DIST Python-2.6.9.tgz 13285074 SHA256 7277b1285d8a82f374ef6ebaac85b003266f7939b3f2a24a3af52f9523ac94db SHA512 7ff28f41f7dc12e1504a781060520440bbf74b96c5df269ca5218f5910eae63898b94fdd398f549217912689814bc5275bb3b5ec4cc892f20bb468fc1b041c0c WHIRLPOOL 909f612286314ea004eef328a58d7b0aecffc1a524f6b283333ef0f299413055c1f7ec4e2d21a44d1beeaa8e11aabd68510cf9c5840cb5394176cbc8f2e5c147
DIST Python-2.7.10.tar.xz 12250696 SHA256 1cd3730781b91caf0fa1c4d472dc29274186480161a150294c42ce9b5c5effc0 SHA512 67615a6defbcda062f15a09f9dd3b9441afd01a8cc3255e5bc45b925378a0ddc38d468b7701176f6cc153ec52a4f21671b433780d9bde343aa9b9c1b2ae29feb WHIRLPOOL 3a9dcfc55b107dc55ad0ae93fb24a11eab7d4d9b4cfbe6b6830a090b6e5f71bb2ac91526b89c6f3e4f2610fa1a2cc4e82b58a83c599aa71f94894c74181b504b
DIST Python-2.7.9.tar.xz 12164712 SHA256 90d27e14ea7e03570026850e2e50ba71ad20b7eb31035aada1cf3def8f8d4916 SHA512 6939182463272a6bb9da0e327bfb9efc574a87820f2ae39eaf02d9fae053dbe0004330e916e6828becfef94cbe294acb0a88a600f8930b99b94fcfc4efc44ff4 WHIRLPOOL 993313811eddef1820e6f3ee0e02848c73bdfce65b85ab0e360603e726c31e1cc9dc6c128e3fe086cafc94164d2d628ff5d859e13b90648da6352c35ddeedcd4
-DIST Python-3.2.5.tar.xz 9221624 SHA256 8ccb9645b9779fc4550055b2ebb21a724ab7a63dee45643286eb4f79b2f84116 SHA512 6e71d01695c7b1e74d9781e4ac40a8d1560cae659d5351d392fc685b84316568d93740a99d2ed878dd87d4ce1708d0474cb01c6bad7b3dab610c639f3255b09d WHIRLPOOL d5e5fae5e1d4110861e1e1dac00c9812abbbc37205e8ce3cd268535ab9f66e24038ab4778af8bb834fd472eaa0281730f1f2fabdf6dffc4f6b54ef32c1d75953
DIST Python-3.3.5.tar.xz 12116308 SHA256 abe99b484434503d8b23be0f243ec27139e743a4798cd71c1dce3cf40e63b6e5 SHA512 562ebd85291f29ff18d37f05682763fc45aa9d070688006f4ef5c89392a48022357c3ca9ee1d795e9e863bdef413e6bab77b8d65581d374a76dbe7cacec65550 WHIRLPOOL f4b6010d32b28b7bb038cbb7c5f98d325cc4253fd1be9a0a1089ed6fd7dd414c5169931d21ef819137d5c1084517a650828f260cf2a1d8ce871bc67aeef3fff8
DIST Python-3.4.0.tar.xz 14084912 SHA256 f13686c0a2d45e7146759e9d5d1cbd8097a0606483c0cf7730e1e13f58b14cbe SHA512 4fd4d3352e3b64ef8017ba083a2d894b99e89882581bcf30cdb218578f0f384aa6efc89211ffe44f5bb3d783c79763e26823242d27382fd05900099dd966ca31 WHIRLPOOL 82a1bb14a7683e2bce32221792923f334b61fabc75b0b293b0ecc0d810c8a4bebf05b75a061d85dd6612a8ca699c9b4f358e2aef5d14706aad1c18f42c9b8d55
DIST Python-3.4.1.tar.xz 14125788 SHA256 c595a163104399041fcbe1c5c04db4c1da94f917b82ce89e8944c8edff7aedc4 SHA512 09b6390c07334974f189fb1c90bc2310898aef76661b1cecaa2b4d50001fa3df0fa0c63d3471a5a0dc7f9e08dd559d38d3bc45a6c05a816d8b2ed6b2a20e5fa9 WHIRLPOOL c8f879bb5d42a759b0804aa58d90330d9be6f4c29652ec40f07ca7da31510eadbd6b4eceb2b213af9a1af031c8321fc25faccae77763a31814eb0569831b8bfd
DIST python-gentoo-patches-2.7.10-0.tar.xz 12892 SHA256 c9a838bd62ae50cc385da23a837acfd05f2b74e4f086c9c76eb4d3aa5366ef6d SHA512 5f100944635e360691dc0a2b340a906646c4ae9ee558246ddffc56e8b15d389f25f1fbdc1db4cc08e7d29560d04d66b058b3904902899d58ecae8c408ebdf056 WHIRLPOOL f69e9a518bb7ee50c1b262a21e70e1e2443f859ee6d2f4fa84421120dbd054a06ce8dd6cfea8512cbc64bce806322b879c25c561d5eb05e1ba6cc15035b373a9
DIST python-gentoo-patches-2.7.9-0.tar.xz 14020 SHA256 d1ae164ab14e265ff63d6a724e0c2b5519bdb790fe8b7796c2124a30cecc8ef8 SHA512 83aa867ce562ff3acf970a4b3ecf7132f34aca1ecf286b90575a20e6e044600b98ff1d7f1a7ee613d4429a6a71cfe8beaff144b64b6beb456ea8691ca00937b0 WHIRLPOOL 5b4f7bd2dcec3a45e12fe5baf1c196faf2b754376a6bccb555dd12a1af28a202d51a0d956e4450ff2f334df13b296ee27b36aa967cb179925c386cd58389050b
DIST python-gentoo-patches-2.7.9-1.tar.xz 12872 SHA256 9d912c55db56b5bfe054a6164614969fc9605f48f2ffec8770941f798a16470a SHA512 cbbae0faa246516361cd39e55d841660471931bb26cae8396a7d3929c9f4b4a3d8d5a76f7fa295deeb6335c26ed95aab18399e34c2603a582743b6e760f2b280 WHIRLPOOL 422ace8a204481458acd9cfd3b3b85e4b02fb2fe656c8ef8473a76444d5a1b54cd9d690e0009904f8c251697f60105769ce6a97c26224548476c0ece6595e484
-DIST python-gentoo-patches-3.2.5-1.tar.xz 14628 SHA256 0acc5531421781ab7f30e6fc8a502f202b79aa285b4f411eb16ea0a9e6d958c1 SHA512 1abbd53e92466d258802717309e1839ae931b8a4b0a5a27d4d0da748e71cf96ac47c6837bdbae5dd6921a46cee339c178f86ff3108afe95e6a0a42c4f4300791 WHIRLPOOL de003cccb8b311413889713d66b7987f28a1f906cc9642621d1fd2a379ceae4f0f901c137503d808dc3da7295ac611de09781bf8661cdbcd14c1d7c94ba489c2
DIST python-gentoo-patches-3.3.5-0.tar.xz 12892 SHA256 a7240de9598033cb40f8f273d8104d4e2b1dcaea028d45ac28efaa3c680ff6f7 SHA512 27eef4c2b3f631b000db3f6a5c426d9b498d63a08fe82b1ab7c2c010fb72208109461a5f008d47703852526655b70a734ea95be8742897026db5750bb9cc9d16 WHIRLPOOL edab9222d7da94cab3b1de0e1a27c6c7dbd49194b813a0a1cf9e532063029c4e4f19151c9f4878eeabed3168ff1f97eae7f008280c7ed2897fc14c5516c68d7e
DIST python-gentoo-patches-3.4.0-0.tar.xz 12900 SHA256 5e5ca54eaf446c7dde4155e5d792df5229c7790b32abb5aca38cbc4fc30f9c45 SHA512 be9851f9062f6aebbd2f23d91a4038dad1a8757049745ccbb1cc618ff6bc3dfab0326d520d27678541f4421e5db41d64f632fe6fb3e80f2cf4e73dadd3d5620b WHIRLPOOL df998b5588c928ca506f9f4434093a1f60637206f03f5e067444531dae02168f88b22c8de7d58e745bdb9d85e17abd667ed51f7f5651779c2c94da98f0925679
DIST python-gentoo-patches-3.4.1-0.tar.xz 11164 SHA256 7d88e40ed02bef2d26802516fc0138a28cca58e298204e6b1a32054f9224fcb6 SHA512 5ecdf6a1ccb8d12b5b7436e1b7f641a41afcd7fde573e9249e3dc0d438bacb1eb6a5255e149388194dbfd2951fee4f8c800199362dfd072ff96776bbbcad0bbe WHIRLPOOL 707f943f9af7c3fc6deed7cfca5a4198f65a34434893840ba8e4f4c2a3d055e8f927069cb8855b5fe20dff643b7e2d41f35f65e1f3f300e350c0f291b4df6bc2
+++ /dev/null
-diff -r 9ddc63c039ba Lib/test/nullbytecert.pem
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/Lib/test/nullbytecert.pem Sun Aug 11 18:13:17 2013 +0200
-@@ -0,0 +1,90 @@
-+Certificate:
-+ Data:
-+ Version: 3 (0x2)
-+ Serial Number: 0 (0x0)
-+ Signature Algorithm: sha1WithRSAEncryption
-+ Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
-+ Validity
-+ Not Before: Aug 7 13:11:52 2013 GMT
-+ Not After : Aug 7 13:12:52 2013 GMT
-+ Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
-+ Subject Public Key Info:
-+ Public Key Algorithm: rsaEncryption
-+ Public-Key: (2048 bit)
-+ Modulus:
-+ 00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
-+ 03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
-+ 16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
-+ 88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
-+ 32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
-+ 56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
-+ a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
-+ 45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
-+ ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
-+ 90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
-+ 7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
-+ 68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
-+ f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
-+ f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
-+ ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
-+ d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
-+ 9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
-+ 2f:85
-+ Exponent: 65537 (0x10001)
-+ X509v3 extensions:
-+ X509v3 Basic Constraints: critical
-+ CA:FALSE
-+ X509v3 Subject Key Identifier:
-+ 88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
-+ X509v3 Key Usage:
-+ Digital Signature, Non Repudiation, Key Encipherment
-+ X509v3 Subject Alternative Name:
-+ *************************************************************
-+ WARNING: The values for DNS, email and URI are WRONG. OpenSSL
-+ doesn't print the text after a NULL byte.
-+ *************************************************************
-+ DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
-+ Signature Algorithm: sha1WithRSAEncryption
-+ ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
-+ a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
-+ 3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
-+ 86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
-+ 56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
-+ de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
-+ 3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
-+ 60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
-+ d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
-+ 25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
-+ 1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
-+ 4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
-+ 0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
-+ 5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
-+ c1:ca:a9:94
-+-----BEGIN CERTIFICATE-----
-+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
-+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
-+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
-+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
-+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
-+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
-+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
-+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
-+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
-+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
-+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
-+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
-+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
-+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
-+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
-+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
-+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
-+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
-+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
-+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
-+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
-+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
-+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
-+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
-+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
-+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
-+-----END CERTIFICATE-----
-diff -r 9ddc63c039ba Lib/test/test_ssl.py
---- a/Lib/test/test_ssl.py Sun Aug 11 13:04:50 2013 +0300
-+++ b/Lib/test/test_ssl.py Sun Aug 11 18:13:17 2013 +0200
-@@ -25,6 +25,7 @@
- HOST = test_support.HOST
- CERTFILE = None
- SVN_PYTHON_ORG_ROOT_CERT = None
-+NULLBYTECERT = None
-
- def handle_error(prefix):
- exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
-@@ -123,6 +124,27 @@
- ('DNS', 'projects.forum.nokia.com'))
- )
-
-+ def test_parse_cert_CVE_2013_4073(self):
-+ p = ssl._ssl._test_decode_cert(NULLBYTECERT)
-+ if test_support.verbose:
-+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
-+ subject = ((('countryName', 'US'),),
-+ (('stateOrProvinceName', 'Oregon'),),
-+ (('localityName', 'Beaverton'),),
-+ (('organizationName', 'Python Software Foundation'),),
-+ (('organizationalUnitName', 'Python Core Development'),),
-+ (('commonName', 'null.python.org\x00example.org'),),
-+ (('emailAddress', 'python-dev@python.org'),))
-+ self.assertEqual(p['subject'], subject)
-+ self.assertEqual(p['issuer'], subject)
-+ self.assertEqual(p['subjectAltName'],
-+ (('DNS', 'altnull.python.org\x00example.com'),
-+ ('email', 'null@python.org\x00user@example.org'),
-+ ('URI', 'http://null.python.org\x00http://example.org'),
-+ ('IP Address', '192.0.2.1'),
-+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
-+ )
-+
- def test_DER_to_PEM(self):
- with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
- pem = f.read()
-@@ -1360,7 +1382,7 @@
-
-
- def test_main(verbose=False):
-- global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT
-+ global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT, NULLBYTECERT
- CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
- "keycert.pem")
- SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
-@@ -1368,10 +1390,13 @@
- "https_svn_python_org_root.pem")
- NOKIACERT = os.path.join(os.path.dirname(__file__) or os.curdir,
- "nokia.pem")
-+ NULLBYTECERT = os.path.join(os.path.dirname(__file__) or os.curdir,
-+ "nullbytecert.pem")
-
- if (not os.path.exists(CERTFILE) or
- not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or
-- not os.path.exists(NOKIACERT)):
-+ not os.path.exists(NOKIACERT) or
-+ not os.path.exists(NULLBYTECERT)):
- raise test_support.TestFailed("Can't read certificate files!")
-
- tests = [BasicTests, BasicSocketTests]
-diff -r 9ddc63c039ba Modules/_ssl.c
---- a/Modules/_ssl.c Sun Aug 11 13:04:50 2013 +0300
-+++ b/Modules/_ssl.c Sun Aug 11 18:13:17 2013 +0200
-@@ -741,8 +741,13 @@
-
- /* get a rendering of each name in the set of names */
-
-+ int gntype;
-+ ASN1_STRING *as = NULL;
-+
- name = sk_GENERAL_NAME_value(names, j);
-- if (name->type == GEN_DIRNAME) {
-+ gntype = name-> type;
-+ switch (gntype) {
-+ case GEN_DIRNAME:
-
- /* we special-case DirName as a tuple of tuples of attributes */
-
-@@ -764,11 +769,61 @@
- goto fail;
- }
- PyTuple_SET_ITEM(t, 1, v);
-+ break;
-
-- } else {
-+ case GEN_EMAIL:
-+ case GEN_DNS:
-+ case GEN_URI:
-+ /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string
-+ correctly. */
-+ t = PyTuple_New(2);
-+ if (t == NULL)
-+ goto fail;
-+ switch (gntype) {
-+ case GEN_EMAIL:
-+ v = PyUnicode_FromString("email");
-+ as = name->d.rfc822Name;
-+ break;
-+ case GEN_DNS:
-+ v = PyUnicode_FromString("DNS");
-+ as = name->d.dNSName;
-+ break;
-+ case GEN_URI:
-+ v = PyUnicode_FromString("URI");
-+ as = name->d.uniformResourceIdentifier;
-+ break;
-+ }
-+ if (v == NULL) {
-+ Py_DECREF(t);
-+ goto fail;
-+ }
-+ PyTuple_SET_ITEM(t, 0, v);
-+ v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as),
-+ ASN1_STRING_length(as));
-+ if (v == NULL) {
-+ Py_DECREF(t);
-+ goto fail;
-+ }
-+ PyTuple_SET_ITEM(t, 1, v);
-+ break;
-
-+ default:
- /* for everything else, we use the OpenSSL print form */
--
-+ switch (gntype) {
-+ /* check for new general name type */
-+ case GEN_OTHERNAME:
-+ case GEN_X400:
-+ case GEN_EDIPARTY:
-+ case GEN_IPADD:
-+ case GEN_RID:
-+ break;
-+ default:
-+ if (PyErr_Warn(PyExc_RuntimeWarning,
-+ "Unknown general name type") == -1) {
-+ goto fail;
-+ }
-+ break;
-+ }
- (void) BIO_reset(biobuf);
- GENERAL_NAME_print(biobuf, name);
- len = BIO_gets(biobuf, buf, sizeof(buf)-1);
-@@ -794,6 +849,7 @@
- goto fail;
- }
- PyTuple_SET_ITEM(t, 1, v);
-+ break;
- }
-
- /* and add that rendering to the list */
+++ /dev/null
-diff -r e0f86c3b3685 Lib/test/nullbytecert.pem
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/Lib/test/nullbytecert.pem Sun Aug 11 18:17:23 2013 +0200
-@@ -0,0 +1,90 @@
-+Certificate:
-+ Data:
-+ Version: 3 (0x2)
-+ Serial Number: 0 (0x0)
-+ Signature Algorithm: sha1WithRSAEncryption
-+ Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
-+ Validity
-+ Not Before: Aug 7 13:11:52 2013 GMT
-+ Not After : Aug 7 13:12:52 2013 GMT
-+ Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
-+ Subject Public Key Info:
-+ Public Key Algorithm: rsaEncryption
-+ Public-Key: (2048 bit)
-+ Modulus:
-+ 00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
-+ 03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
-+ 16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
-+ 88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
-+ 32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
-+ 56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
-+ a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
-+ 45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
-+ ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
-+ 90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
-+ 7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
-+ 68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
-+ f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
-+ f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
-+ ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
-+ d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
-+ 9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
-+ 2f:85
-+ Exponent: 65537 (0x10001)
-+ X509v3 extensions:
-+ X509v3 Basic Constraints: critical
-+ CA:FALSE
-+ X509v3 Subject Key Identifier:
-+ 88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
-+ X509v3 Key Usage:
-+ Digital Signature, Non Repudiation, Key Encipherment
-+ X509v3 Subject Alternative Name:
-+ *************************************************************
-+ WARNING: The values for DNS, email and URI are WRONG. OpenSSL
-+ doesn't print the text after a NULL byte.
-+ *************************************************************
-+ DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
-+ Signature Algorithm: sha1WithRSAEncryption
-+ ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
-+ a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
-+ 3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
-+ 86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
-+ 56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
-+ de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
-+ 3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
-+ 60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
-+ d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
-+ 25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
-+ 1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
-+ 4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
-+ 0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
-+ 5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
-+ c1:ca:a9:94
-+-----BEGIN CERTIFICATE-----
-+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
-+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
-+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
-+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
-+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
-+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
-+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
-+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
-+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
-+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
-+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
-+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
-+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
-+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
-+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
-+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
-+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
-+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
-+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
-+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
-+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
-+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
-+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
-+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
-+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
-+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
-+-----END CERTIFICATE-----
-diff -r e0f86c3b3685 Lib/test/test_ssl.py
---- a/Lib/test/test_ssl.py Sun Aug 11 13:04:50 2013 +0300
-+++ b/Lib/test/test_ssl.py Sun Aug 11 18:17:23 2013 +0200
-@@ -55,6 +55,7 @@
- WRONGCERT = data_file("XXXnonexisting.pem")
- BADKEY = data_file("badkey.pem")
- NOKIACERT = data_file("nokia.pem")
-+NULLBYTECERT = data_file("nullbytecert.pem")
-
- DHFILE = data_file("dh512.pem")
- BYTES_DHFILE = os.fsencode(DHFILE)
-@@ -162,6 +163,27 @@
- ('DNS', 'projects.forum.nokia.com'))
- )
-
-+ def test_parse_cert_CVE_2013_4073(self):
-+ p = ssl._ssl._test_decode_cert(NULLBYTECERT)
-+ if support.verbose:
-+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
-+ subject = ((('countryName', 'US'),),
-+ (('stateOrProvinceName', 'Oregon'),),
-+ (('localityName', 'Beaverton'),),
-+ (('organizationName', 'Python Software Foundation'),),
-+ (('organizationalUnitName', 'Python Core Development'),),
-+ (('commonName', 'null.python.org\x00example.org'),),
-+ (('emailAddress', 'python-dev@python.org'),))
-+ self.assertEqual(p['subject'], subject)
-+ self.assertEqual(p['issuer'], subject)
-+ self.assertEqual(p['subjectAltName'],
-+ (('DNS', 'altnull.python.org\x00example.com'),
-+ ('email', 'null@python.org\x00user@example.org'),
-+ ('URI', 'http://null.python.org\x00http://example.org'),
-+ ('IP Address', '192.0.2.1'),
-+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
-+ )
-+
- def test_DER_to_PEM(self):
- with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
- pem = f.read()
-@@ -294,6 +316,13 @@
- fail(cert, 'foo.a.com')
- fail(cert, 'bar.foo.com')
-
-+ # NULL bytes are bad, CVE-2013-4073
-+ cert = {'subject': ((('commonName',
-+ 'null.python.org\x00example.org'),),)}
-+ ok(cert, 'null.python.org\x00example.org') # or raise an error?
-+ fail(cert, 'example.org')
-+ fail(cert, 'null.python.org')
-+
- # Slightly fake real-world example
- cert = {'notAfter': 'Jun 26 21:41:46 2011 GMT',
- 'subject': ((('commonName', 'linuxfrz.org'),),),
-diff -r e0f86c3b3685 Modules/_ssl.c
---- a/Modules/_ssl.c Sun Aug 11 13:04:50 2013 +0300
-+++ b/Modules/_ssl.c Sun Aug 11 18:17:23 2013 +0200
-@@ -771,12 +771,14 @@
- ext->value->length));
-
- for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
--
- /* get a rendering of each name in the set of names */
-+ int gntype;
-+ ASN1_STRING *as = NULL;
-
- name = sk_GENERAL_NAME_value(names, j);
-- if (name->type == GEN_DIRNAME) {
--
-+ gntype = name-> type;
-+ switch (gntype) {
-+ case GEN_DIRNAME:
- /* we special-case DirName as a tuple of
- tuples of attributes */
-
-@@ -798,11 +800,62 @@
- goto fail;
- }
- PyTuple_SET_ITEM(t, 1, v);
-+ break;
-
-- } else {
-+ case GEN_EMAIL:
-+ case GEN_DNS:
-+ case GEN_URI:
-+ /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string
-+ correctly. */
-+ t = PyTuple_New(2);
-+ if (t == NULL)
-+ goto fail;
-+ switch (gntype) {
-+ case GEN_EMAIL:
-+ v = PyUnicode_FromString("email");
-+ as = name->d.rfc822Name;
-+ break;
-+ case GEN_DNS:
-+ v = PyUnicode_FromString("DNS");
-+ as = name->d.dNSName;
-+ break;
-+ case GEN_URI:
-+ v = PyUnicode_FromString("URI");
-+ as = name->d.uniformResourceIdentifier;
-+ break;
-+ }
-+ if (v == NULL) {
-+ Py_DECREF(t);
-+ goto fail;
-+ }
-+ PyTuple_SET_ITEM(t, 0, v);
-+ v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as),
-+ ASN1_STRING_length(as));
-+ if (v == NULL) {
-+ Py_DECREF(t);
-+ goto fail;
-+ }
-+ PyTuple_SET_ITEM(t, 1, v);
-+ break;
-
-+ default:
- /* for everything else, we use the OpenSSL print form */
--
-+ switch (gntype) {
-+ /* check for new general name type */
-+ case GEN_OTHERNAME:
-+ case GEN_X400:
-+ case GEN_EDIPARTY:
-+ case GEN_IPADD:
-+ case GEN_RID:
-+ break;
-+ default:
-+ if (PyErr_WarnFormat(PyExc_RuntimeWarning, 1,
-+ "Unknown general name type %d",
-+ gntype) == -1) {
-+ goto fail;
-+ }
-+ break;
-+ }
- (void) BIO_reset(biobuf);
- GENERAL_NAME_print(biobuf, name);
- len = BIO_gets(biobuf, buf, sizeof(buf)-1);
-@@ -829,6 +882,7 @@
- goto fail;
- }
- PyTuple_SET_ITEM(t, 1, v);
-+ break;
- }
-
- /* and add that rendering to the list */
+++ /dev/null
-# HG changeset patch
-# User Antoine Pitrou <solipsis@pitrou.net>
-# Date 1375388712 -7200
-# Node ID 0f17aed78168e63ec058c219d03cea7240f83dd6
-# Parent bb546f6d8ab4f513804d7a420657963881e5b447
-Fix tkinter regression introduced by the security fix in #16248.
-
-diff --git a/Lib/lib-tk/Tkinter.py b/Lib/lib-tk/Tkinter.py
---- a/Lib/lib-tk/Tkinter.py
-+++ b/Lib/lib-tk/Tkinter.py
-@@ -1736,7 +1736,7 @@ class Tk(Misc, Wm):
- # ensure that self.tk is always _something_.
- self.tk = None
- if baseName is None:
-- import sys, os
-+ import os
- baseName = os.path.basename(sys.argv[0])
- baseName, ext = os.path.splitext(baseName)
- if ext not in ('.py', '.pyc', '.pyo'):
+++ /dev/null
-# HG changeset patch
-# User Antoine Pitrou <solipsis@pitrou.net>
-# Date 1377898693 -7200
-# Node ID 43749cb6bdbd0fdab70f76cd171c3c02a3f600dd
-# Parent ba54011aa295004ad87438211fe3bb1568dd69ab
-Issue #18851: Avoid a double close of subprocess pipes when the child process fails starting.
-
-diff --git a/Lib/subprocess.py b/Lib/subprocess.py
---- a/Lib/subprocess.py
-+++ b/Lib/subprocess.py
-@@ -698,12 +698,12 @@ class Popen(object):
-
- (p2cread, p2cwrite,
- c2pread, c2pwrite,
-- errread, errwrite) = self._get_handles(stdin, stdout, stderr)
-+ errread, errwrite), to_close = self._get_handles(stdin, stdout, stderr)
-
- try:
- self._execute_child(args, executable, preexec_fn, close_fds,
- cwd, env, universal_newlines,
-- startupinfo, creationflags, shell,
-+ startupinfo, creationflags, shell, to_close,
- p2cread, p2cwrite,
- c2pread, c2pwrite,
- errread, errwrite)
-@@ -711,18 +711,12 @@ class Popen(object):
- # Preserve original exception in case os.close raises.
- exc_type, exc_value, exc_trace = sys.exc_info()
-
-- to_close = []
-- # Only close the pipes we created.
-- if stdin == PIPE:
-- to_close.extend((p2cread, p2cwrite))
-- if stdout == PIPE:
-- to_close.extend((c2pread, c2pwrite))
-- if stderr == PIPE:
-- to_close.extend((errread, errwrite))
--
- for fd in to_close:
- try:
-- os.close(fd)
-+ if mswindows:
-+ fd.Close()
-+ else:
-+ os.close(fd)
- except EnvironmentError:
- pass
-
-@@ -816,8 +810,9 @@ class Popen(object):
- """Construct and return tuple with IO objects:
- p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite
- """
-+ to_close = set()
- if stdin is None and stdout is None and stderr is None:
-- return (None, None, None, None, None, None)
-+ return (None, None, None, None, None, None), to_close
-
- p2cread, p2cwrite = None, None
- c2pread, c2pwrite = None, None
-@@ -835,6 +830,10 @@ class Popen(object):
- # Assuming file-like object
- p2cread = msvcrt.get_osfhandle(stdin.fileno())
- p2cread = self._make_inheritable(p2cread)
-+ # We just duplicated the handle, it has to be closed at the end
-+ to_close.add(p2cread)
-+ if stdin == PIPE:
-+ to_close.add(p2cwrite)
-
- if stdout is None:
- c2pwrite = _subprocess.GetStdHandle(_subprocess.STD_OUTPUT_HANDLE)
-@@ -848,6 +847,10 @@ class Popen(object):
- # Assuming file-like object
- c2pwrite = msvcrt.get_osfhandle(stdout.fileno())
- c2pwrite = self._make_inheritable(c2pwrite)
-+ # We just duplicated the handle, it has to be closed at the end
-+ to_close.add(c2pwrite)
-+ if stdout == PIPE:
-+ to_close.add(c2pread)
-
- if stderr is None:
- errwrite = _subprocess.GetStdHandle(_subprocess.STD_ERROR_HANDLE)
-@@ -863,10 +866,14 @@ class Popen(object):
- # Assuming file-like object
- errwrite = msvcrt.get_osfhandle(stderr.fileno())
- errwrite = self._make_inheritable(errwrite)
-+ # We just duplicated the handle, it has to be closed at the end
-+ to_close.add(errwrite)
-+ if stderr == PIPE:
-+ to_close.add(errread)
-
- return (p2cread, p2cwrite,
- c2pread, c2pwrite,
-- errread, errwrite)
-+ errread, errwrite), to_close
-
-
- def _make_inheritable(self, handle):
-@@ -895,7 +902,7 @@ class Popen(object):
-
- def _execute_child(self, args, executable, preexec_fn, close_fds,
- cwd, env, universal_newlines,
-- startupinfo, creationflags, shell,
-+ startupinfo, creationflags, shell, to_close,
- p2cread, p2cwrite,
- c2pread, c2pwrite,
- errread, errwrite):
-@@ -934,6 +941,10 @@ class Popen(object):
- # kill children.
- creationflags |= _subprocess.CREATE_NEW_CONSOLE
-
-+ def _close_in_parent(fd):
-+ fd.Close()
-+ to_close.remove(fd)
-+
- # Start the process
- try:
- hp, ht, pid, tid = _subprocess.CreateProcess(executable, args,
-@@ -958,11 +969,11 @@ class Popen(object):
- # pipe will not close when the child process exits and the
- # ReadFile will hang.
- if p2cread is not None:
-- p2cread.Close()
-+ _close_in_parent(p2cread)
- if c2pwrite is not None:
-- c2pwrite.Close()
-+ _close_in_parent(c2pwrite)
- if errwrite is not None:
-- errwrite.Close()
-+ _close_in_parent(errwrite)
-
- # Retain the process handle, but close the thread handle
- self._child_created = True
-@@ -1088,6 +1099,7 @@ class Popen(object):
- """Construct and return tuple with IO objects:
- p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite
- """
-+ to_close = set()
- p2cread, p2cwrite = None, None
- c2pread, c2pwrite = None, None
- errread, errwrite = None, None
-@@ -1096,6 +1108,7 @@ class Popen(object):
- pass
- elif stdin == PIPE:
- p2cread, p2cwrite = self.pipe_cloexec()
-+ to_close.update((p2cread, p2cwrite))
- elif isinstance(stdin, int):
- p2cread = stdin
- else:
-@@ -1106,6 +1119,7 @@ class Popen(object):
- pass
- elif stdout == PIPE:
- c2pread, c2pwrite = self.pipe_cloexec()
-+ to_close.update((c2pread, c2pwrite))
- elif isinstance(stdout, int):
- c2pwrite = stdout
- else:
-@@ -1116,6 +1130,7 @@ class Popen(object):
- pass
- elif stderr == PIPE:
- errread, errwrite = self.pipe_cloexec()
-+ to_close.update((errread, errwrite))
- elif stderr == STDOUT:
- errwrite = c2pwrite
- elif isinstance(stderr, int):
-@@ -1126,7 +1141,7 @@ class Popen(object):
-
- return (p2cread, p2cwrite,
- c2pread, c2pwrite,
-- errread, errwrite)
-+ errread, errwrite), to_close
-
-
- def _set_cloexec_flag(self, fd, cloexec=True):
-@@ -1170,7 +1185,7 @@ class Popen(object):
-
- def _execute_child(self, args, executable, preexec_fn, close_fds,
- cwd, env, universal_newlines,
-- startupinfo, creationflags, shell,
-+ startupinfo, creationflags, shell, to_close,
- p2cread, p2cwrite,
- c2pread, c2pwrite,
- errread, errwrite):
-@@ -1189,6 +1204,10 @@ class Popen(object):
- if executable is None:
- executable = args[0]
-
-+ def _close_in_parent(fd):
-+ os.close(fd)
-+ to_close.remove(fd)
-+
- # For transferring possible exec failure from child to parent
- # The first char specifies the exception type: 0 means
- # OSError, 1 means some other error.
-@@ -1283,17 +1302,17 @@ class Popen(object):
- # be sure the FD is closed no matter what
- os.close(errpipe_write)
-
-- if p2cread is not None and p2cwrite is not None:
-- os.close(p2cread)
-- if c2pwrite is not None and c2pread is not None:
-- os.close(c2pwrite)
-- if errwrite is not None and errread is not None:
-- os.close(errwrite)
--
- # Wait for exec to fail or succeed; possibly raising exception
- # Exception limited to 1M
- data = _eintr_retry_call(os.read, errpipe_read, 1048576)
- finally:
-+ if p2cread is not None and p2cwrite is not None:
-+ _close_in_parent(p2cread)
-+ if c2pwrite is not None and c2pread is not None:
-+ _close_in_parent(c2pwrite)
-+ if errwrite is not None and errread is not None:
-+ _close_in_parent(errwrite)
-+
- # be sure the FD is closed no matter what
- os.close(errpipe_read)
-
-diff --git a/Lib/test/test_subprocess.py b/Lib/test/test_subprocess.py
---- a/Lib/test/test_subprocess.py
-+++ b/Lib/test/test_subprocess.py
-@@ -14,6 +14,10 @@ try:
- import resource
- except ImportError:
- resource = None
-+try:
-+ import threading
-+except ImportError:
-+ threading = None
-
- mswindows = (sys.platform == "win32")
-
-@@ -629,6 +633,36 @@ class ProcessTestCase(BaseTestCase):
- if c.exception.errno not in (errno.ENOENT, errno.EACCES):
- raise c.exception
-
-+ @unittest.skipIf(threading is None, "threading required")
-+ def test_double_close_on_error(self):
-+ # Issue #18851
-+ fds = []
-+ def open_fds():
-+ for i in range(20):
-+ fds.extend(os.pipe())
-+ time.sleep(0.001)
-+ t = threading.Thread(target=open_fds)
-+ t.start()
-+ try:
-+ with self.assertRaises(EnvironmentError):
-+ subprocess.Popen(['nonexisting_i_hope'],
-+ stdin=subprocess.PIPE,
-+ stdout=subprocess.PIPE,
-+ stderr=subprocess.PIPE)
-+ finally:
-+ t.join()
-+ exc = None
-+ for fd in fds:
-+ # If a double close occurred, some of those fds will
-+ # already have been closed by mistake, and os.close()
-+ # here will raise.
-+ try:
-+ os.close(fd)
-+ except OSError as e:
-+ exc = e
-+ if exc is not None:
-+ raise exc
-+
- def test_handles_closed_on_exception(self):
- # If CreateProcess exits with an error, ensure the
- # duplicate output handles are released
-@@ -783,7 +817,7 @@ class POSIXProcessTestCase(BaseTestCase)
-
- def _execute_child(
- self, args, executable, preexec_fn, close_fds, cwd, env,
-- universal_newlines, startupinfo, creationflags, shell,
-+ universal_newlines, startupinfo, creationflags, shell, to_close,
- p2cread, p2cwrite,
- c2pread, c2pwrite,
- errread, errwrite):
-@@ -791,7 +825,7 @@ class POSIXProcessTestCase(BaseTestCase)
- subprocess.Popen._execute_child(
- self, args, executable, preexec_fn, close_fds,
- cwd, env, universal_newlines,
-- startupinfo, creationflags, shell,
-+ startupinfo, creationflags, shell, to_close,
- p2cread, p2cwrite,
- c2pread, c2pwrite,
- errread, errwrite)
+++ /dev/null
-Fix for semaphores in pid namespaces
-
-http://bugs.python.org/issue24303
-
---- a/Modules/_multiprocessing/semaphore.c
-+++ b/Modules/_multiprocessing/semaphore.c
-@@ -7,6 +7,7 @@
- */
-
- #include "multiprocessing.h"
-+#include <time.h>
-
- enum { RECURSIVE_MUTEX, SEMAPHORE };
-
-@@ -419,7 +420,7 @@ semlock_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
- {
- char buffer[256];
- SEM_HANDLE handle = SEM_FAILED;
-- int kind, maxvalue, value;
-+ int kind, maxvalue, value, try;
- PyObject *result;
- static char *kwlist[] = {"kind", "value", "maxvalue", NULL};
- static int counter = 0;
-@@ -433,10 +434,24 @@ semlock_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
- return NULL;
- }
-
-- PyOS_snprintf(buffer, sizeof(buffer), "/mp%ld-%d", (long)getpid(), counter++);
-+ /* With pid namespaces, we may have multiple processes with the same pid.
-+ * Instead of relying on the pid to be unique, we use the microseconds time
-+ * to attempt to a unique filename. */
-+ for (try = 0; try < 100; ++try) {
-+ struct timespec tv;
-+ long arbitrary = clock_gettime(CLOCK_REALTIME, &tv) ? 0 : tv.tv_nsec;
-+ PyOS_snprintf(buffer, sizeof(buffer), "/mp%ld-%d-%ld",
-+ (long)getpid(),
-+ counter++,
-+ arbitrary);
-+ SEM_CLEAR_ERROR();
-+ handle = SEM_CREATE(buffer, value, maxvalue);
-+ if (handle != SEM_FAILED)
-+ break;
-+ else if (errno != EEXIST)
-+ goto failure;
-+ }
-
-- SEM_CLEAR_ERROR();
-- handle = SEM_CREATE(buffer, value, maxvalue);
- /* On Windows we should fail if GetLastError()==ERROR_ALREADY_EXISTS */
- if (handle == SEM_FAILED || SEM_GET_LAST_ERROR() != 0)
- goto failure;
+++ /dev/null
-# HG changeset patch
-# User Ned Deily <nad@acm.org>
-# Date 1368666045 25200
-# Node ID cd577c3288860b0deb459443ca5c489dc0f99ef6
-# Parent 149340b3004acfcb68e5ed36b1e96b7463c756c7
-Issue #17990: Only modify include and library search paths when cross-compiling.
-
-diff --git a/setup.py b/setup.py
---- a/setup.py
-+++ b/setup.py
-@@ -437,9 +437,11 @@ class PyBuildExt(build_ext):
-
- def detect_modules(self):
- # Ensure that /usr/local is always used
-- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
-- add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
-- self.add_gcc_paths()
-+ if not cross_compiling:
-+ add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
-+ add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
-+ if cross_compiling:
-+ self.add_gcc_paths()
- self.add_multiarch_paths()
-
- # Add paths specified in the environment variables LDFLAGS and
+++ /dev/null
-https://bugs.gentoo.org/show_bug.cgi?id=476426
-http://bugs.python.org/issue17998
-diff -r d91da96a55bf Modules/_sre.c
---- a/Modules/_sre.c Thu May 16 22:47:47 2013 +0100
-+++ b/Modules/_sre.c Fri May 17 21:02:48 2013 +0300
-@@ -1028,7 +1028,7 @@
- TRACE(("|%p|%p|REPEAT_ONE %d %d\n", ctx->pattern, ctx->ptr,
- ctx->pattern[1], ctx->pattern[2]));
-
-- if (ctx->pattern[1] > end - ctx->ptr)
-+ if ((Py_ssize_t) ctx->pattern[1] > end - ctx->ptr)
- RETURN_FAILURE; /* cannot match */
-
- state->ptr = ctx->ptr;
-@@ -1111,7 +1111,7 @@
- TRACE(("|%p|%p|MIN_REPEAT_ONE %d %d\n", ctx->pattern, ctx->ptr,
- ctx->pattern[1], ctx->pattern[2]));
-
-- if (ctx->pattern[1] > end - ctx->ptr)
-+ if ((Py_ssize_t) ctx->pattern[1] > end - ctx->ptr)
- RETURN_FAILURE; /* cannot match */
-
- state->ptr = ctx->ptr;
+++ /dev/null
-diff -r 40fb60df4755 Modules/socketmodule.c
---- a/Modules/socketmodule.c Sun Jan 12 12:11:47 2014 +0200
-+++ b/Modules/socketmodule.c Mon Jan 13 16:36:35 2014 -0800
-@@ -2744,6 +2744,13 @@
- recvlen = buflen;
- }
-
-+ /* Check if the buffer is large enough */
-+ if (buflen < recvlen) {
-+ PyErr_SetString(PyExc_ValueError,
-+ "buffer too small for requested bytes");
-+ goto error;
-+ }
-+
- readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
- if (readlen < 0) {
- /* Return an error */
+++ /dev/null
-# HG changeset patch
-# User Antoine Pitrou <solipsis@pitrou.net>
-# Date 1368892602 -7200
-# Sat May 18 17:56:42 2013 +0200
-# Branch 3.2
-# Node ID b9b521efeba385af0142988899a55de1c1c805c7
-# Parent 6255b40c6a6127933d8ea7a2b9de200f5a0e6154
-Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
-
-diff --git a/Lib/ssl.py b/Lib/ssl.py
---- a/Lib/ssl.py
-+++ b/Lib/ssl.py
-@@ -108,9 +108,16 @@
- pass
-
-
--def _dnsname_to_pat(dn):
-+def _dnsname_to_pat(dn, max_wildcards=1):
- pats = []
- for frag in dn.split(r'.'):
-+ if frag.count('*') > max_wildcards:
-+ # Issue #17980: avoid denials of service by refusing more
-+ # than one wildcard per fragment. A survery of established
-+ # policy among SSL implementations showed it to be a
-+ # reasonable choice.
-+ raise CertificateError(
-+ "too many wildcards in certificate DNS name: " + repr(dn))
- if frag == '*':
- # When '*' is a fragment by itself, it matches a non-empty dotless
- # fragment.
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -326,6 +326,17 @@
- self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
- self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
-
-+ # Issue #17980: avoid denials of service by refusing more than one
-+ # wildcard per fragment.
-+ cert = {'subject': ((('commonName', 'a*b.com'),),)}
-+ ok(cert, 'axxb.com')
-+ cert = {'subject': ((('commonName', 'a*b.co*'),),)}
-+ ok(cert, 'axxb.com')
-+ cert = {'subject': ((('commonName', 'a*b*.com'),),)}
-+ with self.assertRaises(ssl.CertificateError) as cm:
-+ ssl.match_hostname(cert, 'axxbxxc.com')
-+ self.assertIn("too many wildcards", str(cm.exception))
-+
- def test_server_side(self):
- # server_hostname doesn't work for server sockets
- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+++ /dev/null
-# HG changeset patch
-# User Benjamin Peterson <benjamin@python.org>
-# Date 1389671978 18000
-# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c
-# Parent 2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6
-complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
-
-diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
---- a/Lib/test/test_socket.py
-+++ b/Lib/test/test_socket.py
-@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest):
-
- _testRecvFromIntoMemoryview = _testRecvFromIntoArray
-
-+ def testRecvFromIntoSmallBuffer(self):
-+ # See issue #20246.
-+ buf = bytearray(8)
-+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
-+
-+ def _testRecvFromIntoSmallBuffer(self):
-+ self.serv_conn.send(MSG*2048)
-+
-
- TIPC_STYPE = 2000
- TIPC_LOWER = 200
-diff --git a/Misc/ACKS b/Misc/ACKS
---- a/Misc/ACKS
-+++ b/Misc/ACKS
-@@ -1020,6 +1020,7 @@ Eric V. Smith
- Christopher Smith
- Gregory P. Smith
- Roy Smith
-+Ryan Smith-Roberts
- Rafal Smotrzyk
- Dirk Soede
- Paul Sokolovsky
-diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
---- a/Modules/socketmodule.c
-+++ b/Modules/socketmodule.c
-@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s
- if (recvlen == 0) {
- /* If nbytes was not specified, use the buffer's length */
- recvlen = buflen;
-+ } else if (recvlen > buflen) {
-+ PyBuffer_Release(&pbuf);
-+ PyErr_SetString(PyExc_ValueError,
-+ "nbytes is greater than the length of the buffer");
-+ return NULL;
- }
-
- readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
+++ /dev/null
-# HG changeset patch
-# User Benjamin Peterson <benjamin@python.org>
-# Date 1397441438 14400
-# Node ID 50c07ed1743da9cd4540d83de0c30bd17aeb41b0
-# Parent 218e28a935ab4494d05215c243e2129625a71893
-in scan_once, prevent the reading of arbitrary memory when passed a negative index
-
-Bug reported by Guido Vranken.
-
-Index: Python-3.2.5/Lib/json/tests/test_decode.py
-===================================================================
---- Python-3.2.5.orig/Lib/test/json_tests/test_decode.py 2014-06-26 18:40:10.825269130 +0200
-+++ Python-3.2.5/Lib/test/json_tests/test_decode.py 2014-06-26 18:40:21.962323035 +0200
-@@ -60,5 +60,9 @@
- msg = 'escape'
- self.assertRaisesRegexp(ValueError, msg, self.loads, s)
-
-+ def test_negative_index(self):
-+ d = self.json.JSONDecoder()
-+ self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000)
-+
- class TestPyDecode(TestDecode, PyTest): pass
- class TestCDecode(TestDecode, CTest): pass
-Index: Python-3.2.5/Modules/_json.c
-===================================================================
---- a/Modules/_json.c
-+++ b/Modules/_json.c
-@@ -930,7 +930,10 @@ scan_once_unicode(PyScannerObject *s, Py
- PyObject *res;
- Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
- Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
-- if (idx >= length) {
-+ if (idx < 0)
-+ /* Compatibility with Python version. */
-+ idx += length;
-+ if (idx < 0 || idx >= length) {
- PyErr_SetNone(PyExc_StopIteration);
- return NULL;
- }
+++ /dev/null
-# HG changeset patch
-# User Georg Brandl <georg@python.org>
-# Date 1379142489 -7200
-# Node ID c18c18774e240377d47638fb23e8276c1ac2e606
-# Parent b9b521efeba385af0142988899a55de1c1c805c7
-Fix tkinter regression introduced by the security fix in #16248.
-
-diff --git a/Lib/tkinter/__init__.py b/Lib/tkinter/__init__.py
---- a/Lib/tkinter/__init__.py
-+++ b/Lib/tkinter/__init__.py
-@@ -1722,7 +1722,7 @@ class Tk(Misc, Wm):
- # ensure that self.tk is always _something_.
- self.tk = None
- if baseName is None:
-- import sys, os
-+ import os
- baseName = os.path.basename(sys.argv[0])
- baseName, ext = os.path.splitext(baseName)
- if ext not in ('.py', '.pyc', '.pyo'):
+++ /dev/null
-# HG changeset patch
-# User Antoine Pitrou <solipsis@pitrou.net>
-# Date 1368892602 -7200
-# Sat May 18 17:56:42 2013 +0200
-# Branch 3.3
-# Node ID c627638753e2d25a98950585b259104a025937a9
-# Parent 9682241dc8fcb4b1aef083bd30860efa070c3d6d
-Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
-
-diff --git a/Lib/ssl.py b/Lib/ssl.py
---- a/Lib/ssl.py
-+++ b/Lib/ssl.py
-@@ -129,9 +129,16 @@
- pass
-
-
--def _dnsname_to_pat(dn):
-+def _dnsname_to_pat(dn, max_wildcards=1):
- pats = []
- for frag in dn.split(r'.'):
-+ if frag.count('*') > max_wildcards:
-+ # Issue #17980: avoid denials of service by refusing more
-+ # than one wildcard per fragment. A survery of established
-+ # policy among SSL implementations showed it to be a
-+ # reasonable choice.
-+ raise CertificateError(
-+ "too many wildcards in certificate DNS name: " + repr(dn))
- if frag == '*':
- # When '*' is a fragment by itself, it matches a non-empty dotless
- # fragment.
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -349,6 +349,17 @@
- self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
- self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
-
-+ # Issue #17980: avoid denials of service by refusing more than one
-+ # wildcard per fragment.
-+ cert = {'subject': ((('commonName', 'a*b.com'),),)}
-+ ok(cert, 'axxb.com')
-+ cert = {'subject': ((('commonName', 'a*b.co*'),),)}
-+ ok(cert, 'axxb.com')
-+ cert = {'subject': ((('commonName', 'a*b*.com'),),)}
-+ with self.assertRaises(ssl.CertificateError) as cm:
-+ ssl.match_hostname(cert, 'axxbxxc.com')
-+ self.assertIn("too many wildcards", str(cm.exception))
-+
- def test_server_side(self):
- # server_hostname doesn't work for server sockets
- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+++ /dev/null
-#! /usr/bin/python2.4
-
-import sys
-import os
-import getopt
-from distutils import sysconfig
-
-valid_opts = ['prefix', 'exec-prefix', 'includes', 'libs', 'cflags',
- 'ldflags', 'help']
-
-def exit_with_usage(code=1):
- print >>sys.stderr, "Usage: %s [%s]" % (sys.argv[0],
- '|'.join('--'+opt for opt in valid_opts))
- sys.exit(code)
-
-try:
- opts, args = getopt.getopt(sys.argv[1:], '', valid_opts)
-except getopt.error:
- exit_with_usage()
-
-if not opts:
- #exit_with_usage()
- #be compatible with our old python-config-2.4
- import string
- print "-lpython2.4 -lm -L/usr/lib/python2.4/config",string.join(string.split(sysconfig.get_config_var("MODLIBS")))
- sys.exit(0)
-
-opt = opts[0][0]
-
-pyver = sysconfig.get_config_var('VERSION')
-getvar = sysconfig.get_config_var
-
-if opt == '--help':
- exit_with_usage(0)
-
-elif opt == '--prefix':
- print sysconfig.PREFIX
-
-elif opt == '--exec-prefix':
- print sysconfig.EXEC_PREFIX
-
-elif opt in ('--includes', '--cflags'):
- flags = ['-I' + sysconfig.get_python_inc(),
- '-I' + sysconfig.get_python_inc(plat_specific=True)]
- if opt == '--cflags':
- flags.extend(getvar('CFLAGS').split())
- print ' '.join(flags)
-
-elif opt in ('--libs', '--ldflags'):
- libs = getvar('LIBS').split() + getvar('SYSLIBS').split()
- libs.append('-lpython'+pyver)
- # add the prefix/lib/pythonX.Y/config dir, but only if there is no
- # shared library in prefix/lib/.
- if opt == '--ldflags' and not getvar('Py_ENABLE_SHARED'):
- libs.insert(0, '-L' + getvar('LIBPL'))
- print ' '.join(libs)
-
-
+++ /dev/null
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-WANT_AUTOMAKE="none"
-WANT_LIBTOOL="none"
-
-inherit autotools eutils flag-o-matic multilib pax-utils python-utils-r1 toolchain-funcs multiprocessing
-
-MY_P="Python-${PV}"
-PATCHSET_REVISION="1"
-
-DESCRIPTION="An interpreted, interactive, object-oriented programming language"
-HOMEPAGE="http://www.python.org/"
-SRC_URI="http://www.python.org/ftp/python/${PV}/${MY_P}.tar.xz
- http://dev.gentoo.org/~floppym/python/python-gentoo-patches-${PV}-${PATCHSET_REVISION}.tar.xz"
-
-LICENSE="PSF-2"
-SLOT="3.2"
-KEYWORDS="alpha amd64 arm hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
-IUSE="build doc elibc_uclibc examples gdbm hardened ipv6 +ncurses +readline sqlite +ssl +threads tk +wide-unicode wininst +xml"
-
-# Do not add a dependency on dev-lang/python to this ebuild.
-# If you need to apply a patch which requires python for bootstrapping, please
-# run the bootstrap code on your dev box and include the results in the
-# patchset. See bug 447752.
-
-RDEPEND="app-arch/bzip2
- >=sys-libs/zlib-1.1.3
- virtual/libffi
- virtual/libintl
- !build? (
- gdbm? ( sys-libs/gdbm[berkdb] )
- ncurses? (
- >=sys-libs/ncurses-5.2
- readline? ( >=sys-libs/readline-4.1 )
- )
- sqlite? ( >=dev-db/sqlite-3.3.8:3 )
- ssl? ( dev-libs/openssl )
- tk? (
- >=dev-lang/tk-8.0
- dev-tcltk/blt
- dev-tcltk/tix
- )
- xml? ( >=dev-libs/expat-2.1 )
- )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- >=sys-devel/autoconf-2.65
- !sys-devel/gcc[libffi]"
-RDEPEND+=" !build? ( app-misc/mime-types )
- doc? ( dev-python/python-docs:${SLOT} )"
-PDEPEND="app-eselect/eselect-python
- app-admin/python-updater"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
- if [[ "${PV}" =~ ^3\.2(\.[1234])?(_pre)? ]]; then
- rm -f "${EROOT}usr/$(get_libdir)/llibpython3.so"
- else
- die "Deprecated code not deleted"
- fi
-}
-
-src_prepare() {
- # Ensure that internal copies of expat, libffi and zlib are not used.
- rm -r Modules/expat
- rm -r Modules/_ctypes/libffi*
- rm -r Modules/zlib
-
- local excluded_patches
- if ! tc-is-cross-compiler; then
- excluded_patches="*_all_crosscompile.patch"
- fi
-
- EPATCH_EXCLUDE="${excluded_patches}" EPATCH_SUFFIX="patch" \
- epatch "${WORKDIR}/patches"
-
- epatch "${FILESDIR}/python-3.2-CVE-2013-2099.patch"
- epatch "${FILESDIR}/CVE-2013-4238_py33.patch"
- epatch "${FILESDIR}/python-3.2-issue16248.patch"
-
- sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" \
- Lib/distutils/command/install.py \
- Lib/distutils/sysconfig.py \
- Lib/site.py \
- Lib/sysconfig.py \
- Lib/test/test_site.py \
- Makefile.pre.in \
- Modules/Setup.dist \
- Modules/getpath.c \
- setup.py || die "sed failed to replace @@GENTOO_LIBDIR@@"
-
- # Disable ABI flags.
- sed -e "s/ABIFLAGS=\"\${ABIFLAGS}.*\"/:/" -i configure.ac || die "sed failed"
-
- # bug #514686
- epatch "${FILESDIR}/${PN}-3.2-CVE-2014-4616.patch"
- # bug #500518
- epatch "${FILESDIR}/${PN}-3.2-CVE-2014-1912.patch"
-
- epatch_user
-
- eautoconf
- eautoheader
-}
-
-src_configure() {
- if use build; then
- # Disable extraneous modules with extra dependencies.
- export PYTHON_DISABLE_MODULES="gdbm _curses _curses_panel readline _sqlite3 _tkinter _elementtree pyexpat"
- export PYTHON_DISABLE_SSL="1"
- else
- local disable
- use gdbm || disable+=" gdbm"
- use ncurses || disable+=" _curses _curses_panel"
- use readline || disable+=" readline"
- use sqlite || disable+=" _sqlite3"
- use ssl || export PYTHON_DISABLE_SSL="1"
- use tk || disable+=" _tkinter"
- use xml || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat.
- export PYTHON_DISABLE_MODULES="${disable}"
-
- if ! use xml; then
- ewarn "You have configured Python without XML support."
- ewarn "This is NOT a recommended configuration as you"
- ewarn "may face problems parsing any XML documents."
- fi
- fi
-
- if [[ -n "${PYTHON_DISABLE_MODULES}" ]]; then
- einfo "Disabled modules: ${PYTHON_DISABLE_MODULES}"
- fi
-
- if [[ "$(gcc-major-version)" -ge 4 ]]; then
- append-flags -fwrapv
- fi
-
- filter-flags -malign-double
-
- [[ "${ARCH}" == "alpha" ]] && append-flags -fPIC
-
- # https://bugs.gentoo.org/show_bug.cgi?id=50309
- if is-flagq -O3; then
- is-flagq -fstack-protector-all && replace-flags -O3 -O2
- use hardened && replace-flags -O3 -O2
- fi
-
- # Run the configure scripts in parallel.
- multijob_init
-
- mkdir -p "${WORKDIR}"/{${CBUILD},${CHOST}}
-
- if tc-is-cross-compiler; then
- (
- multijob_child_init
- cd "${WORKDIR}"/${CBUILD} >/dev/null
- OPT="-O1" CFLAGS="" CPPFLAGS="" LDFLAGS="" CC="" \
- "${S}"/configure \
- --{build,host}=${CBUILD} \
- || die "cross-configure failed"
- ) &
- multijob_post_fork
-
- # The configure script assumes it's buggy when cross-compiling.
- export ac_cv_buggy_getaddrinfo=no
- export ac_cv_have_long_long_format=yes
- fi
-
- # Export CXX so it ends up in /usr/lib/python3.X/config/Makefile.
- tc-export CXX
- # The configure script fails to use pkg-config correctly.
- # http://bugs.python.org/issue15506
- export ac_cv_path_PKG_CONFIG=$(tc-getPKG_CONFIG)
-
- # Set LDFLAGS so we link modules with -lpython3.2 correctly.
- # Needed on FreeBSD unless Python 3.2 is already installed.
- # Please query BSD team before removing this!
- append-ldflags "-L."
-
- local dbmliborder
- if use gdbm; then
- dbmliborder+="${dbmliborder:+:}gdbm"
- fi
-
- cd "${WORKDIR}"/${CHOST}
- ECONF_SOURCE=${S} OPT="" \
- econf \
- --with-fpectl \
- --enable-shared \
- $(use_enable ipv6) \
- $(use_with threads) \
- $(use_with wide-unicode) \
- --infodir='${prefix}/share/info' \
- --mandir='${prefix}/share/man' \
- --with-computed-gotos \
- --with-dbmliborder="${dbmliborder}" \
- --with-libc="" \
- --enable-loadable-sqlite-extensions \
- --with-system-expat \
- --with-system-ffi
-
- if use threads && grep -q "#define POSIX_SEMAPHORES_NOT_ENABLED 1" pyconfig.h; then
- eerror "configure has detected that the sem_open function is broken."
- eerror "Please ensure that /dev/shm is mounted as a tmpfs with mode 1777."
- die "Broken sem_open function (bug 496328)"
- fi
-
- if tc-is-cross-compiler; then
- # Modify the Makefile.pre so we don't regen for the host/ one.
- # We need to link the host python programs into $PWD and run
- # them from here because the distutils sysconfig module will
- # parse Makefile/etc... from argv[0], and we need it to pick
- # up the target settings, not the host ones.
- sed -i \
- -e '1iHOSTPYTHONPATH = ./hostpythonpath:' \
- -e '/^HOSTPYTHON/s:=.*:= ./hostpython:' \
- -e '/^HOSTPGEN/s:=.*:= ./Parser/hostpgen:' \
- Makefile{.pre,} || die "sed failed"
- fi
-
- multijob_finish
-}
-
-src_compile() {
- if tc-is-cross-compiler; then
- cd "${WORKDIR}"/${CBUILD}
- # Disable as many modules as possible -- but we need a few to install.
- PYTHON_DISABLE_MODULES=$(
- sed -n "/Extension('/{s:^.*Extension('::;s:'.*::;p}" "${S}"/setup.py | \
- egrep -v '(unicodedata|time|cStringIO|_struct|binascii)'
- ) \
- PTHON_DISABLE_SSL="1" \
- SYSROOT= \
- emake
- # See comment in src_configure about these.
- ln python ../${CHOST}/hostpython || die
- ln Parser/pgen ../${CHOST}/Parser/hostpgen || die
- ln -s ../${CBUILD}/build/lib.*/ ../${CHOST}/hostpythonpath || die
- fi
-
- cd "${WORKDIR}"/${CHOST}
- emake CPPFLAGS="" CFLAGS="" LDFLAGS=""
-
- # Work around bug 329499. See also bug 413751 and 457194.
- if has_version dev-libs/libffi[pax_kernel]; then
- pax-mark E python
- else
- pax-mark m python
- fi
-}
-
-src_test() {
- # Tests will not work when cross compiling.
- if tc-is-cross-compiler; then
- elog "Disabling tests due to crosscompiling."
- return
- fi
-
- cd "${WORKDIR}"/${CHOST}
-
- # Skip failing tests.
- local skipped_tests="gdb"
-
- for test in ${skipped_tests}; do
- mv "${S}"/Lib/test/test_${test}.py "${T}"
- done
-
- # Rerun failed tests in verbose mode (regrtest -w).
- PYTHONDONTWRITEBYTECODE="" emake test EXTRATESTOPTS="-w" CPPFLAGS="" CFLAGS="" LDFLAGS="" < /dev/tty
- local result="$?"
-
- for test in ${skipped_tests}; do
- mv "${T}/test_${test}.py" "${S}"/Lib/test
- done
-
- elog "The following tests have been skipped:"
- for test in ${skipped_tests}; do
- elog "test_${test}.py"
- done
-
- elog "If you would like to run them, you may:"
- elog "cd '${EPREFIX}/usr/$(get_libdir)/python${SLOT}/test'"
- elog "and run the tests separately."
-
- if [[ "${result}" -ne 0 ]]; then
- die "emake test failed"
- fi
-}
-
-src_install() {
- local libdir=${ED}/usr/$(get_libdir)/python${SLOT}
-
- cd "${WORKDIR}"/${CHOST}
- emake DESTDIR="${D}" altinstall
-
- sed \
- -e "s/\(CONFIGURE_LDFLAGS=\).*/\1/" \
- -e "s/\(PY_LDFLAGS=\).*/\1/" \
- -i "${libdir}/config-${SLOT}/Makefile" || die "sed failed"
-
- # Backwards compat with Gentoo divergence.
- dosym python${SLOT}-config /usr/bin/python-config-${SLOT}
-
- # Fix collisions between different slots of Python.
- rm "${ED}usr/$(get_libdir)/libpython3.so" || die
-
- if use build; then
- rm -fr "${ED}usr/bin/idle${SLOT}" "${libdir}/"{idlelib,sqlite3,test,tkinter}
- else
- use elibc_uclibc && rm -fr "${libdir}/test"
- use sqlite || rm -fr "${libdir}/"{sqlite3,test/test_sqlite*}
- use tk || rm -fr "${ED}usr/bin/idle${SLOT}" "${libdir}/"{idlelib,tkinter,test/test_tk*}
- fi
-
- use threads || rm -fr "${libdir}/multiprocessing"
- use wininst || rm -f "${libdir}/distutils/command/"wininst-*.exe
-
- dodoc "${S}"/Misc/{ACKS,HISTORY,NEWS}
-
- if use examples; then
- insinto /usr/share/doc/${PF}/examples
- find "${S}"/Tools -name __pycache__ -print0 | xargs -0 rm -fr
- doins -r "${S}"/Tools
- fi
- insinto /usr/share/gdb/auto-load/usr/$(get_libdir) #443510
- local libname=$(printf 'e:\n\t@echo $(INSTSONAME)\ninclude Makefile\n' | \
- emake --no-print-directory -s -f - 2>/dev/null)
- newins "${S}"/Tools/gdb/libpython.py "${libname}"-gdb.py
-
- newconfd "${FILESDIR}/pydoc.conf" pydoc-${SLOT}
- newinitd "${FILESDIR}/pydoc.init" pydoc-${SLOT}
- sed \
- -e "s:@PYDOC_PORT_VARIABLE@:PYDOC${SLOT/./_}_PORT:" \
- -e "s:@PYDOC@:pydoc${SLOT}:" \
- -i "${ED}etc/conf.d/pydoc-${SLOT}" "${ED}etc/init.d/pydoc-${SLOT}" || die "sed failed"
-
- # for python-exec
- python_export python${SLOT} EPYTHON PYTHON PYTHON_SITEDIR
-
- # if not using a cross-compiler, use the fresh binary
- if ! tc-is-cross-compiler; then
- local PYTHON=./python \
- LD_LIBRARY_PATH=${LD_LIBRARY_PATH+${LD_LIBRARY_PATH}:}.
- export LD_LIBRARY_PATH
- fi
-
- echo "EPYTHON='${EPYTHON}'" > epython.py
- python_domodule epython.py
-}
-
-pkg_preinst() {
- if has_version "<${CATEGORY}/${PN}-${SLOT}" && ! has_version ">=${CATEGORY}/${PN}-${SLOT}_alpha"; then
- python_updater_warning="1"
- fi
-}
-
-eselect_python_update() {
- if [[ -z "$(eselect python show)" || ! -f "${EROOT}usr/bin/$(eselect python show)" ]]; then
- eselect python update
- fi
-
- if [[ -z "$(eselect python show --python${PV%%.*})" || ! -f "${EROOT}usr/bin/$(eselect python show --python${PV%%.*})" ]]; then
- eselect python update --python${PV%%.*}
- fi
-}
-
-pkg_postinst() {
- ewarn "Please note that Python ${PV%.*} is no longer supported in Gentoo."
- ewarn "The interpreter is not well maintained, and may contain security"
- ewarn "vulnerabilities. Gentoo ebuilds will no longer be built with support"
- ewarn "for Python ${PV%.*}."
- ewarn
- ewarn "If you wish to use Python ${PV%.*} for your own purposes (development,"
- ewarn "testing), we suggest establishing a virtualenv for this interpreter,"
- ewarn "and installing the necessary dependencies inside it. However, we also"
- ewarn "strongly discourage using Python ${PV%.*} on production systems."
-}
-
-pkg_postrm() {
- eselect_python_update
-}
projects / gentoo.git / commitdiff