# Maintainer: Natanael Copa pkgname=python2 # the python2-tkinter's pkgver needs to be synchronized with this. pkgver=2.7.17 _verbase=${pkgver%.*} pkgrel=0 pkgdesc="A high-level scripting language" url="https://www.python.org/" arch="all" license="custom" provides="python=$pkgver-r$pkgrel" replaces="python" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests py-gdbm:gdbm $pkgname-wininst" makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev gdbm-dev sqlite-dev libffi-dev readline-dev linux-headers paxmark" source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz musl-find_library.patch unchecked-ioctl.patch " builddir="$srcdir/Python-$pkgver" # secfixes: # 2.7.17-r0: # - CVE-2019-15903 # 2.7.16-r3: # - CVE-2019-16056 # - CVE-2019-16935 # 2.7.16-r1: # - CVE-2019-9636 # - CVE-2019-9948 # 2.7.16-r0: # - CVE-2018-14647 # 2.7.15-r3: # - CVE-2019-5010 # 2.7.15-r0: # - CVE-2018-1060 # - CVE-2018-1061 prepare() { default_prepare # Make sure we use system libs rm -r Modules/expat Modules/_ctypes/libffi* Modules/zlib # make sure our /dev/shm is world writeable if ! touch /dev/shm/$pkgname-$pkgver; then error "/dev/shm is not world writeable. this will cause a broken python2 build" return 1 fi rm /dev/shm/$pkgname-$pkgver } build() { cd "$builddir" export OPT="$CFLAGS -DTHREAD_STACK_SIZE=0x100000" ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --enable-ipv6 \ --enable-optimizations \ --enable-shared \ --enable-unicode=ucs4 \ --with-system-expat \ --with-system-ffi \ --with-system-zlib \ --with-threads make } check() { cd "$builddir" # test that we reach recursionlimit before we segfault cat > test-stacksize.py <<-EOF import threading import sys def fun(i): try: fun(i+1) except: sys.exit(0) t = threading.Thread(target=fun, args=[1]) t.start() EOF LD_LIBRARY_PATH=$PWD ./python test-stacksize.py } package() { cd "$builddir" make -j1 DESTDIR="$pkgdir" install install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE rm "$pkgdir/usr/bin/2to3" # we need to enable emutramp - needed for virt-manager # disable mprotect - needed for cffi paxmark -zm "$pkgdir"/usr/bin/python$_verbase } _mv_files() { local i for i in "$@"; do mkdir -p "$subpkgdir"/${i%/*} mv "$pkgdir"/$i "$subpkgdir"/$i done } dev() { provides="python-dev=$pkgver-r$pkgrel" replaces="python-dev" # pyconfig.h is needed runtime so we move it back default_dev mkdir -p "$pkgdir"/usr/include/python$_verbase mv "$subpkgdir"/usr/include/python$_verbase/pyconfig.h \ "$pkgdir"/usr/include/python$_verbase/ } tests() { pkgdesc="The test modules from the main python package" provides="python-tests=$pkgver-r$pkgrel" replaces="python-tests" cd "$pkgdir" _mv_files usr/lib/python*/*/test \ usr/lib/python*/test } gdbm() { pkgdesc="GNU dbm database support for Python" provides="python-gdbm=$pkgver-r$pkgrel" replaces="python-gdbm py-gdbm" cd "$pkgdir" _mv_files $(find usr/lib -name '*gdbm*') } wininst() { pkgdesc="Python wininst files" mkdir -p "$subpkgdir"/usr/lib/python$_verbase/distutils/command mv "$pkgdir"/usr/lib/python$_verbase/distutils/command/*.exe \ "$subpkgdir"/usr/lib/python$_verbase/distutils/command } sha512sums="2dc19a0b0d818c71429dae94783e58b2aac0fa31f5faa1e840cac06245a59932ecc4658d913515736601bcf70a78c9ec60367aed75f4567d1e41ff3bb104da9a Python-2.7.17.tar.xz ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch 5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82 unchecked-ioctl.patch"