kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Changes 2.7.6:

Browse source 
This is a 2.7 series bugfix release. Most importantly, it resolves an issue that caused the interactive prompt to crash on OS X 10.9. It also includes numerous bugfixes over 2.7.5.
This commit is contained in:
adam 2013-11-12 18:57:25 +00:00
parent e9dadd7068
commit 6f97a13202
8 changed files with 60 additions and 213 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lang/python27/Makefile
View file

@ -1,9 +1,8 @@
# $NetBSD: Makefile,v 1.31 2013/11/10 12:12:32 obache Exp $
# $NetBSD: Makefile,v 1.32 2013/11/12 18:57:25 adam Exp $
.include "dist.mk"
PKGNAME= python27-${PY_DISTVERSION}
PKGREVISION= 4
CATEGORIES= lang python
MAINTAINER= pkgsrc-users@NetBSD.org

34
lang/python27/PLIST.common
View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST.common,v 1.6 2013/08/18 13:42:14 spz Exp $
@comment $NetBSD: PLIST.common,v 1.7 2013/11/12 18:57:25 adam Exp $
bin/2to3-${PY_VER_SUFFIX}
bin/pydoc${PY_VER_SUFFIX}
bin/python${PY_VER_SUFFIX}
@ -2172,6 +2172,7 @@ lib/python${PY_VER_SUFFIX}/lib2to3/tests/data/README
lib/python${PY_VER_SUFFIX}/lib2to3/tests/data/bom.py
lib/python${PY_VER_SUFFIX}/lib2to3/tests/data/crlf.py
lib/python${PY_VER_SUFFIX}/lib2to3/tests/data/different_encoding.py
lib/python${PY_VER_SUFFIX}/lib2to3/tests/data/false_encoding.py
lib/python${PY_VER_SUFFIX}/lib2to3/tests/data/fixers/bad_order.py
lib/python${PY_VER_SUFFIX}/lib2to3/tests/data/fixers/myfixes/__init__.py
lib/python${PY_VER_SUFFIX}/lib2to3/tests/data/fixers/myfixes/fix_explicit.py
@ -2573,6 +2574,22 @@ lib/python${PY_VER_SUFFIX}/test/Sine-1000Hz-300ms.aif
lib/python${PY_VER_SUFFIX}/test/__init__.py
lib/python${PY_VER_SUFFIX}/test/__init__.pyc
lib/python${PY_VER_SUFFIX}/test/__init__.pyo
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm16.aiff
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm16.au
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm16.wav
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm24.aiff
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm24.wav
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm32.aiff
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm32.au
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm32.wav
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm8.aiff
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm8.au
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-pcm8.wav
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-ulaw.aifc
lib/python${PY_VER_SUFFIX}/test/audiodata/pluck-ulaw.au
lib/python${PY_VER_SUFFIX}/test/audiotests.py
lib/python${PY_VER_SUFFIX}/test/audiotests.pyc
lib/python${PY_VER_SUFFIX}/test/audiotests.pyo
lib/python${PY_VER_SUFFIX}/test/audiotest.au
lib/python${PY_VER_SUFFIX}/test/autotest.py
lib/python${PY_VER_SUFFIX}/test/autotest.pyc
@ -3403,6 +3420,9 @@ lib/python${PY_VER_SUFFIX}/test/test_httplib.pyo
lib/python${PY_VER_SUFFIX}/test/test_httpservers.py
lib/python${PY_VER_SUFFIX}/test/test_httpservers.pyc
lib/python${PY_VER_SUFFIX}/test/test_httpservers.pyo
lib/python${PY_VER_SUFFIX}/test/test_idle.py
lib/python${PY_VER_SUFFIX}/test/test_idle.pyc
lib/python${PY_VER_SUFFIX}/test/test_idle.pyo
lib/python${PY_VER_SUFFIX}/test/test_imageop.py
lib/python${PY_VER_SUFFIX}/test/test_imageop.pyc
lib/python${PY_VER_SUFFIX}/test/test_imageop.pyo
@ -3499,6 +3519,9 @@ lib/python${PY_VER_SUFFIX}/test/test_macostools.pyo
lib/python${PY_VER_SUFFIX}/test/test_macpath.py
lib/python${PY_VER_SUFFIX}/test/test_macpath.pyc
lib/python${PY_VER_SUFFIX}/test/test_macpath.pyo
lib/python${PY_VER_SUFFIX}/test/test_macurl2path.py
lib/python${PY_VER_SUFFIX}/test/test_macurl2path.pyc
lib/python${PY_VER_SUFFIX}/test/test_macurl2path.pyo
lib/python${PY_VER_SUFFIX}/test/test_mailbox.py
lib/python${PY_VER_SUFFIX}/test/test_mailbox.pyc
lib/python${PY_VER_SUFFIX}/test/test_mailbox.pyo
@ -3568,6 +3591,9 @@ lib/python${PY_VER_SUFFIX}/test/test_new.pyo
lib/python${PY_VER_SUFFIX}/test/test_nis.py
lib/python${PY_VER_SUFFIX}/test/test_nis.pyc
lib/python${PY_VER_SUFFIX}/test/test_nis.pyo
lib/python${PY_VER_SUFFIX}/test/test_nntplib.py
lib/python${PY_VER_SUFFIX}/test/test_nntplib.pyc
lib/python${PY_VER_SUFFIX}/test/test_nntplib.pyo
lib/python${PY_VER_SUFFIX}/test/test_normalization.py
lib/python${PY_VER_SUFFIX}/test/test_normalization.pyc
lib/python${PY_VER_SUFFIX}/test/test_normalization.pyo
@ -3805,6 +3831,9 @@ lib/python${PY_VER_SUFFIX}/test/test_sqlite.pyo
lib/python${PY_VER_SUFFIX}/test/test_ssl.py
lib/python${PY_VER_SUFFIX}/test/test_ssl.pyc
lib/python${PY_VER_SUFFIX}/test/test_ssl.pyo
lib/python${PY_VER_SUFFIX}/test/test_stat.py
lib/python${PY_VER_SUFFIX}/test/test_stat.pyc
lib/python${PY_VER_SUFFIX}/test/test_stat.pyo
lib/python${PY_VER_SUFFIX}/test/test_startfile.py
lib/python${PY_VER_SUFFIX}/test/test_startfile.pyc
lib/python${PY_VER_SUFFIX}/test/test_startfile.pyo
@ -3841,6 +3870,9 @@ lib/python${PY_VER_SUFFIX}/test/test_structseq.pyo
lib/python${PY_VER_SUFFIX}/test/test_subprocess.py
lib/python${PY_VER_SUFFIX}/test/test_subprocess.pyc
lib/python${PY_VER_SUFFIX}/test/test_subprocess.pyo
lib/python${PY_VER_SUFFIX}/test/test_sunau.py
lib/python${PY_VER_SUFFIX}/test/test_sunau.pyc
lib/python${PY_VER_SUFFIX}/test/test_sunau.pyo
lib/python${PY_VER_SUFFIX}/test/test_sunaudiodev.py
lib/python${PY_VER_SUFFIX}/test/test_sunaudiodev.pyc
lib/python${PY_VER_SUFFIX}/test/test_sunaudiodev.pyo

4
lang/python27/dist.mk
View file

@ -1,6 +1,6 @@
# $NetBSD: dist.mk,v 1.5 2013/05/27 16:24:00 adam Exp $
# $NetBSD: dist.mk,v 1.6 2013/11/12 18:57:25 adam Exp $
PY_DISTVERSION= 2.7.5
PY_DISTVERSION= 2.7.6
DISTNAME= Python-${PY_DISTVERSION}
EXTRACT_SUFX= .tar.xz
DISTINFO_FILE= ${.CURDIR}/../../lang/python27/distinfo

14
lang/python27/distinfo
View file

@ -1,15 +1,13 @@
$NetBSD: distinfo,v 1.27 2013/09/13 13:18:20 adam Exp $
$NetBSD: distinfo,v 1.28 2013/11/12 18:57:25 adam Exp $
SHA1 (Python-2.7.5.tar.xz) = b7389791f789625c2ba9d897aa324008ff482daf
RMD160 (Python-2.7.5.tar.xz) = baa7ad7d82cb4dc0a70b6a7aded43b7b78b0067e
Size (Python-2.7.5.tar.xz) = 10252148 bytes
SHA1 (Python-2.7.6.tar.xz) = 8321636af2acbeaa68fc635d7dda7369ed446a80
RMD160 (Python-2.7.6.tar.xz) = 8efc73a01a466d8fa16c5c1734c89be79c2c538a
Size (Python-2.7.6.tar.xz) = 10431288 bytes
SHA1 (patch-Include_node.h) = 673d148b625711ac47e4bfeb0f5b0d5b31f94d7e
SHA1 (patch-Include_pyerrors.h) = 3eba043c83b1d1df4918524f7b53047a6ed372ae
SHA1 (patch-Lib_distutils_unixccompiler.py) = 39b967dc2ae648143d5841f22602a21063b4d5ea
SHA1 (patch-Lib_test_nullbytecert.pem) = 22f866c0e00016a0931985f672513c0d533d9db5
SHA1 (patch-Lib_test_test__ssl.py) = 30622803b45db6c081f8a507139ad0ad56b1ba43
SHA1 (patch-Misc_NEWS) = a7871e744f509aca0e3eac7bc3c71d742621ca20
SHA1 (patch-Modules___ssl.c) = d66e56a1a88d885564cbbce7afef55467f80d19a
SHA1 (patch-Modules___ssl.c) = aaddaea5bcd6c84d3d896c7c37f710933b8228bc
SHA1 (patch-Modules_getpath.c) = f68b38eb90f974b67ceab3922ce7f92eb77f25c3
SHA1 (patch-aa) = 990e4025bb6a37715e1f5df1831499f0ab08acfa
SHA1 (patch-ab) = 0d0ae9802dfe3b85659adb16793affd8c4ffce43
@ -17,7 +15,7 @@ SHA1 (patch-ad) = de730b9f5a5efb56afa8bed05824b5f6579242ec
SHA1 (patch-ae) = ff6d8c6164fe3c6dc4fb33d88eb8a49d5c5442f6
SHA1 (patch-ah) = ae3ce0656d890ca34292920bf0185f94ba847139
SHA1 (patch-al) = dd8bed847f797b97df1a9ad7ffe17645b0f08925
SHA1 (patch-am) = c07ae10d62d3b071c180ea138b225d9d1586abb3
SHA1 (patch-am) = 80718042f67a22489b1ae0806e71f28c1515c28e
SHA1 (patch-an) = 6098fbf0fc31422196cc40d3a227934523db11ca
SHA1 (patch-ao) = 3a1cd2b255340fd23fc1fce8680e692581ffcec1
SHA1 (patch-au) = 2a2a988ac92553d17eb898870d1adb3c30a59b66

67
lang/python27/patches/patch-Lib_test_test__ssl.py
View file

@ -1,67 +0,0 @@
$NetBSD: patch-Lib_test_test__ssl.py,v 1.1 2013/08/18 13:42:14 spz Exp $
patch for CVE-2013-4238 taken from
http://hg.python.org/cpython/rev/bd2360476bdb
--- Lib/test/test_ssl.py.orig 2013-05-12 03:32:47.000000000 +0000
+++ Lib/test/test_ssl.py
@@ -25,6 +25,7 @@ ssl = test_support.import_module("ssl")
HOST = test_support.HOST
CERTFILE = None
SVN_PYTHON_ORG_ROOT_CERT = None
+NULLBYTECERT = None
def handle_error(prefix):
exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
@@ -123,6 +124,27 @@ class BasicSocketTests(unittest.TestCase
('DNS', 'projects.forum.nokia.com'))
)
+ def test_parse_cert_CVE_2013_4238(self):
+ p = ssl._ssl._test_decode_cert(NULLBYTECERT)
+ if test_support.verbose:
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
+ subject = ((('countryName', 'US'),),
+ (('stateOrProvinceName', 'Oregon'),),
+ (('localityName', 'Beaverton'),),
+ (('organizationName', 'Python Software Foundation'),),
+ (('organizationalUnitName', 'Python Core Development'),),
+ (('commonName', 'null.python.org\x00example.org'),),
+ (('emailAddress', 'python-dev@python.org'),))
+ self.assertEqual(p['subject'], subject)
+ self.assertEqual(p['issuer'], subject)
+ self.assertEqual(p['subjectAltName'],
+ (('DNS', 'altnull.python.org\x00example.com'),
+ ('email', 'null@python.org\x00user@example.org'),
+ ('URI', 'http://null.python.org\x00http://example.org'),
+ ('IP Address', '192.0.2.1'),
+ ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
+ )
+
def test_DER_to_PEM(self):
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
pem = f.read()
@@ -1360,7 +1382,7 @@ else:
def test_main(verbose=False):
- global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT
+ global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT, NULLBYTECERT
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"keycert.pem")
SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
@@ -1368,10 +1390,13 @@ def test_main(verbose=False):
"https_svn_python_org_root.pem")
NOKIACERT = os.path.join(os.path.dirname(__file__) or os.curdir,
"nokia.pem")
+ NULLBYTECERT = os.path.join(os.path.dirname(__file__) or os.curdir,
+ "nullbytecert.pem")
if (not os.path.exists(CERTFILE) or
not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or
- not os.path.exists(NOKIACERT)):
+ not os.path.exists(NOKIACERT) or
+ not os.path.exists(NULLBYTECERT)):
raise test_support.TestFailed("Can't read certificate files!")
tests = [BasicTests, BasicSocketTests]

20
lang/python27/patches/patch-Misc_NEWS
View file

@ -1,20 +0,0 @@
$NetBSD: patch-Misc_NEWS,v 1.1 2013/08/18 13:42:14 spz Exp $
patch for CVE-2013-4238 taken from
http://hg.python.org/cpython/rev/bd2360476bdb
--- Misc/NEWS.orig 2013-05-12 03:32:49.000000000 +0000
+++ Misc/NEWS
@@ -26,6 +26,12 @@ Core and Builtins
Library
-------
+- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
+ inside subjectAltName correctly. Formerly the module has used OpenSSL's
+ GENERAL_NAME_print() function to get the string represention of ASN.1
+ strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
+ ``uniformResourceIdentifier`` (URI).
+
- Issue #16601: Restarting iteration over tarfile no more continues from where
it left off. Patch by Michael Birtwell.

102
lang/python27/patches/patch-Modules___ssl.c
View file

@ -1,11 +1,8 @@
$NetBSD: patch-Modules___ssl.c,v 1.2 2013/08/18 13:42:14 spz Exp $
$NetBSD: patch-Modules___ssl.c,v 1.3 2013/11/12 18:57:25 adam Exp $
* from cygport 2.6.2-ssl-threads.patch
Cygwin fix from cygport 2.6.2-ssl-threads.patch
patch for CVE-2013-4238 taken from
http://hg.python.org/cpython/rev/bd2360476bdb
--- Modules/_ssl.c.orig 2013-04-06 14:02:36.000000000 +0000
--- Modules/_ssl.c.orig 2013-11-10 07:36:41.000000000 +0000
+++ Modules/_ssl.c
@@ -16,6 +16,10 @@
@ -17,97 +14,4 @@ http://hg.python.org/cpython/rev/bd2360476bdb
+
#ifdef WITH_THREAD
#include "pythread.h"
#define PySSL_BEGIN_ALLOW_THREADS { \
@@ -738,13 +742,16 @@ _get_peer_alt_names (X509 *certificate)
ext->value->length));
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
-
/* get a rendering of each name in the set of names */
+ int gntype;
+ ASN1_STRING *as = NULL;
name = sk_GENERAL_NAME_value(names, j);
- if (name->type == GEN_DIRNAME) {
-
- /* we special-case DirName as a tuple of tuples of attributes */
+ gntype = name-> type;
+ switch (gntype) {
+ case GEN_DIRNAME:
+ /* we special-case DirName as a tuple of
+ tuples of attributes */
t = PyTuple_New(2);
if (t == NULL) {
@@ -764,11 +771,61 @@ _get_peer_alt_names (X509 *certificate)
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
- } else {
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ /* GENERAL_NAME_print() doesn't handle NULL bytes in ASN1_string
+ correctly, CVE-2013-4238 */
+ t = PyTuple_New(2);
+ if (t == NULL)
+ goto fail;
+ switch (gntype) {
+ case GEN_EMAIL:
+ v = PyString_FromString("email");
+ as = name->d.rfc822Name;
+ break;
+ case GEN_DNS:
+ v = PyString_FromString("DNS");
+ as = name->d.dNSName;
+ break;
+ case GEN_URI:
+ v = PyString_FromString("URI");
+ as = name->d.uniformResourceIdentifier;
+ break;
+ }
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 0, v);
+ v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as),
+ ASN1_STRING_length(as));
+ if (v == NULL) {
+ Py_DECREF(t);
+ goto fail;
+ }
+ PyTuple_SET_ITEM(t, 1, v);
+ break;
+ default:
/* for everything else, we use the OpenSSL print form */
-
+ switch (gntype) {
+ /* check for new general name type */
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ case GEN_IPADD:
+ case GEN_RID:
+ break;
+ default:
+ if (PyErr_Warn(PyExc_RuntimeWarning,
+ "Unknown general name type") == -1) {
+ goto fail;
+ }
+ break;
+ }
(void) BIO_reset(biobuf);
GENERAL_NAME_print(biobuf, name);
len = BIO_gets(biobuf, buf, sizeof(buf)-1);
@@ -794,6 +851,7 @@ _get_peer_alt_names (X509 *certificate)
goto fail;
}
PyTuple_SET_ITEM(t, 1, v);
+ break;
}
/* and add that rendering to the list */

29
lang/python27/patches/patch-am
View file

@ -1,4 +1,4 @@
$NetBSD: patch-am,v 1.10 2013/05/27 16:24:00 adam Exp $
$NetBSD: patch-am,v 1.11 2013/11/12 18:57:25 adam Exp $
Disabled modules for normal build:
bsddb
@ -21,7 +21,7 @@ Build the 1.85 compat module all the time against the BDB version of choice.
cygwin 2.7.3-no-libm.patch
--- setup.py.orig 2013-04-06 14:02:41.000000000 +0000
--- setup.py.orig 2013-11-10 07:36:41.000000000 +0000
+++ setup.py
@@ -33,7 +33,7 @@ host_platform = get_platform()
COMPILED_WITH_PYDEBUG = ('--with-pydebug' in sysconfig.get_config_var("CONFIG_ARGS"))
@ -32,13 +32,14 @@ cygwin 2.7.3-no-libm.patch
def add_dir_to_list(dirlist, dir):
"""Add the directory 'dir' to the list 'dirlist' (at the front) if
@@ -436,9 +436,15 @@ class PyBuildExt(build_ext):
@@ -436,10 +436,15 @@ class PyBuildExt(build_ext):
os.unlink(tmpfile)
def detect_modules(self):
- # Ensure that /usr/local is always used
- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
- add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
- if not cross_compiling:
- add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
- add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
+ # Add the buildlink directories for pkgsrc
+ if os.environ.has_key('BUILDLINK_DIR'):
+ dir = os.environ['BUILDLINK_DIR']
@ -48,10 +49,10 @@ cygwin 2.7.3-no-libm.patch
+ self.compiler.library_dirs.insert(0, libdir)
+ if incdir not in self.compiler.include_dirs:
+ self.compiler.include_dirs.insert(0, incdir)
self.add_gcc_paths()
if cross_compiling:
self.add_gcc_paths()
self.add_multiarch_paths()
@@ -548,7 +554,7 @@ class PyBuildExt(build_ext):
@@ -551,7 +556,7 @@ class PyBuildExt(build_ext):
# Check for MacOS X, which doesn't need libm.a at all
math_libs = ['m']
@ -60,7 +61,7 @@ cygwin 2.7.3-no-libm.patch
math_libs = []
# XXX Omitted modules: gl, pure, dl, SGI-specific modules
@@ -794,9 +800,7 @@ class PyBuildExt(build_ext):
@@ -797,9 +802,7 @@ class PyBuildExt(build_ext):
if krb5_h:
ssl_incs += krb5_h
ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs,
@ -71,7 +72,7 @@ cygwin 2.7.3-no-libm.patch
if (ssl_incs is not None and
ssl_libs is not None):
@@ -915,175 +919,6 @@ class PyBuildExt(build_ext):
@@ -918,175 +921,6 @@ class PyBuildExt(build_ext):
else:
raise ValueError("unknown major BerkeleyDB version", major)
@ -247,7 +248,7 @@ cygwin 2.7.3-no-libm.patch
# The sqlite interface
sqlite_setup_debug = False # verbose debug prints from this script?
@@ -1201,35 +1036,39 @@ class PyBuildExt(build_ext):
@@ -1204,35 +1038,39 @@ class PyBuildExt(build_ext):
# we do not build this one. Otherwise this build will pick up
# the more recent berkeleydb's db.h file first in the include path
# when attempting to compile and it will fail.
@ -311,7 +312,7 @@ cygwin 2.7.3-no-libm.patch
config_args = [arg.strip("'")
for arg in sysconfig.get_config_var("CONFIG_ARGS").split()]
dbm_args = [arg for arg in config_args
@@ -1241,7 +1080,7 @@ class PyBuildExt(build_ext):
@@ -1244,7 +1082,7 @@ class PyBuildExt(build_ext):
dbmext = None
for cand in dbm_order:
if cand == "ndbm":
@ -320,7 +321,7 @@ cygwin 2.7.3-no-libm.patch
# Some systems have -lndbm, others have -lgdbm_compat,
# others don't have either
if self.compiler.find_library_file(lib_dirs,
@@ -1285,18 +1124,14 @@ class PyBuildExt(build_ext):
@@ -1288,18 +1126,14 @@ class PyBuildExt(build_ext):
libraries = gdbm_libs)
break
elif cand == "bdb":
@ -347,7 +348,7 @@ cygwin 2.7.3-no-libm.patch
if dbmext is not None:
exts.append(dbmext)
else:
@@ -2176,9 +2011,9 @@ def main():
@@ -2222,9 +2056,9 @@ def main():
ext_modules=[Extension('_struct', ['_struct.c'])],
# Scripts to install