Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
python3-base.32356
python3.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File python3.spec of Package python3-base.32356
# # spec file for package python3 # # Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: python3 BuildRequires: automake BuildRequires: db-devel BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gdbm-devel BuildRequires: gettext-tools BuildRequires: gmp-devel BuildRequires: intltool BuildRequires: libbz2-devel BuildRequires: libexpat-devel BuildRequires: libffi-devel BuildRequires: libopenssl-devel BuildRequires: ncurses-devel BuildRequires: readline-devel BuildRequires: sqlite-devel BuildRequires: tk-devel BuildRequires: xorg-x11-devel BuildRequires: xz BuildRequires: xz-devel URL: http://www.python.org/ Summary: Python3 Interpreter License: Python-2.0 Group: Development/Languages/Python Version: 3.4.10 Release: 0 %define tarversion %{version} %define tarname Python-%{tarversion} # required for idle3 (.desktop and .appdata.xml files) BuildRequires: update-desktop-files Requires: python3-base = %{version} Recommends: python3-pip Suggests: python3-curses Suggests: python3-dbm Suggests: python3-idlelib Suggests: python3-tk Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz Source1: baselibs.conf Source2: python3-rpmlintrc Source20: idle3.desktop Source21: idle3.appdata.xml #Source11: testfiles.tar.bz2 # issues with copyrighted Unicode testing files # For Patch 34 Source34: recursion.tar # do not add patches here, please edit python3-base.spec instead # and run pre_checkin.sh # # see PACKAGING-NOTES for details ### COMMON-PATCH-BEGIN ### # implement "--record-rpm" option for distutils installations Patch01: Python-3.0b1-record-rpm.patch # support lib-vs-lib64 distinction Patch02: Python-3.3.0b2-multilib.patch # support finding packages in /usr/local, install to /usr/local by default Patch04: python-3.3.0b1-localpath.patch # replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds Patch06: python-3.3.0b1-fix_date_time_compiler.patch # fix wrong include path in curses-panel module Patch07: python-3.3.0b1-curses-panel.patch # POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test Patch09: python-3.3.0b1-test-posix_fadvise.patch # Add missing bits for aarch64 in libffi Patch10: ctypes-libffi-aarch64.patch # Disable global and distutils sysconfig comparison test, we deviate from the default depending on optflags Patch12: python-3.3.3-skip-distutils-test_sysconfig_module.patch # Raise timeout value for test_subprocess Patch15: subprocess-raise-timeout.patch # PATCH-FIX-UPSTREAM Fix argument passing in libffi for aarch64 Patch18: python-2.7-libffi-aarch64.patch # PATCH-FIX-UPSTREAM Prefer lowercase proxy environment variables Patch19: python3-urllib-prefer-lowercase-proxies.patch # PATCH-FIX-UPSTREAM python-3.6-CVE-2017-18207.patch psimons@suse.com -- Add check for channels of wav file in Lib/wave.py # Suggested in https://github.com/python/cpython/pull/4437. Patch20: python-3.6-CVE-2017-18207.patch # PATCH-FIX-UPSTREAM https://bugs.python.org/issue30693 Patch21: python-sorted_tar.patch # PATCH-FIX-UPSTREAM CVE-2019-10160-netloc-port-regression.patch bsc#1138459 mcepl@suse.com # Fix regression introduced by fix for CVE-2019-9636 Patch26: CVE-2019-10160-netloc-port-regression.patch # PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch bsc#1109663 mcepl@suse.com # Command injection in the shutil module Patch28: CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch # PATCH-FIX-UPSTREAM CVE-2019-16056-email-parse-addr.patch bsc#1149955 mcepl@suse.com # bpo#34155 The email module wrongly parses email addresses Patch29: CVE-2019-16056-email-parse-addr.patch # PATCH-FIX-UPSTREAM CVE-2020-8492-urllib-ReDoS.patch bsc#1162367 mcepl@suse.com # Fixes Python urrlib allowed an HTTP server to conduct Regular # Expression Denial of Service (ReDoS) Patch30: CVE-2020-8492-urllib-ReDoS.patch # PATCH-FIX-UPSTREAM CVE-2019-9674-zip-bomb.patch bsc#1162825 mcepl@suse.com # Improve documentation warning against the possible zip bombs Patch31: CVE-2019-9674-zip-bomb.patch # PATCH-FIX-SLE skip-failing-tests.patch mcepl@suse.com # test_write_filtered_python_package just wants to fail, and I have no idea why. Patch32: skip-failing-tests.patch # PATCH-FIX-UPSTREAM CVE-2019-9947-no-ctrl-char-http.patch bsc#1130840 bpo#30458 # avoid CRLF injenction; Patch33: CVE-2019-9947-no-ctrl-char-http.patch # PATCH-FIX-UPSTREAM CVE-2019-18348-CRLF_injection_via_host_part.patch bsc#1155094 bpo#38576 # disallow control characters in hostnames in httplib # DEPENDS on PATCH32 Patch34: CVE-2019-18348-CRLF_injection_via_host_part.patch # PATCH-FIX-UPSTREAM CVE-2019-20907_tarfile-inf-loop.patch bsc#1174091 mcepl@suse.com # avoid possible infinite loop in specifically crafted tarball (CVE-2019-20907) # REQUIRES SOURCE 34 Patch35: CVE-2019-20907_tarfile-inf-loop.patch # PATCH-FIX-UPSTREAM bpo37614-race_test_docxmlrpc_srv_setup.patch bpo#27614 mcepl@suse.com # avoid race in test_docxmlrpc (REQUIRED for Patch #36) Patch36: bpo37614-race_test_docxmlrpc_srv_setup.patch # PATCH-FIX-UPSTREAM CVE-2019-16935-xmlrpc-doc-server_title.patch bsc#1153238 mcepl@suse.com # XSS vulnerability in the documentation XML-RPC server in server_title field Patch37: CVE-2019-16935-xmlrpc-doc-server_title.patch # PATCH-FIX-UPSTREAM CVE-2020-14422-ipaddress-hash-collision.patch bsc#1173274 mcepl@suse.com # oversimplicstic computation of hash values leads to conflicts and potential for DOS Patch38: CVE-2020-14422-ipaddress-hash-collision.patch # PATCH-FIX-UPSTREAM CVE-2020-26116-httplib-header-injection.patch bsc#1177211 bpo#39603 # Fixes httplib to disallow control characters in method to avoid header # injection, equivalent of Patch33 and Patch34 for method of URL (GET, POST, etc.) Patch39: CVE-2020-26116-httplib-header-injection.patch # Update SSL certificates due to certificates shipped with the package expiring Patch40: update-ssl-certs.patch # PATCH-FIX-UPSTREAM CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch bsc#1181126 mcepl@suse.com # buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution Patch41: CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#1182379 mcepl@suse.com # urlparse only use '&' as a query string separator Patch42: CVE-2021-23336-only-amp-as-query-sep.patch # PATCH-FIX-UPSTREAM CVE-2020-27619-no-eval-http-content.patch bsc#1182207 mcepl@suse.com # No longer call eval() on content received via HTTP in the CJK codec tests Patch43: CVE-2020-27619-no-eval-http-content.patch # PATCH-FIX-UPSTREAM CVE-2021-3737-infinite-loop-on-100-Continue.patch bsc#1189241 mcepl@suse.com # avoid DoS via infinitely reading potential HTTP headers after a 100 Continue status response from the server Patch44: CVE-2021-3737-infinite-loop-on-100-Continue.patch # PATCH-FIX-UPSTREAM CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch bsc#1189287 mcepl@suse.com # Fix ReDoS in urllib AbstractBasicAuthHandler (bpo#43075) Patch45: CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch # PATCH-FIX-UPSTREAM CVE-2021-4189-ftplib-trust-PASV-resp.patch bsc#1194146 mcepl@suse.com # Make ftplib not trust the PASV response. (gh#python/cpython#24838) Patch46: CVE-2021-4189-ftplib-trust-PASV-resp.patch # PATCH-FIX-UPSTREAM CVE-2022-0391-urllib_parse-newline-parsing.patch bsc#1195396 mcepl@suse.com # whole long discussion is on bpo#43882 # fix for santization URLs containing ASCII newline and tabs in urllib.parse Patch47: CVE-2022-0391-urllib_parse-newline-parsing.patch # PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com # avoid the command injection in the mailcap module. Patch48: CVE-2015-20107-mailcap-unsafe-filenames.patch # PATCH-FIX-UPSTREAM bpo-46623-skip-zlib-s390x.patch gh#python/cpython#90781 mcepl@suse.com # skip two tests failing on s390x Patch49: bpo-46623-skip-zlib-s390x.patch # PATCH-FIX-UPSTREAM CVE-2021-28861 bsc#1202624 # Coerce // to / in Lib/http/server.py Patch50: CVE-2021-28861-double-slash-path.patch # PATCH-FIX-UPSTREAM CVE-2020-10735-DoS-no-limit-int-size.patch bsc#1203125 mcepl@suse.com # unlimited size of integers allows DoS by excessively long processing of large numbers # >> n = 10**(10**7) ; s = str(n) # Originally by Victor Stinner of Red Hat # https://github.com/fedora-python/cpython/commit/31cfb692dc5d Patch51: CVE-2020-10735-DoS-no-limit-int-size.patch # PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com # Avoid DoS by decoding IDNA for too long domain names Patch52: CVE-2022-45061-DoS-by-IDNA-decode.patch # PATCH-FIX-UPSTREAM CVE-2022-40899-ReDos-cookiejar.patch, bsc#1206673 gh#python/cpython#17157 daniel.garcia@suse.com Patch53: CVE-2022-40899-ReDos-cookiejar.patch # PATCH-FIX-UPSTREAM CVE-2023-24329-blank-URL-bypass.patch bsc#1208471 mcepl@suse.com # blocklist bypass via the urllib.parse component when supplying # a URL that starts with blank characters Patch54: CVE-2023-24329-blank-URL-bypass.patch # PATCH-FIX-UPSTREAM bpo-44434-libgcc_s-for-pthread_cancel.patch bsc#1203355 mcepl@suse.com # don't run PyThread_exit_thread() when you don't have to Patch55: bpo-44434-libgcc_s-for-pthread_cancel.patch # # PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com # # Implement PEP-706 to filter outcome of the tarball extracing # Patch56: CVE-2007-4559-filter-tarfile_extractall.patch # PATCH-FIX-UPSTREAM 99366-patch.dict-can-decorate-async.patch bsc#[0-9]+ mcepl@suse.com # Patch for gh#python/cpython#98086 Patch57: 99366-patch.dict-can-decorate-async.patch # PATCH-FIX-OPENSUSE stack_overflow_test_endless_recursion.patch bpo#12051 mcepl@suse.com # test_endless_recursion.patch has a tendency to overflow a stack Patch58: stack_overflow_test_endless_recursion.patch # PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) Patch59: CVE-2023-27043-email-parsing-errors.patch # PATCH-FIX-UPSTREAM CVE-2022-48564-DoS-read_ints-plistlib.patch bsc#1214677 mcepl@suse.com # Prevent DoS when processing malformed Apple Property List files in binary format Patch60: CVE-2022-48564-DoS-read_ints-plistlib.patch # PATCH-FIX-UPSTREAM CVE-2022-48565-plistlib-XML-vulns.patch bsc#1214685 mcepl@suse.com # Reject entity declarations in plists Patch61: CVE-2022-48565-plistlib-XML-vulns.patch # PATCH-FIX-UPSTREAM CVE-2022-48566-compare_digest-more-constant.patch bsc#1214691 mcepl@suse.com # Make compare_digest more constant-time Patch62: CVE-2022-48566-compare_digest-more-constant.patch ### COMMON-PATCH-END ### BuildRoot: %{_tmppath}/%{name}-%{version}-build # do not add defs here, please edit python3-base.spec instead # and run pre_checkin.sh # # see PACKAGING-NOTES for details ### COMMON-DEF-BEGIN ### # the versions are autogenerated from pre_checkin.sh # based on the current source tarball %define python_version 3.4 %define python_version_abitag 34 %define python_version_soname 3_4 %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build # see PEP 3149 %define abi_kind m # python ABI version - used in some file names %define python_abi %{python_version}%{abi_kind} # soname ABI tag defined in PEP 3149 %define abi_tag %{python_version_abitag}%{abi_kind} %define so_version %{python_version_soname}%{abi_kind}1_0 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}.so ### COMMON-DEF-END ### # some compatibility Provides Provides: python = %{python_version} Provides: python3 = %{python_version} Provides: python3-xml = %{version} Obsoletes: python3-xml < %{version} %description Python 3 is an interpreted, object-oriented programming language, and is often compared to Tcl, Perl, Scheme, or Java. You can find an overview of Python in the documentation and tutorials included in the python-doc (HTML) or python-doc-pdf (PDF) packages. If you want to install third party modules using distutils, you need to install python-devel package. %package tk Requires: %{name} = %{version} Summary: TkInter - Python Tk Interface Group: Development/Libraries/Python %description tk Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. The "xrpm" package uses this Python interface. %package curses Requires: %{name} = %{version} Summary: Python Interface to the (N)Curses Library Group: Development/Libraries/Python %description curses An easy to use interface to the (n)curses CUI library. CUI stands for Console User Interface. %package dbm Requires: %{name} = %{version} Summary: Python Interface to the GDBM Library Group: Development/Languages/Python %description dbm An easy to use interface for Unix DBM databases, and more specifically, the GNU implementation GDBM. %package idle Summary: An Integrated Development Environment for Python Group: Development/Languages/Python Requires: %{name} = %{version} Requires: python3-tk %description idle IDLE is a Tkinter based integrated development environment for Python. It features a multi-window text editor with multiple undo, Python colorizing, and many other things, as well as a Python shell window and a debugger. %prep %setup -q -n %{tarname} ### COMMON-PREP-BEGIN ### %patch01 -p1 %patch02 -p1 #%%patch03 #- canonicalize disabled, needs testing whether the exploit still works %patch04 -p1 %patch06 -p1 %patch07 -p1 %patch09 -p1 %patch10 -p1 %patch12 -p1 %patch15 -p1 %patch18 -p1 %patch19 -p1 %patch20 -p1 %patch21 -p1 %patch26 -p1 %patch28 -p1 %patch29 -p1 %patch30 -p1 %patch31 -p1 %patch32 -p1 %patch33 -p1 %patch34 -p1 %patch35 -p1 %patch36 -p1 %patch37 -p1 %patch38 -p1 %patch39 -p1 %patch40 -p1 %patch41 -p1 %patch42 -p1 %patch43 -p1 %patch44 -p1 %patch45 -p1 %patch46 -p1 %patch47 -p1 %patch48 -p1 %patch49 -p1 %patch50 -p1 %patch51 -p1 %patch52 -p1 %patch53 -p1 %patch54 -p1 %patch55 -p1 # %%patch56 -p1 %patch57 -p1 %patch58 -p1 %patch59 -p1 %patch60 -p1 %patch61 -p1 %patch62 -p1 # For patch 34 cp -v %{SOURCE34} Lib/test/recursion.tar # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac # fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 for dir in Lib Tools; do # find *.py, filter to files that contain bad shebangs find $dir -name '*.py' -type f -print0 \ | xargs -0 grep -lE '^#! *(/usr/.*bin/(env +)?)?python' \ | xargs sed -r -i -e '1s@^#![[:space:]]*(/usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!/usr/bin/python3@' done ### COMMON-PREP-END ### %build export SUSE_ASNEEDED=0 export OPT="%{optflags} -fwrapv -DOPENSSL_LOAD_CONF" autoreconf -f -i . # prevent make from trying to rebuild asdl stuff, which requires existing # python installation touch Parser/asdl* Python/Python-ast.c Include/Python-ast.h Objects/typeslots.inc ./configure \ --prefix=%{_prefix} \ --libdir=%{_libdir} \ --mandir=%{_mandir} \ --docdir=%{_docdir}/python \ --enable-ipv6 \ --with-fpectl \ --enable-shared \ --with-system-ffi \ --with-system-expat \ --with-ensurepip=no make %{?_smp_mflags} # DESTDIR=$RPM_BUILD_ROOT %check # Limit virtual memory to avoid spurious failures if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then ulimit -v 10000000 || : fi # only test the parts skipped in python3-base TESTS="test_dbm_gnu test_dbm_ndbm test_readline test_ssl test_tcl test_tk test_ttk_guionly test_ttk_textonly test_curses test_socketserver test_sqlite test_hashlib test_smtpnet" # ensurepip-based tests TESTS="$TESTS test_venv test_ensurepip test_tools" # and the rest of the newly excluded stuff TESTS="$TESTS test_urllib test_urllib2 test_urllib2net" make test TESTOPTS="-u none $TESTS" %install make \ OPT="%{optflags} -fPIC" \ DESTDIR=$RPM_BUILD_ROOT \ install # clean out stuff that is in python-base and subpackages find $RPM_BUILD_ROOT%{_bindir} -mindepth 1 -not -name "*idle*" -print -delete rm $RPM_BUILD_ROOT%{_libdir}/lib* rm -r $RPM_BUILD_ROOT%{_libdir}/pkgconfig rm -r $RPM_BUILD_ROOT%{_mandir}/* rm -r $RPM_BUILD_ROOT%{_includedir}/* rm -r $RPM_BUILD_ROOT%{sitedir}/config* find $RPM_BUILD_ROOT%{sitedir} -name "*.egg-info" -exec rm {} ";" rm -r $RPM_BUILD_ROOT%{sitedir}/__pycache__ rm -r $RPM_BUILD_ROOT%{sitedir}/site-packages rm $RPM_BUILD_ROOT%{sitedir}/*.* for module in \ asyncio ctypes collections concurrent distutils email encodings \ html http \ importlib json logging multiprocessing plat-* pydoc_data unittest \ urllib venv wsgiref lib2to3 test turtledemo do rm -r $RPM_BUILD_ROOT%{sitedir}/$module done for library in \ array audioop binascii _bisect _bz2 cmath _codecs_* _crypt _csv \ _ctypes _datetime _decimal fcntl grp _heapq _json _lsprof \ _lzma math mmap _multibytecodec _multiprocessing nis _opcode ossaudiodev \ parser _pickle _posixsubprocess _random resource select _socket spwd \ _struct syslog termios _testbuffer _testimportmultiple time unicodedata zlib \ _ctypes_test _testcapi xxlimited \ _md5 _sha1 _sha256 _sha512 do eval rm "$RPM_BUILD_ROOT%{sitedir}/lib-dynload/$library.*" done # Idle is not packaged in base due to the appstream-glib dependency # move idle config into /etc install -d -m 755 %{buildroot}%{_sysconfdir}/idle3 ( cd %{buildroot}/%{sitedir}/idlelib/ for file in *.def ; do mv $file %{buildroot}%{_sysconfdir}/idle3/ ln -sf %{_sysconfdir}/idle3/$file %{buildroot}/%{sitedir}/idlelib/ done ) # install idle icons for size in 16 32 48 ; do install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle3.png done # install idle desktop file install -m 644 -D -t %{buildroot}%{_datadir}/applications %{SOURCE20} %suse_update_desktop_file idle3 install -m 644 -D -t %{buildroot}%{_datadir}/metainfo %{SOURCE21} %fdupes $RPM_BUILD_ROOT/%{_libdir}/python%{python_version} %files tk %defattr(644, root, root, 755) %{sitedir}/tkinter %exclude %{sitedir}/tkinter/test %{dynlib _tkinter} %files curses %defattr(644, root, root, 755) %{sitedir}/curses %{dynlib _curses} %{dynlib _curses_panel} %files dbm %defattr(644, root, root, 755) %{sitedir}/dbm %{dynlib _dbm} %{dynlib _gdbm} %files %defattr(644, root, root, 755) %dir %{sitedir} %dir %{sitedir}/lib-dynload %{sitedir}/ensurepip %{sitedir}/sqlite3 %exclude %{sitedir}/sqlite3/test %{sitedir}/xml %{sitedir}/xmlrpc %{dynlib _elementtree} %{dynlib _hashlib} %{dynlib pyexpat} %{dynlib readline} %{dynlib _sqlite3} %{dynlib _ssl} %files idle %defattr(644, root, root, 755) %{sitedir}/idlelib %dir %{_sysconfdir}/idle3 %config %{_sysconfdir}/idle3/* %doc Lib/idlelib/NEWS.txt %doc Lib/idlelib/README.txt %doc Lib/idlelib/TODO.txt %doc Lib/idlelib/extend.txt %doc Lib/idlelib/ChangeLog %{_bindir}/idle3 %{_datadir}/applications/idle3.desktop %dir %{_datadir}/metainfo %{_datadir}/metainfo/idle3.appdata.xml %{_datadir}/icons/hicolor/*/apps/idle3.png %dir %{_datadir}/icons/hicolor %dir %{_datadir}/icons/hicolor/16x16 %dir %{_datadir}/icons/hicolor/32x32 %dir %{_datadir}/icons/hicolor/48x48 %dir %{_datadir}/icons/hicolor/*/apps %attr(755, root, root) %{_bindir}/idle%{python_version} %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor