From a669008f98c70e7874072817465e3d0b1d4d820f Mon Sep 17 00:00:00 2001 From: Miro HronĨok Date: Aug 04 2020 11:11:15 +0000 Subject: Convert patches to use github.com/fedora-python/importpatches This also removes unsued patches --- diff --git a/00001-rpath.patch b/00001-rpath.patch index 1493af2..66ead22 100644 --- a/00001-rpath.patch +++ b/00001-rpath.patch @@ -1,7 +1,18 @@ -diff -up Python-3.1.1/Lib/distutils/unixccompiler.py.rpath Python-3.1.1/Lib/distutils/unixccompiler.py ---- Python-3.1.1/Lib/distutils/unixccompiler.py.rpath 2009-09-04 17:29:34.000000000 -0400 -+++ Python-3.1.1/Lib/distutils/unixccompiler.py 2009-09-04 17:49:54.000000000 -0400 -@@ -141,6 +141,16 @@ class UnixCCompiler(CCompiler): +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Wed, 13 Jan 2010 21:25:18 +0000 +Subject: [PATCH] 00001: Fixup distutils/unixccompiler.py to remove standard + library path from rpath Was Patch0 in ivazquez' python3000 specfile + +--- + Lib/distutils/unixccompiler.py | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/Lib/distutils/unixccompiler.py b/Lib/distutils/unixccompiler.py +index 3f321c28dc..0d1e74435d 100644 +--- a/Lib/distutils/unixccompiler.py ++++ b/Lib/distutils/unixccompiler.py +@@ -82,6 +82,16 @@ class UnixCCompiler(CCompiler): if sys.platform == "cygwin": exe_extension = ".exe" diff --git a/00055-systemtap.patch b/00055-systemtap.patch index ab7146b..cd13a64 100644 --- a/00055-systemtap.patch +++ b/00055-systemtap.patch @@ -1,94 +1,31 @@ -diff --git a/configure.ac b/configure.ac -index f50a6c8..b0650a5 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3288,6 +3288,23 @@ if test "$with_valgrind" != no; then - OPT="-DDYNAMIC_ANNOTATIONS_ENABLED=1 $OPT" - fi - -+# Check for systemtap support -+# On Linux, /usr/bin/dtrace is in fact a shim to SystemTap -+AC_MSG_CHECKING([for --with-systemtap]) -+AC_ARG_WITH([systemtap], -+ AC_HELP_STRING([--with(out)-systemtap], [disable/enable SystemTap support]),, -+ with_systemtap=no) -+AC_MSG_RESULT([$with_systemtap]) -+if test "$with_systemtap" != no; then -+ AC_DEFINE(WITH_SYSTEMTAP, 1, -+ [Define if you want to compile in SystemTap support]) -+ SYSTEMTAPOBJS="Python/pysystemtap.o" -+ SYSTEMTAPDEPS="\$(srcdir)/Python/pysystemtap.h" -+fi -+ -+AC_SUBST(SYSTEMTAPOBJS) -+AC_SUBST(SYSTEMTAPDEPS) -+ - # -I${DLINCLDIR} is added to the compile rule for importdl.o - AC_SUBST(DLINCLDIR) - DLINCLDIR=. -diff --git a/configure b/configure -index 0906ae0..4acd1cd 100755 ---- a/configure -+++ b/configure -@@ -642,6 +642,8 @@ TRUE - MACHDEP_OBJS - DYNLOADFILE - DLINCLDIR -+SYSTEMTAPDEPS -+SYSTEMTAPOBJS - THREADOBJ - LDLAST - USE_THREAD_MODULE -@@ -834,6 +836,7 @@ with_doc_strings - with_tsc - with_pymalloc - with_valgrind -+with_systemtap - with_fpectl - with_libm - with_libc -@@ -1528,6 +1531,7 @@ Optional Packages: - --with(out)-tsc enable/disable timestamp counter profile - --with(out)-pymalloc disable/enable specialized mallocs - --with-valgrind Enable Valgrind support -+ --with(out)-systemtap disable/enable SystemTap support - --with-fpectl enable SIGFPE catching - --with-libm=STRING math library - --with-libc=STRING C library -@@ -11180,6 +11184,31 @@ fi - OPT="-DDYNAMIC_ANNOTATIONS_ENABLED=1 $OPT" - fi - -+# Check for systemtap support -+# On Linux, /usr/bin/dtrace is in fact a shim to SystemTap -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-systemtap" >&5 -+$as_echo_n "checking for --with-systemtap... " >&6; } -+ -+# Check whether --with-systemtap was given. -+if test "${with_systemtap+set}" = set; then : -+ withval=$with_systemtap; -+else -+ with_systemtap=no -+fi -+ -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_systemtap" >&5 -+$as_echo "$with_systemtap" >&6; } -+if test "$with_systemtap" != no; then -+ -+$as_echo "#define WITH_SYSTEMTAP 1" >>confdefs.h -+ -+ SYSTEMTAPOBJS="Python/pysystemtap.o" -+ SYSTEMTAPDEPS="\$(srcdir)/Python/pysystemtap.h" -+fi -+ -+ -+ -+ - # -I${DLINCLDIR} is added to the compile rule for importdl.o - - DLINCLDIR=. +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Fri, 12 Feb 2010 21:38:52 +0000 +Subject: [PATCH] 00055: Systemtap support + +Add statically-defined probe points +Patch sent upstream as http://bugs.python.org/issue14776 +with some subsequent reworking to cope with LANG=C in an rpmbuild +(where sys.getfilesystemencoding() == 'ascii') +--- + Doc/howto/index.rst | 1 + + Doc/howto/instrumentation.rst | 295 ++++++++++++++++++++++++++++++++++ + Lib/test/test_systemtap.py | 234 +++++++++++++++++++++++++++ + Makefile.pre.in | 12 +- + Python/ceval.c | 11 ++ + Python/ceval_systemtap.h | 86 ++++++++++ + Python/pysystemtap.d | 4 + + configure | 29 ++++ + configure.ac | 17 ++ + pyconfig.h.in | 3 + + 10 files changed, 691 insertions(+), 1 deletion(-) + create mode 100644 Doc/howto/instrumentation.rst + create mode 100644 Lib/test/test_systemtap.py + create mode 100644 Python/ceval_systemtap.h + create mode 100644 Python/pysystemtap.d + diff --git a/Doc/howto/index.rst b/Doc/howto/index.rst -index de65950..593341c 100644 +index de659505f7..593341cc2b 100644 --- a/Doc/howto/index.rst +++ b/Doc/howto/index.rst @@ -28,4 +28,5 @@ Currently, the HOWTOs are: @@ -99,7 +36,7 @@ index de65950..593341c 100644 diff --git a/Doc/howto/instrumentation.rst b/Doc/howto/instrumentation.rst new file mode 100644 -index 0000000..b6924e1 +index 0000000000..b6924e1b63 --- /dev/null +++ b/Doc/howto/instrumentation.rst @@ -0,0 +1,295 @@ @@ -400,7 +337,7 @@ index 0000000..b6924e1 + diff --git a/Lib/test/test_systemtap.py b/Lib/test/test_systemtap.py new file mode 100644 -index 0000000..a669064 +index 0000000000..a66906404f --- /dev/null +++ b/Lib/test/test_systemtap.py @@ -0,0 +1,234 @@ @@ -639,7 +576,7 @@ index 0000000..a669064 +if __name__ == "__main__": + test_main() diff --git a/Makefile.pre.in b/Makefile.pre.in -index a88b7d5..3585b88 100644 +index df791a88ee..6b790bf504 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -383,6 +383,7 @@ PYTHON_OBJS= \ @@ -650,7 +587,7 @@ index a88b7d5..3585b88 100644 $(LIBOBJS) \ $(MACHDEP_OBJS) \ $(THREADOBJ) -@@ -864,7 +865,8 @@ Objects/setobject.o: $(srcdir)/Objects/stringlib/eq.h +@@ -864,7 +865,8 @@ regen-opcode-targets: $(PYTHON_FOR_REGEN) $(srcdir)/Python/makeopcodetargets.py \ $(srcdir)/Python/opcode_targets.h @@ -660,7 +597,7 @@ index a88b7d5..3585b88 100644 Python/frozen.o: $(srcdir)/Python/importlib.h $(srcdir)/Python/importlib_external.h -@@ -878,6 +880,13 @@ Objects/typeobject.o: Objects/typeslots.inc +@@ -878,6 +880,13 @@ regen-typeslots: < $(srcdir)/Include/typeslots.h \ $(srcdir)/Objects/typeslots.inc @@ -674,7 +611,7 @@ index a88b7d5..3585b88 100644 ############################################################################ # Header files -@@ -1601,6 +1610,7 @@ clean: pycremoval +@@ -1602,6 +1611,7 @@ clean: pycremoval -rm -f Lib/lib2to3/*Grammar*.pickle -rm -f Programs/_testembed Programs/_freeze_importlib -find build -type f -a ! -name '*.gc??' -exec rm -f {} ';' @@ -682,22 +619,8 @@ index a88b7d5..3585b88 100644 profile-removal: find . -name '*.gc??' -exec rm -f {} ';' -diff --git a/pyconfig.h.in b/pyconfig.h.in -index 39ccf53..9052dbc 100644 ---- a/pyconfig.h.in -+++ b/pyconfig.h.in -@@ -1375,6 +1375,9 @@ - /* Define if you want to compile in Python-specific mallocs */ - #undef WITH_PYMALLOC - -+/* Define if you want to compile in SystemTap support */ -+#undef WITH_SYSTEMTAP -+ - /* Define if you want to compile in rudimentary thread support */ - #undef WITH_THREAD - diff --git a/Python/ceval.c b/Python/ceval.c -index 7b40518..0e49de5 100644 +index 47c5eff64f..e84a6b0d77 100644 --- a/Python/ceval.c +++ b/Python/ceval.c @@ -20,6 +20,8 @@ @@ -734,7 +657,7 @@ index 7b40518..0e49de5 100644 tstate->frame = f->f_back; diff --git a/Python/ceval_systemtap.h b/Python/ceval_systemtap.h new file mode 100644 -index 0000000..38697ad +index 0000000000..38697ad673 --- /dev/null +++ b/Python/ceval_systemtap.h @@ -0,0 +1,86 @@ @@ -826,7 +749,7 @@ index 0000000..38697ad +#endif diff --git a/Python/pysystemtap.d b/Python/pysystemtap.d new file mode 100644 -index 0000000..c2cdef0 +index 0000000000..c2cdef0b90 --- /dev/null +++ b/Python/pysystemtap.d @@ -0,0 +1,4 @@ @@ -834,3 +757,106 @@ index 0000000..c2cdef0 + probe function__entry(const char *, const char *, int, PyFrameObject *); + probe function__return(const char *, const char *, int, PyFrameObject *); +}; +diff --git a/configure b/configure +index 5640c2dc12..562f20278a 100755 +--- a/configure ++++ b/configure +@@ -642,6 +642,8 @@ TRUE + MACHDEP_OBJS + DYNLOADFILE + DLINCLDIR ++SYSTEMTAPDEPS ++SYSTEMTAPOBJS + THREADOBJ + LDLAST + USE_THREAD_MODULE +@@ -834,6 +836,7 @@ with_doc_strings + with_tsc + with_pymalloc + with_valgrind ++with_systemtap + with_fpectl + with_libm + with_libc +@@ -1528,6 +1531,7 @@ Optional Packages: + --with(out)-tsc enable/disable timestamp counter profile + --with(out)-pymalloc disable/enable specialized mallocs + --with-valgrind Enable Valgrind support ++ --with(out)-systemtap disable/enable SystemTap support + --with-fpectl enable SIGFPE catching + --with-libm=STRING math library + --with-libc=STRING C library +@@ -11180,6 +11184,31 @@ fi + OPT="-DDYNAMIC_ANNOTATIONS_ENABLED=1 $OPT" + fi + ++# Check for systemtap support ++# On Linux, /usr/bin/dtrace is in fact a shim to SystemTap ++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-systemtap" >&5 ++$as_echo_n "checking for --with-systemtap... " >&6; } ++ ++# Check whether --with-systemtap was given. ++if test "${with_systemtap+set}" = set; then : ++ withval=$with_systemtap; ++else ++ with_systemtap=no ++fi ++ ++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_systemtap" >&5 ++$as_echo "$with_systemtap" >&6; } ++if test "$with_systemtap" != no; then ++ ++$as_echo "#define WITH_SYSTEMTAP 1" >>confdefs.h ++ ++ SYSTEMTAPOBJS="Python/pysystemtap.o" ++ SYSTEMTAPDEPS="\$(srcdir)/Python/pysystemtap.h" ++fi ++ ++ ++ ++ + # -I${DLINCLDIR} is added to the compile rule for importdl.o + + DLINCLDIR=. +diff --git a/configure.ac b/configure.ac +index c9b755f0f4..133b43d29f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3288,6 +3288,23 @@ if test "$with_valgrind" != no; then + OPT="-DDYNAMIC_ANNOTATIONS_ENABLED=1 $OPT" + fi + ++# Check for systemtap support ++# On Linux, /usr/bin/dtrace is in fact a shim to SystemTap ++AC_MSG_CHECKING([for --with-systemtap]) ++AC_ARG_WITH([systemtap], ++ AC_HELP_STRING([--with(out)-systemtap], [disable/enable SystemTap support]),, ++ with_systemtap=no) ++AC_MSG_RESULT([$with_systemtap]) ++if test "$with_systemtap" != no; then ++ AC_DEFINE(WITH_SYSTEMTAP, 1, ++ [Define if you want to compile in SystemTap support]) ++ SYSTEMTAPOBJS="Python/pysystemtap.o" ++ SYSTEMTAPDEPS="\$(srcdir)/Python/pysystemtap.h" ++fi ++ ++AC_SUBST(SYSTEMTAPOBJS) ++AC_SUBST(SYSTEMTAPDEPS) ++ + # -I${DLINCLDIR} is added to the compile rule for importdl.o + AC_SUBST(DLINCLDIR) + DLINCLDIR=. +diff --git a/pyconfig.h.in b/pyconfig.h.in +index 39ccf53ea6..9052dbc184 100644 +--- a/pyconfig.h.in ++++ b/pyconfig.h.in +@@ -1375,6 +1375,9 @@ + /* Define if you want to compile in Python-specific mallocs */ + #undef WITH_PYMALLOC + ++/* Define if you want to compile in SystemTap support */ ++#undef WITH_SYSTEMTAP ++ + /* Define if you want to compile in rudimentary thread support */ + #undef WITH_THREAD + diff --git a/00102-lib64.patch b/00102-lib64.patch index 5c486ed..f58ec46 100644 --- a/00102-lib64.patch +++ b/00102-lib64.patch @@ -1,5 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Wed, 13 Jan 2010 21:25:18 +0000 +Subject: [PATCH] 00102: Change the various install paths to use /usr/lib64/ + instead or /usr/lib/ + +Only used when "%{_lib}" == "lib64". + +Co-authored-by: David Malcolm +Co-authored-by: Thomas Spura +Co-authored-by: Slavek Kabrda +Co-authored-by: Matej Stuchlik +Co-authored-by: Tomas Orsava +--- + Lib/distutils/command/install.py | 4 ++-- + Lib/distutils/sysconfig.py | 6 +++++- + Lib/distutils/tests/test_install.py | 3 ++- + Lib/site.py | 4 ++++ + Lib/sysconfig.py | 12 ++++++------ + Lib/test/test_site.py | 4 ++-- + Makefile.pre.in | 2 +- + Modules/getpath.c | 6 +++--- + setup.py | 10 +++++----- + 9 files changed, 30 insertions(+), 21 deletions(-) + diff --git a/Lib/distutils/command/install.py b/Lib/distutils/command/install.py -index 67db007..b16fe0f 100644 +index 67db007a02..8174192ec6 100644 --- a/Lib/distutils/command/install.py +++ b/Lib/distutils/command/install.py @@ -30,14 +30,14 @@ WINDOWS_SCHEME = { @@ -20,10 +45,10 @@ index 67db007..b16fe0f 100644 'scripts': '$base/bin', 'data' : '$base', diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py -index e5c493d..a4846eb 100644 +index bd19ebf515..9bb3c2f1de 100644 --- a/Lib/distutils/sysconfig.py +++ b/Lib/distutils/sysconfig.py -@@ -132,8 +132,12 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None): +@@ -129,8 +129,12 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None): prefix = plat_specific and EXEC_PREFIX or PREFIX if os.name == "posix": @@ -37,8 +62,23 @@ index e5c493d..a4846eb 100644 if standard_lib: return libpython else: +diff --git a/Lib/distutils/tests/test_install.py b/Lib/distutils/tests/test_install.py +index 9313330e2b..3d80e96f06 100644 +--- a/Lib/distutils/tests/test_install.py ++++ b/Lib/distutils/tests/test_install.py +@@ -56,8 +56,9 @@ class InstallTestCase(support.TempdirManager, + self.assertEqual(got, expected) + + libdir = os.path.join(destination, "lib", "python") ++ platlibdir = os.path.join(destination, "lib64", "python") + check_path(cmd.install_lib, libdir) +- check_path(cmd.install_platlib, libdir) ++ check_path(cmd.install_platlib, platlibdir) + check_path(cmd.install_purelib, libdir) + check_path(cmd.install_headers, + os.path.join(destination, "include", "python", "foopkg")) diff --git a/Lib/site.py b/Lib/site.py -index 3f78ef5..ad1033e 100644 +index 3f78ef5b88..ad1033edce 100644 --- a/Lib/site.py +++ b/Lib/site.py @@ -303,11 +303,15 @@ def getsitepackages(prefixes=None): @@ -58,7 +98,7 @@ index 3f78ef5..ad1033e 100644 if sys.platform == "darwin": # for framework builds *only* we add the standard Apple diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py -index 61451b2..b021cce 100644 +index 9c34be0a07..31bc2edfb0 100644 --- a/Lib/sysconfig.py +++ b/Lib/sysconfig.py @@ -20,10 +20,10 @@ __all__ = [ @@ -90,10 +130,10 @@ index 61451b2..b021cce 100644 'scripts': '{userbase}/bin', 'data': '{userbase}', diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py -index da20a3d..f38ce06 100644 +index 755eb9cdb8..1e39c8cd45 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py -@@ -248,8 +248,8 @@ class HelperFunctionsTests(unittest.TestCase): +@@ -261,8 +261,8 @@ class HelperFunctionsTests(unittest.TestCase): self.assertEqual(dirs[1], wanted) elif os.sep == '/': # OS X non-framwework builds, Linux, FreeBSD, etc @@ -105,10 +145,10 @@ index da20a3d..f38ce06 100644 self.assertEqual(dirs[0], wanted) else: diff --git a/Makefile.pre.in b/Makefile.pre.in -index 58d4258..e8364f0 100644 +index 6b790bf504..a277d77f0f 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -125,7 +125,7 @@ LIBDIR= @libdir@ +@@ -128,7 +128,7 @@ LIBDIR= @libdir@ MANDIR= @mandir@ INCLUDEDIR= @includedir@ CONFINCLUDEDIR= $(exec_prefix)/include @@ -118,7 +158,7 @@ index 58d4258..e8364f0 100644 # Detailed destination directories diff --git a/Modules/getpath.c b/Modules/getpath.c -index 18deb60..27ca814 100644 +index c438b8e65b..d2edddb9b0 100644 --- a/Modules/getpath.c +++ b/Modules/getpath.c @@ -494,7 +494,7 @@ calculate_path(void) @@ -149,10 +189,10 @@ index 18deb60..27ca814 100644 /* If we found EXEC_PREFIX do *not* reduce it! (Yet.) */ diff --git a/setup.py b/setup.py -index be33c46..f2779cc 100644 +index 2944c9dd6f..b893cf3368 100644 --- a/setup.py +++ b/setup.py -@@ -492,7 +492,7 @@ class PyBuildExt(build_ext): +@@ -491,7 +491,7 @@ class PyBuildExt(build_ext): # directories (i.e. '.' and 'Include') must be first. See issue # 10520. if not cross_compiling: @@ -161,7 +201,7 @@ index be33c46..f2779cc 100644 add_dir_to_list(self.compiler.include_dirs, '/usr/local/include') # only change this for cross builds for 3.3, issues on Mageia if cross_compiling: -@@ -780,11 +780,11 @@ class PyBuildExt(build_ext): +@@ -779,11 +779,11 @@ class PyBuildExt(build_ext): elif curses_library: readline_libs.append(curses_library) elif self.compiler.find_library_file(lib_dirs + @@ -175,7 +215,7 @@ index be33c46..f2779cc 100644 extra_link_args=readline_extra_link_args, libraries=readline_libs) ) else: -@@ -821,8 +821,8 @@ class PyBuildExt(build_ext): +@@ -820,8 +820,8 @@ class PyBuildExt(build_ext): if krb5_h: ssl_incs += krb5_h ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs, @@ -186,16 +226,3 @@ index be33c46..f2779cc 100644 ] ) if (ssl_incs is not None and ---- Python-2.7.2/Lib/distutils/tests/test_install.py.lib64 2011-09-08 17:51:57.851405376 -0400 -+++ Python-2.7.2/Lib/distutils/tests/test_install.py 2011-09-08 18:40:46.754205096 -0400 -@@ -41,8 +41,9 @@ class InstallTestCase(support.TempdirMan - self.assertEqual(got, expected) - - libdir = os.path.join(destination, "lib", "python") -+ platlibdir = os.path.join(destination, "lib64", "python") - check_path(cmd.install_lib, libdir) -- check_path(cmd.install_platlib, libdir) -+ check_path(cmd.install_platlib, platlibdir) - check_path(cmd.install_purelib, libdir) - check_path(cmd.install_headers, - os.path.join(destination, "include", "python", "foopkg")) diff --git a/00111-no-static-lib.patch b/00111-no-static-lib.patch index 006bb90..818b0a3 100644 --- a/00111-no-static-lib.patch +++ b/00111-no-static-lib.patch @@ -1,7 +1,25 @@ -diff -up cpython-59223da36dec/Makefile.pre.in.no-static-lib cpython-59223da36dec/Makefile.pre.in ---- cpython-59223da36dec/Makefile.pre.in.no-static-lib 2012-08-07 16:43:43.296466422 -0400 -+++ cpython-59223da36dec/Makefile.pre.in 2012-08-07 16:44:13.299464371 -0400 -@@ -550,7 +550,7 @@ clinic: $(BUILDPYTHON) +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Mon, 18 Jan 2010 17:59:07 +0000 +Subject: [PATCH] 00111: Don't try to build a libpythonMAJOR.MINOR.a + +Downstream only: not appropriate for upstream. + +See https://bugzilla.redhat.com/show_bug.cgi?id=556092 + +Co-authored-by: David Malcolm +Co-authored-by: Bohuslav Kabrda +Co-authored-by: Matej Stuchlik +Co-authored-by: Robert Kuska +--- + Makefile.pre.in | 28 ++-------------------------- + 1 file changed, 2 insertions(+), 26 deletions(-) + +diff --git a/Makefile.pre.in b/Makefile.pre.in +index a277d77f0f..07f84ed28e 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -538,7 +538,7 @@ clinic: $(BUILDPYTHON) $(RUNSHARED) $(PYTHON_FOR_BUILD) ./Tools/clinic/clinic.py --make # Build the interpreter @@ -10,7 +28,7 @@ diff -up cpython-59223da36dec/Makefile.pre.in.no-static-lib cpython-59223da36dec $(LINKCC) $(PY_LDFLAGS) $(LINKFORSHARED) -o $@ Programs/python.o $(BLDLIBRARY) $(LIBS) $(MODLIBS) $(SYSLIBS) $(LDLAST) platform: $(BUILDPYTHON) pybuilddir.txt -@@ -480,18 +480,6 @@ sharedmods: $(BUILDPYTHON) $(SYSCONFIGDA +@@ -577,18 +577,6 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o _TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build @@ -29,7 +47,7 @@ diff -up cpython-59223da36dec/Makefile.pre.in.no-static-lib cpython-59223da36dec libpython$(LDVERSION).so: $(LIBRARY_OBJS) if test $(INSTSONAME) != $(LDLIBRARY); then \ $(BLDSHARED) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \ -@@ -674,7 +674,7 @@ Modules/Setup: $(srcdir)/Modules/Setup.d +@@ -678,7 +666,7 @@ Modules/Setup: $(srcdir)/Modules/Setup.dist echo "-----------------------------------------------"; \ fi @@ -38,7 +56,7 @@ diff -up cpython-59223da36dec/Makefile.pre.in.no-static-lib cpython-59223da36dec $(LINKCC) $(PY_LDFLAGS) $(LINKFORSHARED) -o $@ Programs/_testembed.o $(BLDLIBRARY) $(LIBS) $(MODLIBS) $(SYSLIBS) $(LDLAST) ############################################################################ -@@ -1354,18 +1354,6 @@ libainstall: all python-config +@@ -1397,18 +1385,6 @@ libainstall: @DEF_MAKE_RULE@ python-config else true; \ fi; \ done diff --git a/00132-add-rpmbuild-hooks-to-unittest.patch b/00132-add-rpmbuild-hooks-to-unittest.patch index 77dc6ec..34d2c63 100644 --- a/00132-add-rpmbuild-hooks-to-unittest.patch +++ b/00132-add-rpmbuild-hooks-to-unittest.patch @@ -1,6 +1,46 @@ -diff -up Python-3.2.2/Lib/unittest/case.py.add-rpmbuild-hooks-to-unittest Python-3.2.2/Lib/unittest/case.py ---- Python-3.2.2/Lib/unittest/case.py.add-rpmbuild-hooks-to-unittest 2011-09-03 12:16:44.000000000 -0400 -+++ Python-3.2.2/Lib/unittest/case.py 2011-09-09 06:35:16.365568382 -0400 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Fri, 19 Jun 2020 16:54:05 +0200 +Subject: [PATCH] 00132: Add rpmbuild hooks to unittest + +Add non-standard hooks to unittest for use in the "check" phase, when +running selftests within the build: + @unittest._skipInRpmBuild(reason) +for tests that hang or fail intermittently within the build environment, and: + @unittest._expectedFailureInRpmBuild +for tests that always fail within the build environment + +The hooks only take effect if WITHIN_PYTHON_RPM_BUILD is set in the +environment, which we set manually in the appropriate portion of the "check" +phase below (and which potentially other python-* rpms could set, to reuse +these unittest hooks in their own "check" phases) + +Co-Authored-By: David Malcolm +Co-Authored-By: Bohuslav Kabrda +Co-Authored-By: Robert Kuska +--- + Lib/unittest/__init__.py | 3 ++- + Lib/unittest/case.py | 17 +++++++++++++++++ + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/Lib/unittest/__init__.py b/Lib/unittest/__init__.py +index c55d563e0c..79c4b10681 100644 +--- a/Lib/unittest/__init__.py ++++ b/Lib/unittest/__init__.py +@@ -57,7 +57,8 @@ __unittest = True + + from .result import TestResult + from .case import (TestCase, FunctionTestCase, SkipTest, skip, skipIf, +- skipUnless, expectedFailure) ++ skipUnless, expectedFailure, ++ _skipInRpmBuild) + from .suite import BaseTestSuite, TestSuite + from .loader import (TestLoader, defaultTestLoader, makeSuite, getTestCaseNames, + findTestCases) +diff --git a/Lib/unittest/case.py b/Lib/unittest/case.py +index f4dbc52852..f88668f766 100644 +--- a/Lib/unittest/case.py ++++ b/Lib/unittest/case.py @@ -3,6 +3,7 @@ import sys import functools @@ -9,7 +49,8 @@ diff -up Python-3.2.2/Lib/unittest/case.py.add-rpmbuild-hooks-to-unittest Python import logging import pprint import re -@@ -101,5 +102,21 @@ def expectedFailure(func): +@@ -134,6 +135,22 @@ class _BaseTestCaseContext: + msg = self.test_case._formatMessage(self.msg, standardMsg) raise self.test_case.failureException(msg) +# Non-standard/downstream-only hooks for handling issues with specific test @@ -31,16 +72,3 @@ diff -up Python-3.2.2/Lib/unittest/case.py.add-rpmbuild-hooks-to-unittest Python class _AssertRaisesBaseContext(_BaseTestCaseContext): def __init__(self, expected, test_case, expected_regex=None): -diff -up Python-3.2.2/Lib/unittest/__init__.py.add-rpmbuild-hooks-to-unittest Python-3.2.2/Lib/unittest/__init__.py ---- Python-3.2.2/Lib/unittest/__init__.py.add-rpmbuild-hooks-to-unittest 2011-09-03 12:16:44.000000000 -0400 -+++ Python-3.2.2/Lib/unittest/__init__.py 2011-09-09 06:35:16.366568382 -0400 -@@ -57,7 +57,8 @@ __unittest = True - - from .result import TestResult - from .case import (TestCase, FunctionTestCase, SkipTest, skip, skipIf, -- skipUnless, expectedFailure) -+ skipUnless, expectedFailure, -+ _skipInRpmBuild) - from .suite import BaseTestSuite, TestSuite - from .loader import (TestLoader, defaultTestLoader, makeSuite, getTestCaseNames, - findTestCases) diff --git a/00137-skip-distutils-tests-that-fail-in-rpmbuild.patch b/00137-skip-distutils-tests-that-fail-in-rpmbuild.patch index 0457093..bafa86f 100644 --- a/00137-skip-distutils-tests-that-fail-in-rpmbuild.patch +++ b/00137-skip-distutils-tests-that-fail-in-rpmbuild.patch @@ -1,7 +1,19 @@ -diff -up Python-3.2.2/Lib/distutils/tests/test_bdist_rpm.py.skip-distutils-tests-that-fail-in-rpmbuild Python-3.2.2/Lib/distutils/tests/test_bdist_rpm.py ---- Python-3.2.2/Lib/distutils/tests/test_bdist_rpm.py.skip-distutils-tests-that-fail-in-rpmbuild 2011-09-03 12:16:40.000000000 -0400 -+++ Python-3.2.2/Lib/distutils/tests/test_bdist_rpm.py 2011-09-10 05:04:56.328852558 -0400 -@@ -23,6 +23,7 @@ setup(name='foo', version='0.1', py_modu +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Sat, 10 Sep 2011 07:59:22 -0400 +Subject: [PATCH] 00137: Skip tests within distutils failing when run in an + rpmbuild + +Co-authored-by: Matej Stuchlik +--- + Lib/distutils/tests/test_bdist_rpm.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/distutils/tests/test_bdist_rpm.py b/Lib/distutils/tests/test_bdist_rpm.py +index c5962dddd2..3e95941a45 100644 +--- a/Lib/distutils/tests/test_bdist_rpm.py ++++ b/Lib/distutils/tests/test_bdist_rpm.py +@@ -21,6 +21,7 @@ setup(name='foo', version='0.1', py_modules=['foo'], """ @@ -9,4 +21,3 @@ diff -up Python-3.2.2/Lib/distutils/tests/test_bdist_rpm.py.skip-distutils-tests class BuildRpmTestCase(support.TempdirManager, support.EnvironGuard, support.LoggingSilencer, -diff -up Python-3.2.2/Lib/distutils/tests/test_build_ext.py.skip-distutils-tests-that-fail-in-rpmbuild Python-3.2.2/Lib/distutils/tests/test_build_ext.py diff --git a/00143-tsc-on-ppc.patch b/00143-tsc-on-ppc.patch index 7d3e876..6ee7545 100644 --- a/00143-tsc-on-ppc.patch +++ b/00143-tsc-on-ppc.patch @@ -1,7 +1,22 @@ -diff -up Python-2.7.2/Python/ceval.c.tsc-on-ppc Python-2.7.2/Python/ceval.c ---- Python-2.7.2/Python/ceval.c.tsc-on-ppc 2011-08-23 14:59:48.051300849 -0400 -+++ Python-2.7.2/Python/ceval.c 2011-08-23 15:33:25.412162902 -0400 -@@ -37,24 +37,42 @@ typedef unsigned long long uint64; +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Tue, 23 Aug 2011 16:48:59 -0400 +Subject: [PATCH] 00143: Fix the --with-tsc option on ppc64 + +And rework it on 32-bit ppc to avoid aliasing violations +See https://bugzilla.redhat.com/show_bug.cgi?id=698726 +Sent upstream as http://bugs.python.org/issue12872 + +Co-authored-by: Bohuslav Kabrda +--- + Python/ceval.c | 40 +++++++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 11 deletions(-) + +diff --git a/Python/ceval.c b/Python/ceval.c +index e84a6b0d77..be246a7faf 100644 +--- a/Python/ceval.c ++++ b/Python/ceval.c +@@ -36,24 +36,42 @@ typedef unsigned long long uint64; */ #if defined(__ppc__) || defined (__powerpc__) @@ -40,16 +55,15 @@ diff -up Python-2.7.2/Python/ceval.c.tsc-on-ppc Python-2.7.2/Python/ceval.c - asm volatile ("mftb %0" : "=r" (tb) ); - asm volatile ("mftbu %0" : "=r" (tbu2)); - if (__builtin_expect(tbu != tbu2, 0)) goto loop; -- -- /* The slightly peculiar way of writing the next lines is -- compiled better by GCC than any other way I tried. */ -- ((long*)(v))[0] = tbu; -- ((long*)(v))[1] = tb; + asm volatile ("mftbu %0" : "=r" (u.ii[0]) ); + asm volatile ("mftb %0" : "=r" (u.ii[1]) ); + asm volatile ("mftbu %0" : "=r" (tmp)); + if (__builtin_expect(u.ii[0] != tmp, 0)) goto loop; -+ + +- /* The slightly peculiar way of writing the next lines is +- compiled better by GCC than any other way I tried. */ +- ((long*)(v))[0] = tbu; +- ((long*)(v))[1] = tb; + *v = u.ll; } +#endif /* powerpc 32/64 bit */ diff --git a/00155-avoid-ctypes-thunks.patch b/00155-avoid-ctypes-thunks.patch index f03890e..7a52b48 100644 --- a/00155-avoid-ctypes-thunks.patch +++ b/00155-avoid-ctypes-thunks.patch @@ -1,7 +1,22 @@ -diff -up Python-3.2.3/Lib/ctypes/__init__.py.rhbz814391 Python-3.2.3/Lib/ctypes/__init__.py ---- Python-3.2.3/Lib/ctypes/__init__.py.rhbz814391 2012-04-20 15:12:49.017867692 -0400 -+++ Python-3.2.3/Lib/ctypes/__init__.py 2012-04-20 15:15:09.501111408 -0400 -@@ -275,11 +275,6 @@ def _reset_cache(): +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Fri, 19 Jun 2020 16:02:24 +0200 +Subject: [PATCH] 00155: avoid allocating thunks in ctypes unless absolutely + necessary + +Avoid allocating thunks in ctypes unless absolutely necessary, to avoid +generating SELinux denials on "import ctypes" and "import uuid" when +embedding Python within httpd +See https://bugzilla.redhat.com/show_bug.cgi?id=814391 +--- + Lib/ctypes/__init__.py | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/Lib/ctypes/__init__.py b/Lib/ctypes/__init__.py +index 1469b8bade..e6077cb0a3 100644 +--- a/Lib/ctypes/__init__.py ++++ b/Lib/ctypes/__init__.py +@@ -269,11 +269,6 @@ def _reset_cache(): # _SimpleCData.c_char_p_from_param POINTER(c_char).from_param = c_char_p.from_param _pointer_type_cache[None] = c_void_p diff --git a/00157-uid-gid-overflows.patch b/00157-uid-gid-overflows.patch index 43bd394..5881778 100644 --- a/00157-uid-gid-overflows.patch +++ b/00157-uid-gid-overflows.patch @@ -1,6 +1,34 @@ ---- Python-3.4.0b1/Lib/test/test_os.py.orig 2013-11-27 12:07:32.368411798 +0100 -+++ Python-3.4.0b1/Lib/test/test_os.py 2013-11-27 12:12:11.220265174 +0100 -@@ -1319,30 +1319,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Fri, 18 May 2012 14:57:53 -0400 +Subject: [PATCH] 00157: Update uid/gid handling throughout the standard + library + +uid_t and gid_t are unsigned 32-bit values, but existing code often passed +them through C long values, which are signed 32-bit values on 32-bit +architectures, leading to negative int objects for uid/gid values >= 2^31 +on 32-bit architectures. + +Introduce _PyObject_FromUid/Gid to convert uid_t/gid_t values to python +objects, using int objects where the value will fit (long objects otherwise), +and _PyArg_ParseUid/Gid to convert int/long to uid_t/gid_t, with -1 allowed +as a special case (since this is given special meaning by the chown syscall) + +Update standard library to use this throughout for uid/gid values, so that +very large uid/gid values are round-trippable, and -1 remains usable. +See https://bugzilla.redhat.com/show_bug.cgi?id=697470 + +Co-authored-by: Bohuslav Kabrda +--- + Lib/test/test_os.py | 8 ++++++++ + Lib/test/test_pwd.py | 4 ++-- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py +index e2077383bf..61526e75df 100644 +--- a/Lib/test/test_os.py ++++ b/Lib/test/test_os.py +@@ -1715,30 +1715,36 @@ class PosixUidGidTests(unittest.TestCase): def test_setuid(self): if os.getuid() != 0: self.assertRaises(OSError, os.setuid, 0) @@ -37,7 +65,7 @@ self.assertRaises(OverflowError, os.setreuid, 1<<32, 0) self.assertRaises(OverflowError, os.setreuid, 0, 1<<32) -@@ -1358,6 +1364,8 @@ +@@ -1754,6 +1760,8 @@ class PosixUidGidTests(unittest.TestCase): def test_setregid(self): if os.getuid() != 0 and not HAVE_WHEEL_GROUP: self.assertRaises(OSError, os.setregid, 0, 0) @@ -46,9 +74,11 @@ self.assertRaises(OverflowError, os.setregid, 1<<32, 0) self.assertRaises(OverflowError, os.setregid, 0, 1<<32) ---- Python-3.4.0b1/Lib/test/test_pwd.py.orig 2013-11-24 21:36:55.000000000 +0100 -+++ Python-3.4.0b1/Lib/test/test_pwd.py 2013-11-27 12:07:32.369411798 +0100 -@@ -89,9 +89,9 @@ +diff --git a/Lib/test/test_pwd.py b/Lib/test/test_pwd.py +index b7b1a4a5f6..2b48e1438d 100644 +--- a/Lib/test/test_pwd.py ++++ b/Lib/test/test_pwd.py +@@ -94,9 +94,9 @@ class PwdTest(unittest.TestCase): # In some cases, byuids isn't a complete list of all users in the # system, so if we try to pick a value not in byuids (via a perturbing # loop, say), pwd.getpwuid() might still be able to find data for that diff --git a/00160-disable-test_fs_holes-in-rpm-build.patch b/00160-disable-test_fs_holes-in-rpm-build.patch index 9fa91d5..5e31898 100644 --- a/00160-disable-test_fs_holes-in-rpm-build.patch +++ b/00160-disable-test_fs_holes-in-rpm-build.patch @@ -1,7 +1,21 @@ -diff -up cpython-59223da36dec/Lib/test/test_posix.py.disable-test_fs_holes-in-rpm-build cpython-59223da36dec/Lib/test/test_posix.py ---- cpython-59223da36dec/Lib/test/test_posix.py.disable-test_fs_holes-in-rpm-build 2012-08-07 17:15:59.000000000 -0400 -+++ cpython-59223da36dec/Lib/test/test_posix.py 2012-08-07 17:16:53.528330330 -0400 -@@ -973,6 +973,7 @@ class PosixTester(unittest.TestCase): +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Fri, 19 Jun 2020 16:57:09 +0200 +Subject: [PATCH] 00160: Disable test_fs_holes in RPM build + +Python 3.3 added os.SEEK_DATA and os.SEEK_HOLE, which may be present in the +header files in the build chroot, but may not be supported in the running +kernel, hence we disable this test in an rpm build. +Adding these was upstream issue http://bugs.python.org/issue10142 +--- + Lib/test/test_posix.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/test/test_posix.py b/Lib/test/test_posix.py +index b229cd3405..21a88ba684 100644 +--- a/Lib/test/test_posix.py ++++ b/Lib/test/test_posix.py +@@ -1154,6 +1154,7 @@ class PosixTester(unittest.TestCase): posix.RTLD_GLOBAL posix.RTLD_LOCAL diff --git a/00163-disable-parts-of-test_socket-in-rpm-build.patch b/00163-disable-parts-of-test_socket-in-rpm-build.patch index 0e28036..ed336c8 100644 --- a/00163-disable-parts-of-test_socket-in-rpm-build.patch +++ b/00163-disable-parts-of-test_socket-in-rpm-build.patch @@ -1,7 +1,19 @@ -diff -up Python-3.3.0b1/Lib/test/test_socket.py.disable-test_socket-in-rpm-builds Python-3.3.0b1/Lib/test/test_socket.py ---- Python-3.3.0b1/Lib/test/test_socket.py.disable-test_socket-in-rpm-builds 2012-07-24 15:02:30.823355067 -0400 -+++ Python-3.3.0b1/Lib/test/test_socket.py 2012-07-24 15:08:13.021354999 -0400 -@@ -2188,6 +2188,7 @@ class RecvmsgGenericStreamTests(RecvmsgG +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Fri, 19 Jun 2020 16:58:24 +0200 +Subject: [PATCH] 00163: Disable parts of test_socket in RPM build + +Some tests within test_socket fail intermittently when run inside Koji; +disable them using unittest._skipInRpmBuild +--- + Lib/test/test_socket.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py +index 58c04d7104..104964d5c3 100644 +--- a/Lib/test/test_socket.py ++++ b/Lib/test/test_socket.py +@@ -2459,6 +2459,7 @@ class RecvmsgGenericStreamTests(RecvmsgGenericTests): # Tests which require a stream socket and can use either recvmsg() # or recvmsg_into(). diff --git a/00170-gc-assertions.patch b/00170-gc-assertions.patch index 4ca43b4..fb76041 100644 --- a/00170-gc-assertions.patch +++ b/00170-gc-assertions.patch @@ -1,7 +1,31 @@ -diff --git Include/object.h Include/object.h -index 50d9747..9b7e89e 100644 ---- Include/object.h -+++ Include/object.h +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Malcolm +Date: Fri, 19 Jun 2020 16:05:07 +0200 +Subject: [PATCH] 00170: In debug builds, try to print repr() when a C-level + assert fails + +In debug builds, try to print repr() when a C-level assert fails in the +garbage collector (typically indicating a reference-counting error +somewhere else e.g in an extension module) +The new macros/functions within gcmodule.c are hidden to avoid exposing +them within the extension API. +Sent upstream: http://bugs.python.org/issue9263 +See https://bugzilla.redhat.com/show_bug.cgi?id=614680 + +Co-Authored-By: David Malcolm +Co-Authored-By: Charalampos Stratakis +Co-Authored-By: Robert Kuska +--- + Include/object.h | 43 +++++++++++++++++++++++++++++++++++++++ + Lib/test/test_gc.py | 49 ++++++++++++++++++++++++++++++++++++++++++++- + Modules/gcmodule.c | 44 +++++++++++++++++++++++----------------- + Objects/object.c | 29 +++++++++++++++++++++++++++ + 4 files changed, 146 insertions(+), 19 deletions(-) + +diff --git a/Include/object.h b/Include/object.h +index 50d9747cf9..9b7e89eb8b 100644 +--- a/Include/object.h ++++ b/Include/object.h @@ -1059,6 +1059,49 @@ PyAPI_FUNC(void) _PyObject_DebugTypeStats(FILE *out); #endif /* ifndef Py_LIMITED_API */ @@ -52,50 +76,10 @@ index 50d9747..9b7e89e 100644 #ifdef __cplusplus } #endif -diff --git Objects/object.c Objects/object.c -index d21fd90..d07b49c 100644 ---- Objects/object.c -+++ Objects/object.c -@@ -2034,6 +2034,35 @@ _PyTrash_thread_destroy_chain(void) - } - } - -+PyAPI_FUNC(void) -+_PyObject_AssertFailed(PyObject *obj, const char *msg, const char *expr, -+ const char *file, int line, const char *function) -+{ -+ fprintf(stderr, -+ "%s:%d: %s: Assertion \"%s\" failed.\n", -+ file, line, function, expr); -+ if (msg) { -+ fprintf(stderr, "%s\n", msg); -+ } -+ -+ fflush(stderr); -+ -+ if (obj) { -+ /* This might succeed or fail, but we're about to abort, so at least -+ try to provide any extra info we can: */ -+ _PyObject_Dump(obj); -+ } -+ else { -+ fprintf(stderr, "NULL object\n"); -+ } -+ -+ fflush(stdout); -+ fflush(stderr); -+ -+ /* Terminate the process: */ -+ abort(); -+} -+ - #ifndef Py_TRACE_REFS - /* For Py_LIMITED_API, we need an out-of-line version of _Py_Dealloc. - Define this here, so we can undefine the macro. */ -diff --git Lib/test/test_gc.py Lib/test/test_gc.py -index a4d684b..e77029e 100644 ---- Lib/test/test_gc.py -+++ Lib/test/test_gc.py +diff --git a/Lib/test/test_gc.py b/Lib/test/test_gc.py +index a4d684b40e..e77029e9a2 100644 +--- a/Lib/test/test_gc.py ++++ b/Lib/test/test_gc.py @@ -1,10 +1,11 @@ import unittest from test.support import (verbose, refcount_test, run_unittest, @@ -169,10 +153,10 @@ index a4d684b..e77029e 100644 class GCTogglingTests(unittest.TestCase): def setUp(self): gc.enable() -diff --git Modules/gcmodule.c Modules/gcmodule.c -index cb7222d..6a9be80 100644 ---- Modules/gcmodule.c -+++ Modules/gcmodule.c +diff --git a/Modules/gcmodule.c b/Modules/gcmodule.c +index cb7222db89..6a9be809c8 100644 +--- a/Modules/gcmodule.c ++++ b/Modules/gcmodule.c @@ -341,7 +341,8 @@ update_refs(PyGC_Head *containers) { PyGC_Head *gc = containers->gc.gc_next; @@ -308,3 +292,43 @@ index cb7222d..6a9be80 100644 if (_PyGCHead_REFS(gc) != 0) return -1; } +diff --git a/Objects/object.c b/Objects/object.c +index d21fd906df..503d3fce4e 100644 +--- a/Objects/object.c ++++ b/Objects/object.c +@@ -2034,6 +2034,35 @@ _PyTrash_thread_destroy_chain(void) + } + } + ++PyAPI_FUNC(void) ++_PyObject_AssertFailed(PyObject *obj, const char *msg, const char *expr, ++ const char *file, int line, const char *function) ++{ ++ fprintf(stderr, ++ "%s:%d: %s: Assertion \"%s\" failed.\n", ++ file, line, function, expr); ++ if (msg) { ++ fprintf(stderr, "%s\n", msg); ++ } ++ ++ fflush(stderr); ++ ++ if (obj) { ++ /* This might succeed or fail, but we're about to abort, so at least ++ try to provide any extra info we can: */ ++ _PyObject_Dump(obj); ++ } ++ else { ++ fprintf(stderr, "NULL object\n"); ++ } ++ ++ fflush(stdout); ++ fflush(stderr); ++ ++ /* Terminate the process: */ ++ abort(); ++} ++ + #ifndef Py_TRACE_REFS + /* For Py_LIMITED_API, we need an out-of-line version of _Py_Dealloc. + Define this here, so we can undefine the macro. */ diff --git a/00178-dont-duplicate-flags-in-sysconfig.patch b/00178-dont-duplicate-flags-in-sysconfig.patch index fc49b30..447f877 100644 --- a/00178-dont-duplicate-flags-in-sysconfig.patch +++ b/00178-dont-duplicate-flags-in-sysconfig.patch @@ -1,7 +1,20 @@ -diff -r 39b9b05c3085 Lib/distutils/sysconfig.py ---- a/Lib/distutils/sysconfig.py Wed Apr 10 00:27:23 2013 +0200 -+++ b/Lib/distutils/sysconfig.py Wed Apr 10 10:14:18 2013 +0200 -@@ -362,7 +362,10 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Bohuslav Kabrda +Date: Wed, 10 Apr 2013 14:30:09 +0200 +Subject: [PATCH] 00178: Don't duplicate various FLAGS in sysconfig values + +http://bugs.python.org/issue17679 +Does not affect python2 AFAICS (different sysconfig values initialization) +--- + Lib/distutils/sysconfig.py | 5 ++++- + Lib/sysconfig.py | 5 ++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/Lib/distutils/sysconfig.py b/Lib/distutils/sysconfig.py +index 9bb3c2f1de..68f44c27f6 100644 +--- a/Lib/distutils/sysconfig.py ++++ b/Lib/distutils/sysconfig.py +@@ -354,7 +354,10 @@ def parse_makefile(fn, g=None): done[n] = item = "" if found: after = value[m.end():] @@ -13,10 +26,11 @@ diff -r 39b9b05c3085 Lib/distutils/sysconfig.py if "$" in after: notdone[name] = value else: -diff -r 39b9b05c3085 Lib/sysconfig.py ---- a/Lib/sysconfig.py Wed Apr 10 00:27:23 2013 +0200 -+++ b/Lib/sysconfig.py Wed Apr 10 10:14:18 2013 +0200 -@@ -296,7 +296,10 @@ +diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py +index 31bc2edfb0..b021cce475 100644 +--- a/Lib/sysconfig.py ++++ b/Lib/sysconfig.py +@@ -294,7 +294,10 @@ def _parse_makefile(filename, vars=None): if found: after = value[m.end():] diff --git a/00180-python-add-support-for-ppc64p7.patch b/00180-python-add-support-for-ppc64p7.patch index ef94c86..a5ec346 100644 --- a/00180-python-add-support-for-ppc64p7.patch +++ b/00180-python-add-support-for-ppc64p7.patch @@ -1,8 +1,20 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Bohuslav Kabrda +Date: Thu, 2 May 2013 09:41:28 +0200 +Subject: [PATCH] 00180: Enable building on ppc64p7 + +Not appropriate for upstream, Fedora-specific naming + +Co-authored-by: Iryna Shcherbina +--- + config.sub | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + diff --git a/config.sub b/config.sub -index 3478c1f..e422173 100755 +index 40ea5dfe11..932128b337 100755 --- a/config.sub +++ b/config.sub -@@ -1040,7 +1040,7 @@ case $basic_machine in +@@ -1045,7 +1045,7 @@ case $basic_machine in ;; ppc64) basic_machine=powerpc64-unknown ;; diff --git a/00184-ctypes-should-build-with-libffi-multilib-wrapper.patch b/00184-ctypes-should-build-with-libffi-multilib-wrapper.patch deleted file mode 100644 index e224fc6..0000000 --- a/00184-ctypes-should-build-with-libffi-multilib-wrapper.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- Python-3.3.2/setup.py.orig 2013-07-01 15:23:24.377711044 +0200 -+++ Python-3.3.2/setup.py 2013-07-01 15:23:34.094676496 +0200 -@@ -1882,7 +1882,8 @@ - if not line: - ffi_inc = None - break -- if line.startswith('#define LIBFFI_H'): -+ if line.startswith('#define LIBFFI_H') or \ -+ line.startswith('#define ffi_wrapper_h'): - break - ffi_lib = None - if ffi_inc is not None: diff --git a/00186-dont-raise-from-py_compile.patch b/00186-dont-raise-from-py_compile.patch index 25c4a9d..a7decd3 100644 --- a/00186-dont-raise-from-py_compile.patch +++ b/00186-dont-raise-from-py_compile.patch @@ -1,7 +1,23 @@ -diff -r 7fa3e824a4ee Lib/test/test_py_compile.py ---- a/Lib/test/test_py_compile.py Tue Oct 29 22:25:06 2013 -0400 -+++ b/Lib/test/test_py_compile.py Wed Oct 30 11:08:31 2013 +0100 -@@ -54,6 +54,10 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Bohuslav Kabrda +Date: Wed, 30 Oct 2013 10:50:01 +0100 +Subject: [PATCH] 00186: Fix for + https://bugzilla.redhat.com/show_bug.cgi?id=1023607 + +Previously, this fixed a problem where some *.py files were not being +bytecompiled properly during build. This was result of py_compile.compile +raising exception when trying to convert test file with bad encoding, and +thus not continuing bytecompilation for other files. +This was fixed upstream, but the test hasn't been merged yet, so we keep it +--- + Lib/test/test_py_compile.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/Lib/test/test_py_compile.py b/Lib/test/test_py_compile.py +index 4a6caa5718..bf67e36a72 100644 +--- a/Lib/test/test_py_compile.py ++++ b/Lib/test/test_py_compile.py +@@ -69,6 +69,10 @@ class PyCompileTests(unittest.TestCase): self.assertTrue(os.path.exists(self.pyc_path)) self.assertFalse(os.path.exists(self.cache_path)) diff --git a/00188-fix-lib2to3-tests-when-hashlib-doesnt-compile-properly.patch b/00188-fix-lib2to3-tests-when-hashlib-doesnt-compile-properly.patch index 90af30d..761f4ad 100644 --- a/00188-fix-lib2to3-tests-when-hashlib-doesnt-compile-properly.patch +++ b/00188-fix-lib2to3-tests-when-hashlib-doesnt-compile-properly.patch @@ -1,7 +1,30 @@ -diff -r 28c04e954bb6 Lib/lib2to3/main.py ---- a/Lib/lib2to3/main.py Tue Oct 29 22:25:55 2013 -0400 -+++ b/Lib/lib2to3/main.py Wed Nov 06 14:33:07 2013 +0100 -@@ -213,6 +213,7 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Bohuslav Kabrda +Date: Wed, 6 Nov 2013 14:58:05 +0100 +Subject: [PATCH] 00188: Fix lib2to3 tests when hashlib doesn't compile + properly + +Downstream only patch that should be removed when we compile all guaranteed +hashlib algorithms properly. The problem is this: +- during tests, test_hashlib is imported and executed before test_lib2to3 +- if at least one hash function has failed, trying to import it triggers an + exception that is being caught and exception is logged: + http://hg.python.org/cpython/file/2de806c8b070/Lib/hashlib.py#l217 +- logging the exception makes logging module run basicConfig +- when lib2to3 tests are run again, lib2to3 runs basicConfig again, which + doesn't do anything, because it was run previously + (logging.root.handlers != []), which means that the default setup + (most importantly logging level) is not overriden. That means that a test + relying on this will fail (test_filename_changing_on_output_single_dir) +--- + Lib/lib2to3/main.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/lib2to3/main.py b/Lib/lib2to3/main.py +index 1a1df013ad..4bd7212680 100644 +--- a/Lib/lib2to3/main.py ++++ b/Lib/lib2to3/main.py +@@ -213,6 +213,7 @@ def main(fixer_pkg, args=None): # Set up logging handler level = logging.DEBUG if options.verbose else logging.INFO diff --git a/00189-use-rpm-wheels.patch b/00189-use-rpm-wheels.patch index 93157da..39216ca 100644 --- a/00189-use-rpm-wheels.patch +++ b/00189-use-rpm-wheels.patch @@ -1,5 +1,15 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Wed, 15 Aug 2018 15:36:29 +0200 +Subject: [PATCH] 00189: Instead of bundled wheels, use our RPM packaged wheels + +We keep them in /usr/share/python-wheels +--- + Lib/ensurepip/__init__.py | 41 +++++++++++++++++++++++++++------------ + 1 file changed, 29 insertions(+), 12 deletions(-) + diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py -index 25c5567..2553524 100644 +index 25c55679a3..11453f5919 100644 --- a/Lib/ensurepip/__init__.py +++ b/Lib/ensurepip/__init__.py @@ -1,16 +1,31 @@ @@ -37,7 +47,7 @@ index 25c5567..2553524 100644 # pip currently requires ssl support, so we try to provide a nicer # error message when that is missing (http://bugs.python.org/issue19744) -@@ -37,8 +48,13 @@ def _run_pip(args, additional_paths=None): +@@ -37,8 +52,13 @@ def _run_pip(args, additional_paths=None): sys.path = additional_paths + sys.path # Install the bundled software @@ -53,7 +63,8 @@ index 25c5567..2553524 100644 def version(): -@@ -93,12 +109,9 @@ def bootstrap(*, root=None, upgrade=False, user=False, +@@ -92,13 +112,10 @@ def bootstrap(*, root=None, upgrade=False, user=False, + # additional paths that need added to sys.path additional_paths = [] for project, version in _PROJECTS: - wheel_name = "{}-{}-py2.py3-none-any.whl".format(project, version) diff --git a/00196-test-gdb-match-addr-before-builtin.patch b/00196-test-gdb-match-addr-before-builtin.patch deleted file mode 100644 index dc40c82..0000000 --- a/00196-test-gdb-match-addr-before-builtin.patch +++ /dev/null @@ -1,30 +0,0 @@ -Subject: python3.test gdb match addr before builtin -From: Michel Normand - -For ppc64le archi and python3... and gdb... versions -the test_gdb.py need a change of re.match to handle address before the builtin_id word. -Of course there is no error if this substring is not present. -=== -... -#0 0x00003fffb7dd0898 in builtin_id (self=, v=) at /builddir/build/BUILD/Python-3.3.2/Python/bltinmodule.c:966 -....xxxxxxxxxxxxxxxxxxxxxx <= added regexp -=== - -Signed-off-by: Michel Normand ---- - Lib/test/test_gdb.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: Python-3.3.2/Lib/test/test_gdb.py -=================================================================== ---- Python-3.3.2.orig/Lib/test/test_gdb.py -+++ Python-3.3.2/Lib/test/test_gdb.py -@@ -230,7 +230,7 @@ class DebuggerTests(unittest.TestCase): - # gdb can insert additional '\n' and space characters in various places - # in its output, depending on the width of the terminal it's connected - # to (using its "wrap_here" function) -- m = re.match('.*#0\s+builtin_id\s+\(self\=.*,\s+v=\s*(.*?)\)\s+at\s+\S*Python/bltinmodule.c.*', -+ m = re.match('.*#0\s+(?: 0x[0-9a-f]+\s+in\s+)?builtin_id\s+\(self\=.*,\s+v=\s*(.*?)\)\s+at\s+\S*Python/bltinmodule.c.*', - gdb_output, re.DOTALL) - if not m: - self.fail('Unexpected gdb output: %r\n%s' % (gdb_output, gdb_output)) diff --git a/00205-make-libpl-respect-lib64.patch b/00205-make-libpl-respect-lib64.patch index 4a6703b..700394c 100644 --- a/00205-make-libpl-respect-lib64.patch +++ b/00205-make-libpl-respect-lib64.patch @@ -1,7 +1,19 @@ -diff -up Python-3.5.0/Makefile.pre.in.lib Python-3.5.0/Makefile.pre.in ---- Python-3.5.0/Makefile.pre.in.lib 2015-09-21 15:39:47.928286620 +0200 -+++ Python-3.5.0/Makefile.pre.in 2015-09-21 15:42:58.004042762 +0200 -@@ -1340,7 +1340,7 @@ inclinstall: +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Kuska +Date: Mon, 21 Sep 2015 15:55:00 +0200 +Subject: [PATCH] 00205: Make LIBPL respect lib64 + +LIBPL variable in makefile takes LIBPL from configure.ac +but the LIBPL variable defined there doesn't respect libdir macro +--- + Makefile.pre.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.pre.in b/Makefile.pre.in +index 07f84ed28e..aafaa38ccc 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -1371,7 +1371,7 @@ inclinstall: # Install the library and miscellaneous stuff needed for extending/embedding # This goes into $(exec_prefix) diff --git a/00206-remove-hf-from-arm-triplet.patch b/00206-remove-hf-from-arm-triplet.patch index 143418a..385b581 100644 --- a/00206-remove-hf-from-arm-triplet.patch +++ b/00206-remove-hf-from-arm-triplet.patch @@ -1,5 +1,16 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Kuska +Date: Wed, 23 Sep 2015 15:06:03 +0200 +Subject: [PATCH] 00206: Remove hf flag from arm triplet + +The hf flag is used by Debian but Fedora infra uses only eabi without hf +--- + configure | 4 ++-- + configure.ac | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + diff --git a/configure b/configure -index 708cc78..93f332f 100755 +index 562f20278a..a965a4931f 100755 --- a/configure +++ b/configure @@ -5295,9 +5295,9 @@ cat >> conftest.c <> conftest.c <\r\n" - parser = expat.ParserCreate() -- try: -+ err_pattern = r'XML declaration not well-formed: line 1, column \d+' -+ with self.assertRaisesRegex(expat.ExpatError, err_pattern): - parser.Parse(xml, True) -- self.fail() -- except expat.ExpatError as e: -- self.assertEqual(str(e), 'XML declaration not well-formed: line 1, column 14') - - class ErrorMessageTest(unittest.TestCase): - def test_codes(self): diff --git a/00237-Raise-an-error-when-STARTTLS-fails.patch b/00237-Raise-an-error-when-STARTTLS-fails.patch deleted file mode 100644 index 9083e61..0000000 --- a/00237-Raise-an-error-when-STARTTLS-fails.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 761db274ca898f8a92348ed5979d3d3c1b0d634a Mon Sep 17 00:00:00 2001 -From: Tomas Orsava -Date: Fri, 17 Jun 2016 16:08:11 +0200 -Subject: [PATCH] Raise an error when STARTTLS fails - -CVE-2016-0772 python: smtplib StartTLS stripping attack -rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647 -rhbz#1346345: https://bugzilla.redhat.com/show_bug.cgi?id=1346345 - -Based on an upstream change by Benjamin Peterson -- in changeset 101887:d590114c2394 3.4 -- https://hg.python.org/cpython/rev/d590114c2394 ---- - Lib/smtplib.py | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/Lib/smtplib.py b/Lib/smtplib.py -index 4756973..dfbf5f9 100755 ---- a/Lib/smtplib.py -+++ b/Lib/smtplib.py -@@ -773,6 +773,11 @@ class SMTP: - self.ehlo_resp = None - self.esmtp_features = {} - self.does_esmtp = 0 -+ else: -+ # RFC 3207: -+ # 501 Syntax error (no parameters allowed) -+ # 454 TLS not available due to temporary reason -+ raise SMTPResponseException(resp, reply) - return (resp, reply) - - def sendmail(self, from_addr, to_addrs, msg, mail_options=[], --- -2.5.5 - diff --git a/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch b/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch deleted file mode 100644 index e2c8581..0000000 --- a/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 531dfa4bcfe55d5cd1524425944b07c5b02bddf9 Mon Sep 17 00:00:00 2001 -From: Charalampos Stratakis -Date: Fri, 8 Jul 2016 17:16:41 +0200 -Subject: [PATCH] CVE-2016-5636 fix - ---- - Modules/zipimport.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/Modules/zipimport.c b/Modules/zipimport.c -index 06abb31..4d0d1de 100644 ---- a/Modules/zipimport.c -+++ b/Modules/zipimport.c -@@ -1076,6 +1076,10 @@ get_data(PyObject *archive, PyObject *toc_entry) - &date, &crc)) { - return NULL; - } -+ if (data_size < 0) { -+ PyErr_Format(ZipImportError, "negative data size"); -+ return NULL; -+ } - - fp = _Py_fopen_obj(archive, "rb"); - if (!fp) -@@ -1112,6 +1116,11 @@ get_data(PyObject *archive, PyObject *toc_entry) - } - file_offset += l; /* Start of file data */ - -+ if (data_size > LONG_MAX - 1) { -+ fclose(fp); -+ PyErr_NoMemory(); -+ return NULL; -+ } - bytes_size = compress == 0 ? data_size : data_size + 1; - if (bytes_size == 0) - bytes_size++; --- -2.7.4 - diff --git a/00242-CVE-2016-1000110-httpoxy.patch b/00242-CVE-2016-1000110-httpoxy.patch deleted file mode 100644 index 244ebec..0000000 --- a/00242-CVE-2016-1000110-httpoxy.patch +++ /dev/null @@ -1,89 +0,0 @@ -diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst -index 24a4156..d2c7991 100644 ---- a/Doc/howto/urllib2.rst -+++ b/Doc/howto/urllib2.rst -@@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ handler: :: - through a proxy. However, this can be enabled by extending urllib.request as - shown in the recipe [#]_. - -+.. note:: -+ -+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; see -+ the documentation on :func:`~urllib.request.getproxies`. -+ - - Sockets and Layers - ================== -diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst -index 6c1bfb8..1291aeb 100644 ---- a/Doc/library/urllib.request.rst -+++ b/Doc/library/urllib.request.rst -@@ -173,6 +173,16 @@ The :mod:`urllib.request` module defines the following functions: - If both lowercase and uppercase environment variables exist (and disagree), - lowercase is preferred. - -+ .. note:: -+ -+ If the environment variable ``REQUEST_METHOD`` is set, which usually -+ indicates your script is running in a CGI environment, the environment -+ variable ``HTTP_PROXY`` (uppercase ``_PROXY``) will be ignored. This is -+ because that variable can be injected by a client using the "Proxy:" HTTP -+ header. If you need to use an HTTP proxy in a CGI environment, either use -+ ``ProxyHandler`` explicitly, or make sure the variable name is in -+ lowercase (or at least the ``_proxy`` suffix). -+ - - The following classes are provided: - -@@ -280,6 +290,11 @@ The following classes are provided: - list of hostname suffixes, optionally with ``:port`` appended, for example - ``cern.ch,ncsa.uiuc.edu,some.host:8080``. - -+ .. note:: -+ -+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; -+ see the documentation on :func:`~urllib.request.getproxies`. -+ - - .. class:: HTTPPasswordMgr() - -diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py -index 5d05f8d..c26c52a 100644 ---- a/Lib/test/test_urllib.py -+++ b/Lib/test/test_urllib.py -@@ -232,6 +232,18 @@ class ProxyTests(unittest.TestCase): - self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com:8888')) - self.assertTrue(urllib.request.proxy_bypass_environment('newdomain.com:1234')) - -+ def test_proxy_cgi_ignore(self): -+ try: -+ self.env.set('HTTP_PROXY', 'http://somewhere:3128') -+ proxies = urllib.request.getproxies_environment() -+ self.assertEqual('http://somewhere:3128', proxies['http']) -+ self.env.set('REQUEST_METHOD', 'GET') -+ proxies = urllib.request.getproxies_environment() -+ self.assertNotIn('http', proxies) -+ finally: -+ self.env.unset('REQUEST_METHOD') -+ self.env.unset('HTTP_PROXY') -+ - def test_proxy_bypass_environment_host_match(self): - bypass = urllib.request.proxy_bypass_environment - self.env.set('NO_PROXY', -diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py -index 1731fe3..3be327d 100644 ---- a/Lib/urllib/request.py -+++ b/Lib/urllib/request.py -@@ -2412,6 +2412,12 @@ def getproxies_environment(): - name = name.lower() - if value and name[-6:] == '_proxy': - proxies[name[:-6]] = value -+ # CVE-2016-1000110 - If we are running as CGI script, forget HTTP_PROXY -+ # (non-all-lowercase) as it may be set from the web server by a "Proxy:" -+ # header from the client -+ # If "proxy" is lowercase, it will still be used thanks to the next block -+ if 'REQUEST_METHOD' in os.environ: -+ proxies.pop('http', None) - for name, value in os.environ.items(): - if name[-6:] == '_proxy': - name = name.lower() diff --git a/00242-fix-mips64-triplet.patch b/00242-fix-mips64-triplet.patch deleted file mode 100644 index 91bf6af..0000000 --- a/00242-fix-mips64-triplet.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff -urp Python-3.5.0/configure p/configure ---- Python-3.5.0/configure 2016-02-25 16:12:12.615184011 +0000 -+++ p/configure 2016-02-25 16:13:01.293412517 +0000 -@@ -5133,7 +5133,7 @@ cat >> conftest.c <> conftest.c <> conftest.c <> conftest.c <> conftest.c < +Date: Mon, 1 Aug 2016 20:24:18 +0200 +Subject: [PATCH] 00243: Fix the triplet used on 64-bit MIPS + +See https://bugzilla.redhat.com/show_bug.cgi?id=1322526 +Upstream uses Debian-like style mips64-linux-gnuabi64 +Fedora needs the default mips64-linux-gnu +--- + configure | 4 ++-- + configure.ac | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index ed7a1048dc..93f332f54a 100755 +--- a/configure ++++ b/configure +@@ -5317,7 +5317,7 @@ cat >> conftest.c <> conftest.c <> conftest.c <> conftest.c <> conftest.c <> conftest.c <> conftest.c < -# Date 1473110345 -7200 -# Node ID 5c75b315152b714f7c84258ea511b461e2c06154 -# Parent 82467d0dbaea31a7971d1429ca5f4a251a995f33 -Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. - -diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst ---- a/Doc/library/ssl.rst -+++ b/Doc/library/ssl.rst -@@ -178,7 +178,7 @@ instead. - use. Typically, the server chooses a particular protocol version, and the - client must adapt to the server's choice. Most of the versions are not - interoperable with the other versions. If not specified, the default is -- :data:`PROTOCOL_SSLv23`; it provides the most compatibility with other -+ :data:`PROTOCOL_TLS`; it provides the most compatibility with other - versions. - - Here's a table showing which versions in a client (down the side) can connect -@@ -187,11 +187,11 @@ instead. - .. table:: - - ======================== ========= ========= ========== ========= =========== =========== -- *client* / **server** **SSLv2** **SSLv3** **SSLv23** **TLSv1** **TLSv1.1** **TLSv1.2** -+ *client* / **server** **SSLv2** **SSLv3** **TLS** **TLSv1** **TLSv1.1** **TLSv1.2** - ------------------------ --------- --------- ---------- --------- ----------- ----------- - *SSLv2* yes no yes no no no - *SSLv3* no yes yes no no no -- *SSLv23* no yes yes yes yes yes -+ *TLS* (*SSLv23*) no yes yes yes yes yes - *TLSv1* no no yes yes no no - *TLSv1.1* no no yes no yes no - *TLSv1.2* no no yes no no yes -@@ -244,7 +244,7 @@ purposes. - :const:`None`, this function can choose to trust the system's default - CA certificates instead. - -- The settings are: :data:`PROTOCOL_SSLv23`, :data:`OP_NO_SSLv2`, and -+ The settings are: :data:`PROTOCOL_TLS`, :data:`OP_NO_SSLv2`, and - :data:`OP_NO_SSLv3` with high encryption cipher suites without RC4 and - without unauthenticated cipher suites. Passing :data:`~Purpose.SERVER_AUTH` - as *purpose* sets :data:`~SSLContext.verify_mode` to :data:`CERT_REQUIRED` -@@ -316,6 +316,11 @@ Random generation - - .. versionadded:: 3.3 - -+ .. deprecated:: 3.5.3 -+ -+ OpenSSL has deprecated :func:`ssl.RAND_pseudo_bytes`, use -+ :func:`ssl.RAND_bytes` instead. -+ - .. function:: RAND_status() - - Return ``True`` if the SSL pseudo-random number generator has been seeded -@@ -334,7 +339,7 @@ Random generation - See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources - of entropy-gathering daemons. - -- Availability: not available with LibreSSL. -+ Availability: not available with LibreSSL and OpenSSL > 1.1.0 - - .. function:: RAND_add(bytes, entropy) - -@@ -409,7 +414,7 @@ Certificate handling - previously. Return an integer (no fractions of a second in the - input format) - --.. function:: get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None) -+.. function:: get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None) - - Given the address ``addr`` of an SSL-protected server, as a (*hostname*, - *port-number*) pair, fetches the server's certificate, and returns it as a -@@ -425,7 +430,7 @@ Certificate handling - - .. versionchanged:: 3.5 - The default *ssl_version* is changed from :data:`PROTOCOL_SSLv3` to -- :data:`PROTOCOL_SSLv23` for maximum compatibility with modern servers. -+ :data:`PROTOCOL_TLS` for maximum compatibility with modern servers. - - .. function:: DER_cert_to_PEM_cert(DER_cert_bytes) - -@@ -451,6 +456,9 @@ Certificate handling - * :attr:`openssl_capath_env` - OpenSSL's environment key that points to a capath, - * :attr:`openssl_capath` - hard coded path to a capath directory - -+ Availability: LibreSSL ignores the environment vars -+ :attr:`openssl_cafile_env` and :attr:`openssl_capath_env` -+ - .. versionadded:: 3.4 - - .. function:: enum_certificates(store_name) -@@ -568,11 +576,21 @@ Constants - - .. versionadded:: 3.4.4 - --.. data:: PROTOCOL_SSLv23 -+.. data:: PROTOCOL_TLS - - Selects the highest protocol version that both the client and server support. - Despite the name, this option can select "TLS" protocols as well as "SSL". - -+ .. versionadded:: 3.5.3 -+ -+.. data:: PROTOCOL_SSLv23 -+ -+ Alias for data:`PROTOCOL_TLS`. -+ -+ .. deprecated:: 3.5.3 -+ -+ Use data:`PROTOCOL_TLS` instead. -+ - .. data:: PROTOCOL_SSLv2 - - Selects SSL version 2 as the channel encryption protocol. -@@ -584,6 +602,10 @@ Constants - - SSL version 2 is insecure. Its use is highly discouraged. - -+ .. deprecated:: 3.5.3 -+ -+ OpenSSL has removed support for SSLv2. -+ - .. data:: PROTOCOL_SSLv3 - - Selects SSL version 3 as the channel encryption protocol. -@@ -595,10 +617,20 @@ Constants - - SSL version 3 is insecure. Its use is highly discouraged. - -+ .. deprecated:: 3.5.3 -+ -+ OpenSSL has deprecated all version specific protocols. Use the default -+ protocol data:`PROTOCOL_TLS` with flags like data:`OP_NO_SSLv3` instead. -+ - .. data:: PROTOCOL_TLSv1 - - Selects TLS version 1.0 as the channel encryption protocol. - -+ .. deprecated:: 3.5.3 -+ -+ OpenSSL has deprecated all version specific protocols. Use the default -+ protocol data:`PROTOCOL_TLS` with flags like data:`OP_NO_SSLv3` instead. -+ - .. data:: PROTOCOL_TLSv1_1 - - Selects TLS version 1.1 as the channel encryption protocol. -@@ -606,6 +638,11 @@ Constants - - .. versionadded:: 3.4 - -+ .. deprecated:: 3.5.3 -+ -+ OpenSSL has deprecated all version specific protocols. Use the default -+ protocol data:`PROTOCOL_TLS` with flags like data:`OP_NO_SSLv3` instead. -+ - .. data:: PROTOCOL_TLSv1_2 - - Selects TLS version 1.2 as the channel encryption protocol. This is the -@@ -614,6 +651,11 @@ Constants - - .. versionadded:: 3.4 - -+ .. deprecated:: 3.5.3 -+ -+ OpenSSL has deprecated all version specific protocols. Use the default -+ protocol data:`PROTOCOL_TLS` with flags like data:`OP_NO_SSLv3` instead. -+ - .. data:: OP_ALL - - Enables workarounds for various bugs present in other SSL implementations. -@@ -625,23 +667,32 @@ Constants - .. data:: OP_NO_SSLv2 - - Prevents an SSLv2 connection. This option is only applicable in -- conjunction with :const:`PROTOCOL_SSLv23`. It prevents the peers from -+ conjunction with :const:`PROTOCOL_TLS`. It prevents the peers from - choosing SSLv2 as the protocol version. - - .. versionadded:: 3.2 - -+ .. deprecated:: 3.5.3 -+ -+ SSLv2 is deprecated -+ -+ - .. data:: OP_NO_SSLv3 - - Prevents an SSLv3 connection. This option is only applicable in -- conjunction with :const:`PROTOCOL_SSLv23`. It prevents the peers from -+ conjunction with :const:`PROTOCOL_TLS`. It prevents the peers from - choosing SSLv3 as the protocol version. - - .. versionadded:: 3.2 - -+ .. deprecated:: 3.5.3 -+ -+ SSLv3 is deprecated -+ - .. data:: OP_NO_TLSv1 - - Prevents a TLSv1 connection. This option is only applicable in -- conjunction with :const:`PROTOCOL_SSLv23`. It prevents the peers from -+ conjunction with :const:`PROTOCOL_TLS`. It prevents the peers from - choosing TLSv1 as the protocol version. - - .. versionadded:: 3.2 -@@ -649,7 +700,7 @@ Constants - .. data:: OP_NO_TLSv1_1 - - Prevents a TLSv1.1 connection. This option is only applicable in conjunction -- with :const:`PROTOCOL_SSLv23`. It prevents the peers from choosing TLSv1.1 as -+ with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1.1 as - the protocol version. Available only with openssl version 1.0.1+. - - .. versionadded:: 3.4 -@@ -657,7 +708,7 @@ Constants - .. data:: OP_NO_TLSv1_2 - - Prevents a TLSv1.2 connection. This option is only applicable in conjunction -- with :const:`PROTOCOL_SSLv23`. It prevents the peers from choosing TLSv1.2 as -+ with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1.2 as - the protocol version. Available only with openssl version 1.0.1+. - - .. versionadded:: 3.4 -@@ -1081,17 +1132,21 @@ such as SSL configuration options, certi - It also manages a cache of SSL sessions for server-side sockets, in order - to speed up repeated connections from the same clients. - --.. class:: SSLContext(protocol) -- -- Create a new SSL context. You must pass *protocol* which must be one -+.. class:: SSLContext(protocol=PROTOCOL_TLS) -+ -+ Create a new SSL context. You may pass *protocol* which must be one - of the ``PROTOCOL_*`` constants defined in this module. -- :data:`PROTOCOL_SSLv23` is currently recommended for maximum -- interoperability. -+ :data:`PROTOCOL_TLS` is currently recommended for maximum -+ interoperability and default value. - - .. seealso:: - :func:`create_default_context` lets the :mod:`ssl` module choose - security settings for a given purpose. - -+ .. versionchanged:: 3.5.3 -+ -+ :data:`PROTOCOL_TLS` is the default value. -+ - - :class:`SSLContext` objects have the following methods and attributes: - -@@ -1232,6 +1287,9 @@ to speed up repeated connections from th - This method will raise :exc:`NotImplementedError` if :data:`HAS_ALPN` is - False. - -+ OpenSSL 1.1.0+ will abort the handshake and raise :exc:`SSLError` when -+ both sides support ALPN but cannot agree on a protocol. -+ - .. versionadded:: 3.5 - - .. method:: SSLContext.set_npn_protocols(protocols) -@@ -1598,7 +1656,7 @@ If you prefer to tune security settings - a context from scratch (but beware that you might not get the settings - right):: - -- >>> context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) -+ >>> context = ssl.SSLContext(ssl.PROTOCOL_TLS) - >>> context.verify_mode = ssl.CERT_REQUIRED - >>> context.check_hostname = True - >>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt") -@@ -1999,15 +2057,17 @@ Protocol versions - - SSL versions 2 and 3 are considered insecure and are therefore dangerous to - use. If you want maximum compatibility between clients and servers, it is --recommended to use :const:`PROTOCOL_SSLv23` as the protocol version and then -+recommended to use :const:`PROTOCOL_TLS` as the protocol version and then - disable SSLv2 and SSLv3 explicitly using the :data:`SSLContext.options` - attribute:: - -- context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) -+ context = ssl.SSLContext(ssl.PROTOCOL_TLS) - context.options |= ssl.OP_NO_SSLv2 - context.options |= ssl.OP_NO_SSLv3 -- --The SSL context created above will only allow TLSv1 and later (if -+ context.options |= ssl.OP_NO_TLSv1 -+ context.options |= ssl.OP_NO_TLSv1_1 -+ -+The SSL context created above will only allow TLSv1.2 and later (if - supported by your system) connections. - - Cipher selection -diff --git a/Lib/ssl.py b/Lib/ssl.py ---- a/Lib/ssl.py -+++ b/Lib/ssl.py -@@ -51,6 +51,7 @@ The following constants identify various - PROTOCOL_SSLv2 - PROTOCOL_SSLv3 - PROTOCOL_SSLv23 -+PROTOCOL_TLS - PROTOCOL_TLSv1 - PROTOCOL_TLSv1_1 - PROTOCOL_TLSv1_2 -@@ -128,9 +129,10 @@ from _ssl import _OPENSSL_API_VERSION - - _IntEnum._convert( - '_SSLMethod', __name__, -- lambda name: name.startswith('PROTOCOL_'), -+ lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23', - source=_ssl) - -+PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_TLS - _PROTOCOL_NAMES = {value: name for name, value in _SSLMethod.__members__.items()} - - try: -@@ -357,13 +359,13 @@ class SSLContext(_SSLContext): - __slots__ = ('protocol', '__weakref__') - _windows_cert_stores = ("CA", "ROOT") - -- def __new__(cls, protocol, *args, **kwargs): -+ def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs): - self = _SSLContext.__new__(cls, protocol) - if protocol != _SSLv2_IF_EXISTS: - self.set_ciphers(_DEFAULT_CIPHERS) - return self - -- def __init__(self, protocol): -+ def __init__(self, protocol=PROTOCOL_TLS): - self.protocol = protocol - - def wrap_socket(self, sock, server_side=False, -@@ -438,7 +440,7 @@ def create_default_context(purpose=Purpo - if not isinstance(purpose, _ASN1Object): - raise TypeError(purpose) - -- context = SSLContext(PROTOCOL_SSLv23) -+ context = SSLContext(PROTOCOL_TLS) - - # SSLv2 considered harmful. - context.options |= OP_NO_SSLv2 -@@ -475,7 +477,7 @@ def create_default_context(purpose=Purpo - context.load_default_certs(purpose) - return context - --def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None, -+def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None, - check_hostname=False, purpose=Purpose.SERVER_AUTH, - certfile=None, keyfile=None, - cafile=None, capath=None, cadata=None): -@@ -666,7 +668,7 @@ class SSLSocket(socket): - - def __init__(self, sock=None, keyfile=None, certfile=None, - server_side=False, cert_reqs=CERT_NONE, -- ssl_version=PROTOCOL_SSLv23, ca_certs=None, -+ ssl_version=PROTOCOL_TLS, ca_certs=None, - do_handshake_on_connect=True, - family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, - suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, -@@ -1056,7 +1058,7 @@ class SSLSocket(socket): - - def wrap_socket(sock, keyfile=None, certfile=None, - server_side=False, cert_reqs=CERT_NONE, -- ssl_version=PROTOCOL_SSLv23, ca_certs=None, -+ ssl_version=PROTOCOL_TLS, ca_certs=None, - do_handshake_on_connect=True, - suppress_ragged_eofs=True, - ciphers=None): -@@ -1125,7 +1127,7 @@ def PEM_cert_to_DER_cert(pem_cert_string - d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] - return base64.decodebytes(d.encode('ASCII', 'strict')) - --def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): -+def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None): - """Retrieve the certificate from the server at the specified address, - and return it as a PEM-encoded string. - If 'ca_certs' is specified, validate the server cert against it. -diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py ---- a/Lib/test/test_ssl.py -+++ b/Lib/test/test_ssl.py -@@ -23,6 +23,9 @@ ssl = support.import_module("ssl") - - PROTOCOLS = sorted(ssl._PROTOCOL_NAMES) - HOST = support.HOST -+IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL') -+IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) -+ - - def data_file(*name): - return os.path.join(os.path.dirname(__file__), *name) -@@ -143,8 +146,8 @@ class BasicSocketTests(unittest.TestCase - def test_str_for_enums(self): - # Make sure that the PROTOCOL_* constants have enum-like string - # reprs. -- proto = ssl.PROTOCOL_SSLv23 -- self.assertEqual(str(proto), '_SSLMethod.PROTOCOL_SSLv23') -+ proto = ssl.PROTOCOL_TLS -+ self.assertEqual(str(proto), '_SSLMethod.PROTOCOL_TLS') - ctx = ssl.SSLContext(proto) - self.assertIs(ctx.protocol, proto) - -@@ -312,8 +315,8 @@ class BasicSocketTests(unittest.TestCase - self.assertGreaterEqual(status, 0) - self.assertLessEqual(status, 15) - # Version string as returned by {Open,Libre}SSL, the format might change -- if "LibreSSL" in s: -- self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)), -+ if IS_LIBRESSL: -+ self.assertTrue(s.startswith("LibreSSL {:d}".format(major)), - (s, t, hex(n))) - else: - self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)), -@@ -790,7 +793,8 @@ class ContextTests(unittest.TestCase): - def test_constructor(self): - for protocol in PROTOCOLS: - ssl.SSLContext(protocol) -- self.assertRaises(TypeError, ssl.SSLContext) -+ ctx = ssl.SSLContext() -+ self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS) - self.assertRaises(ValueError, ssl.SSLContext, -1) - self.assertRaises(ValueError, ssl.SSLContext, 42) - -@@ -811,15 +815,15 @@ class ContextTests(unittest.TestCase): - def test_options(self): - ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) - # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3, -- ctx.options) -+ default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3) -+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0): -+ default |= ssl.OP_NO_COMPRESSION -+ self.assertEqual(default, ctx.options) - ctx.options |= ssl.OP_NO_TLSv1 -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1, -- ctx.options) -+ self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options) - if can_clear_options(): -- ctx.options = (ctx.options & ~ssl.OP_NO_SSLv2) | ssl.OP_NO_TLSv1 -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_TLSv1 | ssl.OP_NO_SSLv3, -- ctx.options) -+ ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1) -+ self.assertEqual(default, ctx.options) - ctx.options = 0 - # Ubuntu has OP_NO_SSLv3 forced on by default - self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3) -@@ -1155,6 +1159,7 @@ class ContextTests(unittest.TestCase): - self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH') - - @unittest.skipIf(sys.platform == "win32", "not-Windows specific") -+ @unittest.skipIf(IS_LIBRESSL, "LibreSSL doesn't support env vars") - def test_load_default_certs_env(self): - ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) - with support.EnvironmentVarGuard() as env: -@@ -1750,13 +1755,13 @@ class NetworkedBIOTests(unittest.TestCas - sslobj = ctx.wrap_bio(incoming, outgoing, False, REMOTE_HOST) - self.assertIs(sslobj._sslobj.owner, sslobj) - self.assertIsNone(sslobj.cipher()) -- self.assertIsNone(sslobj.shared_ciphers()) -+ self.assertIsNotNone(sslobj.shared_ciphers()) - self.assertRaises(ValueError, sslobj.getpeercert) - if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES: - self.assertIsNone(sslobj.get_channel_binding('tls-unique')) - self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake) - self.assertTrue(sslobj.cipher()) -- self.assertIsNone(sslobj.shared_ciphers()) -+ self.assertIsNotNone(sslobj.shared_ciphers()) - self.assertTrue(sslobj.getpeercert()) - if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES: - self.assertTrue(sslobj.get_channel_binding('tls-unique')) -@@ -2993,7 +2998,7 @@ else: - with context.wrap_socket(socket.socket()) as s: - self.assertIs(s.version(), None) - s.connect((HOST, server.port)) -- self.assertEqual(s.version(), "TLSv1") -+ self.assertEqual(s.version(), 'TLSv1') - self.assertIs(s.version(), None) - - @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL") -@@ -3135,24 +3140,36 @@ else: - (['http/3.0', 'http/4.0'], None) - ] - for client_protocols, expected in protocol_tests: -- server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) -+ server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) - server_context.load_cert_chain(CERTFILE) - server_context.set_alpn_protocols(server_protocols) -- client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) -+ client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) - client_context.load_cert_chain(CERTFILE) - client_context.set_alpn_protocols(client_protocols) -- stats = server_params_test(client_context, server_context, -- chatty=True, connectionchatty=True) -- -- msg = "failed trying %s (s) and %s (c).\n" \ -- "was expecting %s, but got %%s from the %%s" \ -- % (str(server_protocols), str(client_protocols), -- str(expected)) -- client_result = stats['client_alpn_protocol'] -- self.assertEqual(client_result, expected, msg % (client_result, "client")) -- server_result = stats['server_alpn_protocols'][-1] \ -- if len(stats['server_alpn_protocols']) else 'nothing' -- self.assertEqual(server_result, expected, msg % (server_result, "server")) -+ -+ try: -+ stats = server_params_test(client_context, -+ server_context, -+ chatty=True, -+ connectionchatty=True) -+ except ssl.SSLError as e: -+ stats = e -+ -+ if expected is None and IS_OPENSSL_1_1: -+ # OpenSSL 1.1.0 raises handshake error -+ self.assertIsInstance(stats, ssl.SSLError) -+ else: -+ msg = "failed trying %s (s) and %s (c).\n" \ -+ "was expecting %s, but got %%s from the %%s" \ -+ % (str(server_protocols), str(client_protocols), -+ str(expected)) -+ client_result = stats['client_alpn_protocol'] -+ self.assertEqual(client_result, expected, -+ msg % (client_result, "client")) -+ server_result = stats['server_alpn_protocols'][-1] \ -+ if len(stats['server_alpn_protocols']) else 'nothing' -+ self.assertEqual(server_result, expected, -+ msg % (server_result, "server")) - - def test_selected_npn_protocol(self): - # selected_npn_protocol() is None unless NPN is used -@@ -3300,13 +3317,23 @@ else: - client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) - client_context.verify_mode = ssl.CERT_REQUIRED - client_context.load_verify_locations(SIGNING_CA) -- client_context.set_ciphers("RC4") -- server_context.set_ciphers("AES:RC4") -+ if ssl.OPENSSL_VERSION_INFO >= (1, 0, 2): -+ client_context.set_ciphers("AES128:AES256") -+ server_context.set_ciphers("AES256") -+ alg1 = "AES256" -+ alg2 = "AES-256" -+ else: -+ client_context.set_ciphers("AES:3DES") -+ server_context.set_ciphers("3DES") -+ alg1 = "3DES" -+ alg2 = "DES-CBC3" -+ - stats = server_params_test(client_context, server_context) - ciphers = stats['server_shared_ciphers'][0] - self.assertGreater(len(ciphers), 0) - for name, tls_version, bits in ciphers: -- self.assertIn("RC4", name.split("-")) -+ if not alg1 in name.split("-") and alg2 not in name: -+ self.fail(name) - - def test_read_write_after_close_raises_valuerror(self): - context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) - -diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c ---- a/Modules/_hashopenssl.c -+++ b/Modules/_hashopenssl.c -@@ -21,7 +21,6 @@ - - /* EVP is the preferred interface to hashing in OpenSSL */ - #include --#include - /* We use the object interface to discover what hashes OpenSSL supports. */ - #include - #include "openssl/err.h" -@@ -32,11 +31,22 @@ - #define HASH_OBJ_CONSTRUCTOR 0 - #endif - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) -+/* OpenSSL < 1.1.0 */ -+#define EVP_MD_CTX_new EVP_MD_CTX_create -+#define EVP_MD_CTX_free EVP_MD_CTX_destroy -+#define HAS_FAST_PKCS5_PBKDF2_HMAC 0 -+#include -+#else -+/* OpenSSL >= 1.1.0 */ -+#define HAS_FAST_PKCS5_PBKDF2_HMAC 1 -+#endif -+ - - typedef struct { - PyObject_HEAD - PyObject *name; /* name of this hash algorithm */ -- EVP_MD_CTX ctx; /* OpenSSL message digest context */ -+ EVP_MD_CTX *ctx; /* OpenSSL message digest context */ - #ifdef WITH_THREAD - PyThread_type_lock lock; /* OpenSSL context lock */ - #endif -@@ -48,7 +58,6 @@ static PyTypeObject EVPtype; - - #define DEFINE_CONSTS_FOR_NEW(Name) \ - static PyObject *CONST_ ## Name ## _name_obj = NULL; \ -- static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \ - static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; - - DEFINE_CONSTS_FOR_NEW(md5) -@@ -59,19 +68,57 @@ DEFINE_CONSTS_FOR_NEW(sha384) - DEFINE_CONSTS_FOR_NEW(sha512) - - -+/* LCOV_EXCL_START */ -+static PyObject * -+_setException(PyObject *exc) -+{ -+ unsigned long errcode; -+ const char *lib, *func, *reason; -+ -+ errcode = ERR_peek_last_error(); -+ if (!errcode) { -+ PyErr_SetString(exc, "unknown reasons"); -+ return NULL; -+ } -+ ERR_clear_error(); -+ -+ lib = ERR_lib_error_string(errcode); -+ func = ERR_func_error_string(errcode); -+ reason = ERR_reason_error_string(errcode); -+ -+ if (lib && func) { -+ PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); -+ } -+ else if (lib) { -+ PyErr_Format(exc, "[%s] %s", lib, reason); -+ } -+ else { -+ PyErr_SetString(exc, reason); -+ } -+ return NULL; -+} -+/* LCOV_EXCL_STOP */ -+ - static EVPobject * - newEVPobject(PyObject *name) - { - EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); -+ if (retval == NULL) { -+ return NULL; -+ } -+ -+ retval->ctx = EVP_MD_CTX_new(); -+ if (retval->ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } - - /* save the name for .name to return */ -- if (retval != NULL) { -- Py_INCREF(name); -- retval->name = name; -+ Py_INCREF(name); -+ retval->name = name; - #ifdef WITH_THREAD -- retval->lock = NULL; -+ retval->lock = NULL; - #endif -- } - - return retval; - } -@@ -86,7 +133,7 @@ EVP_hash(EVPobject *self, const void *vp - process = MUNCH_SIZE; - else - process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); -- EVP_DigestUpdate(&self->ctx, (const void*)cp, process); -+ EVP_DigestUpdate(self->ctx, (const void*)cp, process); - len -= process; - cp += process; - } -@@ -101,16 +148,19 @@ EVP_dealloc(EVPobject *self) - if (self->lock != NULL) - PyThread_free_lock(self->lock); - #endif -- EVP_MD_CTX_cleanup(&self->ctx); -+ EVP_MD_CTX_free(self->ctx); - Py_XDECREF(self->name); - PyObject_Del(self); - } - --static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) -+static int -+locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) - { -+ int result; - ENTER_HASHLIB(self); -- EVP_MD_CTX_copy(new_ctx_p, &self->ctx); -+ result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); - LEAVE_HASHLIB(self); -+ return result; - } - - /* External methods for a hash object */ -@@ -126,7 +176,9 @@ EVP_copy(EVPobject *self, PyObject *unus - if ( (newobj = newEVPobject(self->name))==NULL) - return NULL; - -- locked_EVP_MD_CTX_copy(&newobj->ctx, self); -+ if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } - return (PyObject *)newobj; - } - -@@ -137,16 +189,24 @@ static PyObject * - EVP_digest(EVPobject *self, PyObject *unused) - { - unsigned char digest[EVP_MAX_MD_SIZE]; -- EVP_MD_CTX temp_ctx; -+ EVP_MD_CTX *temp_ctx; - PyObject *retval; - unsigned int digest_size; - -- locked_EVP_MD_CTX_copy(&temp_ctx, self); -- digest_size = EVP_MD_CTX_size(&temp_ctx); -- EVP_DigestFinal(&temp_ctx, digest, NULL); -+ temp_ctx = EVP_MD_CTX_new(); -+ if (temp_ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } -+ -+ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } -+ digest_size = EVP_MD_CTX_size(temp_ctx); -+ EVP_DigestFinal(temp_ctx, digest, NULL); - - retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); -- EVP_MD_CTX_cleanup(&temp_ctx); -+ EVP_MD_CTX_free(temp_ctx); - return retval; - } - -@@ -157,15 +217,23 @@ static PyObject * - EVP_hexdigest(EVPobject *self, PyObject *unused) - { - unsigned char digest[EVP_MAX_MD_SIZE]; -- EVP_MD_CTX temp_ctx; -+ EVP_MD_CTX *temp_ctx; - unsigned int digest_size; - -+ temp_ctx = EVP_MD_CTX_new(); -+ if (temp_ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } -+ - /* Get the raw (binary) digest value */ -- locked_EVP_MD_CTX_copy(&temp_ctx, self); -- digest_size = EVP_MD_CTX_size(&temp_ctx); -- EVP_DigestFinal(&temp_ctx, digest, NULL); -+ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } -+ digest_size = EVP_MD_CTX_size(temp_ctx); -+ EVP_DigestFinal(temp_ctx, digest, NULL); - -- EVP_MD_CTX_cleanup(&temp_ctx); -+ EVP_MD_CTX_free(temp_ctx); - - return _Py_strhex((const char *)digest, digest_size); - } -@@ -219,7 +287,7 @@ static PyObject * - EVP_get_block_size(EVPobject *self, void *closure) - { - long block_size; -- block_size = EVP_MD_CTX_block_size(&self->ctx); -+ block_size = EVP_MD_CTX_block_size(self->ctx); - return PyLong_FromLong(block_size); - } - -@@ -227,7 +295,7 @@ static PyObject * - EVP_get_digest_size(EVPobject *self, void *closure) - { - long size; -- size = EVP_MD_CTX_size(&self->ctx); -+ size = EVP_MD_CTX_size(self->ctx); - return PyLong_FromLong(size); - } - -@@ -288,7 +356,7 @@ EVP_tp_init(EVPobject *self, PyObject *a - PyBuffer_Release(&view); - return -1; - } -- EVP_DigestInit(&self->ctx, digest); -+ EVP_DigestInit(self->ctx, digest); - - self->name = name_obj; - Py_INCREF(self->name); -@@ -385,9 +453,9 @@ EVPnew(PyObject *name_obj, - return NULL; - - if (initial_ctx) { -- EVP_MD_CTX_copy(&self->ctx, initial_ctx); -+ EVP_MD_CTX_copy(self->ctx, initial_ctx); - } else { -- EVP_DigestInit(&self->ctx, digest); -+ EVP_DigestInit(self->ctx, digest); - } - - if (cp && len) { -@@ -453,6 +521,7 @@ EVP_new(PyObject *self, PyObject *args, - - #define PY_PBKDF2_HMAC 1 - -+#if !HAS_FAST_PKCS5_PBKDF2_HMAC - /* Improved implementation of PKCS5_PBKDF2_HMAC() - * - * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of -@@ -534,37 +603,8 @@ PKCS5_PBKDF2_HMAC_fast(const char *pass, - HMAC_CTX_cleanup(&hctx_tpl); - return 1; - } -+#endif - --/* LCOV_EXCL_START */ --static PyObject * --_setException(PyObject *exc) --{ -- unsigned long errcode; -- const char *lib, *func, *reason; -- -- errcode = ERR_peek_last_error(); -- if (!errcode) { -- PyErr_SetString(exc, "unknown reasons"); -- return NULL; -- } -- ERR_clear_error(); -- -- lib = ERR_lib_error_string(errcode); -- func = ERR_func_error_string(errcode); -- reason = ERR_reason_error_string(errcode); -- -- if (lib && func) { -- PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); -- } -- else if (lib) { -- PyErr_Format(exc, "[%s] %s", lib, reason); -- } -- else { -- PyErr_SetString(exc, reason); -- } -- return NULL; --} --/* LCOV_EXCL_STOP */ - - PyDoc_STRVAR(pbkdf2_hmac__doc__, - "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ -@@ -646,10 +686,17 @@ pbkdf2_hmac(PyObject *self, PyObject *ar - key = PyBytes_AS_STRING(key_obj); - - Py_BEGIN_ALLOW_THREADS -+#if HAS_FAST_PKCS5_PBKDF2_HMAC -+ retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, -+ (unsigned char *)salt.buf, (int)salt.len, -+ iterations, digest, dklen, -+ (unsigned char *)key); -+#else - retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, - (unsigned char *)salt.buf, (int)salt.len, - iterations, digest, dklen, - (unsigned char *)key); -+#endif - Py_END_ALLOW_THREADS - - if (!retval) { -@@ -768,7 +815,7 @@ generate_hash_name_list(void) - if (CONST_ ## NAME ## _name_obj == NULL) { \ - CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \ - if (EVP_get_digestbyname(#NAME)) { \ -- CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \ -+ CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \ - EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \ - } \ - } \ -diff --git a/Modules/_ssl.c b/Modules/_ssl.c ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -55,6 +55,14 @@ static PySocketModule_APIObject PySocket - #include - #endif - -+/* Don't warn about deprecated functions */ -+#ifdef __GNUC__ -+#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -+#endif -+#ifdef __clang__ -+#pragma clang diagnostic ignored "-Wdeprecated-declarations" -+#endif -+ - /* Include OpenSSL header files */ - #include "openssl/rsa.h" - #include "openssl/crypto.h" -@@ -91,6 +99,10 @@ struct py_ssl_library_code { - /* Include generated data (error codes) */ - #include "_ssl_data.h" - -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) -+# define OPENSSL_VERSION_1_1 1 -+#endif -+ - /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 - http://www.openssl.org/news/changelog.html - */ -@@ -117,6 +129,72 @@ struct py_ssl_library_code { - # define HAVE_ALPN - #endif - -+#ifdef OPENSSL_VERSION_1_1 -+/* OpenSSL 1.1.0+ */ -+#ifndef OPENSSL_NO_SSL2 -+#define OPENSSL_NO_SSL2 -+#endif -+#else /* OpenSSL < 1.1.0 */ -+#if defined(WITH_THREAD) -+#define HAVE_OPENSSL_CRYPTO_LOCK -+#endif -+ -+#define TLS_method SSLv23_method -+ -+static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) -+{ -+ return ne->set; -+} -+ -+#ifndef OPENSSL_NO_COMP -+static int COMP_get_type(const COMP_METHOD *meth) -+{ -+ return meth->type; -+} -+ -+static const char *COMP_get_name(const COMP_METHOD *meth) -+{ -+ return meth->name; -+} -+#endif -+ -+static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) -+{ -+ return ctx->default_passwd_callback; -+} -+ -+static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) -+{ -+ return ctx->default_passwd_callback_userdata; -+} -+ -+static int X509_OBJECT_get_type(X509_OBJECT *x) -+{ -+ return x->type; -+} -+ -+static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) -+{ -+ return x->data.x509; -+} -+ -+static int BIO_up_ref(BIO *b) -+{ -+ CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO); -+ return 1; -+} -+ -+static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) { -+ return store->objs; -+} -+ -+static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) -+{ -+ return store->param; -+} -+#endif /* OpenSSL < 1.1.0 or LibreSSL */ -+ -+ - enum py_ssl_error { - /* these mirror ssl.h */ - PY_SSL_ERROR_NONE, -@@ -147,7 +225,7 @@ enum py_ssl_cert_requirements { - enum py_ssl_version { - PY_SSL_VERSION_SSL2, - PY_SSL_VERSION_SSL3=1, -- PY_SSL_VERSION_SSL23, -+ PY_SSL_VERSION_TLS, - #if HAVE_TLSv1_2 - PY_SSL_VERSION_TLS1, - PY_SSL_VERSION_TLS1_1, -@@ -527,8 +605,8 @@ newPySSLSocket(PySSLContext *sslctx, PyS - /* BIOs are reference counted and SSL_set_bio borrows our reference. - * To prevent a double free in memory_bio_dealloc() we need to take an - * extra reference here. */ -- CRYPTO_add(&inbio->bio->references, 1, CRYPTO_LOCK_BIO); -- CRYPTO_add(&outbio->bio->references, 1, CRYPTO_LOCK_BIO); -+ BIO_up_ref(inbio->bio); -+ BIO_up_ref(outbio->bio); - SSL_set_bio(self->ssl, inbio->bio, outbio->bio); - } - mode = SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; -@@ -738,7 +816,7 @@ static PyObject * - - /* check to see if we've gotten to a new RDN */ - if (rdn_level >= 0) { -- if (rdn_level != entry->set) { -+ if (rdn_level != X509_NAME_ENTRY_set(entry)) { - /* yes, new RDN */ - /* add old RDN to DN */ - rdnt = PyList_AsTuple(rdn); -@@ -755,7 +833,7 @@ static PyObject * - goto fail0; - } - } -- rdn_level = entry->set; -+ rdn_level = X509_NAME_ENTRY_set(entry); - - /* now add this attribute to the current RDN */ - name = X509_NAME_ENTRY_get_object(entry); -@@ -853,18 +931,18 @@ static PyObject * - goto fail; - } - -- p = ext->value->data; -+ p = X509_EXTENSION_get_data(ext)->data; - if (method->it) - names = (GENERAL_NAMES*) - (ASN1_item_d2i(NULL, - &p, -- ext->value->length, -+ X509_EXTENSION_get_data(ext)->length, - ASN1_ITEM_ptr(method->it))); - else - names = (GENERAL_NAMES*) - (method->d2i(NULL, - &p, -- ext->value->length)); -+ X509_EXTENSION_get_data(ext)->length)); - - for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { - /* get a rendering of each name in the set of names */ -@@ -1075,13 +1153,11 @@ static PyObject * - int i, j; - PyObject *lst, *res = NULL; - --#if OPENSSL_VERSION_NUMBER < 0x10001000L -- dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); --#else -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L - /* Calls x509v3_cache_extensions and sets up crldp */ - X509_check_ca(certificate); -- dps = certificate->crldp; - #endif -+ dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); - - if (dps == NULL) - return Py_None; -@@ -1451,14 +1527,13 @@ static PyObject * - _ssl__SSLSocket_shared_ciphers_impl(PySSLSocket *self) - /*[clinic end generated code: output=3d174ead2e42c4fd input=0bfe149da8fe6306]*/ - { -- SSL_SESSION *sess = SSL_get_session(self->ssl); - STACK_OF(SSL_CIPHER) *ciphers; - int i; - PyObject *res; - -- if (!sess || !sess->ciphers) -+ ciphers = SSL_get_ciphers(self->ssl); -+ if (!ciphers) - Py_RETURN_NONE; -- ciphers = sess->ciphers; - res = PyList_New(sk_SSL_CIPHER_num(ciphers)); - if (!res) - return NULL; -@@ -1567,9 +1642,9 @@ static PyObject * - if (self->ssl == NULL) - Py_RETURN_NONE; - comp_method = SSL_get_current_compression(self->ssl); -- if (comp_method == NULL || comp_method->type == NID_undef) -+ if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef) - Py_RETURN_NONE; -- short_name = OBJ_nid2sn(comp_method->type); -+ short_name = COMP_get_name(comp_method); - if (short_name == NULL) - Py_RETURN_NONE; - return PyUnicode_DecodeFSDefault(short_name); -@@ -2255,8 +2330,8 @@ static PyObject * - else if (proto_version == PY_SSL_VERSION_SSL2) - ctx = SSL_CTX_new(SSLv2_method()); - #endif -- else if (proto_version == PY_SSL_VERSION_SSL23) -- ctx = SSL_CTX_new(SSLv23_method()); -+ else if (proto_version == PY_SSL_VERSION_TLS) -+ ctx = SSL_CTX_new(TLS_method()); - else - proto_version = -1; - PySSL_END_ALLOW_THREADS -@@ -2318,8 +2393,9 @@ static PyObject * - #ifndef OPENSSL_NO_ECDH - /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use - prime256v1 by default. This is Apache mod_ssl's initialization -- policy, so we should be safe. */ --#if defined(SSL_CTX_set_ecdh_auto) -+ policy, so we should be safe. OpenSSL 1.1 has it enabled by default. -+ */ -+#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1) - SSL_CTX_set_ecdh_auto(self->ctx, 1); - #else - { -@@ -2586,10 +2662,12 @@ static PyObject * - get_verify_flags(PySSLContext *self, void *c) - { - X509_STORE *store; -+ X509_VERIFY_PARAM *param; - unsigned long flags; - - store = SSL_CTX_get_cert_store(self->ctx); -- flags = X509_VERIFY_PARAM_get_flags(store->param); -+ param = X509_STORE_get0_param(store); -+ flags = X509_VERIFY_PARAM_get_flags(param); - return PyLong_FromUnsignedLong(flags); - } - -@@ -2597,22 +2675,24 @@ static int - set_verify_flags(PySSLContext *self, PyObject *arg, void *c) - { - X509_STORE *store; -+ X509_VERIFY_PARAM *param; - unsigned long new_flags, flags, set, clear; - - if (!PyArg_Parse(arg, "k", &new_flags)) - return -1; - store = SSL_CTX_get_cert_store(self->ctx); -- flags = X509_VERIFY_PARAM_get_flags(store->param); -+ param = X509_STORE_get0_param(store); -+ flags = X509_VERIFY_PARAM_get_flags(param); - clear = flags & ~new_flags; - set = ~flags & new_flags; - if (clear) { -- if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) { -+ if (!X509_VERIFY_PARAM_clear_flags(param, clear)) { - _setSSLError(NULL, 0, __FILE__, __LINE__); - return -1; - } - } - if (set) { -- if (!X509_VERIFY_PARAM_set_flags(store->param, set)) { -+ if (!X509_VERIFY_PARAM_set_flags(param, set)) { - _setSSLError(NULL, 0, __FILE__, __LINE__); - return -1; - } -@@ -2789,8 +2869,8 @@ static PyObject * - /*[clinic end generated code: output=9480bc1c380e2095 input=7cf9ac673cbee6fc]*/ - { - PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL; -- pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback; -- void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata; -+ pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx); -+ void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx); - _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 }; - int r; - -@@ -2917,8 +2997,9 @@ static int - cert = d2i_X509_bio(biobuf, NULL); - } else { - cert = PEM_read_bio_X509(biobuf, NULL, -- self->ctx->default_passwd_callback, -- self->ctx->default_passwd_callback_userdata); -+ SSL_CTX_get_default_passwd_cb(self->ctx), -+ SSL_CTX_get_default_passwd_cb_userdata(self->ctx) -+ ); - } - if (cert == NULL) { - break; -@@ -3444,25 +3525,24 @@ static PyObject * - /*[clinic end generated code: output=5f356f4d9cca874d input=eb40dd0f6d0e40cf]*/ - { - X509_STORE *store; -+ STACK_OF(X509_OBJECT) *objs; - X509_OBJECT *obj; -- int x509 = 0, crl = 0, pkey = 0, ca = 0, i; -+ int x509 = 0, crl = 0, ca = 0, i; - - store = SSL_CTX_get_cert_store(self->ctx); -- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { -- obj = sk_X509_OBJECT_value(store->objs, i); -- switch (obj->type) { -+ objs = X509_STORE_get0_objects(store); -+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { -+ obj = sk_X509_OBJECT_value(objs, i); -+ switch (X509_OBJECT_get_type(obj)) { - case X509_LU_X509: - x509++; -- if (X509_check_ca(obj->data.x509)) { -+ if (X509_check_ca(X509_OBJECT_get0_X509(obj))) { - ca++; - } - break; - case X509_LU_CRL: - crl++; - break; -- case X509_LU_PKEY: -- pkey++; -- break; - default: - /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY. - * As far as I can tell they are internal states and never -@@ -3492,6 +3572,7 @@ static PyObject * - /*[clinic end generated code: output=0d58f148f37e2938 input=6887b5a09b7f9076]*/ - { - X509_STORE *store; -+ STACK_OF(X509_OBJECT) *objs; - PyObject *ci = NULL, *rlist = NULL; - int i; - -@@ -3500,17 +3581,18 @@ static PyObject * - } - - store = SSL_CTX_get_cert_store(self->ctx); -- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { -+ objs = X509_STORE_get0_objects(store); -+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { - X509_OBJECT *obj; - X509 *cert; - -- obj = sk_X509_OBJECT_value(store->objs, i); -- if (obj->type != X509_LU_X509) { -+ obj = sk_X509_OBJECT_value(objs, i); -+ if (X509_OBJECT_get_type(obj) != X509_LU_X509) { - /* not a x509 cert */ - continue; - } - /* CA for any purpose */ -- cert = obj->data.x509; -+ cert = X509_OBJECT_get0_X509(obj); - if (!X509_check_ca(cert)) { - continue; - } -@@ -4374,10 +4456,12 @@ static PyMethodDef PySSL_methods[] = { - }; - - --#ifdef WITH_THREAD -+#ifdef HAVE_OPENSSL_CRYPTO_LOCK - - /* an implementation of OpenSSL threading operations in terms -- of the Python C thread library */ -+ * of the Python C thread library -+ * Only used up to 1.0.2. OpenSSL 1.1.0+ has its own locking code. -+ */ - - static PyThread_type_lock *_ssl_locks = NULL; - -@@ -4458,7 +4542,7 @@ static int _setup_ssl_threads(void) { - return 1; - } - --#endif /* def HAVE_THREAD */ -+#endif /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */ - - PyDoc_STRVAR(module_doc, - "Implementation module for SSL socket operations. See the socket module\n\ -@@ -4527,11 +4611,16 @@ PyInit__ssl(void) - SSL_load_error_strings(); - SSL_library_init(); - #ifdef WITH_THREAD -+#ifdef HAVE_OPENSSL_CRYPTO_LOCK - /* note that this will start threading if not already started */ - if (!_setup_ssl_threads()) { - return NULL; - } -+#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS) -+ /* OpenSSL 1.1.0 builtin thread support is enabled */ -+ _ssl_locks_count++; - #endif -+#endif /* WITH_THREAD */ - OpenSSL_add_all_algorithms(); - - /* Add symbols to module dict */ -@@ -4678,7 +4767,9 @@ PyInit__ssl(void) - PY_SSL_VERSION_SSL3); - #endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", -- PY_SSL_VERSION_SSL23); -+ PY_SSL_VERSION_TLS); -+ PyModule_AddIntConstant(m, "PROTOCOL_TLS", -+ PY_SSL_VERSION_TLS); - PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", - PY_SSL_VERSION_TLS1); - #if HAVE_TLSv1_2 - -diff --git a/Modules/_ssl.c b/Modules/_ssl.c ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -151,11 +151,6 @@ static int COMP_get_type(const COMP_METH - { - return meth->type; - } -- --static const char *COMP_get_name(const COMP_METHOD *meth) --{ -- return meth->name; --} - #endif - - static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) -@@ -1644,7 +1639,7 @@ static PyObject * - comp_method = SSL_get_current_compression(self->ssl); - if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef) - Py_RETURN_NONE; -- short_name = COMP_get_name(comp_method); -+ short_name = OBJ_nid2sn(COMP_get_type(comp_method)); - if (short_name == NULL) - Py_RETURN_NONE; - return PyUnicode_DecodeFSDefault(short_name); diff --git a/00250-getentropy.patch b/00250-getentropy.patch deleted file mode 100644 index 8a7c41d..0000000 --- a/00250-getentropy.patch +++ /dev/null @@ -1,160 +0,0 @@ -diff --git a/Python/random.c b/Python/random.c -index d203939..4c27585 100644 ---- a/Python/random.c -+++ b/Python/random.c -@@ -76,46 +76,7 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) - return 0; - } - --/* Issue #25003: Don't use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) --#define PY_GETENTROPY 1 -- --/* Fill buffer with size pseudo-random bytes generated by getentropy(). -- Return 0 on success, or raise an exception and return -1 on error. -- -- If fatal is nonzero, call Py_FatalError() instead of raising an exception -- on error. */ --static int --py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal) --{ -- while (size > 0) { -- Py_ssize_t len = Py_MIN(size, 256); -- int res; -- -- if (!fatal) { -- Py_BEGIN_ALLOW_THREADS -- res = getentropy(buffer, len); -- Py_END_ALLOW_THREADS -- -- if (res < 0) { -- PyErr_SetFromErrno(PyExc_OSError); -- return -1; -- } -- } -- else { -- res = getentropy(buffer, len); -- if (res < 0) -- Py_FatalError("getentropy() failed"); -- } -- -- buffer += len; -- size -= len; -- } -- return 0; --} -- --#else -+#else /* !MS_WINDOWS */ - - #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL) - #define PY_GETRANDOM 1 -@@ -227,6 +188,59 @@ py_getrandom(void *buffer, Py_ssize_t size, int raise) - } - return 1; - } -+ -+/* Issue #25003: Don't use getentropy() on Solaris (available since -+ * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ -+#elif defined(HAVE_GETENTROPY) && !defined(sun) -+#define PY_GETENTROPY 1 -+ -+/* Fill buffer with size pseudo-random bytes generated by getentropy(). -+ Return 1 on success, or raise an exception and return -1 on error. -+ -+ If raise is zero, don't raise an exception on error. */ -+static int -+py_getentropy(char *buffer, Py_ssize_t size, int raise) -+{ -+ /* Is getentropy() supported by the running kernel? Set to 0 if -+ getentropy() failed with ENOSYS. */ -+ static int getentropy_works = 1; -+ -+ if (!getentropy_works) { -+ return 0; -+ } -+ -+ while (size > 0) { -+ Py_ssize_t len = Py_MIN(size, 256); -+ int res; -+ -+ if (raise) { -+ Py_BEGIN_ALLOW_THREADS -+ res = getentropy(buffer, len); -+ Py_END_ALLOW_THREADS -+ } -+ else { -+ res = getentropy(buffer, len); -+ } -+ -+ if (res < 0) { -+ /* ENOSYS: the inner syscall is not supported by the running -+ kernel. */ -+ if (errno == ENOSYS) { -+ getentropy_works = 0; -+ return 0; -+ } -+ -+ if (raise) { -+ PyErr_SetFromErrno(PyExc_OSError); -+ } -+ return -1; -+ } -+ -+ buffer += len; -+ size -= len; -+ } -+ return 1; -+} - #endif - - static struct { -@@ -288,7 +302,7 @@ dev_urandom_python(char *buffer, Py_ssize_t size) - int fd; - Py_ssize_t n; - struct _Py_stat_struct st; --#ifdef PY_GETRANDOM -+#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) - int res; - #endif - -@@ -297,6 +311,10 @@ dev_urandom_python(char *buffer, Py_ssize_t size) - - #ifdef PY_GETRANDOM - res = py_getrandom(buffer, size, 1); -+#elif defined(PY_GETENTROPY) -+ res = py_getentropy(buffer, size, 1); -+#endif -+#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) - if (res < 0) { - return -1; - } -@@ -376,8 +394,8 @@ dev_urandom_close(void) - urandom_cache.fd = -1; - } - } -+#endif /* !MS_WINDOWS */ - --#endif - - /* Fill buffer with pseudo-random bytes generated by a linear congruent - generator (LCG): -@@ -418,8 +436,6 @@ _PyOS_URandom(void *buffer, Py_ssize_t size) - - #ifdef MS_WINDOWS - return win32_urandom((unsigned char *)buffer, size, 1); --#elif defined(PY_GETENTROPY) -- return py_getentropy(buffer, size, 0); - #else - return dev_urandom_python((char*)buffer, size); - #endif -@@ -481,8 +497,6 @@ _PyRandom_Fini(void) - CryptReleaseContext(hCryptProv, 0); - hCryptProv = 0; - } --#elif defined(PY_GETENTROPY) -- /* nothing to clean */ - #else - dev_urandom_close(); - #endif diff --git a/00264-fix-test-failing-on-aarch64.patch b/00264-fix-test-failing-on-aarch64.patch index a881a1c..a51f706 100644 --- a/00264-fix-test-failing-on-aarch64.patch +++ b/00264-fix-test-failing-on-aarch64.patch @@ -1,8 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Charalampos Stratakis +Date: Mon, 30 Oct 2017 17:36:25 +0100 +Subject: [PATCH] 00264: Fix test failing on aarch64 + +test_pass_by_value was added in Python 3.5.4 and on aarch64 +it is catching an error that was there, but wasn't tested before. +Since the Python 3.5 branch is on security bug fix mode only +we backport the fix from the master branch. +Fixed upstream: http://bugs.python.org/issue29804 +--- + Lib/ctypes/test/test_as_parameter.py | 4 ++++ + Lib/ctypes/test/test_structures.py | 22 ++++++++++++++++++++++ + Modules/_ctypes/_ctypes_test.c | 18 ++++++++++++++++++ + Modules/_ctypes/callproc.c | 23 +++++++++++++++++++++-- + 4 files changed, 65 insertions(+), 2 deletions(-) + diff --git a/Lib/ctypes/test/test_as_parameter.py b/Lib/ctypes/test/test_as_parameter.py -index 2a3484bec01..a2640575a07 100644 +index 2a3484bec0..a2640575a0 100644 --- a/Lib/ctypes/test/test_as_parameter.py +++ b/Lib/ctypes/test/test_as_parameter.py -@@ -169,6 +169,10 @@ class S2H(Structure): +@@ -169,6 +169,10 @@ class BasicWrapTestCase(unittest.TestCase): s2h = dll.ret_2h_func(self.wrap(inp)) self.assertEqual((s2h.x, s2h.y), (99*2, 88*3)) @@ -14,10 +31,10 @@ index 2a3484bec01..a2640575a07 100644 class S8I(Structure): _fields_ = [("a", c_int), diff --git a/Lib/ctypes/test/test_structures.py b/Lib/ctypes/test/test_structures.py -index 2e778fb1b43..d90c71144c9 100644 +index 2e9fc7c49c..fa7e86fa89 100644 --- a/Lib/ctypes/test/test_structures.py +++ b/Lib/ctypes/test/test_structures.py -@@ -417,6 +417,28 @@ class X(Structure): +@@ -420,6 +420,28 @@ class StructureTestCase(unittest.TestCase): self.assertEqual(s.second, 0xcafebabe) self.assertEqual(s.third, 0x0bad1dea) @@ -47,7 +64,7 @@ index 2e778fb1b43..d90c71144c9 100644 def test(self): diff --git a/Modules/_ctypes/_ctypes_test.c b/Modules/_ctypes/_ctypes_test.c -index fe0015c8013..2255e573393 100644 +index e3240c526f..ed2cb6c823 100644 --- a/Modules/_ctypes/_ctypes_test.c +++ b/Modules/_ctypes/_ctypes_test.c @@ -57,6 +57,24 @@ _testfunc_large_struct_update_value(Test in) @@ -76,10 +93,10 @@ index fe0015c8013..2255e573393 100644 { printf("testfunc_array %d %d %d %d\n", diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c -index 0b6faf96c68..5439b939dc4 100644 +index 70e416b950..8a20e6ae13 100644 --- a/Modules/_ctypes/callproc.c +++ b/Modules/_ctypes/callproc.c -@@ -1039,6 +1039,13 @@ GetComError(HRESULT errcode, GUID *riid, IUnknown *pIunk) +@@ -1044,6 +1044,13 @@ GetComError(HRESULT errcode, GUID *riid, IUnknown *pIunk) } #endif @@ -93,7 +110,7 @@ index 0b6faf96c68..5439b939dc4 100644 /* * Requirements, must be ensured by the caller: * - argtuple is tuple of arguments -@@ -1136,8 +1143,20 @@ PyObject *_ctypes_callproc(PPROC pProc, +@@ -1141,8 +1148,20 @@ PyObject *_ctypes_callproc(PPROC pProc, } for (i = 0; i < argcount; ++i) { atypes[i] = args[i].ffi_type; diff --git a/00270-fix-ssl-alpn-hook-test.patch b/00270-fix-ssl-alpn-hook-test.patch index 97b433e..7f7387a 100644 --- a/00270-fix-ssl-alpn-hook-test.patch +++ b/00270-fix-ssl-alpn-hook-test.patch @@ -1,8 +1,19 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Charalampos Stratakis +Date: Mon, 26 Jun 2017 11:55:09 +0200 +Subject: [PATCH] 00270: Fix test_alpn_protocols from test_ssl + +openssl > 1.1.0f changed the behaviour of the ALPN hook. +Fixed upstream: http://bugs.python.org/issue30714 +--- + Lib/test/test_ssl.py | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py -index d203cdd..c128dae 100644 +index 30a64ee0a4..93a759fd90 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py -@@ -3256,8 +3256,9 @@ if _have_threads: +@@ -3204,8 +3204,9 @@ else: except ssl.SSLError as e: stats = e diff --git a/00273-skip-float-test.patch b/00273-skip-float-test.patch index 233d3ed..f45c518 100644 --- a/00273-skip-float-test.patch +++ b/00273-skip-float-test.patch @@ -1,8 +1,20 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Charalampos Stratakis +Date: Mon, 30 Oct 2017 17:43:37 +0100 +Subject: [PATCH] 00273: Skip test_float_with_comma, which fails in Koji with + UnicodeDecodeError + +See https://bugzilla.redhat.com/show_bug.cgi?id=1484497 +Reported upstream: https://bugs.python.org/issue31900 +--- + Lib/test/test_float.py | 1 + + 1 file changed, 1 insertion(+) + diff --git a/Lib/test/test_float.py b/Lib/test/test_float.py -index 66726d6496d..3318fa5df59 100644 +index 28b6954c4d..4f1504bc5d 100644 --- a/Lib/test/test_float.py +++ b/Lib/test/test_float.py -@@ -141,6 +141,7 @@ class GeneralFloatCases(unittest.TestCase): +@@ -120,6 +120,7 @@ class GeneralFloatCases(unittest.TestCase): # non-UTF-8 byte string check(b'123\xa0') diff --git a/00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch b/00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch index 7cdd239..7c8617b 100644 --- a/00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch +++ b/00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch @@ -1,5 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Mon, 22 Jan 2018 20:10:32 +0000 +Subject: [PATCH] 00290: Include crypt.h for declaration of crypt + +Not every target system may provide a crypt() function in its stdlibc +and may use an external or replacement library, like libxcrypt, for +providing such functions. +Fixed upstream: https://bugs.python.org/issue32635 + +Co-authored-by: Charalampos Stratakis +--- + Include/Python.h | 3 +++ + configure | 2 +- + configure.ac | 2 +- + pyconfig.h.in | 3 +++ + 4 files changed, 8 insertions(+), 2 deletions(-) + diff --git a/Include/Python.h b/Include/Python.h -index 858dbd1..2845742 100644 +index 858dbd1a66..2845742203 100644 --- a/Include/Python.h +++ b/Include/Python.h @@ -35,6 +35,9 @@ @@ -13,7 +31,7 @@ index 858dbd1..2845742 100644 /* For size_t? */ #ifdef HAVE_STDDEF_H diff --git a/configure b/configure -index 93f332f..ed37d5d 100755 +index 93f332f54a..ed37d5d36a 100755 --- a/configure +++ b/configure @@ -7709,7 +7709,7 @@ $as_echo "#define STDC_HEADERS 1" >>confdefs.h @@ -26,7 +44,7 @@ index 93f332f..ed37d5d 100755 ieeefp.h io.h langinfo.h libintl.h process.h pthread.h \ sched.h shadow.h signal.h stdint.h stropts.h termios.h \ diff --git a/configure.ac b/configure.ac -index d071dde..937bb65 100644 +index d071dde414..937bb6536e 100644 --- a/configure.ac +++ b/configure.ac @@ -1949,7 +1949,7 @@ dnl AC_MSG_RESULT($cpp_type) @@ -39,7 +57,7 @@ index d071dde..937bb65 100644 ieeefp.h io.h langinfo.h libintl.h process.h pthread.h \ sched.h shadow.h signal.h stdint.h stropts.h termios.h \ diff --git a/pyconfig.h.in b/pyconfig.h.in -index 9052dbc..7d1f125 100644 +index 9052dbc184..7d1f125600 100644 --- a/pyconfig.h.in +++ b/pyconfig.h.in @@ -137,6 +137,9 @@ diff --git a/00315-test_email-mktime.patch b/00315-test_email-mktime.patch index aacdcd6..0670bed 100644 --- a/00315-test_email-mktime.patch +++ b/00315-test_email-mktime.patch @@ -1,14 +1,14 @@ -From 0165caf04ef9c615c8b86dd16f7c201ca7a0befa Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Tue, 27 Nov 2018 12:40:50 +0100 -Subject: [PATCH] bpo-35317: Fix mktime() error in test_email (GH-10721) +Subject: [PATCH] 00315: Fix mktime() error in test_email Fix mktime() overflow error in test_email: run test_localtime_daylight_true_dst_true() and test_localtime_daylight_false_dst_true() with a specific timezone. -(cherry picked from commit cfaafda8e3e19764682abb4bd4c574accb784c42) -Co-authored-by: Victor Stinner +http://bugs.python.org/issue35317 +https://bugzilla.redhat.com/show_bug.cgi?id=1652843 --- Lib/test/test_email/test_utils.py | 2 ++ .../NEWS.d/next/Tests/2018-11-26-16-54-21.bpo-35317.jByGP2.rst | 3 +++ @@ -16,10 +16,10 @@ Co-authored-by: Victor Stinner create mode 100644 Misc/NEWS.d/next/Tests/2018-11-26-16-54-21.bpo-35317.jByGP2.rst diff --git a/Lib/test/test_email/test_utils.py b/Lib/test/test_email/test_utils.py -index 6dcb3bbe7aab..4e3c3f3a195f 100644 +index 6dcb3bbe7a..4e3c3f3a19 100644 --- a/Lib/test/test_email/test_utils.py +++ b/Lib/test/test_email/test_utils.py -@@ -75,6 +75,7 @@ def test_localtime_daylight_false_dst_false(self): +@@ -75,6 +75,7 @@ class LocaltimeTests(unittest.TestCase): t2 = utils.localtime(t1) self.assertEqual(t1, t2) @@ -27,7 +27,7 @@ index 6dcb3bbe7aab..4e3c3f3a195f 100644 def test_localtime_daylight_true_dst_true(self): test.support.patch(self, time, 'daylight', True) t0 = datetime.datetime(2012, 3, 12, 1, 1) -@@ -82,6 +83,7 @@ def test_localtime_daylight_true_dst_true(self): +@@ -82,6 +83,7 @@ class LocaltimeTests(unittest.TestCase): t2 = utils.localtime(t1) self.assertEqual(t1, t2) @@ -37,7 +37,7 @@ index 6dcb3bbe7aab..4e3c3f3a195f 100644 t0 = datetime.datetime(2012, 3, 12, 1, 1) diff --git a/Misc/NEWS.d/next/Tests/2018-11-26-16-54-21.bpo-35317.jByGP2.rst b/Misc/NEWS.d/next/Tests/2018-11-26-16-54-21.bpo-35317.jByGP2.rst new file mode 100644 -index 000000000000..73a30f71927f +index 0000000000..73a30f7192 --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2018-11-26-16-54-21.bpo-35317.jByGP2.rst @@ -0,0 +1,3 @@ diff --git a/00343-faulthandler-gcc10.patch b/00343-faulthandler-gcc10.patch index 199dcd7..991e954 100644 --- a/00343-faulthandler-gcc10.patch +++ b/00343-faulthandler-gcc10.patch @@ -1,33 +1,27 @@ -commit 5044c889dfced2f43e2cccb673d889a4882f6b3b -Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> -Date: Wed Dec 4 12:29:22 2019 -0800 - - bpo-38965: Fix faulthandler._stack_overflow() on GCC 10 (GH-17467) - - Use the "volatile" keyword to prevent tail call optimization - on any compiler, rather than relying on compiler specific pragma. - (cherry picked from commit 8b787964e0a647caa0558b7c29ae501470d727d9) - - Co-authored-by: Victor Stinner - -commit ac827edc493d3ac3f5b9b0cc353df1d4b418a9aa -Author: Victor Stinner -Date: Wed Aug 14 23:35:27 2019 +0200 - - bpo-21131: Fix faulthandler.register(chain=True) stack (GH-15276) - - faulthandler now allocates a dedicated stack of SIGSTKSZ*2 bytes, - instead of just SIGSTKSZ bytes. Calling the previous signal handler - in faulthandler signal handler uses more than SIGSTKSZ bytes of stack - memory on some platforms. +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Fri, 19 Jun 2020 17:16:05 +0200 +Subject: [PATCH] 00343: Fix test_faulthandler on GCC 10 + +bpo-38965: Fix faulthandler._stack_overflow() on GCC 10 +Fixed upstream and backported from the 3.7 branch: +https://bugs.python.org/issue38965 +https://github.com/python/cpython/commit/f4a21d3b239bf4f4e4e2a8a5936b9b040645b246 + +bpo-21131: Fix faulthandler.register(chain=True) stack (GH-15276) +https://bugs.python.org/issue21131 +https://github.com/python/cpython/commit/ac827edc493d3ac3f5b9b0cc353df1d4b418a9aa +--- + Modules/faulthandler.c | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/Modules/faulthandler.c b/Modules/faulthandler.c -index 56285b6..a682ffa 100644 +index 56285b6358..a682ffacf9 100644 --- a/Modules/faulthandler.c +++ b/Modules/faulthandler.c @@ -952,18 +952,15 @@ faulthandler_fatal_error_py(PyObject *self, PyObject *args) } - + #if defined(HAVE_SIGALTSTACK) && defined(HAVE_SIGACTION) -#ifdef __INTEL_COMPILER - /* Issue #23654: Turn off ICC's tail call optimization for the diff --git a/00348-always-disable-lchmod.patch b/00348-always-disable-lchmod.patch index f3df5ff..aa3a7ca 100644 --- a/00348-always-disable-lchmod.patch +++ b/00348-always-disable-lchmod.patch @@ -1,5 +1,21 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Benjamin Peterson +Date: Wed, 12 Sep 2018 15:52:40 -0700 +Subject: [PATCH] 00348: Always disable lchmod on Linux. + +Backport of commit, upstream is doing only security fixes for python35 +https://bugs.python.org/issue34652 +https://github.com/python/cpython/commit/40caa05fa4d1810a1a6bfc34e0ec930c351089b7 + +Co-authored-by: Tomas Hrnciar +--- + Lib/test/test_resource.py | 3 --- + configure | 32 ++++++++++++++++++++++++++++++-- + configure.ac | 9 ++++++++- + 3 files changed, 38 insertions(+), 6 deletions(-) + diff --git a/Lib/test/test_resource.py b/Lib/test/test_resource.py -index cc9c570..b405f01 100644 +index cc9c57024d..b405f0169d 100644 --- a/Lib/test/test_resource.py +++ b/Lib/test/test_resource.py @@ -148,9 +148,6 @@ class ResourceTest(unittest.TestCase): @@ -13,7 +29,7 @@ index cc9c570..b405f01 100644 -1, resource.RLIMIT_AS) limit = resource.getrlimit(resource.RLIMIT_AS) diff --git a/configure b/configure -index ed37d5d..a00eb55 100755 +index ed37d5d36a..a00eb5572c 100755 --- a/configure +++ b/configure @@ -783,6 +783,7 @@ infodir @@ -98,7 +114,7 @@ index ed37d5d..a00eb55 100755 ac_fn_c_check_decl "$LINENO" "dirfd" "ac_cv_have_decl_dirfd" "#include #include diff --git a/configure.ac b/configure.ac -index 937bb65..6c7813b 100644 +index 937bb6536e..6c7813b44c 100644 --- a/configure.ac +++ b/configure.ac @@ -3370,7 +3370,7 @@ AC_CHECK_FUNCS(alarm accept4 setitimer getitimer bind_textdomain_codeset chown \ diff --git a/05001-add-correct-arch-for-ppc64-ppc64le.patch b/05001-add-correct-arch-for-ppc64-ppc64le.patch new file mode 100644 index 0000000..7b62f1a --- /dev/null +++ b/05001-add-correct-arch-for-ppc64-ppc64le.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Than Ngo +Date: Fri, 13 Nov 2015 18:50:47 +0100 +Subject: [PATCH] 05001: Add correct arch for ppc64/ppc64le + +It should be ppc64le-linux-gnu/ppc64-linux-gnu instead powerpc64le-linux-gnu/powerpc64-linux-gnu +--- + configure | 4 ++-- + configure.ac | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index a965a4931f..ed7a1048dc 100755 +--- a/configure ++++ b/configure +@@ -5337,9 +5337,9 @@ cat >> conftest.c <> conftest.c <> conftest.c <> conftest.c <= 2^31 on 32-bit architectures. +# 00157 # 9e7157d043899e27b602630edb78d7c395ed2f8b +# Update uid/gid handling throughout the standard library +# +# uid_t and gid_t are unsigned 32-bit values, but existing code often passed +# them through C long values, which are signed 32-bit values on 32-bit +# architectures, leading to negative int objects for uid/gid values >= 2^31 +# on 32-bit architectures. # # Introduce _PyObject_FromUid/Gid to convert uid_t/gid_t values to python # objects, using int objects where the value will fit (long objects otherwise), @@ -259,47 +277,53 @@ Patch155: 00155-avoid-ctypes-thunks.patch # # Update standard library to use this throughout for uid/gid values, so that # very large uid/gid values are round-trippable, and -1 remains usable. -# (rhbz#697470) +# See https://bugzilla.redhat.com/show_bug.cgi?id=697470 Patch157: 00157-uid-gid-overflows.patch -# 00160 # +# 00160 # f69288aba24c43c506c3e90e2aa658e436e76e72 +# Disable test_fs_holes in RPM build +# # Python 3.3 added os.SEEK_DATA and os.SEEK_HOLE, which may be present in the # header files in the build chroot, but may not be supported in the running # kernel, hence we disable this test in an rpm build. # Adding these was upstream issue http://bugs.python.org/issue10142 -# Not yet sent upstream Patch160: 00160-disable-test_fs_holes-in-rpm-build.patch -# 00163 # +# 00163 # 88e26259f7da12e17adb936815aa421d84c69f09 +# Disable parts of test_socket in RPM build +# # Some tests within test_socket fail intermittently when run inside Koji; # disable them using unittest._skipInRpmBuild -# Not yet sent upstream Patch163: 00163-disable-parts-of-test_socket-in-rpm-build.patch -# 00170 # +# 00170 # b83c202ebc888d0ce38cc7017663c824a1df5237 +# In debug builds, try to print repr() when a C-level assert fails +# # In debug builds, try to print repr() when a C-level assert fails in the # garbage collector (typically indicating a reference-counting error # somewhere else e.g in an extension module) -# Backported to 2.7 from a patch I sent upstream for py3k -# http://bugs.python.org/issue9263 (rhbz#614680) -# hiding the proposed new macros/functions within gcmodule.c to avoid exposing +# The new macros/functions within gcmodule.c are hidden to avoid exposing # them within the extension API. -# (rhbz#850013 +# Sent upstream: http://bugs.python.org/issue9263 +# See https://bugzilla.redhat.com/show_bug.cgi?id=614680 Patch170: 00170-gc-assertions.patch -# 00178 # +# 00178 # a94ff354536408c95c354df86deb0a1633ac4c4d # Don't duplicate various FLAGS in sysconfig values +# # http://bugs.python.org/issue17679 # Does not affect python2 AFAICS (different sysconfig values initialization) Patch178: 00178-dont-duplicate-flags-in-sysconfig.patch -# 00180 # +# 00180 # 7199dba788cff67117e091f6ea84a8e7a98d39fe # Enable building on ppc64p7 +# # Not appropriate for upstream, Fedora-specific naming Patch180: 00180-python-add-support-for-ppc64p7.patch -# 00186 # +# 00186 # e84b8f1eb8d092ffde6382b983133f60c8cbc0b8 # Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023607 +# # Previously, this fixed a problem where some *.py files were not being # bytecompiled properly during build. This was result of py_compile.compile # raising exception when trying to convert test file with bad encoding, and @@ -307,7 +331,9 @@ Patch180: 00180-python-add-support-for-ppc64p7.patch # This was fixed upstream, but the test hasn't been merged yet, so we keep it Patch186: 00186-dont-raise-from-py_compile.patch -# 00188 # +# 00188 # d6d36f893f2d0413e259e73b3a6295b40488f009 +# Fix lib2to3 tests when hashlib doesn't compile properly +# # Downstream only patch that should be removed when we compile all guaranteed # hashlib algorithms properly. The problem is this: # - during tests, test_hashlib is imported and executed before test_lib2to3 @@ -322,9 +348,10 @@ Patch186: 00186-dont-raise-from-py_compile.patch # relying on this will fail (test_filename_changing_on_output_single_dir) Patch188: 00188-fix-lib2to3-tests-when-hashlib-doesnt-compile-properly.patch -# 00189 # -# Instead of bundled wheels, use our RPM packaged wheels from -# /usr/share/python-wheels +# 00189 # 15a0492e41d13b4513befef87bc943f19498c09b +# Instead of bundled wheels, use our RPM packaged wheels +# +# We keep them in /usr/share/python-wheels Patch189: 00189-use-rpm-wheels.patch # The following versions of setuptools/pip are bundled when this patch is not applied. # The versions are written in Lib/ensurepip/__init__.py, this patch removes them. @@ -333,24 +360,36 @@ Patch189: 00189-use-rpm-wheels.patch %global pip_version 9.0.1 %global setuptools_version 28.8.0 -# 00205 # +# 00205 # acb31cbf04decda6abbf87ab7682dfcba07433c8 +# Make LIBPL respect lib64 +# # LIBPL variable in makefile takes LIBPL from configure.ac # but the LIBPL variable defined there doesn't respect libdir macro Patch205: 00205-make-libpl-respect-lib64.patch -# 00206 # -# Remove hf flag from arm triplet which is used -# by debian but fedora infra uses only eabi without hf +# 00206 # 3bce204f575429fcbf36eb0f856d36ca8f075ed2 +# Remove hf flag from arm triplet +# +# The hf flag is used by Debian but Fedora infra uses only eabi without hf Patch206: 00206-remove-hf-from-arm-triplet.patch -# 00243 # +# 05001 # 4f58cc34aa454ae6c05f584ea46ceac8312fc4c2 +# Add correct arch for ppc64/ppc64le +# +# It should be ppc64le-linux-gnu/ppc64-linux-gnu instead powerpc64le-linux-gnu/powerpc64-linux-gnu +Patch5001: 05001-add-correct-arch-for-ppc64-ppc64le.patch + +# 00243 # 3f80631728a6bf350b4faa46ddc987b9b0e8db7c # Fix the triplet used on 64-bit MIPS -# rhbz#1322526: https://bugzilla.redhat.com/show_bug.cgi?id=1322526 +# +# See https://bugzilla.redhat.com/show_bug.cgi?id=1322526 # Upstream uses Debian-like style mips64-linux-gnuabi64 # Fedora needs the default mips64-linux-gnu Patch243: 00243-fix-mips64-triplet.patch -# 00264 # +# 00264 # 7abc0ebe38ad77b08cde6d3e4914e0e724154d89 +# Fix test failing on aarch64 +# # test_pass_by_value was added in Python 3.5.4 and on aarch64 # it is catching an error that was there, but wasn't tested before. # Since the Python 3.5 branch is on security bug fix mode only @@ -358,32 +397,43 @@ Patch243: 00243-fix-mips64-triplet.patch # Fixed upstream: http://bugs.python.org/issue29804 Patch264: 00264-fix-test-failing-on-aarch64.patch -# 00270 # -# Fix test_alpn_protocols from test_ssl as openssl > 1.1.0f -# changed the behaviour of the ALPN hook. +# 00270 # b71de510b1d74e9c8952ccc73712c54ef181325b +# Fix test_alpn_protocols from test_ssl +# +# openssl > 1.1.0f changed the behaviour of the ALPN hook. # Fixed upstream: http://bugs.python.org/issue30714 Patch270: 00270-fix-ssl-alpn-hook-test.patch -# 00273 # +# 00273 # 13dac13ccb8b184ec60d3ef6920ec24cba4bdb79 # Skip test_float_with_comma, which fails in Koji with UnicodeDecodeError +# # See https://bugzilla.redhat.com/show_bug.cgi?id=1484497 # Reported upstream: https://bugs.python.org/issue31900 Patch273: 00273-skip-float-test.patch -# 00290 # +# 00290 # 2f09d1fb6b997ff7e57244628b8d7cd8ac6a2c11 +# Include crypt.h for declaration of crypt +# # Not every target system may provide a crypt() function in its stdlibc # and may use an external or replacement library, like libxcrypt, for # providing such functions. # Fixed upstream: https://bugs.python.org/issue32635 Patch290: 00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch -# 00315 # +# 00315 # 3958b022be96dd973bf0f0ac81a6411b5553649f # Fix mktime() error in test_email +# +# Fix mktime() overflow error in test_email: run +# test_localtime_daylight_true_dst_true() and +# test_localtime_daylight_false_dst_true() with a specific timezone. +# # http://bugs.python.org/issue35317 # https://bugzilla.redhat.com/show_bug.cgi?id=1652843 Patch315: 00315-test_email-mktime.patch -# 00343 # +# 00343 # 058ff9673b969960dd94fe336cc2e93ff8a1c675 +# Fix test_faulthandler on GCC 10 +# # bpo-38965: Fix faulthandler._stack_overflow() on GCC 10 # Fixed upstream and backported from the 3.7 branch: # https://bugs.python.org/issue38965 @@ -394,8 +444,9 @@ Patch315: 00315-test_email-mktime.patch # https://github.com/python/cpython/commit/ac827edc493d3ac3f5b9b0cc353df1d4b418a9aa Patch343: 00343-faulthandler-gcc10.patch -# 00348 # -# bpo-34652: Always disable lchmod on Linux. +# 00348 # 4665197982c61e99325fbdf5c737550650ebdcb3 +# Always disable lchmod on Linux. +# # Backport of commit, upstream is doing only security fixes for python35 # https://bugs.python.org/issue34652 # https://github.com/python/cpython/commit/40caa05fa4d1810a1a6bfc34e0ec930c351089b7 @@ -411,11 +462,6 @@ Patch348: 00348-always-disable-lchmod.patch # https://fedoraproject.org/wiki/SIGs/Python/PythonPatches -# add correct arch for ppc64/ppc64le -# it should be ppc64le-linux-gnu/ppc64-linux-gnu instead powerpc64le-linux-gnu/powerpc64-linux-gnu -Patch5001: python3-powerppc-arch.patch - - # ====================================================== # Additional metadata, and subpackages # ====================================================== @@ -504,7 +550,7 @@ rm -r Modules/zlib || exit 1 %patch157 -p1 %patch160 -p1 %patch163 -p1 -%patch170 -p0 +%patch170 -p1 %patch178 -p1 %patch180 -p1 %patch186 -p1 diff --git a/temporarily-disable-tests-requiring-SIGHUP.patch b/temporarily-disable-tests-requiring-SIGHUP.patch deleted file mode 100644 index 30ceb94..0000000 --- a/temporarily-disable-tests-requiring-SIGHUP.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -up Python-3.4.0/Lib/test/test_asyncio/test_events.py.orig Python-3.4.0/Lib/test/test_asyncio/test_events.py ---- Python-3.4.0/Lib/test/test_asyncio/test_events.py.orig 2014-04-15 13:18:49.696215288 +0200 -+++ Python-3.4.0/Lib/test/test_asyncio/test_events.py 2014-04-15 13:18:56.104258453 +0200 -@@ -1528,7 +1528,7 @@ class SubprocessTestsMixin: - self.check_terminated(proto.returncode) - transp.close() - -- @unittest.skipIf(sys.platform == 'win32', "Don't have SIGHUP") -+ @unittest.skipIf(True, "Temporarily skipped (rhbz#1088233)") - def test_subprocess_send_signal(self): - prog = os.path.join(os.path.dirname(__file__), 'echo.py') - - -diff -up Python-3.4.0/Lib/test/test_asyncio/test_subprocess.py.orig Python-3.4.0/Lib/test/test_asyncio/test_subprocess.py ---- Python-3.4.0/Lib/test/test_asyncio/test_subprocess.py.orig 2014-04-17 12:03:32.777827520 +0200 -+++ Python-3.4.0/Lib/test/test_asyncio/test_subprocess.py 2014-04-17 12:04:37.614210481 +0200 -@@ -108,7 +108,7 @@ class SubprocessMixin: - else: - self.assertEqual(-signal.SIGTERM, returncode) - -- @unittest.skipIf(sys.platform == 'win32', "Don't have SIGHUP") -+ @unittest.skipIf(True, "Temporarily skipped (rhbz#1088233)") - def test_send_signal(self): - code = 'import time; print("sleeping", flush=True); time.sleep(3600)' - args = [sys.executable, '-c', code]