pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/python27 Update to 2.7.9 removing patches that we...
details: https://anonhg.NetBSD.org/pkgsrc/rev/03ffe487d334
branches: trunk
changeset: 643401:03ffe487d334
user: chopps <chopps%pkgsrc.org@localhost>
date: Tue Dec 16 07:07:32 2014 +0000
description:
Update to 2.7.9 removing patches that were incorporated. Significant
changes include:
- The entirety of Python 3.4's ssl module has been backported for
Python 2.7.9. See PEP 466 for justification.
- HTTPS certificate validation using the system's certificate store
is now enabled by default. See PEP 476 for details.
- SSLv3 has been disabled by default in httplib and its reverse
dependencies due to the POODLE attack.
- The ensurepip module module has been backported, which provides the
pip package manager in every Python 2.7 installation. See PEP 477.
diffstat:
lang/python27/dist.mk | 4 +-
lang/python27/distinfo | 17 +-
lang/python27/patches/patch-Include_node.h | 15 -
lang/python27/patches/patch-Lib_poplib.py | 43 -----
lang/python27/patches/patch-Lib_smtplib.py | 51 ------
lang/python27/patches/patch-Lib_test_test__poplib.py | 27 ---
lang/python27/patches/patch-Lib_test_test_smtplib.py | 50 ------
lang/python27/patches/patch-Misc_NEWS | 42 -----
lang/python27/patches/patch-Modules___ssl.c | 17 --
lang/python27/patches/patch-Objects_unicodeobject.c | 152 -------------------
lang/python27/patches/patch-Python_codecs.c | 50 ------
11 files changed, 6 insertions(+), 462 deletions(-)
diffs (truncated from 529 to 300 lines):
diff -r f0250f87361a -r 03ffe487d334 lang/python27/dist.mk
--- a/lang/python27/dist.mk Tue Dec 16 07:00:52 2014 +0000
+++ b/lang/python27/dist.mk Tue Dec 16 07:07:32 2014 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.8 2014/07/02 09:53:16 adam Exp $
+# $NetBSD: dist.mk,v 1.9 2014/12/16 07:07:32 chopps Exp $
-PY_DISTVERSION= 2.7.8
+PY_DISTVERSION= 2.7.9
DISTNAME= Python-${PY_DISTVERSION}
EXTRACT_SUFX= .tar.xz
DISTINFO_FILE= ${.CURDIR}/../../lang/python27/distinfo
diff -r f0250f87361a -r 03ffe487d334 lang/python27/distinfo
--- a/lang/python27/distinfo Tue Dec 16 07:00:52 2014 +0000
+++ b/lang/python27/distinfo Tue Dec 16 07:07:32 2014 +0000
@@ -1,26 +1,17 @@
-$NetBSD: distinfo,v 1.47 2014/11/02 13:31:11 spz Exp $
+$NetBSD: distinfo,v 1.48 2014/12/16 07:07:32 chopps Exp $
-SHA1 (Python-2.7.8.tar.xz) = 9c6281eeace0c3646fa556c8087bb1b7e033c9c4
-RMD160 (Python-2.7.8.tar.xz) = 04d7d55ea65074a9b419e5d0920414e54691d907
-Size (Python-2.7.8.tar.xz) = 10525244 bytes
-SHA1 (patch-Include_node.h) = 673d148b625711ac47e4bfeb0f5b0d5b31f94d7e
+SHA1 (Python-2.7.9.tar.xz) = 3172f6e957713c2d9fca462cc16068222fd1b9d3
+RMD160 (Python-2.7.9.tar.xz) = 2b047c3b56987b473c3ca957ad87f5582c37d6f6
+Size (Python-2.7.9.tar.xz) = 12164712 bytes
SHA1 (patch-Include_pyerrors.h) = 3eba043c83b1d1df4918524f7b53047a6ed372ae
SHA1 (patch-Include_pyport.h) = 971c7c548b92595712d0d70a0917a0ccc83b6c7e
SHA1 (patch-Lib_distutils_unixccompiler.py) = 39b967dc2ae648143d5841f22602a21063b4d5ea
SHA1 (patch-Lib_multiprocessing_process.py) = b47ad4cbeddbcfb4342c08c84d0d515a793815d4
-SHA1 (patch-Lib_poplib.py) = 5d7f64b028abd2fd43651f27a7f2ce7efe5b0859
-SHA1 (patch-Lib_smtplib.py) = f1118bbc53b4e292eb9a28ef3ef10eb4aa553bc3
-SHA1 (patch-Lib_test_test__poplib.py) = 1bdef76b687d042272e35c08521d4244d2c7fbe1
-SHA1 (patch-Lib_test_test_smtplib.py) = 9e8a7f826c7d0f493746718b49fc27ac97c2cbb1
-SHA1 (patch-Misc_NEWS) = 262f9cb316d0f7ce1fb85296a07302f4cb2dd1a5
-SHA1 (patch-Modules___ssl.c) = aaddaea5bcd6c84d3d896c7c37f710933b8228bc
SHA1 (patch-Modules_getaddrinfo.c) = 696c58c4c4bbb710fb1508d7d88864d0b08cfc79
SHA1 (patch-Modules_getpath.c) = aa8a54717a85f831e3ceaad19d96c43bc38aef10
SHA1 (patch-Modules_mmapmodule.c) = 87ea76e6d8263045c1ca794ff5c75ed631a74b6d
SHA1 (patch-Modules_posixmodule.c) = b8960592611499202bb5ff8521d619e0637177b6
SHA1 (patch-Modules_socketmodule.c) = 960ce4af2a142c471c707de446f2d390044bbc13
-SHA1 (patch-Objects_unicodeobject.c) = 7edf7d2b553569bc66c883b1fd516dceb13c8cde
-SHA1 (patch-Python_codecs.c) = fce9d5f2745773b76074a8ae7389aa88fbbe4f9e
SHA1 (patch-aa) = 990e4025bb6a37715e1f5df1831499f0ab08acfa
SHA1 (patch-ab) = 6a38874aaaccc878541554546835ccbf6136bbd5
SHA1 (patch-ad) = 061aefac15fe3834271770f0fd225e12f84d961a
diff -r f0250f87361a -r 03ffe487d334 lang/python27/patches/patch-Include_node.h
--- a/lang/python27/patches/patch-Include_node.h Tue Dec 16 07:00:52 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-Include_node.h,v 1.1 2013/04/17 13:21:05 obache Exp $
-
-* _PyNode_SizeOf is used by parsermodule
-
---- Include/node.h.orig 2013-04-06 14:02:25.000000000 +0000
-+++ Include/node.h
-@@ -21,7 +21,7 @@ PyAPI_FUNC(int) PyNode_AddChild(node *n,
- char *str, int lineno, int col_offset);
- PyAPI_FUNC(void) PyNode_Free(node *n);
- #ifndef Py_LIMITED_API
--Py_ssize_t _PyNode_SizeOf(node *n);
-+PyAPI_FUNC(Py_ssize_t) _PyNode_SizeOf(node *n);
- #endif
-
- /* Node access functions */
diff -r f0250f87361a -r 03ffe487d334 lang/python27/patches/patch-Lib_poplib.py
--- a/lang/python27/patches/patch-Lib_poplib.py Tue Dec 16 07:00:52 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-$NetBSD: patch-Lib_poplib.py,v 1.1 2014/06/09 17:58:31 he Exp $
-
-Apply a fix for CVE-2013-1752.
-From http://bugs.python.org/issue16041.
-
---- Lib/poplib.py.orig 2014-06-09 11:29:36.000000000 +0000
-+++ Lib/poplib.py
-@@ -32,6 +32,12 @@ CR = '\r'
- LF = '\n'
- CRLF = CR+LF
-
-+# maximal line length when calling readline(). This is to prevent
-+# reading arbitrary lenght lines. RFC 1939 limits POP3 line length to
-+# 512 characters, including CRLF. We have selected 2048 just to be on
-+# the safe side.
-+_MAXLINE = 2048
-+
-
- class POP3:
-
-@@ -103,7 +109,10 @@ class POP3:
- # Raise error_proto('-ERR EOF') if the connection is closed.
-
- def _getline(self):
-- line = self.file.readline()
-+ line = self.file.readline(_MAXLINE + 1)
-+ if len(line) > _MAXLINE:
-+ raise error_proto('line too long')
-+
- if self._debugging > 1: print '*get*', repr(line)
- if not line: raise error_proto('-ERR EOF')
- octets = len(line)
-@@ -363,7 +372,10 @@ else:
- line = ""
- renewline = re.compile(r'.*?\n')
- match = renewline.match(self.buffer)
-+
- while not match:
-+ if len(self.buffer) > _MAXLINE:
-+ raise error_proto('line too long')
- self._fillBuffer()
- match = renewline.match(self.buffer)
- line = match.group(0)
diff -r f0250f87361a -r 03ffe487d334 lang/python27/patches/patch-Lib_smtplib.py
--- a/lang/python27/patches/patch-Lib_smtplib.py Tue Dec 16 07:00:52 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,51 +0,0 @@
-$NetBSD: patch-Lib_smtplib.py,v 1.1 2014/06/09 17:58:31 he Exp $
-
-Apply a fix for CVE-2013-1752 for the SMTP part.
-From http://bugs.python.org/issue16042.
-
---- Lib/smtplib.py.orig 2014-05-31 18:58:39.000000000 +0000
-+++ Lib/smtplib.py
-@@ -57,6 +57,7 @@ __all__ = ["SMTPException", "SMTPServerD
- SMTP_PORT = 25
- SMTP_SSL_PORT = 465
- CRLF = "\r\n"
-+_MAXLINE = 8192 # more than 8 times larger than RFC 821, 4.5.3
-
- OLDSTYLE_AUTH = re.compile(r"auth=(.*)", re.I)
-
-@@ -179,10 +180,14 @@ else:
- def __init__(self, sslobj):
- self.sslobj = sslobj
-
-- def readline(self):
-+ def readline(self, size=-1):
-+ if size < 0:
-+ size = None
- str = ""
- chr = None
- while chr != "\n":
-+ if size is not None and len(str) >= size:
-+ break
- chr = self.sslobj.read(1)
- if not chr:
- break
-@@ -353,7 +358,7 @@ class SMTP:
- self.file = self.sock.makefile('rb')
- while 1:
- try:
-- line = self.file.readline()
-+ line = self.file.readline(_MAXLINE + 1)
- except socket.error as e:
- self.close()
- raise SMTPServerDisconnected("Connection unexpectedly closed: "
-@@ -362,7 +367,9 @@ class SMTP:
- self.close()
- raise SMTPServerDisconnected("Connection unexpectedly closed")
- if self.debuglevel > 0:
-- print>>stderr, 'reply:', repr(line)
-+ print >>stderr, 'reply:', repr(line)
-+ if len(line) > _MAXLINE:
-+ raise SMTPResponseException(500, "Line too long.")
- resp.append(line[4:].strip())
- code = line[:3]
- # Check that the error code is syntactically correct.
diff -r f0250f87361a -r 03ffe487d334 lang/python27/patches/patch-Lib_test_test__poplib.py
--- a/lang/python27/patches/patch-Lib_test_test__poplib.py Tue Dec 16 07:00:52 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-$NetBSD: patch-Lib_test_test__poplib.py,v 1.1 2014/06/09 17:58:31 he Exp $
-
-Apply a fix for CVE-2013-1752.
-From http://bugs.python.org/issue16041.
-
---- Lib/test/test_poplib.py.orig 2014-06-09 11:29:38.000000000 +0000
-+++ Lib/test/test_poplib.py
-@@ -81,7 +81,7 @@ class DummyPOP3Handler(asynchat.async_ch
-
- def cmd_list(self, arg):
- if arg:
-- self.push('+OK %s %s' %(arg, arg))
-+ self.push('+OK %s %s' % (arg, arg))
- else:
- self.push('+OK')
- asynchat.async_chat.push(self, LIST_RESP)
-@@ -198,6 +198,10 @@ class TestPOP3Class(TestCase):
- 113)
- self.assertEqual(self.client.retr('foo'), expected)
-
-+ def test_too_long_lines(self):
-+ self.assertRaises(poplib.error_proto, self.client._shortcmd,
-+ 'echo %s' % (3000 * 'a'))
-+
- def test_dele(self):
- self.assertOK(self.client.dele('foo'))
-
diff -r f0250f87361a -r 03ffe487d334 lang/python27/patches/patch-Lib_test_test_smtplib.py
--- a/lang/python27/patches/patch-Lib_test_test_smtplib.py Tue Dec 16 07:00:52 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-$NetBSD: patch-Lib_test_test_smtplib.py,v 1.1 2014/06/09 17:58:31 he Exp $
-
-Apply a fix for CVE-2013-1752 for the SMTP part.
-From http://bugs.python.org/issue16042.
-
---- Lib/test/test_smtplib.py.orig 2014-05-31 18:58:39.000000000 +0000
-+++ Lib/test/test_smtplib.py
-@@ -292,6 +292,32 @@ class BadHELOServerTests(unittest.TestCa
- HOST, self.port, 'localhost', 3)
-
-
-+class TooLongLineTests(TestCase):
-+ respdata = '250 OK' + ('.' * smtplib._MAXLINE * 2) + '\n'
-+
-+ def setUp(self):
-+ self.old_stdout = sys.stdout
-+ self.output = StringIO.StringIO()
-+ sys.stdout = self.output
-+
-+ self.evt = threading.Event()
-+ self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-+ self.sock.settimeout(15)
-+ self.port = test_support.bind_port(self.sock)
-+ servargs = (self.evt, self.respdata, self.sock)
-+ threading.Thread(target=server, args=servargs).start()
-+ self.evt.wait()
-+ self.evt.clear()
-+
-+ def tearDown(self):
-+ self.evt.wait()
-+ sys.stdout = self.old_stdout
-+
-+ def testLineTooLong(self):
-+ self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP,
-+ HOST, self.port, 'localhost', 3)
-+
-+
- sim_users = {'Mr.A%somewhere.com@localhost':'John A',
- 'Ms.B%somewhere.com@localhost':'Sally B',
- 'Mrs.C%somewhereesle.com@localhost':'Ruth C',
-@@ -511,7 +537,8 @@ class SMTPSimTests(unittest.TestCase):
- def test_main(verbose=None):
- test_support.run_unittest(GeneralTests, DebuggingServerTests,
- NonConnectingTests,
-- BadHELOServerTests, SMTPSimTests)
-+ BadHELOServerTests, SMTPSimTests,
-+ TooLongLineTests)
-
- if __name__ == '__main__':
- test_main()
diff -r f0250f87361a -r 03ffe487d334 lang/python27/patches/patch-Misc_NEWS
--- a/lang/python27/patches/patch-Misc_NEWS Tue Dec 16 07:00:52 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-$NetBSD: patch-Misc_NEWS,v 1.5 2014/11/02 13:31:11 spz Exp $
-
-Note added fixes.
-
---- Misc/NEWS.orig 2014-06-30 02:05:39.000000000 +0000
-+++ Misc/NEWS
-@@ -10,6 +10,11 @@ What's New in Python 2.7.8?
- Core and Builtins
- -----------------
-
-+- Issue #22518: Fix integer overflow issues in latin-1 encoding.
-+
-+- Issue #22470: Fixed integer overflow issues in "backslashreplace" and
-+ "xmlcharrefreplace" error handlers.
-+
- - Issue #4346: In PyObject_CallMethod and PyObject_CallMethodObjArgs, don't
- overwrite the error set in PyObject_GetAttr.
-
-@@ -207,6 +212,9 @@ Core and Builtins
- Library
- -------
-
-+- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
-+ before checking for a CGI script at that path.
-+
- - Issue #10744: Fix PEP 3118 format strings on ctypes objects with a nontrivial
- shape.
-
-@@ -729,6 +737,13 @@ Library
- prevent readline() calls from consuming too much memory. Patch by Jyrki
- Pulliainen.
-
-+- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
-+ prevent readline() calls from consuming too much memory. Patch by Jyrki
-+ Pulliainen.
-+
-+- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by
-+ limiting the call to readline(). Original patch by Christian Heimes.
-+
- - Issue #12641: Avoid passing "-mno-cygwin" to the mingw32 compiler, except
- when necessary. Patch by Oscar Benjamin.
-
diff -r f0250f87361a -r 03ffe487d334 lang/python27/patches/patch-Modules___ssl.c
--- a/lang/python27/patches/patch-Modules___ssl.c Tue Dec 16 07:00:52 2014 +0000
Home |
Main Index |
Thread Index |
Old Index