[arch-commits] Commit in python2/trunk (PKGBUILD py2-ize-the-CJK-codec-test.patch)

Felix Yan felixonmars at archlinux.org
Mon Mar 15 15:03:09 UTC 2021 

    Date: Monday, March 15, 2021 @ 15:03:09
  Author: felixonmars
Revision: 410004

upgpkg: python2 2.7.18-3: securify fixes (FS#68063)

Added:
  python2/trunk/py2-ize-the-CJK-codec-test.patch
Modified:
  python2/trunk/PKGBUILD

----------------------------------+
 PKGBUILD                         |   27 ++++++++++++++++++---
 py2-ize-the-CJK-codec-test.patch |   46 +++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+), 4 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-03-15 14:43:03 UTC (rev 410003)
+++ PKGBUILD	2021-03-15 15:03:09 UTC (rev 410004)
@@ -5,7 +5,7 @@
 
 pkgname=python2
 pkgver=2.7.18
-pkgrel=2
+pkgrel=3
 _pybasever=2.7
 pkgdesc="A high-level scripting language"
 arch=('x86_64')
@@ -18,14 +18,22 @@
             'python2-setuptools'
             'python2-pip')
 conflicts=('python<3')
+_gentoo_patches="python-gentoo-patches-${pkgver}_p7"
 source=("https://www.python.org/ftp/python/${pkgver%rc?}/Python-${pkgver}.tar.xz"{,.asc}
-        mtime-workaround.patch)
+        mtime-workaround.patch
+        "https://dev.gentoo.org/~mgorny/dist/python/$_gentoo_patches.tar.xz"
+        py2-ize-the-CJK-codec-test.patch)
 sha512sums=('a7bb62b51f48ff0b6df0b18f5b0312a523e3110f49c3237936bfe56ed0e26838c0274ff5401bda6fc21bf24337477ccac49e8026c5d651e4b4cafb5eb5086f6c'
             'SKIP'
-            '4e761cfd57791e8b72ecdf84c2e03875bf074311130eea5b8e97409fa304fa3468dbd359a511c4e9978e686e662c58054b4174d3e73f845fa9ded2e83a3a8076')
+            '4e761cfd57791e8b72ecdf84c2e03875bf074311130eea5b8e97409fa304fa3468dbd359a511c4e9978e686e662c58054b4174d3e73f845fa9ded2e83a3a8076'
+            'a3cd34f38a717183d9a8d6b91817a6ac989fb8ae4275f35cba4be810813a4c9c45f4e72d16aee33904eddaee77c4719b516392d629d2c4627c840e4ecc6bc121'
+            '67fb8116825f646cbe0f12d9ffb68c2e2006e98721c80c674738315160c0dfdb5f200b8d3229f85dbac2510ba436b0f701e44542ce4494cdd191cd1b8ca0bf0f')
 validpgpkeys=('C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF')  # Benjamin Peterson
+noextract=("$_gentoo_patches.tar.xz")
 
 prepare() {
+  bsdtar -xf $_gentoo_patches.tar.xz -s /$_gentoo_patches//
+
   cd Python-${pkgver}
 
   # makepkg will touch all files to $SOURCE_DATE_EPOCH which will break pyc file's mtime check.
@@ -32,6 +40,16 @@
   # workaround this by touching them to $SOURCE_DATE_EPOCH before running compileall.
   patch -p0 -i ../mtime-workaround.patch
 
+  patch -p1 -i ../0001-bpo-39017-Avoid-infinite-loop-in-the-tarfile-module-.patch #CVE-2019-20907
+  patch -p1 -i ../0002-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch #CVE-2020-8492
+  patch -p1 -i ../0003-bpo-39603-Prevent-header-injection-in-http-methods-G.patch #CVE-2020-26116
+  patch -p1 -i ../0004-bpo-42051-Reject-XML-entity-declarations-in-plist-fi.patch
+  patch -p1 -i ../0005-bpo-41944-No-longer-call-eval-on-content-received-vi.patch #CVE-2020-27619
+  patch -p1 -i ../0006-bpo-40791-Make-compare_digest-more-constant-time.-GH.patch
+  patch -p1 -i ../0007-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch #CVE-2021-3177
+  patch -p1 -i ../0024-3.6-bpo-42967-only-use-as-a-query-string-separator-G.patch #CVE-2021-23336
+  patch -p1 -i ../py2-ize-the-CJK-codec-test.patch
+
   # Temporary workaround for FS#22322
   # See http://bugs.python.org/issue10835 for upstream report
   sed -i "/progname =/s/python/python${_pybasever}/" Python/pythonrun.c
@@ -83,10 +101,11 @@
   # test_idle, test_tk, test_ttk_guionly: segfaults
   # Since 2.7.15: test_ctypes
   # test_ftplib test_imaplib test_urllib2_localnet: krb5 errors
+  # test_codecmaps_jp: TODO
 
   cd Python-${pkgver}
   LD_LIBRARY_PATH="${srcdir}/Python-${pkgver}":${LD_LIBRARY_PATH} \
-    xvfb-run "${srcdir}/Python-${pkgver}/python" -m test.regrtest -v -uall -x test_idle test_tk test_ttk_guionly test_ctypes test_ssl test_ftplib test_imaplib test_urllib2_localnet
+    xvfb-run "${srcdir}/Python-${pkgver}/python" -m test.regrtest -v -uall -x test_idle test_tk test_ttk_guionly test_ctypes test_ssl test_ftplib test_imaplib test_urllib2_localnet test_codecmaps_jp
 }
 
 package() {

Added: py2-ize-the-CJK-codec-test.patch
===================================================================
--- py2-ize-the-CJK-codec-test.patch	                        (rev 0)
+++ py2-ize-the-CJK-codec-test.patch	2021-03-15 15:03:09 UTC (rev 410004)
@@ -0,0 +1,46 @@
+From ed1aa2f4738efe948242f252bcb0aa0b4314d2a2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny at gentoo.org>
+Date: Fri, 5 Mar 2021 10:34:50 +0100
+Subject: py2-ize the CJK codec test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Michał Górny <mgorny at gentoo.org>
+---
+ Lib/test/multibytecodec_support.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py
+index b7d7a3aba7..661ef9ee37 100644
+--- a/Lib/test/multibytecodec_support.py
++++ b/Lib/test/multibytecodec_support.py
+@@ -2,6 +2,7 @@
+ #   Common Unittest Routines for CJK codecs
+ #
+ 
++import binascii
+ import codecs
+ import os
+ import re
+@@ -280,7 +281,7 @@ class TestBase_Mapping(unittest.TestCase):
+ 
+     def _test_mapping_file_plain(self):
+         def unichrs(s):
+-            return ''.join(chr(int(x, 16)) for x in s.split('+'))
++            return ''.join(unichr(int(x, 16)) for x in s.split('+'))
+ 
+         urt_wa = {}
+ 
+@@ -294,7 +295,7 @@ class TestBase_Mapping(unittest.TestCase):
+ 
+                 if data[0][:2] != '0x':
+                     self.fail("Invalid line: {line!r}".format(line=line))
+-                csetch = bytes.fromhex(data[0][2:])
++                csetch = binascii.a2b_hex(data[0][2:])
+                 if len(csetch) == 1 and 0x80 <= csetch[0]:
+                     continue
+ 
+-- 
+cgit v1.2.3
+

More information about the arch-commits mailing list