From 59beaf7fa22cf2fe979e9a8fee17335ec34e3c03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 5 May 2018 13:59:10 +0200 Subject: [PATCH] python: 2.7.14 -> 2.7.15 (bugfix + security) Fixes CVE-2018-1000030, /cc #38993. The ncurses patch no longer applied, and it appears the problems have been resolved upstream https://bugs.python.org/issue25720 https://github.com/python/cpython/commit/6ba0b583d67 --- .../python/cpython/2.7/default.nix | 6 +- .../cpython/2.7/properly-detect-curses.patch | 116 ------------------ 2 files changed, 2 insertions(+), 120 deletions(-) delete mode 100644 pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index 9d89e96383f5..ed1bc9dc817b 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -31,7 +31,7 @@ with stdenv.lib; let majorVersion = "2.7"; - minorVersion = "14"; + minorVersion = "15"; minorVersionSuffix = ""; pythonVersion = majorVersion; version = "${majorVersion}.${minorVersion}${minorVersionSuffix}"; @@ -40,7 +40,7 @@ let src = fetchurl { url = "https://www.python.org/ftp/python/${majorVersion}.${minorVersion}/Python-${version}.tar.xz"; - sha256 = "0rka541ys16jwzcnnvjp2v12m4cwgd2jp6wj4kj511p715pb5zvi"; + sha256 = "0x2mvz9dp11wj7p5ccvmk9s0hzjk2fa1m462p395l4r6bfnb3n92"; }; hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false); @@ -58,8 +58,6 @@ let # if DETERMINISTIC_BUILD env var is set ./deterministic-build.patch - ./properly-detect-curses.patch - ] ++ optionals (x11Support && stdenv.isDarwin) [ ./use-correct-tcl-tk-on-darwin.patch ] ++ optionals stdenv.isLinux [ diff --git a/pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch b/pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch deleted file mode 100644 index e2640bab0e9a..000000000000 --- a/pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 6dc83db69b5e29d25ba6d73646ea2e9a1097848a Mon Sep 17 00:00:00 2001 -From: Roumen Petrov -Date: Sun, 19 Feb 2012 16:13:24 +0200 -Subject: [PATCH] CROSS-properly detect WINDOW _flags for different ncurses versions - ---- - Include/py_curses.h | 5 +++++ - configure.ac | 40 ++++++++++++++++++++++++++++++++++++++-- - pyconfig.h.in | 6 ++++++ - 3 files changed, 49 insertions(+), 2 deletions(-) - -diff --git a/Include/py_curses.h b/Include/py_curses.h -index f2c08f6..a9b5260 100644 ---- a/Include/py_curses.h -+++ b/Include/py_curses.h -@@ -14,7 +14,9 @@ - /* the following define is necessary for OS X 10.6; without it, the - Apple-supplied ncurses.h sets NCURSES_OPAQUE to 1, and then Python - can't get at the WINDOW flags field. */ -+/* NOTE configure check if ncurses require such definition - #define NCURSES_OPAQUE 0 -+*/ - #endif /* __APPLE__ */ - - #ifdef __FreeBSD__ -@@ -57,9 +59,12 @@ - #ifdef HAVE_NCURSES_H - /* configure was checking , but we will - use , which has all these features. */ -+/* NOTE configure check for existence of flags -+ * Also flags are visible only if WINDOW structure is not opaque - #ifndef WINDOW_HAS_FLAGS - #define WINDOW_HAS_FLAGS 1 - #endif -+*/ - #ifndef MVWDELCH_IS_EXPRESSION - #define MVWDELCH_IS_EXPRESSION 1 - #endif -diff --git a/configure.ac b/configure.ac -index 0a3a186..75f5142 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -4150,15 +4150,51 @@ then - fi - - AC_MSG_CHECKING(whether WINDOW has _flags) --AC_CACHE_VAL(ac_cv_window_has_flags, - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ - WINDOW *w; - w->_flags = 0; - ]])], - [ac_cv_window_has_flags=yes], --[ac_cv_window_has_flags=no])) -+[ac_cv_window_has_flags=no]) - AC_MSG_RESULT($ac_cv_window_has_flags) - -+py_curses_window_is_opaque=no -+if test no = $ac_cv_window_has_flags; then -+ AC_MSG_CHECKING([whether WINDOW has _flags in non-opaque structure]) -+ AC_COMPILE_IFELSE([ -+ AC_LANG_PROGRAM([[ -+ #define NCURSES_OPAQUE 0 -+ #include -+ ]],[[ -+ WINDOW *w; -+ w->_flags = 0; -+ ]])], -+ [py_curses_window_is_opaque=yes]) -+ AC_MSG_RESULT([$py_curses_window_is_opaque]) -+fi -+if test yes = $py_curses_window_is_opaque; then -+ ac_cv_window_has_flags=yes -+ AC_DEFINE([NCURSES_OPAQUE], [0], [Define to 0 if you have WINDOW _flags in non-opaque structure.]) -+fi -+ -+py_curses_window_is_internal=no -+if test no = $ac_cv_window_has_flags; then -+ AC_MSG_CHECKING([whether WINDOW has _flags as internal structure]) -+ AC_COMPILE_IFELSE([ -+ AC_LANG_PROGRAM([[ -+ #define NCURSES_INTERNALS 1 -+ #include -+ ]],[[ -+ WINDOW *w; -+ w->_flags = 0; -+ ]])], -+ [py_curses_window_is_internal=yes]) -+ AC_MSG_RESULT([$py_curses_window_is_internal]) -+fi -+if test yes = $py_curses_window_is_internal; then -+ ac_cv_window_has_flags=yes -+ AC_DEFINE([NCURSES_INTERNALS], [1], [Define to 1 if you have WINDOW _flags as internal structure.]) -+fi - - if test "$ac_cv_window_has_flags" = yes - then -diff --git a/pyconfig.h.in b/pyconfig.h.in -index 3ca3a4f..484c817 100644 ---- a/pyconfig.h.in -+++ b/pyconfig.h.in -@@ -1130,6 +1130,12 @@ - /* Define if mvwdelch in curses.h is an expression. */ - #undef MVWDELCH_IS_EXPRESSION - -+/* Define to 1 if you have WINDOW _flags as internal structure. */ -+#undef NCURSES_INTERNALS -+ -+/* Define to 0 if you have WINDOW _flags in non-opaque structure. */ -+#undef NCURSES_OPAQUE -+ - /* Define to the address where bug reports for this package should be sent. */ - #undef PACKAGE_BUGREPORT - --- -1.6.4 -