summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2022-09-03 10:40:55 +0200
committerMichał Górny <mgorny@gentoo.org>2022-09-03 11:36:56 +0200
commitf0604f03d329ad2dc5d8c3a2893cf3de071c0f60 (patch)
treecf3ef65bbf5c70845eb3226b54a042cedc5881e7 /dev-lang
parentapp-crypt/kstart: Stabilize 4.3 x86, #867571 (diff)
downloadgentoo-f0604f03d329ad2dc5d8c3a2893cf3de071c0f60.tar.gz
gentoo-f0604f03d329ad2dc5d8c3a2893cf3de071c0f60.tar.bz2
gentoo-f0604f03d329ad2dc5d8c3a2893cf3de071c0f60.zip
dev-lang/python: Backport bignum vuln. fix to 3.11.0_rc1_p1
Bug: https://bugs.gentoo.org/868150 Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'dev-lang')
-rw-r--r--dev-lang/python/Manifest1
-rw-r--r--dev-lang/python/python-3.11.0_rc1_p1.ebuild481
2 files changed, 482 insertions, 0 deletions
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest
index 23a23bf7582d..c5c09195d8a8 100644
--- a/dev-lang/python/Manifest
+++ b/dev-lang/python/Manifest
@@ -11,5 +11,6 @@ DIST Python-3.9.13.tar.xz.asc 833 BLAKE2B db01c01be9d56cd15f9ab4a9e2cfa800faf4eb
DIST python-gentoo-patches-2.7.18_p15.tar.xz 34956 BLAKE2B d173f276dd9c0ce31004dcc55a0d18e9ce25a47683c2df3c4dd62e967dfbbb35be59a2f08cf20f30a19475a8a2344dd95b17400eafa88b5fdbe9270a12ccbf32 SHA512 d9386808265f978808e5c0ffd384cefe54fb0e05aeccfd394167d5227d9cd66e25c8e93c54914762b2cfc3c2dd851b26a7a84d62634c6aa8a0798aacbb7ac25f
DIST python-gentoo-patches-3.10.6_p2.tar.xz 12040 BLAKE2B 75c93fab19137a966b3775308bc20142f4d3648bbb9364e82c4eaffae93beda54011192881c52b85d2e2493a06cfe2a90f50675609908c3d5ebdb0103fe41644 SHA512 7e451a8a18a62592c2cd7b2db71065b77256960f43e172a0d7856b22b69138dcb1552f53b39bec14585a761cfe729c81613551c1b616fe1ec8d2b59856b11453
DIST python-gentoo-patches-3.11.0rc1.tar.xz 4384 BLAKE2B 31bcdc055bfaf3434dbb02543aaf66910eaccd01808d9a0e57bf7cb3b097fc0046c00ac44737d9c37e3b6d074c524f4dd3ab439a741e66d74a0425889ecaead5 SHA512 05b044e2d8f881c471528600ee300bfd9cf5160609dfb3d7cbdb8e43f47b681542582a85de97e28e6a3b89a3fb6c8d7398e029d31e20cea9c5a2a71700382d4e
+DIST python-gentoo-patches-3.11.0rc1_p1.tar.xz 19584 BLAKE2B 33c87e2e7141fa5cdf343df8cf30e8e0bd37fdfc7b4d84564b1131c57db27b5886184fd1291b2a898efafec60da5c01d16dce8b3c8792df7df15793d767d74cd SHA512 dc5547622a17bc899dfa7f55a4705f780fd3b731ccdb2c0a87e3d71b4490a32b54683ff862f412e2ac3480f0e84acf2e88176ecf89a8d62b97454e51258696ea
DIST python-gentoo-patches-3.8.13_p6.tar.xz 27968 BLAKE2B 0cafbdfed47e0d58a9798c1e090abb17428472f769ebe4125cf1210218b90bcfd2ad8790fafbfdc1daccc51078a6bf5e068157f05151c2283eb80d5fe128d85c SHA512 b23d51478cc126a6f7f3d1d6d2302a13f3e873a3fac19c7b2b86b79f4b25bd421b60e5ecbe9bb606ee0eedc0e6871d20c0befd1b6596b525bf6ef79a19230ae2
DIST python-gentoo-patches-3.9.13_p4.tar.xz 22072 BLAKE2B a0e084eff35d075d2255b139d0db114d282cb6c9c0c2ea51a8ecb7f5f1dc8096d6578ae5f804b7583a2b7842152b5723ad802ca816d46813c40aaa756118afc8 SHA512 cdf8d43fd5263c4956be234f36c0767215ab2495705d4f2a060b32ecbfbe159e618e31693b0538a1b970f7b27ebe4953063f585930d074dcaf59f2f61486e6b6
diff --git a/dev-lang/python/python-3.11.0_rc1_p1.ebuild b/dev-lang/python/python-3.11.0_rc1_p1.ebuild
new file mode 100644
index 000000000000..bba860f7875a
--- /dev/null
+++ b/dev-lang/python/python-3.11.0_rc1_p1.ebuild
@@ -0,0 +1,481 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+WANT_LIBTOOL="none"
+
+inherit autotools check-reqs flag-o-matic multiprocessing pax-utils
+inherit python-utils-r1 toolchain-funcs verify-sig
+
+MY_PV=${PV/_rc/rc}
+MY_P="Python-${MY_PV%_p*}"
+PYVER=$(ver_cut 1-2)
+PATCHSET="python-gentoo-patches-${MY_PV}"
+
+DESCRIPTION="An interpreted, interactive, object-oriented programming language"
+HOMEPAGE="
+ https://www.python.org/
+ https://github.com/python/cpython/
+"
+SRC_URI="
+ https://www.python.org/ftp/python/${PV%%_*}/${MY_P}.tar.xz
+ https://dev.gentoo.org/~mgorny/dist/python/${PATCHSET}.tar.xz
+ verify-sig? (
+ https://www.python.org/ftp/python/${PV%%_*}/${MY_P}.tar.xz.asc
+ )
+"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="PSF-2"
+SLOT="${PYVER}"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="
+ bluetooth build +ensurepip examples gdbm hardened libedit lto
+ +ncurses pgo +readline +sqlite +ssl test tk
+"
+RESTRICT="!test? ( test )"
+
+# Do not add a dependency on dev-lang/python to this ebuild.
+# If you need to apply a patch which requires python for bootstrapping, please
+# run the bootstrap code on your dev box and include the results in the
+# patchset. See bug 447752.
+
+RDEPEND="
+ app-arch/bzip2:=
+ app-arch/xz-utils:=
+ app-crypt/libb2
+ >=dev-libs/expat-2.1:=
+ dev-libs/libffi:=
+ sys-apps/util-linux:=
+ >=sys-libs/zlib-1.1.3:=
+ virtual/libcrypt:=
+ virtual/libintl
+ ensurepip? ( dev-python/ensurepip-wheels )
+ gdbm? ( sys-libs/gdbm:=[berkdb] )
+ ncurses? ( >=sys-libs/ncurses-5.2:= )
+ readline? (
+ !libedit? ( >=sys-libs/readline-4.1:= )
+ libedit? ( dev-libs/libedit:= )
+ )
+ sqlite? ( >=dev-db/sqlite-3.3.8:3= )
+ ssl? ( >=dev-libs/openssl-1.1.1:= )
+ tk? (
+ >=dev-lang/tcl-8.0:=
+ >=dev-lang/tk-8.0:=
+ dev-tcltk/blt:=
+ dev-tcltk/tix
+ )
+ !!<sys-apps/sandbox-2.21
+"
+# bluetooth requires headers from bluez
+DEPEND="
+ ${RDEPEND}
+ bluetooth? ( net-wireless/bluez )
+ test? ( app-arch/xz-utils[extra-filters(+)] )
+"
+# autoconf-archive needed to eautoreconf
+BDEPEND="
+ sys-devel/autoconf-archive
+ virtual/awk
+ virtual/pkgconfig
+ verify-sig? ( sec-keys/openpgp-keys-python )
+"
+RDEPEND+="
+ !build? ( app-misc/mime-types )
+"
+if [[ ${PV} != *_alpha* ]]; then
+ RDEPEND+="
+ dev-lang/python-exec[python_targets_python${PYVER/./_}(-)]
+ "
+fi
+
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/python.org.asc
+
+# large file tests involve a 2.5G file being copied (duplicated)
+CHECKREQS_DISK_BUILD=5500M
+
+QA_PKGCONFIG_VERSION=${PYVER}
+
+pkg_pretend() {
+ use test && check-reqs_pkg_pretend
+}
+
+pkg_setup() {
+ use test && check-reqs_pkg_setup
+}
+
+src_unpack() {
+ if use verify-sig; then
+ verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.asc}
+ fi
+ default
+}
+
+src_prepare() {
+ # Ensure that internal copies of expat and libffi are not used.
+ rm -r Modules/expat || die
+ rm -r Modules/_ctypes/libffi* || die
+
+ local PATCHES=(
+ "${WORKDIR}/${PATCHSET}"
+ )
+
+ default
+
+ # https://bugs.gentoo.org/850151
+ sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" setup.py || die
+
+ # force the correct number of jobs
+ # https://bugs.gentoo.org/737660
+ local jobs=$(makeopts_jobs)
+ sed -i -e "s:-j0:-j${jobs}:" Makefile.pre.in || die
+ sed -i -e "/self\.parallel/s:True:${jobs}:" setup.py || die
+
+ eautoreconf
+}
+
+src_configure() {
+ local disable
+ # disable automagic bluetooth headers detection
+ if ! use bluetooth; then
+ local -x ac_cv_header_bluetooth_bluetooth_h=no
+ fi
+
+ append-flags -fwrapv
+ filter-flags -malign-double
+
+ # https://bugs.gentoo.org/700012
+ if is-flagq -flto || is-flagq '-flto=*'; then
+ append-cflags $(test-flags-CC -ffat-lto-objects)
+ fi
+
+ # Export CXX so it ends up in /usr/lib/python3.X/config/Makefile.
+ # PKG_CONFIG needed for cross.
+ tc-export CXX PKG_CONFIG
+
+ # Fix implicit declarations on cross and prefix builds. Bug #674070.
+ if use ncurses; then
+ append-cppflags -I"${ESYSROOT}"/usr/include/ncursesw
+ fi
+
+ local dbmliborder=
+ if use gdbm; then
+ dbmliborder+="${dbmliborder:+:}gdbm"
+ fi
+
+ if use pgo; then
+ local profile_task_flags=(
+ -m test
+ "-j$(makeopts_jobs)"
+ --pgo-extended
+ -x test_gdb
+ -u-network
+
+ # All of these seem to occasionally hang for PGO inconsistently
+ # They'll even hang here but be fine in src_test sometimes.
+ # bug #828535 (and related: bug #788022)
+ -x test_asyncio
+ -x test_httpservers
+ -x test_logging
+ -x test_multiprocessing_fork
+ -x test_socket
+ -x test_xmlrpc
+ )
+
+ if has_version "app-arch/rpm" ; then
+ # Avoid sandbox failure (attempts to write to /var/lib/rpm)
+ profile_task_flags+=(
+ -x test_distutils
+ )
+ fi
+ local -x PROFILE_TASK="${profile_task_flags[*]}"
+ fi
+
+ local myeconfargs=(
+ # glibc-2.30 removes it; since we can't cleanly force-rebuild
+ # Python on glibc upgrade, remove it proactively to give
+ # a chance for users rebuilding python before glibc
+ ac_cv_header_stropts_h=no
+
+ --enable-shared
+ --without-static-libpython
+ --enable-ipv6
+ --infodir='${prefix}/share/info'
+ --mandir='${prefix}/share/man'
+ --with-computed-gotos
+ --with-dbmliborder="${dbmliborder}"
+ --with-libc=
+ --enable-loadable-sqlite-extensions
+ --without-ensurepip
+ --with-system-expat
+ --with-system-ffi
+ --with-platlibdir=lib
+ --with-pkg-config=yes
+ --with-wheel-pkg-dir="${EPREFIX}"/usr/lib/python/ensurepip
+
+ $(use_with lto)
+ $(use_enable pgo optimizations)
+ $(use_with readline readline "$(usex libedit editline readline)")
+ )
+
+ # disable implicit optimization/debugging flags
+ local -x OPT=
+ # pass system CFLAGS & LDFLAGS as _NODIST, otherwise they'll get
+ # propagated to sysconfig for built extensions
+ local -x CFLAGS_NODIST=${CFLAGS}
+ local -x LDFLAGS_NODIST=${LDFLAGS}
+ local -x CFLAGS= LDFLAGS=
+
+ if tc-is-cross-compiler ; then
+ # We need to build our own Python on CBUILD first, and feed it in.
+ # bug #847910
+ local myeconfargs_cbuild=(
+ "${myeconfargs[@]}"
+
+ # As minimal as possible for the mini CBUILD Python
+ # we build just for cross to satisfy --with-build-python.
+ --without-lto
+ --without-readline
+ --disable-optimizations
+ )
+
+ myeconfargs+=(
+ # Point the imminent CHOST build to the Python we just
+ # built for CBUILD.
+ --with-build-python="${WORKDIR}"/${P}-${CBUILD}/python
+ )
+
+ mkdir "${WORKDIR}"/${P}-${CBUILD} || die
+ pushd "${WORKDIR}"/${P}-${CBUILD} &> /dev/null || die
+ ECONF_SOURCE="${S}" econf_build "${myeconfargs_cbuild[@]}"
+
+ # Avoid as many dependencies as possible for the cross build.
+ cat >> Makefile <<-EOF || die
+ MODULE_NIS_STATE=disabled
+ MODULE__DBM_STATE=disabled
+ MODULE__GDBM_STATE=disabled
+ MODULE__DBM_STATE=disabled
+ MODULE__SQLITE3_STATE=disabled
+ MODULE__HASHLIB_STATE=disabled
+ MODULE__SSL_STATE=disabled
+ MODULE__CURSES_STATE=disabled
+ MODULE__CURSES_PANEL_STATE=disabled
+ MODULE_READLINE_STATE=disabled
+ MODULE__TKINTER_STATE=disabled
+ MODULE_PYEXPAT_STATE=disabled
+ MODULE_ZLIB_STATE=disabled
+ EOF
+
+ # Unfortunately, we do have to build this immediately, and
+ # not in src_compile, because CHOST configure for Python
+ # will check the existence of the --with-build-python value
+ # immediately.
+ emake
+ popd &> /dev/null || die
+ fi
+
+ econf "${myeconfargs[@]}"
+
+ if grep -q "#define POSIX_SEMAPHORES_NOT_ENABLED 1" pyconfig.h; then
+ eerror "configure has detected that the sem_open function is broken."
+ eerror "Please ensure that /dev/shm is mounted as a tmpfs with mode 1777."
+ die "Broken sem_open function (bug 496328)"
+ fi
+
+ # force-disable modules we don't want built
+ local disable_modules=( NIS )
+ use gdbm || disable_modules+=( _GDBM _DBM )
+ use sqlite || disable_modules+=( _SQLITE3 )
+ use ssl || disable_modules+=( _HASHLIB _SSL )
+ use ncurses || disable_modules+=( _CURSES _CURSES_PANEL )
+ use readline || disable_modules+=( READLINE )
+ use tk || disable_modules+=( _TKINTER )
+
+ local mod
+ for mod in "${disable_modules[@]}"; do
+ echo "MODULE_${mod}_STATE=disabled"
+ done >> Makefile || die
+
+ # install epython.py as part of stdlib
+ echo "EPYTHON='python${PYVER}'" > Lib/epython.py || die
+}
+
+src_compile() {
+ # Ensure sed works as expected
+ # https://bugs.gentoo.org/594768
+ local -x LC_ALL=C
+ # Prevent using distutils bundled by setuptools.
+ # https://bugs.gentoo.org/823728
+ export SETUPTOOLS_USE_DISTUTILS=stdlib
+ export PYTHONSTRICTEXTENSIONBUILD=1
+
+ # Save PYTHONDONTWRITEBYTECODE so that 'has_version' doesn't
+ # end up writing bytecode & violating sandbox.
+ # bug #831897
+ local -x _PYTHONDONTWRITEBYTECODE=${PYTHONDONTWRITEBYTECODE}
+
+ if use pgo ; then
+ # bug 660358
+ local -x COLUMNS=80
+ local -x PYTHONDONTWRITEBYTECODE=
+
+ addpredict /usr/lib/python3.11/site-packages
+ fi
+
+ # also need to clear the flags explicitly here or they end up
+ # in _sysconfigdata*
+ emake CPPFLAGS= CFLAGS= LDFLAGS=
+
+ # Restore saved value from above.
+ local -x PYTHONDONTWRITEBYTECODE=${_PYTHONDONTWRITEBYTECODE}
+
+ # Work around bug 329499. See also bug 413751 and 457194.
+ if has_version dev-libs/libffi[pax-kernel]; then
+ pax-mark E python
+ else
+ pax-mark m python
+ fi
+}
+
+src_test() {
+ # Tests will not work when cross compiling.
+ if tc-is-cross-compiler; then
+ elog "Disabling tests due to crosscompiling."
+ return
+ fi
+
+ # this just happens to skip test_support.test_freeze that is broken
+ # without bundled expat
+ # TODO: get a proper skip for it upstream
+ local -x LOGNAME=buildbot
+
+ local test_opts=(
+ -u-network
+ -j "$(makeopts_jobs)"
+
+ # fails
+ -x test_gdb
+ )
+
+ if use sparc ; then
+ # bug #788022
+ test_opts+=(
+ -x test_multiprocessing_fork
+ -x test_multiprocessing_forkserver
+ )
+ fi
+
+ # bug 660358
+ local -x COLUMNS=80
+ local -x PYTHONDONTWRITEBYTECODE=
+ # workaround https://bugs.gentoo.org/775416
+ addwrite /usr/lib/python3.11/site-packages
+
+ emake test EXTRATESTOPTS="${test_opts[*]}" \
+ CPPFLAGS= CFLAGS= LDFLAGS= < /dev/tty || die "emake test failed"
+}
+
+src_install() {
+ local libdir=${ED}/usr/lib/python${PYVER}
+
+ # -j1 hack for now for bug #843458
+ emake -j1 DESTDIR="${D}" altinstall
+
+ # Fix collisions between different slots of Python.
+ rm "${ED}/usr/$(get_libdir)/libpython3.so" || die
+
+ # Cheap hack to get version with ABIFLAGS
+ local abiver=$(cd "${ED}/usr/include"; echo python*)
+ if [[ ${abiver} != python${PYVER} ]]; then
+ # Replace python3.X with a symlink to python3.Xm
+ rm "${ED}/usr/bin/python${PYVER}" || die
+ dosym "${abiver}" "/usr/bin/python${PYVER}"
+ # Create python3.X-config symlink
+ dosym "${abiver}-config" "/usr/bin/python${PYVER}-config"
+ # Create python-3.5m.pc symlink
+ dosym "python-${PYVER}.pc" "/usr/$(get_libdir)/pkgconfig/${abiver/${PYVER}/-${PYVER}}.pc"
+ fi
+
+ # python seems to get rebuilt in src_install (bug 569908)
+ # Work around it for now.
+ if has_version dev-libs/libffi[pax-kernel]; then
+ pax-mark E "${ED}/usr/bin/${abiver}"
+ else
+ pax-mark m "${ED}/usr/bin/${abiver}"
+ fi
+
+ rm -r "${libdir}"/ensurepip/_bundled || die
+ if ! use ensurepip; then
+ rm -r "${libdir}"/ensurepip || die
+ fi
+ if ! use sqlite; then
+ rm -r "${libdir}/"sqlite3 || die
+ fi
+ if ! use tk; then
+ rm -r "${ED}/usr/bin/idle${PYVER}" || die
+ rm -r "${libdir}/"{idlelib,tkinter,test/test_tk*} || die
+ fi
+
+ dodoc Misc/{ACKS,HISTORY,NEWS}
+
+ if use examples; then
+ docinto examples
+ find Tools -name __pycache__ -exec rm -fr {} + || die
+ dodoc -r Tools
+ fi
+ insinto /usr/share/gdb/auto-load/usr/$(get_libdir) #443510
+ local libname=$(
+ printf 'e:\n\t@echo $(INSTSONAME)\ninclude Makefile\n' |
+ emake --no-print-directory -s -f - 2>/dev/null
+ )
+ newins Tools/gdb/libpython.py "${libname}"-gdb.py
+
+ newconfd "${FILESDIR}/pydoc.conf" pydoc-${PYVER}
+ newinitd "${FILESDIR}/pydoc.init" pydoc-${PYVER}
+ sed \
+ -e "s:@PYDOC_PORT_VARIABLE@:PYDOC${PYVER/./_}_PORT:" \
+ -e "s:@PYDOC@:pydoc${PYVER}:" \
+ -i "${ED}/etc/conf.d/pydoc-${PYVER}" \
+ "${ED}/etc/init.d/pydoc-${PYVER}" || die "sed failed"
+
+ # python-exec wrapping support
+ local pymajor=${PYVER%.*}
+ local EPYTHON=python${PYVER}
+ local scriptdir=${D}$(python_get_scriptdir)
+ mkdir -p "${scriptdir}" || die
+ # python and pythonX
+ ln -s "../../../bin/${abiver}" "${scriptdir}/python${pymajor}" || die
+ ln -s "python${pymajor}" "${scriptdir}/python" || die
+ # python-config and pythonX-config
+ # note: we need to create a wrapper rather than symlinking it due
+ # to some random dirname(argv[0]) magic performed by python-config
+ cat > "${scriptdir}/python${pymajor}-config" <<-EOF || die
+ #!/bin/sh
+ exec "${abiver}-config" "\${@}"
+ EOF
+ chmod +x "${scriptdir}/python${pymajor}-config" || die
+ ln -s "python${pymajor}-config" "${scriptdir}/python-config" || die
+ # 2to3, pydoc
+ ln -s "../../../bin/2to3-${PYVER}" "${scriptdir}/2to3" || die
+ ln -s "../../../bin/pydoc${PYVER}" "${scriptdir}/pydoc" || die
+ # idle
+ if use tk; then
+ ln -s "../../../bin/idle${PYVER}" "${scriptdir}/idle" || die
+ fi
+}
+
+pkg_postinst() {
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ver_test "${v}" -lt 3.11.0_beta4-r2; then
+ ewarn "Python 3.11.0b4 has changed its module ABI. The .pyc files"
+ ewarn "installed previously are no longer valid and will be regenerated"
+ ewarn "(or ignored) on the next import. This may cause sandbox failures"
+ ewarn "when installing some packages and checksum mismatches when removing"
+ ewarn "old versions. To actively prevent this, rebuild all packages"
+ ewarn "installing Python 3.11 modules, e.g. using:"
+ ewarn
+ ewarn " emerge -1v /usr/lib/python3.11/site-packages"
+ fi
+ done
+}