diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2019-11-20 22:33:33 +0100 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2019-11-20 22:33:33 +0100 |
| commit | eeb8c319eb825554607bbb26aea7de6574c4309a (patch) | |
| tree | a50bc1eb3bf0bd53adc5af726cc5ec81ced7f0de | |
| parent | dev-lang/python: add 3.3.5 (diff) | |
| download | python-eeb8c319eb825554607bbb26aea7de6574c4309a.tar.gz python-eeb8c319eb825554607bbb26aea7de6574c4309a.tar.bz2 python-eeb8c319eb825554607bbb26aea7de6574c4309a.zip | |
dev-lang/python: Import and fix 3.4.10
Signed-off-by: Michał Górny <mgorny@gentoo.org>
| -rw-r--r-- | dev-lang/python/Manifest | 2 | ||||
| -rw-r--r-- | dev-lang/python/files/3.4-getentropy-linux.patch | 40 | ||||
| -rw-r--r-- | dev-lang/python/files/3.6-disable-nis.patch | 21 | ||||
| -rw-r--r-- | dev-lang/python/files/python-3.4.10-openssl11.patch | 894 | ||||
| -rw-r--r-- | dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch | 13 | ||||
| -rw-r--r-- | dev-lang/python/files/python-3.4.5-cross.patch | 11 | ||||
| -rw-r--r-- | dev-lang/python/files/python-3.5.5-hash-unaligned.patch | 43 | ||||
| -rw-r--r-- | dev-lang/python/python-3.4.10.ebuild | 364 |
8 files changed, 1388 insertions, 0 deletions
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest index 38fe597..fe0d951 100644 --- a/dev-lang/python/Manifest +++ b/dev-lang/python/Manifest @@ -1,3 +1,5 @@ DIST Python-2.6.9.tar.xz 9333664 SHA256 cae7bb995006ea5b703d9d28446f694894c441fe4bfb95d561c0ac908cd06e41 SHA512 bcd9286b6af3bfa2017f0b32c6c0f9b934224ece496d2d897ab3a61a936d306a5f61a580c060ce501034a614da374d17831a9c9be9f947b01d977b56437c023b WHIRLPOOL 0b9feb710f0c5c8726522465f26ac6fa17e8f87c0e5cda4ef0b130e5d8e213d32aad0143e0ec909c677a7b515ed63ed9e9d50a33890f22068b820a5f15ba47fd DIST Python-3.2.6.tar.xz 9243292 SHA256 1d12b501819fd26afafbf8459be1aa279b56f032b4c15412de0a713ce0de7bdc SHA512 514b46029dd5b07f2d287a1f00c6716970197186a38e3f2e1ec60c2292cf03a2dc45165ba9c217e5219c7cb6d96a09f790f5b3bdcc8d11db53f927297fe4ddc9 WHIRLPOOL b34f215e0f50123c5b2969e615ffbab99b631433de8f13cbbca525bf57cbc1bb9a159fba02616b3772be9b249be3cec36d6fd1856a678880674b828eb4ab08ed DIST Python-3.3.5.tar.xz 12116308 SHA256 abe99b484434503d8b23be0f243ec27139e743a4798cd71c1dce3cf40e63b6e5 SHA512 562ebd85291f29ff18d37f05682763fc45aa9d070688006f4ef5c89392a48022357c3ca9ee1d795e9e863bdef413e6bab77b8d65581d374a76dbe7cacec65550 WHIRLPOOL f4b6010d32b28b7bb038cbb7c5f98d325cc4253fd1be9a0a1089ed6fd7dd414c5169931d21ef819137d5c1084517a650828f260cf2a1d8ce871bc67aeef3fff8 +DIST Python-3.4.10.tar.xz 14559088 SHA256 d46a8f6fe91679e199c671b1b0a30aaf172d2acb5bcab25beb35f16c3d195b4e SHA512 d5d27d68049b61f135e21b12a800dbd4fc521d6935de178de6e2e88a989cda511d3c8fead90d14e38d2db0e528a74b22674e0da01c51ff4fad7d335ec6c3dbbc WHIRLPOOL 84608931cd785eddd234d207be2caa273575067d7687a0ed05217e2f2ae410da684fcf5ed65cfa17dd8eda082844bb4067cdcb4a277ceb20845ffa9f3baa6f58 +DIST python-gentoo-patches-3.4.6-0.tar.xz 11728 SHA256 93e7c8487deefc36c612403fb6c82e495c46846a1952f9ed85f82af41840be4a SHA512 41c22dc8f1db8800fc0b97eed2b27bf1873e5de1369bd4aecf7a7a91e609a78e45a4b56fc89d575317f33a7704c0c1cad1494e8a993415a198f256e8338f49ab WHIRLPOOL 851945e7ccea985a88bcbd71bc404bc34c27a0e335386e9ed15fa9876aab3285ff559936fb2dcadf7ac0594a7cb03ac3a9e4135b67b350c5fdf33e9a44ca0654 diff --git a/dev-lang/python/files/3.4-getentropy-linux.patch b/dev-lang/python/files/3.4-getentropy-linux.patch new file mode 100644 index 0000000..9f12389 --- /dev/null +++ b/dev-lang/python/files/3.4-getentropy-linux.patch @@ -0,0 +1,40 @@ +From 5635d44079e1bbd9c495951ede8d078e7b8d67d5 Mon Sep 17 00:00:00 2001 +From: Victor Stinner <victor.stinner@gmail.com> +Date: Mon, 9 Jan 2017 11:10:41 +0100 +Subject: [PATCH] Don't use getentropy() on Linux + +Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but +read from /dev/urandom to get random bytes, for example in os.urandom(). On +Linux, getentropy() is implemented which getrandom() is blocking mode, whereas +os.urandom() should not block. +--- + Python/random.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/Python/random.c b/Python/random.c +index af3d0bd0d5..dc6400d3b8 100644 +--- a/Python/random.c ++++ b/Python/random.c +@@ -67,9 +67,16 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) + return 0; + } + +-/* Issue #25003: Don' use getentropy() on Solaris (available since +- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ +-#elif defined(HAVE_GETENTROPY) && !defined(sun) ++/* Issue #25003: Don't use getentropy() on Solaris (available since ++ Solaris 11.3), it is blocking whereas os.urandom() should not block. ++ ++ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 ++ implements it with the getrandom() syscall which can fail with ENOSYS, ++ and this error is not supported in py_getentropy() and getrandom() is called ++ with flags=0 which blocks until system urandom is initialized, which is not ++ the desired behaviour to seed the Python hash secret nor for os.urandom(): ++ see the PEP 524 which was only implemented in Python 3.6. */ ++#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) + #define PY_GETENTROPY 1 + + /* Fill buffer with size pseudo-random bytes generated by getentropy(). +-- +2.15.0.rc2 + diff --git a/dev-lang/python/files/3.6-disable-nis.patch b/dev-lang/python/files/3.6-disable-nis.patch new file mode 100644 index 0000000..4e81847 --- /dev/null +++ b/dev-lang/python/files/3.6-disable-nis.patch @@ -0,0 +1,21 @@ +--- a/setup.py ++++ b/setup.py +@@ -1332,17 +1332,7 @@ class PyBuildExt(build_ext): + # Jeremy Hylton's rlimit interface + exts.append( Extension('resource', ['resource.c']) ) + +- # Sun yellow pages. Some systems have the functions in libc. +- if (host_platform not in ['cygwin', 'qnx6'] and +- find_file('rpcsvc/yp_prot.h', inc_dirs, []) is not None): +- if (self.compiler.find_library_file(lib_dirs, 'nsl')): +- libs = ['nsl'] +- else: +- libs = [] +- exts.append( Extension('nis', ['nismodule.c'], +- libraries = libs) ) +- else: +- missing.append('nis') ++ missing.append('nis') + else: + missing.extend(['nis', 'resource', 'termios']) + diff --git a/dev-lang/python/files/python-3.4.10-openssl11.patch b/dev-lang/python/files/python-3.4.10-openssl11.patch new file mode 100644 index 0000000..f5fe537 --- /dev/null +++ b/dev-lang/python/files/python-3.4.10-openssl11.patch @@ -0,0 +1,894 @@ +From 9c7a4d7baebfa84c2fa2deff7417871d96f714f2 Mon Sep 17 00:00:00 2001 +From: Christian Heimes <christian@python.org> +Date: Mon, 5 Sep 2016 23:19:05 +0200 +Subject: [PATCH] Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. + +(rebased for 3.4.10) +--- + Lib/ssl.py | 15 ++-- + Lib/test/test_ssl.py | 27 +++--- + Modules/_hashopenssl.c | 167 +++++++++++++++++++++++-------------- + Modules/_ssl.c | 184 +++++++++++++++++++++++++++++++---------- + 4 files changed, 271 insertions(+), 122 deletions(-) + +diff --git a/Lib/ssl.py b/Lib/ssl.py +index 873aa4798b..359809a020 100644 +--- a/Lib/ssl.py ++++ b/Lib/ssl.py +@@ -51,6 +51,7 @@ The following constants identify various SSL protocol variants: + PROTOCOL_SSLv2 + PROTOCOL_SSLv3 + PROTOCOL_SSLv23 ++PROTOCOL_TLS + PROTOCOL_TLSv1 + PROTOCOL_TLSv1_1 + PROTOCOL_TLSv1_2 +@@ -348,13 +349,13 @@ class SSLContext(_SSLContext): + __slots__ = ('protocol', '__weakref__') + _windows_cert_stores = ("CA", "ROOT") + +- def __new__(cls, protocol, *args, **kwargs): ++ def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs): + self = _SSLContext.__new__(cls, protocol) + if protocol != _SSLv2_IF_EXISTS: + self.set_ciphers(_DEFAULT_CIPHERS) + return self + +- def __init__(self, protocol): ++ def __init__(self, protocol=PROTOCOL_TLS): + self.protocol = protocol + + def wrap_socket(self, sock, server_side=False, +@@ -408,7 +409,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, + if not isinstance(purpose, _ASN1Object): + raise TypeError(purpose) + +- context = SSLContext(PROTOCOL_SSLv23) ++ context = SSLContext(PROTOCOL_TLS) + + # SSLv2 considered harmful. + context.options |= OP_NO_SSLv2 +@@ -445,7 +446,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, + context.load_default_certs(purpose) + return context + +-def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None, ++def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None, + check_hostname=False, purpose=Purpose.SERVER_AUTH, + certfile=None, keyfile=None, + cafile=None, capath=None, cadata=None): +@@ -501,7 +502,7 @@ class SSLSocket(socket): + + def __init__(self, sock=None, keyfile=None, certfile=None, + server_side=False, cert_reqs=CERT_NONE, +- ssl_version=PROTOCOL_SSLv23, ca_certs=None, ++ ssl_version=PROTOCOL_TLS, ca_certs=None, + do_handshake_on_connect=True, + family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, + suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, +@@ -883,7 +884,7 @@ class SSLSocket(socket): + + def wrap_socket(sock, keyfile=None, certfile=None, + server_side=False, cert_reqs=CERT_NONE, +- ssl_version=PROTOCOL_SSLv23, ca_certs=None, ++ ssl_version=PROTOCOL_TLS, ca_certs=None, + do_handshake_on_connect=True, + suppress_ragged_eofs=True, + ciphers=None): +@@ -930,7 +931,7 @@ def PEM_cert_to_DER_cert(pem_cert_string): + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py +index e36a309bfa..b663a04aa2 100644 +--- a/Lib/test/test_ssl.py ++++ b/Lib/test/test_ssl.py +@@ -23,6 +23,9 @@ ssl = support.import_module("ssl") + + PROTOCOLS = sorted(ssl._PROTOCOL_NAMES) + HOST = support.HOST ++IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL') ++IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) ++ + + def data_file(*name): + return os.path.join(os.path.dirname(__file__), *name) +@@ -318,9 +321,9 @@ class BasicSocketTests(unittest.TestCase): + self.assertGreaterEqual(status, 0) + self.assertLessEqual(status, 15) + # Version string as returned by {Open,Libre}SSL, the format might change +- if "LibreSSL" in s: +- self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)), +- (s, t)) ++ if IS_LIBRESSL: ++ self.assertTrue(s.startswith("LibreSSL {:d}".format(major)), ++ (s, t, hex(n))) + else: + self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)), + (s, t)) +@@ -677,7 +680,8 @@ class ContextTests(unittest.TestCase): + def test_constructor(self): + for protocol in PROTOCOLS: + ssl.SSLContext(protocol) +- self.assertRaises(TypeError, ssl.SSLContext) ++ ctx = ssl.SSLContext() ++ self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS) + self.assertRaises(ValueError, ssl.SSLContext, -1) + self.assertRaises(ValueError, ssl.SSLContext, 42) + +@@ -698,15 +702,15 @@ class ContextTests(unittest.TestCase): + def test_options(self): + ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value +- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3, +- ctx.options) ++ default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3) ++ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0): ++ default |= ssl.OP_NO_COMPRESSION ++ self.assertEqual(default, ctx.options) + ctx.options |= ssl.OP_NO_TLSv1 +- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1, +- ctx.options) ++ self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options) + if can_clear_options(): +- ctx.options = (ctx.options & ~ssl.OP_NO_SSLv2) | ssl.OP_NO_TLSv1 +- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_TLSv1 | ssl.OP_NO_SSLv3, +- ctx.options) ++ ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1) ++ self.assertEqual(default, ctx.options) + ctx.options = 0 + # Ubuntu has OP_NO_SSLv3 forced on by default + self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3) +@@ -1042,6 +1046,7 @@ class ContextTests(unittest.TestCase): + self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH') + + @unittest.skipIf(sys.platform == "win32", "not-Windows specific") ++ @unittest.skipIf(IS_LIBRESSL, "LibreSSL doesn't support env vars") + def test_load_default_certs_env(self): + ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + with support.EnvironmentVarGuard() as env: +diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c +index 5b0a7be12b..86a8950588 100644 +--- a/Modules/_hashopenssl.c ++++ b/Modules/_hashopenssl.c +@@ -20,7 +20,6 @@ + + /* EVP is the preferred interface to hashing in OpenSSL */ + #include <openssl/evp.h> +-#include <openssl/hmac.h> + /* We use the object interface to discover what hashes OpenSSL supports. */ + #include <openssl/objects.h> + #include "openssl/err.h" +@@ -31,15 +30,22 @@ + #define HASH_OBJ_CONSTRUCTOR 0 + #endif + +-/* Minimum OpenSSL version needed to support sha224 and higher. */ +-#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x00908000) +-#define _OPENSSL_SUPPORTS_SHA2 ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) ++/* OpenSSL < 1.1.0 */ ++#define EVP_MD_CTX_new EVP_MD_CTX_create ++#define EVP_MD_CTX_free EVP_MD_CTX_destroy ++#define HAS_FAST_PKCS5_PBKDF2_HMAC 0 ++#include <openssl/hmac.h> ++#else ++/* OpenSSL >= 1.1.0 */ ++#define HAS_FAST_PKCS5_PBKDF2_HMAC 1 + #endif + ++ + typedef struct { + PyObject_HEAD + PyObject *name; /* name of this hash algorithm */ +- EVP_MD_CTX ctx; /* OpenSSL message digest context */ ++ EVP_MD_CTX *ctx; /* OpenSSL message digest context */ + #ifdef WITH_THREAD + PyThread_type_lock lock; /* OpenSSL context lock */ + #endif +@@ -51,7 +57,6 @@ static PyTypeObject EVPtype; + + #define DEFINE_CONSTS_FOR_NEW(Name) \ + static PyObject *CONST_ ## Name ## _name_obj = NULL; \ +- static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \ + static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; + + DEFINE_CONSTS_FOR_NEW(md5) +@@ -64,19 +69,57 @@ DEFINE_CONSTS_FOR_NEW(sha512) + #endif + + ++/* LCOV_EXCL_START */ ++static PyObject * ++_setException(PyObject *exc) ++{ ++ unsigned long errcode; ++ const char *lib, *func, *reason; ++ ++ errcode = ERR_peek_last_error(); ++ if (!errcode) { ++ PyErr_SetString(exc, "unknown reasons"); ++ return NULL; ++ } ++ ERR_clear_error(); ++ ++ lib = ERR_lib_error_string(errcode); ++ func = ERR_func_error_string(errcode); ++ reason = ERR_reason_error_string(errcode); ++ ++ if (lib && func) { ++ PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); ++ } ++ else if (lib) { ++ PyErr_Format(exc, "[%s] %s", lib, reason); ++ } ++ else { ++ PyErr_SetString(exc, reason); ++ } ++ return NULL; ++} ++/* LCOV_EXCL_STOP */ ++ + static EVPobject * + newEVPobject(PyObject *name) + { + EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); ++ if (retval == NULL) { ++ return NULL; ++ } ++ ++ retval->ctx = EVP_MD_CTX_new(); ++ if (retval->ctx == NULL) { ++ PyErr_NoMemory(); ++ return NULL; ++ } + + /* save the name for .name to return */ +- if (retval != NULL) { +- Py_INCREF(name); +- retval->name = name; ++ Py_INCREF(name); ++ retval->name = name; + #ifdef WITH_THREAD +- retval->lock = NULL; ++ retval->lock = NULL; + #endif +- } + + return retval; + } +@@ -91,7 +134,7 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) + process = MUNCH_SIZE; + else + process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); +- EVP_DigestUpdate(&self->ctx, (const void*)cp, process); ++ EVP_DigestUpdate(self->ctx, (const void*)cp, process); + len -= process; + cp += process; + } +@@ -106,16 +149,19 @@ EVP_dealloc(EVPobject *self) + if (self->lock != NULL) + PyThread_free_lock(self->lock); + #endif +- EVP_MD_CTX_cleanup(&self->ctx); ++ EVP_MD_CTX_free(self->ctx); + Py_XDECREF(self->name); + PyObject_Del(self); + } + +-static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) ++static int ++locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) + { ++ int result; + ENTER_HASHLIB(self); +- EVP_MD_CTX_copy(new_ctx_p, &self->ctx); ++ result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); + LEAVE_HASHLIB(self); ++ return result; + } + + /* External methods for a hash object */ +@@ -131,7 +177,9 @@ EVP_copy(EVPobject *self, PyObject *unused) + if ( (newobj = newEVPobject(self->name))==NULL) + return NULL; + +- locked_EVP_MD_CTX_copy(&newobj->ctx, self); ++ if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { ++ return _setException(PyExc_ValueError); ++ } + return (PyObject *)newobj; + } + +@@ -142,16 +190,24 @@ static PyObject * + EVP_digest(EVPobject *self, PyObject *unused) + { + unsigned char digest[EVP_MAX_MD_SIZE]; +- EVP_MD_CTX temp_ctx; ++ EVP_MD_CTX *temp_ctx; + PyObject *retval; + unsigned int digest_size; + +- locked_EVP_MD_CTX_copy(&temp_ctx, self); +- digest_size = EVP_MD_CTX_size(&temp_ctx); +- EVP_DigestFinal(&temp_ctx, digest, NULL); ++ temp_ctx = EVP_MD_CTX_new(); ++ if (temp_ctx == NULL) { ++ PyErr_NoMemory(); ++ return NULL; ++ } ++ ++ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { ++ return _setException(PyExc_ValueError); ++ } ++ digest_size = EVP_MD_CTX_size(temp_ctx); ++ EVP_DigestFinal(temp_ctx, digest, NULL); + + retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); +- EVP_MD_CTX_cleanup(&temp_ctx); ++ EVP_MD_CTX_free(temp_ctx); + return retval; + } + +@@ -162,17 +218,25 @@ static PyObject * + EVP_hexdigest(EVPobject *self, PyObject *unused) + { + unsigned char digest[EVP_MAX_MD_SIZE]; +- EVP_MD_CTX temp_ctx; ++ EVP_MD_CTX *temp_ctx; + PyObject *retval; + char *hex_digest; + unsigned int i, j, digest_size; + ++ temp_ctx = EVP_MD_CTX_new(); ++ if (temp_ctx == NULL) { ++ PyErr_NoMemory(); ++ return NULL; ++ } ++ + /* Get the raw (binary) digest value */ +- locked_EVP_MD_CTX_copy(&temp_ctx, self); +- digest_size = EVP_MD_CTX_size(&temp_ctx); +- EVP_DigestFinal(&temp_ctx, digest, NULL); ++ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { ++ return _setException(PyExc_ValueError); ++ } ++ digest_size = EVP_MD_CTX_size(temp_ctx); ++ EVP_DigestFinal(temp_ctx, digest, NULL); + +- EVP_MD_CTX_cleanup(&temp_ctx); ++ EVP_MD_CTX_free(temp_ctx); + + /* Allocate a new buffer */ + hex_digest = PyMem_Malloc(digest_size * 2 + 1); +@@ -241,7 +305,7 @@ static PyObject * + EVP_get_block_size(EVPobject *self, void *closure) + { + long block_size; +- block_size = EVP_MD_CTX_block_size(&self->ctx); ++ block_size = EVP_MD_CTX_block_size(self->ctx); + return PyLong_FromLong(block_size); + } + +@@ -249,7 +313,7 @@ static PyObject * + EVP_get_digest_size(EVPobject *self, void *closure) + { + long size; +- size = EVP_MD_CTX_size(&self->ctx); ++ size = EVP_MD_CTX_size(self->ctx); + return PyLong_FromLong(size); + } + +@@ -310,7 +374,7 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) + PyBuffer_Release(&view); + return -1; + } +- EVP_DigestInit(&self->ctx, digest); ++ EVP_DigestInit(self->ctx, digest); + + self->name = name_obj; + Py_INCREF(self->name); +@@ -407,9 +471,9 @@ EVPnew(PyObject *name_obj, + return NULL; + + if (initial_ctx) { +- EVP_MD_CTX_copy(&self->ctx, initial_ctx); ++ EVP_MD_CTX_copy(self->ctx, initial_ctx); + } else { +- EVP_DigestInit(&self->ctx, digest); ++ EVP_DigestInit(self->ctx, digest); + } + + if (cp && len) { +@@ -475,6 +539,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) + + #define PY_PBKDF2_HMAC 1 + ++#if !HAS_FAST_PKCS5_PBKDF2_HMAC + /* Improved implementation of PKCS5_PBKDF2_HMAC() + * + * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of +@@ -556,37 +621,8 @@ PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen, + HMAC_CTX_cleanup(&hctx_tpl); + return 1; + } ++#endif + +-/* LCOV_EXCL_START */ +-static PyObject * +-_setException(PyObject *exc) +-{ +- unsigned long errcode; +- const char *lib, *func, *reason; +- +- errcode = ERR_peek_last_error(); +- if (!errcode) { +- PyErr_SetString(exc, "unknown reasons"); +- return NULL; +- } +- ERR_clear_error(); +- +- lib = ERR_lib_error_string(errcode); +- func = ERR_func_error_string(errcode); +- reason = ERR_reason_error_string(errcode); +- +- if (lib && func) { +- PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); +- } +- else if (lib) { +- PyErr_Format(exc, "[%s] %s", lib, reason); +- } +- else { +- PyErr_SetString(exc, reason); +- } +- return NULL; +-} +-/* LCOV_EXCL_STOP */ + + PyDoc_STRVAR(pbkdf2_hmac__doc__, + "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ +@@ -668,10 +704,17 @@ pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict) + key = PyBytes_AS_STRING(key_obj); + + Py_BEGIN_ALLOW_THREADS ++#if HAS_FAST_PKCS5_PBKDF2_HMAC ++ retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, ++ (unsigned char *)salt.buf, (int)salt.len, ++ iterations, digest, dklen, ++ (unsigned char *)key); ++#else + retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, + (unsigned char *)salt.buf, (int)salt.len, + iterations, digest, dklen, + (unsigned char *)key); ++#endif + Py_END_ALLOW_THREADS + + if (!retval) { +@@ -790,7 +833,7 @@ generate_hash_name_list(void) + if (CONST_ ## NAME ## _name_obj == NULL) { \ + CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \ + if (EVP_get_digestbyname(#NAME)) { \ +- CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \ ++ CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \ + EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \ + } \ + } \ +diff --git a/Modules/_ssl.c b/Modules/_ssl.c +index 0ff9d553e2..512e5f10ce 100644 +--- a/Modules/_ssl.c ++++ b/Modules/_ssl.c +@@ -55,6 +55,14 @@ static PySocketModule_APIObject PySocketModule; + #include <sys/poll.h> + #endif + ++/* Don't warn about deprecated functions */ ++#ifdef __GNUC__ ++#pragma GCC diagnostic ignored "-Wdeprecated-declarations" ++#endif ++#ifdef __clang__ ++#pragma clang diagnostic ignored "-Wdeprecated-declarations" ++#endif ++ + /* Include OpenSSL header files */ + #include "openssl/rsa.h" + #include "openssl/crypto.h" +@@ -90,6 +98,10 @@ struct py_ssl_library_code { + /* Include generated data (error codes) */ + #include "_ssl_data.h" + ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) ++# define OPENSSL_VERSION_1_1 1 ++#endif ++ + /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 + http://www.openssl.org/news/changelog.html + */ +@@ -108,6 +120,80 @@ struct py_ssl_library_code { + # define HAVE_SNI 0 + #endif + ++#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation ++# define HAVE_ALPN ++#endif ++ ++#ifndef INVALID_SOCKET /* MS defines this */ ++#define INVALID_SOCKET (-1) ++#endif ++ ++#ifdef OPENSSL_VERSION_1_1 ++/* OpenSSL 1.1.0+ */ ++#ifndef OPENSSL_NO_SSL2 ++#define OPENSSL_NO_SSL2 ++#endif ++#else /* OpenSSL < 1.1.0 */ ++#if defined(WITH_THREAD) ++#define HAVE_OPENSSL_CRYPTO_LOCK ++#endif ++ ++#define TLS_method SSLv23_method ++ ++static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) ++{ ++ return ne->set; ++} ++ ++#ifndef OPENSSL_NO_COMP ++static int COMP_get_type(const COMP_METHOD *meth) ++{ ++ return meth->type; ++} ++ ++static const char *COMP_get_name(const COMP_METHOD *meth) ++{ ++ return meth->name; ++} ++#endif ++ ++static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) ++{ ++ return ctx->default_passwd_callback; ++} ++ ++static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) ++{ ++ return ctx->default_passwd_callback_userdata; ++} ++ ++static int X509_OBJECT_get_type(X509_OBJECT *x) ++{ ++ return x->type; ++} ++ ++static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) ++{ ++ return x->data.x509; ++} ++ ++static int BIO_up_ref(BIO *b) ++{ ++ CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO); ++ return 1; ++} ++ ++static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) { ++ return store->objs; ++} ++ ++static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) ++{ ++ return store->param; ++} ++#endif /* OpenSSL < 1.1.0 or LibreSSL */ ++ ++ + enum py_ssl_error { + /* these mirror ssl.h */ + PY_SSL_ERROR_NONE, +@@ -138,7 +224,7 @@ enum py_ssl_cert_requirements { + enum py_ssl_version { + PY_SSL_VERSION_SSL2, + PY_SSL_VERSION_SSL3=1, +- PY_SSL_VERSION_SSL23, ++ PY_SSL_VERSION_TLS, + #if HAVE_TLSv1_2 + PY_SSL_VERSION_TLS1, + PY_SSL_VERSION_TLS1_1, +@@ -504,7 +590,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, + PySSL_BEGIN_ALLOW_THREADS + self->ssl = SSL_new(ctx); + PySSL_END_ALLOW_THREADS +- SSL_set_app_data(self->ssl,self); ++ SSL_set_app_data(self->ssl, self); + SSL_set_fd(self->ssl, Py_SAFE_DOWNCAST(sock->sock_fd, SOCKET_T, int)); + mode = SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; + #ifdef SSL_MODE_AUTO_RETRY +@@ -691,7 +777,7 @@ _create_tuple_for_X509_NAME (X509_NAME *xname) + + /* check to see if we've gotten to a new RDN */ + if (rdn_level >= 0) { +- if (rdn_level != entry->set) { ++ if (rdn_level != X509_NAME_ENTRY_set(entry)) { + /* yes, new RDN */ + /* add old RDN to DN */ + rdnt = PyList_AsTuple(rdn); +@@ -708,7 +794,7 @@ _create_tuple_for_X509_NAME (X509_NAME *xname) + goto fail0; + } + } +- rdn_level = entry->set; ++ rdn_level = X509_NAME_ENTRY_set(entry); + + /* now add this attribute to the current RDN */ + name = X509_NAME_ENTRY_get_object(entry); +@@ -811,18 +897,18 @@ _get_peer_alt_names (X509 *certificate) { + goto fail; + } + +- p = ext->value->data; ++ p = X509_EXTENSION_get_data(ext)->data; + if (method->it) + names = (GENERAL_NAMES*) + (ASN1_item_d2i(NULL, + &p, +- ext->value->length, ++ X509_EXTENSION_get_data(ext)->length, + ASN1_ITEM_ptr(method->it))); + else + names = (GENERAL_NAMES*) + (method->d2i(NULL, + &p, +- ext->value->length)); ++ X509_EXTENSION_get_data(ext)->length)); + + for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { + /* get a rendering of each name in the set of names */ +@@ -1033,13 +1119,11 @@ _get_crl_dp(X509 *certificate) { + int i, j; + PyObject *lst, *res = NULL; + +-#if OPENSSL_VERSION_NUMBER < 0x10001000L +- dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); +-#else ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L + /* Calls x509v3_cache_extensions and sets up crldp */ + X509_check_ca(certificate); +- dps = certificate->crldp; + #endif ++ dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); + + if (dps == NULL) + return Py_None; +@@ -1431,9 +1515,9 @@ static PyObject *PySSL_compression(PySSLSocket *self) { + if (self->ssl == NULL) + Py_RETURN_NONE; + comp_method = SSL_get_current_compression(self->ssl); +- if (comp_method == NULL || comp_method->type == NID_undef) ++ if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef) + Py_RETURN_NONE; +- short_name = OBJ_nid2sn(comp_method->type); ++ short_name = COMP_get_name(comp_method); + if (short_name == NULL) + Py_RETURN_NONE; + return PyUnicode_DecodeFSDefault(short_name); +@@ -1981,7 +2065,7 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) + { + char *kwlist[] = {"protocol", NULL}; + PySSLContext *self; +- int proto_version = PY_SSL_VERSION_SSL23; ++ int proto_version = PY_SSL_VERSION_TLS; + long options; + SSL_CTX *ctx = NULL; + +@@ -2007,8 +2091,8 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); + #endif +- else if (proto_version == PY_SSL_VERSION_SSL23) +- ctx = SSL_CTX_new(SSLv23_method()); ++ else if (proto_version == PY_SSL_VERSION_TLS) ++ ctx = SSL_CTX_new(TLS_method()); + else + proto_version = -1; + PySSL_END_ALLOW_THREADS +@@ -2051,8 +2135,9 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) + #ifndef OPENSSL_NO_ECDH + /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use + prime256v1 by default. This is Apache mod_ssl's initialization +- policy, so we should be safe. */ +-#if defined(SSL_CTX_set_ecdh_auto) ++ policy, so we should be safe. OpenSSL 1.1 has it enabled by default. ++ */ ++#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1) + SSL_CTX_set_ecdh_auto(self->ctx, 1); + #else + { +@@ -2263,10 +2348,12 @@ static PyObject * + get_verify_flags(PySSLContext *self, void *c) + { + X509_STORE *store; ++ X509_VERIFY_PARAM *param; + unsigned long flags; + + store = SSL_CTX_get_cert_store(self->ctx); +- flags = X509_VERIFY_PARAM_get_flags(store->param); ++ param = X509_STORE_get0_param(store); ++ flags = X509_VERIFY_PARAM_get_flags(param); + return PyLong_FromUnsignedLong(flags); + } + +@@ -2274,22 +2361,24 @@ static int + set_verify_flags(PySSLContext *self, PyObject *arg, void *c) + { + X509_STORE *store; ++ X509_VERIFY_PARAM *param; + unsigned long new_flags, flags, set, clear; + + if (!PyArg_Parse(arg, "k", &new_flags)) + return -1; + store = SSL_CTX_get_cert_store(self->ctx); +- flags = X509_VERIFY_PARAM_get_flags(store->param); ++ param = X509_STORE_get0_param(store); ++ flags = X509_VERIFY_PARAM_get_flags(param); + clear = flags & ~new_flags; + set = ~flags & new_flags; + if (clear) { +- if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) { ++ if (!X509_VERIFY_PARAM_clear_flags(param, clear)) { + _setSSLError(NULL, 0, __FILE__, __LINE__); + return -1; + } + } + if (set) { +- if (!X509_VERIFY_PARAM_set_flags(store->param, set)) { ++ if (!X509_VERIFY_PARAM_set_flags(param, set)) { + _setSSLError(NULL, 0, __FILE__, __LINE__); + return -1; + } +@@ -2459,8 +2548,8 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds) + char *kwlist[] = {"certfile", "keyfile", "password", NULL}; + PyObject *certfile, *keyfile = NULL, *password = NULL; + PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL; +- pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback; +- void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata; ++ pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx); ++ void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx); + _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 }; + int r; + +@@ -2591,8 +2680,9 @@ _add_ca_certs(PySSLContext *self, void *data, Py_ssize_t len, + cert = d2i_X509_bio(biobuf, NULL); + } else { + cert = PEM_read_bio_X509(biobuf, NULL, +- self->ctx->default_passwd_callback, +- self->ctx->default_passwd_callback_userdata); ++ SSL_CTX_get_default_passwd_cb(self->ctx), ++ SSL_CTX_get_default_passwd_cb_userdata(self->ctx) ++ ); + } + if (cert == NULL) { + break; +@@ -3040,25 +3130,24 @@ static PyObject * + cert_store_stats(PySSLContext *self) + { + X509_STORE *store; ++ STACK_OF(X509_OBJECT) *objs; + X509_OBJECT *obj; +- int x509 = 0, crl = 0, pkey = 0, ca = 0, i; ++ int x509 = 0, crl = 0, ca = 0, i; + + store = SSL_CTX_get_cert_store(self->ctx); +- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { +- obj = sk_X509_OBJECT_value(store->objs, i); +- switch (obj->type) { ++ objs = X509_STORE_get0_objects(store); ++ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { ++ obj = sk_X509_OBJECT_value(objs, i); ++ switch (X509_OBJECT_get_type(obj)) { + case X509_LU_X509: + x509++; +- if (X509_check_ca(obj->data.x509)) { ++ if (X509_check_ca(X509_OBJECT_get0_X509(obj))) { + ca++; + } + break; + case X509_LU_CRL: + crl++; + break; +- case X509_LU_PKEY: +- pkey++; +- break; + default: + /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY. + * As far as I can tell they are internal states and never +@@ -3083,6 +3172,7 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds) + { + char *kwlist[] = {"binary_form", NULL}; + X509_STORE *store; ++ STACK_OF(X509_OBJECT) *objs; + PyObject *ci = NULL, *rlist = NULL; + int i; + int binary_mode = 0; +@@ -3097,17 +3187,18 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds) + } + + store = SSL_CTX_get_cert_store(self->ctx); +- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { ++ objs = X509_STORE_get0_objects(store); ++ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { + X509_OBJECT *obj; + X509 *cert; + +- obj = sk_X509_OBJECT_value(store->objs, i); +- if (obj->type != X509_LU_X509) { ++ obj = sk_X509_OBJECT_value(objs, i); ++ if (X509_OBJECT_get_type(obj) != X509_LU_X509) { + /* not a x509 cert */ + continue; + } + /* CA for any purpose */ +- cert = obj->data.x509; ++ cert = X509_OBJECT_get0_X509(obj); + if (!X509_check_ca(cert)) { + continue; + } +@@ -3780,10 +3871,12 @@ static PyMethodDef PySSL_methods[] = { + }; + + +-#ifdef WITH_THREAD ++#ifdef HAVE_OPENSSL_CRYPTO_LOCK + + /* an implementation of OpenSSL threading operations in terms +- of the Python C thread library */ ++ * of the Python C thread library ++ * Only used up to 1.0.2. OpenSSL 1.1.0+ has its own locking code. ++ */ + + static PyThread_type_lock *_ssl_locks = NULL; + +@@ -3864,7 +3957,7 @@ static int _setup_ssl_threads(void) { + return 1; + } + +-#endif /* def HAVE_THREAD */ ++#endif /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */ + + PyDoc_STRVAR(module_doc, + "Implementation module for SSL socket operations. See the socket module\n\ +@@ -3931,11 +4024,16 @@ PyInit__ssl(void) + SSL_load_error_strings(); + SSL_library_init(); + #ifdef WITH_THREAD ++#ifdef HAVE_OPENSSL_CRYPTO_LOCK + /* note that this will start threading if not already started */ + if (!_setup_ssl_threads()) { + return NULL; + } ++#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS) ++ /* OpenSSL 1.1.0 builtin thread support is enabled */ ++ _ssl_locks_count++; + #endif ++#endif /* WITH_THREAD */ + OpenSSL_add_all_algorithms(); + + /* Add symbols to module dict */ +@@ -4079,7 +4177,9 @@ PyInit__ssl(void) + PY_SSL_VERSION_SSL3); + #endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", +- PY_SSL_VERSION_SSL23); ++ PY_SSL_VERSION_TLS); ++ PyModule_AddIntConstant(m, "PROTOCOL_TLS", ++ PY_SSL_VERSION_TLS); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", + PY_SSL_VERSION_TLS1); + #if HAVE_TLSv1_2 +-- +2.24.0 + diff --git a/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch b/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch new file mode 100644 index 0000000..8bfad11 --- /dev/null +++ b/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch @@ -0,0 +1,13 @@ +do not hardcode /usr/include paths + +--- a/configure.ac ++++ b/configure.ac +@@ -4402,7 +4402,7 @@ fi + + # first curses header check + ac_save_cppflags="$CPPFLAGS" +-CPPFLAGS="$CPPFLAGS -I/usr/include/ncursesw" ++CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags ncursesw`" + + AC_CHECK_HEADERS(curses.h ncurses.h) + diff --git a/dev-lang/python/files/python-3.4.5-cross.patch b/dev-lang/python/files/python-3.4.5-cross.patch new file mode 100644 index 0000000..7a016ff --- /dev/null +++ b/dev-lang/python/files/python-3.4.5-cross.patch @@ -0,0 +1,11 @@ +--- a/Lib/distutils/command/build_ext.py ++++ b/Lib/distutils/command/build_ext.py +@@ -729,7 +729,7 @@ + if sysconfig.get_config_var('Py_ENABLE_SHARED'): + pythonlib = 'python{}.{}{}'.format( + sys.hexversion >> 24, (sys.hexversion >> 16) & 0xff, +- sys.abiflags) ++ sysconfig.get_config_var('ABIFLAGS')) + return ext.libraries + [pythonlib] + else: + return ext.libraries diff --git a/dev-lang/python/files/python-3.5.5-hash-unaligned.patch b/dev-lang/python/files/python-3.5.5-hash-unaligned.patch new file mode 100644 index 0000000..c418f40 --- /dev/null +++ b/dev-lang/python/files/python-3.5.5-hash-unaligned.patch @@ -0,0 +1,43 @@ +The hash implementation casts the input pointer to uint64_t* and directly reads +from this, which may cause unaligned accesses. Use memcpy() instead so this code +will not crash with SIGBUS on sparc. + +--- a/Python/pyhash.c 2017-11-29 10:21:20.283094068 +0100 ++++ b/Python/pyhash.c 2017-11-29 10:24:26.733087813 +0100 +@@ -372,7 +372,7 @@ siphash24(const void *src, Py_ssize_t sr + PY_UINT64_T k0 = _le64toh(_Py_HashSecret.siphash.k0); + PY_UINT64_T k1 = _le64toh(_Py_HashSecret.siphash.k1); + PY_UINT64_T b = (PY_UINT64_T)src_sz << 56; +- const PY_UINT64_T *in = (PY_UINT64_T*)src; ++ const PY_UINT8_T *in = (PY_UINT8_T*)src; + + PY_UINT64_T v0 = k0 ^ 0x736f6d6570736575ULL; + PY_UINT64_T v1 = k1 ^ 0x646f72616e646f6dULL; +@@ -381,12 +381,14 @@ siphash24(const void *src, Py_ssize_t sr + + PY_UINT64_T t; + PY_UINT8_T *pt; +- PY_UINT8_T *m; ++ const PY_UINT8_T *m; + + while (src_sz >= 8) { +- PY_UINT64_T mi = _le64toh(*in); +- in += 1; +- src_sz -= 8; ++ PY_UINT64_T mi; ++ memcpy(&mi, in, sizeof(mi)); ++ mi = _le64toh(mi); ++ in += sizeof(mi); ++ src_sz -= sizeof(mi); + v3 ^= mi; + DOUBLE_ROUND(v0,v1,v2,v3); + v0 ^= mi; +@@ -394,7 +396,7 @@ siphash24(const void *src, Py_ssize_t sr + + t = 0; + pt = (PY_UINT8_T *)&t; +- m = (PY_UINT8_T *)in; ++ m = in; + switch (src_sz) { + case 7: pt[6] = m[6]; + case 6: pt[5] = m[5]; diff --git a/dev-lang/python/python-3.4.10.ebuild b/dev-lang/python/python-3.4.10.ebuild new file mode 100644 index 0000000..10d6002 --- /dev/null +++ b/dev-lang/python/python-3.4.10.ebuild @@ -0,0 +1,364 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +WANT_LIBTOOL="none" + +inherit autotools eutils flag-o-matic multilib pax-utils python-utils-r1 toolchain-funcs multiprocessing + +MY_P="Python-${PV/_/}" +PATCHSET_VERSION="3.4.6-0" + +DESCRIPTION="An interpreted, interactive, object-oriented programming language" +HOMEPAGE="https://www.python.org/" +SRC_URI="https://www.python.org/ftp/python/${PV%_rc*}/${MY_P}.tar.xz + https://dev.gentoo.org/~floppym/python/python-gentoo-patches-${PATCHSET_VERSION}.tar.xz" + +LICENSE="PSF-2" +SLOT="3.4/3.4m" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd" +IUSE="bluetooth build elibc_uclibc examples gdbm hardened ipv6 libressl +ncurses +readline sqlite +ssl +threads tk wininst +xml" + +# Do not add a dependency on dev-lang/python to this ebuild. +# If you need to apply a patch which requires python for bootstrapping, please +# run the bootstrap code on your dev box and include the results in the +# patchset. See bug 447752. + +RDEPEND="app-arch/bzip2:0= + app-arch/xz-utils:0= + >=sys-libs/zlib-1.1.3:0= + virtual/libffi:= + virtual/libintl + gdbm? ( sys-libs/gdbm:0=[berkdb] ) + ncurses? ( + >=sys-libs/ncurses-5.2:0= + readline? ( >=sys-libs/readline-4.1:0= ) + ) + sqlite? ( >=dev-db/sqlite-3.3.8:3= ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + tk? ( + >=dev-lang/tcl-8.0:0= + >=dev-lang/tk-8.0:0= + dev-tcltk/blt:0= + dev-tcltk/tix + ) + xml? ( >=dev-libs/expat-2.1:0= ) + !!<sys-apps/sandbox-2.6-r1" +# bluetooth requires headers from bluez +DEPEND="${RDEPEND} + bluetooth? ( net-wireless/bluez ) + virtual/pkgconfig + >=sys-devel/autoconf-2.65 + !sys-devel/gcc[libffi(-)]" +RDEPEND+=" !build? ( app-misc/mime-types )" +PDEPEND=">=app-eselect/eselect-python-20140125-r1" + +S="${WORKDIR}/${MY_P}" + +PYVER=${SLOT%/*} + +src_prepare() { + # Ensure that internal copies of expat, libffi and zlib are not used. + rm -fr Modules/expat + rm -fr Modules/_ctypes/libffi* + rm -fr Modules/zlib + + if tc-is-cross-compiler; then + # Invokes BUILDPYTHON, which is built for the host arch + local EPATCH_EXCLUDE="*_regenerate_platform-specific_modules.patch" + fi + + EPATCH_SUFFIX="patch" epatch "${WORKDIR}/patches" + epatch "${FILESDIR}/${PN}-3.4.3-ncurses-pkg-config.patch" + epatch "${FILESDIR}/${PN}-3.4.5-cross.patch" + epatch "${FILESDIR}/3.4-getentropy-linux.patch" + epatch "${FILESDIR}/3.6-disable-nis.patch" + epatch "${FILESDIR}/python-3.5.5-hash-unaligned.patch" + epatch "${FILESDIR}/python-3.4.10-openssl11.patch" + + epatch_user + + sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" \ + configure.ac \ + Lib/distutils/command/install.py \ + Lib/distutils/sysconfig.py \ + Lib/site.py \ + Lib/sysconfig.py \ + Lib/test/test_site.py \ + Makefile.pre.in \ + Modules/Setup.dist \ + Modules/getpath.c \ + setup.py || die "sed failed to replace @@GENTOO_LIBDIR@@" + + eautoreconf +} + +src_configure() { + local disable + # disable automagic bluetooth headers detection + use bluetooth || export ac_cv_header_bluetooth_bluetooth_h=no + use gdbm || disable+=" gdbm" + use ncurses || disable+=" _curses _curses_panel" + use readline || disable+=" readline" + use sqlite || disable+=" _sqlite3" + use ssl || export PYTHON_DISABLE_SSL="1" + use tk || disable+=" _tkinter" + use xml || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat. + export PYTHON_DISABLE_MODULES="${disable}" + + if ! use xml; then + ewarn "You have configured Python without XML support." + ewarn "This is NOT a recommended configuration as you" + ewarn "may face problems parsing any XML documents." + fi + + if [[ -n "${PYTHON_DISABLE_MODULES}" ]]; then + einfo "Disabled modules: ${PYTHON_DISABLE_MODULES}" + fi + + if [[ "$(gcc-major-version)" -ge 4 ]]; then + append-flags -fwrapv + fi + + filter-flags -malign-double + + # https://bugs.gentoo.org/show_bug.cgi?id=50309 + if is-flagq -O3; then + is-flagq -fstack-protector-all && replace-flags -O3 -O2 + use hardened && replace-flags -O3 -O2 + fi + + # Export CXX so it ends up in /usr/lib/python3.X/config/Makefile. + tc-export CXX + + # The configure script fails to use pkg-config correctly. + # http://bugs.python.org/issue15506 + export ac_cv_path_PKG_CONFIG=$(tc-getPKG_CONFIG) + + # Set LDFLAGS so we link modules with -lpython3.2 correctly. + # Needed on FreeBSD unless Python 3.2 is already installed. + # Please query BSD team before removing this! + append-ldflags "-L." + + local dbmliborder + if use gdbm; then + dbmliborder+="${dbmliborder:+:}gdbm" + fi + + BUILD_DIR="${WORKDIR}/${CHOST}" + mkdir -p "${BUILD_DIR}" || die + cd "${BUILD_DIR}" || die + + ECONF_SOURCE="${S}" OPT="" \ + econf \ + --with-fpectl \ + --enable-shared \ + $(use_enable ipv6) \ + $(use_with threads) \ + --infodir='${prefix}/share/info' \ + --mandir='${prefix}/share/man' \ + --with-computed-gotos \ + --with-dbmliborder="${dbmliborder}" \ + --with-libc="" \ + --enable-loadable-sqlite-extensions \ + --with-system-expat \ + --with-system-ffi \ + --without-ensurepip + + if use threads && grep -q "#define POSIX_SEMAPHORES_NOT_ENABLED 1" pyconfig.h; then + eerror "configure has detected that the sem_open function is broken." + eerror "Please ensure that /dev/shm is mounted as a tmpfs with mode 1777." + die "Broken sem_open function (bug 496328)" + fi +} + +src_compile() { + # Ensure sed works as expected + # https://bugs.gentoo.org/594768 + local -x LC_ALL=C + + # Avoid invoking pgen for cross-compiles. + touch Include/graminit.h Python/graminit.c || die + + cd "${BUILD_DIR}" || die + + emake CPPFLAGS= CFLAGS= LDFLAGS= + + # Work around bug 329499. See also bug 413751 and 457194. + if has_version dev-libs/libffi[pax_kernel]; then + pax-mark E python + else + pax-mark m python + fi +} + +src_test() { + # Tests will not work when cross compiling. + if tc-is-cross-compiler; then + elog "Disabling tests due to crosscompiling." + return + fi + + cd "${BUILD_DIR}" || die + + # Skip failing tests. + local skipped_tests="gdb" + + for test in ${skipped_tests}; do + mv "${S}"/Lib/test/test_${test}.py "${T}" + done + + local -x PYTHONDONTWRITEBYTECODE= + emake test EXTRATESTOPTS="-u-network" CPPFLAGS= CFLAGS= LDFLAGS= < /dev/tty + local result=$? + + for test in ${skipped_tests}; do + mv "${T}/test_${test}.py" "${S}"/Lib/test + done + + elog "The following tests have been skipped:" + for test in ${skipped_tests}; do + elog "test_${test}.py" + done + + elog "If you would like to run them, you may:" + elog "cd '${EPREFIX}/usr/$(get_libdir)/python${PYVER}/test'" + elog "and run the tests separately." + + if [[ ${result} -ne 0 ]]; then + die "emake test failed" + fi +} + +src_install() { + local libdir=${ED}/usr/$(get_libdir)/python${PYVER} + + cd "${BUILD_DIR}" || die + + emake DESTDIR="${D}" altinstall + + sed \ + -e "s/\(CONFIGURE_LDFLAGS=\).*/\1/" \ + -e "s/\(PY_LDFLAGS=\).*/\1/" \ + -i "${libdir}/config-${PYVER}"*/Makefile || die "sed failed" + + # Fix collisions between different slots of Python. + rm -f "${ED}usr/$(get_libdir)/libpython3.so" + + # Cheap hack to get version with ABIFLAGS + local abiver=$(cd "${ED}usr/include"; echo python*) + if [[ ${abiver} != python${PYVER} ]]; then + # Replace python3.X with a symlink to python3.Xm + rm "${ED}usr/bin/python${PYVER}" || die + dosym "${abiver}" "/usr/bin/python${PYVER}" + # Create python3.X-config symlink + dosym "${abiver}-config" "/usr/bin/python${PYVER}-config" + # Create python-3.5m.pc symlink + dosym "python-${PYVER}.pc" "/usr/$(get_libdir)/pkgconfig/${abiver/${PYVER}/-${PYVER}}.pc" + fi + + use elibc_uclibc && rm -fr "${libdir}/test" + use sqlite || rm -fr "${libdir}/"{sqlite3,test/test_sqlite*} + use tk || rm -fr "${ED}usr/bin/idle${PYVER}" "${libdir}/"{idlelib,tkinter,test/test_tk*} + + use threads || rm -fr "${libdir}/multiprocessing" + use wininst || rm -f "${libdir}/distutils/command/"wininst-*.exe + + dodoc "${S}"/Misc/{ACKS,HISTORY,NEWS} + + if use examples; then + insinto /usr/share/doc/${PF}/examples + find "${S}"/Tools -name __pycache__ -print0 | xargs -0 rm -fr + doins -r "${S}"/Tools + fi + insinto /usr/share/gdb/auto-load/usr/$(get_libdir) #443510 + local libname=$(printf 'e:\n\t@echo $(INSTSONAME)\ninclude Makefile\n' | \ + emake --no-print-directory -s -f - 2>/dev/null) + newins "${S}"/Tools/gdb/libpython.py "${libname}"-gdb.py + + newconfd "${FILESDIR}/pydoc.conf" pydoc-${PYVER} + newinitd "${FILESDIR}/pydoc.init" pydoc-${PYVER} + sed \ + -e "s:@PYDOC_PORT_VARIABLE@:PYDOC${PYVER/./_}_PORT:" \ + -e "s:@PYDOC@:pydoc${PYVER}:" \ + -i "${ED}etc/conf.d/pydoc-${PYVER}" "${ED}etc/init.d/pydoc-${PYVER}" || die "sed failed" + + # for python-exec + local vars=( EPYTHON PYTHON_SITEDIR PYTHON_SCRIPTDIR ) + + # if not using a cross-compiler, use the fresh binary + if ! tc-is-cross-compiler; then + local -x PYTHON=./python + local -x LD_LIBRARY_PATH=${LD_LIBRARY_PATH+${LD_LIBRARY_PATH}:}${PWD} + else + vars=( PYTHON "${vars[@]}" ) + fi + + python_export "python${PYVER}" "${vars[@]}" + echo "EPYTHON='${EPYTHON}'" > epython.py || die + python_domodule epython.py + + # python-exec wrapping support + local pymajor=${PYVER%.*} + mkdir -p "${D}${PYTHON_SCRIPTDIR}" || die + # python and pythonX + ln -s "../../../bin/${abiver}" \ + "${D}${PYTHON_SCRIPTDIR}/python${pymajor}" || die + ln -s "python${pymajor}" \ + "${D}${PYTHON_SCRIPTDIR}/python" || die + # python-config and pythonX-config + # note: we need to create a wrapper rather than symlinking it due + # to some random dirname(argv[0]) magic performed by python-config + cat > "${D}${PYTHON_SCRIPTDIR}/python${pymajor}-config" <<-EOF || die + #!/bin/sh + exec "${abiver}-config" "\${@}" + EOF + chmod +x "${D}${PYTHON_SCRIPTDIR}/python${pymajor}-config" || die + ln -s "python${pymajor}-config" \ + "${D}${PYTHON_SCRIPTDIR}/python-config" || die + # 2to3, pydoc, pyvenv + ln -s "../../../bin/2to3-${PYVER}" \ + "${D}${PYTHON_SCRIPTDIR}/2to3" || die + ln -s "../../../bin/pydoc${PYVER}" \ + "${D}${PYTHON_SCRIPTDIR}/pydoc" || die + ln -s "../../../bin/pyvenv-${PYVER}" \ + "${D}${PYTHON_SCRIPTDIR}/pyvenv" || die + # idle + if use tk; then + ln -s "../../../bin/idle${PYVER}" \ + "${D}${PYTHON_SCRIPTDIR}/idle" || die + fi +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-${PYVER}" && ! has_version ">=${CATEGORY}/${PN}-${PYVER}_alpha"; then + python_updater_warning="1" + fi +} + +eselect_python_update() { + if [[ -z "$(eselect python show)" || ! -f "${EROOT}usr/bin/$(eselect python show)" ]]; then + eselect python update + fi + + if [[ -z "$(eselect python show --python${PV%%.*})" || ! -f "${EROOT}usr/bin/$(eselect python show --python${PV%%.*})" ]]; then + eselect python update --python${PV%%.*} + fi +} + +pkg_postinst() { + eselect_python_update + + if [[ "${python_updater_warning}" == "1" ]]; then + ewarn "You have just upgraded from an older version of Python." + ewarn + ewarn "Please adjust PYTHON_TARGETS (if so desired), and run emerge with the --newuse or --changed-use option to rebuild packages installing python modules." + fi +} + +pkg_postrm() { + eselect_python_update +} |