Hello community, here is the log from the commit of package python for openSUSE:Leap:15.2 checked in at 2020-03-01 08:50:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/python (Old) and /work/SRC/openSUSE:Leap:15.2/.python.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python" Sun Mar 1 08:50:54 2020 rev:51 rq:780274 version:2.7.17 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/python/python-base.changes 2020-01-15 15:45:48.231335758 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python.new.26092/python-base.changes 2020-03-01 08:50:59.721228071 +0100 @@ -1,0 +2,77 @@ +Sat Feb 8 23:29:28 CET 2020 - Matej Cepl <[email protected]> + +- Add CVE-2019-9674-zip-bomb.patch to improve documentation + warning about dangers of zip-bombs and other security problems + with zipfile library. (bsc#1162825 CVE-2019-9674) + +------------------------------------------------------------------- +Sat Feb 8 22:30:51 CET 2020 - Matej Cepl <[email protected]> + +- Change to Requires: libpython%{so_version} == %{version}-%{release} + to python-base to keep both packages always synchronized (add + %{so_version}) (bsc#1162224). + +------------------------------------------------------------------- +Thu Feb 6 23:14:47 CET 2020 - Matej Cepl <[email protected]> + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Mon Feb 3 19:30:31 UTC 2020 - Tomáš Chvátal <[email protected]> + +- Provide python-testsuite from devel subkg to ease py2->py3 + dependencies + +------------------------------------------------------------------- +Mon Jan 27 16:47:56 CET 2020 - Matej Cepl <[email protected]> + +- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch + off tests coliding with the combination of modern Python and + ancient OpenSSL on SLE-12. + +------------------------------------------------------------------- +Fri Jan 10 16:01:57 CET 2020 - Matej Cepl <[email protected]> + +- libnsl is required only on more recent SLEs and openSUSE, older + glibc supported NIS on its own. + +------------------------------------------------------------------- +Thu Jan 2 10:34:17 UTC 2020 - Tomáš Chvátal <[email protected]> + +- Add provides in gdbm subpackage to provide dbm symbols. This + allows us to use %%{python_module dbm} as a dependency and have + it properly resolved for both python2 and python3 + +------------------------------------------------------------------- +Thu Dec 19 08:47:01 UTC 2019 - Dominique Leuenberger <[email protected]> + +- Drop appstream-glib BuildRequires and no longer call + appstream-util validate-relax: eliminate a build cycle between + as-glib and python. The only thing would would gain by calling + as-uril is catching if upstream breaks the appdata.xml file in a + future release. Considering py2 is dying, chances for a new + release, let alone one breaking the xml file, are slim. + +------------------------------------------------------------------- +Wed Dec 11 14:35:46 CET 2019 - Matej Cepl <[email protected]> + +- Unify packages among openSUSE:Factory and SLE versions. + (bsc#1159035) ; add missing records to this changelog. +- Add idle.desktop and idle.appdata.xml to provide IDLE in menus + (bsc#1153830) + +------------------------------------------------------------------- +Wed Dec 4 18:12:17 CET 2019 - Matej Cepl <[email protected]> + +- Add python2_split_startup Provide to make it possible to + conflict older packages by shared-python-startup. + +------------------------------------------------------------------- +Fri Nov 22 13:10:03 CET 2019 - Matej Cepl <[email protected]> + +- Move /etc/pythonstart script to shared-python-startup + package. + +------------------------------------------------------------------- @@ -8,0 +86,24 @@ +Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <[email protected]> + +- Add adapted-from-F00251-change-user-install-location.patch fixing + pip/distutils to install into /usr/local. + +------------------------------------------------------------------- +Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl <[email protected]> + +- Update to 2.7.17: + - a bug fix release in the Python 2.7.x series. It is expected + to be the penultimate release for Python 2.7. +- Removed patches included upstream: + - CVE-2018-20852-cookie-domain-check.patch + - CVE-2019-16935-xmlrpc-doc-server_title.patch + - CVE-2019-9636-netloc-no-decompose-characters.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - CVE-2019-9948-avoid_local-file.patch + - python-2.7.14-CVE-2018-1000030-1.patch + - python-2.7.14-CVE-2018-1000030-2.patch +- Renamed remove-static-libpython.diff and python-bsddb6.diff to + remove-static-libpython.patch and python-bsddb6.patch to unify + filenames. + +------------------------------------------------------------------- @@ -16 +117 @@ -Wed Sep 25 11:42:32 CEST 2019 - Matej Cepl <[email protected]> +Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann <[email protected]> @@ -18,5 +119 @@ -- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch - Address the issue by disallowing URL paths with embedded - whitespace or control characters through into the underlying - http client request. Such potentially malicious header - injection URLs now cause a ValueError to be raised. +- Add bpo36302-sort-module-sources.patch (boo#1041090) @@ -32 +129 @@ -Thu Jul 25 18:31:45 CEST 2019 - Matej Cepl <[email protected]> +Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl <[email protected]> @@ -40,0 +138,5 @@ +Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal <[email protected]> + +- Skip test_urllib2_localnet that randomly fails in OBS + +------------------------------------------------------------------- @@ -45,2 +147 @@ - (CVE-2019-10160) and getting Lib/urlparse.py and tests in sync - with the latest upstream state. + (CVE-2019-10160) @@ -50 +151,16 @@ -Mon Apr 8 23:16:54 CEST 2019 - Matej Cepl <[email protected]> +Wed May 29 08:58:16 UTC 2019 - Martin Liška <[email protected]> + +- Set _lto_cflags to nil as it will prevent to propage LTO + for Python modules that are built in a separate package. + +------------------------------------------------------------------- +Thu May 2 08:40:33 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <[email protected]> @@ -57 +173 @@ -Fri Mar 29 17:12:43 CET 2019 - Matej Cepl <[email protected]> +Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <[email protected]> @@ -64 +180 @@ - no error will be raised. + no error will be raised (CVE-2019-9636). @@ -67,0 +184,45 @@ +Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <[email protected]> + +- (bsc#1111793) Update to 2.7.16: + * bugfix-only release: complete list of changes on + https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst + * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch + which are fully included in the tarball. + * Updated patches to apply cleanly: + CVE-2019-5010-null-defer-x509-cert-DOS.patch + bpo36160-init-sysconfig_vars.patch + do-not-use-non-ascii-in-test_ssl.patch + openssl-111-middlebox-compat.patch + openssl-111-ssl_options.patch + python-2.5.1-sqlite.patch + python-2.6-gettext-plurals.patch + python-2.7-dirs.patch + python-2.7.2-fix_date_time_compiler.patch + python-2.7.4-canonicalize2.patch + python-2.7.5-multilib.patch + python-2.7.9-ssl_ca_path.patch + python-bsddb6.diff + remove-static-libpython.patch + * Update python-2.7.5-multilib.patch to pass with new platlib + regime. + +------------------------------------------------------------------- +Fri Jan 25 16:53:50 CET 2019 - [email protected] + +- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch + fixing bpo-34623. + +------------------------------------------------------------------- +Fri Jan 25 16:02:21 CET 2019 - [email protected] + +- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch + PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance + of PyWeakReference struct and does not intialize wr_prev and + wr_next of new isntance. These pointers can have garbage and + point to random memory locations. + Python should not crash while destroying the isntance created + in the same interpreter function. As per my understanding, both + wr_prev and wr_next of PyWeakReference instance should be + initialized to NULL to avoid segfault. + +------------------------------------------------------------------- @@ -79,0 +241,12 @@ +Wed Dec 19 19:29:44 UTC 2018 - Todd R <[email protected]> ++++ 1362 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/python/python-base.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.python.new.26092/python-base.changes --- /work/SRC/openSUSE:Leap:15.2/python/python-doc.changes 2020-01-15 15:45:48.311335803 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python.new.26092/python-doc.changes 2020-03-01 08:50:59.793228214 +0100 @@ -1,0 +2,244 @@ +Sat Feb 8 22:30:51 CET 2020 - Matej Cepl <[email protected]> + +- Change to Requires: libpython%{so_version} == %{version}-%{release} + to python-base to keep both packages always synchronized (add + %{so_version}) (bsc#1162224). + +------------------------------------------------------------------- +Thu Feb 6 23:14:47 CET 2020 - Matej Cepl <[email protected]> + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Mon Feb 3 19:30:31 UTC 2020 - Tomáš Chvátal <[email protected]> + +- Provide python-testsuite from devel subkg to ease py2->py3 + dependencies + +------------------------------------------------------------------- +Mon Jan 27 16:47:56 CET 2020 - Matej Cepl <[email protected]> + +- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch + off tests coliding with the combination of modern Python and + ancient OpenSSL on SLE-12. + +------------------------------------------------------------------- +Fri Jan 10 16:01:57 CET 2020 - Matej Cepl <[email protected]> + +- libnsl is required only on more recent SLEs and openSUSE, older + glibc supported NIS on its own. + +------------------------------------------------------------------- +Thu Jan 2 10:34:17 UTC 2020 - Tomáš Chvátal <[email protected]> + +- Add provides in gdbm subpackage to provide dbm symbols. This + allows us to use %%{python_module dbm} as a dependency and have + it properly resolved for both python2 and python3 + +------------------------------------------------------------------- +Thu Dec 19 08:47:01 UTC 2019 - Dominique Leuenberger <[email protected]> + +- Drop appstream-glib BuildRequires and no longer call + appstream-util validate-relax: eliminate a build cycle between + as-glib and python. The only thing would would gain by calling + as-uril is catching if upstream breaks the appdata.xml file in a + future release. Considering py2 is dying, chances for a new + release, let alone one breaking the xml file, are slim. + +------------------------------------------------------------------- +Wed Dec 11 14:35:46 CET 2019 - Matej Cepl <[email protected]> + +- Unify packages among openSUSE:Factory and SLE versions. + (bsc#1159035) ; add missing records to this changelog. +- Add idle.desktop and idle.appdata.xml to provide IDLE in menus + (bsc#1153830) + +------------------------------------------------------------------- +Wed Dec 4 18:12:17 CET 2019 - Matej Cepl <[email protected]> + +- Add python2_split_startup Provide to make it possible to + conflict older packages by shared-python-startup. + +------------------------------------------------------------------- +Fri Nov 22 13:10:03 CET 2019 - Matej Cepl <[email protected]> + +- Move /etc/pythonstart script to shared-python-startup + package. + +------------------------------------------------------------------- +Tue Nov 5 11:41:40 CET 2019 - Matej Cepl <[email protected]> + +- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from + bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes + bsc#1149792 + +------------------------------------------------------------------- +Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <[email protected]> + +- Add adapted-from-F00251-change-user-install-location.patch fixing + pip/distutils to install into /usr/local. + +------------------------------------------------------------------- +Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl <[email protected]> + +- Update to 2.7.17: + - a bug fix release in the Python 2.7.x series. It is expected + to be the penultimate release for Python 2.7. +- Removed patches included upstream: + - CVE-2018-20852-cookie-domain-check.patch + - CVE-2019-16935-xmlrpc-doc-server_title.patch + - CVE-2019-9636-netloc-no-decompose-characters.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - CVE-2019-9948-avoid_local-file.patch + - python-2.7.14-CVE-2018-1000030-1.patch + - python-2.7.14-CVE-2018-1000030-2.patch +- Renamed remove-static-libpython.diff and python-bsddb6.diff to + remove-static-libpython.patch and python-bsddb6.patch to unify + filenames. + +------------------------------------------------------------------- +Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing + bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in + python/Lib/DocXMLRPCServer.py + +------------------------------------------------------------------- +Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann <[email protected]> + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16056-email-parse-addr.patch fixing the email + module wrongly parses email addresses [bsc#1149955, + CVE-2019-16056] + +------------------------------------------------------------------- +Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl <[email protected]> + +- boo#1141853 (CVE-2018-20852) add + CVE-2018-20852-cookie-domain-check.patch fixing + http.cookiejar.DefaultPolicy.domain_return_ok which did not + correctly validate the domain: it could be tricked into sending + cookies to the wrong server. + +------------------------------------------------------------------- +Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal <[email protected]> + +- Skip test_urllib2_localnet that randomly fails in OBS + +------------------------------------------------------------------- +Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch + which fixes regression introduced by the previous patch. + (CVE-2019-10160) + Upstream gh#python/cpython#13812 + +------------------------------------------------------------------- +Wed May 29 08:58:16 UTC 2019 - Martin Liška <[email protected]> + +- Set _lto_cflags to nil as it will prevent to propage LTO + for Python modules that are built in a separate package. + +------------------------------------------------------------------- +Thu May 2 08:40:33 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch + removing unnecessary (and potentially harmful) URL scheme + local-file://. + +------------------------------------------------------------------- +Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch + Characters in the netloc attribute that decompose under NFKC + normalization (as used by the IDNA encoding) into any of ``/``, + ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the + URL is decomposed before parsing, or is not a Unicode string, + no error will be raised (CVE-2019-9636). + Upstream commits e37ef41 and 507bd8c. + +------------------------------------------------------------------- +Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <[email protected]> + +- (bsc#1111793) Update to 2.7.16: + * bugfix-only release: complete list of changes on + https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst + * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch + which are fully included in the tarball. + * Updated patches to apply cleanly: + CVE-2019-5010-null-defer-x509-cert-DOS.patch + bpo36160-init-sysconfig_vars.patch + do-not-use-non-ascii-in-test_ssl.patch + openssl-111-middlebox-compat.patch + openssl-111-ssl_options.patch + python-2.5.1-sqlite.patch + python-2.6-gettext-plurals.patch + python-2.7-dirs.patch + python-2.7.2-fix_date_time_compiler.patch + python-2.7.4-canonicalize2.patch + python-2.7.5-multilib.patch + python-2.7.9-ssl_ca_path.patch + python-bsddb6.diff + remove-static-libpython.patch ++++ 2094 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/python/python-doc.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.python.new.26092/python-doc.changes --- /work/SRC/openSUSE:Leap:15.2/python/python.changes 2020-01-15 15:45:48.427335870 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python.new.26092/python.changes 2020-03-01 08:50:59.853228334 +0100 @@ -1,0 +2,244 @@ +Sat Feb 8 22:30:51 CET 2020 - Matej Cepl <[email protected]> + +- Change to Requires: libpython%{so_version} == %{version}-%{release} + to python-base to keep both packages always synchronized (add + %{so_version}) (bsc#1162224). + +------------------------------------------------------------------- +Thu Feb 6 23:14:47 CET 2020 - Matej Cepl <[email protected]> + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Mon Feb 3 19:30:31 UTC 2020 - Tomáš Chvátal <[email protected]> + +- Provide python-testsuite from devel subkg to ease py2->py3 + dependencies + +------------------------------------------------------------------- +Mon Jan 27 16:47:56 CET 2020 - Matej Cepl <[email protected]> + +- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch + off tests coliding with the combination of modern Python and + ancient OpenSSL on SLE-12. + +------------------------------------------------------------------- +Fri Jan 10 16:01:57 CET 2020 - Matej Cepl <[email protected]> + +- libnsl is required only on more recent SLEs and openSUSE, older + glibc supported NIS on its own. + +------------------------------------------------------------------- +Thu Jan 2 10:34:17 UTC 2020 - Tomáš Chvátal <[email protected]> + +- Add provides in gdbm subpackage to provide dbm symbols. This + allows us to use %%{python_module dbm} as a dependency and have + it properly resolved for both python2 and python3 + +------------------------------------------------------------------- +Thu Dec 19 08:47:01 UTC 2019 - Dominique Leuenberger <[email protected]> + +- Drop appstream-glib BuildRequires and no longer call + appstream-util validate-relax: eliminate a build cycle between + as-glib and python. The only thing would would gain by calling + as-uril is catching if upstream breaks the appdata.xml file in a + future release. Considering py2 is dying, chances for a new + release, let alone one breaking the xml file, are slim. + +------------------------------------------------------------------- +Wed Dec 11 14:35:46 CET 2019 - Matej Cepl <[email protected]> + +- Unify packages among openSUSE:Factory and SLE versions. + (bsc#1159035) ; add missing records to this changelog. +- Add idle.desktop and idle.appdata.xml to provide IDLE in menus + (bsc#1153830) + +------------------------------------------------------------------- +Wed Dec 4 18:12:17 CET 2019 - Matej Cepl <[email protected]> + +- Add python2_split_startup Provide to make it possible to + conflict older packages by shared-python-startup. + +------------------------------------------------------------------- +Fri Nov 22 13:10:03 CET 2019 - Matej Cepl <[email protected]> + +- Move /etc/pythonstart script to shared-python-startup + package. + +------------------------------------------------------------------- +Tue Nov 5 11:41:40 CET 2019 - Matej Cepl <[email protected]> + +- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from + bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes + bsc#1149792 + +------------------------------------------------------------------- +Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <[email protected]> + +- Add adapted-from-F00251-change-user-install-location.patch fixing + pip/distutils to install into /usr/local. + +------------------------------------------------------------------- +Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl <[email protected]> + +- Update to 2.7.17: + - a bug fix release in the Python 2.7.x series. It is expected + to be the penultimate release for Python 2.7. +- Removed patches included upstream: + - CVE-2018-20852-cookie-domain-check.patch + - CVE-2019-16935-xmlrpc-doc-server_title.patch + - CVE-2019-9636-netloc-no-decompose-characters.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - CVE-2019-9948-avoid_local-file.patch + - python-2.7.14-CVE-2018-1000030-1.patch + - python-2.7.14-CVE-2018-1000030-2.patch +- Renamed remove-static-libpython.diff and python-bsddb6.diff to + remove-static-libpython.patch and python-bsddb6.patch to unify + filenames. + +------------------------------------------------------------------- +Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing + bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in + python/Lib/DocXMLRPCServer.py + +------------------------------------------------------------------- +Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann <[email protected]> + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl <[email protected]> + +- Add CVE-2019-16056-email-parse-addr.patch fixing the email + module wrongly parses email addresses [bsc#1149955, + CVE-2019-16056] + +------------------------------------------------------------------- +Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl <[email protected]> + +- boo#1141853 (CVE-2018-20852) add + CVE-2018-20852-cookie-domain-check.patch fixing + http.cookiejar.DefaultPolicy.domain_return_ok which did not + correctly validate the domain: it could be tricked into sending + cookies to the wrong server. + +------------------------------------------------------------------- +Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal <[email protected]> + +- Skip test_urllib2_localnet that randomly fails in OBS + +------------------------------------------------------------------- +Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch + which fixes regression introduced by the previous patch. + (CVE-2019-10160) + Upstream gh#python/cpython#13812 + +------------------------------------------------------------------- +Wed May 29 08:58:16 UTC 2019 - Martin Liška <[email protected]> + +- Set _lto_cflags to nil as it will prevent to propage LTO + for Python modules that are built in a separate package. + +------------------------------------------------------------------- +Thu May 2 08:40:33 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch + removing unnecessary (and potentially harmful) URL scheme + local-file://. + +------------------------------------------------------------------- +Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <[email protected]> + +- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch + Characters in the netloc attribute that decompose under NFKC + normalization (as used by the IDNA encoding) into any of ``/``, + ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the + URL is decomposed before parsing, or is not a Unicode string, + no error will be raised (CVE-2019-9636). + Upstream commits e37ef41 and 507bd8c. + +------------------------------------------------------------------- +Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <[email protected]> + +- (bsc#1111793) Update to 2.7.16: + * bugfix-only release: complete list of changes on + https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst + * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch + which are fully included in the tarball. + * Updated patches to apply cleanly: + CVE-2019-5010-null-defer-x509-cert-DOS.patch + bpo36160-init-sysconfig_vars.patch + do-not-use-non-ascii-in-test_ssl.patch + openssl-111-middlebox-compat.patch + openssl-111-ssl_options.patch + python-2.5.1-sqlite.patch + python-2.6-gettext-plurals.patch + python-2.7-dirs.patch + python-2.7.2-fix_date_time_compiler.patch + python-2.7.4-canonicalize2.patch + python-2.7.5-multilib.patch + python-2.7.9-ssl_ca_path.patch + python-bsddb6.diff + remove-static-libpython.patch ++++ 829 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/python/python.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.python.new.26092/python.changes Old: ---- CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch CVE-2018-20852-cookie-domain-check.patch CVE-2019-10160-netloc-port-regression.patch CVE-2019-16056-email-parse-addr.patch CVE-2019-16935-xmlrpc-doc-server_title.patch CVE-2019-9636-netloc-no-decompose-characters.patch CVE-2019-9947-no-ctrl-char-http.patch CVE-2019-9948-avoid_local-file.patch Python-2.7.14.tar.xz Python-2.7.14.tar.xz.asc bpo-36576-skip_tests_for_OpenSSL-111.patch python-2.7.14-docs-pdf-a4.tar.bz2 python-2.7.14-docs-pdf-letter.tar.bz2 python-bsddb6.diff python-fix-shebang.patch python-ncurses-6.0-accessors.patch python.csh python.sh pythonstart remove-static-libpython.diff New: ---- CVE-2017-18207.patch CVE-2019-9674-zip-bomb.patch CVE-2020-8492-urllib-ReDoS.patch Python-2.7.17.tar.xz Python-2.7.17.tar.xz.asc adapted-from-F00251-change-user-install-location.patch bpo36160-init-sysconfig_vars.patch bpo36302-sort-module-sources.patch do-not-use-non-ascii-in-test_ssl.patch idle.appdata.xml idle.desktop openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.7.17-docs-pdf-a4.tar.bz2 python-2.7.17-docs-pdf-letter.tar.bz2 python-2.7.17-switch-off-failing-SSL-tests.patch python-bsddb6.patch remove-static-libpython.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-base.spec ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.057230728 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.061230736 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-base # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,17 +12,19 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%define so_version 2_7-1_0 + Name: python-base -Version: 2.7.14 +Version: 2.7.17 Release: 0 Summary: Python Interpreter base package License: Python-2.0 Group: Development/Languages/Python -Url: http://www.python.org/ +URL: http://www.python.org/ %define tarversion %{version} %define tarname Python-%{tarversion} Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz @@ -43,63 +45,63 @@ Patch8: python-2.6b3-curses-panel.patch Patch10: sparc_longdouble.patch Patch13: python-2.7.2-fix_date_time_compiler.patch -Patch17: remove-static-libpython.diff +Patch17: remove-static-libpython.patch # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 [email protected] -- gettext: when looking in default_localedir also check in locale-bundle. Patch20: python-bundle-lang.patch # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64 Patch22: python-2.7-libffi-aarch64.patch -Patch24: python-bsddb6.diff +Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients Patch34: python-2.7.9-sles-disable-verification-by-default.patch -# PATCH-FIX-UPSTREAM python-ncurses-6.0-accessors.patch [email protected] -- Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1 -Patch35: python-ncurses-6.0-accessors.patch +# PATCH-FIX-UPSTREAM do not use non-ASCII filename in test_ssl.py +Patch35: do-not-use-non-ascii-in-test_ssl.patch # PATCH-FIX-UPSTREAM [email protected] -- allow python packages to build reproducibly Patch38: reproducible.patch -# PATCH-FIX-UPSTREAM taken from upstream fix py3 shebang -Patch39: python-fix-shebang.patch # bypass boo#1078485 random failing tests Patch40: python-skip_random_failing_tests.patch # PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263 Patch41: python-sorted_tar.patch -# PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch [email protected] -# Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch -Patch42: CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch +# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834) +Patch47: openssl-111-middlebox-compat.patch +# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE +Patch48: openssl-111-ssl_options.patch # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 [email protected] -# https://github.com/python/cpython/pull/11569 +# gh#python/cpython#11569 # Fix segfault in ssl's cert parser -Patch43: CVE-2019-5010-null-defer-x509-cert-DOS.patch -# PATCH-FIX-UPSTREAM CVE-2019-9636-netloc-no-decompose-characters.patch bsc#1129346 [email protected] -# https://bugs.python.org/issue36216 -Patch44: CVE-2019-9636-netloc-no-decompose-characters.patch -# PATCH-FIX-UPSTREAM CVE-2019-9948-avoid_local-file.patch bsc#1130847 [email protected] -# removing unnecessary (and potentially harmful) URL scheme local-file:// -Patch45: CVE-2019-9948-avoid_local-file.patch -# PATCH-FIX-UPSTREAM CVE-2019-10160-netloc-port-regression.patch bsc#1138459 [email protected] -# Fix regression introduced by fix for CVE-2019-9636 -Patch46: CVE-2019-10160-netloc-port-regression.patch -# PATCH-FIX-UPSTREAM CVE-2018-20852-cookie-domain-check.patch bsc#1141853 [email protected] -# http.cookiejar.DefaultPolicy.domain_return_ok does not correctly validate the domain -Patch47: CVE-2018-20852-cookie-domain-check.patch -# PATCH-FIX-UPSTREAM CVE-2019-16056-email-parse-addr.patch bsc#1149955 [email protected] -# bpo#34155 The email module wrongly parses email addresses -Patch48: CVE-2019-16056-email-parse-addr.patch -# PATCH-FIX-UPSTREAM CVE-2019-9947-no-ctrl-char-http.patch bsc#1130840 [email protected] -# bpo#30458: Disallow control chars in http URLs. -Patch49: CVE-2019-9947-no-ctrl-char-http.patch -# PATCH-FIX-UPSTREAM CVE-2019-16935-xmlrpc-doc-server_title.patch bsc#1153238 [email protected] -# XSS vulnerability in the documentation XML-RPC server in server_title field -Patch50: CVE-2019-16935-xmlrpc-doc-server_title.patch -# PATCH-FIX-UPSTREAM bpo-36576-skip_tests_for_OpenSSL-111.patch bsc#1149792 [email protected] -# Skip tests failing with OpenSSL 1.1.1 -Patch51: bpo-36576-skip_tests_for_OpenSSL-111.patch +Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch +# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 [email protected] +# Initialize sysconfig variables in test_site. +Patch50: bpo36160-init-sysconfig_vars.patch +# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 [email protected] +# Add check for channels of wav file in Lib/wave.py +Patch51: CVE-2017-18207.patch +# PATCH-FIX-UPSTREAM gh#python/cpython#12341 +Patch55: bpo36302-sort-module-sources.patch +# Fix installation in /usr/local (boo#1071941), adapted from Fedora +# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch56: adapted-from-F00251-change-user-install-location.patch +# Switch couple of tests failing on acient SLE-12 +Patch57: python-2.7.17-switch-off-failing-SSL-tests.patch +# PATCH-FIX-UPSTREAM CVE-2020-8492-urllib-ReDoS.patch bsc#1162367 [email protected] +# Fixes Python urrlib allowed an HTTP server to conduct Regular +# Expression Denial of Service (ReDoS) +Patch58: CVE-2020-8492-urllib-ReDoS.patch +# PATCH-FIX-UPSTREAM CVE-2019-9674-zip-bomb.patch bsc#1162825 [email protected] +# Improve documentation warning against the possible zip bombs +Patch59: CVE-2019-9674-zip-bomb.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake BuildRequires: fdupes BuildRequires: libbz2-devel +%if %{suse_version} >= 1500 BuildRequires: libnsl-devel +%endif BuildRequires: pkg-config BuildRequires: xz BuildRequires: zlib-devel @@ -108,7 +110,7 @@ BuildRequires: netcfg Requires: python-rpm-macros # explicitly, see bnc#697251: -Requires: libpython2_7-1_0 = %{version} +Requires: libpython%{so_version} = %{version}-%{release} Provides: %{name} = %{python_version} # bug437293 %ifarch ppc64 @@ -139,6 +141,9 @@ Requires: python = %{version} Requires: python-base = %{version}-%{release} Provides: python2-devel = %{version} +# provide testsuite namespace that was split in python3 to ease dependencies +Provides: python-testsuite = %{version} +Provides: python2-testsuite = %{version} %description -n python-devel The Python programming language's interpreter can be extended with @@ -161,7 +166,7 @@ The expat module is a Python interface to the expat XML parser. Since Python2.x, it is part of the core Python distribution. -%package -n libpython2_7-1_0 +%package -n libpython%{so_version} Summary: Python Interpreter shared library Group: Development/Languages/Python @@ -197,27 +202,30 @@ %endif %patch35 -p1 %patch38 -p1 -%patch39 -p1 %ifarch ppc ppc64 ppc64le %patch40 -p1 %endif %patch41 -p1 -%patch42 -p1 -%patch43 -p1 -%patch44 -p1 -%patch45 -p1 -%patch46 -p1 +%if %{suse_version} >= 1500 %patch47 -p1 %patch48 -p1 +%else +%patch57 -p1 +%endif %patch49 -p1 %patch50 -p1 %patch51 -p1 +%patch55 -p1 +%patch56 -p1 +%patch58 -p1 +%patch59 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac # COMMON-PREP-END %build +%define _lto_cflags %{nil} export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv" autoreconf -f -i . # Modules/_ctypes/libffi @@ -251,7 +259,8 @@ %ifnarch hppa # test_file(2k) fails in autobuild env - "stdin.seek(-1)" wrongly succeeds. probably an issue with autobuild's stdin # test_urllib2 relies on being able to resolve local address, which is notoriously impossible in autobuild -EXCLUDE="test_urllib2 test_file test_file2k" +# test_urllib2_localnet randomly fails out +EXCLUDE="test_urllib2 test_urllib2_localnet test_file test_file2k" # test_nis and test_threading are AWFULLY slow. EXCLUDE="$EXCLUDE test_nis test_threading" # test_gdb fails if gdb with (different) python support is part of the buildsystem @@ -307,8 +316,8 @@ ######################################## %make_install OPT="%{optflags} -fPIC" install -m 644 %{SOURCE5} %{buildroot}%{_libdir}/python%{python_version}/site-packages/_local.pth -install -d -m 755 %{buildroot}%{_sysconfdir}/rpm -install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/rpm +install -d -m 755 %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE1} %{buildroot}%{_rpmconfigdir}/macros.d/ # make sure /usr/lib/python/site-packages exists even on lib64 machines mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages ######################################## @@ -380,7 +389,7 @@ %files %defattr(644, root, root, 755) -%config %{_sysconfdir}/rpm/macros.python2 +%{_rpmconfigdir}/macros.d/macros.python2 %dir %{_docdir}/%{name} %doc %{_docdir}/%{name}/README %doc %{_docdir}/%{name}/LICENSE ++++++ python-doc.spec ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.077230769 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.077230769 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-doc # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,16 +12,17 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + Name: python-doc -Version: 2.7.14 +Version: 2.7.17 Release: 0 Summary: Additional Package Documentation for Python License: Python-2.0 Group: Development/Languages/Python -Url: http://www.python.org/ +URL: http://www.python.org/ %define tarname Python-%{version} Source0: %{tarname}.tar.xz # docs for current version are regenerated every day @@ -42,57 +43,55 @@ Patch8: python-2.6b3-curses-panel.patch Patch10: sparc_longdouble.patch Patch13: python-2.7.2-fix_date_time_compiler.patch -Patch17: remove-static-libpython.diff +Patch17: remove-static-libpython.patch # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 [email protected] -- gettext: when looking in default_localedir also check in locale-bundle. Patch20: python-bundle-lang.patch # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64 Patch22: python-2.7-libffi-aarch64.patch -Patch24: python-bsddb6.diff +Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients Patch34: python-2.7.9-sles-disable-verification-by-default.patch -# PATCH-FIX-UPSTREAM python-ncurses-6.0-accessors.patch [email protected] -- Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1 -Patch35: python-ncurses-6.0-accessors.patch +# PATCH-FIX-UPSTREAM do not use non-ASCII filename in test_ssl.py +Patch35: do-not-use-non-ascii-in-test_ssl.patch # PATCH-FIX-UPSTREAM [email protected] -- allow python packages to build reproducibly Patch38: reproducible.patch -# PATCH-FIX-UPSTREAM taken from upstream fix py3 shebang -Patch39: python-fix-shebang.patch # bypass boo#1078485 random failing tests Patch40: python-skip_random_failing_tests.patch # PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263 Patch41: python-sorted_tar.patch -# PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch [email protected] -# Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch -Patch42: CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch +# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834) +Patch47: openssl-111-middlebox-compat.patch +# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE +Patch48: openssl-111-ssl_options.patch # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 [email protected] -# https://github.com/python/cpython/pull/11569 +# gh#python/cpython#11569 # Fix segfault in ssl's cert parser -Patch43: CVE-2019-5010-null-defer-x509-cert-DOS.patch -# PATCH-FIX-UPSTREAM CVE-2019-9636-netloc-no-decompose-characters.patch bsc#1129346 [email protected] -# https://bugs.python.org/issue36216 -Patch44: CVE-2019-9636-netloc-no-decompose-characters.patch -# PATCH-FIX-UPSTREAM CVE-2019-9948-avoid_local-file.patch bsc#1130847 [email protected] -# removing unnecessary (and potentially harmful) URL scheme local-file:// -Patch45: CVE-2019-9948-avoid_local-file.patch -# PATCH-FIX-UPSTREAM CVE-2019-10160-netloc-port-regression.patch bsc#1138459 [email protected] -# Fix regression introduced by fix for CVE-2019-9636 -Patch46: CVE-2019-10160-netloc-port-regression.patch -# PATCH-FIX-UPSTREAM CVE-2018-20852-cookie-domain-check.patch bsc#1141853 [email protected] -# http.cookiejar.DefaultPolicy.domain_return_ok does not correctly validate the domain -Patch47: CVE-2018-20852-cookie-domain-check.patch -# PATCH-FIX-UPSTREAM CVE-2019-16056-email-parse-addr.patch bsc#1149955 [email protected] -# bpo#34155 The email module wrongly parses email addresses -Patch48: CVE-2019-16056-email-parse-addr.patch -# PATCH-FIX-UPSTREAM CVE-2019-9947-no-ctrl-char-http.patch bsc#1130840 [email protected] -# bpo#30458: Disallow control chars in http URLs. -Patch49: CVE-2019-9947-no-ctrl-char-http.patch -# PATCH-FIX-UPSTREAM CVE-2019-16935-xmlrpc-doc-server_title.patch bsc#1153238 [email protected] -# XSS vulnerability in the documentation XML-RPC server in server_title field -Patch50: CVE-2019-16935-xmlrpc-doc-server_title.patch -# PATCH-FIX-UPSTREAM bpo-36576-skip_tests_for_OpenSSL-111.patch bsc#1149792 [email protected] -# Skip tests failing with OpenSSL 1.1.1 -Patch51: bpo-36576-skip_tests_for_OpenSSL-111.patch +Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch +# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 [email protected] +# Initialize sysconfig variables in test_site. +Patch50: bpo36160-init-sysconfig_vars.patch +# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 [email protected] +# Add check for channels of wav file in Lib/wave.py +Patch51: CVE-2017-18207.patch +# PATCH-FIX-UPSTREAM gh#python/cpython#12341 +Patch55: bpo36302-sort-module-sources.patch +# Fix installation in /usr/local (boo#1071941), adapted from Fedora +# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch56: adapted-from-F00251-change-user-install-location.patch +# Switch couple of tests failing on acient SLE-12 +Patch57: python-2.7.17-switch-off-failing-SSL-tests.patch +# PATCH-FIX-UPSTREAM CVE-2020-8492-urllib-ReDoS.patch bsc#1162367 [email protected] +# Fixes Python urrlib allowed an HTTP server to conduct Regular +# Expression Denial of Service (ReDoS) +Patch58: CVE-2020-8492-urllib-ReDoS.patch +# PATCH-FIX-UPSTREAM CVE-2019-9674-zip-bomb.patch bsc#1162825 [email protected] +# Improve documentation warning against the possible zip bombs +Patch59: CVE-2019-9674-zip-bomb.patch # COMMON-PATCH-END Provides: pyth_doc Provides: pyth_ps @@ -142,21 +141,23 @@ %endif %patch35 -p1 %patch38 -p1 -%patch39 -p1 %ifarch ppc ppc64 ppc64le %patch40 -p1 %endif %patch41 -p1 -%patch42 -p1 -%patch43 -p1 -%patch44 -p1 -%patch45 -p1 -%patch46 -p1 +%if %{suse_version} >= 1500 %patch47 -p1 %patch48 -p1 +%else +%patch57 -p1 +%endif %patch49 -p1 %patch50 -p1 %patch51 -p1 +%patch55 -p1 +%patch56 -p1 +%patch58 -p1 +%patch59 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac ++++++ python.spec ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.093230800 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.093230800 +0100 @@ -1,7 +1,7 @@ # # spec file for package python # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,25 +12,25 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + Name: python -Version: 2.7.14 +Version: 2.7.17 Release: 0 Summary: Python Interpreter License: Python-2.0 Group: Development/Languages/Python -Url: http://www.python.org/ +URL: http://www.python.org/ %define tarversion %{version} %define tarname Python-%{tarversion} Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz Source1: README.SUSE -Source2: pythonstart -Source3: python.sh -Source4: python.csh Source8: sle_tls_checks_policy.py #Source11: testfiles.tar.bz2 +Source50: idle.appdata.xml +Source51: idle.desktop # issues with copyrighted Unicode testing files # !!!!!!!!!!!!!! @@ -47,57 +47,55 @@ Patch8: python-2.6b3-curses-panel.patch Patch10: sparc_longdouble.patch Patch13: python-2.7.2-fix_date_time_compiler.patch -Patch17: remove-static-libpython.diff +Patch17: remove-static-libpython.patch # PATCH-FEATURE-OPENSUSE python-bundle-lang.patch bnc#617751 [email protected] -- gettext: when looking in default_localedir also check in locale-bundle. Patch20: python-bundle-lang.patch # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64 Patch22: python-2.7-libffi-aarch64.patch -Patch24: python-bsddb6.diff +Patch24: python-bsddb6.patch # PATCH-FIX-UPSTREAM accept directory-based CA paths as well Patch33: python-2.7.9-ssl_ca_path.patch # PATCH-FEATURE-SLE disable SSL verification-by-default in http clients Patch34: python-2.7.9-sles-disable-verification-by-default.patch -# PATCH-FIX-UPSTREAM python-ncurses-6.0-accessors.patch [email protected] -- Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1 -Patch35: python-ncurses-6.0-accessors.patch +# PATCH-FIX-UPSTREAM do not use non-ASCII filename in test_ssl.py +Patch35: do-not-use-non-ascii-in-test_ssl.patch # PATCH-FIX-UPSTREAM [email protected] -- allow python packages to build reproducibly Patch38: reproducible.patch -# PATCH-FIX-UPSTREAM taken from upstream fix py3 shebang -Patch39: python-fix-shebang.patch # bypass boo#1078485 random failing tests Patch40: python-skip_random_failing_tests.patch # PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263 Patch41: python-sorted_tar.patch -# PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch [email protected] -# Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch -Patch42: CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch +# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834) +Patch47: openssl-111-middlebox-compat.patch +# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE +Patch48: openssl-111-ssl_options.patch # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 [email protected] -# https://github.com/python/cpython/pull/11569 +# gh#python/cpython#11569 # Fix segfault in ssl's cert parser -Patch43: CVE-2019-5010-null-defer-x509-cert-DOS.patch -# PATCH-FIX-UPSTREAM CVE-2019-9636-netloc-no-decompose-characters.patch bsc#1129346 [email protected] -# https://bugs.python.org/issue36216 -Patch44: CVE-2019-9636-netloc-no-decompose-characters.patch -# PATCH-FIX-UPSTREAM CVE-2019-9948-avoid_local-file.patch bsc#1130847 [email protected] -# removing unnecessary (and potentially harmful) URL scheme local-file:// -Patch45: CVE-2019-9948-avoid_local-file.patch -# PATCH-FIX-UPSTREAM CVE-2019-10160-netloc-port-regression.patch bsc#1138459 [email protected] -# Fix regression introduced by fix for CVE-2019-9636 -Patch46: CVE-2019-10160-netloc-port-regression.patch -# PATCH-FIX-UPSTREAM CVE-2018-20852-cookie-domain-check.patch bsc#1141853 [email protected] -# http.cookiejar.DefaultPolicy.domain_return_ok does not correctly validate the domain -Patch47: CVE-2018-20852-cookie-domain-check.patch -# PATCH-FIX-UPSTREAM CVE-2019-16056-email-parse-addr.patch bsc#1149955 [email protected] -# bpo#34155 The email module wrongly parses email addresses -Patch48: CVE-2019-16056-email-parse-addr.patch -# PATCH-FIX-UPSTREAM CVE-2019-9947-no-ctrl-char-http.patch bsc#1130840 [email protected] -# bpo#30458: Disallow control chars in http URLs. -Patch49: CVE-2019-9947-no-ctrl-char-http.patch -# PATCH-FIX-UPSTREAM CVE-2019-16935-xmlrpc-doc-server_title.patch bsc#1153238 [email protected] -# XSS vulnerability in the documentation XML-RPC server in server_title field -Patch50: CVE-2019-16935-xmlrpc-doc-server_title.patch -# PATCH-FIX-UPSTREAM bpo-36576-skip_tests_for_OpenSSL-111.patch bsc#1149792 [email protected] -# Skip tests failing with OpenSSL 1.1.1 -Patch51: bpo-36576-skip_tests_for_OpenSSL-111.patch +Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch +# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 [email protected] +# Initialize sysconfig variables in test_site. +Patch50: bpo36160-init-sysconfig_vars.patch +# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 [email protected] +# Add check for channels of wav file in Lib/wave.py +Patch51: CVE-2017-18207.patch +# PATCH-FIX-UPSTREAM gh#python/cpython#12341 +Patch55: bpo36302-sort-module-sources.patch +# Fix installation in /usr/local (boo#1071941), adapted from Fedora +# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch56: adapted-from-F00251-change-user-install-location.patch +# Switch couple of tests failing on acient SLE-12 +Patch57: python-2.7.17-switch-off-failing-SSL-tests.patch +# PATCH-FIX-UPSTREAM CVE-2020-8492-urllib-ReDoS.patch bsc#1162367 [email protected] +# Fixes Python urrlib allowed an HTTP server to conduct Regular +# Expression Denial of Service (ReDoS) +Patch58: CVE-2020-8492-urllib-ReDoS.patch +# PATCH-FIX-UPSTREAM CVE-2019-9674-zip-bomb.patch bsc#1162825 [email protected] +# Improve documentation warning against the possible zip bombs +Patch59: CVE-2019-9674-zip-bomb.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -105,7 +103,9 @@ BuildRequires: gdbm-devel BuildRequires: gmp-devel BuildRequires: libbz2-devel +%if %{suse_version} >= 1500 BuildRequires: libnsl-devel +%endif BuildRequires: libopenssl-devel BuildRequires: ncurses-devel BuildRequires: readline-devel @@ -113,6 +113,11 @@ BuildRequires: tk-devel BuildRequires: xz BuildRequires: pkgconfig(x11) +# for %%{_datadir}/application and %%{_datadir}/mime/packages +BuildRequires: filesystem +BuildRequires: update-desktop-files +# for %%{_datadir}/icons/hicolor directories +BuildRequires: hicolor-icon-theme %define python_version %(echo %{tarversion} | head -c 3) %define idle_name idle Requires: python-base = %{version} @@ -121,6 +126,9 @@ %endif Provides: %{name} = %{python_version} Provides: python2 = %{version} +# To make older versions of this package to conflict with +# shared-python-startup I need a symbol to conflict with +Provides: python2_split_startup Obsoletes: python-elementtree Obsoletes: python-nothreads Obsoletes: python-sqlite @@ -182,8 +190,7 @@ Provides: python2-tk = %{version} %description tk -Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. The -"xrpm" package uses this Python interface. +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. %package curses Summary: Python Interface to the (N)Curses Library @@ -204,6 +211,10 @@ Obsoletes: pygdmod Provides: pygdmod Provides: python2-gdbm = %{version} +# Compat to allow BR on python_module dbm and have it properly +# pull in gdbm on py2 and dbm on py3 +Provides: python-dbm = %{version} +Provides: python2-dbm = %{version} %description gdbm An easy to use interface for GDBM databases. GDBM is the GNU @@ -248,21 +259,23 @@ %endif %patch35 -p1 %patch38 -p1 -%patch39 -p1 %ifarch ppc ppc64 ppc64le %patch40 -p1 %endif %patch41 -p1 -%patch42 -p1 -%patch43 -p1 -%patch44 -p1 -%patch45 -p1 -%patch46 -p1 +%if %{suse_version} >= 1500 %patch47 -p1 %patch48 -p1 +%else +%patch57 -p1 +%endif %patch49 -p1 %patch50 -p1 %patch51 -p1 +%patch55 -p1 +%patch56 -p1 +%patch58 -p1 +%patch59 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac @@ -273,6 +286,7 @@ %endif %build +%define _lto_cflags %{nil} export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv" autoreconf -f -i . # Modules/_ctypes/libffi @@ -299,8 +313,8 @@ if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then ulimit -v 10000000 || : fi -LIST="test_urllib test_ssl test_hashlib test_hmac test_urllib2_localnet test_unicodedata test_tarfile test_sqlite test_tcl test_dbm test_anydbm test_dumbdbm test_gdbm test_whichdb test_tk test_ttk_textonly test_bsddb test_bsddb3 test_readline" -make test TESTOPTS="$LIST" TESTPYTHONOPTS="-R" +LIST="test_urllib test_ssl test_hashlib test_hmac test_unicodedata test_tarfile test_sqlite test_tcl test_dbm test_anydbm test_dumbdbm test_gdbm test_whichdb test_tk test_ttk_textonly test_bsddb test_bsddb3 test_readline" +make test TESTOPTS="-w $LIST" TESTPYTHONOPTS="-R" %endif %install @@ -445,12 +459,15 @@ ln -sf /etc/%{idle_name}/$file %{buildroot}/%{_libdir}/python%{python_version}/idlelib/ done ) -######################################## -# startup script -######################################## -install -m 644 %{SOURCE2} %{buildroot}/etc -install -d -m 755 %{buildroot}%{_sysconfdir}/profile.d -install -m 644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d + +# Install .desktop, mime and appdata files from upstream tarball +%if 0%{?suse_version} >= 1500 +install -Dm0644 %{SOURCE50} %{buildroot}/%{_datadir}/mime/packages/idle.appdata.xml +%endif +install -D -m 0644 Lib/idlelib/Icons/idle_16.png %{buildroot}%{_datadir}/icons/hicolor/16x16/apps/idle.png +install -D -m 0644 Lib/idlelib/Icons/idle_32.png %{buildroot}%{_datadir}/icons/hicolor/32x32/apps/idle.png +install -D -m 0644 Lib/idlelib/Icons/idle_48.png %{buildroot}%{_datadir}/icons/hicolor/48x48/apps/idle.png +desktop-file-install --dir=%{buildroot}%{_datadir}/applications %{SOURCE51} %post -p /sbin/ldconfig @@ -467,6 +484,11 @@ %doc Lib/idlelib/ChangeLog %{_libdir}/python%{python_version}/idlelib %attr(755, root, root) %{_bindir}/%{idle_name} +%if 0%{?suse_version} >= 1500 +%{_datadir}/mime/packages/idle.appdata.xml +%endif +%{_datadir}/applications/idle.desktop +%{_datadir}/icons/hicolor/*/apps/idle.png %files demo %defattr(644, root, root, 755) @@ -501,8 +523,6 @@ %doc %{_docdir}/%{name}/README %doc %{_docdir}/%{name}/LICENSE %doc %{_docdir}/%{name}/README.SUSE -%config %{_sysconfdir}/pythonstart -%config %{_sysconfdir}/profile.d/python.* %dir %{_libdir}/python%{python_version} %{_libdir}/python%{python_version}/ssl.py* %{_libdir}/python%{python_version}/bsddb ++++++ CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch -> CVE-2017-18207.patch ++++++ --- /work/SRC/openSUSE:Leap:15.2/python/CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch 2020-01-15 15:45:46.959335033 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python.new.26092/CVE-2017-18207.patch 2020-03-01 08:50:58.529225700 +0100 @@ -1,56 +1,22 @@ -From add531a1e55b0a739b0f42582f1c9747e5649ace Mon Sep 17 00:00:00 2001 -From: Benjamin Peterson <[email protected]> -Date: Tue, 28 Aug 2018 22:12:56 -0700 -Subject: [PATCH] closes bpo-34540: Convert shutil._call_external_zip to use - subprocess rather than distutils.spawn. +From ae0ed14794ced2c51c822fc6f0d3ca92064619dd Mon Sep 17 00:00:00 2001 +From: BT123 <[email protected]> +Date: Fri, 17 Nov 2017 16:45:45 +0800 +Subject: [PATCH] bug in wave.py --- - Lib/shutil.py | 16 ++++++++++------ - .../2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst | 3 +++ - 2 files changed, 13 insertions(+), 6 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst + Lib/wave.py | 2 ++ + 1 file changed, 2 insertions(+) ---- a/Lib/shutil.py -+++ b/Lib/shutil.py -@@ -396,17 +396,21 @@ def _make_tarball(base_name, base_dir, c - - return archive_name - --def _call_external_zip(base_dir, zip_filename, verbose=False, dry_run=False): -+def _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger): - # XXX see if we want to keep an external call here - if verbose: - zipoptions = "-r" - else: - zipoptions = "-rq" -- from distutils.errors import DistutilsExecError -- from distutils.spawn import spawn -+ cmd = ["zip", zipoptions, zip_filename, base_dir] -+ if logger is not None: -+ logger.info(' '.join(cmd)) -+ if dry_run: -+ return -+ import subprocess - try: -- spawn(["zip", zipoptions, zip_filename, base_dir], dry_run=dry_run) -- except DistutilsExecError: -+ subprocess.check_call(cmd) -+ except subprocess.CalledProcessError: - # XXX really should distinguish between "couldn't find - # external 'zip' command" and "zip failed". - raise ExecError, \ -@@ -440,7 +444,7 @@ def _make_zipfile(base_name, base_dir, v - zipfile = None - - if zipfile is None: -- _call_external_zip(base_dir, zip_filename, verbose, dry_run) -+ _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger) - else: - if logger is not None: - logger.info("creating '%s' and adding '%s' to it", ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst -@@ -0,0 +1,3 @@ -+When ``shutil.make_archive`` falls back to the external ``zip`` problem, it -+uses :mod:`subprocess` to invoke it rather than :mod:`distutils.spawn`. This -+closes a possible shell injection vector. +Index: Python-2.7.13/Lib/wave.py +=================================================================== +--- Python-2.7.13.orig/Lib/wave.py 2018-06-07 17:00:25.370728844 +0000 ++++ Python-2.7.13/Lib/wave.py 2018-06-07 17:02:51.768202800 +0000 +@@ -272,6 +272,8 @@ class Wave_read: + self._sampwidth = (sampwidth + 7) // 8 + else: + raise Error, 'unknown format: %r' % (wFormatTag,) ++ if self._nchannels == 0: ++ raise Error, "The audio file in wav format should have at least one channel!" + self._framesize = self._nchannels * self._sampwidth + self._comptype = 'NONE' + self._compname = 'not compressed' ++++++ CVE-2019-5010-null-defer-x509-cert-DOS.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.113230840 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.113230840 +0100 @@ -22,44 +22,11 @@ create mode 100644 Lib/test/talos-2019-0758.pem create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst ---- /dev/null -+++ b/Lib/test/talos-2019-0758.pem -@@ -0,0 +1,22 @@ -+-----BEGIN CERTIFICATE----- -+MIIDqDCCApKgAwIBAgIBAjALBgkqhkiG9w0BAQswHzELMAkGA1UEBhMCVUsxEDAO -+BgNVBAMTB2NvZHktY2EwHhcNMTgwNjE4MTgwMDU4WhcNMjgwNjE0MTgwMDU4WjA7 -+MQswCQYDVQQGEwJVSzEsMCoGA1UEAxMjY29kZW5vbWljb24tdm0tMi50ZXN0Lmxh -+bC5jaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC63fGB -+J80A9Av1GB0bptslKRIUtJm8EeEu34HkDWbL6AJY0P8WfDtlXjlPaLqFa6sqH6ES -+V48prSm1ZUbDSVL8R6BYVYpOlK8/48xk4pGTgRzv69gf5SGtQLwHy8UPBKgjSZoD -+5a5k5wJXGswhKFFNqyyxqCvWmMnJWxXTt2XDCiWc4g4YAWi4O4+6SeeHVAV9rV7C -+1wxqjzKovVe2uZOHjKEzJbbIU6JBPb6TRfMdRdYOw98n1VXDcKVgdX2DuuqjCzHP -+WhU4Tw050M9NaK3eXp4Mh69VuiKoBGOLSOcS8reqHIU46Reg0hqeL8LIL6OhFHIF -+j7HR6V1X6F+BfRS/AgMBAAGjgdYwgdMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUOktp -+HQjxDXXUg8prleY9jeLKeQ4wTwYDVR0jBEgwRoAUx6zgPygZ0ZErF9sPC4+5e2Io -+UU+hI6QhMB8xCzAJBgNVBAYTAlVLMRAwDgYDVQQDEwdjb2R5LWNhggkA1QEAuwb7 -+2s0wCQYDVR0SBAIwADAuBgNVHREEJzAlgiNjb2Rlbm9taWNvbi12bS0yLnRlc3Qu -+bGFsLmNpc2NvLmNvbTAOBgNVHQ8BAf8EBAMCBaAwCwYDVR0fBAQwAjAAMAsGCSqG -+SIb3DQEBCwOCAQEAvqantx2yBlM11RoFiCfi+AfSblXPdrIrHvccepV4pYc/yO6p -+t1f2dxHQb8rWH3i6cWag/EgIZx+HJQvo0rgPY1BFJsX1WnYf1/znZpkUBGbVmlJr -+t/dW1gSkNS6sPsM0Q+7HPgEv8CPDNK5eo7vU2seE0iWOkxSyVUuiCEY9ZVGaLVit -+p0C78nZ35Pdv4I+1cosmHl28+es1WI22rrnmdBpH8J1eY6WvUw2xuZHLeNVN0TzV -+Q3qq53AaCWuLOD1AjESWuUCxMZTK9DPS4JKXTK8RLyDeqOvJGjsSWp3kL0y3GaQ+ -+10T1rfkKJub2+m9A9duin1fn6tHc2wSvB7m3DA== -+-----END CERTIFICATE----- --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py -@@ -72,6 +72,7 @@ NONEXISTINGCERT = data_file("XXXnonexist - BADKEY = data_file("badkey.pem") - NOKIACERT = data_file("nokia.pem") - NULLBYTECERT = data_file("nullbytecert.pem") -+TALOS_INVALID_CRLDP = data_file("talos-2019-0758.pem") - - DHFILE = data_file("dh1024.pem") - BYTES_DHFILE = DHFILE.encode(sys.getfilesystemencoding()) -@@ -220,6 +221,27 @@ class BasicSocketTests(unittest.TestCase - self.assertEqual(p['crlDistributionPoints'], - ('http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',)) +@@ -256,6 +256,27 @@ class BasicSocketTests(unittest.TestCase + } + ) + def test_parse_cert_CVE_2019_5010(self): + p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP) @@ -91,16 +58,3 @@ +[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did +not handle CRL distribution points with empty DP or URI correctly. A +malicious or buggy certificate can result into segfault. ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -1139,6 +1139,10 @@ _get_crl_dp(X509 *certificate) { - STACK_OF(GENERAL_NAME) *gns; - - dp = sk_DIST_POINT_value(dps, i); -+ if (dp->distpoint == NULL) { -+ /* Ignore empty DP value, CVE-2019-5010 */ -+ continue; -+ } - gns = dp->distpoint->name.fullname; - - for (j=0; j < sk_GENERAL_NAME_num(gns); j++) { ++++++ CVE-2019-9674-zip-bomb.patch ++++++ >From b73fe12d4d85fc92e4b9658e417046b68fb68ecc Mon Sep 17 00:00:00 2001 From: nick sung <[email protected]> Date: Fri, 17 May 2019 15:45:31 +0800 Subject: [PATCH 1/4] bpo-36260: Add pitfalls to zipfile module documentation We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file. This gave us the idea of documentation improvement. So, we moved a little bit forward :P And the doc patch can be found (pr). --- Doc/library/zipfile.rst | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) --- a/Doc/library/zipfile.rst +++ b/Doc/library/zipfile.rst @@ -553,5 +553,47 @@ Command-line options Test whether the zipfile is valid or not. +Decompression pitfalls +---------------------- +The extraction in zipfile module might fail due to some pitfalls +listed below. + +From file itself +~~~~~~~~~~~~~~~~ + +Decompression may fail due to incorrect password / CRC checksum +/ ZIP format or unsupported compression method / decryption. + +File System limitations +~~~~~~~~~~~~~~~~~~~~~~~ + +Exceeding limitations on different file systems can cause +decompression failed. Such as allowable characters in the +directory entries, length of the file name, length of the +pathname, size of a single file, and number of files, etc. + +Resources limitations +~~~~~~~~~~~~~~~~~~~~~ + +The lack of memory or disk volume would lead to decompression +failed. For example, decompression bombs (aka `ZIP bomb`_) apply +to zipfile library that can cause disk volume exhaustion. + +Interruption +~~~~~~~~~~~~ + +Interruption during the decompression, such as pressing control-C +or killing the decompression process may result in incomplete +decompression of the archive. + +Default behaviors of extraction +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Not knowing the default extraction behaviors can cause unexpected +decompression results. For example, when extracting the same +archive twice, it overwrites files without asking. + + +.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb .. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT --- /dev/null +++ b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst @@ -0,0 +1 @@ +Add decompression pitfalls to zipfile module documentation. \ No newline at end of file ++++++ CVE-2020-8492-urllib-ReDoS.patch ++++++ >From 34e25a97709a05f7c804036dd1e16afda6bdfa33 Mon Sep 17 00:00:00 2001 From: Victor Stinner <[email protected]> Date: Thu, 30 Jan 2020 16:13:03 +0100 Subject: [PATCH 1/2] bpo-39503: Fix urllib basic auth regex The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Matt Schwager. --- Lib/urllib2.py | 2 +- Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst @@ -0,0 +1,4 @@ +CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class of the +:mod:`urllib.request` module uses an inefficient regular expression which can +be exploited by an attacker to cause a denial of service. Fix the regex to +prevent the catastrophic backtracking. Vulnerability reported by Matt Schwager. --- a/Lib/urllib2.py +++ b/Lib/urllib2.py @@ -856,7 +856,7 @@ class AbstractBasicAuthHandler: # allow for double- and single-quoted realm values # (single quotes are a violation of the RFC, but appear in the wild) - rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' + rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t]+)[ \t]+' 'realm=(["\']?)([^"\']*)\\2', re.I) # XXX could pre-emptively send auth info already accepted (RFC 2617, ++++++ Python-2.7.14.tar.xz -> Python-2.7.17.tar.xz ++++++ /work/SRC/openSUSE:Leap:15.2/python/Python-2.7.14.tar.xz /work/SRC/openSUSE:Leap:15.2/.python.new.26092/Python-2.7.17.tar.xz differ: char 26, line 1 ++++++ adapted-from-F00251-change-user-install-location.patch ++++++ Index: Python-2.7.17/Lib/distutils/command/install.py =================================================================== --- Python-2.7.17.orig/Lib/distutils/command/install.py +++ Python-2.7.17/Lib/distutils/command/install.py @@ -431,8 +431,18 @@ class install (Command): raise DistutilsOptionError, \ "must not supply exec-prefix without prefix" - self.prefix = os.path.normpath(sys.prefix) - self.exec_prefix = os.path.normpath(sys.exec_prefix) + # self.prefix is set to sys.prefix + /local/ + # if neither RPM build nor virtual environment is + # detected to make pip and distutils install packages + # into the separate location. + if (not hasattr(sys, 'real_prefix') and + 'RPM_BUILD_ROOT' not in os.environ): + addition = "/local" + else: + addition = "" + + self.prefix = os.path.normpath(sys.prefix) + addition + self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition else: if self.exec_prefix is None: Index: Python-2.7.17/Lib/site.py =================================================================== --- Python-2.7.17.orig/Lib/site.py +++ Python-2.7.17/Lib/site.py @@ -291,6 +291,10 @@ def getsitepackages(): sitepackages = [] seen = set() + # '/usr/local' is included in PREFIXES if RPM build is not detected + # to make packages installed into this location visible. + if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: + PREFIXES.insert(0, "/usr/local") for prefix in PREFIXES: if not prefix or prefix in seen: continue ++++++ bpo36160-init-sysconfig_vars.patch ++++++ >From 603a4461e3c889b06a5d78e57594ebbc580f1c03 Mon Sep 17 00:00:00 2001 From: Ivan Pozdeev <[email protected]> Date: Fri, 1 Mar 2019 21:44:24 +0300 Subject: [PATCH] Fix AttributeError on sysconfig._CONFIG_VARS.clear() if test_site is run separately --- Lib/test/test_site.py | 4 +++- .../next/Tests/2019-03-01-21-45-13.bpo-36160.4JjrqB.rst | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Tests/2019-03-01-21-45-13.bpo-36160.4JjrqB.rst --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -47,6 +47,9 @@ def setUpModule(): else: raise + # sysconfig._CONFIG_VARS is None until the first call to this function + sysconfig.get_config_vars() + def tearDownModule(): sys.path[:] = OLD_SYS_PATH --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2019-03-01-21-45-13.bpo-36160.4JjrqB.rst @@ -0,0 +1,2 @@ +Fix AttributeError on sysconfig._CONFIG_VARS.clear() if test_site is run +separately ++++++ bpo36302-sort-module-sources.patch ++++++ diff --git a/Lib/distutils/command/build_ext.py b/Lib/distutils/command/build_ext.py index 86a85c1..66bf0c2 100644 --- a/Lib/distutils/command/build_ext.py +++ b/Lib/distutils/command/build_ext.py @@ -455,7 +455,7 @@ class build_ext (Command): ("in 'ext_modules' option (extension '%s'), " + "'sources' must be present and must be " + "a list of source filenames") % ext.name - sources = list(sources) + sources = sorted(sources) ext_path = self.get_ext_fullpath(ext.name) depends = sources + ext.depends ++++++ do-not-use-non-ascii-in-test_ssl.patch ++++++ --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1021,7 +1021,7 @@ class ContextTests(unittest.TestCase): def test_load_dh_params(self): - filename = u'dhpäräm.pem' + filename = u'dhparam.pem' fs_encoding = sys.getfilesystemencoding() try: filename.encode(fs_encoding) ++++++ idle.appdata.xml ++++++ <?xml version="1.0" encoding="UTF-8"?> <!-- Copyright 2017 Zbigniew Jędrzejewski-Szmek --> <application> <id type="desktop">idle.desktop</id> <name>IDLE</name> <metadata_licence>CC0</metadata_licence> <project_license>Python-2.0</project_license> <summary>Python Integrated Development and Learning Environment</summary> <description> <p> IDLE is Python’s Integrated Development and Learning Environment. The GUI is uniform between Windows, Unix, and Mac OS X. IDLE provides an easy way to start writing, running, and debugging Python code. </p> <p> IDLE is written in pure Python, and uses the tkinter GUI toolkit. It provides: </p> <ul> <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li> <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li> <li>search within any window, replace within editor windows, and search through multiple files (grep),</li> <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li> </ul> </description> <url type="homepage">https://docs.python.org/2.7/library/idle.html</url> <screenshots> <screenshot type="default">http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</screenshot> <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</screenshot> <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</screenshot> </screenshots> <update_contact>[email protected]</update_contact> </application> ++++++ idle.desktop ++++++ [Desktop Entry] Version=1.0 Name=IDLE GenericName=Python IDE Comment=Python 2.7 Integrated Development and Learning Environment Exec=idle %F TryExec=idle Terminal=false Type=Application Icon=idle Categories=Development;IDE; MimeType=text/x-python; ++++++ macros.python2 ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.209231031 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.213231039 +0100 @@ -1,10 +1,8 @@ # legacy macros. commented but kept for the sake of possible recovery of their values -#%py_ver %(python -c "import sys; v=sys.version_info[:2]; print '%%d.%%d'%%v" 2>/dev/null || echo PYTHON-NOT-FOUND) -#%py_prefix %(python -c "import sys; print sys.prefix" 2>/dev/null || echo PYTHON-NOT-FOUND) -#%py_libdir %{py_prefix}/%{_lib}/python%{py_ver} -#%py_incdir %{py_prefix}/include/python%{py_ver} -#%py_sitedir %{py_libdir}/site-packages -#%__python2 /usr/bin/python2 +%py_prefix %(python -c "import sys; print sys.prefix" 2>/dev/null || echo PYTHON-NOT-FOUND) +%py_libdir %{py_prefix}/%{_lib}/python%{py_ver} +%py_incdir %{py_prefix}/include/python%{py_ver} +%py_sitedir %{py_libdir}/site-packages # these might be still in use somewhere %py_compile(O) \ ++++++ openssl-111-middlebox-compat.patch ++++++ >From 4fa35e8b1ebb2a8e88ba7c4c9cd2a17b35638ee6 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov <[email protected]> Date: Fri, 28 Sep 2018 16:34:16 +0100 Subject: [PATCH] bpo-34834: Fix test_ssl.test_options to account for OP_ENABLE_MIDDLEBOX_COMPAT. Signed-off-by: Dimitri John Ledkov <[email protected]> https://bugs.python.org/issue34834 --- Lib/test/test_ssl.py | 5 +++++ 1 file changed, 5 insertions(+) --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -807,8 +807,12 @@ class ContextTests(unittest.TestCase): default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3) # SSLContext also enables these by default default |= (OP_NO_COMPRESSION | OP_CIPHER_SERVER_PREFERENCE | - OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE | - OP_ENABLE_MIDDLEBOX_COMPAT) + ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE) + if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1): + # define MIDDLEBOX constant, as python2.7 does not know about it + # but it is used by default. + OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L + default |= OP_ENABLE_MIDDLEBOX_COMPAT self.assertEqual(default, ctx.options) ctx.options |= ssl.OP_NO_TLSv1 self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options) ++++++ openssl-111-ssl_options.patch ++++++ --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -807,12 +807,8 @@ class ContextTests(unittest.TestCase): default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3) # SSLContext also enables these by default default |= (OP_NO_COMPRESSION | OP_CIPHER_SERVER_PREFERENCE | - ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE) - if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1): - # define MIDDLEBOX constant, as python2.7 does not know about it - # but it is used by default. - OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L - default |= OP_ENABLE_MIDDLEBOX_COMPAT + OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE | + OP_ENABLE_MIDDLEBOX_COMPAT) self.assertEqual(default, ctx.options) ctx.options |= ssl.OP_NO_TLSv1 self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options) ++++++ pre_checkin.sh ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.229231071 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.229231071 +0100 @@ -9,3 +9,7 @@ sed -n -e '/COMMON-PREP-END/,$p' $spec; } | uniq > $spec.tmp && mv $spec.tmp $spec done + +# I really don't want to keep all three *.changes files separate +cp python-base.changes python.changes +cp python-base.changes python-doc.changes ++++++ python-2.5.1-sqlite.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.233231078 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.237231086 +0100 @@ -1,6 +1,6 @@ --- a/Modules/_sqlite/cursor.c +++ b/Modules/_sqlite/cursor.c -@@ -837,6 +837,9 @@ +@@ -829,6 +829,9 @@ PyObject* pysqlite_cursor_executescript( goto error; } ++++++ python-2.6-gettext-plurals.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.241231094 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.241231094 +0100 @@ -1,8 +1,6 @@ -Index: Lib/gettext.py -=================================================================== ---- a/Lib/gettext.py.orig +--- a/Lib/gettext.py +++ b/Lib/gettext.py -@@ -311,8 +311,9 @@ class GNUTranslations(NullTranslations): +@@ -387,8 +387,9 @@ class GNUTranslations(NullTranslations): self._charset = v.split('charset=')[1] elif k == 'plural-forms': v = v.split(';') ++++++ python-2.7-dirs.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.249231110 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.249231110 +0100 @@ -1,6 +1,6 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -106,7 +106,7 @@ +@@ -110,7 +110,7 @@ LIBDIR= @libdir@ MANDIR= @mandir@ INCLUDEDIR= @includedir@ CONFINCLUDEDIR= $(exec_prefix)/include ++++++ python-2.7.14-docs-pdf-a4.tar.bz2 -> python-2.7.17-docs-pdf-a4.tar.bz2 ++++++ /work/SRC/openSUSE:Leap:15.2/python/python-2.7.14-docs-pdf-a4.tar.bz2 /work/SRC/openSUSE:Leap:15.2/.python.new.26092/python-2.7.17-docs-pdf-a4.tar.bz2 differ: char 11, line 1 ++++++ python-2.7.14-docs-pdf-letter.tar.bz2 -> python-2.7.17-docs-pdf-letter.tar.bz2 ++++++ /work/SRC/openSUSE:Leap:15.2/python/python-2.7.14-docs-pdf-letter.tar.bz2 /work/SRC/openSUSE:Leap:15.2/.python.new.26092/python-2.7.17-docs-pdf-letter.tar.bz2 differ: char 11, line 1 ++++++ python-2.7.17-switch-off-failing-SSL-tests.patch ++++++ --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -152,9 +152,7 @@ def skip_if_broken_ubuntu_ssl(func): try: ssl.SSLContext(ssl.PROTOCOL_SSLv2) except ssl.SSLError: - if (ssl.OPENSSL_VERSION_INFO == (0, 9, 8, 15, 15) and - platform.linux_distribution() == ('debian', 'squeeze/sid', '')): - raise unittest.SkipTest("Patched Ubuntu OpenSSL breaks behaviour") + raise unittest.SkipTest("Test fails on SLE-12") return func(*args, **kwargs) return f else: @@ -1280,6 +1278,7 @@ class ContextTests(unittest.TestCase): self.assertEqual(ctx.verify_mode, ssl.CERT_NONE) self._assert_context_options(ctx) + @skip_if_broken_ubuntu_ssl def test__https_verify_certificates(self): # Unit test to check the contect factory mapping # The factories themselves are tested above ++++++ python-2.7.2-fix_date_time_compiler.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.281231174 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.281231174 +0100 @@ -1,8 +1,6 @@ -Index: Python-2.7.14/Makefile.pre.in -=================================================================== ---- Python-2.7.14.orig/Makefile.pre.in -+++ Python-2.7.14/Makefile.pre.in -@@ -638,8 +638,15 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -647,8 +647,15 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ ++++++ python-2.7.4-canonicalize2.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.285231182 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.285231182 +0100 @@ -1,8 +1,6 @@ -Index: Python-2.7.7/Python/sysmodule.c -=================================================================== ---- Python-2.7.7.orig/Python/sysmodule.c 2014-06-20 14:33:06.696228064 +0200 -+++ Python-2.7.7/Python/sysmodule.c 2014-06-20 14:33:10.960250497 +0200 -@@ -1624,7 +1624,20 @@ +--- a/Python/sysmodule.c ++++ b/Python/sysmodule.c +@@ -1638,7 +1638,20 @@ PySys_SetArgvEx(int argc, char **argv, i char *p = NULL; Py_ssize_t n = 0; PyObject *a; @@ -24,7 +22,7 @@ char link[MAXPATHLEN+1]; char argv0copy[2*MAXPATHLEN+1]; int nr = 0; -@@ -1651,7 +1664,8 @@ +@@ -1665,7 +1678,8 @@ PySys_SetArgvEx(int argc, char **argv, i } } } @@ -34,7 +32,7 @@ #if SEP == '\\' /* Special case for MS filename syntax */ if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) { char *q; -@@ -1680,11 +1694,6 @@ +@@ -1694,11 +1708,6 @@ PySys_SetArgvEx(int argc, char **argv, i } #else /* All other filename syntaxes */ if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) { @@ -46,7 +44,7 @@ p = strrchr(argv0, SEP); } if (p != NULL) { -@@ -1702,6 +1711,9 @@ +@@ -1716,6 +1725,9 @@ PySys_SetArgvEx(int argc, char **argv, i a = PyString_FromStringAndSize(argv0, n); if (a == NULL) Py_FatalError("no mem for sys.path insertion"); @@ -56,10 +54,8 @@ if (PyList_Insert(path, 0, a) < 0) Py_FatalError("sys.path.insert(0) failed"); Py_DECREF(a); -Index: Python-2.7.7/pyconfig.h.in -=================================================================== ---- Python-2.7.7.orig/pyconfig.h.in 2014-05-31 20:58:40.000000000 +0200 -+++ Python-2.7.7/pyconfig.h.in 2014-06-20 14:33:10.961250502 +0200 +--- a/pyconfig.h.in ++++ b/pyconfig.h.in @@ -109,6 +109,9 @@ /* Define to 1 if you have the 'chflags' function. */ #undef HAVE_CHFLAGS @@ -70,13 +66,11 @@ /* Define to 1 if you have the `chown' function. */ #undef HAVE_CHOWN -Index: Python-2.7.7/configure.ac -=================================================================== ---- Python-2.7.7.orig/configure.ac 2014-06-20 14:33:06.694228054 +0200 -+++ Python-2.7.7/configure.ac 2014-06-20 14:33:10.961250502 +0200 -@@ -2935,7 +2935,7 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -3159,7 +3159,7 @@ AC_CHECK_FUNCS(alarm setitimer getitimer getpriority getresuid getresgid getpwent getspnam getspent getsid getwd \ - initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime mmap \ + initgroups kill killpg lchown lstat mkfifo mknod mktime mmap \ mremap nice pathconf pause plock poll pthread_init \ - putenv readlink realpath \ + putenv readlink realpath canonicalize_file_name \ ++++++ python-2.7.5-multilib.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.293231198 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.293231198 +0100 @@ -1,8 +1,6 @@ -Index: Python-2.7.14/configure.ac -=================================================================== ---- Python-2.7.14.orig/configure.ac -+++ Python-2.7.14/configure.ac -@@ -758,6 +758,41 @@ SunOS*) +--- a/configure.ac ++++ b/configure.ac +@@ -773,6 +773,41 @@ SunOS*) ;; esac @@ -44,10 +42,8 @@ AC_SUBST(LIBRARY) AC_MSG_CHECKING(LIBRARY) -Index: Python-2.7.14/Include/pythonrun.h -=================================================================== ---- Python-2.7.14.orig/Include/pythonrun.h -+++ Python-2.7.14/Include/pythonrun.h +--- a/Include/pythonrun.h ++++ b/Include/pythonrun.h @@ -108,6 +108,8 @@ PyAPI_FUNC(char *) Py_GetPath(void); /* In their own files */ PyAPI_FUNC(const char *) Py_GetVersion(void); @@ -57,10 +53,8 @@ PyAPI_FUNC(const char *) Py_GetCopyright(void); PyAPI_FUNC(const char *) Py_GetCompiler(void); PyAPI_FUNC(const char *) Py_GetBuildInfo(void); -Index: Python-2.7.14/Lib/distutils/command/install.py -=================================================================== ---- Python-2.7.14.orig/Lib/distutils/command/install.py -+++ Python-2.7.14/Lib/distutils/command/install.py +--- a/Lib/distutils/command/install.py ++++ b/Lib/distutils/command/install.py @@ -22,6 +22,8 @@ from site import USER_BASE from site import USER_SITE @@ -79,10 +73,8 @@ 'headers': '$base/include/python$py_version_short/$dist_name', 'scripts': '$base/bin', 'data' : '$base', -Index: Python-2.7.14/Lib/distutils/sysconfig.py -=================================================================== ---- Python-2.7.14.orig/Lib/distutils/sysconfig.py -+++ Python-2.7.14/Lib/distutils/sysconfig.py +--- a/Lib/distutils/sysconfig.py ++++ b/Lib/distutils/sysconfig.py @@ -119,8 +119,11 @@ def get_python_lib(plat_specific=0, stan prefix = plat_specific and EXEC_PREFIX or PREFIX @@ -97,10 +89,8 @@ if standard_lib: return libpython else: -Index: Python-2.7.14/Lib/pydoc.py -=================================================================== ---- Python-2.7.14.orig/Lib/pydoc.py -+++ Python-2.7.14/Lib/pydoc.py +--- a/Lib/pydoc.py ++++ b/Lib/pydoc.py @@ -375,7 +375,7 @@ class Doc: docmodule = docclass = docroutine = docother = docproperty = docdata = fail @@ -110,10 +100,8 @@ "python"+sys.version[0:3])): """Return the location of module docs or None""" -Index: Python-2.7.14/Lib/site.py -=================================================================== ---- Python-2.7.14.orig/Lib/site.py -+++ Python-2.7.14/Lib/site.py +--- a/Lib/site.py ++++ b/Lib/site.py @@ -231,29 +231,38 @@ def getuserbase(): USER_BASE = get_config_var('userbase') return USER_BASE @@ -197,10 +185,8 @@ return sitepackages def addsitepackages(known_paths): -Index: Python-2.7.14/Lib/sysconfig.py -=================================================================== ---- Python-2.7.14.orig/Lib/sysconfig.py -+++ Python-2.7.14/Lib/sysconfig.py +--- a/Lib/sysconfig.py ++++ b/Lib/sysconfig.py @@ -7,10 +7,10 @@ from os.path import pardir, realpath _INSTALL_SCHEMES = { @@ -229,10 +215,8 @@ 'include': '{userbase}/include/python{py_version_short}', 'scripts': '{userbase}/bin', 'data' : '{userbase}', -Index: Python-2.7.14/Lib/test/test_dl.py -=================================================================== ---- Python-2.7.14.orig/Lib/test/test_dl.py -+++ Python-2.7.14/Lib/test/test_dl.py +--- a/Lib/test/test_dl.py ++++ b/Lib/test/test_dl.py @@ -4,10 +4,11 @@ import unittest from test.test_support import verbose, import_module @@ -247,11 +231,9 @@ ('/usr/bin/cygwin1.dll', 'getpid'), ('/usr/lib/libc.dylib', 'getpid'), ] -Index: Python-2.7.14/Lib/test/test_site.py -=================================================================== ---- Python-2.7.14.orig/Lib/test/test_site.py -+++ Python-2.7.14/Lib/test/test_site.py -@@ -252,12 +252,16 @@ class HelperFunctionsTests(unittest.Test +--- a/Lib/test/test_site.py ++++ b/Lib/test/test_site.py +@@ -254,12 +254,16 @@ class HelperFunctionsTests(unittest.Test self.assertEqual(dirs[0], wanted) elif os.sep == '/': # OS X, Linux, FreeBSD, etc @@ -271,10 +253,21 @@ else: # other platforms self.assertEqual(len(dirs), 2) -Index: Python-2.7.14/Lib/trace.py -=================================================================== ---- Python-2.7.14.orig/Lib/trace.py -+++ Python-2.7.14/Lib/trace.py +@@ -305,7 +309,11 @@ class HelperFunctionsTests(unittest.Test + known_paths = set() + site.addusersitepackages(known_paths) + +- self.assertEqual(fake_isdir.arg, user_site) ++ # value of user_site cannot be used for comparison, because ++ # the following assert mistakenly assumes 'platlib' and ++ # 'purelib' directories are same. ++ self.assertEqual(fake_isdir.arg, ++ site.getusersitepackages('platlib')) + self.assertFalse(known_paths) + + +--- a/Lib/trace.py ++++ b/Lib/trace.py @@ -754,10 +754,10 @@ def main(argv=None): # should I also call expanduser? (after all, could use $HOME) @@ -288,10 +281,8 @@ "python" + sys.version[:3])) s = os.path.normpath(s) ignore_dirs.append(s) -Index: Python-2.7.14/Makefile.pre.in -=================================================================== ---- Python-2.7.14.orig/Makefile.pre.in -+++ Python-2.7.14/Makefile.pre.in +--- a/Makefile.pre.in ++++ b/Makefile.pre.in @@ -91,6 +91,8 @@ PY_CFLAGS= $(CFLAGS) $(CPPFLAGS) $(CFLAG # Machine-dependent subdirectories @@ -301,7 +292,7 @@ # Multiarch directory (may be empty) MULTIARCH= @MULTIARCH@ -@@ -644,6 +646,7 @@ Modules/getpath.o: $(srcdir)/Modules/get +@@ -653,6 +655,7 @@ Modules/getpath.o: $(srcdir)/Modules/get -DEXEC_PREFIX='"$(exec_prefix)"' \ -DVERSION='"$(VERSION)"' \ -DVPATH='"$(VPATH)"' \ @@ -309,7 +300,7 @@ -o $@ $(srcdir)/Modules/getpath.c Modules/python.o: $(srcdir)/Modules/python.c -@@ -692,7 +695,7 @@ regen-ast: +@@ -701,7 +704,7 @@ regen-ast: Python/compile.o Python/symtable.o Python/ast.o: $(srcdir)/Include/graminit.h $(srcdir)/Include/Python-ast.h Python/getplatform.o: $(srcdir)/Python/getplatform.c @@ -318,10 +309,8 @@ Python/importdl.o: $(srcdir)/Python/importdl.c $(CC) -c $(PY_CFLAGS) -I$(DLINCLDIR) -o $@ $(srcdir)/Python/importdl.c -Index: Python-2.7.14/Modules/getpath.c -=================================================================== ---- Python-2.7.14.orig/Modules/getpath.c -+++ Python-2.7.14/Modules/getpath.c +--- a/Modules/getpath.c ++++ b/Modules/getpath.c @@ -100,6 +100,8 @@ #error "PREFIX, EXEC_PREFIX, VERSION, and VPATH must be constant defined" #endif @@ -340,10 +329,8 @@ static void reduce(char *dir) -Index: Python-2.7.14/Python/getplatform.c -=================================================================== ---- Python-2.7.14.orig/Python/getplatform.c -+++ Python-2.7.14/Python/getplatform.c +--- a/Python/getplatform.c ++++ b/Python/getplatform.c @@ -10,3 +10,23 @@ Py_GetPlatform(void) { return PLATFORM; @@ -368,10 +355,8 @@ +{ + return LIB; +} -Index: Python-2.7.14/Python/sysmodule.c -=================================================================== ---- Python-2.7.14.orig/Python/sysmodule.c -+++ Python-2.7.14/Python/sysmodule.c +--- a/Python/sysmodule.c ++++ b/Python/sysmodule.c @@ -1437,6 +1437,10 @@ _PySys_Init(void) PyString_FromString(Py_GetCopyright())); SET_SYS_FROM_STRING("platform", @@ -383,10 +368,8 @@ SET_SYS_FROM_STRING("executable", PyString_FromString(Py_GetProgramFullPath())); SET_SYS_FROM_STRING("prefix", -Index: Python-2.7.14/setup.py -=================================================================== ---- Python-2.7.14.orig/setup.py -+++ Python-2.7.14/setup.py +--- a/setup.py ++++ b/setup.py @@ -456,7 +456,7 @@ class PyBuildExt(build_ext): def detect_modules(self): # Ensure that /usr/local is always used @@ -410,7 +393,7 @@ extra_link_args=readline_extra_link_args, libraries=readline_libs) ) else: -@@ -1941,18 +1941,17 @@ class PyBuildExt(build_ext): +@@ -1933,18 +1933,17 @@ class PyBuildExt(build_ext): # Check for various platform-specific directories if host_platform == 'sunos5': include_dirs.append('/usr/openwin/include') ++++++ python-2.7.9-sles-disable-verification-by-default.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.297231206 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.297231206 +0100 @@ -1,24 +1,21 @@ -Index: Python-2.7.9/Lib/ssl.py -=================================================================== ---- Python-2.7.9.orig/Lib/ssl.py 2015-08-12 15:53:27.419729448 +0200 -+++ Python-2.7.9/Lib/ssl.py 2015-08-12 15:58:10.668465183 +0200 -@@ -469,7 +469,18 @@ - return context - - # Used by http.client if no context is explicitly passed. --_create_default_https_context = create_default_context -+try: -+ # load the TLS checks policy from separate package -+ import sle_tls_checks_policy as policy -+ if policy.get_policy: -+ _create_default_https_context = policy.get_policy() -+ else: -+ # empty policy file means simply enable strict verification -+ _create_default_https_context = create_default_context +--- a/Lib/ssl.py ++++ b/Lib/ssl.py +@@ -495,7 +495,17 @@ def _get_https_context_factory(): + config_setting = os.environ.get(_https_verify_envvar) + if config_setting == '0': + return _create_unverified_context +- return create_default_context + -+except ImportError: -+ # policy not present, disable verification for backwards compatibility -+ _create_default_https_context = _create_unverified_context ++ try: ++ # load the TLS checks policy from separate package ++ import sle_tls_checks_policy as policy ++ if policy.get_policy: ++ return policy.get_policy() ++ else: ++ # empty policy file means simply enable strict verification ++ return create_default_context ++ except ImportError: ++ return create_default_context + _create_default_https_context = _get_https_context_factory() - # Backwards compatibility alias, even though it's not a public name. ++++++ python-2.7.9-ssl_ca_path.patch ++++++ --- /var/tmp/diff_new_pack.AW4Rit/_old 2020-03-01 08:51:01.305231222 +0100 +++ /var/tmp/diff_new_pack.AW4Rit/_new 2020-03-01 08:51:01.305231222 +0100 @@ -1,8 +1,6 @@ -Index: Python-2.7.9/Lib/ssl.py -=================================================================== ---- Python-2.7.9.orig/Lib/ssl.py 2014-12-10 16:59:40.000000000 +0100 -+++ Python-2.7.9/Lib/ssl.py 2015-02-25 17:28:19.538808314 +0100 -@@ -504,7 +504,15 @@ +--- a/Lib/ssl.py ++++ b/Lib/ssl.py +@@ -537,7 +537,15 @@ class SSLSocket(socket): self._context = SSLContext(ssl_version) self._context.verify_mode = cert_reqs if ca_certs: ++++++ python-bsddb6.patch ++++++ From: Jan Engelhardt <[email protected]> Date: 2013-07-06 16:07:31.146616589 +0200 This patch was partially autogenerated: - copying python-bsddb3-6.0.0 sources into the python-2.7.5 tree - creating a diff -w against the unmodified python-2.7.5 - stripped all hunks that pertained to module renaming - manually added db6 searching to setup.py --- Lib/bsddb/test/test_all.py | 15 +++-- Lib/bsddb/test/test_misc.py | 5 + Lib/bsddb/test/test_replication.py | 25 +------- Modules/_bsddb.c | 108 +++++++++++++++++++++++++++++++++---- Modules/bsddb.h | 2 setup.py | 6 +- 6 files changed, 120 insertions(+), 41 deletions(-) --- a/Lib/bsddb/test/test_all.py +++ b/Lib/bsddb/test/test_all.py @@ -74,8 +74,9 @@ if sys.version_info[0] >= 3 : key = key.decode(charset) return (key, value.decode(charset)) - def __next__(self) : - v = getattr(self._dbcursor, "next")() + def __next__(self, flags=0, dlen=-1, doff=-1) : + v = getattr(self._dbcursor, "next")(flags=flags, dlen=dlen, + doff=doff) return self._fix(v) next = __next__ @@ -128,8 +129,8 @@ if sys.version_info[0] >= 3 : v = self._dbcursor.current(flags=flags, dlen=dlen, doff=doff) return self._fix(v) - def first(self) : - v = self._dbcursor.first() + def first(self, flags=0, dlen=-1, doff=-1) : + v = self._dbcursor.first(flags=flags, dlen=dlen, doff=doff) return self._fix(v) def pget(self, key=None, data=None, flags=0) : @@ -489,7 +490,11 @@ def print_versions(): print 'py module: %s' % getattr(bsddb, "__file"+suffix) print 'extension module: %s' % getattr(bsddb, "__file"+suffix) - print 'python version: %s' % sys.version + print 'Test working dir: %s' % get_test_path_prefix() + import platform + print 'python version: %s %s' % \ + (sys.version.replace("\r", "").replace("\n", ""), \ + platform.architecture()[0]) print 'My pid: %s' % os.getpid() print '-=' * 38 --- a/Lib/bsddb/test/test_misc.py +++ b/Lib/bsddb/test/test_misc.py @@ -46,8 +46,9 @@ class MiscTestCase(unittest.TestCase): d[repr(i)] = repr(100*i) db.close() db = hashopen(self.filename) - rp = repr(db) - self.assertEqual(rp, repr(d)) + rp = repr(sorted(db.items())) + rd = repr(sorted(d.items())) + self.assertEqual(rp, rd) db.close() # http://sourceforge.net/tracker/index.php?func=detail&aid=1708868&group_id=13900&atid=313900 --- a/Lib/bsddb/test/test_replication.py +++ b/Lib/bsddb/test/test_replication.py @@ -165,21 +165,10 @@ class DBReplicationManager(DBReplication # is not generated if the master has no new transactions. # This is solved in BDB 4.6 (#15542). import time - timeout = time.time()+60 + timeout = time.time()+10 while (time.time()<timeout) and not (self.confirmed_master and self.client_startupdone) : time.sleep(0.02) - # self.client_startupdone does not always get set to True within - # the timeout. On windows this may be a deep issue, on other - # platforms it is likely just a timing issue, especially on slow - # virthost buildbots (see issue 3892 for more). Even though - # the timeout triggers, the rest of this test method usually passes - # (but not all of it always, see below). So we just note the - # timeout on stderr and keep soldering on. - if time.time()>timeout: - import sys - print >> sys.stderr, ("XXX: timeout happened before" - "startup was confirmed - see issue 3892") - startup_timeout = True + self.assertTrue(time.time()<timeout) d = self.dbenvMaster.repmgr_site_list() self.assertEqual(len(d), 1) @@ -237,14 +226,6 @@ class DBReplicationManager(DBReplication txn.commit() if v is None : time.sleep(0.02) - # If startup did not happen before the timeout above, then this test - # sometimes fails. This happens randomly, which causes buildbot - # instability, but all the other bsddb tests pass. Since bsddb3 in the - # stdlib is currently not getting active maintenance, and is gone in - # py3k, we just skip the end of the test in that case. - if time.time()>=timeout and startup_timeout: - self.skipTest("replication test skipped due to random failure, " - "see issue 3892") self.assertLess(time.time(), timeout) self.assertEqual("123", v) @@ -375,7 +356,7 @@ class DBBaseReplication(DBReplication) : # is not generated if the master has no new transactions. # This is solved in BDB 4.6 (#15542). import time - timeout = time.time()+60 + timeout = time.time()+10 while (time.time()<timeout) and not (self.confirmed_master and self.client_startupdone) : time.sleep(0.02) --- a/Modules/_bsddb.c +++ b/Modules/_bsddb.c @@ -124,10 +124,14 @@ typedef int Py_ssize_t; #define NUMBER_Check PyLong_Check #define NUMBER_AsLong PyLong_AsLong #define NUMBER_FromLong PyLong_FromLong +#define NUMBER_FromUnsignedLong PyLong_FromUnsignedLong #else #define NUMBER_Check PyInt_Check #define NUMBER_AsLong PyInt_AsLong #define NUMBER_FromLong PyInt_FromLong +#if (PY_VERSION_HEX >= 0x02050000) +#define NUMBER_FromUnsignedLong PyInt_FromSize_t +#endif #endif #ifdef WITH_THREAD @@ -853,6 +857,18 @@ static void _addIntToDict(PyObject* dict Py_XDECREF(v); } +#if (DBVER >= 60) && (PY_VERSION_HEX >= 0x02050000) +/* add an unsigned integer to a dictionary using the given name as a key */ +static void _addUnsignedIntToDict(PyObject* dict, char *name, unsigned int value) +{ + PyObject* v = NUMBER_FromUnsignedLong((unsigned long) value); + if (!v || PyDict_SetItemString(dict, name, v)) + PyErr_Clear(); + + Py_XDECREF(v); +} +#endif + /* The same, when the value is a time_t */ static void _addTimeTToDict(PyObject* dict, char *name, time_t value) { @@ -2677,13 +2693,21 @@ _default_cmp(const DBT *leftKey, static int _db_compareCallback(DB* db, const DBT *leftKey, - const DBT *rightKey) + const DBT *rightKey +#if (DBVER >= 60) + , size_t *locp +#endif + ) { int res = 0; PyObject *args; PyObject *result = NULL; DBObject *self = (DBObject *)db->app_private; +# if (DBVER >= 60) + locp = NULL; /* As required by documentation */ +#endif + if (self == NULL || self->btCompareCallback == NULL) { MYDB_BEGIN_BLOCK_THREADS; PyErr_SetString(PyExc_TypeError, @@ -2791,13 +2815,21 @@ DB_set_bt_compare(DBObject* self, PyObje static int _db_dupCompareCallback(DB* db, const DBT *leftKey, - const DBT *rightKey) + const DBT *rightKey +#if (DBVER >= 60) + , size_t *locp +#endif + ) { int res = 0; PyObject *args; PyObject *result = NULL; DBObject *self = (DBObject *)db->app_private; +#if (DBVER >= 60) + locp = NULL; /* As required by documentation */ +#endif + if (self == NULL || self->dupCompareCallback == NULL) { MYDB_BEGIN_BLOCK_THREADS; PyErr_SetString(PyExc_TypeError, @@ -3576,13 +3608,14 @@ Py_ssize_t DB_length(PyObject* _self) err = self->db->stat(self->db, /*txnid*/ NULL, &sp, 0); MYDB_END_ALLOW_THREADS; + if (makeDBError(err)) { + return -1; + } + /* All the stat structures have matching fields upto the ndata field, so we can use any of them for the type cast */ size = ((DB_BTREE_STAT*)sp)->bt_ndata; - if (err) - return -1; - free(sp); return size; } @@ -8420,12 +8453,22 @@ static PyObject* DBSequence_get(DBSequenceObject* self, PyObject* args, PyObject* kwargs) { int err, flags = 0; +#if (DBVER >= 60) + unsigned +#endif int delta = 1; db_seq_t value; PyObject *txnobj = NULL; DB_TXN *txn = NULL; static char* kwnames[] = {"delta", "txn", "flags", NULL }; - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|iOi:get", kwnames, &delta, &txnobj, &flags)) + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, +#if (DBVER >=60) + "|IOi:get", +#else + "|iOi:get", +#endif + kwnames, &delta, &txnobj, &flags)) return NULL; CHECK_SEQUENCE_NOT_CLOSED(self) @@ -8555,8 +8598,19 @@ DBSequence_remove(DBSequenceObject* self static PyObject* DBSequence_set_cachesize(DBSequenceObject* self, PyObject* args) { - int err, size; - if (!PyArg_ParseTuple(args,"i:set_cachesize", &size)) + int err; +#if (DBVER >= 60) + unsigned +#endif + int size; + + if (!PyArg_ParseTuple(args, +#if (DBVER >= 60) + "I:set_cachesize", +#else + "i:set_cachesize", +#endif + &size)) return NULL; CHECK_SEQUENCE_NOT_CLOSED(self) @@ -8571,7 +8625,11 @@ DBSequence_set_cachesize(DBSequenceObjec static PyObject* DBSequence_get_cachesize(DBSequenceObject* self) { - int err, size; + int err; +#if (DBVER >= 60) + unsigned +#endif + int size; CHECK_SEQUENCE_NOT_CLOSED(self) @@ -8700,6 +8758,9 @@ DBSequence_stat(DBSequenceObject* self, #define MAKE_INT_ENTRY(name) _addIntToDict(dict_stat, #name, sp->st_##name) +#if (DBVER >= 60) && (PY_VERSION_HEX >= 0x02050000) +#define MAKE_UNSIGNED_INT_ENTRY(name) _addUnsignedIntToDict(dict_stat, #name, sp->st_##name) +#endif #define MAKE_LONG_LONG_ENTRY(name) _addDb_seq_tToDict(dict_stat, #name, sp->st_##name) MAKE_INT_ENTRY(wait); @@ -8709,10 +8770,15 @@ DBSequence_stat(DBSequenceObject* self, MAKE_LONG_LONG_ENTRY(last_value); MAKE_LONG_LONG_ENTRY(min); MAKE_LONG_LONG_ENTRY(max); +#if (DBVER >= 60) && (PY_VERSION_HEX >= 0x02050000) + MAKE_UNSIGNED_INT_ENTRY(cache_size); +#else MAKE_INT_ENTRY(cache_size); +#endif MAKE_INT_ENTRY(flags); #undef MAKE_INT_ENTRY +#undef MAKE_UNSIGNED_INT_ENTRY #undef MAKE_LONG_LONG_ENTRY free(sp); @@ -9014,7 +9080,7 @@ static PyMethodDef DBEnv_methods[] = { {"txn_recover", (PyCFunction)DBEnv_txn_recover, METH_NOARGS}, #if (DBVER < 48) {"set_rpc_server", (PyCFunction)DBEnv_set_rpc_server, - METH_VARARGS|METH_KEYWORDS}, + METH_VARARGS||METH_KEYWORDS}, #endif {"set_mp_max_openfd", (PyCFunction)DBEnv_set_mp_max_openfd, METH_VARARGS}, {"get_mp_max_openfd", (PyCFunction)DBEnv_get_mp_max_openfd, METH_NOARGS}, @@ -9986,6 +10052,10 @@ PyMODINIT_FUNC PyInit__bsddb(void) / ADD_INT(d, DB_LOG_ZERO); #endif +#if (DBVER >= 60) + ADD_INT(d, DB_LOG_BLOB); +#endif + #if (DBVER >= 44) ADD_INT(d, DB_DSYNC_DB); #endif @@ -10046,6 +10116,10 @@ PyMODINIT_FUNC PyInit__bsddb(void) / ADD_INT(d, DB_EVENT_REG_PANIC); #endif +#if (DBVER >= 60) + ADD_INT(d, DB_EVENT_REP_AUTOTAKEOVER_FAILED); +#endif + #if (DBVER >=52) ADD_INT(d, DB_EVENT_REP_SITE_ADDED); ADD_INT(d, DB_EVENT_REP_SITE_REMOVED); @@ -10150,6 +10224,20 @@ PyMODINIT_FUNC PyInit__bsddb(void) / ADD_INT(d, DB_REP_CONF_INMEM); #endif +#if (DBVER >= 60) + ADD_INT(d, DB_REPMGR_ISVIEW); +#endif + +#if (DBVER >= 60) + ADD_INT(d, DB_DBT_BLOB); +#endif + +#if (DBVER >= 60) + ADD_INT(d, DB_STREAM_READ); + ADD_INT(d, DB_STREAM_WRITE); + ADD_INT(d, DB_STREAM_SYNC_WRITE); +#endif + ADD_INT(d, DB_TIMEOUT); #if (DBVER >= 50) --- a/Modules/bsddb.h +++ b/Modules/bsddb.h @@ -110,7 +110,7 @@ #error "eek! DBVER can't handle minor versions > 9" #endif -#define PY_BSDDB_VERSION "5.3.0" +#define PY_BSDDB_VERSION "6.0.0" /* Python object definitions */ --- a/setup.py +++ b/setup.py @@ -905,7 +905,7 @@ class PyBuildExt(build_ext): # a release. Most open source OSes come with one or more # versions of BerkeleyDB already installed. - max_db_ver = (5, 3) + max_db_ver = (6, 0) min_db_ver = (4, 3) db_setup_debug = False # verbose debug prints from this script? @@ -945,6 +945,7 @@ class PyBuildExt(build_ext): # construct a list of paths to look for the header file in on # top of the normal inc_dirs. db_inc_paths = [ + '/usr/include/db6', '/usr/include/db4', '/usr/local/include/db4', '/opt/sfw/include/db4', @@ -984,6 +985,7 @@ class PyBuildExt(build_ext): for dn in inc_dirs: std_variants.append(os.path.join(dn, 'db3')) std_variants.append(os.path.join(dn, 'db4')) + std_variants.append(os.path.join(dn, 'db6')) for x in gen_db_minor_ver_nums(4): std_variants.append(os.path.join(dn, "db4%d"%x)) std_variants.append(os.path.join(dn, "db4.%d"%x)) ++++++ remove-static-libpython.patch ++++++ --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -488,7 +488,7 @@ coverage-report: regen-grammar # Build the interpreter -$(BUILDPYTHON): Modules/python.o $(LIBRARY) $(LDLIBRARY) +$(BUILDPYTHON): Modules/python.o $(LDLIBRARY) $(LINKCC) $(LDFLAGS) $(LINKFORSHARED) -o $@ \ Modules/python.o \ $(BLDLIBRARY) $(LIBS) $(MODLIBS) $(SYSLIBS) $(LDLAST) @@ -529,18 +529,6 @@ sharedmods: $(BUILDPYTHON) pybuilddir.tx _TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build -# Build static library -# avoid long command lines, same as LIBRARY_OBJS -$(LIBRARY): $(LIBRARY_OBJS) - -rm -f $@ - $(AR) $(ARFLAGS) $@ Modules/getbuildinfo.o - $(AR) $(ARFLAGS) $@ $(PARSER_OBJS) - $(AR) $(ARFLAGS) $@ $(OBJECT_OBJS) - $(AR) $(ARFLAGS) $@ $(PYTHON_OBJS) - $(AR) $(ARFLAGS) $@ $(MODULE_OBJS) $(SIGNAL_OBJS) - $(AR) $(ARFLAGS) $@ $(MODOBJS) - $(RANLIB) $@ - libpython$(VERSION).so: $(LIBRARY_OBJS) if test $(INSTSONAME) != $(LDLIBRARY); then \ $(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \ @@ -1220,18 +1208,6 @@ libainstall: @DEF_MAKE_RULE@ python-conf else true; \ fi; \ done - @if test -d $(LIBRARY); then :; else \ - if test "$(PYTHONFRAMEWORKDIR)" = no-framework; then \ - if test "$(SO)" = .dll; then \ - $(INSTALL_DATA) $(LDLIBRARY) $(DESTDIR)$(LIBPL) ; \ - else \ - $(INSTALL_DATA) $(LIBRARY) $(DESTDIR)$(LIBPL)/$(LIBRARY) ; \ - $(RANLIB) $(DESTDIR)$(LIBPL)/$(LIBRARY) ; \ - fi; \ - else \ - echo Skip install of $(LIBRARY) - use make frameworkinstall; \ - fi; \ - fi $(INSTALL_DATA) Modules/config.c $(DESTDIR)$(LIBPL)/config.c $(INSTALL_DATA) Modules/python.o $(DESTDIR)$(LIBPL)/python.o $(INSTALL_DATA) $(srcdir)/Modules/config.c.in $(DESTDIR)$(LIBPL)/config.c.in
