Hello community, here is the log from the commit of package python3.12635 for openSUSE:Leap:15.1:Update checked in at 2020-05-22 20:14:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/python3.12635 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.python3.12635.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3.12635" Fri May 22 20:14:23 2020 rev:1 rq:807378 version:3.6.10 Changes: -------- New Changes file: --- /dev/null 2020-04-14 14:47:33.391806949 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.python3.12635.new.2738/python3-base.changes 2020-05-22 20:14:25.629257314 +0200 @@ -0,0 +1,1120 @@ +------------------------------------------------------------------- +Tue Mar 10 09:56:57 UTC 2020 - Matej Cepl <mc...@suse.com> + +- Change name of idle3 icons to idle3.png + to avoid collision with Python 2 version (bsc#1165894). + +------------------------------------------------------------------- +Sat Feb 8 23:29:28 CET 2020 - Matej Cepl <mc...@suse.com> + +- Add CVE-2019-9674-zip-bomb.patch to improve documentation + warning about dangers of zip-bombs and other security problems + with zipfile library. (bsc#1162825 CVE-2019-9674) +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl <mc...@suse.com> + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal <tchva...@suse.com> + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package bsc#1165894 + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Tue Jan 28 17:54:50 CET 2020 - Matej Cepl <mc...@suse.com> + +- Add pep538_coerce_legacy_c_locale.patch to coerce locale to + C.UTF-8 always (bsc#1162423). + +------------------------------------------------------------------- +Thu Dec 19 16:42:56 CET 2019 - Matej Cepl <mc...@suse.com> + +- Update to 3.6.10 (still in line with jsc#SLE-9426, + jsc#SLE-9427, bsc#1159035): + - Security: + - bpo-38945: Newline characters have been escaped when + performing uu encoding to prevent them from overflowing + into to content section of the encoded file. This prevents + malicious or accidental modification of data during the + decoding process. + - bpo-37228: Due to significant security concerns, the + reuse_address parameter of + asyncio.loop.create_datagram_endpoint() is no longer + supported. This is because of the behavior of SO_REUSEADDR + in UDP. For more details, see the documentation for + loop.create_datagram_endpoint(). (Contributed by Kyle + Stanley, Antoine Pitrou, and Yury Selivanov in bpo-37228.) + - bpo-38804: Fixes a ReDoS vulnerability in http.cookiejar. + Patch by Ben Caller. + - bpo-38243: Escape the server title of + xmlrpc.server.DocXMLRPCServer when rendering the document + page as HTML. (Contributed by Dong-hee Na in bpo-38243.) + - bpo-38174: Update vendorized expat library version to + 2.2.8, which resolves CVE-2019-15903. + - bpo-37461: Fix an infinite loop when parsing specially + crafted email headers. Patch by Abhilash Raj. + - bpo-34155: Fix parsing of invalid email addresses with more + than one @ (e.g. a@b...@c.com.) to not return the part before + 2nd @ as valid email address. Patch by maxking & jpic. + - Library: + - bpo-38216: Allow the rare code that wants to send invalid + http requests from the http.client library a way to do so. + The fixes for bpo-30458 led to breakage for some projects + that were relying on this ability to test their own + behavior in the face of bad requests. + - bpo-36564: Fix infinite loop in email header folding logic + that would be triggered when an email policy’s + max_line_length is not long enough to include the required + markup and any values in the message. Patch by Paul Ganssle +- Remove patches included in the upstream tarball: + - CVE-2019-16935-xmlrpc-doc-server_title.patch + - CVE-2019-16056-email-parse-addr.patch +- Move idle subpackage build from python3-base to python3 (bsc#1159622). + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Thu Dec 12 14:17:45 CET 2019 - Matej Cepl <mc...@suse.com> + +- Unify all Python 3.6* SLE packages into one (jsc#SLE-9426, + jsc#SLE-9427, bsc#1159035) + - Patches which were already included upstream: + - CVE-2018-1061-DOS-via-regexp-difflib.patch + - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch + +------------------------------------------------------------------- +Tue Oct 22 22:26:56 CEST 2019 - Matej Cepl <mc...@suse.com> + +- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing + bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in + python/Lib/DocXMLRPCServer.py + +------------------------------------------------------------------- +Thu Sep 19 22:58:06 CEST 2019 - Matej Cepl <mc...@suse.com> + +- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from + bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes + bsc#1149792 +- Add bpo36263-Fix_hashlib_scrypt.patch which works around + bsc#1151490 + +------------------------------------------------------------------- +Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl <mc...@suse.com> + +- Add CVE-2019-16056-email-parse-addr.patch fixing the email + module wrongly parses email addresses [bsc#1149955, + bnc#1149955, CVE-2019-16056] + +------------------------------------------------------------------- +Mon Sep 9 19:37:57 CEST 2019 - Matej Cepl <mc...@suse.com> + +- jsc#PM-1350 bsc#1149121 Update python3 to the last version of + the 3.6 line. This is just a bugfix release with no changes in + functionality. +- The following patches were included in the upstream release as + so they can be removed in the package: + - CVE-2018-20852-cookie-domain-check.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - CVE-2019-10160-netloc-port-regression.patch + - CVE-2019-9636-urlsplit-NFKC-norm.patch + - CVE-2019-9947-no-ctrl-char-http.patch +- Patch bpo23395-PyErr_SetInterrupt-signal.patch has been + reapplied on the upstream base without changing any + functionality. +- Add patch aarch64-prolong-timeout.patch to fix failing + test_utime_current_old test. + +------------------------------------------------------------------- +Wed Jul 24 17:19:58 CEST 2019 - Matej Cepl <mc...@suse.com> + +- FAKE RECORD FROM SLE-12 CHANNEL Apply + "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which + converts shutil._call_external_zip to use subprocess rather + than distutils.spawn. [bsc#1109663, CVE-2018-1000802] + +------------------------------------------------------------------- +Wed Jul 24 15:27:24 CEST 2019 - Matej Cepl <mc...@suse.com> + +- FAKE RECORD FROM SLE-12 CHANNEL bsc#1109847: add + CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo#34623. + +------------------------------------------------------------------- +Fri Jul 19 13:28:16 CEST 2019 - Matej Cepl <mc...@suse.com> + +- boo#1141853 (CVE-2018-20852) add + CVE-2018-20852-cookie-domain-check.patch fixing + http.cookiejar.DefaultPolicy.domain_return_ok which did not + correctly validate the domain: it could be tricked into sending + cookies to the wrong server. + +------------------------------------------------------------------- +Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl <mc...@suse.com> + +- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch + which fixes regression introduced by the previous patch. + (CVE-2019-10160) + Upstream gh#python/cpython#13812 + +------------------------------------------------------------------- +Wed Jun 12 16:46:48 UTC 2019 - Matej Cepl <mc...@suse.com> + +- FAKE RECORD FROM SLE-12 CHANNEL bsc#1137942: Avoid duplicate + files with python3* packages (https://fate.suse.com/327309) + +------------------------------------------------------------------- +Tue Jun 11 16:51:39 CEST 2019 - Matej Cepl <mc...@suse.com> + +- bsc#1094814: Add bpo23395-PyErr_SetInterrupt-signal.patch to + handle situation when the SIGINT signal is ignored or not handled + +------------------------------------------------------------------- +Tue Apr 30 15:10:12 CEST 2019 - Matej Cepl <mc...@suse.com> + +- Update to 3.6.8: + - bugfixes only + - removed patches (subsumed in the upstream tarball): + - CVE-2018-20406-pickle_LONG_BINPUT.patch + - refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - CVE-2019-9636-urlsplit-NFKC-norm.patch + - Python-3.0b1-record-rpm.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.3.3-skip-distutils-test_sysconfig_module.patch + - python-3.6.0-multilib-new.patch ++++ 923 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.python3.12635.new.2738/python3-base.changes New Changes file: python3-doc.changes: same change New Changes file: python3.changes: same change New: ---- 0001-allow-for-reproducible-builds-of-python-packages.patch CVE-2019-9674-zip-bomb.patch CVE-2020-8492-urllib-ReDoS.patch PACKAGING-NOTES Python-3.0b1-record-rpm.patch Python-3.6.10.tar.xz Python-3.6.10.tar.xz.asc README.SUSE aarch64-prolong-timeout.patch baselibs.conf bpo-36576-skip_tests_for_OpenSSL-111.patch bpo23395-PyErr_SetInterrupt-signal.patch bpo36263-Fix_hashlib_scrypt.patch distutils-reproducible-compile.patch idle3.appdata.xml idle3.desktop import_failed.map import_failed.py macros.python3 pep538_coerce_legacy_c_locale.patch pre_checkin.sh python-3.3.0b1-curses-panel.patch python-3.3.0b1-fix_date_time_compiler.patch python-3.3.0b1-localpath.patch python-3.3.0b1-test-posix_fadvise.patch python-3.3.3-skip-distutils-test_sysconfig_module.patch python-3.6-CVE-2017-18207.patch python-3.6.0-multilib-new.patch python.keyring python3-base-rpmlintrc python3-base.changes python3-base.spec python3-doc.changes python3-doc.spec python3-rpmlintrc python3-sorted_tar.patch python3.changes python3.spec skip_random_failing_tests.patch skipped_tests.py subprocess-raise-timeout.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python3-base.spec ++++++ # # spec file for package python3-base # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # !!!! # this is the master spec file, but changes should be submitted # against python3, not python3-base # # see PACKAGING-NOTES for details # !!!! ### COMMON-DEF-BEGIN ### %define tarversion %{version} %define tarname Python-%{tarversion} # the versions are autogenerated from pre_checkin.sh # based on the current source tarball %define python_version 3.6 %define python_version_abitag 36 %define python_version_soname 3_6 %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 %define abi_kind m # python ABI version - used in some file names %define python_abi %{python_version}%{abi_kind} # soname ABI tag defined in PEP 3149 %define abi_tag %{python_version_abitag}%{abi_kind} # version part of "libpython" package %define so_major 1 %define so_minor 0 %define so_version %{python_version_soname}%{abi_kind}%{so_major}_%{so_minor} # rpm and python have different ideas about what is an arch-dependent name, so: %if %{__isa_name} == ppc %define archname %(echo %{_arch} | sed s/ppc/powerpc/) %else %define archname %{_arch} %endif # our arm has Hardware-Floatingpoint %if %{_arch} == arm %define armsuffix hf %endif # pyexpat.cpython-35m-x86_64-linux-gnu # pyexpat.cpython-35m-powerpc64le-linux-gnu # pyexpat.cpython-35m-armv7-linux-gnueabihf %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so ### COMMON-DEF-END ### # that thing where "without" means "default=on" and vice versa %bcond_without testsuite %if 0%{?do_profiling} %bcond_without profileopt %else %bcond_with profileopt %endif Name: python3-base Version: 3.6.10 Release: 0 Summary: Python 3 Interpreter and Stdlib Core License: Python-2.0 Group: Development/Languages/Python URL: http://www.python.org/ ##### SOURCE FILES ##### Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz Source1: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz.asc Source2: python.keyring Source3: baselibs.conf Source4: README.SUSE Source8: macros.python3 Source9: import_failed.py Source10: import_failed.map # The following files are not used in the build. # They are listed here to work around missing functionality in rpmbuild, # which would otherwise exclude them from distributed src.rpm files. Source100: PACKAGING-NOTES Source101: python3-rpmlintrc Source102: python3-base-rpmlintrc Source103: pre_checkin.sh Source104: skipped_tests.py ##### REQURES, PROVIDES, OBSOLETES ##### Requires: libpython%{so_version} == %{version}-%{release} Requires: python-rpm-macros Recommends: python3 = %{version} #Recommends: python3-ensurepip # python 3.1 didn't have a separate python-base, so it is wrongly # not a conflict to have python3-3.1 and python3-base > 3.1 Obsoletes: python3 < 3.2 # no Provides, because python3 is obviously provided by package python3 # python 3.4 provides asyncio Provides: python3-asyncio = %{version} Obsoletes: python3-asyncio < %{version} # python 3.6 provides typing Provides: python3-typing = %{version} Obsoletes: python3-typing < %{version} # python3-xml was merged into python3, now moved into -base Provides: python3-xml = %{version} Obsoletes: python3-xml < %{version} ##### BUILDREQUIRES ##### # SECTION required for basic build BuildRequires: automake BuildRequires: pkgconfig # /SECTION # SECTION required for core modules # The compression-related ones could be moved to python3 if necessary, with the exception of zlib. # _bz2 BuildRequires: libbz2-devel # pyexpat, _elementtree BuildRequires: libexpat-devel # _ctypes BuildRequires: libffi-devel # nis BuildRequires: libnsl-devel # _lzma BuildRequires: lzma-devel # ssl BuildRequires: openssl-devel >= 1.0.2 # zlib BuildRequires: zlib-devel # /SECTION # SECTION required for build and testsuite BuildRequires: fdupes # netcfg is needed *only* for /etc/services for one test in test_asyncio # this could be moved to python3 if needed, it's just more convenient here BuildRequires: netcfg BuildRequires: timezone BuildRequires: xz # /SECTION ### COMMON-PATCH-BEGIN ### # implement "--record-rpm" option for distutils installations Patch01: Python-3.0b1-record-rpm.patch # support lib-vs-lib64 distinction Patch02: python-3.6.0-multilib-new.patch # support finding packages in /usr/local, install to /usr/local by default Patch04: python-3.3.0b1-localpath.patch # PATCH-FEATURE-UPSTREAM pep538_coerce_legacy_c_locale.patch bpo#28180 mc...@suse.com # This patches coerces locale to be C.UTF-8 irrespective to the system locale Patch05: pep538_coerce_legacy_c_locale.patch # replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds Patch06: python-3.3.0b1-fix_date_time_compiler.patch # fix wrong include path in curses-panel module Patch07: python-3.3.0b1-curses-panel.patch # POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test Patch09: python-3.3.0b1-test-posix_fadvise.patch # Disable global and distutils sysconfig comparison test, we deviate from the default depending on optflags Patch12: python-3.3.3-skip-distutils-test_sysconfig_module.patch # Raise timeout value for test_subprocess Patch15: subprocess-raise-timeout.patch # PATCH-FIX-UPSTREAM python-3.6-CVE-2017-18207.patch psim...@suse.com -- Add check for channels of wav file in Lib/wave.py # Suggested in https://github.com/python/cpython/pull/4437. Patch20: python-3.6-CVE-2017-18207.patch # PATCH-FIX-UPSTREAM bmwiedem...@suse.de -- https://github.com/python/cpython/pull/296 Patch21: 0001-allow-for-reproducible-builds-of-python-packages.patch # PATCH-FEATURE-OPENSUSE order files for compilation until the underlying cause of bsc#1049186 is resolved Patch22: distutils-reproducible-compile.patch # skip some tests only for PowerPC Patch23: skip_random_failing_tests.patch # PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263 Patch24: python3-sorted_tar.patch # PATCH-FIX-UPSTREAM bpo23395-PyErr_SetInterrupt-signal.patch boo#1094814 mc...@suse.com # handle situation when the SIGINT signal is ignored or not handled Patch29: bpo23395-PyErr_SetInterrupt-signal.patch # PATCH-FIX-OPENSUSE aarch64-prolong-timeout.patch bsc#1149121 mc...@suse.com # Our buildbots are apparently too busy on aarch64 to make time right Patch30: aarch64-prolong-timeout.patch # PATCH-FIX-UPSTREAM bpo-36576-skip_tests_for_OpenSSL-111.patch bsc#1149792 mc...@suse.com # Skip tests failing with OpenSSL 1.1.1 Patch32: bpo-36576-skip_tests_for_OpenSSL-111.patch # PATCH-FIX-OPENSUSE bpo36263-Fix_hashlib_scrypt.patch boo#1151490 mc...@suse.com # There is a regression in OpenSSL, which causes bpo#36263, and until it # is fixed in OpenSSL, we need to protect against it. Patch33: bpo36263-Fix_hashlib_scrypt.patch # PATCH-FIX-UPSTREAM CVE-2020-8492-urllib-ReDoS.patch bsc#1162367 mc...@suse.com # Fixes Python urrlib allowed an HTTP server to conduct Regular # Expression Denial of Service (ReDoS) Patch34: CVE-2020-8492-urllib-ReDoS.patch # PATCH-FIX-UPSTREAM CVE-2019-9674-zip-bomb.patch bsc#1162825 mc...@suse.com # Improve documentation warning against the possible zip bombs Patch35: CVE-2019-9674-zip-bomb.patch ### COMMON-PATCH-END ### %description Python is an interpreted, object-oriented programming language, and is often compared to Tcl, Perl, Scheme, or Java. You can find an overview of Python in the documentation and tutorials included in the python-doc package. This package contains the interpreter core and most commonly used modules from the standard library. This is sufficient for many usecases, but it excludes components that depend on external libraries, most notably XML, database and UI toolkits support. %package -n python3-tools Summary: Python Utility and Demonstration Scripts Group: Development/Languages/Python Requires: %{name} = %{version} Obsoletes: python3-demo < %{version} Provides: python3-demo = %{version} Obsoletes: python3-2to3 < %{version} Provides: python3-2to3 = %{version} %description -n python3-tools A number of scripts that are useful for building, testing or extending Python, and a set of demonstration programs. %package -n python3-devel Summary: Include Files and Libraries Mandatory for Building Python Modules Group: Development/Languages/Python Requires: %{name} = %{version} %description -n python3-devel The Python programming language's interpreter can be extended with dynamically loaded extensions and can be embedded in other programs. This package contains header files, a static library, and development tools for building Python modules, extending the Python interpreter or embedding Python in applications. This also includes the Python distutils, which were in the Python package up to version 2.2.2. %package -n python3-testsuite Summary: Unit tests for Python and its standard library Group: Development/Languages/Python Requires: python3 = %{version} Requires: python3-tk = %{version} %description -n python3-testsuite Unit tests that are useful for verifying integrity and functionality of the installed Python interpreter and standard library. They are a documented part of stdlib, as a module 'test'. %package -n libpython%{so_version} Summary: Python Interpreter shared library Group: Development/Languages/Python %description -n libpython%{so_version} Python is an interpreted, object-oriented programming language, and is often compared to Tcl, Perl, Scheme, or Java. You can find an overview of Python in the documentation and tutorials included in the python-doc (HTML) or python-doc-pdf (PDF) packages. This package contains libpython3.2 shared library for embedding in other applications. %prep %setup -q -n %{tarname} ### COMMON-PREP-BEGIN ### %patch01 -p1 %patch02 -p1 %patch04 %patch05 -p1 %patch06 -p1 %patch07 %patch09 -p1 %patch12 -p1 %patch15 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 %ifarch ppc ppc64 ppc64le %patch23 -p1 %endif %patch24 -p1 %patch29 -p1 %patch30 -p1 %patch32 -p1 %patch33 -p1 %patch34 -p1 %patch35 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac # fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 for dir in Lib Tools; do # find *.py, filter to files that contain bad shebangs # break up "/""usr" like this to prevent replacing with %{_prefix} find $dir -name '*.py' -type f -print0 \ | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' done # drop in-tree libffi and expat rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin rm -r Modules/expat # drop duplicate README from site-packages rm Lib/site-packages/README.txt ### COMMON-PREP-END ### %build ### COMMON-CONFIG-BEGIN ### # use rpm_opt_flags export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi)" touch -r %{SOURCE0} Makefile.pre.in autoreconf -fvi %if 0%{?sles_version} sed -e 's/-fprofile-correction//' -i Makefile.pre.in %endif %configure \ --docdir=%{_docdir}/python \ --enable-ipv6 \ --with-fpectl \ --enable-shared \ --with-ensurepip=no \ --with-system-ffi \ --with-system-expat \ --enable-loadable-sqlite-extensions # prevent make from trying to rebuild PYTHON_FOR_GEN stuff make -t Python/Python-ast.c \ Include/Python-ast.h \ Objects/typeslots.inc \ Python/opcode_targets.h \ Include/opcode.h ### COMMON-CONFIG-END ### %if %{with profileopt} target=profile-opt %else target=all %endif LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ make %{?_smp_mflags} $target %install %make_install # remove .a find %{buildroot} -name "*.a" -exec rm {} ";" # install "site-packages" and __pycache__ for third parties install -d -m 755 %{buildroot}%{sitedir}/site-packages install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ # and their 32bit counterparts explicitly mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ # cleanup parts that don't belong for dir in curses dbm sqlite3 tkinter idlelib; do find %{buildroot}%{sitedir}/$dir/* -maxdepth 0 -name "test" -o -exec rm -rf {} ";" done # rm $RPM_BUILD_ROOT%{dynlib pyexpat} # overwrite the copied binary with a link ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 # link shared library instead of static library that tools expect ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so # delete idle3, which has to many packaging dependencies for base rm %{buildroot}%{_bindir}/idle3* # replace duplicate .pyo/.pyc with hardlinks %fdupes %{buildroot}/%{sitedir} # documentation export PDOCS=%{buildroot}%{_docdir}/%{name} install -d -m 755 $PDOCS install -c -m 644 %{SOURCE4} $PDOCS/ install -c -m 644 LICENSE $PDOCS/ install -c -m 644 README.rst $PDOCS/ # tools for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ || ( install -c -m 644 $x $PDOCS/$x ) done # gdb script is shipped with devel subpackage rm -r $PDOCS/Tools/gdb # clean up the bat files find $PDOCS -name "*.bat" -exec rm {} ";" # put gdb helper script into place install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py # install devel files to /config #cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%{sitedir}/config-%{python_abi}/ # RPM macros mkdir -p %{buildroot}%{_sysconfdir}/rpm install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/rpm # macros.python3 # import_failed hooks FAILDIR=%{buildroot}/%{sitedir}/_import_failed mkdir $FAILDIR install -m 644 %{SOURCE9} %{SOURCE10} $FAILDIR # import_failed.* LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" ( cd $FAILDIR while read package modules; do for module in $modules; do ln import_failed.py $module.py pushd __pycache__ for i in import_failed*; do ln $i "$module${i#import_failed}" done popd done done < %{SOURCE10} ) echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth %post -n libpython%{so_version} -p /sbin/ldconfig %postun -n libpython%{so_version} -p /sbin/ldconfig %files -n libpython%{so_version} %defattr(644, root,root) %{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} %files -n python3-tools %defattr(644, root, root, 755) %{sitedir}/turtledemo %{_bindir}/2to3 %attr(755, root, root)%{_bindir}/2to3-%{python_version} %doc %{_docdir}/%{name}/Tools %files -n python3-devel %defattr(644, root, root, 755) %{_libdir}/libpython%{python_abi}.so %{_libdir}/libpython3.so %{_libdir}/pkgconfig/* %{_includedir}/python%{python_abi} %{sitedir}/config-%{python_abi}-* %defattr(755, root, root) %{_bindir}/python%{python_abi}-config %{_bindir}/python%{python_version}-config %{_bindir}/python3-config # Own these directories to not depend on gdb %dir %{_datadir}/gdb %dir %{_datadir}/gdb/auto-load %dir %{_datadir}/gdb/auto-load%{_prefix} %dir %{_datadir}/gdb/auto-load%{_libdir} %{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py %files -n python3-testsuite %defattr(644, root, root, 755) %{sitedir}/test %{sitedir}/*/test %{sitedir}/*/tests %{dynlib _ctypes_test} %{dynlib _testbuffer} %{dynlib _testcapi} %{dynlib _testimportmultiple} %{dynlib _testmultiphase} %{dynlib xxlimited} # workaround for missing packages %dir %{sitedir}/sqlite3 %dir %{sitedir}/tkinter %files %defattr(644, root, root, 755) # docs %dir %{_docdir}/%{name} %doc %{_docdir}/%{name}/README.rst %license %{_docdir}/%{name}/LICENSE %doc %{_docdir}/%{name}/README.SUSE %{_mandir}/man1/python3.1* %{_mandir}/man1/python%{python_version}.1* # license text, not a doc because the code can use it at run-time %{sitedir}/LICENSE.txt # RPM macros %{_sysconfdir}/rpm/macros.python3 # binary parts %dir %{sitedir}/lib-dynload %{dynlib array} %{dynlib _asyncio} %{dynlib audioop} %{dynlib binascii} %{dynlib _bisect} %{dynlib _bz2} %{dynlib cmath} %{dynlib _codecs_cn} %{dynlib _codecs_hk} %{dynlib _codecs_iso2022} %{dynlib _codecs_jp} %{dynlib _codecs_kr} %{dynlib _codecs_tw} %{dynlib _crypt} %{dynlib _csv} %{dynlib _ctypes} %{dynlib _datetime} %{dynlib _decimal} %{dynlib _elementtree} %{dynlib fcntl} %{dynlib grp} %{dynlib _hashlib} %{dynlib _heapq} %{dynlib _json} %{dynlib _lsprof} %{dynlib _lzma} %{dynlib math} %{dynlib mmap} %{dynlib _multibytecodec} %{dynlib _multiprocessing} %{dynlib nis} %{dynlib ossaudiodev} %{dynlib _opcode} %{dynlib parser} %{dynlib _pickle} %{dynlib _posixsubprocess} %{dynlib pyexpat} %{dynlib _random} %{dynlib resource} %{dynlib select} %{dynlib _socket} %{dynlib _ssl} %{dynlib spwd} %{dynlib _struct} %{dynlib syslog} %{dynlib termios} %{dynlib unicodedata} %{dynlib zlib} # hashlib fallback modules %{dynlib _blake2} %{dynlib _md5} %{dynlib _sha1} %{dynlib _sha256} %{dynlib _sha512} %{dynlib _sha3} # python parts %dir %{_prefix}/lib/python%{python_version} %dir %{_prefix}/lib/python%{python_version}/site-packages %dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ %dir %{sitedir} %dir %{sitedir}/site-packages %dir %{sitedir}/site-packages/__pycache__ %exclude %{sitedir}/*/test %exclude %{sitedir}/*/tests %{sitedir}/*.py %{sitedir}/asyncio %{sitedir}/ctypes %{sitedir}/collections %{sitedir}/concurrent %{sitedir}/distutils %{sitedir}/email %{sitedir}/encodings %{sitedir}/ensurepip %{sitedir}/html %{sitedir}/http %{sitedir}/importlib %{sitedir}/json %{sitedir}/lib2to3 %{sitedir}/logging %{sitedir}/multiprocessing %{sitedir}/pydoc_data %{sitedir}/unittest %{sitedir}/urllib %{sitedir}/venv %{sitedir}/wsgiref %{sitedir}/xml %{sitedir}/xmlrpc %{sitedir}/__pycache__ # import-failed hooks %{sitedir}/_import_failed %{sitedir}/site-packages/zzzz-import-failed-hooks.pth # symlinks %{_bindir}/pyvenv %{_bindir}/python3 %{_bindir}/pydoc3 # executables %attr(755, root, root) %{_bindir}/pydoc%{python_version} %attr(755, root, root) %{_bindir}/python%{python_abi} %attr(755, root, root) %{_bindir}/python%{python_version} %attr(755, root, root) %{_bindir}/pyvenv-%{python_version} %changelog ++++++ python3-doc.spec ++++++ # # spec file for package python3-doc # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # ### COMMON-DEF-BEGIN ### %define tarversion %{version} %define tarname Python-%{tarversion} # the versions are autogenerated from pre_checkin.sh # based on the current source tarball %define python_version 3.6 %define python_version_abitag 36 %define python_version_soname 3_6 %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 %define abi_kind m # python ABI version - used in some file names %define python_abi %{python_version}%{abi_kind} # soname ABI tag defined in PEP 3149 %define abi_tag %{python_version_abitag}%{abi_kind} # version part of "libpython" package %define so_major 1 %define so_minor 0 %define so_version %{python_version_soname}%{abi_kind}%{so_major}_%{so_minor} # rpm and python have different ideas about what is an arch-dependent name, so: %if %{__isa_name} == ppc %define archname %(echo %{_arch} | sed s/ppc/powerpc/) %else %define archname %{_arch} %endif # our arm has Hardware-Floatingpoint %if %{_arch} == arm %define armsuffix hf %endif # pyexpat.cpython-35m-x86_64-linux-gnu # pyexpat.cpython-35m-powerpc64le-linux-gnu # pyexpat.cpython-35m-armv7-linux-gnueabihf %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so ### COMMON-DEF-END ### # Name: python3-doc Version: 3.6.10 Release: 0 Summary: Additional Package Documentation for Python 3 License: Python-2.0 Group: Documentation/HTML URL: http://www.python.org/ Source0: http://www.python.org/ftp/python/%{tarversion}/%{tarname}.tar.xz BuildRequires: libqt5-qttools BuildRequires: python3-Sphinx >= 1.2 BuildRequires: xz Enhances: python3 = %{python_version} BuildArch: noarch # for consistency: ### COMMON-PATCH-BEGIN ### # implement "--record-rpm" option for distutils installations Patch01: Python-3.0b1-record-rpm.patch # support lib-vs-lib64 distinction Patch02: python-3.6.0-multilib-new.patch # support finding packages in /usr/local, install to /usr/local by default Patch04: python-3.3.0b1-localpath.patch # PATCH-FEATURE-UPSTREAM pep538_coerce_legacy_c_locale.patch bpo#28180 mc...@suse.com # This patches coerces locale to be C.UTF-8 irrespective to the system locale Patch05: pep538_coerce_legacy_c_locale.patch # replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds Patch06: python-3.3.0b1-fix_date_time_compiler.patch # fix wrong include path in curses-panel module Patch07: python-3.3.0b1-curses-panel.patch # POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test Patch09: python-3.3.0b1-test-posix_fadvise.patch # Disable global and distutils sysconfig comparison test, we deviate from the default depending on optflags Patch12: python-3.3.3-skip-distutils-test_sysconfig_module.patch # Raise timeout value for test_subprocess Patch15: subprocess-raise-timeout.patch # PATCH-FIX-UPSTREAM python-3.6-CVE-2017-18207.patch psim...@suse.com -- Add check for channels of wav file in Lib/wave.py # Suggested in https://github.com/python/cpython/pull/4437. Patch20: python-3.6-CVE-2017-18207.patch # PATCH-FIX-UPSTREAM bmwiedem...@suse.de -- https://github.com/python/cpython/pull/296 Patch21: 0001-allow-for-reproducible-builds-of-python-packages.patch # PATCH-FEATURE-OPENSUSE order files for compilation until the underlying cause of bsc#1049186 is resolved Patch22: distutils-reproducible-compile.patch # skip some tests only for PowerPC Patch23: skip_random_failing_tests.patch # PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263 Patch24: python3-sorted_tar.patch # PATCH-FIX-UPSTREAM bpo23395-PyErr_SetInterrupt-signal.patch boo#1094814 mc...@suse.com # handle situation when the SIGINT signal is ignored or not handled Patch29: bpo23395-PyErr_SetInterrupt-signal.patch # PATCH-FIX-OPENSUSE aarch64-prolong-timeout.patch bsc#1149121 mc...@suse.com # Our buildbots are apparently too busy on aarch64 to make time right Patch30: aarch64-prolong-timeout.patch # PATCH-FIX-UPSTREAM bpo-36576-skip_tests_for_OpenSSL-111.patch bsc#1149792 mc...@suse.com # Skip tests failing with OpenSSL 1.1.1 Patch32: bpo-36576-skip_tests_for_OpenSSL-111.patch # PATCH-FIX-OPENSUSE bpo36263-Fix_hashlib_scrypt.patch boo#1151490 mc...@suse.com # There is a regression in OpenSSL, which causes bpo#36263, and until it # is fixed in OpenSSL, we need to protect against it. Patch33: bpo36263-Fix_hashlib_scrypt.patch # PATCH-FIX-UPSTREAM CVE-2020-8492-urllib-ReDoS.patch bsc#1162367 mc...@suse.com # Fixes Python urrlib allowed an HTTP server to conduct Regular # Expression Denial of Service (ReDoS) Patch34: CVE-2020-8492-urllib-ReDoS.patch # PATCH-FIX-UPSTREAM CVE-2019-9674-zip-bomb.patch bsc#1162825 mc...@suse.com # Improve documentation warning against the possible zip bombs Patch35: CVE-2019-9674-zip-bomb.patch ### COMMON-PATCH-END ### %description Tutorial, Global Module Index, Language Reference, Library Reference, Extending and Embedding Reference, Python/C API Reference, Documenting Python, and Macintosh Module Reference in HTML format. %prep %setup -q -n %{tarname} # for consistency ### COMMON-PREP-BEGIN ### %patch01 -p1 %patch02 -p1 %patch04 %patch05 -p1 %patch06 -p1 %patch07 %patch09 -p1 %patch12 -p1 %patch15 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 %ifarch ppc ppc64 ppc64le %patch23 -p1 %endif %patch24 -p1 %patch29 -p1 %patch30 -p1 %patch32 -p1 %patch33 -p1 %patch34 -p1 %patch35 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac # fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 for dir in Lib Tools; do # find *.py, filter to files that contain bad shebangs # break up "/""usr" like this to prevent replacing with %{_prefix} find $dir -name '*.py' -type f -print0 \ | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' done # drop in-tree libffi and expat rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin rm -r Modules/expat # drop duplicate README from site-packages rm Lib/site-packages/README.txt ### COMMON-PREP-END ### %build TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` # TODO use not date of tarball but date of latest patch cd Doc sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py make -j1 html # create a .qch file that can be used in QtAssistant or KDevelop sphinx-build -a -b qthelp . build/qthelp qhelpgenerator-qt5 build/qthelp/Python.qhp -o build/qthelp/Python.qch %install export PDOCS=%{buildroot}%{_docdir}/python3 mkdir -p $PDOCS # generated docs rm Doc/build/html/.buildinfo cp -r Doc/build/html $PDOCS install -m 644 Doc/build/qthelp/Python.qch $PDOCS # misc install -d -m 755 $PDOCS/Misc rm Misc/README.AIX for i in Misc/* ; do [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ done %files %defattr(644, root, root, 755) %dir %{_docdir}/python3 %doc %{_docdir}/python3/Misc %doc %{_docdir}/python3/html %doc %{_docdir}/python3/Python.qch %changelog ++++++ python3.spec ++++++ # # spec file for package python3 # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # do not add defs here, please edit python3-base.spec instead # and run pre_checkin.sh # # see PACKAGING-NOTES for details # ### COMMON-DEF-BEGIN ### %define tarversion %{version} %define tarname Python-%{tarversion} # the versions are autogenerated from pre_checkin.sh # based on the current source tarball %define python_version 3.6 %define python_version_abitag 36 %define python_version_soname 3_6 %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 %define abi_kind m # python ABI version - used in some file names %define python_abi %{python_version}%{abi_kind} # soname ABI tag defined in PEP 3149 %define abi_tag %{python_version_abitag}%{abi_kind} # version part of "libpython" package %define so_major 1 %define so_minor 0 %define so_version %{python_version_soname}%{abi_kind}%{so_major}_%{so_minor} # rpm and python have different ideas about what is an arch-dependent name, so: %if %{__isa_name} == ppc %define archname %(echo %{_arch} | sed s/ppc/powerpc/) %else %define archname %{_arch} %endif # our arm has Hardware-Floatingpoint %if %{_arch} == arm %define armsuffix hf %endif # pyexpat.cpython-35m-x86_64-linux-gnu # pyexpat.cpython-35m-powerpc64le-linux-gnu # pyexpat.cpython-35m-armv7-linux-gnueabihf %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so ### COMMON-DEF-END ### # Name: python3 Version: 3.6.10 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 Group: Development/Languages/Python URL: http://www.python.org/ Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz Source1: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz.asc Source20: idle3.desktop Source21: idle3.appdata.xml BuildRequires: automake BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gdbm-devel BuildRequires: gettext-tools BuildRequires: gmp-devel BuildRequires: intltool BuildRequires: libbz2-devel BuildRequires: libexpat-devel BuildRequires: libffi-devel BuildRequires: libnsl-devel BuildRequires: lzma-devel BuildRequires: ncurses-devel BuildRequires: netcfg BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: sqlite-devel BuildRequires: tk-devel BuildRequires: xz BuildRequires: pkgconfig(x11) # required for idle3 (.desktop and .appdata.xml files) # BuildRequires: appstream-glib BuildRequires: update-desktop-files Requires: python3-base = %{version} Recommends: python3-curses Recommends: python3-dbm Recommends: python3-pip Provides: python = %{python_version} # # do not add patches here, please edit python3-base.spec instead # and run pre_checkin.sh # # see PACKAGING-NOTES for details # ### COMMON-PATCH-BEGIN ### # implement "--record-rpm" option for distutils installations Patch01: Python-3.0b1-record-rpm.patch # support lib-vs-lib64 distinction Patch02: python-3.6.0-multilib-new.patch # support finding packages in /usr/local, install to /usr/local by default Patch04: python-3.3.0b1-localpath.patch # PATCH-FEATURE-UPSTREAM pep538_coerce_legacy_c_locale.patch bpo#28180 mc...@suse.com # This patches coerces locale to be C.UTF-8 irrespective to the system locale Patch05: pep538_coerce_legacy_c_locale.patch # replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds Patch06: python-3.3.0b1-fix_date_time_compiler.patch # fix wrong include path in curses-panel module Patch07: python-3.3.0b1-curses-panel.patch # POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test Patch09: python-3.3.0b1-test-posix_fadvise.patch # Disable global and distutils sysconfig comparison test, we deviate from the default depending on optflags Patch12: python-3.3.3-skip-distutils-test_sysconfig_module.patch # Raise timeout value for test_subprocess Patch15: subprocess-raise-timeout.patch # PATCH-FIX-UPSTREAM python-3.6-CVE-2017-18207.patch psim...@suse.com -- Add check for channels of wav file in Lib/wave.py # Suggested in https://github.com/python/cpython/pull/4437. Patch20: python-3.6-CVE-2017-18207.patch # PATCH-FIX-UPSTREAM bmwiedem...@suse.de -- https://github.com/python/cpython/pull/296 Patch21: 0001-allow-for-reproducible-builds-of-python-packages.patch # PATCH-FEATURE-OPENSUSE order files for compilation until the underlying cause of bsc#1049186 is resolved Patch22: distutils-reproducible-compile.patch # skip some tests only for PowerPC Patch23: skip_random_failing_tests.patch # PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263 Patch24: python3-sorted_tar.patch # PATCH-FIX-UPSTREAM bpo23395-PyErr_SetInterrupt-signal.patch boo#1094814 mc...@suse.com # handle situation when the SIGINT signal is ignored or not handled Patch29: bpo23395-PyErr_SetInterrupt-signal.patch # PATCH-FIX-OPENSUSE aarch64-prolong-timeout.patch bsc#1149121 mc...@suse.com # Our buildbots are apparently too busy on aarch64 to make time right Patch30: aarch64-prolong-timeout.patch # PATCH-FIX-UPSTREAM bpo-36576-skip_tests_for_OpenSSL-111.patch bsc#1149792 mc...@suse.com # Skip tests failing with OpenSSL 1.1.1 Patch32: bpo-36576-skip_tests_for_OpenSSL-111.patch # PATCH-FIX-OPENSUSE bpo36263-Fix_hashlib_scrypt.patch boo#1151490 mc...@suse.com # There is a regression in OpenSSL, which causes bpo#36263, and until it # is fixed in OpenSSL, we need to protect against it. Patch33: bpo36263-Fix_hashlib_scrypt.patch # PATCH-FIX-UPSTREAM CVE-2020-8492-urllib-ReDoS.patch bsc#1162367 mc...@suse.com # Fixes Python urrlib allowed an HTTP server to conduct Regular # Expression Denial of Service (ReDoS) Patch34: CVE-2020-8492-urllib-ReDoS.patch # PATCH-FIX-UPSTREAM CVE-2019-9674-zip-bomb.patch bsc#1162825 mc...@suse.com # Improve documentation warning against the possible zip bombs Patch35: CVE-2019-9674-zip-bomb.patch ### COMMON-PATCH-END ### %description Python 3 is modern interpreted, object-oriented programming language, often compared to Tcl, Perl, Scheme, or Java. You can find an overview of Python in the documentation and tutorials included in the python3-doc package. This package supplies rich command line features provided by readline, and sqlite3 support for the interpreter core, thus forming a so called "extended" runtime. Installing "python3" is sufficient for the vast majority of usecases. In addition, recommended packages provide UI toolkit support (python3-curses, python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE development environment (python3-idle). %package tk Summary: TkInter - Python Tk Interface Group: Development/Libraries/Python Requires: %{name} = %{version} %description tk Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. The "xrpm" package uses this Python interface. %package curses Summary: Python Interface to the (N)Curses Library Group: Development/Libraries/Python Requires: %{name} = %{version} %description curses An easy to use interface to the (n)curses CUI library. CUI stands for Console User Interface. %package dbm Summary: Python Interface to the GDBM Library Group: Development/Languages/Python Requires: %{name} = %{version} %description dbm An easy to use interface for Unix DBM databases, and more specifically, the GNU implementation GDBM. %package idle Summary: An Integrated Development Environment for Python Group: Development/Languages/Python Requires: %{name} = %{version} Requires: python3-tk %description idle IDLE is a Tkinter based integrated development environment for Python. It features a multi-window text editor with multiple undo, Python colorizing, and many other things, as well as a Python shell window and a debugger. %prep %setup -q -n %{tarname} ### COMMON-PREP-BEGIN ### %patch01 -p1 %patch02 -p1 %patch04 %patch05 -p1 %patch06 -p1 %patch07 %patch09 -p1 %patch12 -p1 %patch15 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 %ifarch ppc ppc64 ppc64le %patch23 -p1 %endif %patch24 -p1 %patch29 -p1 %patch30 -p1 %patch32 -p1 %patch33 -p1 %patch34 -p1 %patch35 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac # fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 for dir in Lib Tools; do # find *.py, filter to files that contain bad shebangs # break up "/""usr" like this to prevent replacing with %{_prefix} find $dir -name '*.py' -type f -print0 \ | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' done # drop in-tree libffi and expat rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin rm -r Modules/expat # drop duplicate README from site-packages rm Lib/site-packages/README.txt ### COMMON-PREP-END ### %build ### COMMON-CONFIG-BEGIN ### # use rpm_opt_flags export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi)" touch -r %{SOURCE0} Makefile.pre.in autoreconf -fvi %if 0%{?sles_version} sed -e 's/-fprofile-correction//' -i Makefile.pre.in %endif %configure \ --docdir=%{_docdir}/python \ --enable-ipv6 \ --with-fpectl \ --enable-shared \ --with-ensurepip=no \ --with-system-ffi \ --with-system-expat \ --enable-loadable-sqlite-extensions # prevent make from trying to rebuild PYTHON_FOR_GEN stuff make -t Python/Python-ast.c \ Include/Python-ast.h \ Objects/typeslots.inc \ Python/opcode_targets.h \ Include/opcode.h ### COMMON-CONFIG-END ### make %{?_smp_mflags} %check # exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos # when you install gdb into your test env EXCLUDE="test_gdb" # we patch out the message to recommend zypper in and thus this would fail EXCLUDE="$EXCLUDE test_pydoc" %ifarch %{arm} # test_multiprocessing_forkserver is racy EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" %endif %ifarch ppc ppc64 ppc64le # exclue test_faulthandler due to bnc#831629 EXCLUDE="$EXCLUDE test_faulthandler" %endif # some tests break in QEMU %if 0%{?qemu_user_space_build} > 0 EXCLUDE="$EXCLUDE test_asyncio test_multiprocessing_fork test_multiprocessing_forkserver test_multiprocessing_main_handling test_multiprocessing_spawn test_threading test_threadedtempfile test_io test_posix test_ioctl test_mmap test_openpty test_pty test_time test_subprocess test_asyncore test_asyncio test_os test_faulthandler" # qemu bug (siginterrupt handling) EXCLUDE="$EXCLUDE test_signal" %endif # This test (part of test_uuid) requires real network interfaces # so that ifconfig output has "HWaddr <something>". Some kvm instances # done have any such interface breaking the uuid module. EXCLUDE="$EXCLUDE test_uuid" # Limit virtual memory to avoid spurious failures if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then ulimit -v 10000000 || : fi make -j1 test TESTOPTS="-u curses -x $EXCLUDE" # use network, be verbose: #make test TESTOPTS="-l -u network -v" %install %make_install # clean out stuff that is in python-base and subpackages find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete rm %{buildroot}%{_libdir}/lib* rm -r %{buildroot}%{_libdir}/pkgconfig rm -r %{buildroot}%{_mandir}/* rm -r %{buildroot}%{_includedir}/* rm -r %{buildroot}%{sitedir}/config* find %{buildroot}%{sitedir} -name "*.egg-info" -exec rm {} ";" rm -r %{buildroot}%{sitedir}/__pycache__ rm -r %{buildroot}%{sitedir}/site-packages rm %{buildroot}%{sitedir}/*.* for module in \ asyncio ctypes collections concurrent distutils email encodings \ ensurepip html http \ importlib json logging multiprocessing pydoc_data unittest \ urllib venv wsgiref lib2to3 test turtledemo \ xml xmlrpc do rm -r %{buildroot}%{sitedir}/$module done for library in \ array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* _crypt _csv \ _ctypes _datetime _decimal fcntl grp _hashlib _heapq _json _lsprof \ _lzma math mmap _multibytecodec _multiprocessing nis _opcode ossaudiodev \ parser _pickle _posixsubprocess _random resource select _ssl _socket spwd \ _struct syslog termios _testbuffer _testimportmultiple _testmultiphase \ unicodedata zlib _ctypes_test _testcapi xxlimited \ _elementtree pyexpat \ _md5 _sha1 _sha256 _sha512 _blake2 _sha3 do eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" done # Idle is not packaged in base due to the appstream-glib dependency # move idle config into /etc install -d -m 755 %{buildroot}%{_sysconfdir}/idle3 ( cd %{buildroot}/%{sitedir}/idlelib/ for file in *.def ; do mv $file %{buildroot}%{_sysconfdir}/idle3/ ln -sf %{_sysconfdir}/idle3/$file %{buildroot}/%{sitedir}/idlelib/ done ) # install idle icons for size in 16 32 48 ; do install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle3.png done # install idle desktop file install -m 644 -D -t %{buildroot}%{_datadir}/applications %{SOURCE20} %suse_update_desktop_file idle3 install -m 644 -D -t %{buildroot}%{_datadir}/metainfo %{SOURCE21} # appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle3.appdata.xml %fdupes %{buildroot}/%{_libdir}/python%{python_version} %files tk %defattr(644, root, root, 755) %{sitedir}/tkinter %exclude %{sitedir}/tkinter/test %{dynlib _tkinter} %files curses %defattr(644, root, root, 755) %{sitedir}/curses %{dynlib _curses} %{dynlib _curses_panel} %files dbm %defattr(644, root, root, 755) %{sitedir}/dbm %{dynlib _dbm} %{dynlib _gdbm} %files %defattr(644, root, root, 755) %dir %{sitedir} %dir %{sitedir}/lib-dynload %{sitedir}/sqlite3 %exclude %{sitedir}/sqlite3/test %{dynlib readline} %{dynlib _sqlite3} %files idle %defattr(644, root, root, 755) %{sitedir}/idlelib %dir %{_sysconfdir}/idle3 %config %{_sysconfdir}/idle3/* %doc Lib/idlelib/NEWS.txt %doc Lib/idlelib/README.txt %doc Lib/idlelib/TODO.txt %doc Lib/idlelib/extend.txt %doc Lib/idlelib/ChangeLog %{_bindir}/idle3 %{_datadir}/applications/idle3.desktop %{_datadir}/metainfo/idle3.appdata.xml %{_datadir}/icons/hicolor/*/apps/idle3.png %dir %{_datadir}/icons/hicolor %dir %{_datadir}/icons/hicolor/16x16 %dir %{_datadir}/icons/hicolor/32x32 %dir %{_datadir}/icons/hicolor/48x48 %dir %{_datadir}/icons/hicolor/*/apps %attr(755, root, root) %{_bindir}/idle%{python_version} %changelog ++++++ 0001-allow-for-reproducible-builds-of-python-packages.patch ++++++ >From 0d6dde67a01878b0d708b4216e2b31f1c76544fb Mon Sep 17 00:00:00 2001 From: "Bernhard M. Wiedemann" <bwiedem...@suse.de> Date: Sat, 25 Feb 2017 06:42:28 +0100 Subject: [PATCH] allow for reproducible builds of python packages See https://reproducible-builds.org/ for why this is good and https://reproducible-builds.org/specs/source-date-epoch/ for the definition of this variable. Background: In some distributions like openSUSE, binary rpms contain precompiled .pyc files. And packages like amqp or twisted dynamically generate .py files at build time so those have the current time and that timestamp gets embedded into the .pyc file header. When we then adapt file timestamps in rpms to be constant, the timestamp in the .pyc header will no more match the .py timestamp in the filesystem. The software will still work, but it will not use the .pyc file as it should. --- Lib/py_compile.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Lib/py_compile.py b/Lib/py_compile.py index 11c5b50..62dcdc7 100644 --- a/Lib/py_compile.py +++ b/Lib/py_compile.py @@ -137,6 +137,10 @@ def compile(file, cfile=None, dfile=None, doraise=False, optimize=-1): except FileExistsError: pass source_stats = loader.path_stats(file) + sde = os.environ.get('SOURCE_DATE_EPOCH') + if sde and source_stats['mtime'] > int(sde): + source_stats['mtime'] = int(sde) + os.utime(file, (source_stats['mtime'], source_stats['mtime'])) bytecode = importlib._bootstrap_external._code_to_bytecode( code, source_stats['mtime'], source_stats['size']) mode = importlib._bootstrap_external._calc_mode(file) -- 2.10.2 ++++++ CVE-2019-9674-zip-bomb.patch ++++++ >From b73fe12d4d85fc92e4b9658e417046b68fb68ecc Mon Sep 17 00:00:00 2001 From: nick sung <sungboss2...@gmail.com> Date: Fri, 17 May 2019 15:45:31 +0800 Subject: [PATCH 1/4] bpo-36260: Add pitfalls to zipfile module documentation We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file. This gave us the idea of documentation improvement. So, we moved a little bit forward :P And the doc patch can be found (pr). --- Doc/library/zipfile.rst | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) --- a/Doc/library/zipfile.rst +++ b/Doc/library/zipfile.rst @@ -706,5 +706,47 @@ Command-line options Test whether the zipfile is valid or not. +Decompression pitfalls +---------------------- +The extraction in zipfile module might fail due to some pitfalls +listed below. + +From file itself +~~~~~~~~~~~~~~~~ + +Decompression may fail due to incorrect password / CRC checksum +/ ZIP format or unsupported compression method / decryption. + +File System limitations +~~~~~~~~~~~~~~~~~~~~~~~ + +Exceeding limitations on different file systems can cause +decompression failed. Such as allowable characters in the +directory entries, length of the file name, length of the +pathname, size of a single file, and number of files, etc. + +Resources limitations +~~~~~~~~~~~~~~~~~~~~~ + +The lack of memory or disk volume would lead to decompression +failed. For example, decompression bombs (aka `ZIP bomb`_) apply +to zipfile library that can cause disk volume exhaustion. + +Interruption +~~~~~~~~~~~~ + +Interruption during the decompression, such as pressing control-C +or killing the decompression process may result in incomplete +decompression of the archive. + +Default behaviors of extraction +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Not knowing the default extraction behaviors can cause unexpected +decompression results. For example, when extracting the same +archive twice, it overwrites files without asking. + + +.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb .. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT --- /dev/null +++ b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst @@ -0,0 +1 @@ +Add decompression pitfalls to zipfile module documentation. \ No newline at end of file ++++++ CVE-2020-8492-urllib-ReDoS.patch ++++++ >From 34e25a97709a05f7c804036dd1e16afda6bdfa33 Mon Sep 17 00:00:00 2001 From: Victor Stinner <vstin...@python.org> Date: Thu, 30 Jan 2020 16:13:03 +0100 Subject: [PATCH 1/2] bpo-39503: Fix urllib basic auth regex The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Matt Schwager. --- Lib/urllib2.py | 2 +- Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst @@ -0,0 +1,4 @@ +CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class of the +:mod:`urllib.request` module uses an inefficient regular expression which can +be exploited by an attacker to cause a denial of service. Fix the regex to +prevent the catastrophic backtracking. Vulnerability reported by Matt Schwager. --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py @@ -945,7 +945,7 @@ class AbstractBasicAuthHandler: # allow for double- and single-quoted realm values # (single quotes are a violation of the RFC, but appear in the wild) - rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' + rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t]+)[ \t]+' 'realm=(["\']?)([^"\']*)\\2', re.I) # XXX could pre-emptively send auth info already accepted (RFC 2617, ++++++ PACKAGING-NOTES ++++++ Notes for packagers of Python3 ============================== 0. Faster build turnaround -------------------------- By default, python builds with profile-guided optimization. This needs an additional run of the test suite and it is generally slow. PGO build takes around 50 minutes. For development, use "--without profileopt" option to disable PGO. This shortens the build time to ~5 minutes including test suite. If you just need to rerun a build and don't need the full test suite, you can also build "--without testsuite". This shaves off another three minutes. (Note that you usually *want* the full test suite.) I. python3 and python3-base naming confusion -------------------------------------------- 1. the important stuff first This is package "python3". However, master spec file for this package is "python3-base.spec". That means that all important changes should be put into "python3-base.spec" and then submitted against "python3" in OBS. Changelogs of python3-base and python3 will be merged at some point. Now they aren't, but feel free to enter changes in either or both. 2. why is that? Technical reasons. python3-base was originally supposed to be a minimal package with no external dependencies - so that it can build early in the distribution rebuild. There were also some build loops involved. Turns out, 90% of Python's standard library can be built without external dependencies. That's what we do - in python3-base. python3 then only contains the remaining bits - dependency-heavy subpackages, plus small bits depending on common packages (OpenSSL, expat, readline) Logically, python3-base must be the master spec because it builds the important parts. 3. why not rename the whole package to python3-base? Because that would be stupid. The package is called python3. 4. so why not make python3 the minimal package and put the rest in python3-the-rest? Because other distributions use python3-base as the minimal package as well. Also, packages that require python3 expect the whole deal, not a stripped-down version. 5. alright, let's build python3-base from python3.spec and python3 from someother.spec Tried that, abandoned it. It is more trouble than it's worth. II. pre_checkin.sh ------------------ Our pre_checkin.sh takes care of copying relevant portions of python3-base.spec to python3.spec. The "relevant portions" are: * list of patches list of macro definitions patch apply sequence in %prep * configure call and build setup for %build That means that when you're adding a patch, you need only add it to python3-base.spec and it will appear magically in python3.spec too. (as long as you remember to run pre_checkin.sh or have automation in place to do it for you) If you want to replicate another section from py3-base to py3, just mark the section with NEW-SECTION-BEGIN and NEW-SECTION-END (in both py3-base and py3) and add NEW-SECTION to list of $sections in pre_checkin.sh (note however that the order of sections in pre_checkin.sh must be the same as they are found in the spec files) pre_checkin.sh also finds the newest python tarball in the source directory and updates versions in all specfiles to match it. Therefore, you usually don't need to update version numbers in specs when you update Python We also regenerate import_failed map and check test exclusion lists. III. import_failed.map ---------------------- This is a mechanism installed as part of python3-base, that places shim modules on python's path (through a generated zzzz-import-failed-hooks.pth file, so that it is imported as much at the end as makes sense; and an _import_failed subdir of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part of a subpackage, the ImportError will contain a helpful message telling them which missing subpackage to install. This can sometimes cause problems on non-standard configurations, if the pth gets included too early (for instance if you are using a script to include all pths by hand in some strange order). Just something to look out for. All this is based on information in import_failed.map, which is generated from spec file filelists by pre_checkin.sh ++++++ Python-3.0b1-record-rpm.patch ++++++ --- a/Lib/distutils/command/install.py +++ b/Lib/distutils/command/install.py @@ -131,6 +131,8 @@ class install(Command): ('record=', None, "filename in which to record list of installed files"), + ('record-rpm=', None, + "filename in which to record list of installed files and directories suitable as filelist for rpm"), ] boolean_options = ['compile', 'force', 'skip-build'] @@ -213,6 +215,7 @@ class install(Command): #self.install_info = None self.record = None + self.record_rpm = None # -- Option finalizing methods ------------------------------------- @@ -560,12 +563,61 @@ class install(Command): self.create_path_file() # write list of installed files, if requested. - if self.record: + if self.record or self.record_rpm: outputs = self.get_outputs() if self.root: # strip any package prefix root_len = len(self.root) for counter in range(len(outputs)): outputs[counter] = outputs[counter][root_len:] + if self.record_rpm: # add directories + self.record = self.record_rpm + dirs = [] + # directories to reject: + rejectdirs = [ + '/etc', + '/', + '', + self.prefix, + self.exec_prefix, + self.install_base, + self.install_platbase, + self.install_purelib, + self.install_platlib, + self.install_headers[:len(self.install_headers) - len(self.distribution.get_name()) - 1], + self.install_libbase, + self.install_scripts, + self.install_data, + os.path.join(self.install_data, 'share'), + os.path.join(self.install_data, 'share', 'doc'), + ] + # directories whose childs reject: + rejectdirs2 = [ + os.path.join(self.install_data, 'share', 'man'), + ] + # directories whose grandsons reject: + rejectdirs3 = [ + os.path.join(self.install_data, 'share', 'man'), + os.path.join(self.install_data, 'share', 'locale'), + ] + for counter in range(len(rejectdirs)): + if len(rejectdirs[counter]) > root_len: + rejectdirs[counter] = rejectdirs[counter][root_len:] + for counter in range(len(rejectdirs2)): + if len(rejectdirs2[counter]) > root_len: + rejectdirs2[counter] = rejectdirs2[counter][root_len:] + for counter in range(len(rejectdirs3)): + if len(rejectdirs3[counter]) > root_len: + rejectdirs3[counter] = rejectdirs3[counter][root_len:] + for counter in range(len(outputs)): + directory = os.path.dirname(outputs[counter]) + while directory not in rejectdirs and \ + os.path.dirname(directory) not in rejectdirs2 and \ + os.path.dirname(os.path.dirname(directory)) not in rejectdirs3: + dirname = '%dir ' + directory + if dirname not in dirs: + dirs.append(dirname) + directory = os.path.dirname(directory) + outputs += dirs self.execute(write_file, (self.record, outputs), "writing list of installed files to '%s'" % ++++++ README.SUSE ++++++ Python 3 in SUSE ============== * Subpackages * Python 3 is split into several subpackages, based on external dependencies. The main package 'python3' has soft dependencies on all subpackages needed to assemble the standard library; however, these might not all be installed by default. If you attempt to import a module that is currently not installed, an ImportError is thrown, with instructions to install the missing subpackage. Installing the subpackage might result in installing libraries that the subpackage requires to function. * ensurepip * The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. Instead, you need to install package 'python3-pip'. Usually this will be installed automatically with 'python3'. Using 'ensurepip' when pip is not installed will result in an ImportError with instructions to install 'python3-pip'. * Documentation * You can find documentation in seprarate packages: python3-doc and python3-doc-pdf. These contan following documents: Tutorial, What's New in Python, Global Module Index, Library Reference, Macintosh Module Reference, Installing Python Modules, Distributing Python Modules, Language Reference, Extending and Embedding, Python/C API, Documenting Python The python3-doc package constains many text files from source tarball. * Interactive mode * Interactive mode is by default enhanced with of history and command completion. If you don't like these features, you can unset the PYTHONSTARTUP variable in your .profile or disable it system wide in /etc/profile.d/python.sh. ++++++ aarch64-prolong-timeout.patch ++++++ --- a/Lib/test/test_os.py +++ b/Lib/test/test_os.py @@ -614,7 +614,8 @@ class UtimeTests(unittest.TestCase): else: # bpo-30649: PPC64 Fedora 3.x buildbot requires # at least a delta of 14 ms - delta = 0.020 + # 0.020 is still too little for out slow buildbots. + delta = 0.030 st = os.stat(self.fname) msg = ("st_time=%r, current=%r, dt=%r" % (st.st_mtime, current, st.st_mtime - current)) ++++++ baselibs.conf ++++++ python3 python3-base libpython3_6m1_0 ++++++ bpo-36576-skip_tests_for_OpenSSL-111.patch ++++++ >From 6f582ba86532d842f4b9fe55427488d2ac9dd229 Mon Sep 17 00:00:00 2001 From: Victor Stinner <vstin...@redhat.com> Date: Fri, 5 Apr 2019 10:23:04 +0200 Subject: [PATCH] bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS 1.0, but fail with OpenSSL 1.1.1 and TLS 1.3. Fixing these needs require to backport new ssl flags like ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a minor 3.5.x release. Moreover, it is not really worth it: the code works fine, issues are in the tests. --- Lib/test/test_asyncio/test_events.py | 7 +++++++ Lib/test/test_ssl.py | 5 +++++ .../next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst | 1 + 3 files changed, 13 insertions(+) create mode 100644 Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst --- a/Lib/test/test_asyncio/test_events.py +++ b/Lib/test/test_asyncio/test_events.py @@ -39,6 +39,12 @@ except ImportError: from asyncio import test_support as support +if ssl is not None: + IS_OPENSSL_1_1_1 = ssl.OPENSSL_VERSION_INFO >= (1, 1, 1) +else: + IS_OPENSSL_1_1_1 = False + + def osx_tiger(): """Return True if the platform is Mac OS 10.4 or older.""" if sys.platform != 'darwin': @@ -1159,6 +1165,7 @@ class EventLoopTestsMixin: self.test_create_unix_server_ssl_verify_failed() @unittest.skipIf(ssl is None, 'No ssl module') + @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1") def test_create_server_ssl_match_failed(self): proto = MyProto(loop=self.loop) server, host, port = self._make_ssl_server( --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -37,6 +37,7 @@ PROTOCOLS = sorted(ssl._PROTOCOL_NAMES) HOST = support.HOST IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL') IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) +IS_OPENSSL_1_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1) def data_file(*name): @@ -961,6 +962,7 @@ class ContextTests(unittest.TestCase): self.assertIn('AES128-GCM-SHA256', names) @skip_if_broken_ubuntu_ssl + @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1") def test_options(self): ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value @@ -3240,6 +3242,7 @@ if _have_threads: ]) @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL") + @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1") def test_default_ecdh_curve(self): # Issue #21015: elliptic curve-based Diffie Hellman key exchange # should be enabled by default on SSL contexts. @@ -3372,6 +3375,7 @@ if _have_threads: self.assertIs(stats['client_alpn_protocol'], None) @unittest.skipUnless(ssl.HAS_ALPN, "ALPN support needed for this test") + @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1") def test_alpn_protocols(self): server_protocols = ['foo', 'bar', 'milkshake'] protocol_tests = [ @@ -3553,6 +3557,7 @@ if _have_threads: self.assertEqual(cm.exception.reason, 'TLSV1_ALERT_INTERNAL_ERROR') self.assertIn("TypeError", stderr.getvalue()) + @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1") def test_shared_ciphers(self): server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) server_context.load_cert_chain(SIGNED_CERTFILE) --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst @@ -0,0 +1 @@ +Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1. ++++++ bpo23395-PyErr_SetInterrupt-signal.patch ++++++ >From d823eee619c0e7c1a9bc5b0caa0d0fa4734ac052 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mc...@cepl.eu> Date: Thu, 23 May 2019 22:30:00 +0200 Subject: [PATCH] bpo-23395: Fix PyErr_SetInterrupt if the SIGINT signal is ignored or not handled (GH-7778) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ``_thread.interrupt_main()`` now avoids setting the Python error status if the ``SIGINT`` signal is ignored or not handled by Python. (cherry picked from commit 608876b6b1eb59538e6c29671a733033fb8b5be7) Co-authored-by: Matěj Cepl <mc...@cepl.eu> --- Doc/c-api/exceptions.rst | 12 +++---- Doc/library/_thread.rst | 8 +++-- Lib/test/test_threading.py | 35 +++++++++++++++++++ Misc/ACKS | 2 +- .../2016-07-27-11-06-43.bpo-23395.MuCEX9.rst | 2 ++ Modules/signalmodule.c | 13 ++++--- 6 files changed, 59 insertions(+), 13 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2016-07-27-11-06-43.bpo-23395.MuCEX9.rst --- a/Doc/c-api/exceptions.rst +++ b/Doc/c-api/exceptions.rst @@ -504,13 +504,13 @@ Signal Handling single: SIGINT single: KeyboardInterrupt (built-in exception) - This function simulates the effect of a :const:`SIGINT` signal arriving --- the - next time :c:func:`PyErr_CheckSignals` is called, :exc:`KeyboardInterrupt` will - be raised. It may be called without holding the interpreter lock. - - .. % XXX This was described as obsolete, but is used in - .. % _thread.interrupt_main() (used from IDLE), so it's still needed. + Simulate the effect of a :const:`SIGINT` signal arriving. The next time + :c:func:`PyErr_CheckSignals` is called, the Python signal handler for + :const:`SIGINT` will be called. + If :const:`SIGINT` isn't handled by Python (it was set to + :data:`signal.SIG_DFL` or :data:`signal.SIG_IGN`), this function does + nothing. .. c:function:: int PySignal_SetWakeupFd(int fd) --- a/Doc/library/_thread.rst +++ b/Doc/library/_thread.rst @@ -57,8 +57,12 @@ It defines the following constants and f .. function:: interrupt_main() - Raise a :exc:`KeyboardInterrupt` exception in the main thread. A subthread can - use this function to interrupt the main thread. + Simulate the effect of a :data:`signal.SIGINT` signal arriving in the main + thread. A thread can use this function to interrupt the main thread. + + If :data:`signal.SIGINT` isn't handled by Python (it was set to + :data:`signal.SIG_DFL` or :data:`signal.SIG_IGN`), this function does + nothing. .. function:: exit() --- a/Lib/test/test_threading.py +++ b/Lib/test/test_threading.py @@ -16,6 +16,7 @@ import unittest import weakref import os import subprocess +import signal from test import lock_tests from test import support @@ -1162,6 +1163,7 @@ class BoundedSemaphoreTests(lock_tests.B class BarrierTests(lock_tests.BarrierTests): barriertype = staticmethod(threading.Barrier) + class MiscTestCase(unittest.TestCase): def test__all__(self): extra = {"ThreadError"} @@ -1169,5 +1171,38 @@ class MiscTestCase(unittest.TestCase): support.check__all__(self, threading, ('threading', '_thread'), extra=extra, blacklist=blacklist) + +class InterruptMainTests(unittest.TestCase): + def test_interrupt_main_subthread(self): + # Calling start_new_thread with a function that executes interrupt_main + # should raise KeyboardInterrupt upon completion. + def call_interrupt(): + _thread.interrupt_main() + t = threading.Thread(target=call_interrupt) + with self.assertRaises(KeyboardInterrupt): + t.start() + t.join() + t.join() + + def test_interrupt_main_mainthread(self): + # Make sure that if interrupt_main is called in main thread that + # KeyboardInterrupt is raised instantly. + with self.assertRaises(KeyboardInterrupt): + _thread.interrupt_main() + + def test_interrupt_main_noerror(self): + handler = signal.getsignal(signal.SIGINT) + try: + # No exception should arise. + signal.signal(signal.SIGINT, signal.SIG_IGN) + _thread.interrupt_main() + + signal.signal(signal.SIGINT, signal.SIG_DFL) + _thread.interrupt_main() + finally: + # Restore original handler + signal.signal(signal.SIGINT, handler) + + if __name__ == "__main__": unittest.main() --- a/Misc/ACKS +++ b/Misc/ACKS @@ -247,7 +247,7 @@ Donn Cave Charles Cazabon Jesús Cea Avión Per Cederqvist -Matej Cepl +Matěj Cepl Carl Cerecke Octavian Cerna Michael Cetrulo --- /dev/null +++ b/Misc/NEWS.d/next/Library/2016-07-27-11-06-43.bpo-23395.MuCEX9.rst @@ -0,0 +1,2 @@ +``_thread.interrupt_main()`` now avoids setting the Python error status +if the ``SIGINT`` signal is ignored or not handled by Python. --- a/Modules/signalmodule.c +++ b/Modules/signalmodule.c @@ -1561,13 +1561,18 @@ PyErr_CheckSignals(void) } -/* Replacements for intrcheck.c functionality - * Declared in pyerrors.h - */ +/* Simulate the effect of a signal.SIGINT signal arriving. The next time + PyErr_CheckSignals is called, the Python SIGINT signal handler will be + raised. + + Missing signal handler for the SIGINT signal is silently ignored. */ void PyErr_SetInterrupt(void) { - trip_signal(SIGINT); + if ((Handlers[SIGINT].func != IgnoreHandler) && + (Handlers[SIGINT].func != DefaultHandler)) { + trip_signal(SIGINT); + } } void ++++++ bpo36263-Fix_hashlib_scrypt.patch ++++++ >From b8dc92b32bc87b127b1679f4b4a4f987d1e1d080 Mon Sep 17 00:00:00 2001 From: Victor Stinner <vstin...@redhat.com> Date: Mon, 11 Mar 2019 16:47:10 +0100 Subject: [PATCH] bpo-36263: Fix hashlib.scrypt() Fix hashlib.scrypt(): pass the salt when validating arguments. --- .../next/Library/2019-03-11-16-52-09.bpo-36263.IzB4p5.rst | 1 + Modules/_hashopenssl.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Library/2019-03-11-16-52-09.bpo-36263.IzB4p5.rst --- /dev/null +++ b/Misc/NEWS.d/next/Library/2019-03-11-16-52-09.bpo-36263.IzB4p5.rst @@ -0,0 +1 @@ +Fix :func:`hashlib.scrypt`: pass the salt when validating arguments. --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -831,7 +831,11 @@ _hashlib_scrypt_impl(PyObject *module, P } /* let OpenSSL validate the rest */ - retval = EVP_PBE_scrypt(NULL, 0, NULL, 0, n, r, p, maxmem, NULL, 0); + retval = EVP_PBE_scrypt( + NULL, 0, + (const unsigned char *)salt->buf, (size_t)salt->len, + n, r, p, maxmem, + NULL, 0); if (!retval) { /* sorry, can't do much better */ PyErr_SetString(PyExc_ValueError, ++++++ distutils-reproducible-compile.patch ++++++ Index: Python-3.6.2/Lib/distutils/util.py =================================================================== --- Python-3.6.2.orig/Lib/distutils/util.py +++ Python-3.6.2/Lib/distutils/util.py @@ -431,7 +431,7 @@ byte_compile(files, optimize=%r, force=% else: from py_compile import compile - for file in py_files: + for file in sorted(py_files): if file[-3:] != ".py": # This lets us be lazy and not filter filenames in # the "install_lib" command. ++++++ idle3.appdata.xml ++++++ <?xml version="1.0" encoding="UTF-8"?> <!-- Copyright 2017 Zbigniew Jędrzejewski-Szmek --> <application> <id type="desktop">idle3.desktop</id> <name>IDLE3</name> <metadata_licence>CC0</metadata_licence> <project_license>Python-2.0</project_license> <summary>Python 3 Integrated Development and Learning Environment</summary> <description> <p> IDLE is Python’s Integrated Development and Learning Environment. The GUI is uniform between Windows, Unix, and Mac OS X. IDLE provides an easy way to start writing, running, and debugging Python code. </p> <p> IDLE is written in pure Python, and uses the tkinter GUI toolkit. It provides: </p> <ul> <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li> <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li> <li>search within any window, replace within editor windows, and search through multiple files (grep),</li> <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li> </ul> </description> <url type="homepage">https://docs.python.org/3/library/idle.html</url> <screenshots> <screenshot type="default">http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</screenshot> <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</screenshot> <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</screenshot> </screenshots> <update_contact>zbys...@in.waw.pl</update_contact> </application> ++++++ idle3.desktop ++++++ [Desktop Entry] Version=1.0 Name=IDLE 3 GenericName=Python 3 IDE Comment=Python 3 Integrated Development and Learning Environment Exec=idle3 %F TryExec=idle3 Terminal=false Type=Application Icon=idle3 Categories=Development;IDE; MimeType=text/x-python; ++++++ import_failed.map ++++++ python3-tools: turtledemo python3-testsuite: test _ctypes_test _testbuffer _testcapi _testimportmultiple _testmultiphase xxlimited python3-tk: tkinter _tkinter python3-curses: curses _curses _curses_panel python3-dbm: dbm _dbm _gdbm python3: sqlite3 readline _sqlite3 python3-idle: idlelib ++++++ import_failed.py ++++++ import sys, os from sysconfig import get_path failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') if __spec__: failed_name = __spec__.name else: failed_name = __name__ for line in open(failed_map_path): words = line.strip().split() if not words or words[0][0] == '#': continue assert words[0][-1] == ':' package = words[0][:-1] if failed_name in words[1:]: raise ImportError("""Module '{}' is not installed. Use: sudo zypper install {} to install it.""".format(failed_name, package)) raise ImportError("""Module '{}' is not installed. It is supposed to be part of python3 distribution, but missing from failed import map. Please file a bug on the SUSE Bugzilla.""".format(failed_name)) ++++++ macros.python3 ++++++ %have_python3 1 # commented out legacy macro definitions #py3_prefix /usr #py3_incdir /usr/include/python3.5m #py3_ver 3.5 # these should now be provided by macros.python_all #python3_sitearch /usr/lib64/python3.5/site-packages #python3_sitelib /usr/lib/python3.5/site-packages #python3_version 3.5 # hard to say if anyone ever used these? #py3_soflags cpython-35m-x86_64-linux-gnu #py3_abiflags m %cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") %py3_soflags %cpython3_soabi # compilation macros that might be in use somewhere %py3_compile(O) \ find %1 -name '*.pyc' -exec rm -f {} ";"\ python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ %{-O:\ find %1 -name '*.pyo' -exec rm -f {} ";"\ python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ } ++++++ pep538_coerce_legacy_c_locale.patch ++++++ ++++ 901 lines (skipped) ++++++ pre_checkin.sh ++++++ #!/bin/bash # This script is called automatically during autobuild checkin. # # # # ...or is it? # it really doesn't seem so, you know. go run it manually. master=python3-base.spec # calculate version number from newest tar name VERSION=`ls *.tar.xz | grep '^Python-' | tail -n 1 | sed -r 's/^Python-([0-9]+\.[0-9]+.[0-9a-z]+)\.tar.*$/\1/'` if echo $VERSION | grep -q Python; then echo "Version is $VERSION and that's not right, fix the script." exit 1 fi # VERSION = 3.3.0 Version=${VERSION/[a-z]*/} # 3.3.0 tar_suffix=${VERSION#$Version} # b1 a_version=(${Version//\./ }) # 3 3 0 python_version=${VERSION:0:3} # 3.3 python_version_abitag=${python_version//./} # 33 python_version_soname=${python_version//./_} # 3_3 if [ -n "$tar_suffix" ]; then Version=$Version~$tar_suffix # 3.3.0~b1 tarversion=$VERSION # 3.3.0b1 else tarversion="%{version}" fi # set Version for every spec sed -i -r 's/(^Version:[ \t]+).*/\1'"$Version"'/' python3*.spec # set tarversion for every spec sed -i -r 's/(^%define[ \t]+tarversion[ \t]+).*/\1'$tarversion'/' python3*.spec for varname in python_version{,_abitag,_soname}; do eval varvalue=\$$varname sed -i -r 's/(^%define[ \t]+'$varname'[ \t]+).*/\1'$varvalue'/' $master done # update baselibs sed -i -r 's/^libpython.*$/libpython'$python_version_soname'm1_0/' baselibs.conf # copy definition sections sections="DEF PATCH PREP CONFIG" for slave in python3.spec python3-doc.spec; do { prev=1 for section in $sections; do if ! grep -q "COMMON-$section" $slave; then echo "Skipping $section for $slave" > /dev/stderr continue fi begin="/COMMON-$section-BEGIN/" end="/COMMON-$section-END/" sed -n -e "${prev},${begin}p" $slave sed -n -e "${begin},${end}p" $master | head -n -1 | tail -n +2 prev=$end done sed -n -e "${prev},\$p" $slave } > $slave.tmp && mv $slave.tmp $slave done osc service localrun format_spec_file # create import_failed.map from package definitions MAPFILE=import_failed.map function new_map_line () { if [ -z "$1" -o -z "$2" ]; then return fi if [ "$1" == "python3-base" ]; then return fi echo "$1:$2" >> $MAPFILE.tmp } for spec in *.spec; do basename=${spec%.spec} package= modules= while read line; do case $line in "%files -n "*) new_map_line $package "$modules" package=${line#"%files -n "} modules= ;; "%files "*) new_map_line $package "$modules" package=$basename-${line#"%files "} modules= ;; "%files") new_map_line $package "$modules" package=$basename modules= ;; "%{sitedir}/config-"*) # ignore ;; "%{sitedir}/"*) word=${line#"%{sitedir}/"} if ! echo $word | grep -q /; then modules="$modules $word" fi ;; "%{dynlib "*"}") word=${line#"%{dynlib "} word=${word%"}"} modules="$modules $word" ;; esac done < $spec new_map_line $package "$modules" done mv $MAPFILE.tmp $MAPFILE # run test inclusion check python3 skipped_tests.py # I really don't to keep all three *.changes files separate cp python3-base.changes python3.changes cp python3-base.changes python3-doc.changes ++++++ python-3.3.0b1-curses-panel.patch ++++++ Index: Modules/_curses_panel.c =================================================================== --- Modules/_curses_panel.c.orig 2012-06-26 22:19:53.000000000 +0200 +++ Modules/_curses_panel.c 2012-08-02 14:56:23.000000000 +0200 @@ -14,7 +14,7 @@ #include "py_curses.h" -#include <panel.h> +#include <ncurses/panel.h> typedef struct { PyObject *PyCursesError; ++++++ python-3.3.0b1-fix_date_time_compiler.patch ++++++ --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -738,11 +738,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(MODOBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ + -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ + -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ -o $@ $(srcdir)/Modules/getbuildinfo.c +Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile + $(CC) -c $(PY_CORE_CFLAGS) \ + -DCOMPILER='"[GCC]"' \ + -o $@ $(srcdir)/Python/getcompiler.c + Modules/getpath.o: $(srcdir)/Modules/getpath.c Makefile $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ -DPREFIX='"$(prefix)"' \ ++++++ python-3.3.0b1-localpath.patch ++++++ Index: Lib/site.py =================================================================== --- Lib/site.py.orig +++ Lib/site.py @@ -75,7 +75,7 @@ import builtins import _sitebuiltins # Prefixes for site-packages; add additional prefixes like /usr/local here -PREFIXES = [sys.prefix, sys.exec_prefix] +PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] # Enable per user site-packages directory # set it to False to disable the feature or True to force the feature ENABLE_USER_SITE = None ++++++ python-3.3.0b1-test-posix_fadvise.patch ++++++ --- a/Lib/test/test_posix.py +++ b/Lib/test/test_posix.py @@ -270,7 +270,7 @@ class PosixTester(unittest.TestCase): def test_posix_fadvise(self): fd = os.open(support.TESTFN, os.O_RDONLY) try: - posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) + posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) finally: os.close(fd) ++++++ python-3.3.3-skip-distutils-test_sysconfig_module.patch ++++++ --- a/Lib/distutils/tests/test_sysconfig.py +++ b/Lib/distutils/tests/test_sysconfig.py @@ -116,6 +116,7 @@ class SysconfigTestCase(support.EnvironG 'OTHER': 'foo'}) + @unittest.skip("Either fix distutil's sysconfig everytime we add new compiler flags or we just skip this test") def test_sysconfig_module(self): import sysconfig as global_sysconfig self.assertEqual(global_sysconfig.get_config_var('CFLAGS'), ++++++ python-3.6-CVE-2017-18207.patch ++++++ >From ae0ed14794ced2c51c822fc6f0d3ca92064619dd Mon Sep 17 00:00:00 2001 From: BT123 <abcdyzh...@163.com> Date: Fri, 17 Nov 2017 16:45:45 +0800 Subject: [PATCH] bug in wave.py --- Lib/wave.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Lib/wave.py b/Lib/wave.py index cf94d5af72b4..6db5a2e9cc96 100644 --- a/Lib/wave.py +++ b/Lib/wave.py @@ -259,6 +259,8 @@ def _read_fmt_chunk(self, chunk): self._sampwidth = (sampwidth + 7) // 8 else: raise Error('unknown format: %r' % (wFormatTag,)) + if self._nchannels == 0: + raise ValueError("The audio file in wav format should have at least one channel!") self._framesize = self._nchannels * self._sampwidth self._comptype = 'NONE' self._compname = 'not compressed' ++++++ python-3.6.0-multilib-new.patch ++++++ --- a/configure.ac +++ b/configure.ac @@ -4768,12 +4768,26 @@ AC_MSG_CHECKING(LDVERSION) LDVERSION='$(VERSION)$(ABIFLAGS)' AC_MSG_RESULT($LDVERSION) +# platlibdir must be defined before LIBPL definition +AC_MSG_CHECKING(for custom platlibdir) +AC_ARG_WITH(custom-platlibdir, + [AS_HELP_STRING([--with-custom-platlibdir=<libdirname>], + [set the platlibdir name to a custom string])], + [], + [with_custom_platlibdir=yes]) +AS_CASE($with_custom_platlibdir, + [yes],[platlibdir=`basename ${libdir}`], + [no],[platlibdir=lib], + [platlibdir=$with_custom_platlibdir]) +AC_MSG_RESULT($platlibdir) +AC_SUBST(platlibdir) + dnl define LIBPL after ABIFLAGS and LDVERSION is defined. AC_SUBST(PY_ENABLE_SHARED) if test x$PLATFORM_TRIPLET = x; then - LIBPL='$(prefix)'"/lib/python${VERSION}/config-${LDVERSION}" + LIBPL='$(prefix)'"/${platlibdir}/python${VERSION}/config-${LDVERSION}" else - LIBPL='$(prefix)'"/lib/python${VERSION}/config-${LDVERSION}-${PLATFORM_TRIPLET}" + LIBPL='$(prefix)'"/${platlibdir}/python${VERSION}/config-${LDVERSION}-${PLATFORM_TRIPLET}" fi AC_SUBST(LIBPL) --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -133,13 +133,16 @@ exec_prefix= @exec_prefix@ # Install prefix for data files datarootdir= @datarootdir@ +# Name of "lib" directory under prefix +platlibdir= @platlibdir@ + # Expanded directories BINDIR= @bindir@ LIBDIR= @libdir@ MANDIR= @mandir@ INCLUDEDIR= @includedir@ CONFINCLUDEDIR= $(exec_prefix)/include -SCRIPTDIR= $(prefix)/lib +SCRIPTDIR= @libdir@ ABIFLAGS= @ABIFLAGS@ # Detailed destination directories @@ -746,6 +749,7 @@ Modules/getpath.o: $(srcdir)/Modules/get -DEXEC_PREFIX='"$(exec_prefix)"' \ -DVERSION='"$(VERSION)"' \ -DVPATH='"$(VPATH)"' \ + -DPLATLIBDIR='"$(platlibdir)"' \ -o $@ $(srcdir)/Modules/getpath.c Programs/python.o: $(srcdir)/Programs/python.c --- a/Modules/getpath.c +++ b/Modules/getpath.c @@ -51,9 +51,10 @@ * pybuilddir.txt. If the landmark is found, we're done. * * For the remaining steps, the prefix landmark will always be - * lib/python$VERSION/os.py and the exec_prefix will always be - * lib/python$VERSION/lib-dynload, where $VERSION is Python's version - * number as supplied by the Makefile. Note that this means that no more + * $lib/python$VERSION/os.py and the exec_prefix will always be + * $lib/python$VERSION/lib-dynload, where $VERSION is Python's version + * number and $lib is PLATLIBDIR as supplied by the Makefile. (usually + * "lib", "lib32" or "lib64"). Note that this means that no more * build directory checking is performed; if the first step did not find * the landmarks, the assumption is that python is running from an * installed setup. @@ -82,7 +83,7 @@ * containing the shared library modules is appended. The environment * variable $PYTHONPATH is inserted in front of it all. Finally, the * prefix and exec_prefix globals are tweaked so they reflect the values - * expected by other code, by stripping the "lib/python$VERSION/..." stuff + * expected by other code, by stripping the "$lib/python$VERSION/..." stuff * off. If either points to the build directory, the globals are reset to * the corresponding preprocessor variables (so sys.prefix will reflect the * installation location, even though sys.path points into the build @@ -101,8 +102,8 @@ #endif -#if !defined(PREFIX) || !defined(EXEC_PREFIX) || !defined(VERSION) || !defined(VPATH) -#error "PREFIX, EXEC_PREFIX, VERSION, and VPATH must be constant defined" +#if !defined(PREFIX) || !defined(EXEC_PREFIX) || !defined(VERSION) || !defined(VPATH) || !defined(PLATLIBDIR) +#error "PREFIX, EXEC_PREFIX, VERSION, VPATH and PLATLIBDIR must be constant defined" #endif #ifndef LANDMARK @@ -494,7 +495,7 @@ calculate_path(void) _pythonpath = Py_DecodeLocale(PYTHONPATH, NULL); _prefix = Py_DecodeLocale(PREFIX, NULL); _exec_prefix = Py_DecodeLocale(EXEC_PREFIX, NULL); - lib_python = Py_DecodeLocale("lib/python" VERSION, NULL); + lib_python = Py_DecodeLocale(PLATLIBDIR "/python" VERSION, NULL); if (!_pythonpath || !_prefix || !_exec_prefix || !lib_python) { Py_FatalError( --- a/Lib/distutils/command/install.py +++ b/Lib/distutils/command/install.py @@ -30,7 +30,7 @@ WINDOWS_SCHEME = { INSTALL_SCHEMES = { 'unix_prefix': { 'purelib': '$base/lib/python$py_version_short/site-packages', - 'platlib': '$platbase/lib/python$py_version_short/site-packages', + 'platlib': '$platbase/$platlibdir/python$py_version_short/site-packages', 'headers': '$base/include/python$py_version_short$abiflags/$dist_name', 'scripts': '$base/bin', 'data' : '$base', @@ -284,7 +284,7 @@ class install(Command): # about needing recursive variable expansion (shudder). py_version = sys.version.split()[0] - (prefix, exec_prefix) = get_config_vars('prefix', 'exec_prefix') + (prefix, exec_prefix, platlibdir) = get_config_vars('prefix', 'exec_prefix', 'platlibdir') try: abiflags = sys.abiflags except AttributeError: @@ -301,6 +301,7 @@ class install(Command): 'sys_exec_prefix': exec_prefix, 'exec_prefix': exec_prefix, 'abiflags': abiflags, + 'platlibdir': platlibdir, } if HAS_USER_SITE: --- a/Lib/distutils/sysconfig.py +++ b/Lib/distutils/sysconfig.py @@ -129,8 +129,9 @@ def get_python_lib(plat_specific=0, stan prefix = plat_specific and EXEC_PREFIX or PREFIX if os.name == "posix": + libdir = plat_specific and get_config_var("platlibdir") or "lib" libpython = os.path.join(prefix, - "lib", "python" + get_python_version()) + libdir, "python" + get_python_version()) if standard_lib: return libpython else: --- a/Lib/sysconfig.py +++ b/Lib/sysconfig.py @@ -20,10 +20,10 @@ __all__ = [ _INSTALL_SCHEMES = { 'posix_prefix': { - 'stdlib': '{installed_base}/lib/python{py_version_short}', - 'platstdlib': '{platbase}/lib/python{py_version_short}', + 'stdlib': '{installed_base}/{platlibdir}/python{py_version_short}', + 'platstdlib': '{platbase}/{platlibdir}/python{py_version_short}', 'purelib': '{base}/lib/python{py_version_short}/site-packages', - 'platlib': '{platbase}/lib/python{py_version_short}/site-packages', + 'platlib': '{platbase}/{platlibdir}/python{py_version_short}/site-packages', 'include': '{installed_base}/include/python{py_version_short}{abiflags}', 'platinclude': --- a/Lib/pydoc.py +++ b/Lib/pydoc.py @@ -63,6 +63,7 @@ import pkgutil import platform import re import sys +import sysconfig import time import tokenize import urllib.parse @@ -395,9 +396,7 @@ class Doc: docmodule = docclass = docroutine = docother = docproperty = docdata = fail - def getdocloc(self, object, - basedir=os.path.join(sys.base_exec_prefix, "lib", - "python%d.%d" % sys.version_info[:2])): + def getdocloc(self, object, basedir=sysconfig.get_path('stdlib')): """Return the location of module docs or None""" try: --- a/Lib/site.py +++ b/Lib/site.py @@ -304,9 +304,15 @@ def getsitepackages(prefixes=None): seen.add(prefix) if os.sep == '/': - sitepackages.append(os.path.join(prefix, "lib", + from sysconfig import get_config_var + platlibdir = get_config_var("platlibdir") + sitepackages.append(os.path.join(prefix, platlibdir, "python%d.%d" % sys.version_info[:2], "site-packages")) + if platlibdir != "lib": + sitepackages.append(os.path.join(prefix, "lib", + "python%d.%d" % sys.version_info[:2], + "site-packages")) else: sitepackages.append(prefix) sitepackages.append(os.path.join(prefix, "lib", "site-packages")) --- a/Lib/trace.py +++ b/Lib/trace.py @@ -53,6 +53,7 @@ import linecache import os import re import sys +import sysconfig import token import tokenize import inspect @@ -670,9 +671,8 @@ def main(): opts = parser.parse_args() if opts.ignore_dir: - rel_path = 'lib', 'python{0.major}.{0.minor}'.format(sys.version_info) - _prefix = os.path.join(sys.base_prefix, *rel_path) - _exec_prefix = os.path.join(sys.base_exec_prefix, *rel_path) + _prefix = sysconfig.get_path("stdlib") + _exec_prefix = sysconfig.get_path("platstdlib") def parse_ignore_dir(s): s = os.path.expanduser(os.path.expandvars(s)) --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -264,8 +264,9 @@ class HelperFunctionsTests(unittest.Test self.assertEqual(dirs[1], wanted) elif os.sep == '/': # OS X non-framework builds, Linux, FreeBSD, etc - self.assertEqual(len(dirs), 1) - wanted = os.path.join('xoxo', 'lib', + platlibdir = sysconfig.get_config_var('platlibdir') + self.assertTrue(len(dirs) in (1,2)) + wanted = os.path.join('xoxo', platlibdir, 'python%d.%d' % sys.version_info[:2], 'site-packages') self.assertEqual(dirs[0], wanted) --- a/Lib/test/test_sysconfig.py +++ b/Lib/test/test_sysconfig.py @@ -279,6 +279,7 @@ class TestSysConfig(unittest.TestCase): # is similar to the global posix_prefix one base = get_config_var('base') user = get_config_var('userbase') + platlibdir = get_config_var("platlibdir") # the global scheme mirrors the distinction between prefix and # exec-prefix but not the user scheme, so we have to adapt the paths # before comparing (issue #9100) @@ -293,8 +294,19 @@ class TestSysConfig(unittest.TestCase): # before comparing global_path = global_path.replace(sys.base_prefix, sys.prefix) base = base.replace(sys.base_prefix, sys.prefix) + + if platlibdir != "lib": + platbase = os.path.join(base, platlibdir) + purebase = os.path.join(base, "lib") + userlib = os.path.join(user, "lib") + # replace platbase first because usually purebase is a prefix of platbase + # /usr/lib is prefix of /usr/lib64 and would get replaced first + modified_path = global_path.replace(platbase, userlib, 1).replace(purebase, userlib, 1) + else: + modified_path = global_path.replace(base, user, 1) + user_path = get_path(name, 'posix_user') - self.assertEqual(user_path, global_path.replace(base, user, 1)) + self.assertEqual(user_path, modified_path) def test_main(self): # just making sure _main() runs and returns things in the stdout ++++++ python3-base-rpmlintrc ++++++ addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/distutils/tests/xxmodule.c") addFilter("devel-file-in-non-devel-package.*/usr/include/python.*/pyconfig.h") ++++++ python3-rpmlintrc ++++++ # RPM macros are not configuration: addFilter("non-conffile-in-etc /etc/rpm/macros.python3") # Obviously, these files are meant to be empty: addFilter("zero-length /usr/lib64/python3.3/test/nullcert.pem") addFilter("zero-length /usr/lib64/python3.3/test/namespace_pkgs/module_and_namespace_package/a_test/empty") ++++++ python3-sorted_tar.patch ++++++ commit c11b93fd5e04c2541954ba7bc7b17027742edad1 Author: Bernhard M. Wiedemann <github...@lsmod.de> Date: Wed Jan 31 11:17:10 2018 +0100 bpo-30693: zip+tarfile: sort directory listing (#2263) tarfile and zipfile now sort directory listing to generate tar and zip archives in a more reproducible way. See also https://reproducible-builds.org/docs/stable-inputs/ on that topic. --- a/Doc/library/tarfile.rst +++ b/Doc/library/tarfile.rst @@ -467,6 +467,9 @@ be finalized; only the internally used f The *exclude* parameter is deprecated, please use the *filter* parameter instead. + .. versionchanged:: 3.6.4 + Recursion adds entries in sorted order. + .. method:: TarFile.addfile(tarinfo, fileobj=None) --- a/Doc/library/zipfile.rst +++ b/Doc/library/zipfile.rst @@ -466,7 +466,7 @@ The :class:`PyZipFile` constructor takes :file:`\*.pyc` are added at the top level. If the directory is a package directory, then all :file:`\*.pyc` are added under the package name as a file path, and if any subdirectories are package directories, - all of these are added recursively. + all of these are added recursively in sorted order. *basename* is intended for internal use only. @@ -499,6 +499,9 @@ The :class:`PyZipFile` constructor takes .. versionchanged:: 3.6.2 The *pathname* parameter accepts a :term:`path-like object`. + .. versionchanged:: 3.6.4 + Recursion sorts directory entries. + .. _zipinfo-objects: --- a/Lib/tarfile.py +++ b/Lib/tarfile.py @@ -1954,7 +1954,7 @@ class TarFile(object): elif tarinfo.isdir(): self.addfile(tarinfo) if recursive: - for f in os.listdir(name): + for f in sorted(os.listdir(name)): self.add(os.path.join(name, f), os.path.join(arcname, f), recursive, exclude, filter=filter) --- a/Lib/test/test_tarfile.py +++ b/Lib/test/test_tarfile.py @@ -1129,6 +1129,30 @@ class WriteTest(WriteTestBase, unittest. finally: support.rmdir(path) + # mock the following: + # os.listdir: so we know that files are in the wrong order + @unittest.mock.patch('os.listdir') + def test_ordered_recursion(self, mock_listdir): + path = os.path.join(TEMPDIR, "directory") + os.mkdir(path) + open(os.path.join(path, "1"), "a").close() + open(os.path.join(path, "2"), "a").close() + mock_listdir.return_value = ["2", "1"] + try: + tar = tarfile.open(tmpname, self.mode) + try: + tar.add(path) + paths = [] + for m in tar.getmembers(): + paths.append(os.path.split(m.name)[-1]) + self.assertEqual(paths, ["directory", "1", "2"]); + finally: + tar.close() + finally: + support.unlink(os.path.join(path, "1")) + support.unlink(os.path.join(path, "2")) + support.rmdir(path) + def test_gettarinfo_pathlike_name(self): with tarfile.open(tmpname, self.mode) as tar: path = pathlib.Path(TEMPDIR) / "file" --- a/Lib/zipfile.py +++ b/Lib/zipfile.py @@ -1860,7 +1860,7 @@ class PyZipFile(ZipFile): if self.debug: print("Adding", arcname) self.write(fname, arcname) - dirlist = os.listdir(pathname) + dirlist = sorted(os.listdir(pathname)) dirlist.remove("__init__.py") # Add all *.py files and package subdirectories for filename in dirlist: @@ -1885,7 +1885,7 @@ class PyZipFile(ZipFile): # This is NOT a package directory, add its files at top level if self.debug: print("Adding files from directory", pathname) - for filename in os.listdir(pathname): + for filename in sorted(os.listdir(pathname)): path = os.path.join(pathname, filename) root, ext = os.path.splitext(filename) if ext == ".py": @@ -2042,7 +2042,7 @@ def main(args = None): elif os.path.isdir(path): if zippath: zf.write(path, zippath) - for nm in os.listdir(path): + for nm in sorted(os.listdir(path)): addToZip(zf, os.path.join(path, nm), os.path.join(zippath, nm)) # else: ignore --- /dev/null +++ b/Misc/NEWS.d/next/Library/2017-11-27-15-09-49.bpo-30693.yC4mJ7.rst @@ -0,0 +1 @@ +The ZipFile class now recurses directories in a reproducible way. --- /dev/null +++ b/Misc/NEWS.d/next/Library/2017-11-27-15-09-49.bpo-30693.yC4mJ8.rst @@ -0,0 +1 @@ +The TarFile class now recurses directories in a reproducible way. ++++++ skip_random_failing_tests.patch ++++++ From: Michel Normand <norm...@linux.vnet.ibm.com> Subject: skip random failing tests Date: Thu, 18 Jan 2018 15:48:52 +0100 skip random failing tests: in _test_multiprocessing.py: test_async_timeout test_waitfor_timeout test_wait_integer in test_events.py: test_run_until_complete test_signal_handling_args test_call_later Reported to fail on ppc64le host on multiple osc build trials: (all failed for ppc64le, except one for ppc) === [michel@abanc:~/work/home:michel_mno:branches:devel:languages:python:Factory/python3] $idx=1; while test 1; do echo "trial $idx:"; osc build \ --vm-type kvm -j 8 --threads 4 openSUSE_Factory_PowerPC ppc64le \ >/tmp/python3_trialx_${idx}.log 2>&1 || break; ((idx++)); done === FAIL: test_async_timeout (test.test_multiprocessing_fork.WithProcessesTestPool) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/abuild/rpmbuild/BUILD/Python-3.6.4/Lib/test/_test_multiprocessing.py", line 2017, in test_async_timeout self.assertRaises(multiprocessing.TimeoutError, get, timeout=TIMEOUT2) AssertionError: TimeoutError not raised by <test._test_multiprocessing.TimingWrapper object at 0x7fff89b45f28> === FAIL: test_waitfor_timeout (test.test_multiprocessing_spawn.WithManagerTestCondition) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/abuild/rpmbuild/BUILD/Python-3.6.4/Lib/test/_test_multiprocessing.py", line 1169, in test_waitfor_timeout self.assertTrue(success.value) AssertionError: False is not true === FAIL: test_run_until_complete (test.test_asyncio.test_events.SelectEventLoopTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/abuild/rpmbuild/BUILD/Python-3.6.4/Lib/test/test_asyncio/test_events.py", line 285, in test_run_until_complete self.assertTrue(0.08 <= t1-t0 <= 0.8, t1-t0) AssertionError: False is not true : 3.966844968999993 === FAIL: test_signal_handling_args (test.test_asyncio.test_events.SelectEventLoopTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/abuild/rpmbuild/BUILD/Python-3.6.4/Lib/test/test_asyncio/test_events.py", line 566, in test_signal_handling_args self.assertEqual(caught, 1) AssertionError: 0 != 1 === (ppc) FAIL: test_wait_integer (test.test_multiprocessing_spawn.TestWait) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/abuild/rpmbuild/BUILD/Python-3.6.4/Lib/test/_test_multiprocessing.py", line 3762, in test_wait_integer self.assertLess(delta, expected + 2) AssertionError: 5.576360702514648 not less than 5 === === ====================================================================== FAIL: test_call_later (test.test_asyncio.test_events.PollEventLoopTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/abuild/rpmbuild/BUILD/Python-3.6.4/Lib/test/test_asyncio/test_events.py", line 309, in test_call_later self.assertTrue(0.08 <= t1-t0 <= 0.8, t1-t0) AssertionError: False is not true : 2.7154626529999746 ====================================================================== FAIL: test_call_later (test.test_asyncio.test_events.SelectEventLoopTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/abuild/rpmbuild/BUILD/Python-3.6.4/Lib/test/test_asyncio/test_events.py", line 309, in test_call_later self.assertTrue(0.08 <= t1-t0 <= 0.8, t1-t0) AssertionError: False is not true : 4.137590406000015 === Signed-off-by: Michel Normand <norm...@linux.vnet.ibm.com> --- Lib/test/_test_multiprocessing.py | 3 +++ Lib/test/test_asyncio/test_events.py | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) Index: Python-3.6.4/Lib/test/_test_multiprocessing.py =================================================================== --- Python-3.6.4.orig/Lib/test/_test_multiprocessing.py +++ Python-3.6.4/Lib/test/_test_multiprocessing.py @@ -1145,6 +1145,7 @@ class _TestCondition(BaseTestCase): success.value = True @unittest.skipUnless(HAS_SHAREDCTYPES, 'needs sharedctypes') + @unittest.skip("transient failure on PowerPC") def test_waitfor_timeout(self): # based on test in test/lock_tests.py cond = self.Condition() @@ -2011,6 +2012,7 @@ class _TestPool(BaseTestCase): self.assertEqual(get(), 49) self.assertTimingAlmostEqual(get.elapsed, TIMEOUT1) + @unittest.skip("transient failure on PowerPC") def test_async_timeout(self): res = self.pool.apply_async(sqr, (6, TIMEOUT2 + 1.0)) get = TimingWrapper(res.get) @@ -3738,6 +3740,7 @@ class TestWait(unittest.TestCase): sem.release() time.sleep(period) + @unittest.skip("transient failure on PowerPC") def test_wait_integer(self): from multiprocessing.connection import wait Index: Python-3.6.4/Lib/test/test_asyncio/test_events.py =================================================================== --- Python-3.6.4.orig/Lib/test/test_asyncio/test_events.py +++ Python-3.6.4/Lib/test/test_asyncio/test_events.py @@ -278,6 +278,7 @@ class EventLoopTestsMixin: # Note: because of the default Windows timing granularity of # 15.6 msec, we use fairly long sleep times here (~100 msec). + @unittest.skip("transient failure on PowerPC") def test_run_until_complete(self): t0 = self.loop.time() self.loop.run_until_complete(asyncio.sleep(0.1, loop=self.loop)) @@ -305,7 +306,7 @@ class EventLoopTestsMixin: self.loop.run_forever() t1 = time.monotonic() self.assertEqual(results, ['hello world']) - self.assertTrue(0.08 <= t1-t0 <= 0.8, t1-t0) + self.assertTrue(0.08 <= t1-t0 <= 5.0, t1-t0) def test_call_soon(self): results = [] @@ -549,6 +550,7 @@ class EventLoopTestsMixin: self.assertEqual(caught, 1) @unittest.skipUnless(hasattr(signal, 'SIGALRM'), 'No SIGALRM') + @unittest.skip("transient failure on PowerPC") def test_signal_handling_args(self): some_args = (42,) caught = 0 ++++++ skipped_tests.py ++++++ #!/usr/bin/python3 """ Simple regexp-based skipped test checker. It lists tests that are mentioned (presumably for exclusion) in BASE, and in MAIN (presumably for inclusion) and reports discrepancies. This will have a number of """ MAIN = "python3.spec" import glob import re from os.path import basename alltests = set() qemu_exclusions = set() for item in glob.glob("Python-*/Lib/test/test_*"): testname = basename(item) if testname.endswith(".py"): testname = testname[:-3] alltests.add(testname) testre = re.compile(r'[\s"](test_\w+)\b') def find_tests_in_spec(specname): global qemu_exclusions found_tests = set() with open(specname) as spec: in_qemu = False for line in spec: line = line.strip() if "#" in line: line = line[:line.index("#")] tests = set(testre.findall(line)) found_tests |= tests if line == "%if 0%{?qemu_user_space_build} > 0": in_qemu = True if in_qemu: if line == "%endif": in_qemu = False qemu_exclusions |= tests return found_tests excluded = find_tests_in_spec(MAIN) #print("--- excluded tests:", " ".join(sorted(excluded))) #print("--- included tests:", " ".join(sorted(included))) mentioned = excluded nonexistent = mentioned - alltests missing = excluded - qemu_exclusions print("--- the following tests are excluded for QEMU and not tested in python") print("--- (that probably means we don't need to worry about them)") for test in sorted(qemu_exclusions - excluded): print(test) print("--- the following tests might be excluded in python:") for test in sorted(missing): print(test) if nonexistent: print("--- the following tests don't exist:") for test in sorted(nonexistent): print(test) ++++++ subprocess-raise-timeout.patch ++++++ --- a/Lib/test/test_subprocess.py +++ b/Lib/test/test_subprocess.py @@ -1079,7 +1079,8 @@ class ProcessTestCase(BaseTestCase): self.assertIn("0.0001", str(c.exception)) # For coverage of __str__. # Some heavily loaded buildbots (sparc Debian 3.x) require this much # time to start. - self.assertEqual(p.wait(timeout=3), 0) + # OBS might require even more + self.assertEqual(p.wait(timeout=10), 0) def test_wait_endtime(self): """Confirm that the deprecated endtime parameter warns."""