kumquat-buildroot/package/python3/0003-Add-infrastructure-to-disable-the-build-of-certain-e.patch
Adam Duskett 0012baabfc package/python3: security bump version to 3.7.3
Also remove upstream patch 0033.

Fixes the following security issues:

- bpo-36216: Changes urlsplit() to raise ValueError when the URL contains
  characters that decompose under IDNA encoding (NFKC-normalization) into
  characters that affect how the URL is parsed.

- bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module.  The
  cert parser did not handle CRL distribution points with empty DP or URI
  correctly.  A malicious or buggy certificate can result into segfault.
  Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of
  Cisco.

- bpo-35121: Don’t send cookies of domain A without Domain attribute to
  domain B when domain A is a suffix match of domain B while using a
  cookiejar with http.cookiejar.DefaultCookiePolicy policy.  Patch by
  Karthikeyan Singaravelan.

For more details, see the changelog:
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-3-final

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6afc83b60f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-24 15:51:47 +02:00

110 lines
4.0 KiB
Diff

From 2c2afc80831c518e5daf3df6c9e4c4ac0a7be001 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Wed, 22 Feb 2017 16:33:22 -0800
Subject: [PATCH] Add infrastructure to disable the build of certain extensions
Some of the extensions part of the Python core have dependencies on
external libraries (sqlite, tk, etc.) or are relatively big and not
necessarly always useful (CJK codecs for example). By extensions, we
mean part of Python modules that are written in C and therefore
compiled to binary code.
Therefore, we introduce a small infrastructure that allows to disable
some of those extensions. This can be done inside the configure.ac by
adding values to the DISABLED_EXTENSIONS variable (which is a
word-separated list of extensions).
The implementation works as follow :
* configure.ac defines a DISABLED_EXTENSIONS variable, which is
substituted (so that when Makefile.pre is generated from
Makefile.pre.in, the value of the variable is substituted). For
now, this DISABLED_EXTENSIONS variable is empty, later patches will
use it.
* Makefile.pre.in passes the DISABLED_EXTENSIONS value down to the
variables passed in the environment when calling the setup.py
script that actually builds and installs those extensions.
* setup.py is modified so that the existing "disabled_module_list" is
filled with those pre-disabled extensions listed in
DISABLED_EXTENSIONS.
Patch ported to python2.7 by Maxime Ripard <ripard@archos.com>, and
then extended by Thomas Petazzoni
<thomas.petazzoni@free-electrons.com>.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[ Andrey Smirnov: ported to Python 3.6 ]
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
---
Makefile.pre.in | 6 +++++-
configure.ac | 2 ++
setup.py | 6 +++++-
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
index b38bd79121..4ce917ab8d 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -204,6 +204,8 @@ FILEMODE= 644
# configure script arguments
CONFIG_ARGS= @CONFIG_ARGS@
+# disabled extensions
+DISABLED_EXTENSIONS= @DISABLED_EXTENSIONS@
# Subdirectories with code
SRCDIRS= @SRCDIRS@
@@ -617,6 +619,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o
esac; \
echo "$(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
+ DISABLED_EXTENSIONS="$(DISABLED_EXTENSIONS)" \
$(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build"; \
$(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
@@ -1526,7 +1529,8 @@ libainstall: @DEF_MAKE_RULE@ python-config
# Install the dynamically loadable modules
# This goes into $(exec_prefix)
sharedinstall: sharedmods
- $(RUNSHARED) $(PYTHON_FOR_BUILD) $(srcdir)/setup.py install \
+ $(RUNSHARED) DISABLED_EXTENSIONS="$(DISABLED_EXTENSIONS)" \
+ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py install \
--prefix=$(prefix) \
--install-scripts=$(BINDIR) \
--install-platlib=$(DESTSHARED) \
diff --git a/configure.ac b/configure.ac
index 5f87c4db5a..d5ee2aedfb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2966,6 +2966,8 @@ LIBS="$withval $LIBS"
PKG_PROG_PKG_CONFIG
+AC_SUBST(DISABLED_EXTENSIONS)
+
# Check for use of the system expat library
AC_MSG_CHECKING(for --with-system-expat)
AC_ARG_WITH(system_expat,
diff --git a/setup.py b/setup.py
index fe477974bd..86643ae8bf 100644
--- a/setup.py
+++ b/setup.py
@@ -48,7 +48,11 @@ host_platform = get_platform()
COMPILED_WITH_PYDEBUG = ('--with-pydebug' in sysconfig.get_config_var("CONFIG_ARGS"))
# This global variable is used to hold the list of modules to be disabled.
-disabled_module_list = []
+try:
+ disabled_module_list = sysconfig.get_config_var("DISABLED_EXTENSIONS").split(" ")
+except KeyError:
+ disabled_module_list = list()
+
def add_dir_to_list(dirlist, dir):
"""Add the directory 'dir' to the list 'dirlist' (after any relative
--
2.13.5