> +Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16056-email-parse-addr.patch fixing the email + module wrongly parses email addresses [bsc#1149955, + CVE-2019-16056] + +------------------------------------------------------------------- +Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl <[email protected]> @@ -40,0 +72,8 @@ +Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch + which fixes regression introduced by the previous patch. + (CVE-2019-10160) + Upstream gh#python/cpython#13812 + +------------------------------------------------------------------- @@ -70 +109 @@ - no error will be raised. + no error will be raised (CVE-2019-9636). @@ -95 +134 @@ - remove-static-libpython.diff + remove-static-libpython.patch @@ -99,0 +139,19 @@ +Fri Jan 25 16:53:50 CET 2019 - [email protected] + +- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch + fixing bpo-34623. + +------------------------------------------------------------------- +Fri Jan 25 16:02:21 CET 2019 - [email protected] + +- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch + PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance + of PyWeakReference struct and does not intialize wr_prev and + wr_next of new isntance. These pointers can have garbage and + point to random memory locations. + Python should not crash while destroying the isntance created + in the same interpreter function. As per my understanding, both + wr_prev and wr_next of PyWeakReference instance should be + initialized to NULL to avoid segfault. + +------------------------------------------------------------------- @@ -120,0 +179 @@ + (bsc#1113755) @@ -129,0 +189,26 @@ +Fri Jun 29 10:24:27 UTC 2018 - [email protected] + +- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent + low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS + (CVE-2018-1061). Prior to this patch mail server's timestamp was + susceptible to catastrophic backtracking on long evil response from + the server. Also, it was susceptible to catastrophic backtracking, + which was a potential DOS vector. + [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060] + +------------------------------------------------------------------- +Thu Jun 7 17:04:40 UTC 2018 - [email protected] + +- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that + verifies that at least one channel is provided. Prior to this + check, attackers could cause a denial of service (divide-by-zero + error and application crash) via a crafted wav format audio file. + [bsc#1083507, CVE-2017-18207] + +------------------------------------------------------------------- +Tue May 29 12:42:22 UTC 2018 - [email protected] + +- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) + sort tarfile output directory listing + +------------------------------------------------------------------- @@ -147 +232 @@ -Tue Feb 20 13:14:27 UTC 2018 - [email protected] +Tue Mar 13 15:22:47 UTC 2018 - [email protected] @@ -149 +234,4 @@ -- Add python-sorted_tar.patch (boo#1081750) +- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer + overflows in PyString_DecodeEscape that could have resulted in + heap-based buffer overflow attacks and possible arbitrary code + execution. [bsc#1068664, CVE-2017-1000158] @@ -188,0 +277,9 @@ +- Apply "python-2.7.14-CVE-2018-1000030-1.patch" and + "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that + would crash the Python interpreter when multiple threads used the + same I/O stream concurrently. This issue is not classified as a + security vulnerability due to the fact that an attacker must be + able to run code, however in some situations -- such as function + as a service -- this vulnerability can potentially be used by an + attacker to violate a trust boundary. [bsc#1079300, + CVE-2018-1000030] @@ -195,0 +293,11 @@ +Thu Sep 14 14:12:38 UTC 2017 - [email protected] + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch + +------------------------------------------------------------------- +Mon Aug 28 13:28:46 UTC 2017 - [email protected] + +- drop SUSE_ASNEEDED=0 as it is not needed anymore + +------------------------------------------------------------------- @@ -206,0 +315,17 @@ +Tue Feb 28 16:16:40 UTC 2017 - [email protected] + +- SLE package update (bsc#1027282) +- refresh python-2.7.5-multilib.patch +- dropped upstreamed patches: + python-fix-short-dh.patch + python-2.7.7-mhlib-linkcount.patch + python-2.7-urllib2-localnet-ssl.patch + CVE-2016-0772-smtplib-starttls.patch + CVE-2016-5699-http-header-injection.patch + CVE-2016-5636-zipimporter-overflow.patch + python-2.7-httpoxy.patch +- Add python-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + ([email protected]) + +------------------------------------------------------------------- @@ -222,0 +348 @@ + (bnc#964182) @@ -253,0 +380,17 @@ +Fri Jun 17 12:33:23 UTC 2016 - [email protected] + +- CVE-2016-0772-smtplib-starttls.patch: + smtplib vulnerability opens startTLS stripping attack + (CVE-2016-0772, bsc#984751) +- CVE-2016-5636-zipimporter-overflow.patch: + heap overflow when importing malformed zip files + (CVE-2016-5636, bsc#985177) +- CVE-2016-5699-http-header-injection.patch: + incorrect validation of HTTP headers allow header injection + (CVE-2016-5699, bsc#985348) +- python-2.7-httpoxy.patch: + HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY + when REQUEST_METHOD is also set + (CVE-2016-1000110, bsc#989523) + +------------------------------------------------------------------- @@ -264,0 +408,2 @@ +- update SLE check to exclude Leap which also has version 1315, + just to be sure @@ -272,0 +418,18 @@ +Thu Aug 13 13:31:15 UTC 2015 - [email protected] + +- add missing ssl.pyc and ssl.pyo to package +- implement python-strict-tls-checks subpackage + * when present, Python will perform TLS certificate checking by default. + it is possible to remove the package to turn off the checks + for compatibility with legacy scripts. + * as discussed in fate#318300 + * this is not built for openSUSE, but retained here in case we want + to build the package for a SLE system + +------------------------------------------------------------------- +Mon Jun 29 08:32:44 UTC 2015 - [email protected] + +- python-fix-short-dh.patch: Bump DH parameters to 2048 bit + to fix logjam security issue. bsc#935856 + +------------------------------------------------------------------- @@ -275 +438 @@ -- add __python2 compatibility macro (used by Fedora) +- add __python2 compatibility macro (used by Fedora) (fate#318838) @@ -320,0 +484,7 @@ +Wed Oct 1 13:00:59 UTC 2014 - [email protected] + +- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow ++++ 1195 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python/python-base.changes ++++ and /work/SRC/openSUSE:Factory/.python.new.4691/python-base.changes --- /work/SRC/openSUSE:Factory/python/python-doc.changes 2018-12-10 12:21:28.798937482 +0100 +++ /work/SRC/openSUSE:Factory/.python.new.4691/python-doc.changes 2019-12-07 15:15:27.155795295 +0100 @@ -1,0 +2,174 @@ +Fri Nov 22 13:10:03 CET 2019 - Matej Cepl <[email protected]> + +- Move /etc/pythonstart script to shared-python-startup + package. + +------------------------------------------------------------------- +Tue Nov 5 11:41:40 CET 2019 - Matej Cepl <[email protected]> + +- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from + bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes + bsc#1149792 + +------------------------------------------------------------------- +Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <[email protected]> + +- Add adapted-from-F00251-change-user-install-location.patch fixing + pip/distutils to install into /usr/local. + +------------------------------------------------------------------- +Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl <[email protected]> + +- Update to 2.7.17: + - a bug fix release in the Python 2.7.x series. It is expected + to be the penultimate release for Python 2.7. +- Removed patches included upstream: + - CVE-2018-20852-cookie-domain-check.patch + - CVE-2019-16935-xmlrpc-doc-server_title.patch + - CVE-2019-9636-netloc-no-decompose-characters.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - CVE-2019-9948-avoid_local-file.patch + - python-2.7.14-CVE-2018-1000030-1.patch + - python-2.7.14-CVE-2018-1000030-2.patch +- Renamed remove-static-libpython.diff and python-bsddb6.diff to + remove-static-libpython.patch and python-bsddb6.patch to unify + filenames. + +------------------------------------------------------------------- +Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing + bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in + python/Lib/DocXMLRPCServer.py + +------------------------------------------------------------------- +Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann <[email protected]> + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16056-email-parse-addr.patch fixing the email + module wrongly parses email addresses [bsc#1149955, + CVE-2019-16056] + +------------------------------------------------------------------- +Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl <[email protected]> + +- boo#1141853 (CVE-2018-20852) add + CVE-2018-20852-cookie-domain-check.patch fixing + http.cookiejar.DefaultPolicy.domain_return_ok which did not + correctly validate the domain: it could be tricked into sending + cookies to the wrong server. + +------------------------------------------------------------------- +Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal <[email protected]> + +- Skip test_urllib2_localnet that randomly fails in OBS + +------------------------------------------------------------------- +Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch + which fixes regression introduced by the previous patch. + (CVE-2019-10160) + Upstream gh#python/cpython#13812 + +------------------------------------------------------------------- +Wed May 29 08:58:16 UTC 2019 - Martin Liška <[email protected]> + +- Set _lto_cflags to nil as it will prevent to propage LTO + for Python modules that are built in a separate package. + +------------------------------------------------------------------- +Thu May 2 08:40:33 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch + removing unnecessary (and potentially harmful) URL scheme + local-file://. + +------------------------------------------------------------------- +Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch + Characters in the netloc attribute that decompose under NFKC + normalization (as used by the IDNA encoding) into any of ``/``, + ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the + URL is decomposed before parsing, or is not a Unicode string, + no error will be raised (CVE-2019-9636). + Upstream commits e37ef41 and 507bd8c. + +------------------------------------------------------------------- +Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <[email protected]> + +- Update to 2.7.16: + * bugfix-only release: complete list of changes on + https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst + * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch + which are fully included in the tarball. + * Updated patches to apply cleanly: + CVE-2019-5010-null-defer-x509-cert-DOS.patch + bpo36160-init-sysconfig_vars.patch + do-not-use-non-ascii-in-test_ssl.patch + openssl-111-middlebox-compat.patch + openssl-111-ssl_options.patch + python-2.5.1-sqlite.patch + python-2.6-gettext-plurals.patch + python-2.7-dirs.patch + python-2.7.2-fix_date_time_compiler.patch + python-2.7.4-canonicalize2.patch + python-2.7.5-multilib.patch + python-2.7.9-ssl_ca_path.patch + python-bsddb6.diff + remove-static-libpython.patch + * Update python-2.7.5-multilib.patch to pass with new platlib + regime. + +------------------------------------------------------------------- +Fri Jan 25 16:53:50 CET 2019 - [email protected] + +- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch + fixing bpo-34623. + +------------------------------------------------------------------- +Fri Jan 25 16:02:21 CET 2019 - [email protected] + +- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch + PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance + of PyWeakReference struct and does not intialize wr_prev and + wr_next of new isntance. These pointers can have garbage and + point to random memory locations. + Python should not crash while destroying the isntance created + in the same interpreter function. As per my understanding, both + wr_prev and wr_next of PyWeakReference instance should be + initialized to NULL to avoid segfault. + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - [email protected] + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R <[email protected]> + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- @@ -4,0 +179 @@ + (bsc#1113755) @@ -13,0 +189,26 @@ +Fri Jun 29 10:24:27 UTC 2018 - [email protected] + +- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent + low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS + (CVE-2018-1061). Prior to this patch mail server's timestamp was + susceptible to catastrophic backtracking on long evil response from + the server. Also, it was susceptible to catastrophic backtracking, + which was a potential DOS vector. + [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060] + +------------------------------------------------------------------- +Thu Jun 7 17:04:40 UTC 2018 - [email protected] + +- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that + verifies that at least one channel is provided. Prior to this + check, attackers could cause a denial of service (divide-by-zero + error and application crash) via a crafted wav format audio file. + [bsc#1083507, CVE-2017-18207] + +------------------------------------------------------------------- ++++ 2001 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python/python-doc.changes ++++ and /work/SRC/openSUSE:Factory/.python.new.4691/python-doc.changes --- /work/SRC/openSUSE:Factory/python/python.changes 2019-08-27 15:19:49.692887916 +0200 +++ /work/SRC/openSUSE:Factory/.python.new.4691/python.changes 2019-12-07 15:15:28.983795036 +0100 @@ -2 +2 @@ -Sat Aug 17 13:11:11 UTC 2019 - John Vandenberg <[email protected]> +Fri Nov 22 13:10:03 CET 2019 - Matej Cepl <[email protected]> @@ -4 +4,61 @@ -- Remove xrpm from subpackage tk description +- Move /etc/pythonstart script to shared-python-startup + package. + +------------------------------------------------------------------- +Tue Nov 5 11:41:40 CET 2019 - Matej Cepl <[email protected]> + +- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from + bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes + bsc#1149792 + +------------------------------------------------------------------- +Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <[email protected]> + +- Add adapted-from-F00251-change-user-install-location.patch fixing + pip/distutils to install into /usr/local. + +------------------------------------------------------------------- +Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl <[email protected]> + +- Update to 2.7.17: + - a bug fix release in the Python 2.7.x series. It is expected + to be the penultimate release for Python 2.7. +- Removed patches included upstream: + - CVE-2018-20852-cookie-domain-check.patch + - CVE-2019-16935-xmlrpc-doc-server_title.patch + - CVE-2019-9636-netloc-no-decompose-characters.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - CVE-2019-9948-avoid_local-file.patch + - python-2.7.14-CVE-2018-1000030-1.patch + - python-2.7.14-CVE-2018-1000030-2.patch +- Renamed remove-static-libpython.diff and python-bsddb6.diff to + remove-static-libpython.patch and python-bsddb6.patch to unify + filenames. + +------------------------------------------------------------------- +Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing + bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in + python/Lib/DocXMLRPCServer.py + +------------------------------------------------------------------- +Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann <[email protected]> + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16056-email-parse-addr.patch fixing the email + module wrongly parses email addresses [bsc#1149955, + CVE-2019-16056] + +------------------------------------------------------------------- +Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl <[email protected]> + +- boo#1141853 (CVE-2018-20852) add + CVE-2018-20852-cookie-domain-check.patch fixing + http.cookiejar.DefaultPolicy.domain_return_ok which did not + correctly validate the domain: it could be tricked into sending + cookies to the wrong server. @@ -11,0 +72,8 @@ +Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch + which fixes regression introduced by the previous patch. + (CVE-2019-10160) + Upstream gh#python/cpython#13812 + +------------------------------------------------------------------- @@ -18 +86 @@ -Mon Oct 29 13:21:20 UTC 2018 - Vítězslav Čížek <[email protected]> +Thu May 2 08:40:33 CEST 2019 - Matej Cepl <[email protected]> @@ -20,5 +88,86 @@ -- Enable all the tests in %check -- Add more patches to successfully build with openssl 1.1.1 - (bsc#1113755) - * openssl-111-middlebox-compat.patch - * openssl-111-ssl_options.patch +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch + removing unnecessary (and potentially harmful) URL scheme + local-file://. + +------------------------------------------------------------------- +Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch + Characters in the netloc attribute that decompose under NFKC + normalization (as used by the IDNA encoding) into any of ``/``, + ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the + URL is decomposed before parsing, or is not a Unicode string, + no error will be raised (CVE-2019-9636). + Upstream commits e37ef41 and 507bd8c. + +------------------------------------------------------------------- +Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <[email protected]> + +- Update to 2.7.16: + * bugfix-only release: complete list of changes on + https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst + * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch + which are fully included in the tarball. + * Updated patches to apply cleanly: + CVE-2019-5010-null-defer-x509-cert-DOS.patch + bpo36160-init-sysconfig_vars.patch + do-not-use-non-ascii-in-test_ssl.patch + openssl-111-middlebox-compat.patch + openssl-111-ssl_options.patch + python-2.5.1-sqlite.patch + python-2.6-gettext-plurals.patch + python-2.7-dirs.patch + python-2.7.2-fix_date_time_compiler.patch + python-2.7.4-canonicalize2.patch + python-2.7.5-multilib.patch + python-2.7.9-ssl_ca_path.patch + python-bsddb6.diff + remove-static-libpython.patch + * Update python-2.7.5-multilib.patch to pass with new platlib + regime. + +------------------------------------------------------------------- +Fri Jan 25 16:53:50 CET 2019 - [email protected] + +- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch + fixing bpo-34623. + +------------------------------------------------------------------- +Fri Jan 25 16:02:21 CET 2019 - [email protected] + +- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch + PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance + of PyWeakReference struct and does not intialize wr_prev and + wr_next of new isntance. These pointers can have garbage and + point to random memory locations. + Python should not crash while destroying the isntance created + in the same interpreter function. As per my understanding, both + wr_prev and wr_next of PyWeakReference instance should be + initialized to NULL to avoid segfault. + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - [email protected] + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R <[email protected]> + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. @@ -29,0 +179 @@ + (bsc#1113755) @@ -38,0 +189,26 @@ +Fri Jun 29 10:24:27 UTC 2018 - [email protected] + +- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent + low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS + (CVE-2018-1061). Prior to this patch mail server's timestamp was + susceptible to catastrophic backtracking on long evil response from + the server. Also, it was susceptible to catastrophic backtracking, + which was a potential DOS vector. + [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060] + +------------------------------------------------------------------- +Thu Jun 7 17:04:40 UTC 2018 - [email protected] + +- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that + verifies that at least one channel is provided. Prior to this + check, attackers could cause a denial of service (divide-by-zero + error and application crash) via a crafted wav format audio file. + [bsc#1083507, CVE-2017-18207] + +------------------------------------------------------------------- +Tue May 29 12:42:22 UTC 2018 - [email protected] + +- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) + sort tarfile output directory listing + ++++ 731 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python/python.changes ++++ and /work/SRC/openSUSE:Factory/.python.new.4691/python.changes Old: ---- python-bsddb6.diff python.csh python.sh pythonstart remove-static-libpython.diff New: ---- CVE-2017-18207.patch adapted-from-F00251-change-user-install-location.patch python-bsddb6.patch remove-static-libpython.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-base.spec ++++++ --- /var/tmp/diff_new_pack.gLbotH/_old 2019-12-07 15:15:31.583794668 +0100 +++ /var/tmp/diff_new_pack.gLbotH/_new 2019-12-07 15:15:31.587794667 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-base # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Summary: Python Interpreter base package License: Python-2.0 Group: Development/Languages/Python -Url: http://www.python.org/ +URL: http://www.python.org/ %define tarversion %{version} %define tarname Python-%{tarversion} Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz @@ -43,12 +43,12 @@ Patch8: python-2.6b3-curses-panel.patch Patch10: sparc_longdouble.patch Patch13: python-2.7.2-fix_date_time_compiler.patch -Patch17: remove-static-libpython.diff +Patch17: remove-static-libpython.patch # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 [email protected] -- gettext: when looking in default_localedir also check in locale-bundle. Patch20: python-bundle-lang.patch # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64 Patch22: python-2.7-libffi-aarch64.patch -Patch24: python-bsddb6.diff +Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients @@ -66,14 +66,23 @@ # PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE Patch48: openssl-111-ssl_options.patch # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 [email protected] -# https://github.com/python/cpython/pull/11569 +# gh#python/cpython#11569 # Fix segfault in ssl's cert parser Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch # PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 [email protected] # Initialize sysconfig variables in test_site. Patch50: bpo36160-init-sysconfig_vars.patch -# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341 +# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 [email protected] +# Add check for channels of wav file in Lib/wave.py +Patch51: CVE-2017-18207.patch +# PATCH-FIX-UPSTREAM gh#python/cpython#12341 Patch55: bpo36302-sort-module-sources.patch +# Fix installation in /usr/local (boo#1071941), adapted from Fedora +# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch56: adapted-from-F00251-change-user-install-location.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -185,7 +194,9 @@ %patch48 -p1 %patch49 -p1 %patch50 -p1 +%patch51 -p1 %patch55 -p1 +%patch56 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac ++++++ python-doc.spec ++++++ --- /var/tmp/diff_new_pack.gLbotH/_old 2019-12-07 15:15:31.611794664 +0100 +++ /var/tmp/diff_new_pack.gLbotH/_new 2019-12-07 15:15:31.615794664 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-doc # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Summary: Additional Package Documentation for Python License: Python-2.0 Group: Development/Languages/Python -Url: http://www.python.org/ +URL: http://www.python.org/ %define tarname Python-%{version} Source0: %{tarname}.tar.xz # docs for current version are regenerated every day @@ -43,12 +43,12 @@ Patch8: python-2.6b3-curses-panel.patch Patch10: sparc_longdouble.patch Patch13: python-2.7.2-fix_date_time_compiler.patch -Patch17: remove-static-libpython.diff +Patch17: remove-static-libpython.patch # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 [email protected] -- gettext: when looking in default_localedir also check in locale-bundle. Patch20: python-bundle-lang.patch # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64 Patch22: python-2.7-libffi-aarch64.patch -Patch24: python-bsddb6.diff +Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients @@ -66,14 +66,23 @@ # PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE Patch48: openssl-111-ssl_options.patch # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 [email protected] -# https://github.com/python/cpython/pull/11569 +# gh#python/cpython#11569 # Fix segfault in ssl's cert parser Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch # PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 [email protected] # Initialize sysconfig variables in test_site. Patch50: bpo36160-init-sysconfig_vars.patch -# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341 +# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 [email protected] +# Add check for channels of wav file in Lib/wave.py +Patch51: CVE-2017-18207.patch +# PATCH-FIX-UPSTREAM gh#python/cpython#12341 Patch55: bpo36302-sort-module-sources.patch +# Fix installation in /usr/local (boo#1071941), adapted from Fedora +# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch56: adapted-from-F00251-change-user-install-location.patch # COMMON-PATCH-END Provides: pyth_doc Provides: pyth_ps @@ -131,7 +140,9 @@ %patch48 -p1 %patch49 -p1 %patch50 -p1 +%patch51 -p1 %patch55 -p1 +%patch56 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac ++++++ python.spec ++++++ --- /var/tmp/diff_new_pack.gLbotH/_old 2019-12-07 15:15:31.667794656 +0100 +++ /var/tmp/diff_new_pack.gLbotH/_new 2019-12-07 15:15:31.675794655 +0100 @@ -1,7 +1,7 @@ # # spec file for package python # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,14 +22,11 @@ Summary: Python Interpreter License: Python-2.0 Group: Development/Languages/Python -Url: http://www.python.org/ +URL: http://www.python.org/ %define tarversion %{version} %define tarname Python-%{tarversion} Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz Source1: README.SUSE -Source2: pythonstart -Source3: python.sh -Source4: python.csh Source8: sle_tls_checks_policy.py #Source11: testfiles.tar.bz2 # issues with copyrighted Unicode testing files @@ -48,12 +45,12 @@ Patch8: python-2.6b3-curses-panel.patch Patch10: sparc_longdouble.patch Patch13: python-2.7.2-fix_date_time_compiler.patch -Patch17: remove-static-libpython.diff +Patch17: remove-static-libpython.patch # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 [email protected] -- gettext: when looking in default_localedir also check in locale-bundle. Patch20: python-bundle-lang.patch # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64 Patch22: python-2.7-libffi-aarch64.patch -Patch24: python-bsddb6.diff +Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients @@ -71,14 +68,23 @@ # PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE Patch48: openssl-111-ssl_options.patch # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 [email protected] -# https://github.com/python/cpython/pull/11569 +# gh#python/cpython#11569 # Fix segfault in ssl's cert parser Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch # PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 [email protected] # Initialize sysconfig variables in test_site. Patch50: bpo36160-init-sysconfig_vars.patch -# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341 +# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 [email protected] +# Add check for channels of wav file in Lib/wave.py +Patch51: CVE-2017-18207.patch +# PATCH-FIX-UPSTREAM gh#python/cpython#12341 Patch55: bpo36302-sort-module-sources.patch +# Fix installation in /usr/local (boo#1071941), adapted from Fedora +# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch56: adapted-from-F00251-change-user-install-location.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -236,7 +242,9 @@ %patch48 -p1 %patch49 -p1 %patch50 -p1 +%patch51 -p1 %patch55 -p1 +%patch56 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac @@ -420,12 +428,6 @@ ln -sf /etc/%{idle_name}/$file %{buildroot}/%{_libdir}/python%{python_version}/idlelib/ done ) -######################################## -# startup script -######################################## -install -m 644 %{SOURCE2} %{buildroot}/etc -install -d -m 755 %{buildroot}%{_sysconfdir}/profile.d -install -m 644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d %post -p /sbin/ldconfig @@ -476,8 +478,6 @@ %doc %{_docdir}/%{name}/README %doc %{_docdir}/%{name}/LICENSE %doc %{_docdir}/%{name}/README.SUSE -%config %{_sysconfdir}/pythonstart -%config %{_sysconfdir}/profile.d/python.* %dir %{_libdir}/python%{python_version} %{_libdir}/python%{python_version}/ssl.py* %{_libdir}/python%{python_version}/bsddb ++++++ CVE-2017-18207.patch ++++++ >From ae0ed14794ced2c51c822fc6f0d3ca92064619dd Mon Sep 17 00:00:00 2001 From: BT123 <[email protected]> Date: Fri, 17 Nov 2017 16:45:45 +0800 Subject: [PATCH] bug in wave.py --- Lib/wave.py | 2 ++ 1 file changed, 2 insertions(+) Index: Python-2.7.13/Lib/wave.py =================================================================== --- Python-2.7.13.orig/Lib/wave.py 2018-06-07 17:00:25.370728844 +0000 +++ Python-2.7.13/Lib/wave.py 2018-06-07 17:02:51.768202800 +0000 @@ -272,6 +272,8 @@ class Wave_read: self._sampwidth = (sampwidth + 7) // 8 else: raise Error, 'unknown format: %r' % (wFormatTag,) + if self._nchannels == 0: + raise Error, "The audio file in wav format should have at least one channel!" self._framesize = self._nchannels * self._sampwidth self._comptype = 'NONE' self._compname = 'not compressed' ++++++ adapted-from-F00251-change-user-install-location.patch ++++++ Index: Python-2.7.17/Lib/distutils/command/install.py =================================================================== --- Python-2.7.17.orig/Lib/distutils/command/install.py +++ Python-2.7.17/Lib/distutils/command/install.py @@ -431,8 +431,18 @@ class install (Command): raise DistutilsOptionError, \ "must not supply exec-prefix without prefix" - self.prefix = os.path.normpath(sys.prefix) - self.exec_prefix = os.path.normpath(sys.exec_prefix) + # self.prefix is set to sys.prefix + /local/ + # if neither RPM build nor virtual environment is + # detected to make pip and distutils install packages + # into the separate location. + if (not hasattr(sys, 'real_prefix') and + 'RPM_BUILD_ROOT' not in os.environ): + addition = "/local" + else: + addition = "" + + self.prefix = os.path.normpath(sys.prefix) + addition + self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition else: if self.exec_prefix is None: Index: Python-2.7.17/Lib/site.py =================================================================== --- Python-2.7.17.orig/Lib/site.py +++ Python-2.7.17/Lib/site.py @@ -291,6 +291,10 @@ def getsitepackages(): sitepackages = [] seen = set() + # '/usr/local' is included in PREFIXES if RPM build is not detected + # to make packages installed into this location visible. + if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: + PREFIXES.insert(0, "/usr/local") for prefix in PREFIXES: if not prefix or prefix in seen: continue ++++++ macros.python2 ++++++ --- /var/tmp/diff_new_pack.gLbotH/_old 2019-12-07 15:15:31.827794634 +0100 +++ /var/tmp/diff_new_pack.gLbotH/_new 2019-12-07 15:15:31.827794634 +0100 @@ -1,10 +1,8 @@ # legacy macros. commented but kept for the sake of possible recovery of their values -#%py_ver %(python -c "import sys; v=sys.version_info[:2]; print '%%d.%%d'%%v" 2>/dev/null || echo PYTHON-NOT-FOUND) -#%py_prefix %(python -c "import sys; print sys.prefix" 2>/dev/null || echo PYTHON-NOT-FOUND) -#%py_libdir %{py_prefix}/%{_lib}/python%{py_ver} -#%py_incdir %{py_prefix}/include/python%{py_ver} -#%py_sitedir %{py_libdir}/site-packages -#%__python2 /usr/bin/python2 +%py_prefix %(python -c "import sys; print sys.prefix" 2>/dev/null || echo PYTHON-NOT-FOUND) +%py_libdir %{py_prefix}/%{_lib}/python%{py_ver} +%py_incdir %{py_prefix}/include/python%{py_ver} +%py_sitedir %{py_libdir}/site-packages # these might be still in use somewhere %py_compile(O) \ ++++++ pre_checkin.sh ++++++ --- /var/tmp/diff_new_pack.gLbotH/_old 2019-12-07 15:15:31.863794628 +0100 +++ /var/tmp/diff_new_pack.gLbotH/_new 2019-12-07 15:15:31.867794628 +0100 @@ -9,3 +9,7 @@ sed -n -e '/COMMON-PREP-END/,$p' $spec; } | uniq > $spec.tmp && mv $spec.tmp $spec done + +# I really don't want to keep all three *.changes files separate +cp python-base.changes python.changes +cp python-base.changes python-doc.changes ++++++ python-bsddb6.patch ++++++ From: Jan Engelhardt <[email protected]> Date: 2013-07-06 16:07:31.146616589 +0200 This patch was partially autogenerated: - copying python-bsddb3-6.0.0 sources into the python-2.7.5 tree - creating a diff -w against the unmodified python-2.7.5 - stripped all hunks that pertained to module renaming - manually added db6 searching to setup.py --- Lib/bsddb/test/test_all.py | 15 +++-- Lib/bsddb/test/test_misc.py | 5 + Lib/bsddb/test/test_replication.py | 25 +------- Modules/_bsddb.c | 108 +++++++++++++++++++++++++++++++++---- Modules/bsddb.h | 2 setup.py | 6 +- 6 files changed, 120 insertions(+), 41 deletions(-) --- a/Lib/bsddb/test/test_all.py +++ b/Lib/bsddb/test/test_all.py @@ -74,8 +74,9 @@ if sys.version_info[0] >= 3 : key = key.decode(charset) return (key, value.decode(charset)) - def __next__(self) : - v = getattr(self._dbcursor, "next")() + def __next__(self, flags=0, dlen=-1, doff=-1) : + v = getattr(self._dbcursor, "next")(flags=flags, dlen=dlen, + doff=doff) return self._fix(v) next = __next__ @@ -128,8 +129,8 @@ if sys.version_info[0] >= 3 : v = self._dbcursor.current(flags=flags, dlen=dlen, doff=doff) return self._fix(v) - def first(self) : - v = self._dbcursor.first() + def first(self, flags=0, dlen=-1, doff=-1) : + v = self._dbcursor.first(flags=flags, dlen=dlen, doff=doff) return self._fix(v) def pget(self, key=None, data=None, flags=0) : @@ -489,7 +490,11 @@ def print_versions(): print 'py module: %s' % getattr(bsddb, "__file"+suffix) print 'extension module: %s' % getattr(bsddb, "__file"+suffix) - print 'python version: %s' % sys.version + print 'Test working dir: %s' % get_test_path_prefix() + import platform + print 'python version: %s %s' % \ + (sys.version.replace("\r", "").replace("\n", ""), \ + platform.architecture()[0]) print 'My pid: %s' % os.getpid() print '-=' * 38 --- a/Lib/bsddb/test/test_misc.py +++ b/Lib/bsddb/test/test_misc.py @@ -46,8 +46,9 @@ class MiscTestCase(unittest.TestCase): d[repr(i)] = repr(100*i) db.close() db = hashopen(self.filename) - rp = repr(db) - self.assertEqual(rp, repr(d)) + rp = repr(sorted(db.items())) + rd = repr(sorted(d.items())) + self.assertEqual(rp, rd) db.close() # http://sourceforge.net/tracker/index.php?func=detail&aid=1708868&group_id=13900&atid=313900 --- a/Lib/bsddb/test/test_replication.py +++ b/Lib/bsddb/test/test_replication.py @@ -165,21 +165,10 @@ class DBReplicationManager(DBReplication # is not generated if the master has no new transactions. # This is solved in BDB 4.6 (#15542). import time - timeout = time.time()+60 + timeout = time.time()+10 while (time.time()<timeout) and not (self.confirmed_master and self.client_startupdone) : time.sleep(0.02) - # self.client_startupdone does not always get set to True within - # the timeout. On windows this may be a deep issue, on other - # platforms it is likely just a timing issue, especially on slow - # virthost buildbots (see issue 3892 for more). Even though - # the timeout triggers, the rest of this test method usually passes - # (but not all of it always, see below). So we just note the - # timeout on stderr and keep soldering on. - if time.time()>timeout: - import sys - print >> sys.stderr, ("XXX: timeout happened before" - "startup was confirmed - see issue 3892") - startup_timeout = True + self.assertTrue(time.time()<timeout) d = self.dbenvMaster.repmgr_site_list() self.assertEqual(len(d), 1) @@ -237,14 +226,6 @@ class DBReplicationManager(DBReplication txn.commit() if v is None : time.sleep(0.02) - # If startup did not happen before the timeout above, then this test - # sometimes fails. This happens randomly, which causes buildbot - # instability, but all the other bsddb tests pass. Since bsddb3 in the - # stdlib is currently not getting active maintenance, and is gone in - # py3k, we just skip the end of the test in that case. - if time.time()>=timeout and startup_timeout: - self.skipTest("replication test skipped due to random failure, " - "see issue 3892") self.assertLess(time.time(), timeout) self.assertEqual("123", v) @@ -375,7 +356,7 @@ class DBBaseReplication(DBReplication) : # is not generated if the master has no new transactions. # This is solved in BDB 4.6 (#15542). import time - timeout = time.time()+60 + timeout = time.time()+10 while (time.time()<timeout) and not (self.confirmed_master and self.client_startupdone) : time.sleep(0.02) --- a/Modules/_bsddb.c +++ b/Modules/_bsddb.c @@ -124,10 +124,14 @@ typedef int Py_ssize_t; #define NUMBER_Check PyLong_Check #define NUMBER_AsLong PyLong_AsLong #define NUMBER_FromLong PyLong_FromLong +#define NUMBER_FromUnsignedLong PyLong_FromUnsignedLong #else #define NUMBER_Check PyInt_Check #define NUMBER_AsLong PyInt_AsLong #define NUMBER_FromLong PyInt_FromLong +#if (PY_VERSION_HEX >= 0x02050000) +#define NUMBER_FromUnsignedLong PyInt_FromSize_t +#endif #endif #ifdef WITH_THREAD @@ -853,6 +857,18 @@ static void _addIntToDict(PyObject* dict Py_XDECREF(v); } +#if (DBVER >= 60) && (PY_VERSION_HEX >= 0x02050000) +/* add an unsigned integer to a dictionary using the given name as a key */ +static void _addUnsignedIntToDict(PyObject* dict, char *name, unsigned int value) +{ + PyObject* v = NUMBER_FromUnsignedLong((unsigned long) value); + if (!v || PyDict_SetItemString(dict, name, v)) + PyErr_Clear(); + + Py_XDECREF(v); +} +#endif + /* The same, when the value is a time_t */ static void _addTimeTToDict(PyObject* dict, char *name, time_t value) { @@ -2677,13 +2693,21 @@ _default_cmp(const DBT *leftKey, static int _db_compareCallback(DB* db, const DBT *leftKey, - const DBT *rightKey) + const DBT *rightKey +#if (DBVER >= 60) + , size_t *locp +#endif + ) { int res = 0; PyObject *args; PyObject *result = NULL; DBObject *self = (DBObject *)db->app_private; +# if (DBVER >= 60) + locp = NULL; /* As required by documentation */ +#endif + if (self == NULL || self->btCompareCallback == NULL) { MYDB_BEGIN_BLOCK_THREADS; PyErr_SetString(PyExc_TypeError, @@ -2791,13 +2815,21 @@ DB_set_bt_compare(DBObject* self, PyObje static int _db_dupCompareCallback(DB* db, const DBT *leftKey, - const DBT *rightKey) + const DBT *rightKey +#if (DBVER >= 60) + , size_t *locp +#endif + ) { int res = 0; PyObject *args; PyObject *result = NULL; DBObject *self = (DBObject *)db->app_private; +#if (DBVER >= 60) + locp = NULL; /* As required by documentation */ +#endif + if (self == NULL || self->dupCompareCallback == NULL) { MYDB_BEGIN_BLOCK_THREADS; PyErr_SetString(PyExc_TypeError, @@ -3576,13 +3608,14 @@ Py_ssize_t DB_length(PyObject* _self) err = self->db->stat(self->db, /*txnid*/ NULL, &sp, 0); MYDB_END_ALLOW_THREADS; + if (makeDBError(err)) { + return -1; + } + /* All the stat structures have matching fields upto the ndata field, so we can use any of them for the type cast */ size = ((DB_BTREE_STAT*)sp)->bt_ndata; - if (err) - return -1; - free(sp); return size; } @@ -8420,12 +8453,22 @@ static PyObject* DBSequence_get(DBSequenceObject* self, PyObject* args, PyObject* kwargs) { int err, flags = 0; +#if (DBVER >= 60) + unsigned +#endif int delta = 1; db_seq_t value; PyObject *txnobj = NULL; DB_TXN *txn = NULL; static char* kwnames[] = {"delta", "txn", "flags", NULL }; - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|iOi:get", kwnames, &delta, &txnobj, &flags)) + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, +#if (DBVER >=60) + "|IOi:get", +#else + "|iOi:get", +#endif + kwnames, &delta, &txnobj, &flags)) return NULL; CHECK_SEQUENCE_NOT_CLOSED(self) @@ -8555,8 +8598,19 @@ DBSequence_remove(DBSequenceObject* self static PyObject* DBSequence_set_cachesize(DBSequenceObject* self, PyObject* args) { - int err, size; - if (!PyArg_ParseTuple(args,"i:set_cachesize", &size)) + int err; +#if (DBVER >= 60) + unsigned +#endif + int size; + + if (!PyArg_ParseTuple(args, +#if (DBVER >= 60) + "I:set_cachesize", +#else + "i:set_cachesize", +#endif + &size)) return NULL; CHECK_SEQUENCE_NOT_CLOSED(self) @@ -8571,7 +8625,11 @@ DBSequence_set_cachesize(DBSequenceObjec static PyObject* DBSequence_get_cachesize(DBSequenceObject* self) { - int err, size; + int err; +#if (DBVER >= 60) + unsigned +#endif + int size; CHECK_SEQUENCE_NOT_CLOSED(self) @@ -8700,6 +8758,9 @@ DBSequence_stat(DBSequenceObject* self, #define MAKE_INT_ENTRY(name) _addIntToDict(dict_stat, #name, sp->st_##name) +#if (DBVER >= 60) && (PY_VERSION_HEX >= 0x02050000) +#define MAKE_UNSIGNED_INT_ENTRY(name) _addUnsignedIntToDict(dict_stat, #name, sp->st_##name) +#endif #define MAKE_LONG_LONG_ENTRY(name) _addDb_seq_tToDict(dict_stat, #name, sp->st_##name) MAKE_INT_ENTRY(wait); @@ -8709,10 +8770,15 @@ DBSequence_stat(DBSequenceObject* self, MAKE_LONG_LONG_ENTRY(last_value); MAKE_LONG_LONG_ENTRY(min); MAKE_LONG_LONG_ENTRY(max); +#if (DBVER >= 60) && (PY_VERSION_HEX >= 0x02050000) + MAKE_UNSIGNED_INT_ENTRY(cache_size); +#else MAKE_INT_ENTRY(cache_size); +#endif MAKE_INT_ENTRY(flags); #undef MAKE_INT_ENTRY +#undef MAKE_UNSIGNED_INT_ENTRY #undef MAKE_LONG_LONG_ENTRY free(sp); @@ -9014,7 +9080,7 @@ static PyMethodDef DBEnv_methods[] = { {"txn_recover", (PyCFunction)DBEnv_txn_recover, METH_NOARGS}, #if (DBVER < 48) {"set_rpc_server", (PyCFunction)DBEnv_set_rpc_server, - METH_VARARGS|METH_KEYWORDS}, + METH_VARARGS||METH_KEYWORDS}, #endif {"set_mp_max_openfd", (PyCFunction)DBEnv_set_mp_max_openfd, METH_VARARGS}, {"get_mp_max_openfd", (PyCFunction)DBEnv_get_mp_max_openfd, METH_NOARGS}, @@ -9986,6 +10052,10 @@ PyMODINIT_FUNC PyInit__bsddb(void) / ADD_INT(d, DB_LOG_ZERO); #endif +#if (DBVER >= 60) + ADD_INT(d, DB_LOG_BLOB); +#endif + #if (DBVER >= 44) ADD_INT(d, DB_DSYNC_DB); #endif @@ -10046,6 +10116,10 @@ PyMODINIT_FUNC PyInit__bsddb(void) / ADD_INT(d, DB_EVENT_REG_PANIC); #endif +#if (DBVER >= 60) + ADD_INT(d, DB_EVENT_REP_AUTOTAKEOVER_FAILED); +#endif + #if (DBVER >=52) ADD_INT(d, DB_EVENT_REP_SITE_ADDED); ADD_INT(d, DB_EVENT_REP_SITE_REMOVED); @@ -10150,6 +10224,20 @@ PyMODINIT_FUNC PyInit__bsddb(void) / ADD_INT(d, DB_REP_CONF_INMEM); #endif +#if (DBVER >= 60) + ADD_INT(d, DB_REPMGR_ISVIEW); +#endif + +#if (DBVER >= 60) + ADD_INT(d, DB_DBT_BLOB); +#endif + +#if (DBVER >= 60) + ADD_INT(d, DB_STREAM_READ); + ADD_INT(d, DB_STREAM_WRITE); + ADD_INT(d, DB_STREAM_SYNC_WRITE); +#endif + ADD_INT(d, DB_TIMEOUT); #if (DBVER >= 50) --- a/Modules/bsddb.h +++ b/Modules/bsddb.h @@ -110,7 +110,7 @@ #error "eek! DBVER can't handle minor versions > 9" #endif -#define PY_BSDDB_VERSION "5.3.0" +#define PY_BSDDB_VERSION "6.0.0" /* Python object definitions */ --- a/setup.py +++ b/setup.py @@ -905,7 +905,7 @@ class PyBuildExt(build_ext): # a release. Most open source OSes come with one or more # versions of BerkeleyDB already installed. - max_db_ver = (5, 3) + max_db_ver = (6, 0) min_db_ver = (4, 3) db_setup_debug = False # verbose debug prints from this script? @@ -945,6 +945,7 @@ class PyBuildExt(build_ext): # construct a list of paths to look for the header file in on # top of the normal inc_dirs. db_inc_paths = [ + '/usr/include/db6', '/usr/include/db4', '/usr/local/include/db4', '/opt/sfw/include/db4', @@ -984,6 +985,7 @@ class PyBuildExt(build_ext): for dn in inc_dirs: std_variants.append(os.path.join(dn, 'db3')) std_variants.append(os.path.join(dn, 'db4')) + std_variants.append(os.path.join(dn, 'db6')) for x in gen_db_minor_ver_nums(4): std_variants.append(os.path.join(dn, "db4%d"%x)) std_variants.append(os.path.join(dn, "db4.%d"%x)) ++++++ remove-static-libpython.patch ++++++ --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -488,7 +488,7 @@ coverage-report: regen-grammar # Build the interpreter -$(BUILDPYTHON): Modules/python.o $(LIBRARY) $(LDLIBRARY) +$(BUILDPYTHON): Modules/python.o $(LDLIBRARY) $(LINKCC) $(LDFLAGS) $(LINKFORSHARED) -o $@ \ Modules/python.o \ $(BLDLIBRARY) $(LIBS) $(MODLIBS) $(SYSLIBS) $(LDLAST) @@ -529,18 +529,6 @@ sharedmods: $(BUILDPYTHON) pybuilddir.tx _TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build -# Build static library -# avoid long command lines, same as LIBRARY_OBJS -$(LIBRARY): $(LIBRARY_OBJS) - -rm -f $@ - $(AR) $(ARFLAGS) $@ Modules/getbuildinfo.o - $(AR) $(ARFLAGS) $@ $(PARSER_OBJS) - $(AR) $(ARFLAGS) $@ $(OBJECT_OBJS) - $(AR) $(ARFLAGS) $@ $(PYTHON_OBJS) - $(AR) $(ARFLAGS) $@ $(MODULE_OBJS) $(SIGNAL_OBJS) - $(AR) $(ARFLAGS) $@ $(MODOBJS) - $(RANLIB) $@ - libpython$(VERSION).so: $(LIBRARY_OBJS) if test $(INSTSONAME) != $(LDLIBRARY); then \ $(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \ @@ -1220,18 +1208,6 @@ libainstall: @DEF_MAKE_RULE@ python-conf else true; \ fi; \ done - @if test -d $(LIBRARY); then :; else \ - if test "$(PYTHONFRAMEWORKDIR)" = no-framework; then \ - if test "$(SO)" = .dll; then \ - $(INSTALL_DATA) $(LDLIBRARY) $(DESTDIR)$(LIBPL) ; \ - else \ - $(INSTALL_DATA) $(LIBRARY) $(DESTDIR)$(LIBPL)/$(LIBRARY) ; \ - $(RANLIB) $(DESTDIR)$(LIBPL)/$(LIBRARY) ; \ - fi; \ - else \ - echo Skip install of $(LIBRARY) - use make frameworkinstall; \ - fi; \ - fi $(INSTALL_DATA) Modules/config.c $(DESTDIR)$(LIBPL)/config.c $(INSTALL_DATA) Modules/python.o $(DESTDIR)$(LIBPL)/python.o $(INSTALL_DATA) $(srcdir)/Modules/config.c.in $(DESTDIR)$(LIBPL)/config.c.in
