Ubuntu
python2.7 package

Merge ~mitchdz/ubuntu/+source/python2.7:mitch/focal-py2-opt into ubuntu/+source/python2.7:ubuntu/focal-devel

  1. Git
  2. lp:~mitchdz/ubuntu/+source/python2.7
  3. mitch/focal-py2-opt
  4. Merge into ubuntu/focal-devel
Proposed by Mitchell Dzurick
Status: Merged
Merged at revision: fd8dbc570c358f1ebfe27718995581de27d2460c
Proposed branch: ~mitchdz/ubuntu/+source/python2.7:mitch/focal-py2-opt
Merge into: ubuntu/+source/python2.7:ubuntu/focal-devel
Diff against target: 88 lines (+66/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp2002043-add-optimization-flags-to-cflags.patch (+58/-0)
debian/patches/series.in (+1/-0)
Reviewer Review Type Date Requested Status
Lena Voytek (community) Approve
git-ubuntu import Pending
Review via email: mp+459844@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :
Download full text (3.3 KiB)

Tested 2.7.18-1~20.04.4~focal1

# dpkg -s python2.7 | grep Version
Version: 2.7.18-1~20.04.4~focal1

# python2 -c "import sysconfig; print(sysconfig.get_config_var('CFLAGS'))"
-fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security

# python2 setup.py build_ext --inplace
running build_ext
There is a workaround to now inherit optimization CFLAGS when compiling wheels.
To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your
environment. See LP: https://launchpad.net/bugs/2002043 for further context.
APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND not detected.
building 'test' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c testmodule.c -o build/temp.linux-x86_64-2.7/testmodule.o
creating build/lib.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC build/temp.linux-x86_64-2.7/testmodule.o -o build/lib.linux-x86_64-2.7/test.so

No -02 optimization flag was used, now to use WA

# rm -rf build/ test.so
# export APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND=""
# python2 setup.py build_ext --inplace
running build_ext
There is a workaround to now inherit optimization CFLAGS when compiling wheels.
To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your
environment. See LP: https://launchpad.net/bugs/2002043 for further context.
APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND detected, using workaround.
building 'test' extension
creating build
creating build/temp.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c testmodule.c -o build/temp.linux-x86_64-2.7/testmodule.o
creating build/lib.linux-x86_64-2.7
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-aHqux6/python2.7-2.7.18=. -fstack-protector-st...

Read more...

Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Also tested that the WA is not applied in Launchpad by default. You can see my builds in this PPA, look at the buildlogs and ctrl+f for "APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND not detected."

https://launchpad.net/~mitchdz/+archive/ubuntu/python-stdlib-extensions-py2-opt

Revision history for this message
Lena Voytek (lvoytek) wrote :

LGTM! Matches up with Jammy changes. I'll go ahead and upload now that Launchpad is back up

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

Uploaded:

dput ubuntu ../python2.7_2.7.18-1~20.04.4_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: ../python2.7_2.7.18-1~20.04.4_source.changes: Valid signature from 34B8AD7D9529E793
Checking signature on .dsc
gpg: ../python2.7_2.7.18-1~20.04.4.dsc: Valid signature from 34B8AD7D9529E793
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading python2.7_2.7.18-1~20.04.4.dsc: done.
  Uploading python2.7_2.7.18-1~20.04.4.diff.gz: done.
  Uploading python2.7_2.7.18-1~20.04.4_source.buildinfo: done.
  Uploading python2.7_2.7.18-1~20.04.4_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 595c4b3..40c1201 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
1python2.7 (2.7.18-1~20.04.4) focal; urgency=medium
2
3 * Add d/p/add-optimization-flags-to-cflags.diff: Add optimization flags to
4 cflags when compiling C modules. (LP: #2002043)
5
6 -- Mitchell Dzurick <mitchell.dzurick@canonical.com> Wed, 31 Jan 2024 09:23:13 -0700
7
1python2.7 (2.7.18-1~20.04.3) focal-security; urgency=medium8python2.7 (2.7.18-1~20.04.3) focal-security; urgency=medium
29
3 * SECURITY UPDATE: Injection Attack10 * SECURITY UPDATE: Injection Attack
diff --git a/debian/patches/lp2002043-add-optimization-flags-to-cflags.patch b/debian/patches/lp2002043-add-optimization-flags-to-cflags.patch
4new file mode 10064411new file mode 100644
index 0000000..be02050
--- /dev/null
+++ b/debian/patches/lp2002043-add-optimization-flags-to-cflags.patch
@@ -0,0 +1,58 @@
1Subject: Add optimization to cflags in sysconfig.py when building C modules.
2
3When compiling C code using python, the resulting binary is not being optimized
4properly. Currently this is caused by the 'OPT' variable never being imported or
5used in distutils/sysconfig.py and not being appended to the cflags variable.
6This patch fixes the issue by importing 'OPT' and appending it to 'cflags'.
7
8Author: Mitchell Dzurick <mitchell.dzurick@canonical.com>
9Date: Wed, 31 Jan 2024 17:50:49 +0300
10Bug-Ubuntu: https://bugs.launchpad.net/bugs/2002043
11--- a/Lib/distutils/sysconfig.py
12+++ b/Lib/distutils/sysconfig.py
13@@ -190,12 +190,22 @@
14 _osx_support.customize_compiler(_config_vars)
15 _config_vars['CUSTOMIZED_OSX_COMPILER'] = 'True'
16
17- (cc, cxx, cflags, extra_cflags, basecflags,
18- ccshared, ldshared, so_ext, ar, ar_flags,
19- configure_cppflags, configure_cflags, configure_ldflags) = \
20- get_config_vars('CC', 'CXX', 'CFLAGS', 'EXTRA_CFLAGS', 'BASECFLAGS',
21- 'CCSHARED', 'LDSHARED', 'SO', 'AR', 'ARFLAGS',
22- 'CONFIGURE_CPPFLAGS', 'CONFIGURE_CFLAGS', 'CONFIGURE_LDFLAGS')
23+ lp2002043_ubuntu_cflags_workaround = 'APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND' in os.environ
24+
25+ if (lp2002043_ubuntu_cflags_workaround):
26+ (cc, cxx, cflags, extra_cflags, basecflags, opt,
27+ ccshared, ldshared, so_ext, ar, ar_flags,
28+ configure_cppflags, configure_cflags, configure_ldflags) = \
29+ get_config_vars('CC', 'CXX', 'CFLAGS', 'EXTRA_CFLAGS', 'BASECFLAGS', 'OPT',
30+ 'CCSHARED', 'LDSHARED', 'SO', 'AR', 'ARFLAGS',
31+ 'CONFIGURE_CPPFLAGS', 'CONFIGURE_CFLAGS', 'CONFIGURE_LDFLAGS')
32+ else:
33+ (cc, cxx, cflags, extra_cflags, basecflags,
34+ ccshared, ldshared, so_ext, ar, ar_flags,
35+ configure_cppflags, configure_cflags, configure_ldflags) = \
36+ get_config_vars('CC', 'CXX', 'CFLAGS', 'EXTRA_CFLAGS', 'BASECFLAGS',
37+ 'CCSHARED', 'LDSHARED', 'SO', 'AR', 'ARFLAGS',
38+ 'CONFIGURE_CPPFLAGS', 'CONFIGURE_CFLAGS', 'CONFIGURE_LDFLAGS')
39
40 if 'CC' in os.environ:
41 newcc = os.environ['CC']
42@@ -228,7 +238,15 @@
43 cflags = ' '.join(str(x) for x in (basecflags, os.environ['CFLAGS'], extra_cflags) if x)
44 ldshared = ldshared + ' ' + os.environ['CFLAGS']
45 elif configure_cflags:
46- cflags = ' '.join(str(x) for x in (basecflags, configure_cflags, extra_cflags) if x)
47+ print("There is a workaround to now inherit optimization CFLAGS when compiling wheels.")
48+ print("To enable this, set APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND in your")
49+ print("environment. See LP: https://launchpad.net/bugs/2002043 for further context.")
50+ if (lp2002043_ubuntu_cflags_workaround):
51+ print("APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND detected, using workaround.")
52+ cflags = ' '.join(str(x) for x in (basecflags, opt, configure_cflags, extra_cflags) if x)
53+ else:
54+ print("APPLY_LP2002043_UBUNTU_CFLAGS_WORKAROUND not detected.")
55+ cflags = ' '.join(str(x) for x in (basecflags, configure_cflags, extra_cflags) if x)
56 ldshared = ldshared + ' ' + configure_cflags
57 if 'CPPFLAGS' in os.environ:
58 cpp = cpp + ' ' + os.environ['CPPFLAGS']
diff --git a/debian/patches/series.in b/debian/patches/series.in
index 736031a..65e41d4 100644
--- a/debian/patches/series.in
+++ b/debian/patches/series.in
@@ -79,3 +79,4 @@ CVE-2019-9674.patch
79CVE-2020-26116.patch79CVE-2020-26116.patch
80CVE-2021-3177.patch80CVE-2021-3177.patch
81CVE-2015-20107.patch81CVE-2015-20107.patch
82lp2002043-add-optimization-flags-to-cflags.patch

Subscribers

People subscribed via source and target branches