Date: Monday, March 15, 2021 @ 15:03:09 Author: felixonmars Revision: 410004
upgpkg: python2 2.7.18-3: securify fixes (FS#68063) Added: python2/trunk/py2-ize-the-CJK-codec-test.patch Modified: python2/trunk/PKGBUILD ----------------------------------+ PKGBUILD | 27 ++++++++++++++++++--- py2-ize-the-CJK-codec-test.patch | 46 +++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 4 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-03-15 14:43:03 UTC (rev 410003) +++ PKGBUILD 2021-03-15 15:03:09 UTC (rev 410004) @@ -5,7 +5,7 @@ pkgname=python2 pkgver=2.7.18 -pkgrel=2 +pkgrel=3 _pybasever=2.7 pkgdesc="A high-level scripting language" arch=('x86_64') @@ -18,14 +18,22 @@ 'python2-setuptools' 'python2-pip') conflicts=('python<3') +_gentoo_patches="python-gentoo-patches-${pkgver}_p7" source=("https://www.python.org/ftp/python/${pkgver%rc?}/Python-${pkgver}.tar.xz"{,.asc} - mtime-workaround.patch) + mtime-workaround.patch + "https://dev.gentoo.org/~mgorny/dist/python/$_gentoo_patches.tar.xz" + py2-ize-the-CJK-codec-test.patch) sha512sums=('a7bb62b51f48ff0b6df0b18f5b0312a523e3110f49c3237936bfe56ed0e26838c0274ff5401bda6fc21bf24337477ccac49e8026c5d651e4b4cafb5eb5086f6c' 'SKIP' - '4e761cfd57791e8b72ecdf84c2e03875bf074311130eea5b8e97409fa304fa3468dbd359a511c4e9978e686e662c58054b4174d3e73f845fa9ded2e83a3a8076') + '4e761cfd57791e8b72ecdf84c2e03875bf074311130eea5b8e97409fa304fa3468dbd359a511c4e9978e686e662c58054b4174d3e73f845fa9ded2e83a3a8076' + 'a3cd34f38a717183d9a8d6b91817a6ac989fb8ae4275f35cba4be810813a4c9c45f4e72d16aee33904eddaee77c4719b516392d629d2c4627c840e4ecc6bc121' + '67fb8116825f646cbe0f12d9ffb68c2e2006e98721c80c674738315160c0dfdb5f200b8d3229f85dbac2510ba436b0f701e44542ce4494cdd191cd1b8ca0bf0f') validpgpkeys=('C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF') # Benjamin Peterson +noextract=("$_gentoo_patches.tar.xz") prepare() { + bsdtar -xf $_gentoo_patches.tar.xz -s /$_gentoo_patches// + cd Python-${pkgver} # makepkg will touch all files to $SOURCE_DATE_EPOCH which will break pyc file's mtime check. @@ -32,6 +40,16 @@ # workaround this by touching them to $SOURCE_DATE_EPOCH before running compileall. patch -p0 -i ../mtime-workaround.patch + patch -p1 -i ../0001-bpo-39017-Avoid-infinite-loop-in-the-tarfile-module-.patch #CVE-2019-20907 + patch -p1 -i ../0002-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch #CVE-2020-8492 + patch -p1 -i ../0003-bpo-39603-Prevent-header-injection-in-http-methods-G.patch #CVE-2020-26116 + patch -p1 -i ../0004-bpo-42051-Reject-XML-entity-declarations-in-plist-fi.patch + patch -p1 -i ../0005-bpo-41944-No-longer-call-eval-on-content-received-vi.patch #CVE-2020-27619 + patch -p1 -i ../0006-bpo-40791-Make-compare_digest-more-constant-time.-GH.patch + patch -p1 -i ../0007-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch #CVE-2021-3177 + patch -p1 -i ../0024-3.6-bpo-42967-only-use-as-a-query-string-separator-G.patch #CVE-2021-23336 + patch -p1 -i ../py2-ize-the-CJK-codec-test.patch + # Temporary workaround for FS#22322 # See http://bugs.python.org/issue10835 for upstream report sed -i "/progname =/s/python/python${_pybasever}/" Python/pythonrun.c @@ -83,10 +101,11 @@ # test_idle, test_tk, test_ttk_guionly: segfaults # Since 2.7.15: test_ctypes # test_ftplib test_imaplib test_urllib2_localnet: krb5 errors + # test_codecmaps_jp: TODO cd Python-${pkgver} LD_LIBRARY_PATH="${srcdir}/Python-${pkgver}":${LD_LIBRARY_PATH} \ - xvfb-run "${srcdir}/Python-${pkgver}/python" -m test.regrtest -v -uall -x test_idle test_tk test_ttk_guionly test_ctypes test_ssl test_ftplib test_imaplib test_urllib2_localnet + xvfb-run "${srcdir}/Python-${pkgver}/python" -m test.regrtest -v -uall -x test_idle test_tk test_ttk_guionly test_ctypes test_ssl test_ftplib test_imaplib test_urllib2_localnet test_codecmaps_jp } package() { Added: py2-ize-the-CJK-codec-test.patch =================================================================== --- py2-ize-the-CJK-codec-test.patch (rev 0) +++ py2-ize-the-CJK-codec-test.patch 2021-03-15 15:03:09 UTC (rev 410004) @@ -0,0 +1,46 @@ +From ed1aa2f4738efe948242f252bcb0aa0b4314d2a2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgo...@gentoo.org> +Date: Fri, 5 Mar 2021 10:34:50 +0100 +Subject: py2-ize the CJK codec test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Michał Górny <mgo...@gentoo.org> +--- + Lib/test/multibytecodec_support.py | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py +index b7d7a3aba7..661ef9ee37 100644 +--- a/Lib/test/multibytecodec_support.py ++++ b/Lib/test/multibytecodec_support.py +@@ -2,6 +2,7 @@ + # Common Unittest Routines for CJK codecs + # + ++import binascii + import codecs + import os + import re +@@ -280,7 +281,7 @@ class TestBase_Mapping(unittest.TestCase): + + def _test_mapping_file_plain(self): + def unichrs(s): +- return ''.join(chr(int(x, 16)) for x in s.split('+')) ++ return ''.join(unichr(int(x, 16)) for x in s.split('+')) + + urt_wa = {} + +@@ -294,7 +295,7 @@ class TestBase_Mapping(unittest.TestCase): + + if data[0][:2] != '0x': + self.fail("Invalid line: {line!r}".format(line=line)) +- csetch = bytes.fromhex(data[0][2:]) ++ csetch = binascii.a2b_hex(data[0][2:]) + if len(csetch) == 1 and 0x80 <= csetch[0]: + continue + +-- +cgit v1.2.3 +