blob: 86614add43d01e5ffd32397a8bdcca0e5091634c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
# Maintainer: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Kiyoshi Aman <kiyoshi.aman@gmail.com>
pkgname=python3
# the python2-tkinter's pkgver needs to be synchronized with this.
pkgver=3.6.8
_basever="${pkgver%.*}"
pkgrel=1
pkgdesc="A high-level scripting language"
url="http://www.python.org"
arch="all"
license="custom"
provides="py3-pip"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests::noarch
$pkgname-wininst"
makedepends="expat-dev libressl-dev zlib-dev ncurses-dev bzip2-dev xz-dev
sqlite-dev libffi-dev tcl-dev linux-headers gdbm-dev readline-dev"
source="http://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
musl-find_library.patch
fix-xattrs-glibc.patch
CVE-2019-9636.patch
CVE-2019-16056.patch
"
builddir="$srcdir/Python-$pkgver"
# secfixes:
# 3.6.8-r1:
# - CVE-2019-16056
# 3.6.8-r0:
# - CVE-2018-14647
# - CVE-2018-20406
# - CVE-2019-9636
# 3.6.5-r0:
# - CVE-2018-1060
# - CVE-2018-1061
prepare() {
default_prepare
cd "$builddir"
# force system libs
rm -r Modules/expat \
Modules/zlib \
Modules/_ctypes/darwin* \
Modules/_ctypes/libffi*
}
build() {
cd "$builddir"
# --enable-optimizations is not enabled because it
# is very, very slow as many tests are ran sequentially
# for profile guided optimizations. additionally it
# seems some of the training tests hang on certain
# e.g. architectures (x86) possibly due to grsec or musl.
./configure \
--prefix=/usr \
--disable-rpath \
--enable-ipv6 \
--enable-loadable-sqlite-extensions \
--enable-shared \
--with-lto \
--with-computed-gotos \
--with-dbmliborder=gdbm:ndbm \
--with-system-expat \
--with-system-ffi \
--with-threads
# set thread stack size to 1MB so we don't segfault before we hit
# sys.getrecursionlimit()
make EXTRA_CFLAGS="$CFLAGS -DTHREAD_STACK_SIZE=0x100000"
}
check() {
cd "$builddir"
# test that we reach recursionlimit before we segfault
cat > test-stacksize.py <<-EOF
import threading
import sys
def fun(i):
try:
fun(i+1)
except:
sys.exit(0)
t = threading.Thread(target=fun, args=[1])
t.start()
EOF
LD_LIBRARY_PATH=$PWD ./python test-stacksize.py
local fail
# musl related
fail="test__locale test_locale test_strptime test_re" # various musl locale deficiencies
fail="$fail test_datetime" # hangs if 'tzdata' installed
fail="$fail test_os" # fpathconf, ttyname errno values
fail="$fail test_posix" # sched_[gs]etscheduler not impl
fail="$fail test_shutil" # lchmod, requires real unzip
# failures needing investigation
fail="$fail test_faulthandler test_gdb" # hangs(?)
fail="$fail test_tokenize test_tools" # SLOW (~60s)
fail="$fail test_capi" # test.test_capi.EmbeddingTests
fail="$fail test_threadsignals" # test_{,r}lock_acquire_interruption
fail="$fail test_time" # strftime/strptime %Z related
fail="$fail test_cmath test_math" # hang(?) on x86
fail="$fail test_hash test_plistlib" # fail on armhf
fail="$fail test_ctypes" # fail on aarch64 (ctypes.test.test_win32.Structures)
# kernel related
fail="$fail test_fcntl" # wants DNOTIFY, we don't have it
make quicktest TESTOPTS="--exclude $fail"
}
package() {
cd "$builddir"
make -j1 DESTDIR="$pkgdir" EXTRA_CFLAGS="$CFLAGS" install maninstall
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
# those are provided by python3-tkinter
rm -r "$pkgdir"/usr/bin/idle* "$pkgdir"/usr/lib/python*/idlelib \
"$pkgdir"/usr/lib/python*/tkinter
}
dev() {
default_dev
# pyconfig.h is needed runtime so we move it back
mkdir -p "$pkgdir"/usr/include/python${_basever}m
mv "$subpkgdir"/usr/include/python${_basever}m/pyconfig.h \
"$pkgdir"/usr/include/python${_basever}m/
}
tests() {
pkgdesc="The test modules from the main python package"
cd "$pkgdir"/usr/lib/python$_basever
local i; for i in */test */tests; do
mkdir -p "$subpkgdir"/usr/lib/python$_basever/"$i"
mv "$i"/* "$subpkgdir"/usr/lib/python$_basever/"$i"
rm -rf "$i"
done
mv "$pkgdir"/usr/lib/python$_basever/test \
"$subpkgdir"/usr/lib/python$_basever/
}
wininst() {
pkgdesc="Python wininst files"
mkdir -p "$subpkgdir"/usr/lib/python$_basever/distutils/command
mv "$pkgdir"/usr/lib/python$_basever/distutils/command/*.exe \
"$subpkgdir"/usr/lib/python$_basever/distutils/command
}
sha512sums="b17867e451ebe662f50df83ed112d3656c089e7d750651ea640052b01b713b58e66aac9e082f71fd16f5b5510bc9b797f5ccd30f5399581e9aa406197f02938a Python-3.6.8.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch
37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch
bf2ec0bdba63b714f99aa9783a31ab935b234cabe4dc482769462a55bd572c74e03f192fbc5e8a7e2b9a887a5eef7dc0c3819fb464b656f73b500d1b65b591ad CVE-2019-9636.patch
e8708c4fef1b591dd7251b36a785f9bc6472f2a25fba11bc4116814e93e770230ebd0016285c28d9065c49c5bf2be10f72182e23fb2767e1875ef20c94b5c97c CVE-2019-16056.patch"
|
