commit f7e71aa7eb2ec6c091397a3bfc9d4d0d749d2b0a Author: Juergen Daubert <jue@jue.li> Date: Sat May 5 15:14:09 2018 +0200 [notify] python: update to 2.7.15, closes FS#1655 several security fixes, see https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.15rc1.rst diff --git a/python/.footprint b/python/.footprint index bb48ad2c5..83c9aa625 100644 --- a/python/.footprint +++ b/python/.footprint @@ -1036,8 +1036,8 @@ drwxr-xr-x root/root usr/lib/python2.7/ensurepip/ -rw-r--r-- root/root usr/lib/python2.7/ensurepip/__main__.pyc -rw-r--r-- root/root usr/lib/python2.7/ensurepip/__main__.pyo drwxr-xr-x root/root usr/lib/python2.7/ensurepip/_bundled/ --rw-r--r-- root/root usr/lib/python2.7/ensurepip/_bundled/pip-9.0.1-py2.py3-none-any.whl --rw-r--r-- root/root usr/lib/python2.7/ensurepip/_bundled/setuptools-28.8.0-py2.py3-none-any.whl +-rw-r--r-- root/root usr/lib/python2.7/ensurepip/_bundled/pip-9.0.3-py2.py3-none-any.whl +-rw-r--r-- root/root usr/lib/python2.7/ensurepip/_bundled/setuptools-39.0.1-py2.py3-none-any.whl -rw-r--r-- root/root usr/lib/python2.7/ensurepip/_uninstall.py -rw-r--r-- root/root usr/lib/python2.7/ensurepip/_uninstall.pyc -rw-r--r-- root/root usr/lib/python2.7/ensurepip/_uninstall.pyo @@ -1440,7 +1440,7 @@ drwxr-xr-x root/root usr/lib/python2.7/json/ -rw-r--r-- root/root usr/lib/python2.7/keyword.pyc -rw-r--r-- root/root usr/lib/python2.7/keyword.pyo drwxr-xr-x root/root usr/lib/python2.7/lib-dynload/ --rw-r--r-- root/root usr/lib/python2.7/lib-dynload/Python-2.7.14-py2.7.egg-info +-rw-r--r-- root/root usr/lib/python2.7/lib-dynload/Python-2.7.15-py2.7.egg-info -rwxr-xr-x root/root usr/lib/python2.7/lib-dynload/_bisect.so -rwxr-xr-x root/root usr/lib/python2.7/lib-dynload/_bsddb.so -rwxr-xr-x root/root usr/lib/python2.7/lib-dynload/_codecs_cn.so @@ -1614,9 +1614,9 @@ drwxr-xr-x root/root usr/lib/python2.7/lib-tk/test/test_ttk/ -rw-r--r-- root/root usr/lib/python2.7/lib-tk/turtle.pyo drwxr-xr-x root/root usr/lib/python2.7/lib2to3/ -rw-r--r-- root/root usr/lib/python2.7/lib2to3/Grammar.txt --rw-r--r-- root/root usr/lib/python2.7/lib2to3/Grammar2.7.14.final.0.pickle +-rw-r--r-- root/root usr/lib/python2.7/lib2to3/Grammar2.7.15.final.0.pickle -rw-r--r-- root/root usr/lib/python2.7/lib2to3/PatternGrammar.txt --rw-r--r-- root/root usr/lib/python2.7/lib2to3/PatternGrammar2.7.14.final.0.pickle +-rw-r--r-- root/root usr/lib/python2.7/lib2to3/PatternGrammar2.7.15.final.0.pickle -rw-r--r-- root/root usr/lib/python2.7/lib2to3/__init__.py -rw-r--r-- root/root usr/lib/python2.7/lib2to3/__init__.pyc -rw-r--r-- root/root usr/lib/python2.7/lib2to3/__init__.pyo @@ -2540,7 +2540,6 @@ drwxr-xr-x root/root usr/lib/python2.7/test/imghdrdata/ -rw-r--r-- root/root usr/lib/python2.7/test/seq_tests.pyc -rw-r--r-- root/root usr/lib/python2.7/test/seq_tests.pyo -rw-r--r-- root/root usr/lib/python2.7/test/sgml_input.html --rw-r--r-- root/root usr/lib/python2.7/test/sha256.pem -rw-r--r-- root/root usr/lib/python2.7/test/sortperf.py -rw-r--r-- root/root usr/lib/python2.7/test/sortperf.pyc -rw-r--r-- root/root usr/lib/python2.7/test/sortperf.pyo @@ -3828,6 +3827,7 @@ drwxr-xr-x root/root usr/lib/python2.7/test/tracedmodules/ -rw-r--r-- root/root usr/lib/python2.7/test/win_console_handler.pyo -rw-r--r-- root/root usr/lib/python2.7/test/wrongcert.pem drwxr-xr-x root/root usr/lib/python2.7/test/xmltestdata/ +-rw-r--r-- root/root usr/lib/python2.7/test/xmltestdata/expat224_utf8_bug.xml -rw-r--r-- root/root usr/lib/python2.7/test/xmltestdata/simple-ns.xml -rw-r--r-- root/root usr/lib/python2.7/test/xmltestdata/simple.xml -rw-r--r-- root/root usr/lib/python2.7/test/xmltestdata/test.xml diff --git a/python/.md5sum b/python/.md5sum index 2522becf5..ce21c0a0b 100644 --- a/python/.md5sum +++ b/python/.md5sum @@ -1,3 +1,2 @@ -ff653e9e002ca0e3d4a828988e52edd3 CVE-2018-1000030.patch -1f6db41ad91d9eb0a6f0c769b8613c5b Python-2.7.14.tar.xz +a80ae3cc478460b922242f43a1b4094d Python-2.7.15.tar.xz 387d5f6d00d2be01ecb87216cac0f88c pyconfig.h diff --git a/python/.signature b/python/.signature index 660b6eece..699fd46d7 100644 --- a/python/.signature +++ b/python/.signature @@ -1,7 +1,6 @@ untrusted comment: verify with /etc/ports/opt.pub -RWSE3ohX2g5d/boQipBgLcfxZlqFZR09X30s/Z5MGSa539QoTYA6+7gBtc/kPgMKpF6e8opocX6wAQjcf9trsFzX4XMdoJaRFwY= -SHA256 (Pkgfile) = 68fdadc03201267d440d69f8cd2e02a028887cf0b274d02ca17c52095aa8c663 -SHA256 (.footprint) = cad0b763c2deaad518b7c81ea32fbbe025df03c1548002336ef818ca9f4cf7ce -SHA256 (Python-2.7.14.tar.xz) = 71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66 -SHA256 (CVE-2018-1000030.patch) = f7ff89ad24d529532b4dfa6bd601d8f7368c3ae3950dae539ecc11e5e09b3ecb +RWSE3ohX2g5d/QL9azCD8wrAyLYz7OIZz45ib254f7ONHFsMdZTkv/eshI8AxHtmbP0Nr59Mwf0D7Rm+UB866dHroOwADn7Vmgw= +SHA256 (Pkgfile) = cd669df4f421b7406cbca94fb69daf8128bdd018e2039c4ecec8724da3f709ea +SHA256 (.footprint) = 31c574d370b644955bc7d95e69f2b234ac56ecb5b4934bdeb27f99637137fcb9 +SHA256 (Python-2.7.15.tar.xz) = 22d9b1ac5b26135ad2b8c2901a9413537e08749a753356ee913c84dbd2df5574 SHA256 (pyconfig.h) = 081426cb9524c2e156a71bb035c25a67e44d389afc6f7e091bcf86a7f4e2002f diff --git a/python/CVE-2018-1000030.patch b/python/CVE-2018-1000030.patch deleted file mode 100644 index efec47684..000000000 --- a/python/CVE-2018-1000030.patch +++ /dev/null @@ -1,258 +0,0 @@ ---- a/Lib/test/test_file2k.py 2018-02-16 17:49:45.180147747 -0500 -+++ b/Lib/test/test_file2k.py 2018-02-16 17:51:06.870149602 -0500 -@@ -652,6 +652,33 @@ class FileThreadingTests(unittest.TestCa - self.f.writelines('') - self._test_close_open_io(io_func) - -+ def test_iteration_torture(self): -+ # bpo-31530 -+ with open(self.filename, "wb") as fp: -+ for i in xrange(2**20): -+ fp.write(b"0"*50 + b"\n") -+ with open(self.filename, "rb") as f: -+ def it(): -+ for l in f: -+ pass -+ self._run_workers(it, 10) -+ -+ def test_iteration_seek(self): -+ # bpo-31530: Crash when concurrently seek and iterate over a file. -+ with open(self.filename, "wb") as fp: -+ for i in xrange(10000): -+ fp.write(b"0"*50 + b"\n") -+ with open(self.filename, "rb") as f: -+ it = iter([1] + [0]*10) # one thread reads, others seek -+ def iterate(): -+ if next(it): -+ for l in f: -+ pass -+ else: -+ for i in xrange(100): -+ f.seek(i*100, 0) -+ self._run_workers(iterate, 10) -+ - - @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.') - class TestFileSignalEINTR(unittest.TestCase): ---- a/Objects/fileobject.c 2018-02-16 17:49:45.304147750 -0500 -+++ b/Objects/fileobject.c 2018-02-16 17:51:06.872149603 -0500 -@@ -430,7 +430,7 @@ close_the_file(PyFileObject *f) - if (f->ob_refcnt > 0) { - PyErr_SetString(PyExc_IOError, - "close() called during concurrent " -- "operation on the same file object."); -+ "operation on the same file object"); - } else { - /* This should not happen unless someone is - * carelessly playing with the PyFileObject -@@ -438,7 +438,7 @@ close_the_file(PyFileObject *f) - * pointer. */ - PyErr_SetString(PyExc_SystemError, - "PyFileObject locking error in " -- "destructor (refcnt <= 0 at close)."); -+ "destructor (refcnt <= 0 at close)"); - } - return NULL; - } -@@ -604,7 +604,12 @@ err_iterbuffered(void) - return NULL; - } - --static void drop_readahead(PyFileObject *); -+static void -+drop_file_readahead(PyFileObject *f) -+{ -+ PyMem_FREE(f->f_buf); -+ f->f_buf = NULL; -+} - - /* Methods */ - -@@ -627,7 +632,7 @@ file_dealloc(PyFileObject *f) - Py_XDECREF(f->f_mode); - Py_XDECREF(f->f_encoding); - Py_XDECREF(f->f_errors); -- drop_readahead(f); -+ drop_file_readahead(f); - Py_TYPE(f)->tp_free((PyObject *)f); - } - -@@ -762,7 +767,7 @@ file_seek(PyFileObject *f, PyObject *arg - - if (f->f_fp == NULL) - return err_closed(); -- drop_readahead(f); -+ drop_file_readahead(f); - whence = 0; - if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence)) - return NULL; -@@ -2221,12 +2226,16 @@ static PyGetSetDef file_getsetlist[] = { - {0}, - }; - -+typedef struct { -+ char *buf, *bufptr, *bufend; -+} readaheadbuffer; -+ - static void --drop_readahead(PyFileObject *f) -+drop_readaheadbuffer(readaheadbuffer *rab) - { -- if (f->f_buf != NULL) { -- PyMem_Free(f->f_buf); -- f->f_buf = NULL; -+ if (rab->buf != NULL) { -+ PyMem_FREE(rab->buf); -+ rab->buf = NULL; - } - } - -@@ -2234,35 +2243,34 @@ drop_readahead(PyFileObject *f) - (unless at EOF) and no more than bufsize. Returns negative value on - error, will set MemoryError if bufsize bytes cannot be allocated. */ - static int --readahead(PyFileObject *f, Py_ssize_t bufsize) -+readahead(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t bufsize) - { - Py_ssize_t chunksize; - -- if (f->f_buf != NULL) { -- if( (f->f_bufend - f->f_bufptr) >= 1) -+ if (rab->buf != NULL) { -+ if ((rab->bufend - rab->bufptr) >= 1) - return 0; - else -- drop_readahead(f); -+ drop_readaheadbuffer(rab); - } -- if ((f->f_buf = (char *)PyMem_Malloc(bufsize)) == NULL) { -+ if ((rab->buf = PyMem_MALLOC(bufsize)) == NULL) { - PyErr_NoMemory(); - return -1; - } - FILE_BEGIN_ALLOW_THREADS(f) - errno = 0; -- chunksize = Py_UniversalNewlineFread( -- f->f_buf, bufsize, f->f_fp, (PyObject *)f); -+ chunksize = Py_UniversalNewlineFread(rab->buf, bufsize, f->f_fp, (PyObject *)f); - FILE_END_ALLOW_THREADS(f) - if (chunksize == 0) { - if (ferror(f->f_fp)) { - PyErr_SetFromErrno(PyExc_IOError); - clearerr(f->f_fp); -- drop_readahead(f); -+ drop_readaheadbuffer(rab); - return -1; - } - } -- f->f_bufptr = f->f_buf; -- f->f_bufend = f->f_buf + chunksize; -+ rab->bufptr = rab->buf; -+ rab->bufend = rab->buf + chunksize; - return 0; - } - -@@ -2272,45 +2280,43 @@ readahead(PyFileObject *f, Py_ssize_t bu - logarithmic buffer growth to about 50 even when reading a 1gb line. */ - - static PyStringObject * --readahead_get_line_skip(PyFileObject *f, Py_ssize_t skip, Py_ssize_t bufsize) -+readahead_get_line_skip(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t skip, Py_ssize_t bufsize) - { - PyStringObject* s; - char *bufptr; - char *buf; - Py_ssize_t len; - -- if (f->f_buf == NULL) -- if (readahead(f, bufsize) < 0) -+ if (rab->buf == NULL) -+ if (readahead(f, rab, bufsize) < 0) - return NULL; - -- len = f->f_bufend - f->f_bufptr; -+ len = rab->bufend - rab->bufptr; - if (len == 0) -- return (PyStringObject *) -- PyString_FromStringAndSize(NULL, skip); -- bufptr = (char *)memchr(f->f_bufptr, '\n', len); -+ return (PyStringObject *)PyString_FromStringAndSize(NULL, skip); -+ bufptr = (char *)memchr(rab->bufptr, '\n', len); - if (bufptr != NULL) { - bufptr++; /* Count the '\n' */ -- len = bufptr - f->f_bufptr; -- s = (PyStringObject *) -- PyString_FromStringAndSize(NULL, skip + len); -+ len = bufptr - rab->bufptr; -+ s = (PyStringObject *)PyString_FromStringAndSize(NULL, skip + len); - if (s == NULL) - return NULL; -- memcpy(PyString_AS_STRING(s) + skip, f->f_bufptr, len); -- f->f_bufptr = bufptr; -- if (bufptr == f->f_bufend) -- drop_readahead(f); -+ memcpy(PyString_AS_STRING(s) + skip, rab->bufptr, len); -+ rab->bufptr = bufptr; -+ if (bufptr == rab->bufend) -+ drop_readaheadbuffer(rab); - } else { -- bufptr = f->f_bufptr; -- buf = f->f_buf; -- f->f_buf = NULL; /* Force new readahead buffer */ -+ bufptr = rab->bufptr; -+ buf = rab->buf; -+ rab->buf = NULL; /* Force new readahead buffer */ - assert(len <= PY_SSIZE_T_MAX - skip); -- s = readahead_get_line_skip(f, skip + len, bufsize + (bufsize>>2)); -+ s = readahead_get_line_skip(f, rab, skip + len, bufsize + (bufsize>>2)); - if (s == NULL) { -- PyMem_Free(buf); -+ PyMem_FREE(buf); - return NULL; - } - memcpy(PyString_AS_STRING(s) + skip, bufptr, len); -- PyMem_Free(buf); -+ PyMem_FREE(buf); - } - return s; - } -@@ -2328,7 +2334,30 @@ file_iternext(PyFileObject *f) - if (!f->readable) - return err_mode("reading"); - -- l = readahead_get_line_skip(f, 0, READAHEAD_BUFSIZE); -+ { -+ /* -+ Multiple threads can enter this method while the GIL is released -+ during file read and wreak havoc on the file object's readahead -+ buffer. To avoid dealing with cross-thread coordination issues, we -+ cache the file buffer state locally and only set it back on the file -+ object when we're done. -+ */ -+ readaheadbuffer rab = {f->f_buf, f->f_bufptr, f->f_bufend}; -+ f->f_buf = NULL; -+ l = readahead_get_line_skip(f, &rab, 0, READAHEAD_BUFSIZE); -+ /* -+ Make sure the file's internal read buffer is cleared out. This will -+ only do anything if some other thread interleaved with us during -+ readahead. We want to drop any changeling buffer, so we don't leak -+ memory. We may lose data, but that's what you get for reading the same -+ file object in multiple threads. -+ */ -+ drop_file_readahead(f); -+ f->f_buf = rab.buf; -+ f->f_bufptr = rab.bufptr; -+ f->f_bufend = rab.bufend; -+ } -+ - if (l == NULL || PyString_GET_SIZE(l) == 0) { - Py_XDECREF(l); - return NULL; -@@ -2692,7 +2721,7 @@ int PyObject_AsFileDescriptor(PyObject * - } - else { - PyErr_SetString(PyExc_TypeError, -- "argument must be an int, or have a fileno() method."); -+ "argument must be an int, or have a fileno() method"); - return -1; - } diff --git a/python/Pkgfile b/python/Pkgfile index 3120ef84a..f3784af0f 100644 --- a/python/Pkgfile +++ b/python/Pkgfile @@ -4,18 +4,13 @@ # Depends on: db gdbm openssl bzip2 zlib sqlite3 name=python -version=2.7.14 -release=2 +version=2.7.15 +release=1 source=(http://www.python.org/ftp/$name/$version/Python-$version.tar.xz \ - CVE-2018-1000030.patch pyconfig.h) build () { cd Python-$version - - # fix for CVE-2018-1000030 - # see https://bugs.python.org/issue31530 - patch -p1 -i $SRC/CVE-2018-1000030.patch # set OPT to the python default without -O3 # our CFLAGS are used as well