... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
|
3 | 3 |
Name: cloud-init |
4 | 4 |
Version: 18.3 |
5 |
-Release: 2%{?dist} |
|
5 |
+Release: 3%{?dist} |
|
6 | 6 |
Summary: Cloud instance init scripts |
7 | 7 |
Group: System Environment/Base |
8 | 8 |
License: GPLv3 |
... | ... |
@@ -147,6 +147,8 @@ rm -rf $RPM_BUILD_ROOT |
147 | 147 |
|
148 | 148 |
|
149 | 149 |
%changelog |
150 |
+* Tue May 28 2019 Keerthana K <keerthanak@vmware.com> 18.3-3 |
|
151 |
+- Delete the contents of network directory before adding the custom network files. |
|
150 | 152 |
* Tue Dec 04 2018 Ajay Kaher <akaher@vmware.com> 18.3-2 |
151 | 153 |
- Fix auto startup at boot time |
152 | 154 |
* Wed Oct 24 2018 Ajay Kaher <akaher@vmware.com> 18.3-1 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
diff -rupN cloud-init-0.7.9/cloudinit/distros/photon.py cloud-init-0.7.9-new/cloudinit/distros/photon.py |
2 | 2 |
--- cloud-init-0.7.9/cloudinit/distros/photon.py 1969-12-31 16:00:00.000000000 -0800 |
3 | 3 |
+++ cloud-init-0.7.9-new/cloudinit/distros/photon.py 2017-05-15 05:13:49.156848344 -0700 |
4 |
-@@ -0,0 +1,319 @@ |
|
4 |
+@@ -0,0 +1,320 @@ |
|
5 | 5 |
+# vi: ts=4 expandtab |
6 | 6 |
+# |
7 | 7 |
+# Copyright (C) 2017 VMware Inc. |
... | ... |
@@ -103,6 +103,7 @@ diff -rupN cloud-init-0.7.9/cloudinit/distros/photon.py cloud-init-0.7.9-new/clo |
103 | 103 |
+ route_index += 1 |
104 | 104 |
+ |
105 | 105 |
+ if info.get('auto'): |
106 |
++ util.delete_dir_contents(self.network_conf_dir) |
|
106 | 107 |
+ self._write_interface_file(net_fn, net_cfg, route_entry) |
107 | 108 |
+ if 'dns-nameservers' in info: |
108 | 109 |
+ nameservers.extend(info['dns-nameservers']) |
109 | 110 |
deleted file mode 100644 |
... | ... |
@@ -1,79 +0,0 @@ |
1 |
-commit 470a435f3b42c9be5fdb7f7b04f3df5663ba7305 |
|
2 |
-Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> |
|
3 |
-Date: Tue Sep 18 06:11:09 2018 -0700 |
|
4 |
- |
|
5 |
- bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) |
|
6 |
- |
|
7 |
- |
|
8 |
- The C accelerated _elementtree module now initializes hash randomization |
|
9 |
- salt from _Py_HashSecret instead of libexpat's default CPRNG. |
|
10 |
- |
|
11 |
- Signed-off-by: Christian Heimes <christian@python.org> |
|
12 |
- |
|
13 |
- https://bugs.python.org/issue34623 |
|
14 |
- (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) |
|
15 |
- |
|
16 |
- Co-authored-by: Christian Heimes <christian@python.org> |
|
17 |
- |
|
18 |
-diff --git a/Include/pyexpat.h b/Include/pyexpat.h |
|
19 |
-index 44259bf..07020b5 100644 |
|
20 |
-+++ b/Include/pyexpat.h |
|
21 |
-@@ -3,7 +3,7 @@ |
|
22 |
- |
|
23 |
- /* note: you must import expat.h before importing this module! */ |
|
24 |
- |
|
25 |
--#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0" |
|
26 |
-+#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1" |
|
27 |
- #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI" |
|
28 |
- |
|
29 |
- struct PyExpat_CAPI |
|
30 |
-@@ -48,6 +48,8 @@ struct PyExpat_CAPI |
|
31 |
- enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding); |
|
32 |
- int (*DefaultUnknownEncodingHandler)( |
|
33 |
- void *encodingHandlerData, const XML_Char *name, XML_Encoding *info); |
|
34 |
-+ /* might be none for expat < 2.1.0 */ |
|
35 |
-+ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt); |
|
36 |
- /* always add new stuff to the end! */ |
|
37 |
- }; |
|
38 |
- |
|
39 |
-diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst |
|
40 |
-new file mode 100644 |
|
41 |
-index 0000000..31ad92e |
|
42 |
-+++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst |
|
43 |
-@@ -0,0 +1,2 @@ |
|
44 |
-+The C accelerated _elementtree module now initializes hash randomization |
|
45 |
-+salt from _Py_HashSecret instead of libexpat's default CSPRNG. |
|
46 |
-diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c |
|
47 |
-index 1dfdb3c..4b86f96 100644 |
|
48 |
-+++ b/Modules/_elementtree.c |
|
49 |
-@@ -3305,6 +3305,11 @@ _elementtree_XMLParser___init___impl(XMLParserObject *self, PyObject *html, |
|
50 |
- PyErr_NoMemory(); |
|
51 |
- return -1; |
|
52 |
- } |
|
53 |
-+ /* expat < 2.1.0 has no XML_SetHashSalt() */ |
|
54 |
-+ if (EXPAT(SetHashSalt) != NULL) { |
|
55 |
-+ EXPAT(SetHashSalt)(self->parser, |
|
56 |
-+ (unsigned long)_Py_HashSecret.expat.hashsalt); |
|
57 |
-+ } |
|
58 |
- |
|
59 |
- if (target) { |
|
60 |
- Py_INCREF(target); |
|
61 |
-diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c |
|
62 |
-index c8a01d4..c52079e 100644 |
|
63 |
-+++ b/Modules/pyexpat.c |
|
64 |
-@@ -1877,6 +1877,11 @@ MODULE_INITFUNC(void) |
|
65 |
- capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler; |
|
66 |
- capi.SetEncoding = XML_SetEncoding; |
|
67 |
- capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler; |
|
68 |
-+#if XML_COMBINED_VERSION >= 20100 |
|
69 |
-+ capi.SetHashSalt = XML_SetHashSalt; |
|
70 |
-+#else |
|
71 |
-+ capi.SetHashSalt = NULL; |
|
72 |
-+#endif |
|
73 |
- |
|
74 |
- /* export using capsule */ |
|
75 |
- capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL); |
76 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,195 +0,0 @@ |
1 |
-commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd |
|
2 |
-Author: Benjamin Peterson <benjamin@python.org> |
|
3 |
-Date: Thu Sep 20 18:36:40 2018 -0700 |
|
4 |
- |
|
5 |
- closes bpo-34656: Avoid relying on signed overflow in _pickle memos. (GH-9261) |
|
6 |
- |
|
7 |
-diff --git a/Modules/_pickle.c b/Modules/_pickle.c |
|
8 |
-index 2de70f5..3588e33 100644 |
|
9 |
-+++ b/Modules/_pickle.c |
|
10 |
-@@ -602,9 +602,9 @@ typedef struct { |
|
11 |
- } PyMemoEntry; |
|
12 |
- |
|
13 |
- typedef struct { |
|
14 |
-- Py_ssize_t mt_mask; |
|
15 |
-- Py_ssize_t mt_used; |
|
16 |
-- Py_ssize_t mt_allocated; |
|
17 |
-+ size_t mt_mask; |
|
18 |
-+ size_t mt_used; |
|
19 |
-+ size_t mt_allocated; |
|
20 |
- PyMemoEntry *mt_table; |
|
21 |
- } PyMemoTable; |
|
22 |
- |
|
23 |
-@@ -650,8 +650,8 @@ typedef struct UnpicklerObject { |
|
24 |
- /* The unpickler memo is just an array of PyObject *s. Using a dict |
|
25 |
- is unnecessary, since the keys are contiguous ints. */ |
|
26 |
- PyObject **memo; |
|
27 |
-- Py_ssize_t memo_size; /* Capacity of the memo array */ |
|
28 |
-- Py_ssize_t memo_len; /* Number of objects in the memo */ |
|
29 |
-+ size_t memo_size; /* Capacity of the memo array */ |
|
30 |
-+ size_t memo_len; /* Number of objects in the memo */ |
|
31 |
- |
|
32 |
- PyObject *pers_func; /* persistent_load() method, can be NULL. */ |
|
33 |
- PyObject *pers_func_self; /* borrowed reference to self if pers_func |
|
34 |
-@@ -737,7 +737,6 @@ PyMemoTable_New(void) |
|
35 |
- static PyMemoTable * |
|
36 |
- PyMemoTable_Copy(PyMemoTable *self) |
|
37 |
- { |
|
38 |
-- Py_ssize_t i; |
|
39 |
- PyMemoTable *new = PyMemoTable_New(); |
|
40 |
- if (new == NULL) |
|
41 |
- return NULL; |
|
42 |
-@@ -754,7 +753,7 @@ PyMemoTable_Copy(PyMemoTable *self) |
|
43 |
- PyErr_NoMemory(); |
|
44 |
- return NULL; |
|
45 |
- } |
|
46 |
-- for (i = 0; i < self->mt_allocated; i++) { |
|
47 |
-+ for (size_t i = 0; i < self->mt_allocated; i++) { |
|
48 |
- Py_XINCREF(self->mt_table[i].me_key); |
|
49 |
- } |
|
50 |
- memcpy(new->mt_table, self->mt_table, |
|
51 |
-@@ -800,7 +799,7 @@ _PyMemoTable_Lookup(PyMemoTable *self, PyObject *key) |
|
52 |
- { |
|
53 |
- size_t i; |
|
54 |
- size_t perturb; |
|
55 |
-- size_t mask = (size_t)self->mt_mask; |
|
56 |
-+ size_t mask = self->mt_mask; |
|
57 |
- PyMemoEntry *table = self->mt_table; |
|
58 |
- PyMemoEntry *entry; |
|
59 |
- Py_hash_t hash = (Py_hash_t)key >> 3; |
|
60 |
-@@ -821,22 +820,24 @@ _PyMemoTable_Lookup(PyMemoTable *self, PyObject *key) |
|
61 |
- |
|
62 |
- /* Returns -1 on failure, 0 on success. */ |
|
63 |
- static int |
|
64 |
--_PyMemoTable_ResizeTable(PyMemoTable *self, Py_ssize_t min_size) |
|
65 |
-+_PyMemoTable_ResizeTable(PyMemoTable *self, size_t min_size) |
|
66 |
- { |
|
67 |
- PyMemoEntry *oldtable = NULL; |
|
68 |
- PyMemoEntry *oldentry, *newentry; |
|
69 |
-- Py_ssize_t new_size = MT_MINSIZE; |
|
70 |
-- Py_ssize_t to_process; |
|
71 |
-+ size_t new_size = MT_MINSIZE; |
|
72 |
-+ size_t to_process; |
|
73 |
- |
|
74 |
- assert(min_size > 0); |
|
75 |
- |
|
76 |
-- /* Find the smallest valid table size >= min_size. */ |
|
77 |
-- while (new_size < min_size && new_size > 0) |
|
78 |
-- new_size <<= 1; |
|
79 |
-- if (new_size <= 0) { |
|
80 |
-+ if (min_size > PY_SSIZE_T_MAX) { |
|
81 |
- PyErr_NoMemory(); |
|
82 |
- return -1; |
|
83 |
- } |
|
84 |
-+ |
|
85 |
-+ /* Find the smallest valid table size >= min_size. */ |
|
86 |
-+ while (new_size < min_size) { |
|
87 |
-+ new_size <<= 1; |
|
88 |
-+ } |
|
89 |
- /* new_size needs to be a power of two. */ |
|
90 |
- assert((new_size & (new_size - 1)) == 0); |
|
91 |
- |
|
92 |
-@@ -909,10 +910,12 @@ PyMemoTable_Set(PyMemoTable *self, PyObject *key, Py_ssize_t value) |
|
93 |
- * Very large memo tables (over 50K items) use doubling instead. |
|
94 |
- * This may help applications with severe memory constraints. |
|
95 |
- */ |
|
96 |
-- if (!(self->mt_used * 3 >= (self->mt_mask + 1) * 2)) |
|
97 |
-+ if (SIZE_MAX / 3 >= self->mt_used && self->mt_used * 3 < self->mt_allocated * 2) { |
|
98 |
- return 0; |
|
99 |
-- return _PyMemoTable_ResizeTable(self, |
|
100 |
-- (self->mt_used > 50000 ? 2 : 4) * self->mt_used); |
|
101 |
-+ } |
|
102 |
-+ // self->mt_used is always < PY_SSIZE_T_MAX, so this can't overflow. |
|
103 |
-+ size_t desired_size = (self->mt_used > 50000 ? 2 : 4) * self->mt_used; |
|
104 |
-+ return _PyMemoTable_ResizeTable(self, desired_size); |
|
105 |
- } |
|
106 |
- |
|
107 |
- #undef MT_MINSIZE |
|
108 |
-@@ -1376,9 +1379,9 @@ _Unpickler_Readline(UnpicklerObject *self, char **result) |
|
109 |
- /* Returns -1 (with an exception set) on failure, 0 on success. The memo array |
|
110 |
- will be modified in place. */ |
|
111 |
- static int |
|
112 |
--_Unpickler_ResizeMemoList(UnpicklerObject *self, Py_ssize_t new_size) |
|
113 |
-+_Unpickler_ResizeMemoList(UnpicklerObject *self, size_t new_size) |
|
114 |
- { |
|
115 |
-- Py_ssize_t i; |
|
116 |
-+ size_t i; |
|
117 |
- |
|
118 |
- assert(new_size > self->memo_size); |
|
119 |
- |
|
120 |
-@@ -1397,9 +1400,9 @@ _Unpickler_ResizeMemoList(UnpicklerObject *self, Py_ssize_t new_size) |
|
121 |
- |
|
122 |
- /* Returns NULL if idx is out of bounds. */ |
|
123 |
- static PyObject * |
|
124 |
--_Unpickler_MemoGet(UnpicklerObject *self, Py_ssize_t idx) |
|
125 |
-+_Unpickler_MemoGet(UnpicklerObject *self, size_t idx) |
|
126 |
- { |
|
127 |
-- if (idx < 0 || idx >= self->memo_size) |
|
128 |
-+ if (idx >= self->memo_size) |
|
129 |
- return NULL; |
|
130 |
- |
|
131 |
- return self->memo[idx]; |
|
132 |
-@@ -1408,7 +1411,7 @@ _Unpickler_MemoGet(UnpicklerObject *self, Py_ssize_t idx) |
|
133 |
- /* Returns -1 (with an exception set) on failure, 0 on success. |
|
134 |
- This takes its own reference to `value`. */ |
|
135 |
- static int |
|
136 |
--_Unpickler_MemoPut(UnpicklerObject *self, Py_ssize_t idx, PyObject *value) |
|
137 |
-+_Unpickler_MemoPut(UnpicklerObject *self, size_t idx, PyObject *value) |
|
138 |
- { |
|
139 |
- PyObject *old_item; |
|
140 |
- |
|
141 |
-@@ -4413,14 +4416,13 @@ static PyObject * |
|
142 |
- _pickle_PicklerMemoProxy_copy_impl(PicklerMemoProxyObject *self) |
|
143 |
- /*[clinic end generated code: output=bb83a919d29225ef input=b73043485ac30b36]*/ |
|
144 |
- { |
|
145 |
-- Py_ssize_t i; |
|
146 |
- PyMemoTable *memo; |
|
147 |
- PyObject *new_memo = PyDict_New(); |
|
148 |
- if (new_memo == NULL) |
|
149 |
- return NULL; |
|
150 |
- |
|
151 |
- memo = self->pickler->memo; |
|
152 |
-- for (i = 0; i < memo->mt_allocated; ++i) { |
|
153 |
-+ for (size_t i = 0; i < memo->mt_allocated; ++i) { |
|
154 |
- PyMemoEntry entry = memo->mt_table[i]; |
|
155 |
- if (entry.me_key != NULL) { |
|
156 |
- int status; |
|
157 |
-@@ -6843,7 +6845,7 @@ static PyObject * |
|
158 |
- _pickle_UnpicklerMemoProxy_copy_impl(UnpicklerMemoProxyObject *self) |
|
159 |
- /*[clinic end generated code: output=e12af7e9bc1e4c77 input=97769247ce032c1d]*/ |
|
160 |
- { |
|
161 |
-- Py_ssize_t i; |
|
162 |
-+ size_t i; |
|
163 |
- PyObject *new_memo = PyDict_New(); |
|
164 |
- if (new_memo == NULL) |
|
165 |
- return NULL; |
|
166 |
-@@ -6994,8 +6996,7 @@ static int |
|
167 |
- Unpickler_set_memo(UnpicklerObject *self, PyObject *obj) |
|
168 |
- { |
|
169 |
- PyObject **new_memo; |
|
170 |
-- Py_ssize_t new_memo_size = 0; |
|
171 |
-- Py_ssize_t i; |
|
172 |
-+ size_t new_memo_size = 0; |
|
173 |
- |
|
174 |
- if (obj == NULL) { |
|
175 |
- PyErr_SetString(PyExc_TypeError, |
|
176 |
-@@ -7012,7 +7013,7 @@ Unpickler_set_memo(UnpicklerObject *self, PyObject *obj) |
|
177 |
- if (new_memo == NULL) |
|
178 |
- return -1; |
|
179 |
- |
|
180 |
-- for (i = 0; i < new_memo_size; i++) { |
|
181 |
-+ for (size_t i = 0; i < new_memo_size; i++) { |
|
182 |
- Py_XINCREF(unpickler->memo[i]); |
|
183 |
- new_memo[i] = unpickler->memo[i]; |
|
184 |
- } |
|
185 |
-@@ -7060,8 +7061,7 @@ Unpickler_set_memo(UnpicklerObject *self, PyObject *obj) |
|
186 |
- |
|
187 |
- error: |
|
188 |
- if (new_memo_size) { |
|
189 |
-- i = new_memo_size; |
|
190 |
-- while (--i >= 0) { |
|
191 |
-+ for (size_t i = new_memo_size - 1; i != SIZE_MAX; i--) { |
|
192 |
- Py_XDECREF(new_memo[i]); |
|
193 |
- } |
|
194 |
- PyMem_FREE(new_memo); |
195 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,99 +0,0 @@ |
1 |
-From be5de958e9052e322b0087c6dba81cdad0c3e031 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: "Miss Islington (bot)" |
|
3 |
- <31488909+miss-islington@users.noreply.github.com> |
|
4 |
-Date: Tue, 15 Jan 2019 15:03:36 -0800 |
|
5 |
-Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569) |
|
6 |
- |
|
7 |
-Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL |
|
8 |
-distribution points with empty DP or URI correctly. A malicious or buggy |
|
9 |
-certificate can result into segfault. |
|
10 |
- |
|
11 |
-Signed-off-by: Christian Heimes <christian@python.org> |
|
12 |
- |
|
13 |
-https://bugs.python.org/issue35746 |
|
14 |
-(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3) |
|
15 |
- |
|
16 |
-Co-authored-by: Christian Heimes <christian@python.org> |
|
17 |
- |
|
18 |
-+++ b/Lib/test/talos-2019-0758.pem 2019-05-23 19:44:16.402358117 +0530 |
|
19 |
-@@ -0,0 +1,22 @@ |
|
20 |
-++-----BEGIN CERTIFICATE----- |
|
21 |
-+MIIDqDCCApKgAwIBAgIBAjALBgkqhkiG9w0BAQswHzELMAkGA1UEBhMCVUsxEDAO |
|
22 |
-+BgNVBAMTB2NvZHktY2EwHhcNMTgwNjE4MTgwMDU4WhcNMjgwNjE0MTgwMDU4WjA7 |
|
23 |
-+MQswCQYDVQQGEwJVSzEsMCoGA1UEAxMjY29kZW5vbWljb24tdm0tMi50ZXN0Lmxh |
|
24 |
-+bC5jaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC63fGB |
|
25 |
-+J80A9Av1GB0bptslKRIUtJm8EeEu34HkDWbL6AJY0P8WfDtlXjlPaLqFa6sqH6ES |
|
26 |
-+V48prSm1ZUbDSVL8R6BYVYpOlK8/48xk4pGTgRzv69gf5SGtQLwHy8UPBKgjSZoD |
|
27 |
-+5a5k5wJXGswhKFFNqyyxqCvWmMnJWxXTt2XDCiWc4g4YAWi4O4+6SeeHVAV9rV7C |
|
28 |
-+1wxqjzKovVe2uZOHjKEzJbbIU6JBPb6TRfMdRdYOw98n1VXDcKVgdX2DuuqjCzHP |
|
29 |
-+WhU4Tw050M9NaK3eXp4Mh69VuiKoBGOLSOcS8reqHIU46Reg0hqeL8LIL6OhFHIF |
|
30 |
-+j7HR6V1X6F+BfRS/AgMBAAGjgdYwgdMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUOktp |
|
31 |
-+HQjxDXXUg8prleY9jeLKeQ4wTwYDVR0jBEgwRoAUx6zgPygZ0ZErF9sPC4+5e2Io |
|
32 |
-+UU+hI6QhMB8xCzAJBgNVBAYTAlVLMRAwDgYDVQQDEwdjb2R5LWNhggkA1QEAuwb7 |
|
33 |
-+2s0wCQYDVR0SBAIwADAuBgNVHREEJzAlgiNjb2Rlbm9taWNvbi12bS0yLnRlc3Qu |
|
34 |
-+bGFsLmNpc2NvLmNvbTAOBgNVHQ8BAf8EBAMCBaAwCwYDVR0fBAQwAjAAMAsGCSqG |
|
35 |
-+SIb3DQEBCwOCAQEAvqantx2yBlM11RoFiCfi+AfSblXPdrIrHvccepV4pYc/yO6p |
|
36 |
-+t1f2dxHQb8rWH3i6cWag/EgIZx+HJQvo0rgPY1BFJsX1WnYf1/znZpkUBGbVmlJr |
|
37 |
-+t/dW1gSkNS6sPsM0Q+7HPgEv8CPDNK5eo7vU2seE0iWOkxSyVUuiCEY9ZVGaLVit |
|
38 |
-+p0C78nZ35Pdv4I+1cosmHl28+es1WI22rrnmdBpH8J1eY6WvUw2xuZHLeNVN0TzV |
|
39 |
-+Q3qq53AaCWuLOD1AjESWuUCxMZTK9DPS4JKXTK8RLyDeqOvJGjsSWp3kL0y3GaQ+ |
|
40 |
-+10T1rfkKJub2+m9A9duin1fn6tHc2wSvB7m3DA== |
|
41 |
-+-----END CERTIFICATE----- |
|
42 |
-+++ b/Lib/test/test_ssl.py 2019-05-23 19:46:19.630360578 +0530 |
|
43 |
-@@ -117,6 +117,7 @@ NONEXISTINGCERT = data_file("XXXnonexist |
|
44 |
- BADKEY = data_file("badkey.pem") |
|
45 |
- NOKIACERT = data_file("nokia.pem") |
|
46 |
- NULLBYTECERT = data_file("nullbytecert.pem") |
|
47 |
-+TALOS_INVALID_CRLDP = data_file("talos-2019-0758.pem") |
|
48 |
- |
|
49 |
- DHFILE = data_file("dh1024.pem") |
|
50 |
- BYTES_DHFILE = os.fsencode(DHFILE) |
|
51 |
-@@ -364,6 +365,27 @@ class BasicSocketTests(unittest.TestCase |
|
52 |
- self.assertEqual(p['crlDistributionPoints'], |
|
53 |
- ('http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',)) |
|
54 |
- |
|
55 |
-+ def test_parse_cert_CVE_2019_5010(self): |
|
56 |
-+ p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP) |
|
57 |
-+ if support.verbose: |
|
58 |
-+ sys.stdout.write("\n" + pprint.pformat(p) + "\n") |
|
59 |
-+ self.assertEqual( |
|
60 |
-+ p, |
|
61 |
-+ { |
|
62 |
-+ 'issuer': ( |
|
63 |
-+ (('countryName', 'UK'),), (('commonName', 'cody-ca'),)), |
|
64 |
-+ 'notAfter': 'Jun 14 18:00:58 2028 GMT', |
|
65 |
-+ 'notBefore': 'Jun 18 18:00:58 2018 GMT', |
|
66 |
-+ 'serialNumber': '02', |
|
67 |
-+ 'subject': ((('countryName', 'UK'),), |
|
68 |
-+ (('commonName', |
|
69 |
-+ 'codenomicon-vm-2.test.lal.cisco.com'),)), |
|
70 |
-+ 'subjectAltName': ( |
|
71 |
-+ ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),), |
|
72 |
-+ 'version': 3 |
|
73 |
-+ } |
|
74 |
-+ ) |
|
75 |
-+ |
|
76 |
- def test_parse_cert_CVE_2013_4238(self): |
|
77 |
- p = ssl._ssl._test_decode_cert(NULLBYTECERT) |
|
78 |
- if support.verbose: |
|
79 |
-+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst 2019-05-23 19:46:56.802361321 +0530 |
|
80 |
-@@ -0,0 +1,3 @@ |
|
81 |
-+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did |
|
82 |
-+not handle CRL distribution points with empty DP or URI correctly. A |
|
83 |
-+malicious or buggy certificate can result into segfault. |
|
84 |
-+++ b/Modules/_ssl.c 2019-05-23 19:47:41.194362207 +0530 |
|
85 |
-@@ -1501,6 +1501,10 @@ _get_crl_dp(X509 *certificate) { |
|
86 |
- STACK_OF(GENERAL_NAME) *gns; |
|
87 |
- |
|
88 |
- dp = sk_DIST_POINT_value(dps, i); |
|
89 |
-+ if (dp->distpoint == NULL) { |
|
90 |
-+ /* Ignore empty DP value, CVE-2019-5010 */ |
|
91 |
-+ continue; |
|
92 |
-+ } |
|
93 |
- gns = dp->distpoint->name.fullname; |
|
94 |
- |
|
95 |
- for (j=0; j < sk_GENERAL_NAME_num(gns); j++) { |
96 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,141 +0,0 @@ |
1 |
-commit daad2c482c91de32d8305abbccc76a5de8b3a8be |
|
2 |
-Author: Steve Dower <steve.dower@microsoft.com> |
|
3 |
-Date: Thu Mar 7 09:08:18 2019 -0800 |
|
4 |
- |
|
5 |
- bpo-36216: Add check for characters in netloc that normalize to separators (GH-12201) |
|
6 |
- |
|
7 |
-diff --git a/Doc/library/urllib.parse.rst b/Doc/library/urllib.parse.rst |
|
8 |
-index 0c8f0f6..b565e1e 100644 |
|
9 |
-+++ b/Doc/library/urllib.parse.rst |
|
10 |
-@@ -124,6 +124,11 @@ or on combining URL components into a URL string. |
|
11 |
- Unmatched square brackets in the :attr:`netloc` attribute will raise a |
|
12 |
- :exc:`ValueError`. |
|
13 |
- |
|
14 |
-+ Characters in the :attr:`netloc` attribute that decompose under NFKC |
|
15 |
-+ normalization (as used by the IDNA encoding) into any of ``/``, ``?``, |
|
16 |
-+ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is |
|
17 |
-+ decomposed before parsing, no error will be raised. |
|
18 |
-+ |
|
19 |
- .. versionchanged:: 3.2 |
|
20 |
- Added IPv6 URL parsing capabilities. |
|
21 |
- |
|
22 |
-@@ -141,6 +141,9 @@ or on combining URL components into a UR |
|
23 |
- Out-of-range port numbers now raise :exc:`ValueError`, instead of |
|
24 |
- returning :const:`None`. |
|
25 |
- |
|
26 |
-+ .. versionchanged:: 3.7.3 |
|
27 |
-+ Characters that affect netloc parsing under NFKC normalization will |
|
28 |
-+ now raise :exc:`ValueError`. |
|
29 |
- |
|
30 |
- .. function:: parse_qs(qs, keep_blank_values=False, strict_parsing=False, encoding='utf-8', errors='replace') |
|
31 |
- |
|
32 |
-@@ -257,10 +266,19 @@ or on combining URL components into a URL string. |
|
33 |
- Unmatched square brackets in the :attr:`netloc` attribute will raise a |
|
34 |
- :exc:`ValueError`. |
|
35 |
- |
|
36 |
-+ Characters in the :attr:`netloc` attribute that decompose under NFKC |
|
37 |
-+ normalization (as used by the IDNA encoding) into any of ``/``, ``?``, |
|
38 |
-+ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is |
|
39 |
-+ decomposed before parsing, no error will be raised. |
|
40 |
-+ |
|
41 |
- .. versionchanged:: 3.6 |
|
42 |
- Out-of-range port numbers now raise :exc:`ValueError`, instead of |
|
43 |
- returning :const:`None`. |
|
44 |
- |
|
45 |
-+ .. versionchanged:: 3.7.3 |
|
46 |
-+ Characters that affect netloc parsing under NFKC normalization will |
|
47 |
-+ now raise :exc:`ValueError`. |
|
48 |
-+ |
|
49 |
- |
|
50 |
- .. function:: urlunsplit(parts) |
|
51 |
- |
|
52 |
-diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py |
|
53 |
-index be50b47..e6638ae 100644 |
|
54 |
-+++ b/Lib/test/test_urlparse.py |
|
55 |
-@@ -1,3 +1,5 @@ |
|
56 |
-+import sys |
|
57 |
-+import unicodedata |
|
58 |
- import unittest |
|
59 |
- import urllib.parse |
|
60 |
- |
|
61 |
-@@ -984,6 +986,27 @@ class UrlParseTestCase(unittest.TestCase): |
|
62 |
- expected.append(name) |
|
63 |
- self.assertCountEqual(urllib.parse.__all__, expected) |
|
64 |
- |
|
65 |
-+ def test_urlsplit_normalization(self): |
|
66 |
-+ # Certain characters should never occur in the netloc, |
|
67 |
-+ # including under normalization. |
|
68 |
-+ # Ensure that ALL of them are detected and cause an error |
|
69 |
-+ illegal_chars = '/:#?@' |
|
70 |
-+ hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars} |
|
71 |
-+ denorm_chars = [ |
|
72 |
-+ c for c in map(chr, range(128, sys.maxunicode)) |
|
73 |
-+ if (hex_chars & set(unicodedata.decomposition(c).split())) |
|
74 |
-+ and c not in illegal_chars |
|
75 |
-+ ] |
|
76 |
-+ # Sanity check that we found at least one such character |
|
77 |
-+ self.assertIn('\u2100', denorm_chars) |
|
78 |
-+ self.assertIn('\uFF03', denorm_chars) |
|
79 |
-+ |
|
80 |
-+ for scheme in ["http", "https", "ftp"]: |
|
81 |
-+ for c in denorm_chars: |
|
82 |
-+ url = "{}://netloc{}false.netloc/path".format(scheme, c) |
|
83 |
-+ with self.subTest(url=url, char='{:04X}'.format(ord(c))): |
|
84 |
-+ with self.assertRaises(ValueError): |
|
85 |
-+ urllib.parse.urlsplit(url) |
|
86 |
- |
|
87 |
- class Utility_Tests(unittest.TestCase): |
|
88 |
- """Testcase to test the various utility functions in the urllib.""" |
|
89 |
-diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py |
|
90 |
-index f691ab7..39c5d6a 100644 |
|
91 |
-+++ b/Lib/urllib/parse.py |
|
92 |
-@@ -391,6 +391,21 @@ def _splitnetloc(url, start=0): |
|
93 |
- delim = min(delim, wdelim) # use earliest delim position |
|
94 |
- return url[start:delim], url[delim:] # return (domain, rest) |
|
95 |
- |
|
96 |
-+def _checknetloc(netloc): |
|
97 |
-+ if not netloc or netloc.isascii(): |
|
98 |
-+ return |
|
99 |
-+ # looking for characters like \u2100 that expand to 'a/c' |
|
100 |
-+ # IDNA uses NFKC equivalence, so normalize for this check |
|
101 |
-+ import unicodedata |
|
102 |
-+ netloc2 = unicodedata.normalize('NFKC', netloc) |
|
103 |
-+ if netloc == netloc2: |
|
104 |
-+ return |
|
105 |
-+ _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay |
|
106 |
-+ for c in '/?#@:': |
|
107 |
-+ if c in netloc2: |
|
108 |
-+ raise ValueError("netloc '" + netloc2 + "' contains invalid " + |
|
109 |
-+ "characters under NFKC normalization") |
|
110 |
-+ |
|
111 |
- def urlsplit(url, scheme='', allow_fragments=True): |
|
112 |
- """Parse a URL into 5 components: |
|
113 |
- <scheme>://<netloc>/<path>?<query>#<fragment> |
|
114 |
-@@ -419,6 +434,7 @@ def urlsplit(url, scheme='', allow_fragments=True): |
|
115 |
- url, fragment = url.split('#', 1) |
|
116 |
- if '?' in url: |
|
117 |
- url, query = url.split('?', 1) |
|
118 |
-+ _checknetloc(netloc) |
|
119 |
- v = SplitResult('http', netloc, url, query, fragment) |
|
120 |
- _parse_cache[key] = v |
|
121 |
- return _coerce_result(v) |
|
122 |
-@@ -442,6 +458,7 @@ def urlsplit(url, scheme='', allow_fragments=True): |
|
123 |
- url, fragment = url.split('#', 1) |
|
124 |
- if '?' in url: |
|
125 |
- url, query = url.split('?', 1) |
|
126 |
-+ _checknetloc(netloc) |
|
127 |
- v = SplitResult(scheme, netloc, url, query, fragment) |
|
128 |
- _parse_cache[key] = v |
|
129 |
- return _coerce_result(v) |
|
130 |
-diff --git a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst |
|
131 |
-new file mode 100644 |
|
132 |
-index 0000000..5546394 |
|
133 |
-+++ b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst |
|
134 |
-@@ -0,0 +1,3 @@ |
|
135 |
-+Changes urlsplit() to raise ValueError when the URL contains characters that |
|
136 |
-+decompose under IDNA encoding (NFKC-normalization) into characters that |
|
137 |
-+affect how the URL is parsed. |
... | ... |
@@ -1,21 +1,17 @@ |
1 | 1 |
Summary: A high-level scripting language |
2 | 2 |
Name: python3 |
3 |
-Version: 3.7.0 |
|
4 |
-Release: 6%{?dist} |
|
3 |
+Version: 3.7.3 |
|
4 |
+Release: 1%{?dist} |
|
5 | 5 |
License: PSF |
6 | 6 |
URL: http://www.python.org/ |
7 | 7 |
Group: System Environment/Programming |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: https://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz |
11 |
-%define sha1 Python=653cffa5b9f2a28150afe4705600d2e55d89b564 |
|
11 |
+%define sha1 Python=e3584650a06ae2765da0678176deae9d133f1b3d |
|
12 | 12 |
Patch0: cgi3.patch |
13 | 13 |
Patch1: python3-support-photon-platform.patch |
14 |
-Patch2: CVE-2018-14647.patch |
|
15 |
-Patch3: CVE-2018-20406.patch |
|
16 |
-Patch4: CVE-2019-9636.patch |
|
17 |
-Patch5: CVE-2019-5010.patch |
|
18 |
-Patch6: CVE-2019-9740.patch |
|
14 |
+Patch2: CVE-2019-9740.patch |
|
19 | 15 |
BuildRequires: pkg-config >= 0.28 |
20 | 16 |
BuildRequires: bzip2-devel |
21 | 17 |
BuildRequires: ncurses-devel |
... | ... |
@@ -137,10 +133,6 @@ The test package contains all regression tests for Python as well as the modules |
137 | 137 |
%patch0 -p1 |
138 | 138 |
%patch1 -p1 |
139 | 139 |
%patch2 -p1 |
140 |
-%patch3 -p1 |
|
141 |
-%patch4 -p1 |
|
142 |
-%patch5 -p1 |
|
143 |
-%patch6 -p1 |
|
144 | 140 |
|
145 | 141 |
%build |
146 | 142 |
export OPT="${CFLAGS}" |
... | ... |
@@ -253,20 +245,22 @@ rm -rf %{buildroot}/* |
253 | 253 |
%files pip |
254 | 254 |
%defattr(-,root,root,755) |
255 | 255 |
%{_libdir}/python3.7/site-packages/pip/* |
256 |
-%{_libdir}/python3.7/site-packages/pip-10.0.1.dist-info/* |
|
256 |
+%{_libdir}/python3.7/site-packages/pip-19.0.3.dist-info/* |
|
257 | 257 |
%{_bindir}/pip* |
258 | 258 |
|
259 | 259 |
%files setuptools |
260 | 260 |
%defattr(-,root,root,755) |
261 | 261 |
%{_libdir}/python3.7/site-packages/pkg_resources/* |
262 | 262 |
%{_libdir}/python3.7/site-packages/setuptools/* |
263 |
-%{_libdir}/python3.7/site-packages/setuptools-39.0.1.dist-info/* |
|
263 |
+%{_libdir}/python3.7/site-packages/setuptools-40.8.0.dist-info/* |
|
264 | 264 |
%{_bindir}/easy_install-3.7 |
265 | 265 |
|
266 | 266 |
%files test |
267 | 267 |
%{_libdir}/python3.7/test/* |
268 | 268 |
|
269 | 269 |
%changelog |
270 |
+* Mon Jun 10 2019 Tapas Kundu <tkundu@vmware.com> 3.7.3-1 |
|
271 |
+- Update to Python 3.7.3 release |
|
270 | 272 |
* Thu May 23 2019 Tapas Kundu <tkundu@vmware.com> 3.7.0-6 |
271 | 273 |
- Fix for CVE-2019-5010 |
272 | 274 |
- Fix for CVE-2019-9740 |
... | ... |
@@ -31,7 +31,7 @@ class PackageBuilder(object): |
31 | 31 |
#test only if the package is in the testForceRPMS with rpmCheck |
32 | 32 |
#build only if the package is not in the testForceRPMS with rpmCheck |
33 | 33 |
|
34 |
- if not constants.rpmCheck or packageName in constants.testForceRPMS: |
|
34 |
+ if not (constants.rpmCheck or packageName in constants.testForceRPMS): |
|
35 | 35 |
if self._checkIfPackageIsAlreadyBuilt(packageName, packageVersion, doneList): |
36 | 36 |
return |
37 | 37 |
|
... | ... |
@@ -66,9 +66,11 @@ class PackageManager(object): |
66 | 66 |
def buildPackages(self, listPackages, buildThreads): |
67 | 67 |
if constants.rpmCheck: |
68 | 68 |
constants.rpmCheck = False |
69 |
+ constants.addMacro("with_check", "0") |
|
69 | 70 |
self.buildToolChainPackages(buildThreads) |
70 | 71 |
self._buildTestPackages(buildThreads) |
71 | 72 |
constants.rpmCheck = True |
73 |
+ constants.addMacro("with_check", "1") |
|
72 | 74 |
self._buildGivenPackages(listPackages, buildThreads) |
73 | 75 |
else: |
74 | 76 |
self.buildToolChainPackages(buildThreads) |
... | ... |
@@ -128,8 +130,11 @@ class PackageManager(object): |
128 | 128 |
not constants.rpmCheck): |
129 | 129 |
listPackagesToBuild.remove(pkg) |
130 | 130 |
|
131 |
- if not self._readPackageBuildData(listPackagesToBuild): |
|
132 |
- return False |
|
131 |
+ if constants.rpmCheck: |
|
132 |
+ self.sortedPackageList = listPackagesToBuild |
|
133 |
+ else: |
|
134 |
+ if not self._readPackageBuildData(listPackagesToBuild): |
|
135 |
+ return False |
|
133 | 136 |
|
134 | 137 |
if self.sortedPackageList: |
135 | 138 |
self.logger.info("List of packages yet to be built...") |
... | ... |
@@ -82,13 +82,33 @@ class Scheduler(object): |
82 | 82 |
Scheduler.sortedList = sortedList |
83 | 83 |
|
84 | 84 |
Scheduler.listOfAlreadyBuiltPackages = listOfAlreadyBuiltPackages |
85 |
- for x in Scheduler.sortedList: |
|
86 |
- if x not in Scheduler.listOfAlreadyBuiltPackages or x in constants.testForceRPMS: |
|
87 |
- Scheduler.listOfPackagesToBuild.append(x) |
|
85 |
+ |
|
86 |
+ for pkg in Scheduler.sortedList: |
|
87 |
+ pkgName, pkgVersion = StringUtils.splitPackageNameAndVersion(pkg) |
|
88 |
+ if (pkg not in Scheduler.listOfAlreadyBuiltPackages |
|
89 |
+ or pkgName in constants.testForceRPMS): |
|
90 |
+ Scheduler.listOfPackagesToBuild.append(pkg) |
|
91 |
+ |
|
88 | 92 |
Scheduler.listOfPackagesCurrentlyBuilding = set() |
89 | 93 |
Scheduler.listOfPackagesNextToBuild = PriorityQueue() |
90 | 94 |
Scheduler.listOfFailedPackages = [] |
91 |
- Scheduler._setPriorities() |
|
95 |
+ |
|
96 |
+ # When performing (only) make-check, package dependencies are |
|
97 |
+ # irrelevant; i.e., all the packages can be "make-checked" in |
|
98 |
+ # parallel. So skip building the dependency graph. This is not |
|
99 |
+ # merely an optimization! A given package can define |
|
100 |
+ # additional packages to be installed in its build environment |
|
101 |
+ # when performing a make-check, under %if %{with_check}. |
|
102 |
+ # However, these are not really build-time-dependencies in the |
|
103 |
+ # usual sense; i.e., there is no ordering requirement when |
|
104 |
+ # building these packages; they only make sense when running a |
|
105 |
+ # `make check`. Hence, trying to build a dependency graph out |
|
106 |
+ # of them will result in anomalies such as cycles in the |
|
107 |
+ # graph. So skip building the graph altogether and schedule |
|
108 |
+ # all the `make check`s in parallel. |
|
109 |
+ skipGraphBuild = constants.rpmCheck |
|
110 |
+ Scheduler._setPriorities(skipGraphBuild) |
|
111 |
+ |
|
92 | 112 |
if constants.publishBuildDependencies: |
93 | 113 |
# This must be called only after calling _setPriorities(), |
94 | 114 |
# which builds the dependency graph. |
... | ... |
@@ -542,13 +562,17 @@ class Scheduler(object): |
542 | 542 |
|
543 | 543 |
|
544 | 544 |
@staticmethod |
545 |
- def _setPriorities(): |
|
546 |
- Scheduler._parseWeights() |
|
547 |
- Scheduler._buildGraph() |
|
548 |
- |
|
549 |
- for package in Scheduler.sortedList: |
|
550 |
- pkgNode = Scheduler.mapPackagesToGraphNodes[package] |
|
551 |
- Scheduler.priorityMap[package] = pkgNode.criticalChainWeight |
|
545 |
+ def _setPriorities(skipGraphBuild): |
|
546 |
+ if skipGraphBuild: |
|
547 |
+ for package in Scheduler.sortedList: |
|
548 |
+ Scheduler.priorityMap[package] = 0 |
|
549 |
+ else: |
|
550 |
+ Scheduler._parseWeights() |
|
551 |
+ Scheduler._buildGraph() |
|
552 |
+ |
|
553 |
+ for package in Scheduler.sortedList: |
|
554 |
+ pkgNode = Scheduler.mapPackagesToGraphNodes[package] |
|
555 |
+ Scheduler.priorityMap[package] = pkgNode.criticalChainWeight |
|
552 | 556 |
|
553 | 557 |
Scheduler.logger.debug("set Priorities: Priority of all packages") |
554 | 558 |
Scheduler.logger.debug(Scheduler.priorityMap) |