[arch-commits] Commit in python2/trunk (3 files)
Stéphane Gaudreault
stephane at archlinux.org
Wed Jun 8 13:07:38 UTC 2011
Date: Wednesday, June 8, 2011 @ 09:07:37
Author: stephane
Revision: 126873
preparing 2.7.2, rc1 release
Modified:
python2/trunk/PKGBUILD
Deleted:
python2/trunk/CVE-2011-1521.patch
python2/trunk/python-2.7.1-fix-decimal-in-turkish-locale.patch
--------------------------------------------------+
CVE-2011-1521.patch | 98 ---------------------
PKGBUILD | 20 ----
python-2.7.1-fix-decimal-in-turkish-locale.patch | 48 ----------
3 files changed, 4 insertions(+), 162 deletions(-)
Deleted: CVE-2011-1521.patch
===================================================================
--- CVE-2011-1521.patch 2011-06-08 12:45:12 UTC (rev 126872)
+++ CVE-2011-1521.patch 2011-06-08 13:07:37 UTC (rev 126873)
@@ -1,98 +0,0 @@
-diff -Naur Python-2.7.1.ori/Lib/test/test_urllib2.py Python-2.7.1/Lib/test/test_urllib2.py
---- Python-2.7.1.ori/Lib/test/test_urllib2.py 2010-11-21 21:04:33.000000000 -0800
-+++ Python-2.7.1/Lib/test/test_urllib2.py 2011-04-15 05:02:13.278853672 -0700
-@@ -969,6 +969,27 @@
- self.assertEqual(count,
- urllib2.HTTPRedirectHandler.max_redirections)
-
-+ def test_invalid_redirect(self):
-+ from_url = "http://example.com/a.html"
-+ valid_schemes = ['http', 'https', 'ftp']
-+ invalid_schemes = ['file', 'imap', 'ldap']
-+ schemeless_url = "example.com/b.html"
-+ h = urllib2.HTTPRedirectHandler()
-+ o = h.parent = MockOpener()
-+ req = Request(from_url)
-+
-+ for scheme in invalid_schemes:
-+ invalid_url = scheme + '://' + schemeless_url
-+ self.assertRaises(urllib2.HTTPError, h.http_error_302,
-+ req, MockFile(), 302, "Security Loophole",
-+ MockHeaders({"location": invalid_url}))
-+
-+ for scheme in valid_schemes:
-+ valid_url = scheme + '://' + schemeless_url
-+ h.http_error_302(req, MockFile(), 302, "That's fine",
-+ MockHeaders({"location": valid_url}))
-+ self.assertEqual(o.req.get_full_url(), valid_url)
-+
- def test_cookie_redirect(self):
- # cookies shouldn't leak into redirected requests
- from cookielib import CookieJar
-diff -Naur Python-2.7.1.ori/Lib/test/test_urllib.py Python-2.7.1/Lib/test/test_urllib.py
---- Python-2.7.1.ori/Lib/test/test_urllib.py 2010-11-21 05:34:58.000000000 -0800
-+++ Python-2.7.1/Lib/test/test_urllib.py 2011-04-15 05:02:13.278853672 -0700
-@@ -161,6 +161,20 @@
- finally:
- self.unfakehttp()
-
-+ def test_invalid_redirect(self):
-+ # urlopen() should raise IOError for many error codes.
-+ self.fakehttp("""HTTP/1.1 302 Found
-+Date: Wed, 02 Jan 2008 03:03:54 GMT
-+Server: Apache/1.3.33 (Debian GNU/Linux) mod_ssl/2.8.22 OpenSSL/0.9.7e
-+Location: file:README
-+Connection: close
-+Content-Type: text/html; charset=iso-8859-1
-+""")
-+ try:
-+ self.assertRaises(IOError, urllib.urlopen, "http://python.org/")
-+ finally:
-+ self.unfakehttp()
-+
- def test_empty_socket(self):
- # urlopen() raises IOError if the underlying socket does not send any
- # data. (#1680230)
-diff -Naur Python-2.7.1.ori/Lib/urllib2.py Python-2.7.1/Lib/urllib2.py
---- Python-2.7.1.ori/Lib/urllib2.py 2010-11-20 03:24:08.000000000 -0800
-+++ Python-2.7.1/Lib/urllib2.py 2011-04-15 05:02:13.278853672 -0700
-@@ -579,6 +579,17 @@
-
- newurl = urlparse.urljoin(req.get_full_url(), newurl)
-
-+ # For security reasons we do not allow redirects to protocols
-+ # other than HTTP, HTTPS or FTP.
-+ newurl_lower = newurl.lower()
-+ if not (newurl_lower.startswith('http://') or
-+ newurl_lower.startswith('https://') or
-+ newurl_lower.startswith('ftp://')):
-+ raise HTTPError(newurl, code,
-+ msg + " - Redirection to url '%s' is not allowed" %
-+ newurl,
-+ headers, fp)
-+
- # XXX Probably want to forget about the state of the current
- # request, although that might interact poorly with other
- # handlers that also use handler-specific request attributes
-diff -Naur Python-2.7.1.ori/Lib/urllib.py Python-2.7.1/Lib/urllib.py
---- Python-2.7.1.ori/Lib/urllib.py 2010-11-21 21:04:33.000000000 -0800
-+++ Python-2.7.1/Lib/urllib.py 2011-04-15 05:02:13.278853672 -0700
-@@ -644,6 +644,18 @@
- fp.close()
- # In case the server sent a relative URL, join with original:
- newurl = basejoin(self.type + ":" + url, newurl)
-+
-+ # For security reasons we do not allow redirects to protocols
-+ # other than HTTP, HTTPS or FTP.
-+ newurl_lower = newurl.lower()
-+ if not (newurl_lower.startswith('http://') or
-+ newurl_lower.startswith('https://') or
-+ newurl_lower.startswith('ftp://')):
-+ raise IOError('redirect error', errcode,
-+ errmsg + " - Redirection to url '%s' is not allowed" %
-+ newurl,
-+ headers)
-+
- return self.open(newurl)
-
- def http_error_301(self, url, fp, errcode, errmsg, headers, data=None):
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-06-08 12:45:12 UTC (rev 126872)
+++ PKGBUILD 2011-06-08 13:07:37 UTC (rev 126873)
@@ -4,8 +4,8 @@
# Contributer: Jason Chu <jason at archlinux.org>
pkgname=python2
-pkgver=2.7.1
-pkgrel=9
+pkgver=2.7.2rc1
+pkgrel=1
_pybasever=2.7
pkgdesc="A high-level scripting language"
arch=('i686' 'x86_64')
@@ -16,13 +16,9 @@
optdepends=('tk: for IDLE')
conflicts=('python<3')
options=('!makeflags')
-source=(http://www.python.org/ftp/python/${pkgver}/Python-${pkgver}.tar.bz2
- CVE-2011-1521.patch
- python-2.7.1-fix-decimal-in-turkish-locale.patch
+source=(http://www.python.org/ftp/python/${pkgver%rc?}/Python-${pkgver}.tar.bz2
python-2.7-db51.patch)
-sha1sums=('fbe1894322ff91b80726e269c97454f4129fc2a3'
- '31cdc76092d0f598289aaeb18e492874c981904d'
- 'baf470682ae7d2b55caaa173696d08d3f468a569'
+sha1sums=('656bfce75c7e674b2a05c16e1ab9225bf3023326'
'9667a2a2f8594902b352793e649f78696a77bd13')
build() {
@@ -30,14 +26,6 @@
patch -Np1 -i ../python-2.7-db51.patch
- # Fix urllib Security Vulnerability
- # http://blog.python.org/2011/04/urllib-security-vulnerability-fixed.html
- patch -Np1 -i ../CVE-2011-1521.patch
-
- # Fix "import decimal" in the Turkish locale
- # cf : https://bugzilla.redhat.com/show_bug.cgi?id=694928
- patch -Np1 -i ../python-2.7.1-fix-decimal-in-turkish-locale.patch
-
# Temporary workaround for FS#22322
# See http://bugs.python.org/issue10835 for upstream report
sed -i "/progname =/s/python/python${_pybasever}/" Python/pythonrun.c
Deleted: python-2.7.1-fix-decimal-in-turkish-locale.patch
===================================================================
--- python-2.7.1-fix-decimal-in-turkish-locale.patch 2011-06-08 12:45:12 UTC (rev 126872)
+++ python-2.7.1-fix-decimal-in-turkish-locale.patch 2011-06-08 13:07:37 UTC (rev 126873)
@@ -1,48 +0,0 @@
-diff -up Python-2.7.1/Lib/decimal.py.fix-decimal-in-turkish-locale Python-2.7.1/Lib/decimal.py
---- Python-2.7.1/Lib/decimal.py.fix-decimal-in-turkish-locale 2010-07-08 17:22:54.000000000 -0400
-+++ Python-2.7.1/Lib/decimal.py 2011-04-12 11:30:40.850350842 -0400
-@@ -1720,8 +1720,6 @@ class Decimal(object):
- # here self was representable to begin with; return unchanged
- return Decimal(self)
-
-- _pick_rounding_function = {}
--
- # for each of the rounding functions below:
- # self is a finite, nonzero Decimal
- # prec is an integer satisfying 0 <= prec < len(self._int)
-@@ -1788,6 +1786,17 @@ class Decimal(object):
- else:
- return -self._round_down(prec)
-
-+ _pick_rounding_function = dict(
-+ ROUND_DOWN = '_round_down',
-+ ROUND_UP = '_round_up',
-+ ROUND_HALF_UP = '_round_half_up',
-+ ROUND_HALF_DOWN = '_round_half_down',
-+ ROUND_HALF_EVEN = '_round_half_even',
-+ ROUND_CEILING = '_round_ceiling',
-+ ROUND_FLOOR = '_round_floor',
-+ ROUND_05UP = '_round_05up',
-+ )
-+
- def fma(self, other, third, context=None):
- """Fused multiply-add.
-
-@@ -3705,18 +3714,6 @@ _numbers.Number.register(Decimal)
-
- ##### Context class #######################################################
-
--
--# get rounding method function:
--rounding_functions = [name for name in Decimal.__dict__.keys()
-- if name.startswith('_round_')]
--for name in rounding_functions:
-- # name is like _round_half_even, goes to the global ROUND_HALF_EVEN value.
-- globalname = name[1:].upper()
-- val = globals()[globalname]
-- Decimal._pick_rounding_function[val] = name
--
--del name, val, globalname, rounding_functions
--
- class _ContextManager(object):
- """Context manager class to support localcontext().
More information about the arch-commits
mailing list