# Maintainer: Natanael Copa pkgname=python2 # the python2-tkinter's pkgver needs to be synchronized with this. pkgver=2.7.16 _verbase=${pkgver%.*} pkgrel=3 pkgdesc="A high-level scripting language" url="https://www.python.org/" arch="all" license="custom" provides="python=$pkgver-r$pkgrel" replaces="python" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests py-gdbm:gdbm $pkgname-wininst" makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev gdbm-dev sqlite-dev libffi-dev readline-dev linux-headers paxmark" source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz musl-find_library.patch unchecked-ioctl.patch CVE-2019-9636.patch CVE-2019-9948.patch CVE-2019-16056.patch CVE-2019-16935.patch " builddir="$srcdir/Python-$pkgver" # secfixes: # 2.7.16-33: # - CVE-2019-16056 # - CVE-2019-16935 # 2.7.16-r1: # - CVE-2019-9636 # - CVE-2019-9948 # 2.7.16-r0: # - CVE-2018-14647 # 2.7.15-r3: # - CVE-2019-5010 # 2.7.15-r0: # - CVE-2018-1060 # - CVE-2018-1061 prepare() { default_prepare # Make sure we use system libs rm -r Modules/expat Modules/_ctypes/libffi* Modules/zlib # make sure our /dev/shm is world writeable if ! touch /dev/shm/$pkgname-$pkgver; then error "/dev/shm is not world writeable. this will cause a broken python2 build" return 1 fi rm /dev/shm/$pkgname-$pkgver } build() { cd "$builddir" export OPT="$CFLAGS -DTHREAD_STACK_SIZE=0x100000" ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --enable-ipv6 \ --enable-optimizations \ --enable-shared \ --enable-unicode=ucs4 \ --with-system-expat \ --with-system-ffi \ --with-system-zlib \ --with-threads make } check() { cd "$builddir" # test that we reach recursionlimit before we segfault cat > test-stacksize.py <<-EOF import threading import sys def fun(i): try: fun(i+1) except: sys.exit(0) t = threading.Thread(target=fun, args=[1]) t.start() EOF LD_LIBRARY_PATH=$PWD ./python test-stacksize.py } package() { cd "$builddir" make -j1 DESTDIR="$pkgdir" install install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE rm "$pkgdir/usr/bin/2to3" # we need to enable emutramp - needed for virt-manager # disable mprotect - needed for cffi paxmark -zm "$pkgdir"/usr/bin/python$_verbase } _mv_files() { local i for i in "$@"; do mkdir -p "$subpkgdir"/${i%/*} mv "$pkgdir"/$i "$subpkgdir"/$i done } dev() { provides="python-dev=$pkgver-r$pkgrel" replaces="python-dev" # pyconfig.h is needed runtime so we move it back default_dev mkdir -p "$pkgdir"/usr/include/python$_verbase mv "$subpkgdir"/usr/include/python$_verbase/pyconfig.h \ "$pkgdir"/usr/include/python$_verbase/ } tests() { pkgdesc="The test modules from the main python package" provides="python-tests=$pkgver-r$pkgrel" replaces="python-tests" cd "$pkgdir" _mv_files usr/lib/python*/*/test \ usr/lib/python*/test } gdbm() { pkgdesc="GNU dbm database support for Python" provides="python-gdbm=$pkgver-r$pkgrel" replaces="python-gdbm py-gdbm" cd "$pkgdir" _mv_files $(find usr/lib -name '*gdbm*') } wininst() { pkgdesc="Python wininst files" mkdir -p "$subpkgdir"/usr/lib/python$_verbase/distutils/command mv "$pkgdir"/usr/lib/python$_verbase/distutils/command/*.exe \ "$subpkgdir"/usr/lib/python$_verbase/distutils/command } sha512sums="16e814e8dcffc707b595ca2919bd2fa3db0d15794c63d977364652c4a5b92e90e72b8c9e1cc83b5020398bd90a1b397dbdd7cb931c49f1aa4af6ef95414b43e0 Python-2.7.16.tar.xz ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch 5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82 unchecked-ioctl.patch 54086e7b4d3597969b945b1460fe578ff3a13289703d58d79b8f00f644eccc4acc11fc6128b7b114f022a6f6cedc91e02eead6373bac0d36e22eb580a1becb53 CVE-2019-9636.patch 2f9523bd3e39c4831110821d93aef1562ca80708f1b553428eb5c228cdf2192feb13d7aef41097a5df4b4243da8b8f7247f691c0ab73967b0bf2bf6a1a0d487f CVE-2019-9948.patch 971006063001d3d2f40833d79e0317f3748c056b9c8d714ce1bb1e804ad4c3c174071324e123ea71d453a41b0db28caf49b8128d6adee5c9b5aea1b66d1da647 CVE-2019-16056.patch 758a897f01665149a23cbc3898fe060c043647d6fe6d22d8ca9038554b4ef1c7b2ac638d37eaed265167cd50f9329be2518f07464dccb7a7ab34ec9be4710095 CVE-2019-16935.patch"