diff options
-rw-r--r-- | gnu/local.mk | 2 | ||||
-rw-r--r-- | gnu/packages/patches/python2-CVE-2018-1000802.patch | 47 | ||||
-rw-r--r-- | gnu/packages/patches/python2-CVE-2018-14647.patch | 61 | ||||
-rw-r--r-- | gnu/packages/python.scm | 8 |
4 files changed, 3 insertions, 115 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 52df157a95..64d4324607 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1161,8 +1161,6 @@ dist_patch_DATA = \ %D%/packages/patches/pygpgme-disable-problematic-tests.patch \ %D%/packages/patches/pyqt-configure.patch \ %D%/packages/patches/pyqt-public-sip.patch \ - %D%/packages/patches/python2-CVE-2018-14647.patch \ - %D%/packages/patches/python2-CVE-2018-1000802.patch \ %D%/packages/patches/python-2-deterministic-build-info.patch \ %D%/packages/patches/python-2.7-adjust-tests.patch \ %D%/packages/patches/python-2.7-search-paths.patch \ diff --git a/gnu/packages/patches/python2-CVE-2018-1000802.patch b/gnu/packages/patches/python2-CVE-2018-1000802.patch deleted file mode 100644 index 0d5bc77c84..0000000000 --- a/gnu/packages/patches/python2-CVE-2018-1000802.patch +++ /dev/null @@ -1,47 +0,0 @@ -Fix CVE-2018-1000802: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000802 - -Taken from upstream commit (sans NEWS): -https://github.com/python/cpython/commit/d8b103b8b3ef9644805341216963a64098642435 - -diff --git a/Lib/shutil.py b/Lib/shutil.py -index 3462f7c5e9..0ab1a06f52 100644 ---- a/Lib/shutil.py -+++ b/Lib/shutil.py -@@ -413,17 +413,21 @@ def _make_tarball(base_name, base_dir, compress="gzip", verbose=0, dry_run=0, - - return archive_name - --def _call_external_zip(base_dir, zip_filename, verbose=False, dry_run=False): -+def _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger): - # XXX see if we want to keep an external call here - if verbose: - zipoptions = "-r" - else: - zipoptions = "-rq" -- from distutils.errors import DistutilsExecError -- from distutils.spawn import spawn -+ cmd = ["zip", zipoptions, zip_filename, base_dir] -+ if logger is not None: -+ logger.info(' '.join(cmd)) -+ if dry_run: -+ return -+ import subprocess - try: -- spawn(["zip", zipoptions, zip_filename, base_dir], dry_run=dry_run) -- except DistutilsExecError: -+ subprocess.check_call(cmd) -+ except subprocess.CalledProcessError: - # XXX really should distinguish between "couldn't find - # external 'zip' command" and "zip failed". - raise ExecError, \ -@@ -458,7 +462,7 @@ def _make_zipfile(base_name, base_dir, verbose=0, dry_run=0, logger=None): - zipfile = None - - if zipfile is None: -- _call_external_zip(base_dir, zip_filename, verbose, dry_run) -+ _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger) - else: - if logger is not None: - logger.info("creating '%s' and adding '%s' to it", diff --git a/gnu/packages/patches/python2-CVE-2018-14647.patch b/gnu/packages/patches/python2-CVE-2018-14647.patch deleted file mode 100644 index 6226b06aca..0000000000 --- a/gnu/packages/patches/python2-CVE-2018-14647.patch +++ /dev/null @@ -1,61 +0,0 @@ -Fix CVE-2018-14647: -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647 -https://bugs.python.org/issue34623 - -Taken from upstream: -https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2 - -diff --git a/Include/pyexpat.h b/Include/pyexpat.h -index 5340ef5fa3..3fc5fa54da 100644 ---- a/Include/pyexpat.h -+++ b/Include/pyexpat.h -@@ -3,7 +3,7 @@ - - /* note: you must import expat.h before importing this module! */ - --#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0" -+#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1" - #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI" - - struct PyExpat_CAPI -@@ -43,6 +43,8 @@ struct PyExpat_CAPI - XML_Parser parser, XML_UnknownEncodingHandler handler, - void *encodingHandlerData); - void (*SetUserData)(XML_Parser parser, void *userData); -+ /* might be none for expat < 2.1.0 */ -+ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt); - /* always add new stuff to the end! */ - }; - -diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c -index f7f992dd3a..b38e0ab329 100644 ---- a/Modules/_elementtree.c -+++ b/Modules/_elementtree.c -@@ -2574,6 +2574,11 @@ xmlparser(PyObject* self_, PyObject* args, PyObject* kw) - PyErr_NoMemory(); - return NULL; - } -+ /* expat < 2.1.0 has no XML_SetHashSalt() */ -+ if (EXPAT(SetHashSalt) != NULL) { -+ EXPAT(SetHashSalt)(self->parser, -+ (unsigned long)_Py_HashSecret.prefix); -+ } - - ALLOC(sizeof(XMLParserObject), "create expatparser"); - -diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c -index 2b4d31293c..1f8c0d70a5 100644 ---- a/Modules/pyexpat.c -+++ b/Modules/pyexpat.c -@@ -2042,6 +2042,11 @@ MODULE_INITFUNC(void) - capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler; - capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler; - capi.SetUserData = XML_SetUserData; -+#if XML_COMBINED_VERSION >= 20100 -+ capi.SetHashSalt = XML_SetHashSalt; -+#else -+ capi.SetHashSalt = NULL; -+#endif - - /* export using capsule */ - capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL); diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 9ed16d447e..0a483fb1db 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -94,7 +94,7 @@ (define-public python-2.7 (package (name "python2") - (version "2.7.15") + (version "2.7.16") (source (origin (method url-fetch) @@ -102,14 +102,12 @@ version "/Python-" version ".tar.xz")) (sha256 (base32 - "0x2mvz9dp11wj7p5ccvmk9s0hzjk2fa1m462p395l4r6bfnb3n92")) + "1mqfcqp5y8r0bfyr7ppl74n0lig45p9mc4b8adlcpvj74rhfy8pj")) (patches (search-patches "python-2.7-search-paths.patch" "python-2-deterministic-build-info.patch" "python-2.7-site-prefixes.patch" "python-2.7-source-date-epoch.patch" - "python-2.7-adjust-tests.patch" - "python2-CVE-2018-14647.patch" - "python2-CVE-2018-1000802.patch")) + "python-2.7-adjust-tests.patch")) (modules '((guix build utils))) ;; suboptimal to delete failing tests here, but if we delete them in the ;; arguments then we need to make sure to strip out that phase when it |