diff options
Diffstat (limited to 'dev-lang/python/files')
4 files changed, 0 insertions, 375 deletions
diff --git a/dev-lang/python/files/python-2.7.15-PGO-r1.patch b/dev-lang/python/files/python-2.7.15-PGO-r1.patch deleted file mode 100644 index 75c976702a50..000000000000 --- a/dev-lang/python/files/python-2.7.15-PGO-r1.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff -ur Python-2.7.16.orig/Lib/distutils/ccompiler.py Python-2.7.16/Lib/distutils/ccompiler.py ---- Python-2.7.16.orig/Lib/distutils/ccompiler.py 2019-03-02 19:17:42.000000000 +0100 -+++ Python-2.7.16/Lib/distutils/ccompiler.py 2019-03-09 16:30:09.036803900 +0100 -@@ -14,7 +14,7 @@ - from distutils.spawn import spawn - from distutils.file_util import move_file - from distutils.dir_util import mkpath --from distutils.dep_util import newer_group -+from distutils.dep_util import newer_group, newer - from distutils.util import split_quoted, execute - from distutils import log - # following import is for backward compatibility -@@ -571,7 +571,9 @@ - src, ext = build[obj] - except KeyError: - continue -- self._compile(obj, src, ext, cc_args, extra_postargs, pp_opts) -+ if newer(src, obj): -+ # some extensions share source files so we need to avoid compiling the same source multiple times -+ self._compile(obj, src, ext, cc_args, extra_postargs, pp_opts) - - # Return *all* object filenames, not just the ones we just built. - return objects -diff -ur Python-2.7.16.orig/Lib/distutils/dep_util.py Python-2.7.16/Lib/distutils/dep_util.py ---- Python-2.7.16.orig/Lib/distutils/dep_util.py 2019-03-02 19:17:42.000000000 +0100 -+++ Python-2.7.16/Lib/distutils/dep_util.py 2019-03-09 16:30:09.036803900 +0100 -@@ -11,7 +11,7 @@ - from distutils.errors import DistutilsFileError - - def newer(source, target): -- """Tells if the target is newer than the source. -+ """Tells if the source is newer than the target. - - Return true if 'source' exists and is more recently modified than - 'target', or if 'source' exists and 'target' doesn't. -diff -ur Python-2.7.16.orig/Makefile.pre.in Python-2.7.16/Makefile.pre.in ---- Python-2.7.16.orig/Makefile.pre.in 2019-03-09 16:29:29.004188933 +0100 -+++ Python-2.7.16/Makefile.pre.in 2019-03-09 16:33:30.788823762 +0100 -@@ -209,9 +209,9 @@ - TCLTK_LIBS= @TCLTK_LIBS@ - - # The task to run while instrument when building the profile-opt target --# We exclude unittests with -x that take a rediculious amount of time to --# run in the instrumented training build or do not provide much value. --PROFILE_TASK=-m test.regrtest --pgo -x test_asyncore test_gdb test_multiprocessing test_subprocess -+# We exclude unittests with -x that take a ridiculous amount of time to -+# run in the instrumented training build or do not provide much value -+PROFILE_TASK=-m test.regrtest --pgo $(EXTRATESTOPTS) -x test_asyncore test_gdb test_multiprocessing test_subprocess test_xpickle - - # report files for gcov / lcov coverage report - COVERAGE_INFO= $(abs_builddir)/coverage.info -@@ -437,7 +437,7 @@ - - run_profile_task: - : # FIXME: can't run for a cross build -- $(LLVM_PROF_FILE) $(RUNSHARED) ./$(BUILDPYTHON) $(PROFILE_TASK) || true -+ $(LLVM_PROF_FILE) _PYTHONNOSITEPACKAGES=1 $(RUNSHARED) ./$(BUILDPYTHON) -E $(PROFILE_TASK) || true # allow failures here - - build_all_merge_profile: - $(LLVM_PROF_MERGER) -diff -ur Python-2.7.16.orig/setup.py Python-2.7.16/setup.py ---- Python-2.7.16.orig/setup.py 2019-03-09 16:29:29.028188103 +0100 -+++ Python-2.7.16/setup.py 2019-03-09 16:30:09.037803866 +0100 -@@ -269,11 +269,13 @@ - # those environment variables passed into the setup.py phase. Here's - # a small set of useful ones. - compiler = os.environ.get('CC') -+ # it's important to get CFLAGS from the environment for proper extension PGO support -+ cflags = os.environ.get('CFLAGS', sysconfig.get_config_vars('CFLAGS')[0]) - args = {} - # unfortunately, distutils doesn't let us provide separate C and C++ - # compilers - if compiler is not None: -- (ccshared,cflags) = sysconfig.get_config_vars('CCSHARED','CFLAGS') -+ (ccshared,) = sysconfig.get_config_vars('CCSHARED') - args['compiler_so'] = compiler + ' ' + ccshared + ' ' + cflags - self.compiler.set_executables(**args) - - diff --git a/dev-lang/python/files/python-3.5-CVE-2020-8492.patch b/dev-lang/python/files/python-3.5-CVE-2020-8492.patch deleted file mode 100644 index 924a3a69ac4c..000000000000 --- a/dev-lang/python/files/python-3.5-CVE-2020-8492.patch +++ /dev/null @@ -1,239 +0,0 @@ -From 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 Mon Sep 17 00:00:00 2001 -From: Victor Stinner <vstinner@python.org> -Date: Thu, 2 Apr 2020 02:52:20 +0200 -Subject: [PATCH] bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler - (GH-18284) - -The AbstractBasicAuthHandler class of the urllib.request module uses -an inefficient regular expression which can be exploited by an -attacker to cause a denial of service. Fix the regex to prevent the -catastrophic backtracking. Vulnerability reported by Ben Caller -and Matt Schwager. - -AbstractBasicAuthHandler of urllib.request now parses all -WWW-Authenticate HTTP headers and accepts multiple challenges per -header: use the realm of the first Basic challenge. - -Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> ---- - Lib/test/test_urllib2.py | 90 ++++++++++++------- - Lib/urllib/request.py | 69 ++++++++++---- - .../2020-03-25-16-02-16.bpo-39503.YmMbYn.rst | 3 + - .../2020-01-30-16-15-29.bpo-39503.B299Yq.rst | 5 ++ - 4 files changed, 115 insertions(+), 52 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst - create mode 100644 Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst - -diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py -index 8abedaac9850a..e69ac3e2136a2 100644 ---- a/Lib/test/test_urllib2.py -+++ b/Lib/test/test_urllib2.py -@@ -1446,40 +1446,64 @@ def test_osx_proxy_bypass(self): - bypass = {'exclude_simple': True, 'exceptions': []} - self.assertTrue(_proxy_bypass_macosx_sysconf('test', bypass)) - -- def test_basic_auth(self, quote_char='"'): -- opener = OpenerDirector() -- password_manager = MockPasswordManager() -- auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager) -- realm = "ACME Widget Store" -- http_handler = MockHTTPHandler( -- 401, 'WWW-Authenticate: Basic realm=%s%s%s\r\n\r\n' % -- (quote_char, realm, quote_char)) -- opener.add_handler(auth_handler) -- opener.add_handler(http_handler) -- self._test_basic_auth(opener, auth_handler, "Authorization", -- realm, http_handler, password_manager, -- "http://acme.example.com/protected", -- "http://acme.example.com/protected", -- ) -- -- def test_basic_auth_with_single_quoted_realm(self): -- self.test_basic_auth(quote_char="'") -- -- def test_basic_auth_with_unquoted_realm(self): -- opener = OpenerDirector() -- password_manager = MockPasswordManager() -- auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager) -- realm = "ACME Widget Store" -- http_handler = MockHTTPHandler( -- 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) -- opener.add_handler(auth_handler) -- opener.add_handler(http_handler) -- with self.assertWarns(UserWarning): -+ def check_basic_auth(self, headers, realm): -+ with self.subTest(realm=realm, headers=headers): -+ opener = OpenerDirector() -+ password_manager = MockPasswordManager() -+ auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager) -+ body = '\r\n'.join(headers) + '\r\n\r\n' -+ http_handler = MockHTTPHandler(401, body) -+ opener.add_handler(auth_handler) -+ opener.add_handler(http_handler) - self._test_basic_auth(opener, auth_handler, "Authorization", -- realm, http_handler, password_manager, -- "http://acme.example.com/protected", -- "http://acme.example.com/protected", -- ) -+ realm, http_handler, password_manager, -+ "http://acme.example.com/protected", -+ "http://acme.example.com/protected") -+ -+ def test_basic_auth(self): -+ realm = "realm2@example.com" -+ realm2 = "realm2@example.com" -+ basic = f'Basic realm="{realm}"' -+ basic2 = f'Basic realm="{realm2}"' -+ other_no_realm = 'Otherscheme xxx' -+ digest = (f'Digest realm="{realm2}", ' -+ f'qop="auth, auth-int", ' -+ f'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' -+ f'opaque="5ccc069c403ebaf9f0171e9517f40e41"') -+ for realm_str in ( -+ # test "quote" and 'quote' -+ f'Basic realm="{realm}"', -+ f"Basic realm='{realm}'", -+ -+ # charset is ignored -+ f'Basic realm="{realm}", charset="UTF-8"', -+ -+ # Multiple challenges per header -+ f'{basic}, {basic2}', -+ f'{basic}, {other_no_realm}', -+ f'{other_no_realm}, {basic}', -+ f'{basic}, {digest}', -+ f'{digest}, {basic}', -+ ): -+ headers = [f'WWW-Authenticate: {realm_str}'] -+ self.check_basic_auth(headers, realm) -+ -+ # no quote: expect a warning -+ with support.check_warnings(("Basic Auth Realm was unquoted", -+ UserWarning)): -+ headers = [f'WWW-Authenticate: Basic realm={realm}'] -+ self.check_basic_auth(headers, realm) -+ -+ # Multiple headers: one challenge per header. -+ # Use the first Basic realm. -+ for challenges in ( -+ [basic, basic2], -+ [basic, digest], -+ [digest, basic], -+ ): -+ headers = [f'WWW-Authenticate: {challenge}' -+ for challenge in challenges] -+ self.check_basic_auth(headers, realm) - - def test_proxy_basic_auth(self): - opener = OpenerDirector() -diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py -index 7fe50535da138..2a3d71554f4bf 100644 ---- a/Lib/urllib/request.py -+++ b/Lib/urllib/request.py -@@ -937,8 +937,15 @@ class AbstractBasicAuthHandler: - - # allow for double- and single-quoted realm values - # (single quotes are a violation of the RFC, but appear in the wild) -- rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' -- 'realm=(["\']?)([^"\']*)\\2', re.I) -+ rx = re.compile('(?:^|,)' # start of the string or ',' -+ '[ \t]*' # optional whitespaces -+ '([^ \t]+)' # scheme like "Basic" -+ '[ \t]+' # mandatory whitespaces -+ # realm=xxx -+ # realm='xxx' -+ # realm="xxx" -+ 'realm=(["\']?)([^"\']*)\\2', -+ re.I) - - # XXX could pre-emptively send auth info already accepted (RFC 2617, - # end of section 2, and section 1.2 immediately after "credentials" -@@ -950,27 +957,51 @@ def __init__(self, password_mgr=None): - self.passwd = password_mgr - self.add_password = self.passwd.add_password - -+ def _parse_realm(self, header): -+ # parse WWW-Authenticate header: accept multiple challenges per header -+ found_challenge = False -+ for mo in AbstractBasicAuthHandler.rx.finditer(header): -+ scheme, quote, realm = mo.groups() -+ if quote not in ['"', "'"]: -+ warnings.warn("Basic Auth Realm was unquoted", -+ UserWarning, 3) -+ -+ yield (scheme, realm) -+ -+ found_challenge = True -+ -+ if not found_challenge: -+ if header: -+ scheme = header.split()[0] -+ else: -+ scheme = '' -+ yield (scheme, None) -+ - def http_error_auth_reqed(self, authreq, host, req, headers): - # host may be an authority (without userinfo) or a URL with an - # authority -- # XXX could be multiple headers -- authreq = headers.get(authreq, None) -+ headers = headers.get_all(authreq) -+ if not headers: -+ # no header found -+ return - -- if authreq: -- scheme = authreq.split()[0] -- if scheme.lower() != 'basic': -- raise ValueError("AbstractBasicAuthHandler does not" -- " support the following scheme: '%s'" % -- scheme) -- else: -- mo = AbstractBasicAuthHandler.rx.search(authreq) -- if mo: -- scheme, quote, realm = mo.groups() -- if quote not in ['"',"'"]: -- warnings.warn("Basic Auth Realm was unquoted", -- UserWarning, 2) -- if scheme.lower() == 'basic': -- return self.retry_http_basic_auth(host, req, realm) -+ unsupported = None -+ for header in headers: -+ for scheme, realm in self._parse_realm(header): -+ if scheme.lower() != 'basic': -+ unsupported = scheme -+ continue -+ -+ if realm is not None: -+ # Use the first matching Basic challenge. -+ # Ignore following challenges even if they use the Basic -+ # scheme. -+ return self.retry_http_basic_auth(host, req, realm) -+ -+ if unsupported is not None: -+ raise ValueError("AbstractBasicAuthHandler does not " -+ "support the following scheme: %r" -+ % (scheme,)) - - def retry_http_basic_auth(self, host, req, realm): - user, pw = self.passwd.find_user_password(realm, host) -diff --git a/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst b/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst -new file mode 100644 -index 0000000000000..be80ce79d91ed ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst -@@ -0,0 +1,3 @@ -+:class:`~urllib.request.AbstractBasicAuthHandler` of :mod:`urllib.request` -+now parses all WWW-Authenticate HTTP headers and accepts multiple challenges -+per header: use the realm of the first Basic challenge. -diff --git a/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst -new file mode 100644 -index 0000000000000..9f2800581ca5e ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst -@@ -0,0 +1,5 @@ -+CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class of the -+:mod:`urllib.request` module uses an inefficient regular expression which can -+be exploited by an attacker to cause a denial of service. Fix the regex to -+prevent the catastrophic backtracking. Vulnerability reported by Ben Caller -+and Matt Schwager. diff --git a/dev-lang/python/files/test.support.unlink-ignore-EPERM.patch b/dev-lang/python/files/test.support.unlink-ignore-EPERM.patch deleted file mode 100644 index 49f815daaac0..000000000000 --- a/dev-lang/python/files/test.support.unlink-ignore-EPERM.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 789c61e1a1966241d274012cdbd5fb9716448952 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <floppym@gentoo.org> -Date: Fri, 3 Apr 2020 10:37:56 -0400 -Subject: [PATCH] test.support.unlink: ignore EPERM - -Resolves test errors when running in the Gentoo sandbox environment. - -Bug: https://bugs.gentoo.org/679628 ---- - Lib/test/support/__init__.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py -index ccc11c1b4b0..c5ec06bb420 100644 ---- a/Lib/test/support/__init__.py -+++ b/Lib/test/support/__init__.py -@@ -291,7 +291,7 @@ def unlink(filename): - try: - _unlink(filename) - except OSError as exc: -- if exc.errno not in (errno.ENOENT, errno.ENOTDIR): -+ if exc.errno not in (errno.ENOENT, errno.ENOTDIR, errno.EPERM): - raise - - def rmdir(dirname): --- -2.26.0 - - diff --git a/dev-lang/python/files/test.support.unlink-ignore-PermissionError.patch b/dev-lang/python/files/test.support.unlink-ignore-PermissionError.patch deleted file mode 100644 index bdf74e0edcb1..000000000000 --- a/dev-lang/python/files/test.support.unlink-ignore-PermissionError.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6e6402caa7962a9c9f7c5327f3c802545824f7f9 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <floppym@gentoo.org> -Date: Fri, 3 Apr 2020 10:37:56 -0400 -Subject: [PATCH] test.support.unlink: ignore PermissionError - -Resolves test errors when running in the Gentoo sandbox environment. - -Bug: https://bugs.gentoo.org/679628 ---- - Lib/test/support/__init__.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py -index 1f792d8514d..a0772480eb4 100644 ---- a/Lib/test/support/__init__.py -+++ b/Lib/test/support/__init__.py -@@ -488,7 +488,7 @@ else: - def unlink(filename): - try: - _unlink(filename) -- except (FileNotFoundError, NotADirectoryError): -+ except (FileNotFoundError, NotADirectoryError, PermissionError): - pass - - def rmdir(dirname): --- -2.26.0 - |