aboutsummaryrefslogtreecommitdiffstats
path: root/main/python2/APKBUILD
blob: 986fbf52ed732b37a1c92db03d9bb77c8d425a69 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

pkgname=python2
# the python2-tkinter's pkgver needs to be synchronized with this.
pkgver=2.7.15
_verbase=${pkgver%.*}
pkgrel=2
pkgdesc="A high-level scripting language"
url="http://www.python.org"
arch="all"
license="custom"
provides="python=$pkgver-r$pkgrel"
replaces="python"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests py-gdbm:gdbm"
depends=""
makedepends="expat-dev libressl-dev zlib-dev ncurses-dev bzip2-dev
	gdbm-dev sqlite-dev libffi-dev readline-dev linux-headers paxmark"
source="http://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
	musl-find_library.patch
	unchecked-ioctl.patch
	CVE-2018-14647.patch
	CVE-2019-9636.patch
	CVE-2019-9948.patch
	"
builddir="$srcdir/Python-$pkgver"

# secfixes:
#   2.7.15-r2:
#     - CVE-2019-9636
#     - CVE-2019-9948
#     - CVE-2018-14647
#   2.7.15-r0:
#     - CVE-2018-1060
#     - CVE-2018-1061

prepare() {
	default_prepare

	# Make sure we use system libs
	rm -r Modules/expat Modules/_ctypes/libffi* Modules/zlib

	# make sure our /dev/shm is world writeable
	if ! touch /dev/shm/$pkgname-$pkgver; then
		error "/dev/shm is not world writeable. this will cause a broken python2 build"
		return 1
	fi
	rm /dev/shm/$pkgname-$pkgver
}

build() {
	cd "$builddir"
	export OPT="$CFLAGS -DTHREAD_STACK_SIZE=0x100000"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--enable-shared \
		--with-threads \
		--enable-ipv6 \
		--with-system-ffi \
		--with-system-expat \
		--with-system-zlib \
		--enable-unicode=ucs4
	make
}

check() {
	cd "$builddir"

	# test that we reach recursionlimit before we segfault
	cat > test-stacksize.py <<-EOF
	import threading
	import sys

	def fun(i):
	  try:
	    fun(i+1)
	  except:
	    sys.exit(0)

	t = threading.Thread(target=fun, args=[1])
	t.start()
EOF
	LD_LIBRARY_PATH=$PWD ./python test-stacksize.py
}

package() {
	cd "$builddir"
	make -j1 DESTDIR="$pkgdir" install
	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	rm "$pkgdir/usr/bin/2to3"
	# we need to enable emutramp - needed for virt-manager
	# disable mprotect - needed for cffi
	paxmark -zm "$pkgdir"/usr/bin/python$_verbase
}

_mv_files() {
	local i
	for i in "$@"; do
		mkdir -p "$subpkgdir"/${i%/*}
		mv "$pkgdir"/$i "$subpkgdir"/$i
	done
}

dev() {
	provides="python-dev=$pkgver-r$pkgrel"
	replaces="python-dev"

	# pyconfig.h is needed runtime so we move it back
	default_dev
	mkdir -p "$pkgdir"/usr/include/python$_verbase
	mv "$subpkgdir"/usr/include/python$_verbase/pyconfig.h \
		"$pkgdir"/usr/include/python$_verbase/
}

tests() {
	pkgdesc="The test modules from the main python package"
	provides="python-tests=$pkgver-r$pkgrel"
	replaces="python-tests"

	cd "$pkgdir"
	_mv_files usr/lib/python*/*/test \
		usr/lib/python*/test
}

gdbm() {
	pkgdesc="GNU dbm database support for Python"
	provides="python-gdbm=$pkgver-r$pkgrel"
	replaces="python-gdbm py-gdbm"

	cd "$pkgdir"
	_mv_files $(find usr/lib -name '*gdbm*')
}

sha512sums="27ea43eb45fc68f3d2469d5f07636e10801dee11635a430ec8ec922ed790bb426b072da94df885e4dfa1ea8b7a24f2f56dd92f9b0f51e162330f161216bd6de6  Python-2.7.15.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82  unchecked-ioctl.patch
6ea4cde4483250bd3ecbf46214935c80ecd79958d09d7fab4f5ba0b80d73ff0a1433f7b6fbd9a5c42d4f2a3dda877cde6a3264a5c832c1e8f4ee3eb2405a624e  CVE-2018-14647.patch
54086e7b4d3597969b945b1460fe578ff3a13289703d58d79b8f00f644eccc4acc11fc6128b7b114f022a6f6cedc91e02eead6373bac0d36e22eb580a1becb53  CVE-2019-9636.patch
2f9523bd3e39c4831110821d93aef1562ca80708f1b553428eb5c228cdf2192feb13d7aef41097a5df4b4243da8b8f7247f691c0ab73967b0bf2bf6a1a0d487f  CVE-2019-9948.patch"