Ubuntu
python2.7 package

Merge ~mitchdz/ubuntu/+source/python2.7:mitch/focal-py2-opt into ubuntu/+source/python2.7:ubuntu/focal-devel

  1. Git
  2. lp:~mitchdz/ubuntu/+source/python2.7
  3. mitch/focal-py2-opt
  4. Merge into ubuntu/focal-devel
Proposed by Mitchell Dzurick
Status: Merged
Merged at revision: fd8dbc570c358f1ebfe27718995581de27d2460c
Proposed branch: ~mitchdz/ubuntu/+source/python2.7:mitch/focal-py2-opt
Merge into: ubuntu/+source/python2.7:ubuntu/focal-devel
Diff against target: 88 lines (+66/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp2002043-add-optimization-flags-to-cflags.patch (+58/-0)
debian/patches/series.in (+1/-0)
Reviewer Review Type Date Requested Status
Lena Voytek (community) Approve
git-ubuntu import Pending
Review via email: mp+459844@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :
Download full text (3.3 KiB)

Tested 2.7.18-1~20.04.4~focal1

# dpkg -s python2.7 | grep Version
Version: 2.7.18-1~20.04.4~focal1

# python2 -c "import sysconfig; print(sysconfig.get_config_var('CFLAGS'))"
-fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security

# python2 setup.py build_ext --inplace
running build_ext
There is a workaround to now inherit optimization CFLAGS when compiling wheels.
To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your
environment. See LP: https://launchpad.net/bugs/2002043 for further context.
APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND not detected.
building 'test' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c testmodule.c -o build/temp.linux-x86_64-2.7/testmodule.o
creating build/lib.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC build/temp.linux-x86_64-2.7/testmodule.o -o build/lib.linux-x86_64-2.7/test.so

No -02 optimization flag was used, now to use WA

# rm -rf build/ test.so
# export APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND=""
# python2 setup.py build_ext --inplace
running build_ext
There is a workaround to now inherit optimization CFLAGS when compiling wheels.
To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your
environment. See LP: https://launchpad.net/bugs/2002043 for further context.
APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND detected, using workaround.
building 'test' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c testmodule.c -o build/temp.linux-x86_64-2.7/testmodule.o
creating build/lib.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-st...

Read more...

Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Also tested that the WA is not applied in Launchpad by default. You can see my builds in this PPA, look at the buildlogs and ctrl+f for "APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND not detected."

https://launchpad.net/~mitchdz/+archive/ubuntu/python-stdlib-extensions-py2-opt

Revision history for this message
Lena Voytek (lvoytek) wrote :

LGTM! Matches up with Jammy changes. I'll go ahead and upload now that Launchpad is back up

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

Uploaded:

dput ubuntu ../python2.7_2.7.18-1~20.04.4_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: ../python2.7_2.7.18-1~20.04.4_source.changes: Valid signature from 34B8AD7D9529E793
Checking signature on .dsc
gpg: ../python2.7_2.7.18-1~20.04.4.dsc: Valid signature from 34B8AD7D9529E793
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading python2.7_2.7.18-1~20.04.4.dsc: done.
  Uploading python2.7_2.7.18-1~20.04.4.diff.gz: done.
  Uploading python2.7_2.7.18-1~20.04.4_source.buildinfo: done.
  Uploading python2.7_2.7.18-1~20.04.4_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 595c4b3..40c1201 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+python2.7 (2.7.18-1~20.04.4) focal; urgency=medium
7+
8+ * Add d/p/add-optimization-flags-to-cflags.diff: Add optimization flags to
9+ cflags when compiling C modules. (LP: #2002043)
10+
11+ -- Mitchell Dzurick <mitchell.dzurick@canonical.com> Wed, 31 Jan 2024 09:23:13 -0700
12+
13 python2.7 (2.7.18-1~20.04.3) focal-security; urgency=medium
14
15 * SECURITY UPDATE: Injection Attack
16diff --git a/debian/patches/lp2002043-add-optimization-flags-to-cflags.patch b/debian/patches/lp2002043-add-optimization-flags-to-cflags.patch
17new file mode 100644
18index 0000000..be02050
19--- /dev/null
20+++ b/debian/patches/lp2002043-add-optimization-flags-to-cflags.patch
21@@ -0,0 +1,58 @@
22+Subject: Add optimization to cflags in sysconfig.py when building C modules.
23+
24+When compiling C code using python, the resulting binary is not being optimized
25+properly. Currently this is caused by the 'OPT' variable never being imported or
26+used in distutils/sysconfig.py and not being appended to the cflags variable.
27+This patch fixes the issue by importing 'OPT' and appending it to 'cflags'.
28+
29+Author: Mitchell Dzurick <mitchell.dzurick@canonical.com>
30+Date: Wed, 31 Jan 2024 17:50:49 +0300
31+Bug-Ubuntu: https://bugs.launchpad.net/bugs/2002043
32+--- a/Lib/distutils/sysconfig.py
33++++ b/Lib/distutils/sysconfig.py
34+@@ -190,12 +190,22 @@
35+ _osx_support.customize_compiler(_config_vars)
36+ _config_vars['CUSTOMIZED_OSX_COMPILER'] = 'True'
37+
38+- (cc, cxx, cflags, extra_cflags, basecflags,
39+- ccshared, ldshared, so_ext, ar, ar_flags,
40+- configure_cppflags, configure_cflags, configure_ldflags) = \
41+- get_config_vars('CC', 'CXX', 'CFLAGS', 'EXTRA_CFLAGS', 'BASECFLAGS',
42+- 'CCSHARED', 'LDSHARED', 'SO', 'AR', 'ARFLAGS',
43+- 'CONFIGURE_CPPFLAGS', 'CONFIGURE_CFLAGS', 'CONFIGURE_LDFLAGS')
44++ lp2002043_ubuntu_cflags_workaround = 'APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND' in os.environ
45++
46++ if (lp2002043_ubuntu_cflags_workaround):
47++ (cc, cxx, cflags, extra_cflags, basecflags, opt,
48++ ccshared, ldshared, so_ext, ar, ar_flags,
49++ configure_cppflags, configure_cflags, configure_ldflags) = \
50++ get_config_vars('CC', 'CXX', 'CFLAGS', 'EXTRA_CFLAGS', 'BASECFLAGS', 'OPT',
51++ 'CCSHARED', 'LDSHARED', 'SO', 'AR', 'ARFLAGS',
52++ 'CONFIGURE_CPPFLAGS', 'CONFIGURE_CFLAGS', 'CONFIGURE_LDFLAGS')
53++ else:
54++ (cc, cxx, cflags, extra_cflags, basecflags,
55++ ccshared, ldshared, so_ext, ar, ar_flags,
56++ configure_cppflags, configure_cflags, configure_ldflags) = \
57++ get_config_vars('CC', 'CXX', 'CFLAGS', 'EXTRA_CFLAGS', 'BASECFLAGS',
58++ 'CCSHARED', 'LDSHARED', 'SO', 'AR', 'ARFLAGS',
59++ 'CONFIGURE_CPPFLAGS', 'CONFIGURE_CFLAGS', 'CONFIGURE_LDFLAGS')
60+
61+ if 'CC' in os.environ:
62+ newcc = os.environ['CC']
63+@@ -228,7 +238,15 @@
64+ cflags = ' '.join(str(x) for x in (basecflags, os.environ['CFLAGS'], extra_cflags) if x)
65+ ldshared = ldshared + ' ' + os.environ['CFLAGS']
66+ elif configure_cflags:
67+- cflags = ' '.join(str(x) for x in (basecflags, configure_cflags, extra_cflags) if x)
68++ print("There is a workaround to now inherit optimization CFLAGS when compiling wheels.")
69++ print("To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your")
70++ print("environment. See LP: https://launchpad.net/bugs/2002043 for further context.")
71++ if (lp2002043_ubuntu_cflags_workaround):
72++ print("APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND detected, using workaround.")
73++ cflags = ' '.join(str(x) for x in (basecflags, opt, configure_cflags, extra_cflags) if x)
74++ else:
75++ print("APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND not detected.")
76++ cflags = ' '.join(str(x) for x in (basecflags, configure_cflags, extra_cflags) if x)
77+ ldshared = ldshared + ' ' + configure_cflags
78+ if 'CPPFLAGS' in os.environ:
79+ cpp = cpp + ' ' + os.environ['CPPFLAGS']
80diff --git a/debian/patches/series.in b/debian/patches/series.in
81index 736031a..65e41d4 100644
82--- a/debian/patches/series.in
83+++ b/debian/patches/series.in
84@@ -79,3 +79,4 @@ CVE-2019-9674.patch
85 CVE-2020-26116.patch
86 CVE-2021-3177.patch
87 CVE-2015-20107.patch
88+lp2002043-add-optimization-flags-to-cflags.patch

Subscribers

People subscribed via source and target branches