Browse code

Merge branch 'master' of https://github.com/vmware/photon

archive authored on 2019/06/14 23:30:22
Showing 10 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 
3 3
 Name:           cloud-init
4 4
 Version:        18.3
5
-Release:        2%{?dist}
5
+Release:        3%{?dist}
6 6
 Summary:        Cloud instance init scripts
7 7
 Group:          System Environment/Base
8 8
 License:        GPLv3
... ...
@@ -147,6 +147,8 @@ rm -rf $RPM_BUILD_ROOT
147 147
 
148 148
 
149 149
 %changelog
150
+*   Tue May 28 2019 Keerthana K <keerthanak@vmware.com> 18.3-3
151
+-   Delete the contents of network directory before adding the custom network files.
150 152
 *   Tue Dec 04 2018 Ajay Kaher <akaher@vmware.com> 18.3-2
151 153
 -   Fix auto startup at boot time
152 154
 *   Wed Oct 24 2018 Ajay Kaher <akaher@vmware.com> 18.3-1
... ...
@@ -1,7 +1,7 @@
1 1
 diff -rupN cloud-init-0.7.9/cloudinit/distros/photon.py cloud-init-0.7.9-new/cloudinit/distros/photon.py
2 2
 --- cloud-init-0.7.9/cloudinit/distros/photon.py	1969-12-31 16:00:00.000000000 -0800
3 3
 +++ cloud-init-0.7.9-new/cloudinit/distros/photon.py	2017-05-15 05:13:49.156848344 -0700
4
-@@ -0,0 +1,319 @@
4
+@@ -0,0 +1,320 @@
5 5
 +# vi: ts=4 expandtab
6 6
 +#
7 7
 +# Copyright (C) 2017 VMware Inc.
... ...
@@ -103,6 +103,7 @@ diff -rupN cloud-init-0.7.9/cloudinit/distros/photon.py cloud-init-0.7.9-new/clo
103 103
 +                    route_index += 1
104 104
 +
105 105
 +            if info.get('auto'):
106
++                util.delete_dir_contents(self.network_conf_dir)
106 107
 +                self._write_interface_file(net_fn, net_cfg, route_entry)
107 108
 +            if 'dns-nameservers' in info:
108 109
 +                nameservers.extend(info['dns-nameservers'])
109 110
deleted file mode 100644
... ...
@@ -1,79 +0,0 @@
1
-commit 470a435f3b42c9be5fdb7f7b04f3df5663ba7305
2
-Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
3
-Date:   Tue Sep 18 06:11:09 2018 -0700
4
-
5
-    bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)
6
-    
7
-    
8
-    The C accelerated _elementtree module now initializes hash randomization
9
-    salt from _Py_HashSecret instead of libexpat's default CPRNG.
10
-    
11
-    Signed-off-by: Christian Heimes <christian@python.org>
12
-    
13
-    https://bugs.python.org/issue34623
14
-    (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)
15
-    
16
-    Co-authored-by: Christian Heimes <christian@python.org>
17
-
18
-diff --git a/Include/pyexpat.h b/Include/pyexpat.h
19
-index 44259bf..07020b5 100644
20
-+++ b/Include/pyexpat.h
21
-@@ -3,7 +3,7 @@
22
- 
23
- /* note: you must import expat.h before importing this module! */
24
- 
25
--#define PyExpat_CAPI_MAGIC  "pyexpat.expat_CAPI 1.0"
26
-+#define PyExpat_CAPI_MAGIC  "pyexpat.expat_CAPI 1.1"
27
- #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"
28
- 
29
- struct PyExpat_CAPI
30
-@@ -48,6 +48,8 @@ struct PyExpat_CAPI
31
-     enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding);
32
-     int (*DefaultUnknownEncodingHandler)(
33
-         void *encodingHandlerData, const XML_Char *name, XML_Encoding *info);
34
-+    /* might be none for expat < 2.1.0 */
35
-+    int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);
36
-     /* always add new stuff to the end! */
37
- };
38
- 
39
-diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
40
-new file mode 100644
41
-index 0000000..31ad92e
42
-+++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
43
-@@ -0,0 +1,2 @@
44
-+The C accelerated _elementtree module now initializes hash randomization
45
-+salt from _Py_HashSecret instead of libexpat's default CSPRNG.
46
-diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
47
-index 1dfdb3c..4b86f96 100644
48
-+++ b/Modules/_elementtree.c
49
-@@ -3305,6 +3305,11 @@ _elementtree_XMLParser___init___impl(XMLParserObject *self, PyObject *html,
50
-         PyErr_NoMemory();
51
-         return -1;
52
-     }
53
-+    /* expat < 2.1.0 has no XML_SetHashSalt() */
54
-+    if (EXPAT(SetHashSalt) != NULL) {
55
-+        EXPAT(SetHashSalt)(self->parser,
56
-+                           (unsigned long)_Py_HashSecret.expat.hashsalt);
57
-+    }
58
- 
59
-     if (target) {
60
-         Py_INCREF(target);
61
-diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
62
-index c8a01d4..c52079e 100644
63
-+++ b/Modules/pyexpat.c
64
-@@ -1877,6 +1877,11 @@ MODULE_INITFUNC(void)
65
-     capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;
66
-     capi.SetEncoding = XML_SetEncoding;
67
-     capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;
68
-+#if XML_COMBINED_VERSION >= 20100
69
-+    capi.SetHashSalt = XML_SetHashSalt;
70
-+#else
71
-+    capi.SetHashSalt = NULL;
72
-+#endif
73
- 
74
-     /* export using capsule */
75
-     capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);
76 1
deleted file mode 100644
... ...
@@ -1,195 +0,0 @@
1
-commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd
2
-Author: Benjamin Peterson <benjamin@python.org>
3
-Date:   Thu Sep 20 18:36:40 2018 -0700
4
-
5
-    closes bpo-34656: Avoid relying on signed overflow in _pickle memos. (GH-9261)
6
-
7
-diff --git a/Modules/_pickle.c b/Modules/_pickle.c
8
-index 2de70f5..3588e33 100644
9
-+++ b/Modules/_pickle.c
10
-@@ -602,9 +602,9 @@ typedef struct {
11
- } PyMemoEntry;
12
- 
13
- typedef struct {
14
--    Py_ssize_t mt_mask;
15
--    Py_ssize_t mt_used;
16
--    Py_ssize_t mt_allocated;
17
-+    size_t mt_mask;
18
-+    size_t mt_used;
19
-+    size_t mt_allocated;
20
-     PyMemoEntry *mt_table;
21
- } PyMemoTable;
22
- 
23
-@@ -650,8 +650,8 @@ typedef struct UnpicklerObject {
24
-     /* The unpickler memo is just an array of PyObject *s. Using a dict
25
-        is unnecessary, since the keys are contiguous ints. */
26
-     PyObject **memo;
27
--    Py_ssize_t memo_size;       /* Capacity of the memo array */
28
--    Py_ssize_t memo_len;        /* Number of objects in the memo */
29
-+    size_t memo_size;       /* Capacity of the memo array */
30
-+    size_t memo_len;        /* Number of objects in the memo */
31
- 
32
-     PyObject *pers_func;        /* persistent_load() method, can be NULL. */
33
-     PyObject *pers_func_self;   /* borrowed reference to self if pers_func
34
-@@ -737,7 +737,6 @@ PyMemoTable_New(void)
35
- static PyMemoTable *
36
- PyMemoTable_Copy(PyMemoTable *self)
37
- {
38
--    Py_ssize_t i;
39
-     PyMemoTable *new = PyMemoTable_New();
40
-     if (new == NULL)
41
-         return NULL;
42
-@@ -754,7 +753,7 @@ PyMemoTable_Copy(PyMemoTable *self)
43
-         PyErr_NoMemory();
44
-         return NULL;
45
-     }
46
--    for (i = 0; i < self->mt_allocated; i++) {
47
-+    for (size_t i = 0; i < self->mt_allocated; i++) {
48
-         Py_XINCREF(self->mt_table[i].me_key);
49
-     }
50
-     memcpy(new->mt_table, self->mt_table,
51
-@@ -800,7 +799,7 @@ _PyMemoTable_Lookup(PyMemoTable *self, PyObject *key)
52
- {
53
-     size_t i;
54
-     size_t perturb;
55
--    size_t mask = (size_t)self->mt_mask;
56
-+    size_t mask = self->mt_mask;
57
-     PyMemoEntry *table = self->mt_table;
58
-     PyMemoEntry *entry;
59
-     Py_hash_t hash = (Py_hash_t)key >> 3;
60
-@@ -821,22 +820,24 @@ _PyMemoTable_Lookup(PyMemoTable *self, PyObject *key)
61
- 
62
- /* Returns -1 on failure, 0 on success. */
63
- static int
64
--_PyMemoTable_ResizeTable(PyMemoTable *self, Py_ssize_t min_size)
65
-+_PyMemoTable_ResizeTable(PyMemoTable *self, size_t min_size)
66
- {
67
-     PyMemoEntry *oldtable = NULL;
68
-     PyMemoEntry *oldentry, *newentry;
69
--    Py_ssize_t new_size = MT_MINSIZE;
70
--    Py_ssize_t to_process;
71
-+    size_t new_size = MT_MINSIZE;
72
-+    size_t to_process;
73
- 
74
-     assert(min_size > 0);
75
- 
76
--    /* Find the smallest valid table size >= min_size. */
77
--    while (new_size < min_size && new_size > 0)
78
--        new_size <<= 1;
79
--    if (new_size <= 0) {
80
-+    if (min_size > PY_SSIZE_T_MAX) {
81
-         PyErr_NoMemory();
82
-         return -1;
83
-     }
84
-+
85
-+    /* Find the smallest valid table size >= min_size. */
86
-+    while (new_size < min_size) {
87
-+        new_size <<= 1;
88
-+    }
89
-     /* new_size needs to be a power of two. */
90
-     assert((new_size & (new_size - 1)) == 0);
91
- 
92
-@@ -909,10 +910,12 @@ PyMemoTable_Set(PyMemoTable *self, PyObject *key, Py_ssize_t value)
93
-      * Very large memo tables (over 50K items) use doubling instead.
94
-      * This may help applications with severe memory constraints.
95
-      */
96
--    if (!(self->mt_used * 3 >= (self->mt_mask + 1) * 2))
97
-+    if (SIZE_MAX / 3 >= self->mt_used && self->mt_used * 3 < self->mt_allocated * 2) {
98
-         return 0;
99
--    return _PyMemoTable_ResizeTable(self,
100
--        (self->mt_used > 50000 ? 2 : 4) * self->mt_used);
101
-+    }
102
-+    // self->mt_used is always < PY_SSIZE_T_MAX, so this can't overflow.
103
-+    size_t desired_size = (self->mt_used > 50000 ? 2 : 4) * self->mt_used;
104
-+    return _PyMemoTable_ResizeTable(self, desired_size);
105
- }
106
- 
107
- #undef MT_MINSIZE
108
-@@ -1376,9 +1379,9 @@ _Unpickler_Readline(UnpicklerObject *self, char **result)
109
- /* Returns -1 (with an exception set) on failure, 0 on success. The memo array
110
-    will be modified in place. */
111
- static int
112
--_Unpickler_ResizeMemoList(UnpicklerObject *self, Py_ssize_t new_size)
113
-+_Unpickler_ResizeMemoList(UnpicklerObject *self, size_t new_size)
114
- {
115
--    Py_ssize_t i;
116
-+    size_t i;
117
- 
118
-     assert(new_size > self->memo_size);
119
- 
120
-@@ -1397,9 +1400,9 @@ _Unpickler_ResizeMemoList(UnpicklerObject *self, Py_ssize_t new_size)
121
- 
122
- /* Returns NULL if idx is out of bounds. */
123
- static PyObject *
124
--_Unpickler_MemoGet(UnpicklerObject *self, Py_ssize_t idx)
125
-+_Unpickler_MemoGet(UnpicklerObject *self, size_t idx)
126
- {
127
--    if (idx < 0 || idx >= self->memo_size)
128
-+    if (idx >= self->memo_size)
129
-         return NULL;
130
- 
131
-     return self->memo[idx];
132
-@@ -1408,7 +1411,7 @@ _Unpickler_MemoGet(UnpicklerObject *self, Py_ssize_t idx)
133
- /* Returns -1 (with an exception set) on failure, 0 on success.
134
-    This takes its own reference to `value`. */
135
- static int
136
--_Unpickler_MemoPut(UnpicklerObject *self, Py_ssize_t idx, PyObject *value)
137
-+_Unpickler_MemoPut(UnpicklerObject *self, size_t idx, PyObject *value)
138
- {
139
-     PyObject *old_item;
140
- 
141
-@@ -4413,14 +4416,13 @@ static PyObject *
142
- _pickle_PicklerMemoProxy_copy_impl(PicklerMemoProxyObject *self)
143
- /*[clinic end generated code: output=bb83a919d29225ef input=b73043485ac30b36]*/
144
- {
145
--    Py_ssize_t i;
146
-     PyMemoTable *memo;
147
-     PyObject *new_memo = PyDict_New();
148
-     if (new_memo == NULL)
149
-         return NULL;
150
- 
151
-     memo = self->pickler->memo;
152
--    for (i = 0; i < memo->mt_allocated; ++i) {
153
-+    for (size_t i = 0; i < memo->mt_allocated; ++i) {
154
-         PyMemoEntry entry = memo->mt_table[i];
155
-         if (entry.me_key != NULL) {
156
-             int status;
157
-@@ -6843,7 +6845,7 @@ static PyObject *
158
- _pickle_UnpicklerMemoProxy_copy_impl(UnpicklerMemoProxyObject *self)
159
- /*[clinic end generated code: output=e12af7e9bc1e4c77 input=97769247ce032c1d]*/
160
- {
161
--    Py_ssize_t i;
162
-+    size_t i;
163
-     PyObject *new_memo = PyDict_New();
164
-     if (new_memo == NULL)
165
-         return NULL;
166
-@@ -6994,8 +6996,7 @@ static int
167
- Unpickler_set_memo(UnpicklerObject *self, PyObject *obj)
168
- {
169
-     PyObject **new_memo;
170
--    Py_ssize_t new_memo_size = 0;
171
--    Py_ssize_t i;
172
-+    size_t new_memo_size = 0;
173
- 
174
-     if (obj == NULL) {
175
-         PyErr_SetString(PyExc_TypeError,
176
-@@ -7012,7 +7013,7 @@ Unpickler_set_memo(UnpicklerObject *self, PyObject *obj)
177
-         if (new_memo == NULL)
178
-             return -1;
179
- 
180
--        for (i = 0; i < new_memo_size; i++) {
181
-+        for (size_t i = 0; i < new_memo_size; i++) {
182
-             Py_XINCREF(unpickler->memo[i]);
183
-             new_memo[i] = unpickler->memo[i];
184
-         }
185
-@@ -7060,8 +7061,7 @@ Unpickler_set_memo(UnpicklerObject *self, PyObject *obj)
186
- 
187
-   error:
188
-     if (new_memo_size) {
189
--        i = new_memo_size;
190
--        while (--i >= 0) {
191
-+        for (size_t i = new_memo_size - 1; i != SIZE_MAX; i--) {
192
-             Py_XDECREF(new_memo[i]);
193
-         }
194
-         PyMem_FREE(new_memo);
195 1
deleted file mode 100644
... ...
@@ -1,99 +0,0 @@
1
-From be5de958e9052e322b0087c6dba81cdad0c3e031 Mon Sep 17 00:00:00 2001
2
-From: "Miss Islington (bot)"
3
- <31488909+miss-islington@users.noreply.github.com>
4
-Date: Tue, 15 Jan 2019 15:03:36 -0800
5
-Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
6
-
7
-Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
8
-distribution points with empty DP or URI correctly. A malicious or buggy
9
-certificate can result into segfault.
10
-
11
-Signed-off-by: Christian Heimes <christian@python.org>
12
-
13
-https://bugs.python.org/issue35746
14
-(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
15
-
16
-Co-authored-by: Christian Heimes <christian@python.org>
17
-
18
-+++ b/Lib/test/talos-2019-0758.pem	2019-05-23 19:44:16.402358117 +0530
19
-@@ -0,0 +1,22 @@
20
-++-----BEGIN CERTIFICATE-----
21
-+MIIDqDCCApKgAwIBAgIBAjALBgkqhkiG9w0BAQswHzELMAkGA1UEBhMCVUsxEDAO
22
-+BgNVBAMTB2NvZHktY2EwHhcNMTgwNjE4MTgwMDU4WhcNMjgwNjE0MTgwMDU4WjA7
23
-+MQswCQYDVQQGEwJVSzEsMCoGA1UEAxMjY29kZW5vbWljb24tdm0tMi50ZXN0Lmxh
24
-+bC5jaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC63fGB
25
-+J80A9Av1GB0bptslKRIUtJm8EeEu34HkDWbL6AJY0P8WfDtlXjlPaLqFa6sqH6ES
26
-+V48prSm1ZUbDSVL8R6BYVYpOlK8/48xk4pGTgRzv69gf5SGtQLwHy8UPBKgjSZoD
27
-+5a5k5wJXGswhKFFNqyyxqCvWmMnJWxXTt2XDCiWc4g4YAWi4O4+6SeeHVAV9rV7C
28
-+1wxqjzKovVe2uZOHjKEzJbbIU6JBPb6TRfMdRdYOw98n1VXDcKVgdX2DuuqjCzHP
29
-+WhU4Tw050M9NaK3eXp4Mh69VuiKoBGOLSOcS8reqHIU46Reg0hqeL8LIL6OhFHIF
30
-+j7HR6V1X6F+BfRS/AgMBAAGjgdYwgdMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUOktp
31
-+HQjxDXXUg8prleY9jeLKeQ4wTwYDVR0jBEgwRoAUx6zgPygZ0ZErF9sPC4+5e2Io
32
-+UU+hI6QhMB8xCzAJBgNVBAYTAlVLMRAwDgYDVQQDEwdjb2R5LWNhggkA1QEAuwb7
33
-+2s0wCQYDVR0SBAIwADAuBgNVHREEJzAlgiNjb2Rlbm9taWNvbi12bS0yLnRlc3Qu
34
-+bGFsLmNpc2NvLmNvbTAOBgNVHQ8BAf8EBAMCBaAwCwYDVR0fBAQwAjAAMAsGCSqG
35
-+SIb3DQEBCwOCAQEAvqantx2yBlM11RoFiCfi+AfSblXPdrIrHvccepV4pYc/yO6p
36
-+t1f2dxHQb8rWH3i6cWag/EgIZx+HJQvo0rgPY1BFJsX1WnYf1/znZpkUBGbVmlJr
37
-+t/dW1gSkNS6sPsM0Q+7HPgEv8CPDNK5eo7vU2seE0iWOkxSyVUuiCEY9ZVGaLVit
38
-+p0C78nZ35Pdv4I+1cosmHl28+es1WI22rrnmdBpH8J1eY6WvUw2xuZHLeNVN0TzV
39
-+Q3qq53AaCWuLOD1AjESWuUCxMZTK9DPS4JKXTK8RLyDeqOvJGjsSWp3kL0y3GaQ+
40
-+10T1rfkKJub2+m9A9duin1fn6tHc2wSvB7m3DA==
41
-+-----END CERTIFICATE-----
42
-+++ b/Lib/test/test_ssl.py	2019-05-23 19:46:19.630360578 +0530
43
-@@ -117,6 +117,7 @@ NONEXISTINGCERT = data_file("XXXnonexist
44
- BADKEY = data_file("badkey.pem")
45
- NOKIACERT = data_file("nokia.pem")
46
- NULLBYTECERT = data_file("nullbytecert.pem")
47
-+TALOS_INVALID_CRLDP = data_file("talos-2019-0758.pem")
48
- 
49
- DHFILE = data_file("dh1024.pem")
50
- BYTES_DHFILE = os.fsencode(DHFILE)
51
-@@ -364,6 +365,27 @@ class BasicSocketTests(unittest.TestCase
52
-         self.assertEqual(p['crlDistributionPoints'],
53
-                          ('http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',))
54
- 
55
-+    def test_parse_cert_CVE_2019_5010(self):
56
-+        p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
57
-+        if support.verbose:
58
-+            sys.stdout.write("\n" + pprint.pformat(p) + "\n")
59
-+        self.assertEqual(
60
-+            p,
61
-+            {
62
-+                'issuer': (
63
-+                    (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
64
-+                'notAfter': 'Jun 14 18:00:58 2028 GMT',
65
-+                'notBefore': 'Jun 18 18:00:58 2018 GMT',
66
-+                'serialNumber': '02',
67
-+                'subject': ((('countryName', 'UK'),),
68
-+                            (('commonName',
69
-+                              'codenomicon-vm-2.test.lal.cisco.com'),)),
70
-+                'subjectAltName': (
71
-+                    ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
72
-+                'version': 3
73
-+            }
74
-+        )
75
-+
76
-     def test_parse_cert_CVE_2013_4238(self):
77
-         p = ssl._ssl._test_decode_cert(NULLBYTECERT)
78
-         if support.verbose:
79
-+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst	2019-05-23 19:46:56.802361321 +0530
80
-@@ -0,0 +1,3 @@
81
-+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
82
-+not handle CRL distribution points with empty DP or URI correctly. A
83
-+malicious or buggy certificate can result into segfault.
84
-+++ b/Modules/_ssl.c	2019-05-23 19:47:41.194362207 +0530
85
-@@ -1501,6 +1501,10 @@ _get_crl_dp(X509 *certificate) {
86
-         STACK_OF(GENERAL_NAME) *gns;
87
- 
88
-         dp = sk_DIST_POINT_value(dps, i);
89
-+        if (dp->distpoint == NULL) {
90
-+            /* Ignore empty DP value, CVE-2019-5010 */
91
-+            continue;
92
-+        }
93
-         gns = dp->distpoint->name.fullname;
94
- 
95
-         for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {
96 1
deleted file mode 100644
... ...
@@ -1,141 +0,0 @@
1
-commit daad2c482c91de32d8305abbccc76a5de8b3a8be
2
-Author: Steve Dower <steve.dower@microsoft.com>
3
-Date:   Thu Mar 7 09:08:18 2019 -0800
4
-
5
-    bpo-36216: Add check for characters in netloc that normalize to separators (GH-12201)
6
-
7
-diff --git a/Doc/library/urllib.parse.rst b/Doc/library/urllib.parse.rst
8
-index 0c8f0f6..b565e1e 100644
9
-+++ b/Doc/library/urllib.parse.rst
10
-@@ -124,6 +124,11 @@ or on combining URL components into a URL string.
11
-    Unmatched square brackets in the :attr:`netloc` attribute will raise a
12
-    :exc:`ValueError`.
13
- 
14
-+   Characters in the :attr:`netloc` attribute that decompose under NFKC
15
-+   normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
16
-+   ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
17
-+   decomposed before parsing, no error will be raised.
18
-+
19
-    .. versionchanged:: 3.2
20
-       Added IPv6 URL parsing capabilities.
21
-
22
-@@ -141,6 +141,9 @@ or on combining URL components into a UR
23
-       Out-of-range port numbers now raise :exc:`ValueError`, instead of
24
-       returning :const:`None`.
25
- 
26
-+   .. versionchanged:: 3.7.3
27
-+      Characters that affect netloc parsing under NFKC normalization will
28
-+      now raise :exc:`ValueError`.
29
- 
30
- .. function:: parse_qs(qs, keep_blank_values=False, strict_parsing=False, encoding='utf-8', errors='replace')
31
- 
32
-@@ -257,10 +266,19 @@ or on combining URL components into a URL string.
33
-    Unmatched square brackets in the :attr:`netloc` attribute will raise a
34
-    :exc:`ValueError`.
35
- 
36
-+   Characters in the :attr:`netloc` attribute that decompose under NFKC
37
-+   normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
38
-+   ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
39
-+   decomposed before parsing, no error will be raised.
40
-+
41
-    .. versionchanged:: 3.6
42
-       Out-of-range port numbers now raise :exc:`ValueError`, instead of
43
-       returning :const:`None`.
44
- 
45
-+   .. versionchanged:: 3.7.3
46
-+      Characters that affect netloc parsing under NFKC normalization will
47
-+      now raise :exc:`ValueError`.
48
-+
49
- 
50
- .. function:: urlunsplit(parts)
51
- 
52
-diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
53
-index be50b47..e6638ae 100644
54
-+++ b/Lib/test/test_urlparse.py
55
-@@ -1,3 +1,5 @@
56
-+import sys
57
-+import unicodedata
58
- import unittest
59
- import urllib.parse
60
- 
61
-@@ -984,6 +986,27 @@ class UrlParseTestCase(unittest.TestCase):
62
-                 expected.append(name)
63
-         self.assertCountEqual(urllib.parse.__all__, expected)
64
- 
65
-+    def test_urlsplit_normalization(self):
66
-+        # Certain characters should never occur in the netloc,
67
-+        # including under normalization.
68
-+        # Ensure that ALL of them are detected and cause an error
69
-+        illegal_chars = '/:#?@'
70
-+        hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars}
71
-+        denorm_chars = [
72
-+            c for c in map(chr, range(128, sys.maxunicode))
73
-+            if (hex_chars & set(unicodedata.decomposition(c).split()))
74
-+            and c not in illegal_chars
75
-+        ]
76
-+        # Sanity check that we found at least one such character
77
-+        self.assertIn('\u2100', denorm_chars)
78
-+        self.assertIn('\uFF03', denorm_chars)
79
-+
80
-+        for scheme in ["http", "https", "ftp"]:
81
-+            for c in denorm_chars:
82
-+                url = "{}://netloc{}false.netloc/path".format(scheme, c)
83
-+                with self.subTest(url=url, char='{:04X}'.format(ord(c))):
84
-+                    with self.assertRaises(ValueError):
85
-+                        urllib.parse.urlsplit(url)
86
- 
87
- class Utility_Tests(unittest.TestCase):
88
-     """Testcase to test the various utility functions in the urllib."""
89
-diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
90
-index f691ab7..39c5d6a 100644
91
-+++ b/Lib/urllib/parse.py
92
-@@ -391,6 +391,21 @@ def _splitnetloc(url, start=0):
93
-             delim = min(delim, wdelim)     # use earliest delim position
94
-     return url[start:delim], url[delim:]   # return (domain, rest)
95
- 
96
-+def _checknetloc(netloc):
97
-+    if not netloc or netloc.isascii():
98
-+        return
99
-+    # looking for characters like \u2100 that expand to 'a/c'
100
-+    # IDNA uses NFKC equivalence, so normalize for this check
101
-+    import unicodedata
102
-+    netloc2 = unicodedata.normalize('NFKC', netloc)
103
-+    if netloc == netloc2:
104
-+        return
105
-+    _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
106
-+    for c in '/?#@:':
107
-+        if c in netloc2:
108
-+            raise ValueError("netloc '" + netloc2 + "' contains invalid " +
109
-+                             "characters under NFKC normalization")
110
-+
111
- def urlsplit(url, scheme='', allow_fragments=True):
112
-     """Parse a URL into 5 components:
113
-     <scheme>://<netloc>/<path>?<query>#<fragment>
114
-@@ -419,6 +434,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
115
-                 url, fragment = url.split('#', 1)
116
-             if '?' in url:
117
-                 url, query = url.split('?', 1)
118
-+            _checknetloc(netloc)
119
-             v = SplitResult('http', netloc, url, query, fragment)
120
-             _parse_cache[key] = v
121
-             return _coerce_result(v)
122
-@@ -442,6 +458,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
123
-         url, fragment = url.split('#', 1)
124
-     if '?' in url:
125
-         url, query = url.split('?', 1)
126
-+    _checknetloc(netloc)
127
-     v = SplitResult(scheme, netloc, url, query, fragment)
128
-     _parse_cache[key] = v
129
-     return _coerce_result(v)
130
-diff --git a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
131
-new file mode 100644
132
-index 0000000..5546394
133
-+++ b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
134
-@@ -0,0 +1,3 @@
135
-+Changes urlsplit() to raise ValueError when the URL contains characters that
136
-+decompose under IDNA encoding (NFKC-normalization) into characters that
137
-+affect how the URL is parsed.
... ...
@@ -1,21 +1,17 @@
1 1
 Summary:        A high-level scripting language
2 2
 Name:           python3
3
-Version:        3.7.0
4
-Release:        6%{?dist}
3
+Version:        3.7.3
4
+Release:        1%{?dist}
5 5
 License:        PSF
6 6
 URL:            http://www.python.org/
7 7
 Group:          System Environment/Programming
8 8
 Vendor:         VMware, Inc.
9 9
 Distribution:   Photon
10 10
 Source0:        https://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz
11
-%define sha1    Python=653cffa5b9f2a28150afe4705600d2e55d89b564
11
+%define sha1    Python=e3584650a06ae2765da0678176deae9d133f1b3d
12 12
 Patch0:         cgi3.patch
13 13
 Patch1:         python3-support-photon-platform.patch
14
-Patch2:         CVE-2018-14647.patch
15
-Patch3:         CVE-2018-20406.patch
16
-Patch4:         CVE-2019-9636.patch
17
-Patch5:         CVE-2019-5010.patch
18
-Patch6:         CVE-2019-9740.patch
14
+Patch2:         CVE-2019-9740.patch
19 15
 BuildRequires:  pkg-config >= 0.28
20 16
 BuildRequires:  bzip2-devel
21 17
 BuildRequires:  ncurses-devel
... ...
@@ -137,10 +133,6 @@ The test package contains all regression tests for Python as well as the modules
137 137
 %patch0 -p1
138 138
 %patch1 -p1
139 139
 %patch2 -p1
140
-%patch3 -p1
141
-%patch4 -p1
142
-%patch5 -p1
143
-%patch6 -p1
144 140
 
145 141
 %build
146 142
 export OPT="${CFLAGS}"
... ...
@@ -253,20 +245,22 @@ rm -rf %{buildroot}/*
253 253
 %files pip
254 254
 %defattr(-,root,root,755)
255 255
 %{_libdir}/python3.7/site-packages/pip/*
256
-%{_libdir}/python3.7/site-packages/pip-10.0.1.dist-info/*
256
+%{_libdir}/python3.7/site-packages/pip-19.0.3.dist-info/*
257 257
 %{_bindir}/pip*
258 258
 
259 259
 %files setuptools
260 260
 %defattr(-,root,root,755)
261 261
 %{_libdir}/python3.7/site-packages/pkg_resources/*
262 262
 %{_libdir}/python3.7/site-packages/setuptools/*
263
-%{_libdir}/python3.7/site-packages/setuptools-39.0.1.dist-info/*
263
+%{_libdir}/python3.7/site-packages/setuptools-40.8.0.dist-info/*
264 264
 %{_bindir}/easy_install-3.7
265 265
 
266 266
 %files test
267 267
 %{_libdir}/python3.7/test/*
268 268
 
269 269
 %changelog
270
+*   Mon Jun 10 2019 Tapas Kundu <tkundu@vmware.com> 3.7.3-1
271
+-   Update to Python 3.7.3 release
270 272
 *   Thu May 23 2019 Tapas Kundu <tkundu@vmware.com> 3.7.0-6
271 273
 -   Fix for CVE-2019-5010
272 274
 -   Fix for CVE-2019-9740
... ...
@@ -31,7 +31,7 @@ class PackageBuilder(object):
31 31
         #test only if the package is in the testForceRPMS with rpmCheck
32 32
         #build only if the package is not in the testForceRPMS with rpmCheck
33 33
 
34
-        if not constants.rpmCheck or packageName in constants.testForceRPMS:
34
+        if not (constants.rpmCheck or packageName in constants.testForceRPMS):
35 35
             if self._checkIfPackageIsAlreadyBuilt(packageName, packageVersion, doneList):
36 36
                 return
37 37
 
... ...
@@ -66,9 +66,11 @@ class PackageManager(object):
66 66
     def buildPackages(self, listPackages, buildThreads):
67 67
         if constants.rpmCheck:
68 68
             constants.rpmCheck = False
69
+            constants.addMacro("with_check", "0")
69 70
             self.buildToolChainPackages(buildThreads)
70 71
             self._buildTestPackages(buildThreads)
71 72
             constants.rpmCheck = True
73
+            constants.addMacro("with_check", "1")
72 74
             self._buildGivenPackages(listPackages, buildThreads)
73 75
         else:
74 76
             self.buildToolChainPackages(buildThreads)
... ...
@@ -128,8 +130,11 @@ class PackageManager(object):
128 128
                     not constants.rpmCheck):
129 129
                 listPackagesToBuild.remove(pkg)
130 130
 
131
-        if not self._readPackageBuildData(listPackagesToBuild):
132
-            return False
131
+        if constants.rpmCheck:
132
+            self.sortedPackageList = listPackagesToBuild
133
+        else:
134
+            if not self._readPackageBuildData(listPackagesToBuild):
135
+                return False
133 136
 
134 137
         if self.sortedPackageList:
135 138
             self.logger.info("List of packages yet to be built...")
... ...
@@ -82,13 +82,33 @@ class Scheduler(object):
82 82
         Scheduler.sortedList = sortedList
83 83
 
84 84
         Scheduler.listOfAlreadyBuiltPackages = listOfAlreadyBuiltPackages
85
-        for x in Scheduler.sortedList:
86
-            if x not in Scheduler.listOfAlreadyBuiltPackages or x in constants.testForceRPMS:
87
-                Scheduler.listOfPackagesToBuild.append(x)
85
+
86
+        for pkg in Scheduler.sortedList:
87
+            pkgName, pkgVersion = StringUtils.splitPackageNameAndVersion(pkg)
88
+            if (pkg not in Scheduler.listOfAlreadyBuiltPackages
89
+               or pkgName in constants.testForceRPMS):
90
+                Scheduler.listOfPackagesToBuild.append(pkg)
91
+
88 92
         Scheduler.listOfPackagesCurrentlyBuilding = set()
89 93
         Scheduler.listOfPackagesNextToBuild = PriorityQueue()
90 94
         Scheduler.listOfFailedPackages = []
91
-        Scheduler._setPriorities()
95
+
96
+        # When performing (only) make-check, package dependencies are
97
+        # irrelevant; i.e., all the packages can be "make-checked" in
98
+        # parallel. So skip building the dependency graph. This is not
99
+        # merely an optimization! A given package can define
100
+        # additional packages to be installed in its build environment
101
+        # when performing a make-check, under %if %{with_check}.
102
+        # However, these are not really build-time-dependencies in the
103
+        # usual sense; i.e., there is no ordering requirement when
104
+        # building these packages; they only make sense when running a
105
+        # `make check`. Hence, trying to build a dependency graph out
106
+        # of them will result in anomalies such as cycles in the
107
+        # graph. So skip building the graph altogether and schedule
108
+        # all the `make check`s in parallel.
109
+        skipGraphBuild = constants.rpmCheck
110
+        Scheduler._setPriorities(skipGraphBuild)
111
+
92 112
         if constants.publishBuildDependencies:
93 113
             # This must be called only after calling _setPriorities(),
94 114
             # which builds the dependency graph.
... ...
@@ -542,13 +562,17 @@ class Scheduler(object):
542 542
 
543 543
 
544 544
     @staticmethod
545
-    def _setPriorities():
546
-        Scheduler._parseWeights()
547
-        Scheduler._buildGraph()
548
-
549
-        for package in Scheduler.sortedList:
550
-            pkgNode = Scheduler.mapPackagesToGraphNodes[package]
551
-            Scheduler.priorityMap[package] = pkgNode.criticalChainWeight
545
+    def _setPriorities(skipGraphBuild):
546
+        if skipGraphBuild:
547
+            for package in Scheduler.sortedList:
548
+                Scheduler.priorityMap[package] = 0
549
+        else:
550
+            Scheduler._parseWeights()
551
+            Scheduler._buildGraph()
552
+
553
+            for package in Scheduler.sortedList:
554
+                pkgNode = Scheduler.mapPackagesToGraphNodes[package]
555
+                Scheduler.priorityMap[package] = pkgNode.criticalChainWeight
552 556
 
553 557
         Scheduler.logger.debug("set Priorities: Priority of all packages")
554 558
         Scheduler.logger.debug(Scheduler.priorityMap)