From f5250ecae71c9215886d2cf76d00c9f0662532be Mon Sep 17 00:00:00 2001 From: Bohuslav Kabrda Date: Nov 05 2013 11:40:00 +0000 Subject: Update to Python 3.4 alpha 4. - Refreshed patches: 55 (systemtap), 102 (lib64), 111 (no static lib), 114 (statvfs flags), 132 (unittest rpmbuild hooks), 134 (fix COUNT_ALLOCS in test_sys), 143 (tsc on ppc64), 146 (hashlib fips), 153 (test gdb noise), 157 (UID+GID overflows), 173 (ENOPROTOOPT in bind_port), 186 (dont raise from py_compile) - Removed patches: 129 (test_subprocess nonreadable dir - no longer fails in Koji), 142 (the mock issue that caused this is fixed) - Added patch 187 (remove thread atfork) - will be in next version - Refreshed script for checking pyc and pyo timestamps with new ignored files. - The fips patch is disabled for now until upstream makes a final decision what to do with sha3 implementation for 3.4.0. --- diff --git a/00055-systemtap.patch b/00055-systemtap.patch index 90b876b..ddd5e77 100644 --- a/00055-systemtap.patch +++ b/00055-systemtap.patch @@ -650,8 +650,8 @@ diff -up Python-3.3.0rc2/Makefile.pre.in.systemtap Python-3.3.0rc2/Makefile.pre. +Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h \ + $(srcdir)/Python/ceval_systemtap.h @SYSTEMTAPDEPS@ - Python/formatter_unicode.o: $(srcdir)/Python/formatter_unicode.c \ - $(BYTESTR_DEPS) + Python/frozen.o: Python/importlib.h + @@ -724,6 +726,13 @@ Objects/typeobject.o: $(srcdir)/Objects/ Objects/typeslots.inc: $(srcdir)/Include/typeslots.h $(srcdir)/Objects/typeslots.py $(PYTHON) $(srcdir)/Objects/typeslots.py < $(srcdir)/Include/typeslots.h > Objects/typeslots.inc @@ -735,8 +735,8 @@ diff -up Python-3.3.0rc2/Python/ceval.c.systemtap Python-3.3.0rc2/Python/ceval.c + } + Py_LeaveRecursiveCall(); + f->f_executing = 0; tstate->frame = f->f_back; - diff -up Python-3.3.0rc2/Python/ceval_systemtap.h.systemtap Python-3.3.0rc2/Python/ceval_systemtap.h --- Python-3.3.0rc2/Python/ceval_systemtap.h.systemtap 2012-09-10 09:17:21.122511781 -0400 +++ Python-3.3.0rc2/Python/ceval_systemtap.h 2012-09-10 09:17:21.122511781 -0400 diff --git a/00111-no-static-lib.patch b/00111-no-static-lib.patch index bd63852..f74bc87 100644 --- a/00111-no-static-lib.patch +++ b/00111-no-static-lib.patch @@ -2,7 +2,7 @@ diff -up cpython-59223da36dec/Makefile.pre.in.no-static-lib cpython-59223da36dec --- cpython-59223da36dec/Makefile.pre.in.no-static-lib 2012-08-07 16:43:43.296466422 -0400 +++ cpython-59223da36dec/Makefile.pre.in 2012-08-07 16:44:13.299464371 -0400 @@ -464,7 +464,7 @@ coverage: - + $(MAKE) coverage-lcov # Build the interpreter -$(BUILDPYTHON): Modules/python.o $(LIBRARY) $(LDLIBRARY) $(PY3LIBRARY) @@ -11,7 +11,7 @@ diff -up cpython-59223da36dec/Makefile.pre.in.no-static-lib cpython-59223da36dec platform: $(BUILDPYTHON) pybuilddir.txt @@ -480,18 +480,6 @@ sharedmods: $(BUILDPYTHON) $(SYSCONFIGDA - $(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \ + _TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build -# Build static library diff --git a/00114-statvfs-f_flag-constants.patch b/00114-statvfs-f_flag-constants.patch index af0d780..ea99e08 100644 --- a/00114-statvfs-f_flag-constants.patch +++ b/00114-statvfs-f_flag-constants.patch @@ -2,38 +2,38 @@ diff -up Python-3.3.0b1/Modules/posixmodule.c.statvfs-f_flag-constants Python-3. --- Python-3.3.0b1/Modules/posixmodule.c.statvfs-f_flag-constants 2012-06-26 16:19:54.000000000 -0400 +++ Python-3.3.0b1/Modules/posixmodule.c 2012-07-20 13:39:18.595546387 -0400 @@ -11665,6 +11665,35 @@ all_ins(PyObject *d) - if (ins(d, "ST_NOSUID", (long)ST_NOSUID)) return -1; + if (PyModule_AddIntMacro(m, ST_NOSUID)) return -1; #endif /* ST_NOSUID */ + /* GNU extensions */ +#ifdef ST_NODEV -+ if (ins(d, "ST_NODEV", (long)ST_NODEV)) return -1; ++ if (PyModule_AddIntMacro(m, ST_NODEV)) return -1; +#endif /* ST_NODEV */ +#ifdef ST_NOEXEC -+ if (ins(d, "ST_NOEXEC", (long)ST_NOEXEC)) return -1; ++ if (PyModule_AddIntMacro(m, ST_NOEXEC)) return -1; +#endif /* ST_NOEXEC */ +#ifdef ST_SYNCHRONOUS -+ if (ins(d, "ST_SYNCHRONOUS", (long)ST_SYNCHRONOUS)) return -1; ++ if (PyModule_AddIntMacro(m, ST_SYNCHRONOUS)) return -1; +#endif /* ST_SYNCHRONOUS */ +#ifdef ST_MANDLOCK -+ if (ins(d, "ST_MANDLOCK", (long)ST_MANDLOCK)) return -1; ++ if (PyModule_AddIntMacro(m, ST_MANDLOCK)) return -1; +#endif /* ST_MANDLOCK */ +#ifdef ST_WRITE -+ if (ins(d, "ST_WRITE", (long)ST_WRITE)) return -1; ++ if (PyModule_AddIntMacro(m, ST_WRITE)) return -1; +#endif /* ST_WRITE */ +#ifdef ST_APPEND -+ if (ins(d, "ST_APPEND", (long)ST_APPEND)) return -1; ++ if (PyModule_AddIntMacro(m, ST_APPEND)) return -1; +#endif /* ST_APPEND */ +#ifdef ST_NOATIME -+ if (ins(d, "ST_NOATIME", (long)ST_NOATIME)) return -1; ++ if (PyModule_AddIntMacro(m, ST_NOATIME)) return -1; +#endif /* ST_NOATIME */ +#ifdef ST_NODIRATIME -+ if (ins(d, "ST_NODIRATIME", (long)ST_NODIRATIME)) return -1; ++ if (PyModule_AddIntMacro(m, ST_NODIRATIME)) return -1; +#endif /* ST_NODIRATIME */ +#ifdef ST_RELATIME -+ if (ins(d, "ST_RELATIME", (long)ST_RELATIME)) return -1; ++ if (PyModule_AddIntMacro(m, ST_RELATIME)) return -1; +#endif /* ST_RELATIME */ + /* FreeBSD sendfile() constants */ #ifdef SF_NODISKIO - if (ins(d, "SF_NODISKIO", (long)SF_NODISKIO)) return -1; + if (PyModule_AddIntMacro(m, SF_NODISKIO)) return -1; diff --git a/00132-add-rpmbuild-hooks-to-unittest.patch b/00132-add-rpmbuild-hooks-to-unittest.patch index fdfbab8..20930ac 100644 --- a/00132-add-rpmbuild-hooks-to-unittest.patch +++ b/00132-add-rpmbuild-hooks-to-unittest.patch @@ -6,11 +6,11 @@ diff -up Python-3.2.2/Lib/unittest/case.py.add-rpmbuild-hooks-to-unittest Python import functools import difflib +import os + import logging import pprint import re - import warnings @@ -101,6 +102,43 @@ def expectedFailure(func): - return wrapper + raise self.test_case.failureException(msg) +# Non-standard/downstream-only hooks for handling issues with specific test @@ -50,7 +50,7 @@ diff -up Python-3.2.2/Lib/unittest/case.py.add-rpmbuild-hooks-to-unittest Python + func(*args, **kwargs) + return wrapper + - class _AssertRaisesBaseContext(object): + class _AssertRaisesBaseContext(_BaseTestCaseContext): def __init__(self, expected, test_case, callable_obj=None, diff -up Python-3.2.2/Lib/unittest/__init__.py.add-rpmbuild-hooks-to-unittest Python-3.2.2/Lib/unittest/__init__.py diff --git a/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch b/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch index 087705c..afd8685 100644 --- a/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch +++ b/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch @@ -4,14 +4,14 @@ diff -up Python-3.3.0b2/Lib/test/test_sys.py.fix-COUNT_ALLOCS-failure-in-test_sy @@ -835,12 +835,17 @@ class SizeofTest(unittest.TestCase): # type # static type: PyTypeObject - s = vsize('P2n15Pl4Pn9Pn11PI') + s = vsize('P2n15Pl4Pn9Pn11PIP') + # COUNT_ALLOCS adds a further 3 Py_ssize_t and 2 pointers: + if hasattr(sys, 'getcounts'): + s += struct.calcsize('3P2P') check(int, s) # (PyTypeObject + PyNumberMethods + PyMappingMethods + # PySequenceMethods + PyBufferProcs + 4P) - s = vsize('P2n15Pl4Pn9Pn11PI') + struct.calcsize('34P 3P 10P 2P 4P') + s = vsize('P2n15Pl4Pn9Pn11PIP') + struct.calcsize('34P 3P 10P 2P 4P') # Separate block for PyDictKeysObject with 4 entries s += struct.calcsize("2nPn") + 4*struct.calcsize("n2P") + if hasattr(sys, 'getcounts'): diff --git a/00142-skip-failing-pty-tests-in-rpmbuild.patch b/00142-skip-failing-pty-tests-in-rpmbuild.patch deleted file mode 100644 index 414ffcd..0000000 --- a/00142-skip-failing-pty-tests-in-rpmbuild.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up Python-2.7.2/Lib/test/test_openpty.py.skip-failing-pty-tests-in-rpmbuild Python-2.7.2/Lib/test/test_openpty.py ---- Python-2.7.2/Lib/test/test_openpty.py.skip-failing-pty-tests-in-rpmbuild 2011-09-09 05:09:28.698920379 -0400 -+++ Python-2.7.2/Lib/test/test_openpty.py 2011-09-09 05:10:54.805914490 -0400 -@@ -8,6 +8,7 @@ if not hasattr(os, "openpty"): - - - class OpenptyTest(unittest.TestCase): -+ @unittest._skipInRpmBuild('sometimes fails in Koji, possibly due to a mock issue (rhbz#714627)') - def test(self): - master, slave = os.openpty() - if not os.isatty(slave): -diff -up Python-2.7.2/Lib/test/test_pty.py.skip-failing-pty-tests-in-rpmbuild Python-2.7.2/Lib/test/test_pty.py ---- Python-2.7.2/Lib/test/test_pty.py.skip-failing-pty-tests-in-rpmbuild 2011-09-09 05:09:36.781919825 -0400 -+++ Python-2.7.2/Lib/test/test_pty.py 2011-09-09 05:11:14.741913127 -0400 -@@ -109,6 +109,7 @@ class PtyTest(unittest.TestCase): - os.close(master_fd) - - -+ @unittest._skipInRpmBuild('sometimes fails in Koji, possibly due to a mock issue (rhbz#714627)') - def test_fork(self): - debug("calling pty.fork()") - pid, master_fd = pty.fork() diff --git a/00143-tsc-on-ppc.patch b/00143-tsc-on-ppc.patch index 447c6e3..7d3e876 100644 --- a/00143-tsc-on-ppc.patch +++ b/00143-tsc-on-ppc.patch @@ -31,7 +31,7 @@ diff -up Python-2.7.2/Python/ceval.c.tsc-on-ppc Python-2.7.2/Python/ceval.c -ppc_getcounter(uint64 *v) +ppc32_getcounter(uint64 *v) { -- register unsigned long tbu, tb, tbu2; +- unsigned long tbu, tb, tbu2; + union { long long ll; long ii[2]; } u; + long tmp; diff --git a/00146-hashlib-fips.patch b/00146-hashlib-fips.patch index f22d9bd..18b6a44 100644 --- a/00146-hashlib-fips.patch +++ b/00146-hashlib-fips.patch @@ -73,9 +73,9 @@ diff -up Python-3.2.2/Lib/hashlib.py.hashlib-fips Python-3.2.2/Lib/hashlib.py diff -up Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips Python-3.2.2/Lib/test/test_hashlib.py --- Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips 2011-09-03 12:16:43.000000000 -0400 +++ Python-3.2.2/Lib/test/test_hashlib.py 2011-09-14 01:45:48.462251974 -0400 -@@ -22,6 +22,19 @@ from test.support import _4G, precisionb - # Were we compiled --with-pydebug or with #define Py_DEBUG? - COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount') +@@ -22,6 +22,20 @@ from test.support import _4G, precisionb + c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib']) + py_hashlib = import_fresh_module('hashlib', blocked=['_hashlib']) +def openssl_enforces_fips(): + # Use the "openssl" command (if present) to try to determine if the local @@ -90,9 +90,10 @@ diff -up Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips Python-3.2.2/Lib/tes + stdout, stderr = p.communicate(input=b'abc') + return b'unknown cipher' in stderr +OPENSSL_ENFORCES_FIPS = openssl_enforces_fips() - ++ def hexstr(s): assert isinstance(s, bytes), repr(s) + h = "0123456789abcdef" @@ -31,6 +44,16 @@ def hexstr(s): r += h[(i >> 4) & 0xF] + h[i & 0xF] return r @@ -146,15 +147,15 @@ diff -up Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips Python-3.2.2/Lib/tes - self.constructors_to_test['sha384'].add(_sha512.sha384) - self.constructors_to_test['sha512'].add(_sha512.sha512) + constructors.add(suppress_fips(constructor)) - - super(HashLibTestCase, self).__init__(*args, **kwargs) - + _sha3 = self._conditional_import_module('_sha3') + if _sha3: + self.constructors_to_test['sha3_224'].add(_sha3.sha3_224) @@ -138,7 +146,7 @@ class HashLibTestCase(unittest.TestCase) def test_hexdigest(self): - for name in self.supported_hash_names: -- h = hashlib.new(name) -+ h = hashlib.new(name, usedforsecurity=False) + for cons in self.hash_constructors: +- h = cons() ++ h = cons(usedforsecurity=False) assert isinstance(h.digest(), bytes), name self.assertEqual(hexstr(h.digest()), h.hexdigest()) @@ -162,14 +163,14 @@ diff -up Python-3.2.2/Lib/test/test_hashlib.py.hashlib-fips Python-3.2.2/Lib/tes cees = b'c' * 126 for name in self.supported_hash_names: -- m1 = hashlib.new(name) -+ m1 = hashlib.new(name, usedforsecurity=False) +- m1 = cons() ++ m1 = cons(usedforsecurity=False) m1.update(aas) m1.update(bees) m1.update(cees) -- m2 = hashlib.new(name) -+ m2 = hashlib.new(name, usedforsecurity=False) +- m2 = cons() ++ m2 = cons(usedforsecurity=False) m2.update(aas + bees + cees) self.assertEqual(m1.digest(), m2.digest()) diff --git a/00153-fix-test_gdb-noise.patch b/00153-fix-test_gdb-noise.patch index 50a0917..87c9396 100644 --- a/00153-fix-test_gdb-noise.patch +++ b/00153-fix-test_gdb-noise.patch @@ -19,8 +19,8 @@ --- Lib/test/test_gdb.py.old 2012-04-11 21:04:01.367073855 -0400 +++ Lib/test/test_gdb.py 2012-04-12 08:52:58.320288761 -0400 @@ -144,6 +153,10 @@ - 'Do you need "set solib-search-path" or ' '"set sysroot"?', + 'warning: Source file is more recent than executable.', ) + ignore_patterns += ('warning: Unable to open', + 'Missing separate debuginfo for', diff --git a/00157-uid-gid-overflows.patch b/00157-uid-gid-overflows.patch index 0f48df5..bf82b60 100644 --- a/00157-uid-gid-overflows.patch +++ b/00157-uid-gid-overflows.patch @@ -4,35 +4,35 @@ diff -up Python-3.3.0b1/Lib/test/test_os.py.uid-gid-overflows Python-3.3.0b1/Lib @@ -1174,30 +1174,36 @@ if sys.platform != 'win32': def test_setuid(self): if os.getuid() != 0: - self.assertRaises(os.error, os.setuid, 0) + self.assertRaises(OSError, os.setuid, 0) + self.assertRaises(TypeError, os.setuid, 'not an int') self.assertRaises(OverflowError, os.setuid, 1<<32) if hasattr(os, 'setgid'): def test_setgid(self): if os.getuid() != 0 and not HAVE_WHEEL_GROUP: - self.assertRaises(os.error, os.setgid, 0) + self.assertRaises(OSError, os.setgid, 0) + self.assertRaises(TypeError, os.setgid, 'not an int') self.assertRaises(OverflowError, os.setgid, 1<<32) if hasattr(os, 'seteuid'): def test_seteuid(self): if os.getuid() != 0: - self.assertRaises(os.error, os.seteuid, 0) + self.assertRaises(OSError, os.seteuid, 0) + self.assertRaises(TypeError, os.seteuid, 'not an int') self.assertRaises(OverflowError, os.seteuid, 1<<32) if hasattr(os, 'setegid'): def test_setegid(self): if os.getuid() != 0 and not HAVE_WHEEL_GROUP: - self.assertRaises(os.error, os.setegid, 0) + self.assertRaises(OSError, os.setegid, 0) + self.assertRaises(TypeError, os.setegid, 'not an int') self.assertRaises(OverflowError, os.setegid, 1<<32) if hasattr(os, 'setreuid'): def test_setreuid(self): if os.getuid() != 0: - self.assertRaises(os.error, os.setreuid, 0, 0) + self.assertRaises(OSError, os.setreuid, 0, 0) + self.assertRaises(TypeError, os.setreuid, 'not an int', 0) + self.assertRaises(TypeError, os.setreuid, 0, 'not an int') self.assertRaises(OverflowError, os.setreuid, 1<<32, 0) @@ -41,7 +41,7 @@ diff -up Python-3.3.0b1/Lib/test/test_os.py.uid-gid-overflows Python-3.3.0b1/Lib @@ -1212,6 +1218,8 @@ if sys.platform != 'win32': def test_setregid(self): if os.getuid() != 0 and not HAVE_WHEEL_GROUP: - self.assertRaises(os.error, os.setregid, 0, 0) + self.assertRaises(OSError, os.setregid, 0, 0) + self.assertRaises(TypeError, os.setregid, 'not an int', 0) + self.assertRaises(TypeError, os.setregid, 0, 'not an int') self.assertRaises(OverflowError, os.setregid, 1<<32, 0) diff --git a/00173-workaround-ENOPROTOOPT-in-bind_port.patch b/00173-workaround-ENOPROTOOPT-in-bind_port.patch index a62c3a4..498322c 100644 --- a/00173-workaround-ENOPROTOOPT-in-bind_port.patch +++ b/00173-workaround-ENOPROTOOPT-in-bind_port.patch @@ -1,6 +1,6 @@ diff -up Python-3.3.0/Lib/test/support.py.rhbz913732 Python-3.3.0/Lib/test/support.py ---- Python-3.3.0/Lib/test/support.py.rhbz913732 2013-03-04 16:25:53.885258476 -0500 -+++ Python-3.3.0/Lib/test/support.py 2013-03-04 16:25:58.499258157 -0500 +--- Python-3.4.0a4/Lib/test/support/__init__.py.rhbz913732 2013-03-04 16:25:53.885258476 -0500 ++++ Python-3.4.0a4/Lib/test/support/__init__.py 2013-03-04 16:25:58.499258157 -0500 @@ -544,7 +544,8 @@ def bind_port(sock, host=HOST): if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR) == 1: raise TestFailed("tests should never set the SO_REUSEADDR " \ @@ -11,4 +11,3 @@ diff -up Python-3.3.0/Lib/test/support.py.rhbz913732 Python-3.3.0/Lib/test/suppo if sock.getsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT) == 1: raise TestFailed("tests should never set the SO_REUSEPORT " \ "socket option on TCP/IP sockets!") -diff -up Python-3.3.0/Lib/test/test_support.py.rhbz913732 Python-3.3.0/Lib/test/test_support.py diff --git a/00182-fix-test_gdb-test_threads.patch b/00182-fix-test_gdb-test_threads.patch deleted file mode 100644 index 41de5b2..0000000 --- a/00182-fix-test_gdb-test_threads.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up Python-3.3.1/Misc/NEWS.fix-test_gdb-test_threads Python-3.3.1/Misc/NEWS -diff -up Python-3.3.1/Tools/gdb/libpython.py.fix-test_gdb-test_threads Python-3.3.1/Tools/gdb/libpython.py ---- Python-3.3.1/Tools/gdb/libpython.py.fix-test_gdb-test_threads 2013-05-09 12:12:01.621592211 -0400 -+++ Python-3.3.1/Tools/gdb/libpython.py 2013-05-09 12:12:01.632592209 -0400 -@@ -1465,7 +1465,7 @@ class Frame(object): - # This assumes the _POSIX_THREADS version of Python/ceval_gil.h: - name = self._gdbframe.name() - if name: -- return name.startswith('pthread_cond_timedwait') -+ return 'pthread_cond_timedwait' in name - - def is_gc_collect(self): - '''Is this frame "collect" within the garbage-collector?''' diff --git a/00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch b/00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch deleted file mode 100644 index 888b43b..0000000 --- a/00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch +++ /dev/null @@ -1,49 +0,0 @@ -# HG changeset patch -# User Antoine Pitrou -# Date 1368892602 -7200 -# Node ID c627638753e2d25a98950585b259104a025937a9 -# Parent 9682241dc8fcb4b1aef083bd30860efa070c3d6d -Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). - -diff --git a/Lib/ssl.py b/Lib/ssl.py ---- a/Lib/ssl.py -+++ b/Lib/ssl.py -@@ -129,9 +129,16 @@ class CertificateError(ValueError): - pass - - --def _dnsname_to_pat(dn): -+def _dnsname_to_pat(dn, max_wildcards=1): - pats = [] - for frag in dn.split(r'.'): -+ if frag.count('*') > max_wildcards: -+ # Issue #17980: avoid denials of service by refusing more -+ # than one wildcard per fragment. A survery of established -+ # policy among SSL implementations showed it to be a -+ # reasonable choice. -+ raise CertificateError( -+ "too many wildcards in certificate DNS name: " + repr(dn)) - if frag == '*': - # When '*' is a fragment by itself, it matches a non-empty dotless - # fragment. -diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py ---- a/Lib/test/test_ssl.py -+++ b/Lib/test/test_ssl.py -@@ -349,6 +349,17 @@ class BasicSocketTests(unittest.TestCase - self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com') - self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com') - -+ # Issue #17980: avoid denials of service by refusing more than one -+ # wildcard per fragment. -+ cert = {'subject': ((('commonName', 'a*b.com'),),)} -+ ok(cert, 'axxb.com') -+ cert = {'subject': ((('commonName', 'a*b.co*'),),)} -+ ok(cert, 'axxb.com') -+ cert = {'subject': ((('commonName', 'a*b*.com'),),)} -+ with self.assertRaises(ssl.CertificateError) as cm: -+ ssl.match_hostname(cert, 'axxbxxc.com') -+ self.assertIn("too many wildcards", str(cm.exception)) -+ - def test_server_side(self): - # server_hostname doesn't work for server sockets - ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) diff --git a/00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch b/00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch deleted file mode 100644 index 41db4d2..0000000 --- a/00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch +++ /dev/null @@ -1,241 +0,0 @@ -diff -r e0f86c3b3685 Lib/test/nullbytecert.pem ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/Lib/test/nullbytecert.pem Sun Aug 11 18:17:23 2013 +0200 -@@ -0,0 +1,90 @@ -+Certificate: -+ Data: -+ Version: 3 (0x2) -+ Serial Number: 0 (0x0) -+ Signature Algorithm: sha1WithRSAEncryption -+ Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org -+ Validity -+ Not Before: Aug 7 13:11:52 2013 GMT -+ Not After : Aug 7 13:12:52 2013 GMT -+ Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org -+ Subject Public Key Info: -+ Public Key Algorithm: rsaEncryption -+ Public-Key: (2048 bit) -+ Modulus: -+ 00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3: -+ 03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97: -+ 16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2: -+ 88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1: -+ 32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4: -+ 56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8: -+ a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02: -+ 45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75: -+ ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91: -+ 90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d: -+ 7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30: -+ 68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7: -+ f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12: -+ f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5: -+ ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb: -+ d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f: -+ 9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da: -+ 2f:85 -+ Exponent: 65537 (0x10001) -+ X509v3 extensions: -+ X509v3 Basic Constraints: critical -+ CA:FALSE -+ X509v3 Subject Key Identifier: -+ 88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C -+ X509v3 Key Usage: -+ Digital Signature, Non Repudiation, Key Encipherment -+ X509v3 Subject Alternative Name: -+ ************************************************************* -+ WARNING: The values for DNS, email and URI are WRONG. OpenSSL -+ doesn't print the text after a NULL byte. -+ ************************************************************* -+ DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1 -+ Signature Algorithm: sha1WithRSAEncryption -+ ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5: -+ a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44: -+ 3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37: -+ 86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3: -+ 56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86: -+ de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac: -+ 3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4: -+ 60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60: -+ d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5: -+ 25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60: -+ 1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6: -+ 4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d: -+ 0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e: -+ 5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6: -+ c1:ca:a9:94 -+-----BEGIN CERTIFICATE----- -+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx -+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ -+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg -+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y -+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw -+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI -+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv -+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt -+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq -+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j -+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P -+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv -+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA -+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL -+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV -+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E -+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu -+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 -+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA -+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 -+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j -+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk -+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx -+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW -+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= -+-----END CERTIFICATE----- -diff -r e0f86c3b3685 Lib/test/test_ssl.py ---- a/Lib/test/test_ssl.py Sun Aug 11 13:04:50 2013 +0300 -+++ b/Lib/test/test_ssl.py Sun Aug 11 18:17:23 2013 +0200 -@@ -55,6 +55,7 @@ - WRONGCERT = data_file("XXXnonexisting.pem") - BADKEY = data_file("badkey.pem") - NOKIACERT = data_file("nokia.pem") -+NULLBYTECERT = data_file("nullbytecert.pem") - - DHFILE = data_file("dh512.pem") - BYTES_DHFILE = os.fsencode(DHFILE) -@@ -162,6 +163,27 @@ - ('DNS', 'projects.forum.nokia.com')) - ) - -+ def test_parse_cert_CVE_2013_4073(self): -+ p = ssl._ssl._test_decode_cert(NULLBYTECERT) -+ if support.verbose: -+ sys.stdout.write("\n" + pprint.pformat(p) + "\n") -+ subject = ((('countryName', 'US'),), -+ (('stateOrProvinceName', 'Oregon'),), -+ (('localityName', 'Beaverton'),), -+ (('organizationName', 'Python Software Foundation'),), -+ (('organizationalUnitName', 'Python Core Development'),), -+ (('commonName', 'null.python.org\x00example.org'),), -+ (('emailAddress', 'python-dev@python.org'),)) -+ self.assertEqual(p['subject'], subject) -+ self.assertEqual(p['issuer'], subject) -+ self.assertEqual(p['subjectAltName'], -+ (('DNS', 'altnull.python.org\x00example.com'), -+ ('email', 'null@python.org\x00user@example.org'), -+ ('URI', 'http://null.python.org\x00http://example.org'), -+ ('IP Address', '192.0.2.1'), -+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n')) -+ ) -+ - def test_DER_to_PEM(self): - with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f: - pem = f.read() -@@ -294,6 +316,13 @@ - fail(cert, 'foo.a.com') - fail(cert, 'bar.foo.com') - -+ # NULL bytes are bad, CVE-2013-4073 -+ cert = {'subject': ((('commonName', -+ 'null.python.org\x00example.org'),),)} -+ ok(cert, 'null.python.org\x00example.org') # or raise an error? -+ fail(cert, 'example.org') -+ fail(cert, 'null.python.org') -+ - # Slightly fake real-world example - cert = {'notAfter': 'Jun 26 21:41:46 2011 GMT', - 'subject': ((('commonName', 'linuxfrz.org'),),), -diff -r e0f86c3b3685 Modules/_ssl.c ---- a/Modules/_ssl.c Sun Aug 11 13:04:50 2013 +0300 -+++ b/Modules/_ssl.c Sun Aug 11 18:17:23 2013 +0200 -@@ -771,12 +771,14 @@ - ext->value->length)); - - for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { -- - /* get a rendering of each name in the set of names */ -+ int gntype; -+ ASN1_STRING *as = NULL; - - name = sk_GENERAL_NAME_value(names, j); -- if (name->type == GEN_DIRNAME) { -- -+ gntype = name-> type; -+ switch (gntype) { -+ case GEN_DIRNAME: - /* we special-case DirName as a tuple of - tuples of attributes */ - -@@ -798,11 +800,62 @@ - goto fail; - } - PyTuple_SET_ITEM(t, 1, v); -+ break; - -- } else { -+ case GEN_EMAIL: -+ case GEN_DNS: -+ case GEN_URI: -+ /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string -+ correctly. */ -+ t = PyTuple_New(2); -+ if (t == NULL) -+ goto fail; -+ switch (gntype) { -+ case GEN_EMAIL: -+ v = PyUnicode_FromString("email"); -+ as = name->d.rfc822Name; -+ break; -+ case GEN_DNS: -+ v = PyUnicode_FromString("DNS"); -+ as = name->d.dNSName; -+ break; -+ case GEN_URI: -+ v = PyUnicode_FromString("URI"); -+ as = name->d.uniformResourceIdentifier; -+ break; -+ } -+ if (v == NULL) { -+ Py_DECREF(t); -+ goto fail; -+ } -+ PyTuple_SET_ITEM(t, 0, v); -+ v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ if (v == NULL) { -+ Py_DECREF(t); -+ goto fail; -+ } -+ PyTuple_SET_ITEM(t, 1, v); -+ break; - -+ default: - /* for everything else, we use the OpenSSL print form */ -- -+ switch (gntype) { -+ /* check for new general name type */ -+ case GEN_OTHERNAME: -+ case GEN_X400: -+ case GEN_EDIPARTY: -+ case GEN_IPADD: -+ case GEN_RID: -+ break; -+ default: -+ if (PyErr_WarnFormat(PyExc_RuntimeWarning, 1, -+ "Unknown general name type %d", -+ gntype) == -1) { -+ goto fail; -+ } -+ break; -+ } - (void) BIO_reset(biobuf); - GENERAL_NAME_print(biobuf, name); - len = BIO_gets(biobuf, buf, sizeof(buf)-1); -@@ -829,6 +882,7 @@ - goto fail; - } - PyTuple_SET_ITEM(t, 1, v); -+ break; - } - - /* and add that rendering to the list */ diff --git a/00186-dont-raise-from-py_compile.patch b/00186-dont-raise-from-py_compile.patch index 1e7fb06..25c4a9d 100644 --- a/00186-dont-raise-from-py_compile.patch +++ b/00186-dont-raise-from-py_compile.patch @@ -1,30 +1,3 @@ -diff -r 7fa3e824a4ee Lib/py_compile.py ---- a/Lib/py_compile.py Tue Oct 29 22:25:06 2013 -0400 -+++ b/Lib/py_compile.py Wed Oct 30 11:08:31 2013 +0100 -@@ -108,15 +108,15 @@ - byte-compile all installed files (or all files in selected - directories). - """ -- with tokenize.open(file) as f: -- try: -- st = os.fstat(f.fileno()) -- except AttributeError: -- st = os.stat(file) -- timestamp = int(st.st_mtime) -- size = st.st_size & 0xFFFFFFFF -- codestring = f.read() - try: -+ with tokenize.open(file) as f: -+ try: -+ st = os.fstat(f.fileno()) -+ except AttributeError: -+ st = os.stat(file) -+ timestamp = int(st.st_mtime) -+ size = st.st_size & 0xFFFFFFFF -+ codestring = f.read() - codeobject = builtins.compile(codestring, dfile or file, 'exec', - optimize=optimize) - except Exception as err: diff -r 7fa3e824a4ee Lib/test/test_py_compile.py --- a/Lib/test/test_py_compile.py Tue Oct 29 22:25:06 2013 -0400 +++ b/Lib/test/test_py_compile.py Wed Oct 30 11:08:31 2013 +0100 @@ -36,6 +9,6 @@ diff -r 7fa3e824a4ee Lib/test/test_py_compile.py + bad_coding = os.path.join(os.path.dirname(__file__), 'bad_coding2.py') + self.assertIsNone(py_compile.compile(bad_coding, doraise=False)) + - def test_main(): - support.run_unittest(PyCompileTests) - + def test_relative_path(self): + py_compile.compile(os.path.relpath(self.source_path), + os.path.relpath(self.pyc_path)) diff --git a/00187-remove-pthread-atfork.patch b/00187-remove-pthread-atfork.patch new file mode 100644 index 0000000..04af52d --- /dev/null +++ b/00187-remove-pthread-atfork.patch @@ -0,0 +1,89 @@ +diff -r 6fdbb81b4020 -r 705f2addd0f0 Modules/_ssl.c +--- a/Modules/_ssl.c Tue Oct 29 12:14:55 2013 +0100 ++++ b/Modules/_ssl.c Tue Oct 29 21:11:55 2013 +0100 +@@ -19,9 +19,6 @@ + #ifdef WITH_THREAD + #include "pythread.h" + +-#ifdef HAVE_PTHREAD_ATFORK +-# include +-#endif + + #define PySSL_BEGIN_ALLOW_THREADS_S(save) \ + do { if (_ssl_locks_count>0) { (save) = PyEval_SaveThread(); } } while (0) +@@ -2950,64 +2947,6 @@ + Returns number of bytes read. Raises SSLError if connection to EGD\n\ + fails or if it does not provide enough data to seed PRNG."); + +-/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747 +- * +- * The parent handler seeds the PRNG from pseudo-random data like pid, the +- * current time (miliseconds or seconds) and an uninitialized array. +- * The array contains stack variables that are impossible to predict +- * on most systems, e.g. function return address (subject to ASLR), the +- * stack protection canary and automatic variables. +- * The code is inspired by Apache's ssl_rand_seed() function. +- * +- * Note: +- * The code uses pthread_atfork() until Python has a proper atfork API. The +- * handlers are not removed from the child process. A parent handler is used +- * instead of a child handler because fork() is supposed to be async-signal +- * safe but the handler calls unsafe functions. +- */ +- +-#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD) +-#define PYSSL_RAND_ATFORK 1 +- +-static void +-PySSL_RAND_atfork_parent(void) +-{ +- struct { +- char stack[128]; /* uninitialized (!) stack data, 128 is an +- arbitrary number. */ +- pid_t pid; /* current pid */ +- _PyTime_timeval tp; /* current time */ +- } seed; +- +-#ifdef WITH_VALGRIND +- VALGRIND_MAKE_MEM_DEFINED(seed.stack, sizeof(seed.stack)); +-#endif +- seed.pid = getpid(); +- _PyTime_gettimeofday(&(seed.tp)); +- RAND_add((unsigned char *)&seed, sizeof(seed), 0.0); +-} +- +-static int +-PySSL_RAND_atfork(void) +-{ +- static int registered = 0; +- int retval; +- +- if (registered) +- return 0; +- +- retval = pthread_atfork(NULL, /* prepare */ +- PySSL_RAND_atfork_parent, /* parent */ +- NULL); /* child */ +- if (retval != 0) { +- PyErr_SetFromErrno(PyExc_OSError); +- return -1; +- } +- registered = 1; +- return 0; +-} +-#endif /* HAVE_PTHREAD_ATFORK */ +- + #endif /* HAVE_OPENSSL_RAND */ + + +@@ -3623,10 +3561,5 @@ + if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r)) + return NULL; + +-#ifdef PYSSL_RAND_ATFORK +- if (PySSL_RAND_atfork() == -1) +- return NULL; +-#endif +- + return m; + } diff --git a/check-pyc-and-pyo-timestamps.py b/check-pyc-and-pyo-timestamps.py index bcd5baf..5fd11cc 100644 --- a/check-pyc-and-pyo-timestamps.py +++ b/check-pyc-and-pyo-timestamps.py @@ -16,10 +16,12 @@ not_compiled = [ 'test/badsyntax_future7.py', 'test/badsyntax_future8.py', 'test/badsyntax_future9.py', + 'test/badsyntax_future10.py', 'test/badsyntax_pep3120.py', 'lib2to3/tests/data/bom.py', 'lib2to3/tests/data/crlf.py', 'lib2to3/tests/data/different_encoding.py', + 'lib2to3/tests/data/false_encoding.py', 'lib2to3/tests/data/py2_test_grammar.py', '.debug-gdb.py', ] diff --git a/python-3.2.1-fix-test-subprocess-with-nonreadable-path-dir.patch b/python-3.2.1-fix-test-subprocess-with-nonreadable-path-dir.patch deleted file mode 100644 index 6f43c72..0000000 --- a/python-3.2.1-fix-test-subprocess-with-nonreadable-path-dir.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up Python-3.2.1/Lib/test/test_subprocess.py.non-readable-path Python-3.2.1/Lib/test/test_subprocess.py ---- Python-3.2.1/Lib/test/test_subprocess.py.non-readable-path 2011-07-09 02:58:51.000000000 -0400 -+++ Python-3.2.1/Lib/test/test_subprocess.py 2011-07-11 11:34:16.284426005 -0400 -@@ -618,7 +618,7 @@ class ProcessTestCase(BaseTestCase): - for i in range(1024): - # Windows raises IOError. Others raise OSError. - with self.assertRaises(EnvironmentError) as c: -- subprocess.Popen(['nonexisting_i_hope'], -+ subprocess.Popen(['/usr/bin/nonexisting_i_hope'], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - # ignore errors that indicate the command was not found diff --git a/python-3.3.0b1-lib64.patch b/python-3.3.0b1-lib64.patch index 5ae03aa..afbdc6c 100644 --- a/python-3.3.0b1-lib64.patch +++ b/python-3.3.0b1-lib64.patch @@ -39,9 +39,9 @@ diff -up cpython-59223da36dec/Lib/site.py.lib64 cpython-59223da36dec/Lib/site.py --- cpython-59223da36dec/Lib/site.py.lib64 2012-08-07 06:10:57.000000000 -0400 +++ cpython-59223da36dec/Lib/site.py 2012-08-07 16:41:00.573477549 -0400 @@ -303,12 +303,16 @@ def getsitepackages(prefixes=None): - if sys.platform in ('os2emx', 'riscos'): - sitepackages.append(os.path.join(prefix, "Lib", "site-packages")) - elif os.sep == '/': + seen.add(prefix) + + if os.sep == '/': + sitepackages.append(os.path.join(prefix, "lib64", + "python" + sys.version[:3], + "site-packages")) diff --git a/python3.spec b/python3.spec index f445372..71fa457 100644 --- a/python3.spec +++ b/python3.spec @@ -2,10 +2,13 @@ # Conditionals and other variables controlling the build # ====================================================== -%global pybasever 3.3 +%global pybasever 3.4 # pybasever without the dot: -%global pyshortver 33 +%global pyshortver 34 + +# prereleasetag +%global prerel a4 %global pylibdir %{_libdir}/python%{pybasever} %global dynload_dir %{pylibdir}/lib-dynload @@ -35,9 +38,9 @@ # For example, # foo/bar.py # now has bytecode at: -# foo/__pycache__/bar.cpython-33.pyc -# foo/__pycache__/bar.cpython-33.pyo -%global bytecode_suffixes .cpython-33.py? +# foo/__pycache__/bar.cpython-34.pyc +# foo/__pycache__/bar.cpython-34.pyo +%global bytecode_suffixes .cpython-34.py? # Python's configure script defines SOVERSION, and this is used in the Makefile # to determine INSTSONAME, the name of the libpython DSO: @@ -125,8 +128,8 @@ # ================== Summary: Version 3 of the Python programming language aka Python 3000 Name: python3 -Version: %{pybasever}.2 -Release: 7%{?dist} +Version: %{pybasever}.0 +Release: %{?prerel:0.}1%{?prerel:.%{prerel}}%{?dist} License: Python Group: Development/Languages @@ -187,7 +190,7 @@ BuildRequires: zlib-devel # Source code and patches # ======================= -Source: http://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz +Source: http://www.python.org/ftp/python/%{version}/Python-%{version}%{?prerel}.tar.xz # Avoid having various bogus auto-generated Provides lines for the various # python c modules' SONAMEs: @@ -276,17 +279,6 @@ Patch114: 00114-statvfs-f_flag-constants.patch # Not yet sent upstream Patch125: 00125-less-verbose-COUNT_ALLOCS.patch -# In my koji builds, /root/bin is in the PATH for some reason -# This leads to test_subprocess.py failing, due to "test_leaking_fds_on_error" -# trying every dir in PATH for "nonexisting_i_hope", which leads to it raising -# OSError: [Errno 13] Permission denied -# when it tries to read /root/bin, rather than raising "No such file" -# -# Work around this by specifying an absolute path for the non-existant -# executable -# Not yet sent upstream -Patch129: python-3.2.1-fix-test-subprocess-with-nonreadable-path-dir.patch - # 00130 # # Python 2's: # Patch130: python-2.7.2-add-extension-suffix-to-python-config.patch @@ -357,10 +349,6 @@ Patch140: python3-arm-skip-failing-fragile-test.patch # Not yet sent upstream Patch141: 00141-fix-test_gc_with_COUNT_ALLOCS.patch -# 00142 # -# Some pty tests fail when run in mock (rhbz#714627): -Patch142: 00142-skip-failing-pty-tests-in-rpmbuild.patch - # 00143 # # Fix the --with-tsc option on ppc64, and rework it on 32-bit ppc to avoid # aliasing violations (rhbz#698726) @@ -393,7 +381,8 @@ Patch143: 00143-tsc-on-ppc.patch # - don't build the _md5 and _sha* modules; rely on the _hashlib implementation # of hashlib # (rhbz#563986) -Patch146: 00146-hashlib-fips.patch +# TODO: figure out how to update properly for sha3 +# Patch146: 00146-hashlib-fips.patch # 00147 # # Add a sys._debugmallocstats() function @@ -595,10 +584,8 @@ Patch180: 00180-python-add-support-for-ppc64p7.patch # Patch182: 00182-fix-test_gdb-test_threads.patch # 00183 # -# Upstream fix for CVE-2013-2099 (ssl.match_hostname DOS) -# http://bugs.python.org/issue17980 -# http://hg.python.org/cpython/rev/c627638753e2 -Patch183: 00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch +# Fixed upstream as of Python 3.4.0a4 +# Patch183: 00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch # 00184 # # Fix for https://bugzilla.redhat.com/show_bug.cgi?id=979696 @@ -609,20 +596,22 @@ Patch183: 00183-cve-2013-2099-fix-ssl-match_hostname-dos.patch Patch184: 00184-ctypes-should-build-with-libffi-multilib-wrapper.patch # 00185 # -# Fix for CVE-2013-4238 -- -# SSL module fails to handle NULL bytes inside subjectAltNames general names -# http://bugs.python.org/issue18709 -# rhbz#996399 -Patch185: 00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch +# Fixed upstream as of Python 3.4.0a4 +# Patch185: 00185-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch # 00186 # # Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023607 -# Fixes the problem of some *.py files not being bytecompiled properly -# during build. This was result of py_compile.compile raising exception -# when trying to convert test file with bad encoding, and thus not -# continuing bytecompilation for other files. +# Previously, this fixed a problem where some *.py files were not being +# bytecompiled properly during build. This was result of py_compile.compile +# raising exception when trying to convert test file with bad encoding, and +# thus not continuing bytecompilation for other files. +# This was fixed upstream, but the test hasn't been merged yet, so we keep it Patch186: 00186-dont-raise-from-py_compile.patch +# 00187 # +# Temporarily add this upstream patch, should be in next upstream release +Patch187: 00187-remove-pthread-atfork.patch + # (New patches go here ^^^) # @@ -762,7 +751,7 @@ can load its own extensions. # ====================================================== %prep -%setup -q -n Python-%{version} +%setup -q -n Python-%{version}%{?prerel} chmod +x %{SOURCE1} %if 0%{?with_systemtap} @@ -789,6 +778,7 @@ rm -r Modules/zlib || exit 1 # # For example, in our builds hashlib.md5 is implemented within _hashlib via # OpenSSL (and thus respects FIPS mode), and does not fall back to _md5 +# TODO: there seems to be no OpenSSL support in Python for sha3, investigate for f in md5module.c sha1module.c sha256module.c sha512module.c; do rm Modules/$f done @@ -816,8 +806,6 @@ done %patch125 -p1 -b .less-verbose-COUNT_ALLOCS -%patch129 -p1 - %ifarch ppc %{power64} %patch131 -p1 %endif @@ -835,11 +823,10 @@ done %endif # 00140: not for python3 %patch141 -p1 -%patch142 -p1 %patch143 -p1 -b .tsc-on-ppc # 00144: not for python3 # 00145: not for python3 -%patch146 -p1 +#patch146 -p1 # 00147: upstream as of Python 3.3.0 # 00148: upstream as of Python 3.2.3 # 00149: upstream as of Python 3.2.3 @@ -880,10 +867,11 @@ done %patch180 -p1 # 00181: not for python3 # 00182: upstream as of Python 3.3.2 -%patch183 -p1 -%patch184 -p1 -%patch185 -p1 +# 00183 upstream as of Python 3.4.0a4 +%patch184 -p1 +# 00185 upstream as of Python 3.4.0a4 %patch186 -p1 +%patch187 -p1 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there # are many differences between 2.6 and the Python 3 library. @@ -982,7 +970,8 @@ BuildPython() { # missing symbol AnnotateRWLockDestroy # # Invoke the build: - make EXTRA_CFLAGS="$CFLAGS" %{?_smp_mflags} + # TODO: it seems that 3.4.0a4 fails without -J1, have to figure out why + make EXTRA_CFLAGS="$CFLAGS -J1" %{?_smp_mflags} popd echo FINISHED: BUILD OF PYTHON FOR CONFIGURATION: $ConfDir @@ -1732,6 +1721,20 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Mon Nov 04 2013 Bohuslav Kabrda - 3.4.0-0.1.a4 +- Update to Python 3.4 alpha 4. +- Refreshed patches: 55 (systemtap), 102 (lib64), 111 (no static lib), +114 (statvfs flags), 132 (unittest rpmbuild hooks), 134 (fix COUNT_ALLOCS in +test_sys), 143 (tsc on ppc64), 146 (hashlib fips), 153 (test gdb noise), +157 (UID+GID overflows), 173 (ENOPROTOOPT in bind_port), 186 (dont raise +from py_compile) +- Removed patches: 129 (test_subprocess nonreadable dir - no longer fails in +Koji), 142 (the mock issue that caused this is fixed) +- Added patch 187 (remove thread atfork) - will be in next version +- Refreshed script for checking pyc and pyo timestamps with new ignored files. +- The fips patch is disabled for now until upstream makes a final decision +what to do with sha3 implementation for 3.4.0. + * Wed Oct 30 2013 Bohuslav Kabrda - 3.3.2-7 - Bytecompile all *.py files properly during build (rhbz#1023607)