kumquat-buildroot/package/python3/0012-Add-an-option-to-disable-lib2to3.patch
Bernd Kuhls b7b11d7e94 package/python3: security bump version to 3.11.4
Rebased two patches.

Changelog:
https://docs.python.org/release/3.11.4/whatsnew/changelog.html#python-3-11-4

Fixes the following security problems:

- gh-99889: Fixed a security in flaw in uu.decode() that could allow for
  directory traversal based on the input if no out_file was specified.

- gh-104049: Do not expose the local on-disk location in directory
  indexes   produced by http.client.SimpleHTTPRequestHandler.

- gh-102153: urllib.parse.urlsplit() now strips leading C0 control and
  space characters following the specification for URLs defined by WHATWG
  in response to CVE-2023-24329. Patch by Illia Volochii.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-06-18 13:40:59 +02:00

123 lines
4.2 KiB
Diff

From 0e4f0a525ea0a68f6d4c5349c301da2e9b0c8ac9 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Wed, 22 Feb 2017 17:15:31 -0800
Subject: [PATCH] Add an option to disable lib2to3
lib2to3 is a library to convert Python 2.x code to Python 3.x. As
such, it is probably not very useful on embedded system targets.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
[ Andrey Smirnov: ported to Python 3.6 ]
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
[ Adam Duskett: ported to Python 3.10.0 ]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[ Bernd Kuhls: ported to Python 3.11.4]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
Makefile.pre.in | 17 ++++++++++++-----
configure.ac | 6 ++++++
setup.py | 6 +++---
3 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
index 403380e181..f5d0573067 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -1868,7 +1868,9 @@ ifeq (@PYDOC@,yes)
(cd $(DESTDIR)$(BINDIR); $(LN) -s pydoc$(VERSION) pydoc3)
endif
-rm -f $(DESTDIR)$(BINDIR)/2to3
+ifeq (@LIB2TO3@,yes)
(cd $(DESTDIR)$(BINDIR); $(LN) -s 2to3-$(VERSION) 2to3)
+endif
if test "x$(LIPO_32BIT_FLAGS)" != "x" ; then \
rm -f $(DESTDIR)$(BINDIR)/python3-32$(EXE); \
(cd $(DESTDIR)$(BINDIR); $(LN) -s python$(VERSION)-32$(EXE) python3-32$(EXE)) \
@@ -1914,7 +1916,6 @@ LIBSUBDIRS= asyncio \
idlelib idlelib/Icons \
importlib importlib/resources importlib/metadata \
json \
- lib2to3 lib2to3/fixes lib2to3/pgen2 \
logging \
multiprocessing multiprocessing/dummy \
re \
@@ -1934,10 +1935,6 @@ LIBSUBDIRS= asyncio \
TESTSUBDIRS= ctypes/test \
distutils/tests \
idlelib/idle_test \
- lib2to3/tests \
- lib2to3/tests/data \
- lib2to3/tests/data/fixers \
- lib2to3/tests/data/fixers/myfixes \
test \
test/audiodata \
test/capath \
@@ -2013,6 +2010,14 @@ ifeq (@PYDOC@,yes)
LIBSUBDIRS += pydoc_data
endif
+ifeq (@LIB2TO3@,yes)
+LIBSUBDIRS += lib2to3 lib2to3/fixes lib2to3/pgen2
+TESTSUBDIRS += lib2to3/tests \
+ lib2to3/tests/data \
+ lib2to3/tests/data/fixers \
+ lib2to3/tests/data/fixers/myfixes
+endif
+
TEST_MODULES=@TEST_MODULES@
libinstall: all $(srcdir)/Modules/xxmodule.c
@for i in $(SCRIPTDIR) $(LIBDEST); \
@@ -2115,10 +2120,12 @@ ifeq (@PYC_BUILD@,yes)
-j0 -d $(LIBDEST)/site-packages -f \
-x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
endif
+ifeq (@LIB2TO3@,yes)
-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
$(PYTHON_FOR_BUILD) -m lib2to3.pgen2.driver $(DESTDIR)$(LIBDEST)/lib2to3/Grammar.txt
-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
$(PYTHON_FOR_BUILD) -m lib2to3.pgen2.driver $(DESTDIR)$(LIBDEST)/lib2to3/PatternGrammar.txt
+endif
# bpo-21536: Misc/python-config.sh is generated in the build directory
# from $(srcdir)Misc/python-config.sh.in.
diff --git a/configure.ac b/configure.ac
index f68ea72321..d8e10cf2b2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7078,6 +7078,12 @@ PY_STDLIB_MOD([xxlimited_35], [test "$with_trace_refs" = "no"], [test "$ac_cv_fu
# substitute multiline block, must come after last PY_STDLIB_MOD()
AC_SUBST([MODULE_BLOCK])
+AC_SUBST(LIB2TO3)
+
+AC_ARG_ENABLE(lib2to3,
+ AS_HELP_STRING([--disable-lib2to3], [disable lib2to3]),
+ [ LIB2TO3="${enableval}" ], [ LIB2TO3=yes ])
+
# generate output files
AC_CONFIG_FILES(Makefile.pre Misc/python.pc Misc/python-embed.pc Misc/python-config.sh)
AC_CONFIG_FILES([Modules/Setup.bootstrap Modules/Setup.stdlib])
diff --git a/setup.py b/setup.py
index 3e55f5b2e0..c490b0b08f 100644
--- a/setup.py
+++ b/setup.py
@@ -1594,11 +1594,11 @@ class DummyProcess:
import warnings
warnings.filterwarnings("ignore",category=DeprecationWarning)
- scripts = ['Tools/scripts/idle3', 'Tools/scripts/2to3',
- 'Lib/smtpd.py']
+ scripts = ['Tools/scripts/idle3', 'Lib/smtpd.py']
if not '--disable-pydoc' in sysconfig.get_config_var("CONFIG_ARGS"):
scripts += [ 'Tools/scripts/pydoc3' ]
-
+ if not '--disable-lib2to3' in sysconfig.get_config_var("CONFIG_ARGS"):
+ scripts += [ 'Tools/scripts/2to3' ]
setup(# PyPI Metadata (PEP 301)
name = "Python",
version = sys.version.split()[0],
--
2.34.1