# Maintainer: Natanael Copa pkgname=python2 # the python2-tkinter's pkgver needs to be synchronized with this. pkgver=2.7.15 _verbase=${pkgver%.*} pkgrel=2 pkgdesc="A high-level scripting language" url="http://www.python.org" arch="all" license="custom" provides="python=$pkgver-r$pkgrel" replaces="python" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests py-gdbm:gdbm" depends="" makedepends="expat-dev libressl-dev zlib-dev ncurses-dev bzip2-dev gdbm-dev sqlite-dev libffi-dev readline-dev linux-headers paxmark" source="http://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz musl-find_library.patch unchecked-ioctl.patch CVE-2018-14647.patch CVE-2019-9636.patch CVE-2019-9948.patch " builddir="$srcdir/Python-$pkgver" # secfixes: # 2.7.15-r2: # - CVE-2019-9636 # - CVE-2019-9948 # - CVE-2018-14647 # 2.7.15-r0: # - CVE-2018-1060 # - CVE-2018-1061 prepare() { default_prepare # Make sure we use system libs rm -r Modules/expat Modules/_ctypes/libffi* Modules/zlib # make sure our /dev/shm is world writeable if ! touch /dev/shm/$pkgname-$pkgver; then error "/dev/shm is not world writeable. this will cause a broken python2 build" return 1 fi rm /dev/shm/$pkgname-$pkgver } build() { cd "$builddir" export OPT="$CFLAGS -DTHREAD_STACK_SIZE=0x100000" ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --enable-shared \ --with-threads \ --enable-ipv6 \ --with-system-ffi \ --with-system-expat \ --with-system-zlib \ --enable-unicode=ucs4 make } check() { cd "$builddir" # test that we reach recursionlimit before we segfault cat > test-stacksize.py <<-EOF import threading import sys def fun(i): try: fun(i+1) except: sys.exit(0) t = threading.Thread(target=fun, args=[1]) t.start() EOF LD_LIBRARY_PATH=$PWD ./python test-stacksize.py } package() { cd "$builddir" make -j1 DESTDIR="$pkgdir" install install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE rm "$pkgdir/usr/bin/2to3" # we need to enable emutramp - needed for virt-manager # disable mprotect - needed for cffi paxmark -zm "$pkgdir"/usr/bin/python$_verbase } _mv_files() { local i for i in "$@"; do mkdir -p "$subpkgdir"/${i%/*} mv "$pkgdir"/$i "$subpkgdir"/$i done } dev() { provides="python-dev=$pkgver-r$pkgrel" replaces="python-dev" # pyconfig.h is needed runtime so we move it back default_dev mkdir -p "$pkgdir"/usr/include/python$_verbase mv "$subpkgdir"/usr/include/python$_verbase/pyconfig.h \ "$pkgdir"/usr/include/python$_verbase/ } tests() { pkgdesc="The test modules from the main python package" provides="python-tests=$pkgver-r$pkgrel" replaces="python-tests" cd "$pkgdir" _mv_files usr/lib/python*/*/test \ usr/lib/python*/test } gdbm() { pkgdesc="GNU dbm database support for Python" provides="python-gdbm=$pkgver-r$pkgrel" replaces="python-gdbm py-gdbm" cd "$pkgdir" _mv_files $(find usr/lib -name '*gdbm*') } sha512sums="27ea43eb45fc68f3d2469d5f07636e10801dee11635a430ec8ec922ed790bb426b072da94df885e4dfa1ea8b7a24f2f56dd92f9b0f51e162330f161216bd6de6 Python-2.7.15.tar.xz ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch 5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82 unchecked-ioctl.patch 6ea4cde4483250bd3ecbf46214935c80ecd79958d09d7fab4f5ba0b80d73ff0a1433f7b6fbd9a5c42d4f2a3dda877cde6a3264a5c832c1e8f4ee3eb2405a624e CVE-2018-14647.patch 54086e7b4d3597969b945b1460fe578ff3a13289703d58d79b8f00f644eccc4acc11fc6128b7b114f022a6f6cedc91e02eead6373bac0d36e22eb580a1becb53 CVE-2019-9636.patch 2f9523bd3e39c4831110821d93aef1562ca80708f1b553428eb5c228cdf2192feb13d7aef41097a5df4b4243da8b8f7247f691c0ab73967b0bf2bf6a1a0d487f CVE-2019-9948.patch"