From 1e4b8a7668787845b4d72970ff907910d530bf10 Mon Sep 17 00:00:00 2001 From: Carl George Date: Mar 22 2018 18:50:46 +0000 Subject: 3.4.8-1 - Latest upstream - Patches 242, 248, and 286 merged upstream - Skip test_faulthandler on ppc64 --- diff --git a/00055-systemtap.patch b/00055-systemtap.patch index 3200c15..db4d006 100644 --- a/00055-systemtap.patch +++ b/00055-systemtap.patch @@ -674,21 +674,6 @@ diff -up Python-3.3.0rc2/Makefile.pre.in.systemtap Python-3.3.0rc2/Makefile.pre. profile-removal: find . -name '*.gc??' -exec rm -f {} ';' -diff -up Python-3.3.0rc2/Misc/NEWS.systemtap Python-3.3.0rc2/Misc/NEWS ---- Python-3.3.0rc2/Misc/NEWS.systemtap 2012-09-09 05:11:05.000000000 -0400 -+++ Python-3.3.0rc2/Misc/NEWS 2012-09-10 09:17:21.120511781 -0400 -@@ -619,6 +619,11 @@ Core and Builtins - - - Issue #15038: Optimize python Locks on Windows. - -+- Issue #14776: Added a new --with-systemtap configure-time option, which adds -+ static markers for SystemTap so that SystemTap scripts can observe bytecode -+ frames being entered and exited and so generate reports on what Python code -+ is being exectuted. -+ - Library - ------- - diff -up Python-3.3.0rc2/pyconfig.h.in.systemtap Python-3.3.0rc2/pyconfig.h.in --- Python-3.3.0rc2/pyconfig.h.in.systemtap 2012-09-09 05:11:14.000000000 -0400 +++ Python-3.3.0rc2/pyconfig.h.in 2012-09-10 09:17:21.120511781 -0400 diff --git a/00170-gc-assertions.patch b/00170-gc-assertions.patch deleted file mode 100644 index 1144cc2..0000000 --- a/00170-gc-assertions.patch +++ /dev/null @@ -1,325 +0,0 @@ -Index: Include/object.h -=================================================================== ---- Include/object.h (revision 87911) -+++ Include/object.h (working copy) -@@ -914,6 +914,49 @@ - _PyObject_DebugTypeStats(FILE *out); - #endif /* ifndef Py_LIMITED_API */ - -+/* -+ Define a pair of assertion macros. -+ -+ These work like the regular C assert(), in that they will abort the -+ process with a message on stderr if the given condition fails to hold, -+ but compile away to nothing if NDEBUG is defined. -+ -+ However, before aborting, Python will also try to call _PyObject_Dump() on -+ the given object. This may be of use when investigating bugs in which a -+ particular object is corrupt (e.g. buggy a tp_visit method in an extension -+ module breaking the garbage collector), to help locate the broken objects. -+ -+ The WITH_MSG variant allows you to supply an additional message that Python -+ will attempt to print to stderr, after the object dump. -+*/ -+#ifdef NDEBUG -+/* No debugging: compile away the assertions: */ -+#define PyObject_ASSERT_WITH_MSG(obj, expr, msg) ((void)0) -+#else -+/* With debugging: generate checks: */ -+#define PyObject_ASSERT_WITH_MSG(obj, expr, msg) \ -+ ((expr) \ -+ ? (void)(0) \ -+ : _PyObject_AssertFailed((obj), \ -+ (msg), \ -+ (__STRING(expr)), \ -+ (__FILE__), \ -+ (__LINE__), \ -+ (__PRETTY_FUNCTION__))) -+#endif -+ -+#define PyObject_ASSERT(obj, expr) \ -+ PyObject_ASSERT_WITH_MSG(obj, expr, NULL) -+ -+/* -+ Declare and define the entrypoint even when NDEBUG is defined, to avoid -+ causing compiler/linker errors when building extensions without NDEBUG -+ against a Python built with NDEBUG defined -+*/ -+PyAPI_FUNC(void) _PyObject_AssertFailed(PyObject *, const char *, -+ const char *, const char *, int, -+ const char *); -+ - #ifdef __cplusplus - } - #endif -Index: Objects/object.c -=================================================================== ---- Objects/object.c (revision 87911) -+++ Objects/object.c (working copy) -@@ -1899,6 +1899,35 @@ - } - } - -+PyAPI_FUNC(void) -+_PyObject_AssertFailed(PyObject *obj, const char *msg, const char *expr, -+ const char *file, int line, const char *function) -+{ -+ fprintf(stderr, -+ "%s:%d: %s: Assertion \"%s\" failed.\n", -+ file, line, function, expr); -+ if (msg) { -+ fprintf(stderr, "%s\n", msg); -+ } -+ -+ fflush(stderr); -+ -+ if (obj) { -+ /* This might succeed or fail, but we're about to abort, so at least -+ try to provide any extra info we can: */ -+ _PyObject_Dump(obj); -+ } -+ else { -+ fprintf(stderr, "NULL object\n"); -+ } -+ -+ fflush(stdout); -+ fflush(stderr); -+ -+ /* Terminate the process: */ -+ abort(); -+} -+ - #ifndef Py_TRACE_REFS - /* For Py_LIMITED_API, we need an out-of-line version of _Py_Dealloc. - Define this here, so we can undefine the macro. */ -Index: Lib/test/test_gc.py -=================================================================== ---- Lib/test/test_gc.py (revision 87911) -+++ Lib/test/test_gc.py (working copy) -@@ -1,6 +1,6 @@ - import unittest - from test.support import (verbose, refcount_test, run_unittest, -- strip_python_stderr, cpython_only) -+ strip_python_stderr, cpython_only, import_module) - from test.script_helper import assert_python_ok, make_script, temp_dir - - import sys -@@ -512,6 +512,48 @@ - self.assertEqual(len(gc.garbage), 0) - - -+ def test_refcount_errors(self): -+ self.preclean() -+ # Verify the "handling" of objects with broken refcounts -+ import_module("ctypes") #skip if not supported -+ -+ import subprocess -+ code = '''if 1: -+ a = [] -+ b = [a] -+ -+ # Simulate the refcount of "a" being too low (compared to the -+ # references held on it by live data), but keeping it above zero -+ # (to avoid deallocating it): -+ import ctypes -+ ctypes.pythonapi.Py_DecRef(ctypes.py_object(a)) -+ -+ # The garbage collector should now have a fatal error when it reaches -+ # the broken object: -+ import gc -+ gc.collect() -+ ''' -+ p = subprocess.Popen([sys.executable, "-c", code], -+ stdout=subprocess.PIPE, -+ stderr=subprocess.PIPE) -+ stdout, stderr = p.communicate() -+ p.stdout.close() -+ p.stderr.close() -+ # Verify that stderr has a useful error message: -+ self.assertRegex(stderr, -+ b'Modules/gcmodule.c:[0-9]+: visit_decref: Assertion "\(\(gc\)->gc.gc_refs >> \(1\)\) != 0" failed.') -+ self.assertRegex(stderr, -+ b'refcount was too small') -+ self.assertRegex(stderr, -+ b'object : \[\]') -+ self.assertRegex(stderr, -+ b'type : list') -+ self.assertRegex(stderr, -+ b'refcount: 1') -+ self.assertRegex(stderr, -+ b'address : 0x[0-9a-f]+') -+ -+ - class GCTogglingTests(unittest.TestCase): - def setUp(self): - gc.enable() -diff -up Modules/gcmodule.c.orig2 Modules/gcmodule.c ---- Modules/gcmodule.c.orig2 2014-12-08 10:54:14.251742911 +0100 -+++ Modules/gcmodule.c 2014-12-08 10:52:45.674771917 +0100 -@@ -341,7 +341,8 @@ update_refs(PyGC_Head *containers) - { - PyGC_Head *gc = containers->gc.gc_next; - for (; gc != containers; gc = gc->gc.gc_next) { -- assert(_PyGCHead_REFS(gc) == GC_REACHABLE); -+ PyObject_ASSERT(FROM_GC(gc), -+ _PyGCHead_REFS(gc) == GC_REACHABLE); - _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc))); - /* Python's cyclic gc should never see an incoming refcount - * of 0: if something decref'ed to 0, it should have been -@@ -361,7 +362,8 @@ update_refs(PyGC_Head *containers) - * so serious that maybe this should be a release-build - * check instead of an assert? - */ -- assert(_PyGCHead_REFS(gc) != 0); -+ PyObject_ASSERT(FROM_GC(gc), -+ _PyGCHead_REFS(gc) != 0); - } - } - -@@ -376,7 +378,9 @@ visit_decref(PyObject *op, void *data) - * generation being collected, which can be recognized - * because only they have positive gc_refs. - */ -- assert(_PyGCHead_REFS(gc) != 0); /* else refcount was too small */ -+ PyObject_ASSERT_WITH_MSG(FROM_GC(gc), -+ _PyGCHead_REFS(gc) != 0, -+ "refcount was too small"); /* else refcount was too small */ - if (_PyGCHead_REFS(gc) > 0) - _PyGCHead_DECREF(gc); - } -@@ -436,9 +440,10 @@ visit_reachable(PyObject *op, PyGC_Head - * If gc_refs == GC_UNTRACKED, it must be ignored. - */ - else { -- assert(gc_refs > 0 -- || gc_refs == GC_REACHABLE -- || gc_refs == GC_UNTRACKED); -+ PyObject_ASSERT(FROM_GC(gc), -+ gc_refs > 0 -+ || gc_refs == GC_REACHABLE -+ || gc_refs == GC_UNTRACKED); - } - } - return 0; -@@ -480,7 +485,7 @@ move_unreachable(PyGC_Head *young, PyGC_ - */ - PyObject *op = FROM_GC(gc); - traverseproc traverse = Py_TYPE(op)->tp_traverse; -- assert(_PyGCHead_REFS(gc) > 0); -+ PyObject_ASSERT(op, _PyGCHead_REFS(gc) > 0); - _PyGCHead_SET_REFS(gc, GC_REACHABLE); - (void) traverse(op, - (visitproc)visit_reachable, -@@ -543,7 +548,7 @@ move_legacy_finalizers(PyGC_Head *unreac - for (gc = unreachable->gc.gc_next; gc != unreachable; gc = next) { - PyObject *op = FROM_GC(gc); - -- assert(IS_TENTATIVELY_UNREACHABLE(op)); -+ PyObject_ASSERT(op, IS_TENTATIVELY_UNREACHABLE(op)); - next = gc->gc.gc_next; - - if (has_legacy_finalizer(op)) { -@@ -619,7 +624,7 @@ handle_weakrefs(PyGC_Head *unreachable, - PyWeakReference **wrlist; - - op = FROM_GC(gc); -- assert(IS_TENTATIVELY_UNREACHABLE(op)); -+ PyObject_ASSERT(op, IS_TENTATIVELY_UNREACHABLE(op)); - next = gc->gc.gc_next; - - if (! PyType_SUPPORTS_WEAKREFS(Py_TYPE(op))) -@@ -640,9 +645,9 @@ handle_weakrefs(PyGC_Head *unreachable, - * the callback pointer intact. Obscure: it also - * changes *wrlist. - */ -- assert(wr->wr_object == op); -+ PyObject_ASSERT(wr->wr_object, wr->wr_object == op); - _PyWeakref_ClearRef(wr); -- assert(wr->wr_object == Py_None); -+ PyObject_ASSERT(wr->wr_object, wr->wr_object == Py_None); - if (wr->wr_callback == NULL) - continue; /* no callback */ - -@@ -676,7 +681,7 @@ handle_weakrefs(PyGC_Head *unreachable, - */ - if (IS_TENTATIVELY_UNREACHABLE(wr)) - continue; -- assert(IS_REACHABLE(wr)); -+ PyObject_ASSERT(op, IS_REACHABLE(wr)); - - /* Create a new reference so that wr can't go away - * before we can process it again. -@@ -685,7 +690,8 @@ handle_weakrefs(PyGC_Head *unreachable, - - /* Move wr to wrcb_to_call, for the next pass. */ - wrasgc = AS_GC(wr); -- assert(wrasgc != next); /* wrasgc is reachable, but -+ PyObject_ASSERT(op, wrasgc != next); -+ /* wrasgc is reachable, but - next isn't, so they can't - be the same */ - gc_list_move(wrasgc, &wrcb_to_call); -@@ -701,11 +707,11 @@ handle_weakrefs(PyGC_Head *unreachable, - - gc = wrcb_to_call.gc.gc_next; - op = FROM_GC(gc); -- assert(IS_REACHABLE(op)); -- assert(PyWeakref_Check(op)); -+ PyObject_ASSERT(op, IS_REACHABLE(op)); -+ PyObject_ASSERT(op, PyWeakref_Check(op)); - wr = (PyWeakReference *)op; - callback = wr->wr_callback; -- assert(callback != NULL); -+ PyObject_ASSERT(op, callback != NULL); - - /* copy-paste of weakrefobject.c's handle_callback() */ - temp = PyObject_CallFunctionObjArgs(callback, wr, NULL); -@@ -822,12 +828,14 @@ check_garbage(PyGC_Head *collectable) - for (gc = collectable->gc.gc_next; gc != collectable; - gc = gc->gc.gc_next) { - _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc))); -- assert(_PyGCHead_REFS(gc) != 0); -+ PyObject_ASSERT(FROM_GC(gc), -+ _PyGCHead_REFS(gc) != 0); - } - subtract_refs(collectable); - for (gc = collectable->gc.gc_next; gc != collectable; - gc = gc->gc.gc_next) { -- assert(_PyGCHead_REFS(gc) >= 0); -+ PyObject_ASSERT(FROM_GC(gc), -+ _PyGCHead_REFS(gc) >= 0); - if (_PyGCHead_REFS(gc) != 0) - return -1; - } -diff -up Lib/test/test_gc.py.old Lib/test/test_gc.py ---- Lib/test/test_gc.py.old 2014-12-10 11:19:33.503982288 +0100 -+++ Lib/test/test_gc.py 2014-12-10 11:21:13.220021364 +0100 -@@ -49,6 +49,8 @@ class GC_Detector(object): - # gc collects it. - self.wr = weakref.ref(C1055820(666), it_happened) - -+BUILD_WITH_NDEBUG = ('-DNDEBUG' in sysconfig.get_config_vars()['PY_CFLAGS']) -+ - @with_tp_del - class Uncollectable(object): - """Create a reference cycle with multiple __del__ methods. -@@ -854,6 +856,8 @@ class GCCallbackTests(unittest.TestCase) - self.assertEqual(len(gc.garbage), 0) - - -+ @unittest.skipIf(BUILD_WITH_NDEBUG, -+ 'built with -NDEBUG') - def test_refcount_errors(self): - self.preclean() - # Verify the "handling" of objects with broken refcounts -diff -up Lib/test/test_gc.py.old Lib/test/test_gc.py ---- Lib/test/test_gc.py.old 2014-12-10 12:50:58.252121318 +0100 -+++ Lib/test/test_gc.py 2014-12-10 12:51:08.594266653 +0100 -@@ -4,6 +4,7 @@ from test.support import (verbose, refco - from test.script_helper import assert_python_ok, make_script, temp_dir - - import sys -+import sysconfig - import time - import gc - import weakref diff --git a/00200-gettext-plural-fix.patch b/00200-gettext-plural-fix.patch deleted file mode 100644 index 93b817b..0000000 --- a/00200-gettext-plural-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up Python-2.5.1/Lib/gettext.py.plural Python-2.5.1/Lib/gettext.py ---- Python-2.5.1/Lib/gettext.py.plural 2007-09-10 11:38:57.000000000 -0400 -+++ Python-2.5.1/Lib/gettext.py 2007-09-10 11:39:00.000000000 -0400 -@@ -299,6 +299,8 @@ class GNUTranslations(NullTranslations): - item = b_item.decode().strip() - if not item: - continue -+ if item.startswith("#"): -+ continue - if ':' in item: - k, v = item.split(':', 1) - k = k.strip().lower() diff --git a/00201-fix-memory-leak-in-gdbm.patch b/00201-fix-memory-leak-in-gdbm.patch deleted file mode 100644 index 48839d5..0000000 --- a/00201-fix-memory-leak-in-gdbm.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- Modules/_gdbmmodule.c.orig 2013-07-08 14:54:27.803790151 +0200 -+++ Modules/_gdbmmodule.c 2013-07-08 14:55:25.006672443 +0200 -@@ -106,6 +106,7 @@ - if(okey.dsize) free(okey.dptr); - okey=key; - } -+ if(okey.dsize) free(okey.dptr); - dp->di_size = size; - } - return dp->di_size; diff --git a/00242-CVE-2016-1000110-httpoxy.patch b/00242-CVE-2016-1000110-httpoxy.patch deleted file mode 100644 index 7c17b31..0000000 --- a/00242-CVE-2016-1000110-httpoxy.patch +++ /dev/null @@ -1,100 +0,0 @@ - -# HG changeset patch -# User Senthil Kumaran -# Date 1469947146 25200 -# Node ID a0ac52ed8f7918222603b584ec8fc93d9b7bc0a5 -# Parent 4cb94e561e2db9865fb4d752f2bceefca4c6819a# Parent 3c19023c9fec5a615c25598468b44fade89049ce -[merge from 3.4] - Prevent HTTPoxy attack (CVE-2016-1000110) - -Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which -indicates that the script is in CGI mode. - -Issue #27568 Reported and patch contributed by Rémi Rampin. - -diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst ---- a/Doc/howto/urllib2.rst -+++ b/Doc/howto/urllib2.rst -@@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ han - through a proxy. However, this can be enabled by extending urllib.request as - shown in the recipe [#]_. - -+.. note:: -+ -+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; see -+ the documentation on :func:`~urllib.request.getproxies`. -+ - - Sockets and Layers - ================== -diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst ---- a/Doc/library/urllib.request.rst -+++ b/Doc/library/urllib.request.rst -@@ -166,6 +166,16 @@ The :mod:`urllib.request` module defines the following functions: - cannot find it, looks for proxy information from Mac OSX System - Configuration for Mac OS X and Windows Systems Registry for Windows. - -+ .. note:: -+ -+ If the environment variable ``REQUEST_METHOD`` is set, which usually -+ indicates your script is running in a CGI environment, the environment -+ variable ``HTTP_PROXY`` (uppercase ``_PROXY``) will be ignored. This is -+ because that variable can be injected by a client using the "Proxy:" HTTP -+ header. If you need to use an HTTP proxy in a CGI environment, either use -+ ``ProxyHandler`` explicitly, or make sure the variable name is in -+ lowercase (or at least the ``_proxy`` suffix). -+ - - The following classes are provided: - -@@ -275,6 +285,12 @@ The following classes are provided: - - To disable autodetected proxy pass an empty dictionary. - -+ .. note:: -+ -+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; -+ see the documentation on :func:`~urllib.request.getproxies`. -+ -+ - - .. class:: HTTPPasswordMgr() - -diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py ---- a/Lib/test/test_urllib.py -+++ b/Lib/test/test_urllib.py -@@ -225,6 +225,18 @@ class ProxyTests(unittest.TestCase): - self.env.set('NO_PROXY', 'localhost, anotherdomain.com, newdomain.com') - self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com')) - -+ def test_proxy_cgi_ignore(self): -+ try: -+ self.env.set('HTTP_PROXY', 'http://somewhere:3128') -+ proxies = urllib.request.getproxies_environment() -+ self.assertEqual('http://somewhere:3128', proxies['http']) -+ self.env.set('REQUEST_METHOD', 'GET') -+ proxies = urllib.request.getproxies_environment() -+ self.assertNotIn('http', proxies) -+ finally: -+ self.env.unset('REQUEST_METHOD') -+ self.env.unset('HTTP_PROXY') -+ - class urlopen_HttpTests(unittest.TestCase, FakeHTTPMixin, FakeFTPMixin): - """Test urlopen() opening a fake http connection.""" - -diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py ---- a/Lib/urllib/request.py -+++ b/Lib/urllib/request.py -@@ -2394,6 +2394,12 @@ def getproxies_environment(): - name = name.lower() - if value and name[-6:] == '_proxy': - proxies[name[:-6]] = value -+ # CVE-2016-1000110 - If we are running as CGI script, forget HTTP_PROXY -+ # (non-all-lowercase) as it may be set from the web server by a "Proxy:" -+ # header from the client -+ # If "proxy" is lowercase, it will still be used thanks to the next block -+ if 'REQUEST_METHOD' in os.environ: -+ proxies.pop('http', None) - return proxies - - def proxy_bypass_environment(host): - diff --git a/00248-ensure-gc-tracking-is-off-when-invoking-weakref-callbacks.patch b/00248-ensure-gc-tracking-is-off-when-invoking-weakref-callbacks.patch deleted file mode 100644 index 330a6e3..0000000 --- a/00248-ensure-gc-tracking-is-off-when-invoking-weakref-callbacks.patch +++ /dev/null @@ -1,87 +0,0 @@ - -# HG changeset patch -# User Benjamin Peterson -# Date 1475564402 25200 -# Node ID c9b7272e25532f84d7feb1b0d942978329156ace -# Parent b24d0f274623d100e9bad7a4cb1b3f1a3e0b82b1 -ensure gc tracking is off when invoking weakref callbacks (closes #26617) - -diff --git a/Lib/test/test_weakref.py b/Lib/test/test_weakref.py ---- a/Lib/test/test_weakref.py -+++ b/Lib/test/test_weakref.py -@@ -845,6 +845,14 @@ class ReferencesTestCase(TestBase): - with self.assertRaises(AttributeError): - ref1.__callback__ = lambda ref: None - -+ def test_callback_gcs(self): -+ class ObjectWithDel(Object): -+ def __del__(self): pass -+ x = ObjectWithDel(1) -+ ref1 = weakref.ref(x, lambda ref: support.gc_collect()) -+ del x -+ support.gc_collect() -+ - - class SubclassableWeakrefTestCase(TestBase): - -diff --git a/Objects/typeobject.c b/Objects/typeobject.c ---- a/Objects/typeobject.c -+++ b/Objects/typeobject.c -@@ -1123,11 +1123,6 @@ subtype_dealloc(PyObject *self) - Py_TRASHCAN_SAFE_BEGIN(self); - --_PyTrash_delete_nesting; - -- tstate->trash_delete_nesting; -- /* DO NOT restore GC tracking at this point. weakref callbacks -- * (if any, and whether directly here or indirectly in something we -- * call) may trigger GC, and if self is tracked at that point, it -- * will look like trash to GC and GC will try to delete self again. -- */ - - /* Find the nearest base with a different tp_dealloc */ - base = type; -@@ -1138,30 +1133,36 @@ subtype_dealloc(PyObject *self) - - has_finalizer = type->tp_finalize || type->tp_del; - -- /* Maybe call finalizer; exit early if resurrected */ -- if (has_finalizer) -+ if (type->tp_finalize) { - _PyObject_GC_TRACK(self); -- -- if (type->tp_finalize) { - if (PyObject_CallFinalizerFromDealloc(self) < 0) { - /* Resurrected */ - goto endlabel; - } -- } -- /* If we added a weaklist, we clear it. Do this *before* calling -- tp_del, clearing slots, or clearing the instance dict. */ -+ _PyObject_GC_UNTRACK(self); -+ } -+ /* -+ If we added a weaklist, we clear it. Do this *before* calling tp_del, -+ clearing slots, or clearing the instance dict. -+ -+ GC tracking must be off at this point. weakref callbacks (if any, and -+ whether directly here or indirectly in something we call) may trigger GC, -+ and if self is tracked at that point, it will look like trash to GC and GC -+ will try to delete self again. -+ */ - if (type->tp_weaklistoffset && !base->tp_weaklistoffset) - PyObject_ClearWeakRefs(self); - - if (type->tp_del) { -+ _PyObject_GC_TRACK(self); - type->tp_del(self); - if (self->ob_refcnt > 0) { - /* Resurrected */ - goto endlabel; - } -+ _PyObject_GC_UNTRACK(self); - } - if (has_finalizer) { -- _PyObject_GC_UNTRACK(self); - /* New weakrefs could be created during the finalizer call. - If this occurs, clear them out without calling their - finalizers since they might rely on part of the object - diff --git a/00286-pystring-decodeescape-integer-overflow.patch b/00286-pystring-decodeescape-integer-overflow.patch deleted file mode 100644 index 8c22f3c..0000000 --- a/00286-pystring-decodeescape-integer-overflow.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001 -From: Jay Bosamiya -Date: Sun, 18 Jun 2017 22:11:03 +0530 -Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in - PyString_DecodeEscape (#2174) - -diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c -index 77dd45e..9b29dc3 100644 ---- a/Objects/bytesobject.c -+++ b/Objects/bytesobject.c -@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s, - char *p, *buf; - const char *end; - PyObject *v; -- Py_ssize_t newlen = recode_encoding ? 4*len:len; -+ Py_ssize_t newlen; -+ /* Check for integer overflow */ -+ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) { -+ PyErr_SetString(PyExc_OverflowError, "string is too large"); -+ return NULL; -+ } -+ newlen = recode_encoding ? 4*len:len; - v = PyBytes_FromStringAndSize((char *)NULL, newlen); - if (v == NULL) - return NULL; diff --git a/python34.spec b/python34.spec index 6fd2a28..e1724ca 100644 --- a/python34.spec +++ b/python34.spec @@ -152,8 +152,8 @@ # ================== Summary: Version 3 of the Python programming language aka Python 3000 Name: python%{pyshortver} -Version: %{pybasever}.5 -Release: 5%{?dist} +Version: %{pybasever}.8 +Release: 1%{?dist} License: Python Group: Development/Languages @@ -555,17 +555,6 @@ Patch164: 00164-disable-interrupted_write-tests-on-ppc.patch # in python.spec # TODO: python3 status? -# 00170 # -# In debug builds, try to print repr() when a C-level assert fails in the -# garbage collector (typically indicating a reference-counting error -# somewhere else e.g in an extension module) -# Backported to 2.7 from a patch I sent upstream for py3k -# http://bugs.python.org/issue9263 (rhbz#614680) -# hiding the proposed new macros/functions within gcmodule.c to avoid exposing -# them within the extension API. -# (rhbz#850013 -Patch170: 00170-gc-assertions.patch - # 00171 # # python.spec had: # Patch171: 00171-raise-correct-exception-when-dev-urandom-is-missing.patch @@ -727,18 +716,6 @@ Patch196: 00196-test-gdb-match-addr-before-builtin.patch # OpenSSL in RHEL has SSLv3 enabled #Patch199: 00199-alter-tests-to-reflect-sslv3-disabled.patch -# 00200 # -# Fix for gettext plural form headers (lines that begin with "#") -# Note: Backported from scl -Patch200: 00200-gettext-plural-fix.patch - -# 00201 # -# Fixes memory leak in gdbm module (rhbz#977308) -# This was upstreamed as a part of bigger patch, but for our purposes -# this is ok: http://bugs.python.org/issue18404 -# Note: Backported from scl -Patch201: 00201-fix-memory-leak-in-gdbm.patch - # test_threading fails in koji dues to it's handling of signals Patch203: 00203-disable-threading-test-koji.patch @@ -747,27 +724,6 @@ Patch203: 00203-disable-threading-test-koji.patch # but the LIBPL variable defined there doesn't respect libdir macro Patch205: 00205-make-libpl-respect-lib64.patch -# 00242 # -# HTTPoxy attack (CVE-2016-1000110) -# https://httpoxy.org/ -# FIXED UPSTREAM: http://bugs.python.org/issue27568 -# Based on a patch by Rémi Rampin -# Resolves: rhbz#1359179 -Patch242: 00242-CVE-2016-1000110-httpoxy.patch - -# 00248 # -# Ensure gc tracking is off when invoking weakref callbacks -# Resolves: rhbz#1384957 -# Backported from python 3.5+ -# FIXED UPSTREAM: http://bugs.python.org/issue26617 -Patch248: 00248-ensure-gc-tracking-is-off-when-invoking-weakref-callbacks.patch - -# 00286 # -# CVE-2017-1000158 -# Check & prevent integer overflow in PyString_DecodeEscape -# Fixed upstream: https://bugs.python.org/issue30657 -Patch286: 00286-pystring-decodeescape-integer-overflow.patch - # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -801,8 +757,8 @@ Requires: python%{pyshortver}-pip %else # When rewheel is disabled we keep the bundled setuptools and pip # so that virtualenvs work properly -Provides: bundled(python%{pyshortver}-pip) = 8.1.1 -Provides: bundled(python%{pyshortver}-setuptools) = 20.10.1 +Provides: bundled(python%{pyshortver}-pip) = 9.0.1 +Provides: bundled(python%{pyshortver}-setuptools) = 28.8.0 %endif %description @@ -947,7 +903,7 @@ done # Since we unbundle pip, our version is different from upstream %if 0%{with_rewheel} -%global pip_version 7.1.0 +%global pip_version 9.0.1 sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/ensurepip/__init__.py %endif @@ -1056,9 +1012,6 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en # 00199: doesn't apply to RHEL 7 %patch203 -p1 %patch205 -p1 -%patch242 -p1 -%patch248 -p1 -%patch286 -p1 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there # are many differences between 2.6 and the Python 3 library. @@ -1561,7 +1514,7 @@ CheckPython() { -x test_ensurepip \ -x test_venv \ %endif - %ifarch ppc64le aarch64 + %ifarch ppc64 ppc64le aarch64 -x test_faulthandler \ %endif %ifarch %{power64} s390 s390x armv7hl aarch64 @@ -2013,6 +1966,11 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Thu Mar 22 2018 Carl George - 3.4.8-1 +- Latest upstream +- Patches 242, 248, and 286 merged upstream +- Skip test_faulthandler on ppc64 + * Fri Dec 08 2017 Miro Hrončok - 3.4.5-6 - Fix for CVE-2017-1000158 - rhbz#1519601: https://bugzilla.redhat.com/show_bug.cgi?id=1519601