1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
# Contributor: Sheila Aman <sheila@vulpine.house>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=python3
pkgver=3.11.0
_basever="${pkgver%.*}"
pkgrel=0
pkgdesc="A high-level scripting language"
url="https://www.python.org"
arch="all"
license="Python-2.0"
provides="py3-pip"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests::noarch"
# If Python 3 is installed during the build, you get:
#
# Installing collected packages: setuptools, pip
# Found existing installation: setuptools 28.8.0
# Uninstalling setuptools-28.8.0:
# Exception:
# Traceback (most recent call last):
# File "/usr/src/packages/system/python3/src/Python-3.6.5/Lib/shutil.py", line 544, in move
# os.rename(src, real_dst)
# PermissionError: [Errno 13] Permission denied: '/usr/bin/easy_install-3.6' -> '/tmp/pip-_n3b1tzj-uninstall/usr/bin/easy_install-3.6'
#
# and then 'setuptools' is not installed in the package image.
#
# This breaks a great number of things, including the ability to build most
# py3-* packages from abuild.
#
# Do not, under any circumstance, remove "!python3" from makedepends.
#
# I repeat.
#
# DO NOT REMOVE "!python3" FROM MAKEDEPENDS.
#
# This has been a message from A. Wilcox and the Foundation for Ensuring
# Packages Are Actually Buildable.
makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev xz-dev
sqlite-dev libffi-dev tcl-dev linux-headers !python3"
source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
musl-find_library.patch
musl-has-login_tty.patch
fix-xattrs-glibc.patch
CVE-2022-45061.patch
"
builddir="$srcdir/Python-$pkgver"
# secfixes: python
# 3.6.5-r0:
# - CVE-2018-1060
# - CVE-2018-1061
# 3.6.8-r0:
# - CVE-2018-14647
# - CVE-2018-20406
# - CVE-2019-9636
# - CVE-2019-9740
# - CVE-2019-9947
# 3.6.9-r0:
# - CVE-2018-20852
# - CVE-2019-5010
# - CVE-2019-9948
# 3.6.9-r1:
# - CVE-2019-16056
# 3.6.9-r2:
# - CVE-2019-16935
# 3.6.10-r0:
# - CVE-2019-18348
# 3.11.0-r0:
# - CVE-2020-10735
# - CVE-2022-37454
# - CVE-2022-42919
# - CVE-2022-45061
prepare() {
default_prepare
# force system libs
rm -r Modules/expat \
Modules/_ctypes/darwin* \
Modules/_ctypes/libffi*
}
build() {
# --enable-optimizations is not enabled because it
# is very, very slow as many tests are ran sequentially
# for profile guided optimizations. additionally it
# seems some of the training tests hang on certain
# e.g. architectures (x86) possibly due to grsec or musl.
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--enable-ipv6 \
--enable-loadable-sqlite-extensions \
--enable-shared \
--with-lto \
--with-computed-gotos \
--with-dbmliborder=ndbm \
--with-system-expat \
--with-system-ffi
# set thread stack size to 1MB so we don't segfault before we hit
# sys.getrecursionlimit()
stacksize=0x100000;
make EXTRA_CFLAGS="$CFLAGS -DTHREAD_STACK_SIZE=$stacksize"
}
check() {
# test that we reach recursionlimit before we segfault
cat > test-stacksize.py <<-EOF
import threading
import sys
def fun(i):
try:
fun(i+1)
except:
sys.exit(0)
t = threading.Thread(target=fun, args=[1])
t.start()
EOF
LD_LIBRARY_PATH=$PWD ./python test-stacksize.py
local fail
# musl related
fail="test__locale test_locale test_strptime test_re" # various musl locale deficiencies
fail="$fail test_c_locale_coercion"
fail="$fail test_datetime" # hangs if 'tzdata' installed
fail="$fail test_os" # fpathconf, ttyname errno values
fail="$fail test_posix" # sched_[gs]etscheduler not impl
fail="$fail test_shutil" # lchmod, requires real unzip
# failures needing investigation
fail="$fail test_faulthandler test_gdb" # hangs(?)
fail="$fail test_tokenize test_tools" # SLOW (~60s)
fail="$fail test_capi" # test.test_capi.EmbeddingTests
fail="$fail test_threadsignals" # test_{,r}lock_acquire_interruption
fail="$fail test_time" # strftime/strptime %Z related
fail="$fail test_cmath test_math" # hang(?) on x86
fail="$fail test_hash test_plistlib" # fail on armhf
fail="$fail test_ctypes" # fail on aarch64 (ctypes.test.test_win32.Structures)
# kernel related
fail="$fail test_fcntl" # wants DNOTIFY, we don't have it
# dumb
fail="$fail test_ssl" # tries to do SSLv2 which we have disabled in OpenSSL
# hangs when run with other tests - run separately
fail="$fail test_threading"
# defaults from Tools/scripts/run_tests.py + -network,-urlfetch
use="all,-largefile,-audio,-gui,-network,-urlfetch"
make quicktest TESTOPTS="--use '$use' --exclude $fail"
make test TESTOPTS="test_threading"
}
package() {
export XDG_CACHE_HOME="$(mktemp -d)"
make -j1 DESTDIR="$pkgdir" EXTRA_CFLAGS="$CFLAGS" install maninstall
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
# those are provided by python3-tkinter
rm -r "$pkgdir"/usr/bin/idle* "$pkgdir"/usr/lib/python*/idlelib \
"$pkgdir"/usr/lib/python*/tkinter
rm -rf "$XDG_CACHE_HOME"
}
dev() {
default_dev
# pyconfig.h is needed runtime so we move it back
mkdir -p "$pkgdir"/usr/include/python${_basever}
mv "$subpkgdir"/usr/include/python${_basever}/pyconfig.h \
"$pkgdir"/usr/include/python${_basever}/
}
tests() {
pkgdesc="Test modules from the main Python package"
cd "$pkgdir"/usr/lib/python$_basever
local i; for i in */test */tests; do
mkdir -p "$subpkgdir"/usr/lib/python$_basever/"$i"
mv "$i"/* "$subpkgdir"/usr/lib/python$_basever/"$i"
rm -rf "$i"
done
mv "$pkgdir"/usr/lib/python$_basever/test \
"$subpkgdir"/usr/lib/python$_basever/
}
sha512sums="314eef88ae0d68760f34d7a32f238fd2ecb27c50963baa7357c42ad8159026ec50229a0b31d83c39710a472904a06422afc082f9658a90a1dc83ccb74c08039d Python-3.11.0.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch
75c60afecba2e57f11d58c20aadc611ebbb5c68e05b14415c5cf2f7aa75e103986764ca22f76e6a58b2c08e2ff3acffdbf6d85d2c8c4589743a0b949a4c90687 musl-has-login_tty.patch
4b4696d139e53aad184b72461478821335aadedc4811ec9e96cdea9a4f7ef19ebf0aac8c6afae6345f33c79fbd3ae2c63021de36044a2803d0dc8894fa291cf5 fix-xattrs-glibc.patch
039982b5f35d5aa412596dba81b0666fdf979e6c120aefa3ae29333fbaa56f6f6ad69db513dcd93e06a66522405058be2e39e56350816abcb9febd8f5778036f CVE-2022-45061.patch"
|