extra/python to 3.2.1-1

extra/python/CVE-2011-1521.patch

@@ -1,134 +0,0 @@
-diff -Naur Python-3.2.ori/Doc/library/urllib.request.rst Python-3.2/Doc/library/urllib.request.rst
---- Python-3.2.ori/Doc/library/urllib.request.rst	2011-02-11 03:25:47.000000000 -0800
-+++ Python-3.2/Doc/library/urllib.request.rst	2011-04-15 03:49:02.778745379 -0700
-@@ -650,6 +650,10 @@
-    is the case, :exc:`HTTPError` is raised.  See :rfc:`2616` for details of the
-    precise meanings of the various redirection codes.
- 
-+   An :class:`HTTPError` exception raised as a security consideration if the
-+   HTTPRedirectHandler is presented with a redirected url which is not an HTTP,
-+   HTTPS or FTP url.
-+
- 
- .. method:: HTTPRedirectHandler.redirect_request(req, fp, code, msg, hdrs, newurl)
- 
-diff -Naur Python-3.2.ori/Lib/test/test_urllib2.py Python-3.2/Lib/test/test_urllib2.py
---- Python-3.2.ori/Lib/test/test_urllib2.py	2011-02-11 03:25:47.000000000 -0800
-+++ Python-3.2/Lib/test/test_urllib2.py	2011-04-15 03:50:29.705417290 -0700
-@@ -8,6 +8,7 @@
- 
- import urllib.request
- from urllib.request import Request, OpenerDirector
-+import urllib.error
- 
- # XXX
- # Request
-@@ -1029,6 +1030,29 @@
-             self.assertEqual(count,
-                              urllib.request.HTTPRedirectHandler.max_redirections)
- 
-+
-+    def test_invalid_redirect(self):
-+        from_url = "http://example.com/a.html"
-+        valid_schemes = ['http','https','ftp']
-+        invalid_schemes = ['file','imap','ldap']
-+        schemeless_url = "example.com/b.html"
-+        h = urllib.request.HTTPRedirectHandler()
-+        o = h.parent = MockOpener()
-+        req = Request(from_url)
-+        req.timeout = socket._GLOBAL_DEFAULT_TIMEOUT
-+
-+        for scheme in invalid_schemes:
-+            invalid_url = scheme + '://' + schemeless_url
-+            self.assertRaises(urllib.error.HTTPError, h.http_error_302,
-+                    req, MockFile(), 302, "Security Loophole",
-+                    MockHeaders({"location": invalid_url}))
-+
-+        for scheme in valid_schemes:
-+            valid_url = scheme + '://' + schemeless_url
-+            h.http_error_302(req, MockFile(), 302, "That's fine",
-+                MockHeaders({"location": valid_url}))
-+            self.assertEqual(o.req.get_full_url(), valid_url)
-+
-     def test_cookie_redirect(self):
-         # cookies shouldn't leak into redirected requests
-         from http.cookiejar import CookieJar
-diff -Naur Python-3.2.ori/Lib/test/test_urllib.py Python-3.2/Lib/test/test_urllib.py
---- Python-3.2.ori/Lib/test/test_urllib.py	2010-12-17 09:35:56.000000000 -0800
-+++ Python-3.2/Lib/test/test_urllib.py	2011-04-15 03:49:02.778745379 -0700
-@@ -2,6 +2,7 @@
- 
- import urllib.parse
- import urllib.request
-+import urllib.error
- import http.client
- import email.message
- import io
-@@ -198,6 +199,21 @@
-         finally:
-             self.unfakehttp()
- 
-+    def test_invalid_redirect(self):
-+        # urlopen() should raise IOError for many error codes.
-+        self.fakehttp(b'''HTTP/1.1 302 Found
-+Date: Wed, 02 Jan 2008 03:03:54 GMT
-+Server: Apache/1.3.33 (Debian GNU/Linux) mod_ssl/2.8.22 OpenSSL/0.9.7e
-+Location: file://guidocomputer.athome.com:/python/license
-+Connection: close
-+Content-Type: text/html; charset=iso-8859-1
-+''')
-+        try:
-+            self.assertRaises(urllib.error.HTTPError, urlopen,
-+                              "http://python.org/")
-+        finally:
-+            self.unfakehttp()
-+
-     def test_empty_socket(self):
-         # urlopen() raises IOError if the underlying socket does not send any
-         # data. (#1680230)
-diff -Naur Python-3.2.ori/Lib/urllib/request.py Python-3.2/Lib/urllib/request.py
---- Python-3.2.ori/Lib/urllib/request.py	2011-02-11 03:25:47.000000000 -0800
-+++ Python-3.2/Lib/urllib/request.py	2011-04-15 03:49:02.778745379 -0700
-@@ -545,6 +545,17 @@
- 
-         # fix a possible malformed URL
-         urlparts = urlparse(newurl)
-+
-+        # For security reasons we don't allow redirection to anything other
-+        # than http, https or ftp.
-+
-+        if not urlparts.scheme in ('http', 'https', 'ftp'):
-+            raise HTTPError(newurl, code,
-+                            msg +
-+                            " - Redirection to url '%s' is not allowed" %
-+                            newurl,
-+                            headers, fp)
-+
-         if not urlparts.path:
-             urlparts = list(urlparts)
-             urlparts[2] = "/"
-@@ -1897,8 +1908,24 @@
-             return
-         void = fp.read()
-         fp.close()
-+
-         # In case the server sent a relative URL, join with original:
-         newurl = urljoin(self.type + ":" + url, newurl)
-+
-+        urlparts = urlparse(newurl)
-+
-+        # For security reasons, we don't allow redirection to anything other
-+        # than http, https and ftp.
-+
-+        # We are using newer HTTPError with older redirect_internal method
-+        # This older method will get deprecated in 3.3
-+
-+        if not urlparts.scheme in ('http', 'https', 'ftp'):
-+            raise HTTPError(newurl, errcode,
-+                            errmsg +
-+                            " Redirection to url '%s' is not allowed." % newurl,
-+                            headers, fp)
-+
-         return self.open(newurl)
- 
-     def http_error_301(self, url, fp, errcode, errmsg, headers, data=None):

extra/python/PKGBUILD

@@ -1,17 +1,17 @@
-# $Id: PKGBUILD 119805 2011-04-15 11:51:39Z stephane $
+# $Id: PKGBUILD 131166 2011-07-11 13:06:25Z stephane $
 # Maintainer: Stéphane Gaudreault <stephane@archlinux.org>
 # Maintainer: Allan McRae <allan@archlinux.org>
-# Contributer: Jason Chu <jason@archlinux.org>
+# Contributor: Jason Chu <jason@archlinux.org>
 
-# PlugApps: Kevin Mihelich <kevin@plugapps.com>
+# ALARM: Kevin Mihelich <kevin@plugapps.com>
 #  - removed valgrind from makedepends, can't build it for ARM
 #  - removed --with-valgrind from configure line
 
 plugrel=1
 
 pkgname=python
-pkgver=3.2
-pkgrel=2
+pkgver=3.2.1
+pkgrel=1
 _pybasever=3.2
 pkgdesc="Next generation of the python high-level scripting language"
 arch=('i686' 'x86_64')
@@ -19,27 +19,25 @@ license=('custom')
 url="http://www.python.org/"
 depends=('expat' 'bzip2' 'gdbm' 'openssl' 'libffi' 'zlib')
 makedepends=('tk' 'sqlite3')
-optdepends=('tk: for tkinter')
+optdepends=('tk: for tkinter' 'sqlite3')
 provides=('python3')
 replaces=('python3')
 options=('!makeflags')
-source=(http://www.python.org/ftp/python/${_pybasever}/Python-${pkgver}.tar.xz
-        CVE-2011-1521.patch)
-sha1sums=('55a3a9d39f31563370d0c494373bb6d38e4d1a00'
-          '561161ce5ae3a91254352c09a33e3e4434444e14')  
+source=(http://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz)
+sha1sums=('ab5cf4a4c21abe590dea87473a1dee6820699d79')
+
 build() {
   cd "${srcdir}/Python-${pkgver}"
 
+  # FS#23997
+  sed -i -e "s|^#.* /usr/local/bin/python|#!/usr/bin/python|" Lib/cgi.py
+
   # Ensure that we are using the system copy of various libraries (expat, zlib and libffi),
   # rather than copies shipped in the tarball
   rm -r Modules/expat
   rm -r Modules/zlib
   rm -r Modules/_ctypes/{darwin,libffi}*
 
-  # urllib Security Vulnerability
-  # http://blog.python.org/2011/04/urllib-security-vulnerability-fixed.html
-  patch -Np1 -i ../CVE-2011-1521.patch
-
   ./configure --prefix=/usr \
               --enable-shared \
               --with-threads \
@@ -74,7 +72,7 @@ package() {
     "${pkgdir}/usr/lib/python${_pybasever}/config-${_pybasever}mu/libpython${_pybasever}mu.so"
 
   # Clean-up reference to build directory
-  sed -i "s#$srcdir/Python-${pkgver}:##" "$pkgdir/usr/lib/python${_pybasever}/config-${_pybasever}mu/Makefile"
+  sed -i "s|$srcdir/Python-${pkgver}:||" "$pkgdir/usr/lib/python${_pybasever}/config-${_pybasever}mu/Makefile"
 
   # License
   install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"