From 9b5c58a4edb18b0e05698cc34976f69fb3686660 Mon Sep 17 00:00:00 2001
From: Michał Górny <mgorny@gentoo.org>
Date: Sat, 3 Sep 2022 10:55:16 +0200
Subject: dev-lang/python: Backport bignum vuln. fix to 3.10.6_p3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug: https://bugs.gentoo.org/868150
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 dev-lang/python/Manifest                |   1 +
 dev-lang/python/python-3.10.6_p3.ebuild | 407 ++++++++++++++++++++++++++++++++
 2 files changed, 408 insertions(+)
 create mode 100644 dev-lang/python/python-3.10.6_p3.ebuild

(limited to 'dev-lang')

diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest
index c5c09195d8a8..acdf082beeda 100644
--- a/dev-lang/python/Manifest
+++ b/dev-lang/python/Manifest
@@ -10,6 +10,7 @@ DIST Python-3.9.13.tar.xz 19754368 BLAKE2B 4f583f66c28b791e19cd6d79695fe9eb815fd
 DIST Python-3.9.13.tar.xz.asc 833 BLAKE2B db01c01be9d56cd15f9ab4a9e2cfa800faf4ebecb92b01c133865d3b3134bc910258a33b766306c3d01f98e35bbf9c03c7cba697760b7095999cbd63ed6c276c SHA512 9367afe8ec32195adbb64fa32eb9e3881cfdbbb38efcb5e0804a15486232aecbc81ed20a8ffed652f06a881744f3efd2c2df3cc652d70671c94d6668a17a391e
 DIST python-gentoo-patches-2.7.18_p15.tar.xz 34956 BLAKE2B d173f276dd9c0ce31004dcc55a0d18e9ce25a47683c2df3c4dd62e967dfbbb35be59a2f08cf20f30a19475a8a2344dd95b17400eafa88b5fdbe9270a12ccbf32 SHA512 d9386808265f978808e5c0ffd384cefe54fb0e05aeccfd394167d5227d9cd66e25c8e93c54914762b2cfc3c2dd851b26a7a84d62634c6aa8a0798aacbb7ac25f
 DIST python-gentoo-patches-3.10.6_p2.tar.xz 12040 BLAKE2B 75c93fab19137a966b3775308bc20142f4d3648bbb9364e82c4eaffae93beda54011192881c52b85d2e2493a06cfe2a90f50675609908c3d5ebdb0103fe41644 SHA512 7e451a8a18a62592c2cd7b2db71065b77256960f43e172a0d7856b22b69138dcb1552f53b39bec14585a761cfe729c81613551c1b616fe1ec8d2b59856b11453
+DIST python-gentoo-patches-3.10.6_p3.tar.xz 26712 BLAKE2B 701a7a4da1a09f71dee8fdf924a45e030b8ae93e469a2789b28b904d2fd6b011589fb940eb0c262e8b19005af523a2f66075d053fb60892d6ebd473159fce718 SHA512 ed43ba18735ddf72c434bfe905894d156a144a77f9fb8266378d384e840b376c6220859d8d1af83f304293368bf1dd45881316c1797ba25d618a064daaacab17
 DIST python-gentoo-patches-3.11.0rc1.tar.xz 4384 BLAKE2B 31bcdc055bfaf3434dbb02543aaf66910eaccd01808d9a0e57bf7cb3b097fc0046c00ac44737d9c37e3b6d074c524f4dd3ab439a741e66d74a0425889ecaead5 SHA512 05b044e2d8f881c471528600ee300bfd9cf5160609dfb3d7cbdb8e43f47b681542582a85de97e28e6a3b89a3fb6c8d7398e029d31e20cea9c5a2a71700382d4e
 DIST python-gentoo-patches-3.11.0rc1_p1.tar.xz 19584 BLAKE2B 33c87e2e7141fa5cdf343df8cf30e8e0bd37fdfc7b4d84564b1131c57db27b5886184fd1291b2a898efafec60da5c01d16dce8b3c8792df7df15793d767d74cd SHA512 dc5547622a17bc899dfa7f55a4705f780fd3b731ccdb2c0a87e3d71b4490a32b54683ff862f412e2ac3480f0e84acf2e88176ecf89a8d62b97454e51258696ea
 DIST python-gentoo-patches-3.8.13_p6.tar.xz 27968 BLAKE2B 0cafbdfed47e0d58a9798c1e090abb17428472f769ebe4125cf1210218b90bcfd2ad8790fafbfdc1daccc51078a6bf5e068157f05151c2283eb80d5fe128d85c SHA512 b23d51478cc126a6f7f3d1d6d2302a13f3e873a3fac19c7b2b86b79f4b25bd421b60e5ecbe9bb606ee0eedc0e6871d20c0befd1b6596b525bf6ef79a19230ae2
diff --git a/dev-lang/python/python-3.10.6_p3.ebuild b/dev-lang/python/python-3.10.6_p3.ebuild
new file mode 100644
index 000000000000..b919f0692412
--- /dev/null
+++ b/dev-lang/python/python-3.10.6_p3.ebuild
@@ -0,0 +1,407 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+WANT_LIBTOOL="none"
+
+inherit autotools check-reqs flag-o-matic multiprocessing pax-utils
+inherit python-utils-r1 toolchain-funcs verify-sig
+
+MY_PV=${PV/_rc/rc}
+MY_P="Python-${MY_PV%_p*}"
+PYVER=$(ver_cut 1-2)
+PATCHSET="python-gentoo-patches-${MY_PV}"
+
+DESCRIPTION="An interpreted, interactive, object-oriented programming language"
+HOMEPAGE="
+	https://www.python.org/
+	https://github.com/python/cpython/
+"
+SRC_URI="
+	https://www.python.org/ftp/python/${PV%%_*}/${MY_P}.tar.xz
+	https://dev.gentoo.org/~mgorny/dist/python/${PATCHSET}.tar.xz
+	verify-sig? (
+		https://www.python.org/ftp/python/${PV%%_*}/${MY_P}.tar.xz.asc
+	)
+"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="PSF-2"
+SLOT="${PYVER}"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="
+	bluetooth build +ensurepip examples gdbm hardened libedit lto
+	+ncurses pgo +readline +sqlite +ssl test tk +xml
+"
+RESTRICT="!test? ( test )"
+
+# Do not add a dependency on dev-lang/python to this ebuild.
+# If you need to apply a patch which requires python for bootstrapping, please
+# run the bootstrap code on your dev box and include the results in the
+# patchset. See bug 447752.
+
+RDEPEND="
+	app-arch/bzip2:=
+	app-arch/xz-utils:=
+	dev-lang/python-exec[python_targets_python3_10(-)]
+	dev-libs/libffi:=
+	sys-apps/util-linux:=
+	>=sys-libs/zlib-1.1.3:=
+	virtual/libcrypt:=
+	virtual/libintl
+	ensurepip? ( dev-python/ensurepip-wheels )
+	gdbm? ( sys-libs/gdbm:=[berkdb] )
+	ncurses? ( >=sys-libs/ncurses-5.2:= )
+	readline? (
+		!libedit? ( >=sys-libs/readline-4.1:= )
+		libedit? ( dev-libs/libedit:= )
+	)
+	sqlite? ( >=dev-db/sqlite-3.3.8:3= )
+	ssl? ( >=dev-libs/openssl-1.1.1:= )
+	tk? (
+		>=dev-lang/tcl-8.0:=
+		>=dev-lang/tk-8.0:=
+		dev-tcltk/blt:=
+		dev-tcltk/tix
+	)
+	xml? ( >=dev-libs/expat-2.1:= )
+	!!<sys-apps/sandbox-2.21
+"
+# bluetooth requires headers from bluez
+DEPEND="
+	${RDEPEND}
+	bluetooth? ( net-wireless/bluez )
+	test? ( app-arch/xz-utils[extra-filters(+)] )
+"
+# autoconf-archive needed to eautoreconf
+BDEPEND="
+	sys-devel/autoconf-archive
+	virtual/awk
+	virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-python )
+"
+RDEPEND+="
+	!build? ( app-misc/mime-types )
+"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/python.org.asc
+
+# large file tests involve a 2.5G file being copied (duplicated)
+CHECKREQS_DISK_BUILD=5500M
+
+QA_PKGCONFIG_VERSION=${PYVER}
+
+pkg_pretend() {
+	use test && check-reqs_pkg_pretend
+}
+
+pkg_setup() {
+	use test && check-reqs_pkg_setup
+}
+
+src_unpack() {
+	if use verify-sig; then
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.asc}
+	fi
+	default
+}
+
+src_prepare() {
+	# Ensure that internal copies of expat and libffi are not used.
+	rm -r Modules/expat || die
+	rm -r Modules/_ctypes/libffi* || die
+
+	local PATCHES=(
+		"${WORKDIR}/${PATCHSET}"
+	)
+
+	default
+
+	# https://bugs.gentoo.org/850151
+	sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" setup.py || die
+
+	# force the correct number of jobs
+	# https://bugs.gentoo.org/737660
+	local jobs=$(makeopts_jobs)
+	sed -i -e "s:-j0:-j${jobs}:" Makefile.pre.in || die
+	sed -i -e "/self\.parallel/s:True:${jobs}:" setup.py || die
+
+	eautoreconf
+}
+
+src_configure() {
+	# disable automagic bluetooth headers detection
+	if ! use bluetooth; then
+		local -x ac_cv_header_bluetooth_bluetooth_h=no
+	fi
+	local disable
+	use gdbm      || disable+=" gdbm"
+	use ncurses   || disable+=" _curses _curses_panel"
+	use readline  || disable+=" readline"
+	use sqlite    || disable+=" _sqlite3"
+	use ssl       || export PYTHON_DISABLE_SSL="1"
+	use tk        || disable+=" _tkinter"
+	use xml       || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat.
+	export PYTHON_DISABLE_MODULES="${disable}"
+
+	if ! use xml; then
+		ewarn "You have configured Python without XML support."
+		ewarn "This is NOT a recommended configuration as you"
+		ewarn "may face problems parsing any XML documents."
+	fi
+
+	if [[ -n "${PYTHON_DISABLE_MODULES}" ]]; then
+		einfo "Disabled modules: ${PYTHON_DISABLE_MODULES}"
+	fi
+
+	append-flags -fwrapv
+	filter-flags -malign-double
+
+	# https://bugs.gentoo.org/700012
+	if is-flagq -flto || is-flagq '-flto=*'; then
+		append-cflags $(test-flags-CC -ffat-lto-objects)
+	fi
+
+	# Export CXX so it ends up in /usr/lib/python3.X/config/Makefile.
+	# PKG_CONFIG needed for cross.
+	tc-export CXX PKG_CONFIG
+
+	# Fix implicit declarations on cross and prefix builds. Bug #674070.
+	if use ncurses; then
+		append-cppflags -I"${ESYSROOT}"/usr/include/ncursesw
+	fi
+
+	local dbmliborder=
+	if use gdbm; then
+		dbmliborder+="${dbmliborder:+:}gdbm"
+	fi
+
+	if use pgo; then
+		local profile_task_flags=(
+			-m test
+			"-j$(makeopts_jobs)"
+			--pgo-extended
+			-x test_gdb
+			-u-network
+
+			# All of these seem to occasionally hang for PGO inconsistently
+			# They'll even hang here but be fine in src_test sometimes.
+			# bug #828535 (and related: bug #788022)
+			-x test_asyncio
+			-x test_httpservers
+			-x test_logging
+			-x test_multiprocessing_fork
+			-x test_socket
+			-x test_xmlrpc
+		)
+
+		if has_version "app-arch/rpm" ; then
+			# Avoid sandbox failure (attempts to write to /var/lib/rpm)
+			profile_task_flags+=(
+				-x test_distutils
+			)
+		fi
+		local -x PROFILE_TASK="${profile_task_flags[*]}"
+	fi
+
+	local myeconfargs=(
+		# glibc-2.30 removes it; since we can't cleanly force-rebuild
+		# Python on glibc upgrade, remove it proactively to give
+		# a chance for users rebuilding python before glibc
+		ac_cv_header_stropts_h=no
+
+		--enable-shared
+		--without-static-libpython
+		--enable-ipv6
+		--infodir='${prefix}/share/info'
+		--mandir='${prefix}/share/man'
+		--with-computed-gotos
+		--with-dbmliborder="${dbmliborder}"
+		--with-libc=
+		--enable-loadable-sqlite-extensions
+		--without-ensurepip
+		--with-system-expat
+		--with-system-ffi
+		--with-wheel-pkg-dir="${EPREFIX}"/usr/lib/python/ensurepip
+
+		$(use_with lto)
+		$(use_enable pgo optimizations)
+		$(use_with readline readline "$(usex libedit editline readline)")
+	)
+
+	# disable implicit optimization/debugging flags
+	local -x OPT=
+	# pass system CFLAGS & LDFLAGS as _NODIST, otherwise they'll get
+	# propagated to sysconfig for built extensions
+	local -x CFLAGS_NODIST=${CFLAGS}
+	local -x LDFLAGS_NODIST=${LDFLAGS}
+	local -x CFLAGS= LDFLAGS=
+
+	econf "${myeconfargs[@]}"
+
+	if grep -q "#define POSIX_SEMAPHORES_NOT_ENABLED 1" pyconfig.h; then
+		eerror "configure has detected that the sem_open function is broken."
+		eerror "Please ensure that /dev/shm is mounted as a tmpfs with mode 1777."
+		die "Broken sem_open function (bug 496328)"
+	fi
+
+	# install epython.py as part of stdlib
+	echo "EPYTHON='python${PYVER}'" > Lib/epython.py || die
+}
+
+src_compile() {
+	# Ensure sed works as expected
+	# https://bugs.gentoo.org/594768
+	local -x LC_ALL=C
+	# Prevent using distutils bundled by setuptools.
+	# https://bugs.gentoo.org/823728
+	export SETUPTOOLS_USE_DISTUTILS=stdlib
+
+	# Save PYTHONDONTWRITEBYTECODE so that 'has_version' doesn't
+	# end up writing bytecode & violating sandbox.
+	# bug #831897
+	local -x _PYTHONDONTWRITEBYTECODE=${PYTHONDONTWRITEBYTECODE}
+
+	if use pgo ; then
+		# bug 660358
+		local -x COLUMNS=80
+		local -x PYTHONDONTWRITEBYTECODE=
+
+		addpredict /usr/lib/python3.10/site-packages
+	fi
+
+	# also need to clear the flags explicitly here or they end up
+	# in _sysconfigdata*
+	emake CPPFLAGS= CFLAGS= LDFLAGS=
+
+	# Restore saved value from above.
+	local -x PYTHONDONTWRITEBYTECODE=${_PYTHONDONTWRITEBYTECODE}
+
+	# Work around bug 329499. See also bug 413751 and 457194.
+	if has_version dev-libs/libffi[pax-kernel]; then
+		pax-mark E python
+	else
+		pax-mark m python
+	fi
+}
+
+src_test() {
+	# Tests will not work when cross compiling.
+	if tc-is-cross-compiler; then
+		elog "Disabling tests due to crosscompiling."
+		return
+	fi
+
+	local test_opts=(
+		-u-network
+		-j "$(makeopts_jobs)"
+
+		# fails
+		-x test_gdb
+	)
+
+	if use sparc ; then
+		# bug #788022
+		test_opts+=(
+			-x test_multiprocessing_fork
+			-x test_multiprocessing_forkserver
+		)
+	fi
+
+	# bug 660358
+	local -x COLUMNS=80
+	local -x PYTHONDONTWRITEBYTECODE=
+	# workaround https://bugs.gentoo.org/775416
+	addwrite /usr/lib/python3.10/site-packages
+
+	emake test EXTRATESTOPTS="${test_opts[*]}" \
+		CPPFLAGS= CFLAGS= LDFLAGS= < /dev/tty || die "emake test failed"
+}
+
+src_install() {
+	local libdir=${ED}/usr/lib/python${PYVER}
+
+	emake DESTDIR="${D}" altinstall
+
+	# Fix collisions between different slots of Python.
+	rm "${ED}/usr/$(get_libdir)/libpython3.so" || die
+
+	# Cheap hack to get version with ABIFLAGS
+	local abiver=$(cd "${ED}/usr/include"; echo python*)
+	if [[ ${abiver} != python${PYVER} ]]; then
+		# Replace python3.X with a symlink to python3.Xm
+		rm "${ED}/usr/bin/python${PYVER}" || die
+		dosym "${abiver}" "/usr/bin/python${PYVER}"
+		# Create python3.X-config symlink
+		dosym "${abiver}-config" "/usr/bin/python${PYVER}-config"
+		# Create python-3.5m.pc symlink
+		dosym "python-${PYVER}.pc" "/usr/$(get_libdir)/pkgconfig/${abiver/${PYVER}/-${PYVER}}.pc"
+	fi
+
+	# python seems to get rebuilt in src_install (bug 569908)
+	# Work around it for now.
+	if has_version dev-libs/libffi[pax-kernel]; then
+		pax-mark E "${ED}/usr/bin/${abiver}"
+	else
+		pax-mark m "${ED}/usr/bin/${abiver}"
+	fi
+
+	rm -r "${libdir}"/ensurepip/_bundled || die
+	if ! use ensurepip; then
+		rm -r "${libdir}"/ensurepip || die
+	fi
+	if ! use sqlite; then
+		rm -r "${libdir}/"{sqlite3,test/test_sqlite*} || die
+	fi
+	if ! use tk; then
+		rm -r "${ED}/usr/bin/idle${PYVER}" || die
+		rm -r "${libdir}/"{idlelib,tkinter,test/test_tk*} || die
+	fi
+
+	dodoc Misc/{ACKS,HISTORY,NEWS}
+
+	if use examples; then
+		docinto examples
+		find Tools -name __pycache__ -exec rm -fr {} + || die
+		dodoc -r Tools
+	fi
+	insinto /usr/share/gdb/auto-load/usr/$(get_libdir) #443510
+	local libname=$(
+		printf 'e:\n\t@echo $(INSTSONAME)\ninclude Makefile\n' |
+		emake --no-print-directory -s -f - 2>/dev/null
+	)
+	newins Tools/gdb/libpython.py "${libname}"-gdb.py
+
+	newconfd "${FILESDIR}/pydoc.conf" pydoc-${PYVER}
+	newinitd "${FILESDIR}/pydoc.init" pydoc-${PYVER}
+	sed \
+		-e "s:@PYDOC_PORT_VARIABLE@:PYDOC${PYVER/./_}_PORT:" \
+		-e "s:@PYDOC@:pydoc${PYVER}:" \
+		-i "${ED}/etc/conf.d/pydoc-${PYVER}" \
+		"${ED}/etc/init.d/pydoc-${PYVER}" || die "sed failed"
+
+	# python-exec wrapping support
+	local pymajor=${PYVER%.*}
+	local EPYTHON=python${PYVER}
+	local scriptdir=${D}$(python_get_scriptdir)
+	mkdir -p "${scriptdir}" || die
+	# python and pythonX
+	ln -s "../../../bin/${abiver}" "${scriptdir}/python${pymajor}" || die
+	ln -s "python${pymajor}" "${scriptdir}/python" || die
+	# python-config and pythonX-config
+	# note: we need to create a wrapper rather than symlinking it due
+	# to some random dirname(argv[0]) magic performed by python-config
+	cat > "${scriptdir}/python${pymajor}-config" <<-EOF || die
+		#!/bin/sh
+		exec "${abiver}-config" "\${@}"
+	EOF
+	chmod +x "${scriptdir}/python${pymajor}-config" || die
+	ln -s "python${pymajor}-config" "${scriptdir}/python-config" || die
+	# 2to3, pydoc
+	ln -s "../../../bin/2to3-${PYVER}" "${scriptdir}/2to3" || die
+	ln -s "../../../bin/pydoc${PYVER}" "${scriptdir}/pydoc" || die
+	# idle
+	if use tk; then
+		ln -s "../../../bin/idle${PYVER}" "${scriptdir}/idle" || die
+	fi
+}
-- 
cgit v1.2.3-65-gdbad