diff --git a/00102-lib64.patch b/00102-lib64.patch index be67b9b..35a442e 100644 --- a/00102-lib64.patch +++ b/00102-lib64.patch @@ -1,6 +1,8 @@ ---- Python-3.4.0b1/Lib/distutils/command/install.py.lib64 2013-11-24 21:36:54.000000000 +0100 -+++ Python-3.4.0b1/Lib/distutils/command/install.py 2013-11-27 11:10:43.821150774 +0100 -@@ -45,14 +45,14 @@ else: +diff --git a/Lib/distutils/command/install.py b/Lib/distutils/command/install.py +index 67db007..b16fe0f 100644 +--- a/Lib/distutils/command/install.py ++++ b/Lib/distutils/command/install.py +@@ -30,14 +30,14 @@ WINDOWS_SCHEME = { INSTALL_SCHEMES = { 'unix_prefix': { 'purelib': '$base/lib/python$py_version_short/site-packages', @@ -17,9 +19,11 @@ 'headers': '$base/include/python/$dist_name', 'scripts': '$base/bin', 'data' : '$base', ---- Python-3.4.0b1/Lib/distutils/sysconfig.py.lib64 2013-11-24 21:36:54.000000000 +0100 -+++ Python-3.4.0b1/Lib/distutils/sysconfig.py 2013-11-27 11:10:43.821150774 +0100 -@@ -141,8 +141,12 @@ +diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py +index e5c493d..a4846eb 100644 +--- a/Lib/distutils/sysconfig.py ++++ b/Lib/distutils/sysconfig.py +@@ -132,8 +132,12 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None): prefix = plat_specific and EXEC_PREFIX or PREFIX if os.name == "posix": @@ -33,9 +37,11 @@ if standard_lib: return libpython else: ---- Python-3.4.0b1/Lib/site.py.lib64 2013-11-24 21:36:54.000000000 +0100 -+++ Python-3.4.0b1/Lib/site.py 2013-11-27 11:10:43.822150773 +0100 -@@ -304,11 +304,15 @@ +diff --git a/Lib/site.py b/Lib/site.py +index 3f78ef5..ad1033e 100644 +--- a/Lib/site.py ++++ b/Lib/site.py +@@ -303,11 +303,15 @@ def getsitepackages(prefixes=None): seen.add(prefix) if os.sep == '/': @@ -51,9 +57,11 @@ sitepackages.append(os.path.join(prefix, "lib", "site-packages")) if sys.platform == "darwin": # for framework builds *only* we add the standard Apple ---- Python-3.4.0b1/Lib/sysconfig.py.lib64 2013-11-24 21:36:54.000000000 +0100 -+++ Python-3.4.0b1/Lib/sysconfig.py 2013-11-27 11:10:43.822150773 +0100 -@@ -20,10 +20,10 @@ +diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py +index 61451b2..b021cce 100644 +--- a/Lib/sysconfig.py ++++ b/Lib/sysconfig.py +@@ -20,10 +20,10 @@ __all__ = [ _INSTALL_SCHEMES = { 'posix_prefix': { @@ -67,7 +75,7 @@ 'include': '{installed_base}/include/python{py_version_short}{abiflags}', 'platinclude': -@@ -61,10 +61,10 @@ +@@ -61,10 +61,10 @@ _INSTALL_SCHEMES = { 'data': '{userbase}', }, 'posix_user': { @@ -81,9 +89,11 @@ 'include': '{userbase}/include/python{py_version_short}', 'scripts': '{userbase}/bin', 'data': '{userbase}', ---- Python-3.4.0b1/Lib/test/test_site.py.lib64 2013-11-24 21:36:55.000000000 +0100 -+++ Python-3.4.0b1/Lib/test/test_site.py 2013-11-27 11:10:43.822150773 +0100 -@@ -244,8 +244,8 @@ +diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py +index da20a3d..f38ce06 100644 +--- a/Lib/test/test_site.py ++++ b/Lib/test/test_site.py +@@ -248,8 +248,8 @@ class HelperFunctionsTests(unittest.TestCase): self.assertEqual(dirs[1], wanted) elif os.sep == '/': # OS X non-framwework builds, Linux, FreeBSD, etc @@ -94,9 +104,11 @@ 'site-packages') self.assertEqual(dirs[0], wanted) else: ---- Python-3.4.0b1/Makefile.pre.in.lib64 2013-11-27 11:10:43.814150786 +0100 -+++ Python-3.4.0b1/Makefile.pre.in 2013-11-27 11:10:43.823150771 +0100 -@@ -115,7 +115,7 @@ +diff --git a/Makefile.pre.in b/Makefile.pre.in +index 58d4258..e8364f0 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -125,7 +125,7 @@ LIBDIR= @libdir@ MANDIR= @mandir@ INCLUDEDIR= @includedir@ CONFINCLUDEDIR= $(exec_prefix)/include @@ -105,20 +117,11 @@ ABIFLAGS= @ABIFLAGS@ # Detailed destination directories ---- Python-3.4.0b1/Modules/getpath.c.lib64 2013-11-24 21:36:56.000000000 +0100 -+++ Python-3.4.0b1/Modules/getpath.c 2013-11-27 11:17:33.619449704 +0100 -@@ -122,8 +122,8 @@ - #endif - - #ifndef PYTHONPATH --#define PYTHONPATH PREFIX "/lib/python" VERSION ":" \ -- EXEC_PREFIX "/lib/python" VERSION "/lib-dynload" -+#define PYTHONPATH PREFIX "/lib64/python" VERSION ":" \ -+ EXEC_PREFIX "/lib64/python" VERSION "/lib-dynload" - #endif - - #ifndef LANDMARK -@@ -498,7 +498,7 @@ +diff --git a/Modules/getpath.c b/Modules/getpath.c +index 18deb60..27ca814 100644 +--- a/Modules/getpath.c ++++ b/Modules/getpath.c +@@ -494,7 +494,7 @@ calculate_path(void) _pythonpath = Py_DecodeLocale(PYTHONPATH, NULL); _prefix = Py_DecodeLocale(PREFIX, NULL); _exec_prefix = Py_DecodeLocale(EXEC_PREFIX, NULL); @@ -127,7 +130,7 @@ if (!_pythonpath || !_prefix || !_exec_prefix || !lib_python) { Py_FatalError( -@@ -687,7 +687,7 @@ +@@ -683,7 +683,7 @@ calculate_path(void) } else wcsncpy(zip_path, _prefix, MAXPATHLEN); @@ -136,7 +139,7 @@ bufsz = wcslen(zip_path); /* Replace "00" with version */ zip_path[bufsz - 6] = VERSION[0]; zip_path[bufsz - 5] = VERSION[2]; -@@ -699,7 +699,7 @@ +@@ -695,7 +695,7 @@ calculate_path(void) fprintf(stderr, "Could not find platform dependent libraries \n"); wcsncpy(exec_prefix, _exec_prefix, MAXPATHLEN); @@ -145,9 +148,11 @@ } /* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */ ---- Python-3.4.0b1/setup.py.lib64 2013-11-24 21:36:56.000000000 +0100 -+++ Python-3.4.0b1/setup.py 2013-11-27 11:10:43.824150769 +0100 -@@ -441,7 +441,7 @@ +diff --git a/setup.py b/setup.py +index be33c46..f2779cc 100644 +--- a/setup.py ++++ b/setup.py +@@ -492,7 +492,7 @@ class PyBuildExt(build_ext): # directories (i.e. '.' and 'Include') must be first. See issue # 10520. if not cross_compiling: @@ -156,7 +161,7 @@ add_dir_to_list(self.compiler.include_dirs, '/usr/local/include') # only change this for cross builds for 3.3, issues on Mageia if cross_compiling: -@@ -718,11 +718,11 @@ +@@ -780,11 +780,11 @@ class PyBuildExt(build_ext): elif curses_library: readline_libs.append(curses_library) elif self.compiler.find_library_file(lib_dirs + @@ -170,7 +175,7 @@ extra_link_args=readline_extra_link_args, libraries=readline_libs) ) else: -@@ -759,8 +759,8 @@ +@@ -821,8 +821,8 @@ class PyBuildExt(build_ext): if krb5_h: ssl_incs += krb5_h ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs, diff --git a/00146-hashlib-fips.patch b/00146-hashlib-fips.patch index 3d92c34..e0cdce0 100644 --- a/00146-hashlib-fips.patch +++ b/00146-hashlib-fips.patch @@ -1,6 +1,8 @@ ---- Python-3.4.0b1/Lib/hashlib.py.hashlib-fips 2013-11-24 21:36:54.000000000 +0100 -+++ Python-3.4.0b1/Lib/hashlib.py 2013-11-27 11:45:17.073617547 +0100 -@@ -23,6 +23,16 @@ +diff --git a/Lib/hashlib.py b/Lib/hashlib.py +index 316cece..b7ad879 100644 +--- a/Lib/hashlib.py ++++ b/Lib/hashlib.py +@@ -23,6 +23,16 @@ the zlib module. Choose your hash function wisely. Some have known collision weaknesses. sha384 and sha512 will be slow on 32 bit platforms. @@ -17,7 +19,7 @@ Hash objects have these methods: - update(arg): Update the hash object with the bytes in arg. Repeated calls are equivalent to a single call with the concatenation of all -@@ -63,6 +73,19 @@ +@@ -62,6 +72,18 @@ algorithms_available = set(__always_supported) __all__ = __always_supported + ('new', 'algorithms_guaranteed', 'algorithms_available', 'pbkdf2_hmac') @@ -33,11 +35,10 @@ + kwargs.pop('usedforsecurity') + return func(*args, **kwargs) + return inner -+ __builtin_constructor_cache = {} -@@ -108,34 +131,41 @@ +@@ -100,31 +122,39 @@ def __get_openssl_constructor(name): f = getattr(_hashlib, 'openssl_' + name) # Allow the C module to raise ValueError. The function will be # defined but the hash not actually available thanks to OpenSSL. @@ -88,11 +89,8 @@ + # because we want to make sure that Fedora uses everything from OpenSSL return __get_builtin_constructor(name)(data) -- - try: - import _hashlib - new = __hash_new -@@ -215,7 +245,10 @@ + +@@ -207,7 +237,10 @@ for __func_name in __always_supported: # try them all, some may not work due to the OpenSSL # version not supporting that algorithm. try: @@ -104,14 +102,17 @@ except ValueError: import logging logging.exception('code for hash %s was not found.', __func_name) -@@ -223,3 +256,4 @@ +@@ -215,3 +248,4 @@ for __func_name in __always_supported: # Cleanup locals() del __always_supported, __func_name, __get_hash del __py_new, __hash_new, __get_openssl_constructor +del __ignore_usedforsecurity ---- Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-27 11:55:42.769601363 +0100 -+++ Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-28 09:33:03.929008508 +0100 -@@ -24,7 +24,22 @@ +\ No newline at end of file +diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py +index c9b113e..60e2392 100644 +--- a/Lib/test/test_hashlib.py ++++ b/Lib/test/test_hashlib.py +@@ -24,7 +24,22 @@ from test.support import _4G, bigmemtest, import_fresh_module COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount') c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib']) @@ -135,7 +136,7 @@ def hexstr(s): assert isinstance(s, bytes), repr(s) -@@ -34,6 +49,16 @@ +@@ -34,6 +49,16 @@ def hexstr(s): r += h[(i >> 4) & 0xF] + h[i & 0xF] return r @@ -152,7 +153,7 @@ class HashLibTestCase(unittest.TestCase): supported_hash_names = ( 'md5', 'MD5', 'sha1', 'SHA1', -@@ -66,11 +91,11 @@ +@@ -63,11 +88,11 @@ class HashLibTestCase(unittest.TestCase): # For each algorithm, test the direct constructor and the use # of hashlib.new given the algorithm name. for algorithm, constructors in self.constructors_to_test.items(): @@ -167,7 +168,7 @@ constructors.add(_test_algorithm_via_hashlib_new) _hashlib = self._conditional_import_module('_hashlib') -@@ -82,26 +107,12 @@ +@@ -79,27 +104,12 @@ class HashLibTestCase(unittest.TestCase): for algorithm, constructors in self.constructors_to_test.items(): constructor = getattr(_hashlib, 'openssl_'+algorithm, None) if constructor: @@ -192,10 +193,11 @@ - if _sha512: - add_builtin_constructor('sha384') - add_builtin_constructor('sha512') - +- super(HashLibTestCase, self).__init__(*args, **kwargs) -@@ -157,9 +169,6 @@ + @property +@@ -148,9 +158,6 @@ class HashLibTestCase(unittest.TestCase): else: del sys.modules['_md5'] self.assertRaises(TypeError, get_builtin_constructor, 3) @@ -205,7 +207,7 @@ def test_hexdigest(self): for cons in self.hash_constructors: -@@ -558,6 +567,65 @@ +@@ -433,6 +440,64 @@ class HashLibTestCase(unittest.TestCase): self.assertEqual(expected_hash, hasher.hexdigest()) @@ -267,21 +269,23 @@ + + m = _hashlib.new('md5', b'abc\n', usedforsecurity=False) + self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1") -+ class KDFTests(unittest.TestCase): -@@ -639,6 +707,7 @@ - with self.assertRaisesRegex(ValueError, 'unsupported hash type'): - pbkdf2('unknown', b'pass', b'salt', 1) - +@@ -516,7 +581,7 @@ class KDFTests(unittest.TestCase): + out = pbkdf2(hash_name='sha1', password=b'password', salt=b'salt', + iterations=1, dklen=None) + self.assertEqual(out, self.pbkdf2_results['sha1'][0][0]) +- + @unittest.skip('skipped on Fedora, as we always use OpenSSL pbkdf2_hmac') def test_pbkdf2_hmac_py(self): self._test_pbkdf2_hmac(py_hashlib.pbkdf2_hmac) ---- Python-3.4.0b1/Modules/_hashopenssl.c.hashlib-fips 2013-11-24 21:36:56.000000000 +0100 -+++ Python-3.4.0b1/Modules/_hashopenssl.c 2013-11-27 12:01:57.443537463 +0100 -@@ -19,6 +19,8 @@ +diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c +index 44765ac..b8cf490 100644 +--- a/Modules/_hashopenssl.c ++++ b/Modules/_hashopenssl.c +@@ -20,6 +20,8 @@ /* EVP is the preferred interface to hashing in OpenSSL */ @@ -290,7 +294,7 @@ #include #include /* We use the object interface to discover what hashes OpenSSL supports. */ -@@ -48,11 +50,19 @@ +@@ -45,11 +47,19 @@ typedef struct { static PyTypeObject EVPtype; @@ -314,7 +318,7 @@ DEFINE_CONSTS_FOR_NEW(md5) DEFINE_CONSTS_FOR_NEW(sha1) -@@ -97,6 +107,48 @@ +@@ -92,6 +102,48 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) } } @@ -363,7 +367,7 @@ /* Internal methods for a hash object */ static void -@@ -281,15 +333,16 @@ +@@ -259,15 +311,16 @@ EVP_repr(EVPobject *self) static int EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) { @@ -383,7 +387,7 @@ return -1; } -@@ -310,7 +363,12 @@ +@@ -288,7 +341,12 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) PyBuffer_Release(&view); return -1; } @@ -397,7 +401,7 @@ self->name = name_obj; Py_INCREF(self->name); -@@ -394,7 +452,8 @@ +@@ -372,7 +430,8 @@ static PyTypeObject EVPtype = { static PyObject * EVPnew(PyObject *name_obj, const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, @@ -407,7 +411,7 @@ { EVPobject *self; -@@ -409,7 +468,12 @@ +@@ -387,7 +446,12 @@ EVPnew(PyObject *name_obj, if (initial_ctx) { EVP_MD_CTX_copy(&self->ctx, initial_ctx); } else { @@ -421,7 +425,7 @@ } if (cp && len) { -@@ -433,21 +497,29 @@ +@@ -411,21 +475,29 @@ PyDoc_STRVAR(EVP_new__doc__, An optional string argument may be provided and will be\n\ automatically hashed.\n\ \n\ @@ -455,17 +459,17 @@ return NULL; } -@@ -461,7 +533,8 @@ +@@ -439,7 +511,8 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) digest = EVP_get_digestbyname(name); - ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len); + ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len, -+ usedforsecurity); ++ usedforsecurity); if (data_obj) PyBuffer_Release(&view); -@@ -742,57 +815,115 @@ +@@ -722,57 +795,114 @@ generate_hash_name_list(void) /* @@ -508,8 +512,8 @@ + return implement_specific_EVP_new(self, args, kwdict, \ + "|Oi:" #NAME, \ + &cached_info_ ## NAME ); \ -+ } -+ + } + +static PyObject * +implement_specific_EVP_new(PyObject *self, PyObject *args, PyObject *kwdict, + const char *format, @@ -554,8 +558,8 @@ + } else { + PyErr_SetString(PyExc_ValueError, "Error initializing hash"); + } - } - ++ } ++ + if (data_obj) + PyBuffer_Release(&view); + @@ -614,11 +618,10 @@ + } + } +} -+ GEN_CONSTRUCTOR(md5) GEN_CONSTRUCTOR(sha1) -@@ -843,13 +974,10 @@ +@@ -819,13 +949,10 @@ PyInit__hashlib(void) { PyObject *m, *openssl_md_meth_names; diff --git a/00200-gettext-plural-fix.patch b/00200-gettext-plural-fix.patch deleted file mode 100644 index 93b817b..0000000 --- a/00200-gettext-plural-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up Python-2.5.1/Lib/gettext.py.plural Python-2.5.1/Lib/gettext.py ---- Python-2.5.1/Lib/gettext.py.plural 2007-09-10 11:38:57.000000000 -0400 -+++ Python-2.5.1/Lib/gettext.py 2007-09-10 11:39:00.000000000 -0400 -@@ -299,6 +299,8 @@ class GNUTranslations(NullTranslations): - item = b_item.decode().strip() - if not item: - continue -+ if item.startswith("#"): -+ continue - if ':' in item: - k, v = item.split(':', 1) - k = k.strip().lower() diff --git a/00201-fix-memory-leak-in-gdbm.patch b/00201-fix-memory-leak-in-gdbm.patch deleted file mode 100644 index 48839d5..0000000 --- a/00201-fix-memory-leak-in-gdbm.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- Modules/_gdbmmodule.c.orig 2013-07-08 14:54:27.803790151 +0200 -+++ Modules/_gdbmmodule.c 2013-07-08 14:55:25.006672443 +0200 -@@ -106,6 +106,7 @@ - if(okey.dsize) free(okey.dptr); - okey=key; - } -+ if(okey.dsize) free(okey.dptr); - dp->di_size = size; - } - return dp->di_size; diff --git a/00203-disable-threading-test-koji.patch b/00203-disable-threading-test-koji.patch deleted file mode 100644 index 70010fb..0000000 --- a/00203-disable-threading-test-koji.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up Python-3.4.3/Lib/test/test_threading.py.mstuchli Python-3.4.3/Lib/test/test_threading.py ---- Python-3.4.3/Lib/test/test_threading.py.mstuchli 2015-03-10 10:00:42.917355215 +0100 -+++ Python-3.4.3/Lib/test/test_threading.py 2015-03-10 10:00:47.735373842 +0100 -@@ -988,6 +988,7 @@ class ThreadingExceptionTests(BaseTestCa - self.assertIn("ZeroDivisionError", err) - self.assertNotIn("Unhandled exception", err) - -+ @unittest.skip('Fails in Koji due to mishandled signals') - def test_print_exception_stderr_is_none_1(self): - script = r"""if True: - import sys diff --git a/00207-math-once.patch b/00207-math-once.patch deleted file mode 100644 index 572ed59..0000000 --- a/00207-math-once.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- Python-3.5.1/Makefile.pre.in.kh 2015-12-17 05:51:08.466546157 -0500 -+++ Python-3.5.1/Makefile.pre.in 2015-12-17 05:52:26.207761635 -0500 -@@ -587,11 +587,15 @@ pybuilddir.txt: $(BUILDPYTHON) - exit 1 ; \ - fi - -+# This is shared by the math and cmath modules -+Modules/_math.o: Modules/_math.c Modules/_math.h -+ $(CC) -c $(CCSHARED) $(PY_CORE_CFLAGS) -o $@ $< -+ - # Build the shared modules - # Under GNU make, MAKEFLAGS are sorted and normalized; the 's' for - # -s, --silent or --quiet is always the first char. - # Under BSD make, MAKEFLAGS might be " -s -v x=y". --sharedmods: $(BUILDPYTHON) pybuilddir.txt -+sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o - @case "$$MAKEFLAGS" in \ - *\ -s*|s*) quiet="-q";; \ - *) quiet="";; \ ---- Python-3.5.1/Misc/NEWS.kh 2015-12-17 05:53:40.898929946 -0500 -+++ Python-3.5.1/Misc/NEWS 2015-12-17 05:54:28.599676136 -0500 -@@ -464,6 +464,10 @@ Build - - Issue #24986: It is now possible to build Python on Windows without errors - when external libraries are not available. - -+- Issue #24421: Compile Modules/_math.c once, before building extensions. -+ Previously it could fail to compile properly if the math and cmath builds -+ were concurrent. -+ - Windows - ------- - ---- Python-3.5.1/setup.py.kh 2015-12-17 06:38:30.950955607 -0500 -+++ Python-3.5.1/setup.py 2015-12-17 06:42:32.074722493 -0500 -@@ -582,13 +582,17 @@ class PyBuildExt(build_ext): - - # array objects - exts.append( Extension('array', ['arraymodule.c']) ) -+ -+ shared_math = 'Modules/_math.o' - # complex math library functions -- exts.append( Extension('cmath', ['cmathmodule.c', '_math.c'], -- depends=['_math.h'], -+ exts.append( Extension('cmath', ['cmathmodule.c'], -+ extra_objects=[shared_math], -+ depends=['_math.h', shared_math], - libraries=math_libs) ) - # math library functions, e.g. sin() -- exts.append( Extension('math', ['mathmodule.c', '_math.c'], -- depends=['_math.h'], -+ exts.append( Extension('math', ['mathmodule.c'], -+ extra_objects=[shared_math], -+ depends=['_math.h', shared_math], - libraries=math_libs) ) - - # time libraries: librt may be needed for clock_gettime() diff --git a/00208-disable-test_with_pip-on-ppc.patch b/00208-disable-test_with_pip-on-ppc.patch deleted file mode 100644 index 00b98ae..0000000 --- a/00208-disable-test_with_pip-on-ppc.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up Python-3.5.1/Lib/test/test_venv.py.1292467 Python-3.5.1/Lib/test/test_venv.py ---- Python-3.5.1/Lib/test/test_venv.py.1292467 2015-12-21 13:37:44.740190595 +0100 -+++ Python-3.5.1/Lib/test/test_venv.py 2015-12-21 13:40:25.707911828 +0100 -@@ -319,6 +319,7 @@ class EnsurePipTest(BaseTest): - - # Requesting pip fails without SSL (http://bugs.python.org/issue19744) - @unittest.skipIf(ssl is None, ensurepip._MISSING_SSL_MESSAGE) -+ @unittest.skip('rhbz#1292467') - def test_with_pip(self): - rmtree(self.env_dir) - with EnvironmentVarGuard() as envvars: diff --git a/00237-Raise-an-error-when-STARTTLS-fails.patch b/00237-Raise-an-error-when-STARTTLS-fails.patch deleted file mode 100644 index 9083e61..0000000 --- a/00237-Raise-an-error-when-STARTTLS-fails.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 761db274ca898f8a92348ed5979d3d3c1b0d634a Mon Sep 17 00:00:00 2001 -From: Tomas Orsava -Date: Fri, 17 Jun 2016 16:08:11 +0200 -Subject: [PATCH] Raise an error when STARTTLS fails - -CVE-2016-0772 python: smtplib StartTLS stripping attack -rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647 -rhbz#1346345: https://bugzilla.redhat.com/show_bug.cgi?id=1346345 - -Based on an upstream change by Benjamin Peterson -- in changeset 101887:d590114c2394 3.4 -- https://hg.python.org/cpython/rev/d590114c2394 ---- - Lib/smtplib.py | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/Lib/smtplib.py b/Lib/smtplib.py -index 4756973..dfbf5f9 100755 ---- a/Lib/smtplib.py -+++ b/Lib/smtplib.py -@@ -773,6 +773,11 @@ class SMTP: - self.ehlo_resp = None - self.esmtp_features = {} - self.does_esmtp = 0 -+ else: -+ # RFC 3207: -+ # 501 Syntax error (no parameters allowed) -+ # 454 TLS not available due to temporary reason -+ raise SMTPResponseException(resp, reply) - return (resp, reply) - - def sendmail(self, from_addr, to_addrs, msg, mail_options=[], --- -2.5.5 - diff --git a/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch b/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch deleted file mode 100644 index e2c8581..0000000 --- a/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 531dfa4bcfe55d5cd1524425944b07c5b02bddf9 Mon Sep 17 00:00:00 2001 -From: Charalampos Stratakis -Date: Fri, 8 Jul 2016 17:16:41 +0200 -Subject: [PATCH] CVE-2016-5636 fix - ---- - Modules/zipimport.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/Modules/zipimport.c b/Modules/zipimport.c -index 06abb31..4d0d1de 100644 ---- a/Modules/zipimport.c -+++ b/Modules/zipimport.c -@@ -1076,6 +1076,10 @@ get_data(PyObject *archive, PyObject *toc_entry) - &date, &crc)) { - return NULL; - } -+ if (data_size < 0) { -+ PyErr_Format(ZipImportError, "negative data size"); -+ return NULL; -+ } - - fp = _Py_fopen_obj(archive, "rb"); - if (!fp) -@@ -1112,6 +1116,11 @@ get_data(PyObject *archive, PyObject *toc_entry) - } - file_offset += l; /* Start of file data */ - -+ if (data_size > LONG_MAX - 1) { -+ fclose(fp); -+ PyErr_NoMemory(); -+ return NULL; -+ } - bytes_size = compress == 0 ? data_size : data_size + 1; - if (bytes_size == 0) - bytes_size++; --- -2.7.4 - diff --git a/00242-CVE-2016-1000110-httpoxy.patch b/00242-CVE-2016-1000110-httpoxy.patch index 7c17b31..244ebec 100644 --- a/00242-CVE-2016-1000110-httpoxy.patch +++ b/00242-CVE-2016-1000110-httpoxy.patch @@ -1,20 +1,8 @@ - -# HG changeset patch -# User Senthil Kumaran -# Date 1469947146 25200 -# Node ID a0ac52ed8f7918222603b584ec8fc93d9b7bc0a5 -# Parent 4cb94e561e2db9865fb4d752f2bceefca4c6819a# Parent 3c19023c9fec5a615c25598468b44fade89049ce -[merge from 3.4] - Prevent HTTPoxy attack (CVE-2016-1000110) - -Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which -indicates that the script is in CGI mode. - -Issue #27568 Reported and patch contributed by RĂ©mi Rampin. - diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst +index 24a4156..d2c7991 100644 --- a/Doc/howto/urllib2.rst +++ b/Doc/howto/urllib2.rst -@@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ han +@@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ handler: :: through a proxy. However, this can be enabled by extending urllib.request as shown in the recipe [#]_. @@ -27,11 +15,12 @@ diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst Sockets and Layers ================== diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst +index 6c1bfb8..1291aeb 100644 --- a/Doc/library/urllib.request.rst +++ b/Doc/library/urllib.request.rst -@@ -166,6 +166,16 @@ The :mod:`urllib.request` module defines the following functions: - cannot find it, looks for proxy information from Mac OSX System - Configuration for Mac OS X and Windows Systems Registry for Windows. +@@ -173,6 +173,16 @@ The :mod:`urllib.request` module defines the following functions: + If both lowercase and uppercase environment variables exist (and disagree), + lowercase is preferred. + .. note:: + @@ -46,25 +35,25 @@ diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst The following classes are provided: -@@ -275,6 +285,12 @@ The following classes are provided: +@@ -280,6 +290,11 @@ The following classes are provided: + list of hostname suffixes, optionally with ``:port`` appended, for example + ``cern.ch,ncsa.uiuc.edu,some.host:8080``. - To disable autodetected proxy pass an empty dictionary. - -+ .. note:: ++ .. note:: + + ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; + see the documentation on :func:`~urllib.request.getproxies`. + -+ .. class:: HTTPPasswordMgr() diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +index 5d05f8d..c26c52a 100644 --- a/Lib/test/test_urllib.py +++ b/Lib/test/test_urllib.py -@@ -225,6 +225,18 @@ class ProxyTests(unittest.TestCase): - self.env.set('NO_PROXY', 'localhost, anotherdomain.com, newdomain.com') - self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com')) +@@ -232,6 +232,18 @@ class ProxyTests(unittest.TestCase): + self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com:8888')) + self.assertTrue(urllib.request.proxy_bypass_environment('newdomain.com:1234')) + def test_proxy_cgi_ignore(self): + try: @@ -78,13 +67,14 @@ diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py + self.env.unset('REQUEST_METHOD') + self.env.unset('HTTP_PROXY') + - class urlopen_HttpTests(unittest.TestCase, FakeHTTPMixin, FakeFTPMixin): - """Test urlopen() opening a fake http connection.""" - + def test_proxy_bypass_environment_host_match(self): + bypass = urllib.request.proxy_bypass_environment + self.env.set('NO_PROXY', diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py +index 1731fe3..3be327d 100644 --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py -@@ -2394,6 +2394,12 @@ def getproxies_environment(): +@@ -2412,6 +2412,12 @@ def getproxies_environment(): name = name.lower() if value and name[-6:] == '_proxy': proxies[name[:-6]] = value @@ -93,8 +83,7 @@ diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py + # header from the client + # If "proxy" is lowercase, it will still be used thanks to the next block + if 'REQUEST_METHOD' in os.environ: -+ proxies.pop('http', None) - return proxies - - def proxy_bypass_environment(host): - ++ proxies.pop('http', None) + for name, value in os.environ.items(): + if name[-6:] == '_proxy': + name = name.lower() diff --git a/05000-autotool-intermediates.patch b/05000-autotool-intermediates.patch deleted file mode 100644 index 903cbf0..0000000 --- a/05000-autotool-intermediates.patch +++ /dev/null @@ -1,72 +0,0 @@ -diff -up ./configure.autotool-intermediates ./configure ---- ./configure.autotool-intermediates 2013-04-09 14:52:49.831773426 +0200 -+++ ./configure 2013-04-09 14:52:53.204765347 +0200 -@@ -802,6 +802,8 @@ with_thread - enable_ipv6 - with_doc_strings - with_tsc -+with_count_allocs -+with_call_profile - with_pymalloc - with_valgrind - with_systemtap -@@ -1479,6 +1481,8 @@ Optional Packages: - deprecated; use --with(out)-threads - --with(out)-doc-strings disable/enable documentation strings - --with(out)-tsc enable/disable timestamp counter profile -+ --with(out)count-allocs enable/disable per-type instance accounting -+ --with(out)-call-profile enable/disable statistics on function call invocation - --with(out)-pymalloc disable/enable specialized mallocs - --with-valgrind Enable Valgrind support - --with(out)-systemtap disable/enable SystemTap support -@@ -10117,6 +10121,50 @@ $as_echo "#define WITH_TSC 1" >>confdefs - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } -+else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+fi -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+fi -+ -+ -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-count-allocs" >&5 -+$as_echo_n "checking for --with-count-allocs... " >&6; } -+ -+# Check whether --with-count-allocs was given. -+if test "${with_count_allocs+set}" = set; then : -+ withval=$with_count_allocs; -+if test "$withval" != no -+then -+ -+$as_echo "#define COUNT_ALLOCS 1" >>confdefs.h -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; } -+else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+fi -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+fi -+ -+ -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-call-profile" >&5 -+$as_echo_n "checking for --with-call-profile... " >&6; } -+ -+# Check whether --with-call-profile was given. -+if test "${with_call_profile+set}" = set; then : -+ withval=$with_call_profile; -+if test "$withval" != no -+then -+ -+$as_echo "#define CALL_PROFILE 1" >>confdefs.h -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; } - else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 - $as_echo "no" >&6; } - fi diff --git a/python3.spec b/python3.spec index af7d7f3..980347d 100644 --- a/python3.spec +++ b/python3.spec @@ -111,8 +111,8 @@ # ================== Summary: Version 3 of the Python programming language aka Python 3000 Name: python3 -Version: %{pybasever}.1 -Release: 15%{?dist} +Version: %{pybasever}.2 +Release: 1%{?dist} License: Python Group: Development/Languages @@ -382,31 +382,6 @@ Patch188: 00188-fix-lib2to3-tests-when-hashlib-doesnt-compile-properly.patch Patch189: 00189-add-rewheel-module.patch %endif -# 00194 # -# Tests requiring SIGHUP to work don't work in Koji -# see rhbz#1088233 -Patch194: temporarily-disable-tests-requiring-SIGHUP.patch - -# 00196 # -# Fix test_gdb failure on ppc64le -Patch196: 00196-test-gdb-match-addr-before-builtin.patch - -# 00200 # -# Fix for gettext plural form headers (lines that begin with "#") -# Note: Backported from scl -Patch200: 00200-gettext-plural-fix.patch - -# 00201 # -# Fixes memory leak in gdbm module (rhbz#977308) -# This was upstreamed as a part of bigger patch, but for our purposes -# this is ok: http://bugs.python.org/issue18404 -# Note: Backported from scl -Patch201: 00201-fix-memory-leak-in-gdbm.patch - -# 00203 # -# test_threading fails in koji dues to it's handling of signals -Patch203: 00203-disable-threading-test-koji.patch - # 00205 # # LIBPL variable in makefile takes LIBPL from configure.ac # but the LIBPL variable defined there doesn't respect libdir macro @@ -417,40 +392,12 @@ Patch205: 00205-make-libpl-respect-lib64.patch # by debian but fedora infra uses only eabi without hf Patch206: 00206-remove-hf-from-arm-triplet.patch -# 00207 # -# Avoid truncated _math.o files caused by parallel builds -# modified version of https://bugs.python.org/issue24421 -# rhbz#1292461 -Patch207: 00207-math-once.patch - -# 00208 # -# test_with_pip (test.test_venv.EnsurePipTest) fails on ppc64* -# rhbz#1292467 -Patch208: 00208-disable-test_with_pip-on-ppc.patch - # 00209 # # Fix test breakage with version 2.2.0 of Expat # rhbz#1353918: https://bugzilla.redhat.com/show_bug.cgi?id=1353918 # FIXED UPSTREAM: http://bugs.python.org/issue27369 Patch209: 00209-fix-test-pyexpat-failure.patch -# 00237 # -# CVE-2016-0772 python: smtplib StartTLS stripping attack -# rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647 -# rhbz#1346345: https://bugzilla.redhat.com/show_bug.cgi?id=1346345 -# FIXED UPSTREAM: https://hg.python.org/cpython/rev/d590114c2394 -# Raise an error when STARTTLS fails -Patch237: 00237-Raise-an-error-when-STARTTLS-fails.patch - -# 00241 # -# CVE-2016-5636: http://seclists.org/oss-sec/2016/q2/560 -# rhbz#1345859: https://bugzilla.redhat.com/show_bug.cgi?id=1345859 -# https://hg.python.org/cpython/rev/10dad6da1b28/ -# https://hg.python.org/cpython/rev/5533a9e02b21 -# Fix possible integer overflow and heap corruption in zipimporter.get_data() -# FIXED UPSTREAM: https://bugs.python.org/issue26171 -Patch241: 00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch - # 00242 # # HTTPoxy attack (CVE-2016-1000110) # https://httpoxy.org/ @@ -659,7 +606,7 @@ for f in md5module.c sha1module.c sha256module.c sha512module.c; do done %if 0%{with_rewheel} -%global pip_version 7.1.0 +%global pip_version 8.1.2 sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/ensurepip/__init__.py %endif @@ -696,16 +643,9 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en %patch189 -p1 %endif -%patch194 -p1 -%patch196 -p1 -%patch203 -p1 %patch205 -p1 %patch206 -p1 -%patch207 -p1 -%patch208 -p1 %patch209 -p1 -%patch237 -p1 -%patch241 -p1 %patch242 -p1 %patch243 -p1 @@ -1612,6 +1552,15 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Mon Aug 15 2016 Tomas Orsava - 3.5.2-1 +- Rebased to version 3.5.2 +- Set to work with pip version 8.1.2 +- Removed patches 207, 237, 241 as fixes are already contained in Python 3.5.2 +- Removed arch or environment specific patches 194, 196, 203, and 208 + as test builds indicate they are no longer needed +- Updated patches 102, 146, and 242 to work with the new Python codebase +- Removed patches 200, 201, 5000 which weren't even being applied + * Tue Aug 09 2016 Charalampos Stratakis - 3.5.1-15 - Fix for CVE-2016-1000110 HTTPoxy attack - SPEC file cleanup