mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 10:27:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1219 from kinvolk/krnowak/python3-oem

Browse Source 
Update dev-lang/python-oem to 3.6.5
This commit is contained in:
Krzesimir Nowak 2021-09-01 18:53:01 +02:00 committed by GitHub
commit cf6fe28771
32 changed files with 605 additions and 1726 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/Manifest vendored
View File

@ -1,2 +1 @@
DIST wa-linux-agent-2.3.1.1.tar.gz 1197026 BLAKE2B 2751e43eb563705506d0f698eb69ee029de536f78ec03943861d98ac702d79dba265d72734ef1ad9ffd3b49eb0a2e55fd3536a50248db37c3d0f78b751fa6e27
SHA512 d68a622f0280d442e02b34ddac668f466252a7ed4581af63eb88df544ddb0808db04a3f35e24c1202c974ad6b7aa1e30ed1d4a3c14a3ba0a12de02fa3a5c4406
DIST wa-linux-agent-2.3.1.1.tar.gz 1197026 BLAKE2B 2751e43eb563705506d0f698eb69ee029de536f78ec03943861d98ac702d79dba265d72734ef1ad9ffd3b49eb0a2e55fd3536a50248db37c3d0f78b751fa6e27 SHA512 d68a622f0280d442e02b34ddac668f466252a7ed4581af63eb88df544ddb0808db04a3f35e24c1202c974ad6b7aa1e30ed1d4a3c14a3ba0a12de02fa3a5c4406

71
sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/files/0001-Support-flatcar.patch vendored Normal file
View File

@ -0,0 +1,71 @@
From 4d914f0bf587c755b63cc4859911e39b5455b5b1 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Tue, 31 Aug 2021 14:46:26 +0200
Subject: [PATCH] Support flatcar
---
azurelinuxagent/common/osutil/factory.py | 3 ++-
azurelinuxagent/pa/deprovision/factory.py | 2 +-
tests/common/osutil/test_factory.py | 6 ++++++
tests/tools.py | 1 +
4 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/azurelinuxagent/common/osutil/factory.py b/azurelinuxagent/common/osutil/factory.py
index b212c382..4bf0a36d 100644
--- a/azurelinuxagent/common/osutil/factory.py
+++ b/azurelinuxagent/common/osutil/factory.py
@@ -81,7 +81,8 @@ def _get_osutil(distro_name, distro_code_name, distro_version, distro_full_name)
if distro_name == "kali":
return DebianOSBaseUtil()
- if distro_name == "coreos" or distro_code_name == "coreos":
+ if distro_name == "flatcar" or distro_code_name == "flatcar" \
+ or distro_name == "coreos" or distro_code_name == "coreos":
return CoreOSUtil()
if distro_name in ("suse", "sle_hpc", "sles", "opensuse"):
diff --git a/azurelinuxagent/pa/deprovision/factory.py b/azurelinuxagent/pa/deprovision/factory.py
index 6197fc6a..e7ce1c83 100644
--- a/azurelinuxagent/pa/deprovision/factory.py
+++ b/azurelinuxagent/pa/deprovision/factory.py
@@ -35,7 +35,7 @@ def get_deprovision_handler(distro_name=DISTRO_NAME,
return Ubuntu1804DeprovisionHandler()
else:
return UbuntuDeprovisionHandler()
- if distro_name == "coreos":
+ if distro_name == "flatcar" or distro_name == "coreos":
return CoreOSDeprovisionHandler()
if "Clear Linux" in distro_full_name:
return ClearLinuxDeprovisionHandler() # pylint: disable=E1120
diff --git a/tests/common/osutil/test_factory.py b/tests/common/osutil/test_factory.py
index f7d46b21..6d6dd46c 100644
--- a/tests/common/osutil/test_factory.py
+++ b/tests/common/osutil/test_factory.py
@@ -142,6 +142,12 @@ class TestOsUtilFactory(AgentTestCase):
distro_full_name="")
self.assertTrue(isinstance(ret, CoreOSUtil))
self.assertEqual(ret.get_service_name(), "waagent")
+ ret = _get_osutil(distro_name="flatcar",
+ distro_code_name="",
+ distro_version="",
+ distro_full_name="")
+ self.assertTrue(isinstance(ret, CoreOSUtil))
+ self.assertEqual(ret.get_service_name(), "waagent")
def test_get_osutil_it_should_return_suse(self):
ret = _get_osutil(distro_name="suse",
diff --git a/tests/tools.py b/tests/tools.py
index 64f1862d..cd16c089 100644
--- a/tests/tools.py
+++ b/tests/tools.py
@@ -452,6 +452,7 @@ supported_distro = [
["ubuntu", "15.10", "Snappy Ubuntu Core"],
["coreos", "", ""],
+ ["flatcar", "", ""],
["suse", "12", "SUSE Linux Enterprise Server"],
["suse", "13.2", "openSUSE"],
--
2.31.1

18
sdk_container/src/third_party/coreos-overlay/app-emulation/wa-linux-agent/wa-linux-agent-2.3.1.1.ebuild vendored
View File

@ -1,7 +1,7 @@
# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=6
EAPI=7
DESCRIPTION="Windows Azure Linux Agent"
HOMEPAGE="https://github.com/Azure/WALinuxAgent"
@ -12,7 +12,19 @@ LICENSE="Apache-2.0"
SLOT="0"
IUSE=""
RDEPEND="dev-lang/python-oem"
# Depending on specific version of python-oem allows us to notice when
# we update the major version of python and then to make sure that we
# install the package in correctly versioned site-packages directory.
DEP_PYVER="3.6"
RDEPEND="
dev-lang/python-oem:${DEP_PYVER}
dev-python/distro-oem
"
PATCHES=(
"${FILESDIR}/0001-Support-flatcar.patch"
)
S="${WORKDIR}/WALinuxAgent-${PV}"
@ -20,7 +32,7 @@ src_install() {
into "/usr/share/oem"
dobin "${S}/bin/waagent"
insinto "/usr/share/oem/python/$(get_libdir)/python2.7/site-packages"
insinto "/usr/share/oem/python/$(get_libdir)/python${DEP_PYVER}/site-packages"
doins -r "${S}/azurelinuxagent/"
insinto "/usr/share/oem"

4
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/Manifest vendored
View File

@ -1,2 +1,2 @@
DIST Python-2.7.6.tar.xz 10431288 SHA256 1fd68e81f8bf7386ff239b7faee9ba387129d2cf34eab13350bd8503a0bff6a1 SHA512 e56e6cdd96ff7bcb680d11ad606c00f4264e413fc43ba7605b2d2e4a743fd6e464cbedabf18b461f742102e936f45d840302a99665b5f988b1df08b25285c238 WHIRLPOOL 3b83106e89c96d2227573595bd96c868e6ece7fb04fda0aa22c8d3249af99cedebcd224ec8ae788eabe8a091a55d12af9ed093ee1eedb7c72b66732c62d5e1b3
DIST python-gentoo-patches-2.7.6-1.tar.xz 14572 SHA256 cb0fca8f006ee7b8501cfbed063c987ad6793f61072144ded2122bca6dc608ed SHA512 e6bc3de2053b1dbc5845effe86cc7d19acbcf10b52b2a1ce3d45988492a2430dd8f6ea3e547beaf57bdf176b06a07f267aa6afac82cde61ed730fe3f4b2ab238 WHIRLPOOL ecf800bc895609bbdf5ec5c53031142b56002b20930d9dd1c34610fb6628d0d5fa6874a1111fa691474bde6ae1e18a03da795bb298cde4a6f649e45637ea4da0
DIST Python-3.6.5.tar.xz 17049912 BLAKE2B f393e9563a18a46c457afcd2e174d9eacda20fe2b0ae5461e11c582fa4d27b85c01bbe7b602f45511b6b44f635c6330205b12fb3e8325ffd07e87b78a8258889 SHA512 6b26fcd296b9bd8e67861eff10d14db7507711ddba947288d16d6def53135c39326b7f969c04bb2b2993f924d9e7ad3f5c5282a3915760bc0885cf0a8ea5eb51
DIST python-gentoo-patches-3.6.4.tar.xz 12888 BLAKE2B 7cf49ae22df53e855f2e99df51686b5d4bd0da82ef4c22836e24726ea9ed561808352c0305a5659b052d38b843f1ff61b6466a7bc3673b7e5cfb4d81d22fa4bc SHA512 90a1b685f2539872ffd67f96581f70145b7afaf18af19f4a7f4a61214103d2a10bf0069c1769dac229ae011fceaf8538f041082b33c1671905246d018d184dd7

65
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/README.md vendored Normal file
View File

@ -0,0 +1,65 @@
Modifications made:
- Drop python updater and eselect python stuff (so the pkg_ functions).
- Drop src_test and the test use flag.
- Rename one patch in PATCHES variable, so I don't need to rename the
file (the name in ebuild was using `${PN}`, which in
`dev-lang/python` expands to `python`, whereas in
`dev-lang/python-oem` it would expand to `python-oem`).
- Drop the following use flags and simplify the ebuild assuming that
they were disabled: examples, gdbm, libressl, ncurses, sqlite, ssl,
tk, wininst.
- Drop the following use flags and simplify the ebuild assuming that
they were enabled: build, ipv6, threads.
- Drop xml use flag, but keep the internal copies of expat, do not
disable _elementtree and pyexpat modules and tell the configure
script to use the internal stuff.
- Keep using internal libffi, instead of depending on system-provided
libffi.
- Move RDEPEND to DEPEND, so RDEPEND remains empty. OEM packages are
installed after prod images are pruned of the previously installed
package database.
- Make the following changes in configure flags:
- Add --prefix=/usr/share/oem/python to the myeconfargs variable.
- Change --enable-shared to --disable-shared.
- Set --mandir, --infodir and --includedir to some subdirectory of
/discard, so during installation this could be easily removed.
- Export some configure variables for the cross-compilation:
ac_cv_file__dev_ptc and ac_cv_file__dev_ptmx. If not done, build
will fail with a message saying that these should be set to either
yes or no.
- Simplify src_install:
- Replace the hardcoded ${ED}/usr/bin with bindir variable set to
${ED}/usr/share/oem/python/bin.
- Create versionless links (python and python3) to python executable.
- Drop sed stuff mucking with LDFLAGS.
- Drop collision fixes.
- Drop ABIFLAGS hack.
- Do not install ACKS, HISTORY and NEWS files.
- Drop gdb autoload stuff.
- Drop pydoc.{conf,init} stuff.
- Drop python-exec stuff.
- Remove installed stuff in /discard.

11
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/3.6.5-disable-nis.patch vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/setup.py
+++ b/setup.py
@@ -1364,7 +1364,7 @@ class PyBuildExt(build_ext):
else:
missing.extend(['resource', 'termios'])
- nis = self._detect_nis(inc_dirs, lib_dirs)
+ nis = None
if nis is not None:
exts.append(nis)
else:

320
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/CVE-2013-4238_py26.patch vendored
View File

@ -1,320 +0,0 @@
diff -r 936621d33c38 Lib/test/keycert.pem
--- a/Lib/test/keycert.pem Wed Feb 20 18:19:55 2013 -0500
+++ b/Lib/test/keycert.pem Fri Aug 16 02:32:42 2013 +0200
@@ -1,32 +1,31 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXwIBAAKBgQC8ddrhm+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9L
-opdJhTvbGfEj0DQs1IE8M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVH
-fhi/VwovESJlaBOp+WMnfhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQAB
-AoGBAK0FZpaKj6WnJZN0RqhhK+ggtBWwBnc0U/ozgKz2j1s3fsShYeiGtW6CK5nU
-D1dZ5wzhbGThI7LiOXDvRucc9n7vUgi0alqPQ/PFodPxAN/eEYkmXQ7W2k7zwsDA
-IUK0KUhktQbLu8qF/m8qM86ba9y9/9YkXuQbZ3COl5ahTZrhAkEA301P08RKv3KM
-oXnGU2UHTuJ1MAD2hOrPxjD4/wxA/39EWG9bZczbJyggB4RHu0I3NOSFjAm3HQm0
-ANOu5QK9owJBANgOeLfNNcF4pp+UikRFqxk5hULqRAWzVxVrWe85FlPm0VVmHbb/
-loif7mqjU8o1jTd/LM7RD9f2usZyE2psaw8CQQCNLhkpX3KO5kKJmS9N7JMZSc4j
-oog58yeYO8BBqKKzpug0LXuQultYv2K4veaIO04iL9VLe5z9S/Q1jaCHBBuXAkEA
-z8gjGoi1AOp6PBBLZNsncCvcV/0aC+1se4HxTNo2+duKSDnbq+ljqOM+E7odU+Nq
-ewvIWOG//e8fssd0mq3HywJBAJ8l/c8GVmrpFTx8r/nZ2Pyyjt3dH1widooDXYSV
-q6Gbf41Llo5sYAtmxdndTLASuHKecacTgZVhy0FryZpLKrU=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANtb0+YrKuxevGpm
+LrjaUhZSgz6zFAmuGFmKmUbdjmfv9zSmmdsQIksK++jK0Be9LeZy20j6ahOfuVa0
+ufEmPoP7Fy4hXegKZR9cCWcIe/A6H2xWF1IIJLRTLaU8ol/I7T+um5HD5AwAwNPP
+USNU0Eegmvp+xxWu3NX2m1Veot85AgMBAAECgYA3ZdZ673X0oexFlq7AAmrutkHt
+CL7LvwrpOiaBjhyTxTeSNWzvtQBkIU8DOI0bIazA4UreAFffwtvEuPmonDb3F+Iq
+SMAu42XcGyVZEl+gHlTPU9XRX7nTOXVt+MlRRRxL6t9GkGfUAXI3XxJDXW3c0vBK
+UL9xqD8cORXOfE06rQJBAP8mEX1ERkR64Ptsoe4281vjTlNfIbs7NMPkUnrn9N/Y
+BLhjNIfQ3HFZG8BTMLfX7kCS9D593DW5tV4Z9BP/c6cCQQDcFzCcVArNh2JSywOQ
+ZfTfRbJg/Z5Lt9Fkngv1meeGNPgIMLN8Sg679pAOOWmzdMO3V706rNPzSVMME7E5
+oPIfAkEA8pDddarP5tCvTTgUpmTFbakm0KoTZm2+FzHcnA4jRh+XNTjTOv98Y6Ik
+eO5d1ZnKXseWvkZncQgxfdnMqqpj5wJAcNq/RVne1DbYlwWchT2Si65MYmmJ8t+F
+0mcsULqjOnEMwf5e+ptq5LzwbyrHZYq5FNk7ocufPv/ZQrcSSC+cFwJBAKvOJByS
+x56qyGeZLOQlWS2JS3KJo59XuLFGqcbgN9Om9xFa41Yb4N9NvplFivsvZdw3m1Q/
+SPIXQuT8RMPDVNQ=
+-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIJAP+qStv1cIGNMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD
-VQQGEwJVUzERMA8GA1UECBMIRGVsYXdhcmUxEzARBgNVBAcTCldpbG1pbmd0b24x
-IzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9uMQwwCgYDVQQLEwNT
-U0wxHzAdBgNVBAMTFnNvbWVtYWNoaW5lLnB5dGhvbi5vcmcwHhcNMDcwODI3MTY1
-NDUwWhcNMTMwMjE2MTY1NDUwWjCBiTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCERl
-bGF3YXJlMRMwEQYDVQQHEwpXaWxtaW5ndG9uMSMwIQYDVQQKExpQeXRob24gU29m
-dHdhcmUgRm91bmRhdGlvbjEMMAoGA1UECxMDU1NMMR8wHQYDVQQDExZzb21lbWFj
-aGluZS5weXRob24ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ddrh
-m+LutBvjYcQlnH21PPIseJ1JVG2HMmN2CmZk2YukO+9LopdJhTvbGfEj0DQs1IE8
-M+kTUyOmuKfVrFMKwtVeCJphrAnhoz7TYOuLBSqt7lVHfhi/VwovESJlaBOp+WMn
-fhcduPEYHYx/6cnVapIkZnLt30zu2um+DzA9jQIDAQABoxUwEzARBglghkgBhvhC
-AQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAF4Q5BVqmCOLv1n8je/Jw9K669VXb
-08hyGzQhkemEBYQd6fzQ9A/1ZzHkJKb1P6yreOLSEh4KcxYPyrLRC1ll8nr5OlCx
-CMhKkTnR6qBsdNV0XtdU2+N25hqW+Ma4ZeqsN/iiJVCGNOZGnvQuvCAGWF8+J/f/
-iHkC6gGdBJhogs4=
+MIICVDCCAb2gAwIBAgIJANfHOBkZr8JOMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV
+BAYTAlhZMRcwFQYDVQQHEw5DYXN0bGUgQW50aHJheDEjMCEGA1UEChMaUHl0aG9u
+IFNvZnR3YXJlIEZvdW5kYXRpb24xEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xMDEw
+MDgyMzAxNTZaFw0yMDEwMDUyMzAxNTZaMF8xCzAJBgNVBAYTAlhZMRcwFQYDVQQH
+Ew5DYXN0bGUgQW50aHJheDEjMCEGA1UEChMaUHl0aG9uIFNvZnR3YXJlIEZvdW5k
+YXRpb24xEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA21vT5isq7F68amYuuNpSFlKDPrMUCa4YWYqZRt2OZ+/3NKaZ2xAiSwr7
+6MrQF70t5nLbSPpqE5+5VrS58SY+g/sXLiFd6AplH1wJZwh78DofbFYXUggktFMt
+pTyiX8jtP66bkcPkDADA089RI1TQR6Ca+n7HFa7c1fabVV6i3zkCAwEAAaMYMBYw
+FAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBBQUAA4GBAHPctQBEQ4wd
+BJ6+JcpIraopLn8BGhbjNWj40mmRqWB/NAWF6M5ne7KpGAu7tLeG4hb1zLaldK8G
+lxy2GPSRF6LFS48dpEj2HbMv2nvv6xxalDMJ9+DicWgAKTQ6bcX2j3GUkCR0g/T1
+CRlNBAAlvhKzO7Clpf9l0YKBEfraJByX
-----END CERTIFICATE-----
diff -r 936621d33c38 Lib/test/nullbytecert.pem
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Lib/test/nullbytecert.pem Fri Aug 16 02:32:42 2013 +0200
@@ -0,0 +1,90 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
+ Validity
+ Not Before: Aug 7 13:11:52 2013 GMT
+ Not After : Aug 7 13:12:52 2013 GMT
+ Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
+ 03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
+ 16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
+ 88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
+ 32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
+ 56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
+ a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
+ 45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
+ ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
+ 90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
+ 7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
+ 68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
+ f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
+ f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
+ ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
+ d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
+ 9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
+ 2f:85
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Alternative Name:
+ *************************************************************
+ WARNING: The values for DNS, email and URI are WRONG. OpenSSL
+ doesn't print the text after a NULL byte.
+ *************************************************************
+ DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
+ Signature Algorithm: sha1WithRSAEncryption
+ ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
+ a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
+ 3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
+ 86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
+ 56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
+ de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
+ 3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
+ 60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
+ d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
+ 25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
+ 1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
+ 4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
+ 0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
+ 5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
+ c1:ca:a9:94
+-----BEGIN CERTIFICATE-----
+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
+-----END CERTIFICATE-----
diff -r 936621d33c38 Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py Wed Feb 20 18:19:55 2013 -0500
+++ b/Lib/test/test_ssl.py Fri Aug 16 02:32:42 2013 +0200
@@ -31,6 +31,7 @@
HOST = test_support.HOST
CERTFILE = None
SVN_PYTHON_ORG_ROOT_CERT = None
+NULLBYTECERT = None
def handle_error(prefix):
exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
@@ -88,6 +89,27 @@
if test_support.verbose:
sys.stdout.write("\n" + pprint.pformat(p) + "\n")
+ def test_parse_cert_CVE_2013_4073(self):
+ p = ssl._ssl._test_decode_cert(NULLBYTECERT)
+ if test_support.verbose:
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
+ subject = ((('countryName', 'US'),),
+ (('stateOrProvinceName', 'Oregon'),),
+ (('localityName', 'Beaverton'),),
+ (('organizationName', 'Python Software Foundation'),),
+ (('organizationalUnitName', 'Python Core Development'),),
+ (('commonName', 'null.python.org\x00example.org'),),
+ (('emailAddress', 'python-dev@python.org'),))
+ self.assertEqual(p['subject'], subject)
+ self.assertEqual(p['issuer'], subject)
+ self.assertEqual(p['subjectAltName'],
+ (('DNS', 'altnull.python.org\x00example.com'),
+ ('email', 'null@python.org\x00user@example.org'),
+ ('URI', 'http://null.python.org\x00http://example.org'),
+ ('IP Address', '192.0.2.1'),
+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
+ )
+
def test_DER_to_PEM(self):
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
pem = f.read()
@@ -1210,15 +1232,18 @@
if skip_expected:
raise test_support.TestSkipped("No SSL support")
- global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT
+ global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NULLBYTECERT
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"keycert.pem")
SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
os.path.dirname(__file__) or os.curdir,
"https_svn_python_org_root.pem")
+ NULLBYTECERT = os.path.join(os.path.dirname(__file__) or os.curdir,
+ "nullbytecert.pem")
if (not os.path.exists(CERTFILE) or
- not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)):
+ not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or
+ not os.path.exists(NULLBYTECERT)):
raise test_support.TestFailed("Can't read certificate files!")
tests = [BasicTests]
diff -r 936621d33c38 Modules/_ssl.c
--- a/Modules/_ssl.c Wed Feb 20 18:19:55 2013 -0500
+++ b/Modules/_ssl.c Fri Aug 16 02:32:42 2013 +0200
@@ -302,8 +302,10 @@
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
else if (proto_version == PY_SSL_VERSION_SSL3)
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL2
else if (proto_version == PY_SSL_VERSION_SSL2)
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+#endif
else if (proto_version == PY_SSL_VERSION_SSL23)
self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
PySSL_END_ALLOW_THREADS
@@ -718,8 +720,13 @@
/* get a rendering of each name in the set of names */
+ int gntype;
+ ASN1_STRING *as = NULL;
+
name = sk_GENERAL_NAME_value(names, j);
- if (name->type == GEN_DIRNAME) {
+ gntype = name-> type;
+ switch (gntype) {
+ case GEN_DIRNAME:
/* we special-case DirName as a tuple of tuples of attributes */
@@ -741,11 +748,61 @@
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
- } else {
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string
+ correctly. */
+ t = PyTuple_New(2);
+ if (t == NULL)
+ goto fail;
+ switch (gntype) {
+ case GEN_EMAIL:
+ v = PyUnicode_FromString("email");
+ as = name->d.rfc822Name;
+ break;
+ case GEN_DNS:
+ v = PyUnicode_FromString("DNS");
+ as = name->d.dNSName;
+ break;
+ case GEN_URI:
+ v = PyUnicode_FromString("URI");
+ as = name->d.uniformResourceIdentifier;
+ break;
+ }
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 0, v);
+ v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 1, v);
+ break;
+ default:
/* for everything else, we use the OpenSSL print form */
-
+ switch (gntype) {
+ /* check for new general name type */
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ case GEN_IPADD:
+ case GEN_RID:
+ break;
+ default:
+ if (PyErr_Warn(PyExc_RuntimeWarning,
+ "Unknown general name type") == -1) {
+ goto fail;
+ }
+ break;
+ }
(void) BIO_reset(biobuf);
GENERAL_NAME_print(biobuf, name);
len = BIO_gets(biobuf, buf, sizeof(buf)-1);
@@ -771,6 +828,7 @@
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
}
/* and add that rendering to the list */

247
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/CVE-2013-4238_py27.patch vendored
View File

@ -1,247 +0,0 @@
diff -r 9ddc63c039ba Lib/test/nullbytecert.pem
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Lib/test/nullbytecert.pem Sun Aug 11 18:13:17 2013 +0200
@@ -0,0 +1,90 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
+ Validity
+ Not Before: Aug 7 13:11:52 2013 GMT
+ Not After : Aug 7 13:12:52 2013 GMT
+ Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
+ 03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
+ 16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
+ 88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
+ 32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
+ 56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
+ a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
+ 45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
+ ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
+ 90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
+ 7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
+ 68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
+ f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
+ f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
+ ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
+ d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
+ 9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
+ 2f:85
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Alternative Name:
+ *************************************************************
+ WARNING: The values for DNS, email and URI are WRONG. OpenSSL
+ doesn't print the text after a NULL byte.
+ *************************************************************
+ DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
+ Signature Algorithm: sha1WithRSAEncryption
+ ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
+ a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
+ 3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
+ 86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
+ 56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
+ de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
+ 3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
+ 60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
+ d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
+ 25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
+ 1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
+ 4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
+ 0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
+ 5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
+ c1:ca:a9:94
+-----BEGIN CERTIFICATE-----
+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
+-----END CERTIFICATE-----
diff -r 9ddc63c039ba Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py Sun Aug 11 13:04:50 2013 +0300
+++ b/Lib/test/test_ssl.py Sun Aug 11 18:13:17 2013 +0200
@@ -25,6 +25,7 @@
HOST = test_support.HOST
CERTFILE = None
SVN_PYTHON_ORG_ROOT_CERT = None
+NULLBYTECERT = None
def handle_error(prefix):
exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
@@ -123,6 +124,27 @@
('DNS', 'projects.forum.nokia.com'))
)
+ def test_parse_cert_CVE_2013_4073(self):
+ p = ssl._ssl._test_decode_cert(NULLBYTECERT)
+ if test_support.verbose:
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
+ subject = ((('countryName', 'US'),),
+ (('stateOrProvinceName', 'Oregon'),),
+ (('localityName', 'Beaverton'),),
+ (('organizationName', 'Python Software Foundation'),),
+ (('organizationalUnitName', 'Python Core Development'),),
+ (('commonName', 'null.python.org\x00example.org'),),
+ (('emailAddress', 'python-dev@python.org'),))
+ self.assertEqual(p['subject'], subject)
+ self.assertEqual(p['issuer'], subject)
+ self.assertEqual(p['subjectAltName'],
+ (('DNS', 'altnull.python.org\x00example.com'),
+ ('email', 'null@python.org\x00user@example.org'),
+ ('URI', 'http://null.python.org\x00http://example.org'),
+ ('IP Address', '192.0.2.1'),
+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
+ )
+
def test_DER_to_PEM(self):
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
pem = f.read()
@@ -1360,7 +1382,7 @@
def test_main(verbose=False):
- global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT
+ global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT, NULLBYTECERT
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"keycert.pem")
SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
@@ -1368,10 +1390,13 @@
"https_svn_python_org_root.pem")
NOKIACERT = os.path.join(os.path.dirname(__file__) or os.curdir,
"nokia.pem")
+ NULLBYTECERT = os.path.join(os.path.dirname(__file__) or os.curdir,
+ "nullbytecert.pem")
if (not os.path.exists(CERTFILE) or
not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or
- not os.path.exists(NOKIACERT)):
+ not os.path.exists(NOKIACERT) or
+ not os.path.exists(NULLBYTECERT)):
raise test_support.TestFailed("Can't read certificate files!")
tests = [BasicTests, BasicSocketTests]
diff -r 9ddc63c039ba Modules/_ssl.c
--- a/Modules/_ssl.c Sun Aug 11 13:04:50 2013 +0300
+++ b/Modules/_ssl.c Sun Aug 11 18:13:17 2013 +0200
@@ -741,8 +741,13 @@
/* get a rendering of each name in the set of names */
+ int gntype;
+ ASN1_STRING *as = NULL;
+
name = sk_GENERAL_NAME_value(names, j);
- if (name->type == GEN_DIRNAME) {
+ gntype = name-> type;
+ switch (gntype) {
+ case GEN_DIRNAME:
/* we special-case DirName as a tuple of tuples of attributes */
@@ -764,11 +769,61 @@
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
- } else {
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string
+ correctly. */
+ t = PyTuple_New(2);
+ if (t == NULL)
+ goto fail;
+ switch (gntype) {
+ case GEN_EMAIL:
+ v = PyUnicode_FromString("email");
+ as = name->d.rfc822Name;
+ break;
+ case GEN_DNS:
+ v = PyUnicode_FromString("DNS");
+ as = name->d.dNSName;
+ break;
+ case GEN_URI:
+ v = PyUnicode_FromString("URI");
+ as = name->d.uniformResourceIdentifier;
+ break;
+ }
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 0, v);
+ v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 1, v);
+ break;
+ default:
/* for everything else, we use the OpenSSL print form */
-
+ switch (gntype) {
+ /* check for new general name type */
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ case GEN_IPADD:
+ case GEN_RID:
+ break;
+ default:
+ if (PyErr_Warn(PyExc_RuntimeWarning,
+ "Unknown general name type") == -1) {
+ goto fail;
+ }
+ break;
+ }
(void) BIO_reset(biobuf);
GENERAL_NAME_print(biobuf, name);
len = BIO_gets(biobuf, buf, sizeof(buf)-1);
@@ -794,6 +849,7 @@
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
}
/* and add that rendering to the list */

241
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/CVE-2013-4238_py33.patch vendored
View File

@ -1,241 +0,0 @@
diff -r e0f86c3b3685 Lib/test/nullbytecert.pem
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Lib/test/nullbytecert.pem Sun Aug 11 18:17:23 2013 +0200
@@ -0,0 +1,90 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
+ Validity
+ Not Before: Aug 7 13:11:52 2013 GMT
+ Not After : Aug 7 13:12:52 2013 GMT
+ Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
+ 03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
+ 16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
+ 88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
+ 32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
+ 56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
+ a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
+ 45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
+ ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
+ 90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
+ 7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
+ 68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
+ f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
+ f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
+ ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
+ d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
+ 9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
+ 2f:85
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Alternative Name:
+ *************************************************************
+ WARNING: The values for DNS, email and URI are WRONG. OpenSSL
+ doesn't print the text after a NULL byte.
+ *************************************************************
+ DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
+ Signature Algorithm: sha1WithRSAEncryption
+ ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
+ a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
+ 3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
+ 86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
+ 56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
+ de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
+ 3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
+ 60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
+ d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
+ 25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
+ 1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
+ 4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
+ 0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
+ 5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
+ c1:ca:a9:94
+-----BEGIN CERTIFICATE-----
+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
+-----END CERTIFICATE-----
diff -r e0f86c3b3685 Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py Sun Aug 11 13:04:50 2013 +0300
+++ b/Lib/test/test_ssl.py Sun Aug 11 18:17:23 2013 +0200
@@ -55,6 +55,7 @@
WRONGCERT = data_file("XXXnonexisting.pem")
BADKEY = data_file("badkey.pem")
NOKIACERT = data_file("nokia.pem")
+NULLBYTECERT = data_file("nullbytecert.pem")
DHFILE = data_file("dh512.pem")
BYTES_DHFILE = os.fsencode(DHFILE)
@@ -162,6 +163,27 @@
('DNS', 'projects.forum.nokia.com'))
)
+ def test_parse_cert_CVE_2013_4073(self):
+ p = ssl._ssl._test_decode_cert(NULLBYTECERT)
+ if support.verbose:
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
+ subject = ((('countryName', 'US'),),
+ (('stateOrProvinceName', 'Oregon'),),
+ (('localityName', 'Beaverton'),),
+ (('organizationName', 'Python Software Foundation'),),
+ (('organizationalUnitName', 'Python Core Development'),),
+ (('commonName', 'null.python.org\x00example.org'),),
+ (('emailAddress', 'python-dev@python.org'),))
+ self.assertEqual(p['subject'], subject)
+ self.assertEqual(p['issuer'], subject)
+ self.assertEqual(p['subjectAltName'],
+ (('DNS', 'altnull.python.org\x00example.com'),
+ ('email', 'null@python.org\x00user@example.org'),
+ ('URI', 'http://null.python.org\x00http://example.org'),
+ ('IP Address', '192.0.2.1'),
+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
+ )
+
def test_DER_to_PEM(self):
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
pem = f.read()
@@ -294,6 +316,13 @@
fail(cert, 'foo.a.com')
fail(cert, 'bar.foo.com')
+ # NULL bytes are bad, CVE-2013-4073
+ cert = {'subject': ((('commonName',
+ 'null.python.org\x00example.org'),),)}
+ ok(cert, 'null.python.org\x00example.org') # or raise an error?
+ fail(cert, 'example.org')
+ fail(cert, 'null.python.org')
+
# Slightly fake real-world example
cert = {'notAfter': 'Jun 26 21:41:46 2011 GMT',
'subject': ((('commonName', 'linuxfrz.org'),),),
diff -r e0f86c3b3685 Modules/_ssl.c
--- a/Modules/_ssl.c Sun Aug 11 13:04:50 2013 +0300
+++ b/Modules/_ssl.c Sun Aug 11 18:17:23 2013 +0200
@@ -771,12 +771,14 @@
ext->value->length));
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
-
/* get a rendering of each name in the set of names */
+ int gntype;
+ ASN1_STRING *as = NULL;
name = sk_GENERAL_NAME_value(names, j);
- if (name->type == GEN_DIRNAME) {
-
+ gntype = name-> type;
+ switch (gntype) {
+ case GEN_DIRNAME:
/* we special-case DirName as a tuple of
tuples of attributes */
@@ -798,11 +800,62 @@
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
- } else {
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string
+ correctly. */
+ t = PyTuple_New(2);
+ if (t == NULL)
+ goto fail;
+ switch (gntype) {
+ case GEN_EMAIL:
+ v = PyUnicode_FromString("email");
+ as = name->d.rfc822Name;
+ break;
+ case GEN_DNS:
+ v = PyUnicode_FromString("DNS");
+ as = name->d.dNSName;
+ break;
+ case GEN_URI:
+ v = PyUnicode_FromString("URI");
+ as = name->d.uniformResourceIdentifier;
+ break;
+ }
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 0, v);
+ v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 1, v);
+ break;
+ default:
/* for everything else, we use the OpenSSL print form */
-
+ switch (gntype) {
+ /* check for new general name type */
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ case GEN_IPADD:
+ case GEN_RID:
+ break;
+ default:
+ if (PyErr_WarnFormat(PyExc_RuntimeWarning, 1,
+ "Unknown general name type %d",
+ gntype) == -1) {
+ goto fail;
+ }
+ break;
+ }
(void) BIO_reset(biobuf);
GENERAL_NAME_print(biobuf, name);
len = BIO_gets(biobuf, buf, sizeof(buf)-1);
@@ -829,6 +882,7 @@
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
}
/* and add that rendering to the list */

7
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/pydoc.conf vendored
View File

@ -1,7 +0,0 @@
# /etc/init.d/pydoc.conf
# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/files/pydoc.conf,v 1.3 2011/10/27 13:56:55 neurogeek Exp $
# This file contains the configuration for pydoc's internal webserver.
# Default port for Python's pydoc server.
@PYDOC_PORT_VARIABLE@="7464"

29
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/pydoc.init vendored
View File

@ -1,29 +0,0 @@
#!/sbin/runscript
# Copyright 1999-2011 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public Licence v2
# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/files/pydoc.init,v 1.4 2011/10/27 13:56:55 neurogeek Exp $
depend() {
need net
}
start() {
local pydoc_port="${@PYDOC_PORT_VARIABLE@-${PYDOC_PORT}}"
if [ -z "${pydoc_port}" ]; then
eerror "Port not set"
return 1
fi
ebegin "Starting pydoc server on port ${pydoc_port}"
start-stop-daemon --start --background --make-pidfile \
--pidfile /var/run/@PYDOC@.pid \
--exec /usr/bin/@PYDOC@ -- -p "${pydoc_port}"
eend $?
}
stop() {
ebegin "Stopping pydoc server"
start-stop-daemon --stop --quiet --pidfile /var/run/@PYDOC@.pid
eend $?
}

11
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-2.5-tcl86.patch vendored
View File

@ -1,11 +0,0 @@
--- a/setup.py
+++ b/setup.py
@@ -1518,7 +1518,7 @@
# The versions with dots are used on Unix, and the versions without
# dots on Windows, for detection by cygwin.
tcllib = tklib = tcl_includes = tk_includes = None
- for version in ['8.5', '85', '8.4', '84', '8.3', '83', '8.2',
+ for version in ['8.6', '86', '8.5', '85', '8.4', '84', '8.3', '83', '8.2',
'82', '8.1', '81', '8.0', '80']:
tklib = self.compiler.find_library_file(lib_dirs, 'tk' + version)
tcllib = self.compiler.find_library_file(lib_dirs, 'tcl' + version)

19
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-2.7-aarch64-fix.patch vendored
View File

@ -1,19 +0,0 @@
Fixes build errors like these when building for arm64:
File "build/temp.linux2-aarch64-2.7/libffi/fficonfig.py"
ffi_sources += ffi_platforms['AARCH64']
KeyError: 'AARCH64'
Makefile:475: recipe for target 'sharedmods' failed
Signed-off-by: Geoff Levand <geoff@infradead.org>
--- a/Modules/_ctypes/libffi/fficonfig.py.in
+++ b/Modules/_ctypes/libffi/fficonfig.py.in
@@ -4,6 +4,7 @@
""".split()
ffi_platforms = {
+ 'AARCH64': ['src/aarch64/ffi.c', 'src/aarch64/sysv.S'],
'MIPS_IRIX': ['src/mips/ffi.c', 'src/mips/o32.S', 'src/mips/n32.S'],
'MIPS_LINUX': ['src/mips/ffi.c', 'src/mips/o32.S'],
'X86': ['src/x86/ffi.c', 'src/x86/sysv.S'],

19
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-2.7-issue16248.patch vendored
View File

@ -1,19 +0,0 @@
# HG changeset patch
# User Antoine Pitrou <solipsis@pitrou.net>
# Date 1375388712 -7200
# Node ID 0f17aed78168e63ec058c219d03cea7240f83dd6
# Parent bb546f6d8ab4f513804d7a420657963881e5b447
Fix tkinter regression introduced by the security fix in #16248.
diff --git a/Lib/lib-tk/Tkinter.py b/Lib/lib-tk/Tkinter.py
--- a/Lib/lib-tk/Tkinter.py
+++ b/Lib/lib-tk/Tkinter.py
@@ -1736,7 +1736,7 @@ class Tk(Misc, Wm):
# ensure that self.tk is always _something_.
self.tk = None
if baseName is None:
- import sys, os
+ import os
baseName = os.path.basename(sys.argv[0])
baseName, ext = os.path.splitext(baseName)
if ext not in ('.py', '.pyc', '.pyo'):

287
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-2.7-issue18851.patch vendored
View File

@ -1,287 +0,0 @@
# HG changeset patch
# User Antoine Pitrou <solipsis@pitrou.net>
# Date 1377898693 -7200
# Node ID 43749cb6bdbd0fdab70f76cd171c3c02a3f600dd
# Parent ba54011aa295004ad87438211fe3bb1568dd69ab
Issue #18851: Avoid a double close of subprocess pipes when the child process fails starting.
diff --git a/Lib/subprocess.py b/Lib/subprocess.py
--- a/Lib/subprocess.py
+++ b/Lib/subprocess.py
@@ -698,12 +698,12 @@ class Popen(object):
(p2cread, p2cwrite,
c2pread, c2pwrite,
- errread, errwrite) = self._get_handles(stdin, stdout, stderr)
+ errread, errwrite), to_close = self._get_handles(stdin, stdout, stderr)
try:
self._execute_child(args, executable, preexec_fn, close_fds,
cwd, env, universal_newlines,
- startupinfo, creationflags, shell,
+ startupinfo, creationflags, shell, to_close,
p2cread, p2cwrite,
c2pread, c2pwrite,
errread, errwrite)
@@ -711,18 +711,12 @@ class Popen(object):
# Preserve original exception in case os.close raises.
exc_type, exc_value, exc_trace = sys.exc_info()
- to_close = []
- # Only close the pipes we created.
- if stdin == PIPE:
- to_close.extend((p2cread, p2cwrite))
- if stdout == PIPE:
- to_close.extend((c2pread, c2pwrite))
- if stderr == PIPE:
- to_close.extend((errread, errwrite))
-
for fd in to_close:
try:
- os.close(fd)
+ if mswindows:
+ fd.Close()
+ else:
+ os.close(fd)
except EnvironmentError:
pass
@@ -816,8 +810,9 @@ class Popen(object):
"""Construct and return tuple with IO objects:
p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite
"""
+ to_close = set()
if stdin is None and stdout is None and stderr is None:
- return (None, None, None, None, None, None)
+ return (None, None, None, None, None, None), to_close
p2cread, p2cwrite = None, None
c2pread, c2pwrite = None, None
@@ -835,6 +830,10 @@ class Popen(object):
# Assuming file-like object
p2cread = msvcrt.get_osfhandle(stdin.fileno())
p2cread = self._make_inheritable(p2cread)
+ # We just duplicated the handle, it has to be closed at the end
+ to_close.add(p2cread)
+ if stdin == PIPE:
+ to_close.add(p2cwrite)
if stdout is None:
c2pwrite = _subprocess.GetStdHandle(_subprocess.STD_OUTPUT_HANDLE)
@@ -848,6 +847,10 @@ class Popen(object):
# Assuming file-like object
c2pwrite = msvcrt.get_osfhandle(stdout.fileno())
c2pwrite = self._make_inheritable(c2pwrite)
+ # We just duplicated the handle, it has to be closed at the end
+ to_close.add(c2pwrite)
+ if stdout == PIPE:
+ to_close.add(c2pread)
if stderr is None:
errwrite = _subprocess.GetStdHandle(_subprocess.STD_ERROR_HANDLE)
@@ -863,10 +866,14 @@ class Popen(object):
# Assuming file-like object
errwrite = msvcrt.get_osfhandle(stderr.fileno())
errwrite = self._make_inheritable(errwrite)
+ # We just duplicated the handle, it has to be closed at the end
+ to_close.add(errwrite)
+ if stderr == PIPE:
+ to_close.add(errread)
return (p2cread, p2cwrite,
c2pread, c2pwrite,
- errread, errwrite)
+ errread, errwrite), to_close
def _make_inheritable(self, handle):
@@ -895,7 +902,7 @@ class Popen(object):
def _execute_child(self, args, executable, preexec_fn, close_fds,
cwd, env, universal_newlines,
- startupinfo, creationflags, shell,
+ startupinfo, creationflags, shell, to_close,
p2cread, p2cwrite,
c2pread, c2pwrite,
errread, errwrite):
@@ -934,6 +941,10 @@ class Popen(object):
# kill children.
creationflags |= _subprocess.CREATE_NEW_CONSOLE
+ def _close_in_parent(fd):
+ fd.Close()
+ to_close.remove(fd)
+
# Start the process
try:
hp, ht, pid, tid = _subprocess.CreateProcess(executable, args,
@@ -958,11 +969,11 @@ class Popen(object):
# pipe will not close when the child process exits and the
# ReadFile will hang.
if p2cread is not None:
- p2cread.Close()
+ _close_in_parent(p2cread)
if c2pwrite is not None:
- c2pwrite.Close()
+ _close_in_parent(c2pwrite)
if errwrite is not None:
- errwrite.Close()
+ _close_in_parent(errwrite)
# Retain the process handle, but close the thread handle
self._child_created = True
@@ -1088,6 +1099,7 @@ class Popen(object):
"""Construct and return tuple with IO objects:
p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite
"""
+ to_close = set()
p2cread, p2cwrite = None, None
c2pread, c2pwrite = None, None
errread, errwrite = None, None
@@ -1096,6 +1108,7 @@ class Popen(object):
pass
elif stdin == PIPE:
p2cread, p2cwrite = self.pipe_cloexec()
+ to_close.update((p2cread, p2cwrite))
elif isinstance(stdin, int):
p2cread = stdin
else:
@@ -1106,6 +1119,7 @@ class Popen(object):
pass
elif stdout == PIPE:
c2pread, c2pwrite = self.pipe_cloexec()
+ to_close.update((c2pread, c2pwrite))
elif isinstance(stdout, int):
c2pwrite = stdout
else:
@@ -1116,6 +1130,7 @@ class Popen(object):
pass
elif stderr == PIPE:
errread, errwrite = self.pipe_cloexec()
+ to_close.update((errread, errwrite))
elif stderr == STDOUT:
errwrite = c2pwrite
elif isinstance(stderr, int):
@@ -1126,7 +1141,7 @@ class Popen(object):
return (p2cread, p2cwrite,
c2pread, c2pwrite,
- errread, errwrite)
+ errread, errwrite), to_close
def _set_cloexec_flag(self, fd, cloexec=True):
@@ -1170,7 +1185,7 @@ class Popen(object):
def _execute_child(self, args, executable, preexec_fn, close_fds,
cwd, env, universal_newlines,
- startupinfo, creationflags, shell,
+ startupinfo, creationflags, shell, to_close,
p2cread, p2cwrite,
c2pread, c2pwrite,
errread, errwrite):
@@ -1189,6 +1204,10 @@ class Popen(object):
if executable is None:
executable = args[0]
+ def _close_in_parent(fd):
+ os.close(fd)
+ to_close.remove(fd)
+
# For transferring possible exec failure from child to parent
# The first char specifies the exception type: 0 means
# OSError, 1 means some other error.
@@ -1283,17 +1302,17 @@ class Popen(object):
# be sure the FD is closed no matter what
os.close(errpipe_write)
- if p2cread is not None and p2cwrite is not None:
- os.close(p2cread)
- if c2pwrite is not None and c2pread is not None:
- os.close(c2pwrite)
- if errwrite is not None and errread is not None:
- os.close(errwrite)
-
# Wait for exec to fail or succeed; possibly raising exception
# Exception limited to 1M
data = _eintr_retry_call(os.read, errpipe_read, 1048576)
finally:
+ if p2cread is not None and p2cwrite is not None:
+ _close_in_parent(p2cread)
+ if c2pwrite is not None and c2pread is not None:
+ _close_in_parent(c2pwrite)
+ if errwrite is not None and errread is not None:
+ _close_in_parent(errwrite)
+
# be sure the FD is closed no matter what
os.close(errpipe_read)
diff --git a/Lib/test/test_subprocess.py b/Lib/test/test_subprocess.py
--- a/Lib/test/test_subprocess.py
+++ b/Lib/test/test_subprocess.py
@@ -14,6 +14,10 @@ try:
import resource
except ImportError:
resource = None
+try:
+ import threading
+except ImportError:
+ threading = None
mswindows = (sys.platform == "win32")
@@ -629,6 +633,36 @@ class ProcessTestCase(BaseTestCase):
if c.exception.errno not in (errno.ENOENT, errno.EACCES):
raise c.exception
+ @unittest.skipIf(threading is None, "threading required")
+ def test_double_close_on_error(self):
+ # Issue #18851
+ fds = []
+ def open_fds():
+ for i in range(20):
+ fds.extend(os.pipe())
+ time.sleep(0.001)
+ t = threading.Thread(target=open_fds)
+ t.start()
+ try:
+ with self.assertRaises(EnvironmentError):
+ subprocess.Popen(['nonexisting_i_hope'],
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ finally:
+ t.join()
+ exc = None
+ for fd in fds:
+ # If a double close occurred, some of those fds will
+ # already have been closed by mistake, and os.close()
+ # here will raise.
+ try:
+ os.close(fd)
+ except OSError as e:
+ exc = e
+ if exc is not None:
+ raise exc
+
def test_handles_closed_on_exception(self):
# If CreateProcess exits with an error, ensure the
# duplicate output handles are released
@@ -783,7 +817,7 @@ class POSIXProcessTestCase(BaseTestCase)
def _execute_child(
self, args, executable, preexec_fn, close_fds, cwd, env,
- universal_newlines, startupinfo, creationflags, shell,
+ universal_newlines, startupinfo, creationflags, shell, to_close,
p2cread, p2cwrite,
c2pread, c2pwrite,
errread, errwrite):
@@ -791,7 +825,7 @@ class POSIXProcessTestCase(BaseTestCase)
subprocess.Popen._execute_child(
self, args, executable, preexec_fn, close_fds,
cwd, env, universal_newlines,
- startupinfo, creationflags, shell,
+ startupinfo, creationflags, shell, to_close,
p2cread, p2cwrite,
c2pread, c2pwrite,
errread, errwrite)

25
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-2.7.5-library-path.patch vendored
View File

@ -1,25 +0,0 @@
# HG changeset patch
# User Ned Deily <nad@acm.org>
# Date 1368666045 25200
# Node ID cd577c3288860b0deb459443ca5c489dc0f99ef6
# Parent 149340b3004acfcb68e5ed36b1e96b7463c756c7
Issue #17990: Only modify include and library search paths when cross-compiling.
diff --git a/setup.py b/setup.py
--- a/setup.py
+++ b/setup.py
@@ -437,9 +437,11 @@ class PyBuildExt(build_ext):
def detect_modules(self):
# Ensure that /usr/local is always used
- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
- add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
- self.add_gcc_paths()
+ if not cross_compiling:
+ add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
+ add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
+ if cross_compiling:
+ self.add_gcc_paths()
self.add_multiarch_paths()
# Add paths specified in the environment variables LDFLAGS and

18
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-2.7.5-nonfatal-compileall.patch vendored
View File

@ -1,18 +0,0 @@
diff --git a/Makefile.pre.in b/Makefile.pre.in
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -1000,12 +1000,12 @@
$(INSTALL_DATA) $(srcdir)/Modules/xxmodule.c \
$(DESTDIR)$(LIBDEST)/distutils/tests ; \
fi
- PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
+ -PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
$(PYTHON_FOR_BUILD) -Wi -tt $(DESTDIR)$(LIBDEST)/compileall.py \
-d $(LIBDEST) -f \
-x 'bad_coding|badsyntax|site-packages|lib2to3/tests/data' \
$(DESTDIR)$(LIBDEST)
- PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
+ -PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
$(PYTHON_FOR_BUILD) -Wi -tt -O $(DESTDIR)$(LIBDEST)/compileall.py \
-d $(LIBDEST) -f \
-x 'bad_coding|badsyntax|site-packages|lib2to3/tests/data' \

23
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-2.7.5-re_unsigned_ptrdiff.patch vendored
View File

@ -1,23 +0,0 @@
https://bugs.gentoo.org/show_bug.cgi?id=476426
http://bugs.python.org/issue17998
diff -r d91da96a55bf Modules/_sre.c
--- a/Modules/_sre.c Thu May 16 22:47:47 2013 +0100
+++ b/Modules/_sre.c Fri May 17 21:02:48 2013 +0300
@@ -1028,7 +1028,7 @@
TRACE(("|%p|%p|REPEAT_ONE %d %d\n", ctx->pattern, ctx->ptr,
ctx->pattern[1], ctx->pattern[2]));
- if (ctx->pattern[1] > end - ctx->ptr)
+ if ((Py_ssize_t) ctx->pattern[1] > end - ctx->ptr)
RETURN_FAILURE; /* cannot match */
state->ptr = ctx->ptr;
@@ -1111,7 +1111,7 @@
TRACE(("|%p|%p|MIN_REPEAT_ONE %d %d\n", ctx->pattern, ctx->ptr,
ctx->pattern[1], ctx->pattern[2]));
- if (ctx->pattern[1] > end - ctx->ptr)
+ if ((Py_ssize_t) ctx->pattern[1] > end - ctx->ptr)
RETURN_FAILURE; /* cannot match */
state->ptr = ctx->ptr;

133
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-2.7.6-add_os_release_support.patch vendored
View File

@ -1,133 +0,0 @@
diff -r 12bf7fc1ba76 Lib/platform.py
--- a/Lib/platform.py Tue Oct 22 20:03:47 2013 +0100
+++ b/Lib/platform.py Sat Nov 02 22:56:46 2013 +0200
@@ -241,6 +241,8 @@
return distname,version,id
+_os_release_fields = re.compile(r'(?!#)(?P<key>.+)=(?P<quote>[\'\"]?)(?P<value>.+)(?P=quote)$')
+_os_release_unescape = re.compile(r'\\(?P<escaped>[\'\"\\])')
_release_filename = re.compile(r'(\w+)[-_](release|version)')
_lsb_release_version = re.compile(r'(.+)'
' release '
@@ -251,10 +253,13 @@
'([\d.]+)'
'[^(]*(?:\((.+)\))?')
+_UNIXCONFDIR = '/etc'
+
# See also http://www.novell.com/coolsolutions/feature/11251.html
# and http://linuxmafia.com/faq/Admin/release-files.html
# and http://data.linux-ntfs.org/rpm/whichrpm
# and http://www.die.net/doc/linux/man/man1/lsb_release.1.html
+# http://www.freedesktop.org/software/systemd/man/os-release.html
_supported_dists = (
'SuSE', 'debian', 'fedora', 'redhat', 'centos',
@@ -288,6 +293,20 @@
id = l[1]
return '', version, id
+def _parse_os_release():
+ try:
+ with open(os.path.join(_UNIXCONFDIR, 'os-release')) as f:
+ info = {}
+ for line in f:
+ m = re.match(_os_release_fields, line)
+ if m is not None:
+ key = m.group('key')
+ value = re.sub(_os_release_unescape, r'\g<escaped>', m.group('value'))
+ info[key] = value
+ return info
+ except OSError:
+ return None
+
def linux_distribution(distname='', version='', id='',
supported_dists=_supported_dists,
@@ -295,9 +314,9 @@
""" Tries to determine the name of the Linux OS distribution name.
- The function first looks for a distribution release file in
- /etc and then reverts to _dist_try_harder() in case no
- suitable files are found.
+ The function first checks for an /etc/os-release file, then
+ looks for a distribution release file in /etc and then reverts
+ to _dist_try_harder() in case no suitable files are found.
supported_dists may be given to define the set of Linux
distributions to look for. It defaults to a list of currently
@@ -316,7 +335,18 @@
etc = os.listdir('/etc')
except os.error:
# Probably not a Unix system
- return distname,version,id
+ return distname, version, id
+
+ os_release_info = _parse_os_release()
+ if os_release_info is not None:
+ if 'NAME' in os_release_info:
+ distname = "CoreOS"
+ if 'VERSION_ID' in os_release_info:
+ version = os_release_info['VERSION_ID']
+ if 'ID' in os_release_info:
+ id = os_release_info['ID']
+ return distname, version, id
+
etc.sort()
for file in etc:
m = _release_filename.match(file)
diff -r 12bf7fc1ba76 Lib/test/test_platform.py
--- a/Lib/test/test_platform.py Tue Oct 22 20:03:47 2013 +0100
+++ b/Lib/test/test_platform.py Sat Nov 02 22:56:46 2013 +0200
@@ -3,8 +3,10 @@
import unittest
import platform
import subprocess
+import tempfile
from test import test_support
+from unittest.mock import patch
class PlatformTest(unittest.TestCase):
def test_architecture(self):
@@ -257,6 +259,38 @@
):
self.assertEqual(platform._parse_release_file(input), output)
+ def test_parse_os_release(self):
+ # various os-release contents and expected output
+ expected = {
+ 'NAME=Fedora\nVERSION_ID="17"\nID=fedora': {
+ 'NAME': 'Fedora',
+ 'VERSION_ID': '17',
+ 'ID': 'fedora'
+ },
+ 'NAME="Aimée\\\'s "Distro""\nID=\'aiméesdistro\'\nVERSION_ID=1\n': {
+ 'NAME': "Aimée's \"Distro\"",
+ 'VERSION_ID': '1',
+ 'ID': 'aiméesdistro'
+ },
+ 'NAME="SchrödingerLinux"\n#Some comment here:)\n'
+ 'ID=schrödingerlinux\nVERSION_ID=3.21\nPRETTY_NAME="SchrödingerOS"': {
+ 'NAME': 'SchrödingerLinux',
+ 'VERSION_ID': '3.21',
+ 'ID': 'schrödingerlinux',
+ 'PRETTY_NAME': 'SchrödingerOS'
+ }
+ }
+ with tempfile.TemporaryDirectory() as d:
+ with patch('platform._UNIXCONFDIR', d):
+ # test that return value is None if /etc/os-release doesn't exist
+ self.assertEqual(platform._parse_os_release(), None)
+
+ # test behavior for inputs above
+ for input, output in expected.items():
+ with open(os.path.join(d, 'os-release'), mode='w', encoding='utf-8') as f:
+ f.write(input)
+ self.assertEqual(platform._parse_os_release(), output)
+
def test_main():
test_support.run_unittest(

51
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-3.2-CVE-2013-2099.patch vendored
View File

@ -1,51 +0,0 @@
# HG changeset patch
# User Antoine Pitrou <solipsis@pitrou.net>
# Date 1368892602 -7200
# Sat May 18 17:56:42 2013 +0200
# Branch 3.2
# Node ID b9b521efeba385af0142988899a55de1c1c805c7
# Parent 6255b40c6a6127933d8ea7a2b9de200f5a0e6154
Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -108,9 +108,16 @@
pass
-def _dnsname_to_pat(dn):
+def _dnsname_to_pat(dn, max_wildcards=1):
pats = []
for frag in dn.split(r'.'):
+ if frag.count('*') > max_wildcards:
+ # Issue #17980: avoid denials of service by refusing more
+ # than one wildcard per fragment. A survery of established
+ # policy among SSL implementations showed it to be a
+ # reasonable choice.
+ raise CertificateError(
+ "too many wildcards in certificate DNS name: " + repr(dn))
if frag == '*':
# When '*' is a fragment by itself, it matches a non-empty dotless
# fragment.
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -326,6 +326,17 @@
self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
+ # Issue #17980: avoid denials of service by refusing more than one
+ # wildcard per fragment.
+ cert = {'subject': ((('commonName', 'a*b.com'),),)}
+ ok(cert, 'axxb.com')
+ cert = {'subject': ((('commonName', 'a*b.co*'),),)}
+ ok(cert, 'axxb.com')
+ cert = {'subject': ((('commonName', 'a*b*.com'),),)}
+ with self.assertRaises(ssl.CertificateError) as cm:
+ ssl.match_hostname(cert, 'axxbxxc.com')
+ self.assertIn("too many wildcards", str(cm.exception))
+
def test_server_side(self):
# server_hostname doesn't work for server sockets
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

19
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-3.2-issue16248.patch vendored
View File

@ -1,19 +0,0 @@
# HG changeset patch
# User Georg Brandl <georg@python.org>
# Date 1379142489 -7200
# Node ID c18c18774e240377d47638fb23e8276c1ac2e606
# Parent b9b521efeba385af0142988899a55de1c1c805c7
Fix tkinter regression introduced by the security fix in #16248.
diff --git a/Lib/tkinter/__init__.py b/Lib/tkinter/__init__.py
--- a/Lib/tkinter/__init__.py
+++ b/Lib/tkinter/__init__.py
@@ -1722,7 +1722,7 @@ class Tk(Misc, Wm):
# ensure that self.tk is always _something_.
self.tk = None
if baseName is None:
- import sys, os
+ import os
baseName = os.path.basename(sys.argv[0])
baseName, ext = os.path.splitext(baseName)
if ext not in ('.py', '.pyc', '.pyo'):

51
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-3.3-CVE-2013-2099.patch vendored
View File

@ -1,51 +0,0 @@
# HG changeset patch
# User Antoine Pitrou <solipsis@pitrou.net>
# Date 1368892602 -7200
# Sat May 18 17:56:42 2013 +0200
# Branch 3.3
# Node ID c627638753e2d25a98950585b259104a025937a9
# Parent 9682241dc8fcb4b1aef083bd30860efa070c3d6d
Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -129,9 +129,16 @@
pass
-def _dnsname_to_pat(dn):
+def _dnsname_to_pat(dn, max_wildcards=1):
pats = []
for frag in dn.split(r'.'):
+ if frag.count('*') > max_wildcards:
+ # Issue #17980: avoid denials of service by refusing more
+ # than one wildcard per fragment. A survery of established
+ # policy among SSL implementations showed it to be a
+ # reasonable choice.
+ raise CertificateError(
+ "too many wildcards in certificate DNS name: " + repr(dn))
if frag == '*':
# When '*' is a fragment by itself, it matches a non-empty dotless
# fragment.
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -349,6 +349,17 @@
self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
+ # Issue #17980: avoid denials of service by refusing more than one
+ # wildcard per fragment.
+ cert = {'subject': ((('commonName', 'a*b.com'),),)}
+ ok(cert, 'axxb.com')
+ cert = {'subject': ((('commonName', 'a*b.co*'),),)}
+ ok(cert, 'axxb.com')
+ cert = {'subject': ((('commonName', 'a*b*.com'),),)}
+ with self.assertRaises(ssl.CertificateError) as cm:
+ ssl.match_hostname(cert, 'axxbxxc.com')
+ self.assertIn("too many wildcards", str(cm.exception))
+
def test_server_side(self):
# server_hostname doesn't work for server sockets
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

80
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-3.5-distutils-OO-build.patch vendored Normal file
View File

@ -0,0 +1,80 @@
From 90507018442f9adabb586fd3d0a0206b9c2f2f50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Date: Sun, 5 Jun 2016 08:18:01 +0200
Subject: [PATCH] distutils: make -OO enable both opt-1 and opt-2 optimization
Bug: http://bugs.python.org/issue27226
Bug: https://bugs.gentoo.org/585060
---
Lib/distutils/command/build_py.py | 8 ++++----
Lib/distutils/command/install_lib.py | 12 ++++++------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/Lib/distutils/command/build_py.py b/Lib/distutils/command/build_py.py
index cf0ca57..838d4e4 100644
--- a/Lib/distutils/command/build_py.py
+++ b/Lib/distutils/command/build_py.py
@@ -315,9 +315,9 @@ class build_py (Command):
if self.compile:
outputs.append(importlib.util.cache_from_source(
filename, optimization=''))
- if self.optimize > 0:
+ for opt in range(1, self.optimize + 1):
outputs.append(importlib.util.cache_from_source(
- filename, optimization=self.optimize))
+ filename, optimization=opt))
outputs += [
os.path.join(build_dir, filename)
@@ -387,8 +387,8 @@ class build_py (Command):
if self.compile:
byte_compile(files, optimize=0,
force=self.force, prefix=prefix, dry_run=self.dry_run)
- if self.optimize > 0:
- byte_compile(files, optimize=self.optimize,
+ for opt in range(1, self.optimize + 1):
+ byte_compile(files, optimize=opt,
force=self.force, prefix=prefix, dry_run=self.dry_run)
class build_py_2to3(build_py, Mixin2to3):
diff --git a/Lib/distutils/command/install_lib.py b/Lib/distutils/command/install_lib.py
index 6154cf0..049b662 100644
--- a/Lib/distutils/command/install_lib.py
+++ b/Lib/distutils/command/install_lib.py
@@ -24,8 +24,8 @@ class install_lib(Command):
# 2) compile .pyc only (--compile --no-optimize; default)
# 3) compile .pyc and "opt-1" .pyc (--compile --optimize)
# 4) compile "opt-1" .pyc only (--no-compile --optimize)
- # 5) compile .pyc and "opt-2" .pyc (--compile --optimize-more)
- # 6) compile "opt-2" .pyc only (--no-compile --optimize-more)
+ # 5) compile .pyc, "opt-1" and "opt-2" .pyc (--compile --optimize-more)
+ # 6) compile "opt-1" and "opt-2" .pyc (--no-compile --optimize-more)
#
# The UI for this is two options, 'compile' and 'optimize'.
# 'compile' is strictly boolean, and only decides whether to
@@ -132,8 +132,8 @@ class install_lib(Command):
byte_compile(files, optimize=0,
force=self.force, prefix=install_root,
dry_run=self.dry_run)
- if self.optimize > 0:
- byte_compile(files, optimize=self.optimize,
+ for opt in range(1, self.optimize + 1):
+ byte_compile(files, optimize=opt,
force=self.force, prefix=install_root,
verbose=self.verbose, dry_run=self.dry_run)
@@ -167,9 +167,9 @@ class install_lib(Command):
if self.compile:
bytecode_files.append(importlib.util.cache_from_source(
py_file, optimization=''))
- if self.optimize > 0:
+ for opt in range(1, self.optimize + 1):
bytecode_files.append(importlib.util.cache_from_source(
- py_file, optimization=self.optimize))
+ py_file, optimization=opt))
return bytecode_files
--
2.8.3

42
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-3.6.5-hash-unaligned.patch vendored Normal file
View File

@ -0,0 +1,42 @@
The hash implementation casts the input pointer to uint64_t* and directly reads
from this, which may cause unaligned accesses. Use memcpy() instead so this code
will not crash with SIGBUS on sparc.
--- a/Python/pyhash.c 2017-11-29 10:21:20.283094068 +0100
+++ b/Python/pyhash.c 2017-11-29 10:24:26.733087813 +0100
@@ -369,7 +369,7 @@
uint64_t k0 = _le64toh(_Py_HashSecret.siphash.k0);
uint64_t k1 = _le64toh(_Py_HashSecret.siphash.k1);
uint64_t b = (uint64_t)src_sz << 56;
- const uint64_t *in = (uint64_t*)src;
+ const uint8_t *in = (uint8_t*)src;
uint64_t v0 = k0 ^ 0x736f6d6570736575ULL;
uint64_t v1 = k1 ^ 0x646f72616e646f6dULL;
@@ -378,11 +378,13 @@
uint64_t t;
uint8_t *pt;
- uint8_t *m;
+ const uint8_t *m;
while (src_sz >= 8) {
- uint64_t mi = _le64toh(*in);
- in += 1;
- src_sz -= 8;
+ uint64_t mi;
+ memcpy(&mi, in, sizeof(mi));
+ mi = _le64toh(mi);
+ in += sizeof(mi);
+ src_sz -= sizeof(mi);
v3 ^= mi;
DOUBLE_ROUND(v0,v1,v2,v3);
@@ -391,7 +393,7 @@
t = 0;
pt = (uint8_t *)&t;
- m = (uint8_t *)in;
+ m = in;
switch (src_sz) {
case 7: pt[6] = m[6]; /* fall through */
case 6: pt[5] = m[5]; /* fall through */

114
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-3.6.5-libressl-compatibility.patch vendored Normal file
View File

@ -0,0 +1,114 @@
From 8d89a385b71a2e4cce0fba0cfc8d91b63485edc5 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Sat, 24 Mar 2018 18:38:14 +0100
Subject: [PATCH] [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0
(GH-6210) (GH-6214)
LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
LibreSSL < 2.7.
Documentation updates and fixes for failing tests will be provided in
another patch set.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1)
Co-authored-by: Christian Heimes <christian@python.org>
---
Lib/test/test_ssl.py | 1 +
.../2018-03-24-15-08-24.bpo-33127.olJmHv.rst | 1 +
Modules/_ssl.c | 24 ++++++++++++-------
Tools/ssl/multissltests.py | 3 ++-
4 files changed, 20 insertions(+), 9 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 8dd3b41450..9785a59a7e 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1687,6 +1687,7 @@ class SimpleBackgroundTests(unittest.TestCase):
self.assertEqual(len(ctx.get_ca_certs()), 1)
@needs_sni
+ @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"), "needs TLS 1.2")
def test_context_setget(self):
# Check that the context of a connected socket can be replaced.
ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
diff --git a/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst b/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
new file mode 100644
index 0000000000..635aabbde0
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
@@ -0,0 +1 @@
+The ssl module now compiles with LibreSSL 2.7.1.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index c54e43c2b4..5e007da858 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -106,6 +106,12 @@ struct py_ssl_library_code {
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
# define OPENSSL_VERSION_1_1 1
+# define PY_OPENSSL_1_1_API 1
+#endif
+
+/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
+# define PY_OPENSSL_1_1_API 1
#endif
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
@@ -152,16 +158,18 @@ struct py_ssl_library_code {
#define INVALID_SOCKET (-1)
#endif
-#ifdef OPENSSL_VERSION_1_1
-/* OpenSSL 1.1.0+ */
-#ifndef OPENSSL_NO_SSL2
-#define OPENSSL_NO_SSL2
-#endif
-#else /* OpenSSL < 1.1.0 */
-#if defined(WITH_THREAD)
+/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
+#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
#define HAVE_OPENSSL_CRYPTO_LOCK
#endif
+#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
+#define OPENSSL_NO_SSL2
+#endif
+
+#ifndef PY_OPENSSL_1_1_API
+/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
+
#define TLS_method SSLv23_method
#define TLS_client_method SSLv23_client_method
#define TLS_server_method SSLv23_server_method
@@ -227,7 +235,7 @@ SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
return s->tlsext_tick_lifetime_hint;
}
-#endif /* OpenSSL < 1.1.0 or LibreSSL */
+#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
enum py_ssl_error {
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index ce5bbd8530..ba4529ae06 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -57,8 +57,9 @@ LIBRESSL_OLD_VERSIONS = [
]
LIBRESSL_RECENT_VERSIONS = [
- "2.5.3",
"2.5.5",
+ "2.6.4",
+ "2.7.1",
]
# store files in ../multissl
--
2.17.0

58
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/files/python-config-2.4-r1 vendored
View File

@ -1,58 +0,0 @@
#! /usr/bin/python2.4
import sys
import os
import getopt
from distutils import sysconfig
valid_opts = ['prefix', 'exec-prefix', 'includes', 'libs', 'cflags',
'ldflags', 'help']
def exit_with_usage(code=1):
print >>sys.stderr, "Usage: %s [%s]" % (sys.argv[0],
'|'.join('--'+opt for opt in valid_opts))
sys.exit(code)
try:
opts, args = getopt.getopt(sys.argv[1:], '', valid_opts)
except getopt.error:
exit_with_usage()
if not opts:
#exit_with_usage()
#be compatible with our old python-config-2.4
import string
print "-lpython2.4 -lm -L/usr/lib/python2.4/config",string.join(string.split(sysconfig.get_config_var("MODLIBS")))
sys.exit(0)
opt = opts[0][0]
pyver = sysconfig.get_config_var('VERSION')
getvar = sysconfig.get_config_var
if opt == '--help':
exit_with_usage(0)
elif opt == '--prefix':
print sysconfig.PREFIX
elif opt == '--exec-prefix':
print sysconfig.EXEC_PREFIX
elif opt in ('--includes', '--cflags'):
flags = ['-I' + sysconfig.get_python_inc(),
'-I' + sysconfig.get_python_inc(plat_specific=True)]
if opt == '--cflags':
flags.extend(getvar('CFLAGS').split())
print ' '.join(flags)
elif opt in ('--libs', '--ldflags'):
libs = getvar('LIBS').split() + getvar('SYSLIBS').split()
libs.append('-lpython'+pyver)
# add the prefix/lib/pythonX.Y/config dir, but only if there is no
# shared library in prefix/lib/.
if opt == '--ldflags' and not getvar('Py_ENABLE_SHARED'):
libs.insert(0, '-L' + getvar('LIBPL'))
print ' '.join(libs)

161
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/python-oem-2.7.6-r3.ebuild vendored
View File

@ -1,161 +0,0 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.7.6.ebuild,v 1.8 2014/03/20 14:13:55 jer Exp $
EAPI="4"
WANT_AUTOMAKE="none"
WANT_LIBTOOL="none"
inherit autotools eutils flag-o-matic multilib pax-utils python-utils-r1 toolchain-funcs multiprocessing
MY_P="Python-${PV}"
PATCHSET_REVISION="1"
DESCRIPTION="An interpreted, interactive, object-oriented programming language"
HOMEPAGE="http://www.python.org/"
SRC_URI="http://www.python.org/ftp/python/${PV}/${MY_P}.tar.xz
mirror://gentoo/python-gentoo-patches-${PV}-${PATCHSET_REVISION}.tar.xz
http://dev.gentoo.org/~floppym/python/python-gentoo-patches-${PV}-${PATCHSET_REVISION}.tar.xz"
LICENSE="PSF-2"
SLOT="2.7"
KEYWORDS="~alpha amd64 ~arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
IUSE="hardened"
# Do not add a dependency on dev-lang/python to this ebuild.
# If you need to apply a patch which requires python for bootstrapping, please
# run the bootstrap code on your dev box and include the results in the
# patchset. See bug 447752.
RDEPEND=""
DEPEND="app-arch/bzip2
>=sys-libs/zlib-1.1.3
virtual/libintl
virtual/pkgconfig
>=sys-devel/autoconf-2.65
!sys-devel/gcc[libffi]"
S="${WORKDIR}/${MY_P}"
src_prepare() {
if tc-is-cross-compiler; then
local EPATCH_EXCLUDE="*_regenerate_platform-specific_modules.patch"
fi
EPATCH_SUFFIX="patch" epatch "${WORKDIR}/patches"
# Fix for cross-compiling.
epatch "${FILESDIR}/python-2.7.5-nonfatal-compileall.patch"
# Fix for linux_distribution()
epatch "${FILESDIR}/python-2.7.6-add_os_release_support.patch"
# Fix for arm64 builds
epatch "${FILESDIR}/python-2.7-aarch64-fix.patch"
sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" \
Lib/distutils/command/install.py \
Lib/distutils/sysconfig.py \
Lib/site.py \
Lib/sysconfig.py \
Lib/test/test_site.py \
Makefile.pre.in \
Modules/Setup.dist \
Modules/getpath.c \
setup.py || die "sed failed to replace @@GENTOO_LIBDIR@@"
epatch_user
eautoconf
eautoheader
}
src_configure() {
# Disable extraneous modules with extra dependencies.
export PYTHON_DISABLE_MODULES="dbm _bsddb gdbm _curses _curses_panel readline _sqlite3 _tkinter"
export PYTHON_DISABLE_SSL="1"
if [[ -n "${PYTHON_DISABLE_MODULES}" ]]; then
einfo "Disabled modules: ${PYTHON_DISABLE_MODULES}"
fi
if [[ "$(gcc-major-version)" -ge 4 ]]; then
append-flags -fwrapv
fi
filter-flags -malign-double
[[ "${ARCH}" == "alpha" ]] && append-flags -fPIC
# https://bugs.gentoo.org/show_bug.cgi?id=50309
if is-flagq -O3; then
is-flagq -fstack-protector-all && replace-flags -O3 -O2
use hardened && replace-flags -O3 -O2
fi
if tc-is-cross-compiler; then
# Force some tests that try to poke fs paths.
export ac_cv_file__dev_ptc=no
export ac_cv_file__dev_ptmx=yes
fi
# Export CXX so it ends up in /usr/lib/python2.X/config/Makefile.
tc-export CXX
# The configure script fails to use pkg-config correctly.
# http://bugs.python.org/issue15506
export ac_cv_path_PKG_CONFIG=$(tc-getPKG_CONFIG)
# Set LDFLAGS so we link modules with -lpython2.7 correctly.
# Needed on FreeBSD unless Python 2.7 is already installed.
# Please query BSD team before removing this!
append-ldflags "-L."
BUILD_DIR="${WORKDIR}/${CHOST}"
mkdir -p "${BUILD_DIR}" || die
cd "${BUILD_DIR}" || die
ECONF_SOURCE="${S}" OPT="" \
econf \
--prefix=/usr/share/oem/python \
--with-fpectl \
--disable-shared \
--enable-ipv6 \
--enable-threads \
--enable-unicode=ucs4 \
--includedir='/discard/include' \
--infodir='/discard/info' \
--mandir='/discard/man' \
--with-dbmliborder="" \
--with-libc="" \
--without-system-expat \
--without-system-ffi
}
src_compile() {
# Avoid invoking pgen for cross-compiles.
touch Include/graminit.h Python/graminit.c
cd "${BUILD_DIR}" || die
emake
}
src_install() {
local bindir=/usr/share/oem/python/bin
local libdir=/usr/share/oem/python/$(get_libdir)/python${SLOT}
cd "${BUILD_DIR}" || die
emake DESTDIR="${D}" altinstall
# create a simple versionless 'python' symlink
dosym "python${SLOT}" "${bindir}/python"
# Throw away headers and man/info pages and extra modules
rm -r "${D}/discard" \
"${D}${bindir}/"{idle,smtpd.py} \
"${D}${libdir}/"{bsddb,dbhash.py,test/test_bsddb*} \
"${D}${libdir}/"{idlelib,lib-tk} \
"${D}${libdir}/distutils/command/"wininst-*.exe \
"${D}${libdir}/test" \
"${D}${libdir}/sqlite3" \
|| die
}

161
sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/python-oem-3.6.5.ebuild vendored Normal file
View File

@ -0,0 +1,161 @@
# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
WANT_LIBTOOL="none"
inherit autotools flag-o-matic pax-utils python-utils-r1 toolchain-funcs
MY_P="Python-${PV}"
PATCHSET_VERSION="3.6.4"
DESCRIPTION="An interpreted, interactive, object-oriented programming language"
HOMEPAGE="https://www.python.org/"
SRC_URI="https://www.python.org/ftp/python/${PV}/${MY_P}.tar.xz
https://dev.gentoo.org/~floppym/python/python-gentoo-patches-${PATCHSET_VERSION}.tar.xz"
LICENSE="PSF-2"
SLOT="3.6/3.6m"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd"
IUSE="hardened"
# Do not add a dependency on dev-lang/python to this ebuild.
# If you need to apply a patch which requires python for bootstrapping, please
# run the bootstrap code on your dev box and include the results in the
# patchset. See bug 447752.
RDEPEND=""
DEPEND="app-arch/bzip2:0=
app-arch/xz-utils:0=
>=sys-libs/zlib-1.1.3:0=
virtual/libintl
!!<sys-apps/sandbox-2.6-r1
virtual/pkgconfig
!sys-devel/gcc[libffi(-)]"
S="${WORKDIR}/${MY_P}"
PYVER=${SLOT%/*}
src_prepare() {
# Ensure that internal copies of zlib are not used.
rm -fr Modules/zlib
local PATCHES=(
"${WORKDIR}/patches"
"${FILESDIR}/python-3.5-distutils-OO-build.patch"
"${FILESDIR}/3.6.5-disable-nis.patch"
"${FILESDIR}/python-3.6.5-libressl-compatibility.patch"
"${FILESDIR}/python-3.6.5-hash-unaligned.patch"
)
default
sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" \
Lib/distutils/command/install.py \
Lib/distutils/sysconfig.py \
Lib/site.py \
Lib/sysconfig.py \
Lib/test/test_site.py \
Makefile.pre.in \
Modules/Setup.dist \
Modules/getpath.c \
configure.ac \
setup.py || die "sed failed to replace @@GENTOO_LIBDIR@@"
eautoreconf
}
src_configure() {
local disable
disable+=" gdbm"
disable+=" _curses _curses_panel"
disable+=" readline"
disable+=" _sqlite3"
export PYTHON_DISABLE_SSL="1"
disable+=" _tkinter"
export PYTHON_DISABLE_MODULES="${disable}"
if [[ -n "${PYTHON_DISABLE_MODULES}" ]]; then
einfo "Disabled modules: ${PYTHON_DISABLE_MODULES}"
fi
if [[ "$(gcc-major-version)" -ge 4 ]]; then
append-flags -fwrapv
fi
filter-flags -malign-double
# https://bugs.gentoo.org/show_bug.cgi?id=50309
if is-flagq -O3; then
is-flagq -fstack-protector-all && replace-flags -O3 -O2
use hardened && replace-flags -O3 -O2
fi
if tc-is-cross-compiler; then
# Force some tests that try to poke fs paths.
export ac_cv_file__dev_ptc=no
export ac_cv_file__dev_ptmx=yes
fi
# Export CXX so it ends up in /usr/lib/python3.X/config/Makefile.
tc-export CXX
# Set LDFLAGS so we link modules with -lpython3.2 correctly.
# Needed on FreeBSD unless Python 3.2 is already installed.
# Please query BSD team before removing this!
append-ldflags "-L."
local dbmliborder
local myeconfargs=(
--prefix=/usr/share/oem/python
--with-fpectl
--disable-shared
--enable-ipv6
--with-threads
--includedir='/discard/include'
--infodir='/discard/info'
--mandir='/discard/man'
--with-computed-gotos
--with-dbmliborder="${dbmliborder}"
--with-libc=
--without-ensurepip
--without-system-expat
--without-system-ffi
)
OPT="" econf "${myeconfargs[@]}"
if grep -q "#define POSIX_SEMAPHORES_NOT_ENABLED 1" pyconfig.h; then
eerror "configure has detected that the sem_open function is broken."
eerror "Please ensure that /dev/shm is mounted as a tmpfs with mode 1777."
die "Broken sem_open function (bug 496328)"
fi
}
src_compile() {
# Ensure sed works as expected
# https://bugs.gentoo.org/594768
local -x LC_ALL=C
emake CPPFLAGS= CFLAGS= LDFLAGS=
}
src_install() {
local rawbindir=/usr/share/oem/python/bin
local bindir=${ED}${rawbindir}
local libdir=${ED}/usr/share/oem/python/$(get_libdir)/python${PYVER}
emake DESTDIR="${D}" altinstall
# create a simple versionless 'python' symlink
dosym "python${PYVER}" "${rawbindir}/python"
dosym "python${PYVER}" "${rawbindir}/python3"
rm -r "${libdir}/"{sqlite3,test/test_sqlite*} || die
rm -r "${bindir}/idle${PYVER}" "${libdir}/"{idlelib,tkinter,test/test_tk*} || die
rm "${libdir}/distutils/command/"wininst-*.exe || die
rm -r "${ED}/discard" || die
}

1
sdk_container/src/third_party/coreos-overlay/dev-python/distro-oem/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST distro-1.6.0.tar.gz 69377 BLAKE2B 69119c3acfc12327a55e8b16f4e183fe1b039e965a5432081d83c6e5d0f6367846c403eb34764f2436beec173d3ceaa5265e0e1e7d786d1008e84772426ef049 SHA512 1682a52e617ba440eb0fac28ed653dd3bbc53012e3dc81099d792f088d399c1a6aba62d638e7b50aad88de2cd0935579a0bdd29a9abb5aad9d0c68bd90311268

4
sdk_container/src/third_party/coreos-overlay/dev-python/distro-oem/README.md vendored Normal file
View File

@ -0,0 +1,4 @@
This package is a hacked-up way to install a distro module for oem
packages to use. It's meant to be used by dev-lang/python-oem, thus
not using any python-specific eclasses and whatnot, to avoid pulling
python dependency into the production image.

34
sdk_container/src/third_party/coreos-overlay/dev-python/distro-oem/distro-oem-1.6.0.ebuild vendored Normal file
View File

@ -0,0 +1,34 @@
# Copyright 2021 Microsoft Corporation
# Distributed under the terms of GNU General Public License v2
EAPI=7
MY_PN='distro'
MY_P="${MY_PN}-${PV}"
DESCRIPTION="OS platform information API"
HOMEPAGE="https://github.com/python-distro/distro"
SRC_URI="${HOMEPAGE}/releases/download/v${PV}/${MY_P}.tar.gz"
LICENSE="Apache-2.0"
KEYWORDS="amd64 arm64"
# Depending on specific version of python-oem allows us to notice when
# we update the major version of python and then to make sure that we
# install the package in correctly versioned site-packages directory.
DEP_PYVER="3.6"
SLOT="0"
RDEPEND="dev-lang/python-oem:${DEP_PYVER}"
S="${WORKDIR}/${MY_P}"
src_compile() {
# nothing to do
:
}
src_install() {
insinto "/usr/share/oem/python/$(get_libdir)/python${DEP_PYVER}/site-packages"
doins "${S}/distro.py"
}

4
sdk_container/src/third_party/coreos-overlay/dev-python/distro-oem/metadata.xml vendored Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
</pkgmetadata>