This patch was submitted to upstream libffi and from there to upstream
libtool, but it doesn't do anything. The original patch committed in
r158131 did do something but when it was no longer needed it was changed
into something that doesn't make sense in r221521 instead of being removed.
Remove it now before it causes more confusion.
- Remove patch that is included upstream
- Switch USE_OPENSSL to USES= ssl [1]
- Update documentation for python27
- Don't set CPE_VERSION, default is PORTVERSION [1]
PR: 210685
Submitted by: wen@(myself), brnrd@ [1]
Exp-run by: antoine
Differential Revision: https://reviews.freebsd.org/D6994
Add patch for integer overflow in zipimport module to all our python ports.
While I'm here, get rid of -f flag in ${RM} invocation, because ${RM} already
expands to rm -f, so in result we are getting something like:
/bin/rm -f -f /wrkdirs/usr/ports/lang/python35/work/stage/usr/local/lib/libpython3.so
PR: 210325
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: 1d0f6852-33d8-11e6-a671-60a44ce6887b
With hat: python
check in pyport.h for working around a very old ctype issue.
If the workaround for this issue is enabled, pyport.h redefines
toupper() and some other ctype macros, and this wreaks havoc when
including newer libc++ headers (or any other system header which tries
to declare those functions).
Approved by: portmgr (antoine)
PR: 208486
MFH: 2016Q2
In certain situations, file references (.py[co]) for Python files that
fail to compile with compileall() are still added to distutils --record
output.
This output is used for pkg-plist generation and must only contain
references to files that will be installed.
One example of a failure condition is when a Python 2/3 compatible
package containing a file containing Python 3.x only code is built with
Python 2.x, such as Gunicorn's _gaiohttp.py [1]
This change backports patches submitted against upstream issue 20397 [2]
that has not yet been committed.
- For Python 2.7 and 3.5, backport both install_lib and test
- For Python 3.2, 3.3 and 3.4, only backport install_lib
[1] https://svnweb.freebsd.org/changeset/ports/404558
[2] https://bugs.python.org/issue20397
Thank you to Brendan Molloy for producing and submitting the patches
against upstream sources.
Reviewed by: sbz (python)
MFH: 2016Q1
Differential Revision: D4832
In Python 3.4+, upstream added and switched to using a shell
implementation of the python-config script [1]. The Python
implementation (python-config.py) remained used by all versions < 3.4.
While the shell implementation returns the path to the Python
shared library when using the --ldflags script argument, the Python
implementation of the script does not. The bug has been reported, but
has not yet been merged [2].
The Python ports currently default to including ${LOCALBASE}/lib
in LIBS when the NLS option is enabled (which it is by default).
When built *with* NLS (gettext) support, the flags added to LIBS
are returned in `pythonX.Y-config --ldflags` output, which happens
to match the path to the Python shared library.
If the NLS option is disabled, ${LOCALBASE}/lib is not added to LIBS,
and are therefore not returned in --ldflags output.
This results in potential linking errors for software that uses
python-config to obtain the correct library path, when the NLS option is
disabled:
$ make WITH=PYTHON -C audio/alsa-lib
[...]
--- smixer-python.la ---
CCLD smixer-python.la
/usr/bin/ld: cannot find -lpython2.7
This change modifies the python-config.in script to match the shell
implementation, outputting the library path in --ldflags output.
While I'm here:
for Python 3.2 and Python 3.3 ports, backport a library order
change [3]. This could affect linking with static libraries.
Use standard length lines and reduce diffs in pkg-message
[1] https://bugs.python.org/issue16235
[2] https://bugs.python.org/issue7352
[2] https://bugs.python.org/issue18096
PR: 197757
Submitted by: jbeich
MFH: 2015Q4
The FreeBSD Python team welcomes Python 2.7.10 to the Ports tree!
Announcement: https://www.python.org/downloads/release/python-2710/
Changelog: https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS
Important changes for this release:
- Python 2.7.10 is a bug fix release of the Python 2.7.x series.
- Fixes issues with LibreSSL 2.2+
PR: 192511, 201088
Differentialr Revision: D2637
Reviewed by: koobs (mentor), vsevolod (mentor), antoine
Approved by: koobs (mentor)
The FreeBSD Python team welcomes Python 2.7.9 to the Ports tree!
Announcement: https://www.python.org/downloads/release/python-279/
Changelog: http://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS
Important changes for this release:
- The entirety of Python 3.4's ssl module has been backported for Python
2.7.9. See PEP 466 for justification.
- HTTPS certificate validation using the system's certificate store is
now enabled by default. See PEP 476 for details.
- SSLv3 has been disabled by default in httplib and its reverse
dependencies due to the POODLE attack.
- The ensurepip module module has been backported, which provides the
pip package manager in every Python 2.7 installation. See PEP 477.
- While updating, try to improve the NIS detection for FreeBSD
PR: 193650
Differential Revision: https://reviews.freebsd.org/D1323
Reviewed by: koobs
With hat: python
Remove patches and hacks that were used to work around the previous
situation
This allows to stage more ports as a regular user
Differential Revision: https://reviews.freebsd.org/D703
Reviewed by and discussed with: bapt
With hat: portmgr
Backport fix for upstream Issue #21166:
Prevent possible segfaults and other random failures of python
--generate-posix-vars in pybuilddir.txt build target by ensuring
that pybuilddir.txt is always regenerated when configure is run and
that the newly built skeleton python does not inadvertently import
modules from previously installed instances. [1]
This changeset has been committed for release in 2.7.9, 3.4.2, and 3.5.0.
A HUGE thank you to Ned Deily from the Python Core Development Team
for helping to identify the underlying cause, produce a fix and
wonderfully document the explanation.
[1] http://bugs.python.org/issue21166
preparatory step to convert bsd.python.mk into a USES file.
- Remove the shared/static build separation, which is the source of many
problems and even more hacks. Instead build only the shared version, which
greatly simplifies the build.
- Remove the FPECTL option to align the build with the clean "template" from
lang/python34.
- Remove support for GNU pthreads via the PTH option. It is a permanent
troublemaker for ports using Python and pthread support.
- Remove PORTDATA and EXAMPLES. Those will be made available via separate
ports.
- Add a new DEBUG option to enable debug builds as for lang/python34.
- Remove bin/smtpd. Only Python2.7 wants to install it, but we'd like to keep
it consistent with the other lang/pythonXX ports
- Add CPE support.
- Reactivate curses/ncurses support.
- Use buildbottest in the regression-test: target.
- Move pkg-message to the right place.
Phabric: D488
Exp-run: 192242, 192244
Reviewed by: koobs
With hat: python@
The FreeBSD Python team welcomes Python 2.7.8 to the Ports tree!
Announcement: https://www.python.org/download/releases/2.7.8/
Changelog: http://hg.python.org/cpython/raw-file/v2.7.8/Misc/NEWS
- Update to 2.7.8, update pkg-plist
- OPTIONS: Reorder and sort alphabetically
- OPTIONS: Make POSIX SEM(aphores) a DEFAULT (Hi binary package users!)
- OPTIONS: Add better descriptions for UCS2 and UCS4
- OPTIONS: Use options helpers
- Remove patch-CVE-2014-1912: upstream, was backported
- Remove patch-issue20374: upstream, was backported
- Rename patch-Doc__library__fcntl.rst: underscore convention
- Rename patch-Modules__fcntlmodule.c: underscore convention
- Patch: setup.py: Remove ncurses overrides and return to upstream code
- Patch: setup.py: Add partial backport for ossaudio OS checks
- pkg-message: Remove warning for POSIX Semaphores. They are now in
GENERIC for FreeBSD 8.x 9.x, 10.x and tested well upstream
- pkg-message: No longer needs substitutions, remove .in suffix and
SUB_FILES
- Rework and simplify the platformX mechanism, update pkg-plist
accordingly
- Add regression-test target
- Deprecate NOPORTDATA, remove pkg-plist entries with %%PORTDATA%%
- Replace bsd.{pre,post}.mk with bsd.port.options.mk
Based on original patch submitted by wen@ and worked on by lwhsu@,
thank you!
PR: 191405
PR: 178301
PR: 171246
Phabric: D364
Reviewed by: antoine, bapt, mat, mva, wg
Copy the second part of a change previously made to python27 [1], to
python31, python32 and python33.
This fixes staging and packaging of these ports by a non-root user by
running ranlib on the archive prior to it being installed read-only.
While I'm here:
- python27: Add breadcrumbs and references to the patch header
- python34: Update breadcrumbs and references to the patch header
[1] https://svnweb.freebsd.org/ports?view=revision&revision=350207
Submitted by: antoine
Reviewed by: kwm, sbz
Copy change committed to python27 [1] to python31, python32 and
python33 to fix builds of some extensions with Clang 3.4.
Also add breadcrumbs to the patch header in lang/python27 referencing
the upstream issue. [2]
The Python 3.4 port (lang/python34) already carries the patch.
[1] https://svnweb.freebsd.org/ports?view=revision&revision=346428
[2] http://bugs.python.org/issue20767
- pycompile only once, previously it would pycompile 3 imported modules
(getopt, struct and py_compile) and make them read-only, and later try
to pycompile them again and fail
- ranlib before installing archive read-only
With hat: portmgr
A vulnerability was reported [1] in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow.
This could be used to crash a Python application that uses the
socket.recvfrom_info() function or, possibly, execute arbitrary code
with the permissions of the user running vulnerable Python code.
This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw. This is
fixed in upstream branches for version 2.7, 3.1, 3.2 and 3.3.
[1] http://bugs.python.org/issue20246
MFH: 2014Q1
Security: 8e5e6d42-a0fa-11e3-b09a-080027f2d077
The current FreeBSD/ARM __clear_cache() implementation does nothing #if
__i386__ || __x86_64__ #else abort();
cognet@ advises this is an issue for anything !Apple that is using the
libcompiler_rt provided by Clang on ARM, and requires upstreaming.
This is the root cause of abort() on import for the ctypes module in
Python, as they bundle libffi. [1]
This change patches the bundled libffi library in all Python ports, even
though it is a NOOP for the ports that use devel/libffi. These ports,
currently python31, will get the fix via ports/184517
A huge shout out to cognet@ who helped diagnose the issue and created
the patch to address it. Thank you!
PR: ports/149167 [1]
PR: ports/184517
Submitted by: cognet [3]
Reviewed by: cognet, eadler, milki, ak
lang/python26, lang/python27 and lang/python31 now add
ac_cv_opt_olimit_ok=no to CONFIGURE_ENV to disable functionality that
was removed in Python 3.2+ [1]
Pending a backport of the commit [2] to 2.7, we can now remove the
locally maintained patch to configure that disabled the functionality
when CC = clang.
Apart from being narrower in scope than ac_cv_opt_olimit_ok=no, the patch
doesn't work for FreeBSD versions where clang *is* cc (eg: 10.0+)
[1] http://hg.python.org/lookup/r85656
[2] http://bugs.python.org/issue877121
Reviewed by: antoine
. lang/python27: 2.7.3 -> 2.7.5
. lang/python32: 3.2.3 -> 3.2.4
. lang/python33: 3.3.0 -> 3.3.1
- update Mk/bsd.python.mk with new versions
- mark lang/python26 and lang/python31 as deprecated (set them to
upstream EoL dates)
- update docs (lang/python-doc-html)
- align databases/py-bsddb patch for python27 - most of it was applied
upstream. Raise BDB version to 4.3 atleast, according to
upstream requirements.
Many thanks to Martin (miwi) for his time on this update.
PR: 178506
Submitted by: rm (myself)
Exp-run by: portmgr (miwi)
- revert erroneous threads patch in lang/python26 and lang/python27,
that was added after ports/131080. It was rejected upstream, because it's
not actually a bug, but misuse.
Gabor Pali (pgj) in collaboration with Kubilay Kocak (koobs) did an
independent investigation regard the issue. See here for details:
http://lists.freebsd.org/pipermail/freebsd-python/2013-April/005376.html
PR: 153167
Submitted by: Duncan Findlay <duncan@duncf.ca>
Reported by: pgj/koobs (at python@ ML)
Exp-run by: portmgr (miwi)
for an exp-run of updated python versions.
- trim Makefile headers
- remove leading indefinite article from COMMENT
- use PYTHON shortcut in MASTER_SITES
- whitespace fixes
- remove checks for unsupported versions of FreeBSD
- use static value ``33'' instead of PYTHON_SUFFIX in lang/python33/pkg-plist,
because this value is not supposed to be changed across the branch and for
consistency with other python3 ports
- remove conflicts in lang/python-mode.el with not more existing python-2.4
and also add experimental support for POSIX semaphores in FreeBSD
7-STABLE and up. The option knobs PTH and SEM respectively are
added to enable this behaviour.
Python is able to use POSIX semaphores for thread synchronization
in threading, and prefers them.
The multiprocessing module in Python 2.6 requires POSIX semaphores,
however, the FreeBSD rtld and malloc need further work to allow
a process to call pthread_create() immediately after fork() as it is
not something allowed by a strict interpretation of the POSIX specs;
therefore allow GNU Pth to be used until the situation is resolved.
Approved by: miwi
runs its signal handlers, not to a random thread that happens to be
executing at the time when signal arrives. This functionality has been
lost since Python 2.3, possible cause is that the linux implementation
of POSIX threads always delivered signal to the main thread. This
bug results in rather annoying inability to terminate threading script
with ^C for example and there could be other issues as well.
Bump PORTREVISION.
PR: ports/131080
Submitted by: Andriy Pylypenko <bamby@sippysoft.com>
Approved by: MAINTAINER's timeout
Python 2.6 will be the next default python version when enough
testings of consumer ports are done. The new "2to3" program is
renamed to 2to3-2.6 and 2to3-3.0 for each version, respectively.
Repo-copied by: marcus
Multiple vulnerabilities:
1) Various integer overflow errors exist in core modules e.g. stringobject,
unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.
2) An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.
3) Integer overflow errors in the processing of unicode strings can be exploited to cause
buffer overflows on 32-bit systems.
4) An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not
have a "vsnprintf()" function.
5) An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings
can lead to memory corruption.
PR: 127172 (based on)
Submitted by: bf <bf2006a@yahoo.com>
Obtained from: python svn
Security: CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144, CVE-2008-3143. (vuxml come later)
