diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2020-12-14 11:30:26 +0100 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2020-12-14 12:12:08 +0100 |
| commit | 15efabfeb80aee4b02aa97d1ea24a477ced9be12 (patch) | |
| tree | 2b1bc3c52440662689d1a60374a4cce05eaa56f1 /dev-lang | |
| parent | dev-lang/python: Backport security fixes to 3.7.9-r1 (diff) | |
| download | gentoo-15efabfeb80aee4b02aa97d1ea24a477ced9be12.tar.gz gentoo-15efabfeb80aee4b02aa97d1ea24a477ced9be12.tar.bz2 gentoo-15efabfeb80aee4b02aa97d1ea24a477ced9be12.zip | |
dev-lang/python: Backport security fixes to 3.8.6-r1
Bug: https://bugs.gentoo.org/759928
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'dev-lang')
| -rw-r--r-- | dev-lang/python/Manifest | 1 | ||||
| -rw-r--r-- | dev-lang/python/python-3.8.6-r1.ebuild | 355 |
2 files changed, 356 insertions, 0 deletions
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest index 2e0cb14a32fb..b39087817ccc 100644 --- a/dev-lang/python/Manifest +++ b/dev-lang/python/Manifest @@ -20,5 +20,6 @@ DIST python-gentoo-patches-3.7.9-r1.tar.xz 15664 BLAKE2B 271b95a52f4ba83c1aee6f6 DIST python-gentoo-patches-3.7.9.tar.xz 10588 BLAKE2B f60c8500671e7e3977412474c838905846e0609a7fdac787f2c6a8bfa53c887dcfd3466c5276772ffb8c20205e8b3f207f7d148c04524f19d095964b519da62d SHA512 11f411eb2d59fd45fbd80bdb1d1a83d413770779244045006942c5cb84837cba606673bcde102ae03b1d4579f526b551c93a64d39dba530b4584ba8dd8e9f13e DIST python-gentoo-patches-3.8.4-r2.tar.xz 12660 BLAKE2B 3197edc6beb2b1be05399f268ff9b337ed67f699e3867160fea8e50f763a62b184ddd7adcdfa55dafc8c14f91e020b409461027361d04858db667992794b1168 SHA512 c56adbec04bfb950f7fb65f38cc0b78eaae9783800c755b7ac934b07725fcf4d69bbc2c29f7d1255acd6e88559a216dc8a6088042a479aa0d453b706e318c0cf DIST python-gentoo-patches-3.8.5.tar.xz 11280 BLAKE2B 163c577da75f4ec0ebe86b5a08bea96d5ae406020bd211439b1405c0f8a5dddc9422a9ea5b16eed195433cbec010d9def3126a578d3f9716325482216b9e4d62 SHA512 6b7f72b8deb87fb7a169e97391185823984b5e9c99ec5232504c670843fbe0ca76afe32fc3fbe1f850ec6c42e9325cf4697022f36f7b00a4028b324069dd4d5b +DIST python-gentoo-patches-3.8.6-r1.tar.xz 15880 BLAKE2B 9a08cd23af56bcc2ed0dffe4850698be6e0bcf7c44d3eafeb250e328a93833dc3e9ce084f1be89450d1e123cd72d81c6271edfe34046d1bab3d7c10a98d0d9c5 SHA512 83474915cab0928d1d2f4229832bef7c093b2943770fa900a7445bfaa633544f50791aa8b4bc4191662af56feef166814d98eb6fad2c0a0eb9db1f8f4806e689 DIST python-gentoo-patches-3.8.6.tar.xz 10956 BLAKE2B e3241d97f886d0a37f85735102db8f00902df59ee12e8501b6c7f549dd4b26a6289bf34ff8dba02b369ed7875fad3d18e177afe9e367db4cb06f2ee908482f9e SHA512 7afa8e54f7b7e6ab35edc16d4214384b8ad8a03068d1984656876d6477b278af931e8c797d03d1bed2f10f9d58ac387db1a43921e54fb17cf4b779f33820abc0 DIST python-gentoo-patches-3.9.0rc1.tar.xz 8856 BLAKE2B 7bd032dfd047640c6a53633b5b9ee7b24199106b985230f772dda978d3b79fe0406eea64c4a842603a20afb71a90469befa7ec59a5ef1f793e4c901aa85952d1 SHA512 85a7d4397abf2a0f3c3d07a94a3e184ba3dcb347f3b70ee2cb77e81aac63846b01323a0228afd0fd1d32b3cafb64b18f82e6f5bfd88e4d564261ddae11e747eb diff --git a/dev-lang/python/python-3.8.6-r1.ebuild b/dev-lang/python/python-3.8.6-r1.ebuild new file mode 100644 index 000000000000..5be4e7e67733 --- /dev/null +++ b/dev-lang/python/python-3.8.6-r1.ebuild @@ -0,0 +1,355 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" +WANT_LIBTOOL="none" + +inherit autotools flag-o-matic multiprocessing pax-utils \ + python-utils-r1 toolchain-funcs + +MY_P="Python-${PV}" +PYVER=$(ver_cut 1-2) +PATCHSET="python-gentoo-patches-${PV}-r1" + +DESCRIPTION="An interpreted, interactive, object-oriented programming language" +HOMEPAGE="https://www.python.org/" +SRC_URI="https://www.python.org/ftp/python/${PV}/${MY_P}.tar.xz + https://dev.gentoo.org/~mgorny/dist/python/${PATCHSET}.tar.xz" +S="${WORKDIR}/${MY_P}" + +LICENSE="PSF-2" +SLOT="${PYVER}" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="bluetooth build examples gdbm hardened ipv6 libressl +ncurses +readline sqlite +ssl test tk wininst +xml" +RESTRICT="!test? ( test )" + +# Do not add a dependency on dev-lang/python to this ebuild. +# If you need to apply a patch which requires python for bootstrapping, please +# run the bootstrap code on your dev box and include the results in the +# patchset. See bug 447752. + +RDEPEND="app-arch/bzip2:= + app-arch/xz-utils:= + dev-libs/libffi:= + sys-apps/util-linux:= + >=sys-libs/zlib-1.1.3:= + virtual/libcrypt:= + virtual/libintl + gdbm? ( sys-libs/gdbm:=[berkdb] ) + ncurses? ( >=sys-libs/ncurses-5.2:= ) + readline? ( >=sys-libs/readline-4.1:= ) + sqlite? ( >=dev-db/sqlite-3.3.8:3= ) + ssl? ( + !libressl? ( dev-libs/openssl:= ) + libressl? ( dev-libs/libressl:= ) + ) + tk? ( + >=dev-lang/tcl-8.0:= + >=dev-lang/tk-8.0:= + dev-tcltk/blt:= + dev-tcltk/tix + ) + xml? ( >=dev-libs/expat-2.1:= )" +# bluetooth requires headers from bluez +DEPEND="${RDEPEND} + bluetooth? ( net-wireless/bluez ) + test? ( app-arch/xz-utils[extra-filters(+)] ) + virtual/pkgconfig + !sys-devel/gcc[libffi(-)]" +RDEPEND+=" !build? ( app-misc/mime-types )" +PDEPEND=">=app-eselect/eselect-python-20140125-r1" + +src_prepare() { + # Ensure that internal copies of expat, libffi and zlib are not used. + rm -fr Modules/expat || die + rm -fr Modules/_ctypes/libffi* || die + rm -fr Modules/zlib || die + + local PATCHES=( + "${WORKDIR}/${PATCHSET}" + ) + + default + + sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" \ + setup.py || die "sed failed to replace @@GENTOO_LIBDIR@@" + + # force correct number of jobs + # https://bugs.gentoo.org/737660 + local jobs=$(makeopts_jobs "${MAKEOPTS}" "$(get_nproc)") + sed -i -e "s:-j0:-j${jobs}:" Makefile.pre.in || die + sed -i -e "/self\.parallel/s:True:${jobs}:" setup.py || die + + eautoreconf +} + +src_configure() { + local disable + # disable automagic bluetooth headers detection + use bluetooth || export ac_cv_header_bluetooth_bluetooth_h=no + use gdbm || disable+=" gdbm" + use ncurses || disable+=" _curses _curses_panel" + use readline || disable+=" readline" + use sqlite || disable+=" _sqlite3" + use ssl || export PYTHON_DISABLE_SSL="1" + use tk || disable+=" _tkinter" + use xml || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat. + export PYTHON_DISABLE_MODULES="${disable}" + + if ! use xml; then + ewarn "You have configured Python without XML support." + ewarn "This is NOT a recommended configuration as you" + ewarn "may face problems parsing any XML documents." + fi + + if [[ -n "${PYTHON_DISABLE_MODULES}" ]]; then + einfo "Disabled modules: ${PYTHON_DISABLE_MODULES}" + fi + + if [[ "$(gcc-major-version)" -ge 4 ]]; then + append-flags -fwrapv + fi + + filter-flags -malign-double + + # https://bugs.gentoo.org/show_bug.cgi?id=50309 + if is-flagq -O3; then + is-flagq -fstack-protector-all && replace-flags -O3 -O2 + use hardened && replace-flags -O3 -O2 + fi + + # https://bugs.gentoo.org/700012 + if is-flagq -flto || is-flagq '-flto=*'; then + append-cflags $(test-flags-CC -ffat-lto-objects) + fi + + # Export CXX so it ends up in /usr/lib/python3.X/config/Makefile. + tc-export CXX + + # Set LDFLAGS so we link modules with -lpython3.2 correctly. + # Needed on FreeBSD unless Python 3.2 is already installed. + # Please query BSD team before removing this! + append-ldflags "-L." + + # Fix implicit declarations on cross and prefix builds. Bug #674070. + use ncurses && append-cppflags -I"${ESYSROOT}"/usr/include/ncursesw + + local dbmliborder + if use gdbm; then + dbmliborder+="${dbmliborder:+:}gdbm" + fi + + local myeconfargs=( + # glibc-2.30 removes it; since we can't cleanly force-rebuild + # Python on glibc upgrade, remove it proactively to give + # a chance for users rebuilding python before glibc + ac_cv_header_stropts_h=no + + --enable-shared + $(use_enable ipv6) + --infodir='${prefix}/share/info' + --mandir='${prefix}/share/man' + --with-computed-gotos + --with-dbmliborder="${dbmliborder}" + --with-libc= + --enable-loadable-sqlite-extensions + --without-ensurepip + --with-system-expat + --with-system-ffi + ) + + OPT="" econf "${myeconfargs[@]}" +} + +src_compile() { + # Ensure sed works as expected + # https://bugs.gentoo.org/594768 + local -x LC_ALL=C + + emake CPPFLAGS= CFLAGS= LDFLAGS= + + # Work around bug 329499. See also bug 413751 and 457194. + if has_version dev-libs/libffi[pax_kernel]; then + pax-mark E python + else + pax-mark m python + fi +} + +src_test() { + # Tests will not work when cross compiling. + if tc-is-cross-compiler; then + elog "Disabling tests due to crosscompiling." + return + fi + + # Skip failing tests. + local skipped_tests="gdb" + + for test in ${skipped_tests}; do + mv "${S}"/Lib/test/test_${test}.py "${T}" + done + + # bug 660358 + local -x COLUMNS=80 + local -x PYTHONDONTWRITEBYTECODE= + + local jobs=$(makeopts_jobs "${MAKEOPTS}" "$(get_nproc)") + + emake test EXTRATESTOPTS="-u-network -j${jobs}" \ + CPPFLAGS= CFLAGS= LDFLAGS= < /dev/tty + local result=$? + + for test in ${skipped_tests}; do + mv "${T}/test_${test}.py" "${S}"/Lib/test + done + + elog "The following tests have been skipped:" + for test in ${skipped_tests}; do + elog "test_${test}.py" + done + + elog "If you would like to run them, you may:" + elog "cd '${EPREFIX}/usr/lib/python${PYVER}/test'" + elog "and run the tests separately." + + if [[ ${result} -ne 0 ]]; then + die "emake test failed" + fi +} + +src_install() { + local libdir=${ED}/usr/lib/python${PYVER} + + emake DESTDIR="${D}" altinstall + + # Remove static library + rm "${ED}"/usr/$(get_libdir)/libpython*.a || die + + sed \ + -e "s/\(CONFIGURE_LDFLAGS=\).*/\1/" \ + -e "s/\(PY_LDFLAGS=\).*/\1/" \ + -i "${libdir}/config-${PYVER}"*/Makefile || die "sed failed" + + # Fix collisions between different slots of Python. + rm "${ED}/usr/$(get_libdir)/libpython3.so" || die + + # Cheap hack to get version with ABIFLAGS + local abiver=$(cd "${ED}/usr/include"; echo python*) + if [[ ${abiver} != python${PYVER} ]]; then + # Replace python3.X with a symlink to python3.Xm + rm "${ED}/usr/bin/python${PYVER}" || die + dosym "${abiver}" "/usr/bin/python${PYVER}" + # Create python3.X-config symlink + dosym "${abiver}-config" "/usr/bin/python${PYVER}-config" + # Create python-3.5m.pc symlink + dosym "python-${PYVER}.pc" "/usr/$(get_libdir)/pkgconfig/${abiver/${PYVER}/-${PYVER}}.pc" + fi + + # python seems to get rebuilt in src_install (bug 569908) + # Work around it for now. + if has_version dev-libs/libffi[pax_kernel]; then + pax-mark E "${ED}/usr/bin/${abiver}" + else + pax-mark m "${ED}/usr/bin/${abiver}" + fi + + use sqlite || rm -r "${libdir}/"{sqlite3,test/test_sqlite*} || die + use tk || rm -r "${ED}/usr/bin/idle${PYVER}" "${libdir}/"{idlelib,tkinter,test/test_tk*} || die + + use wininst || rm "${libdir}/distutils/command/"wininst-*.exe || die + + dodoc Misc/{ACKS,HISTORY,NEWS} + + if use examples; then + docinto examples + find Tools -name __pycache__ -exec rm -fr {} + || die + dodoc -r Tools + fi + insinto /usr/share/gdb/auto-load/usr/$(get_libdir) #443510 + local libname=$(printf 'e:\n\t@echo $(INSTSONAME)\ninclude Makefile\n' | \ + emake --no-print-directory -s -f - 2>/dev/null) + newins "${S}"/Tools/gdb/libpython.py "${libname}"-gdb.py + + newconfd "${FILESDIR}/pydoc.conf" pydoc-${PYVER} + newinitd "${FILESDIR}/pydoc.init" pydoc-${PYVER} + sed \ + -e "s:@PYDOC_PORT_VARIABLE@:PYDOC${PYVER/./_}_PORT:" \ + -e "s:@PYDOC@:pydoc${PYVER}:" \ + -i "${ED}/etc/conf.d/pydoc-${PYVER}" \ + "${ED}/etc/init.d/pydoc-${PYVER}" || die "sed failed" + + local -x EPYTHON=python${PYVER} + # if not using a cross-compiler, use the fresh binary + if ! tc-is-cross-compiler; then + local -x PYTHON=./python + local -x LD_LIBRARY_PATH=${LD_LIBRARY_PATH+${LD_LIBRARY_PATH}:}${PWD} + else + local -x PYTHON=${EPREFIX}/usr/bin/${EPYTHON} + fi + + echo "EPYTHON='${EPYTHON}'" > epython.py || die + python_domodule epython.py + + # python-exec wrapping support + local pymajor=${PYVER%.*} + local scriptdir=${D}$(python_get_scriptdir) + mkdir -p "${scriptdir}" || die + # python and pythonX + ln -s "../../../bin/${abiver}" \ + "${scriptdir}/python${pymajor}" || die + ln -s "python${pymajor}" "${scriptdir}/python" || die + # python-config and pythonX-config + # note: we need to create a wrapper rather than symlinking it due + # to some random dirname(argv[0]) magic performed by python-config + cat > "${scriptdir}/python${pymajor}-config" <<-EOF || die + #!/bin/sh + exec "${abiver}-config" "\${@}" + EOF + chmod +x "${scriptdir}/python${pymajor}-config" || die + ln -s "python${pymajor}-config" \ + "${scriptdir}/python-config" || die + # 2to3, pydoc + ln -s "../../../bin/2to3-${PYVER}" \ + "${scriptdir}/2to3" || die + ln -s "../../../bin/pydoc${PYVER}" \ + "${scriptdir}/pydoc" || die + # idle + if use tk; then + ln -s "../../../bin/idle${PYVER}" \ + "${scriptdir}/idle" || die + fi +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-${PYVER}" && ! has_version ">=${CATEGORY}/${PN}-${PYVER}_alpha"; then + python_updater_warning="1" + fi +} + +eselect_python_update() { + if [[ -z "$(eselect python show)" || \ + ! -f "${EROOT}/usr/bin/$(eselect python show)" ]]; then + eselect python update + fi + + if [[ -z "$(eselect python show --python${PV%%.*})" || \ + ! -f "${EROOT}/usr/bin/$(eselect python show --python${PV%%.*})" ]] + then + eselect python update --python${PV%%.*} + fi +} + +pkg_postinst() { + eselect_python_update + + if [[ "${python_updater_warning}" == "1" ]]; then + ewarn "You have just upgraded from an older version of Python." + ewarn + ewarn "Please adjust PYTHON_TARGETS (if so desired), and run emerge with the --newuse or --changed-use option to rebuild packages installing python modules." + fi +} + +pkg_postrm() { + eselect_python_update +} |