diff --git a/.gitignore b/.gitignore index 285bb0f..d1f3235 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/Python-3.12.1.tar.xz +Python-3.12.9.tar.xz diff --git a/.python3.12.metadata b/.python3.12.metadata deleted file mode 100644 index de37775..0000000 --- a/.python3.12.metadata +++ /dev/null @@ -1 +0,0 @@ -5b11c58ea58cd6b8e1943c7e9b5f6e0997ca3632 SOURCES/Python-3.12.1.tar.xz diff --git a/SOURCES/00251-change-user-install-location.patch b/00251-change-user-install-location.patch similarity index 94% rename from SOURCES/00251-change-user-install-location.patch rename to 00251-change-user-install-location.patch index 1622e53..123640e 100644 --- a/SOURCES/00251-change-user-install-location.patch +++ b/00251-change-user-install-location.patch @@ -30,10 +30,10 @@ Co-authored-by: Lumír Balhar 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/Lib/site.py b/Lib/site.py -index 672fa7b000..0a9c5be53e 100644 +index aed254ad50..568dbdb945 100644 --- a/Lib/site.py +++ b/Lib/site.py -@@ -377,8 +377,15 @@ def getsitepackages(prefixes=None): +@@ -398,8 +398,15 @@ def getsitepackages(prefixes=None): return sitepackages def addsitepackages(known_paths, prefixes=None): @@ -51,7 +51,7 @@ index 672fa7b000..0a9c5be53e 100644 if os.path.isdir(sitedir): addsitedir(sitedir, known_paths) diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py -index 122d441bd1..2d354a11da 100644 +index 7dd63b9355..41a151e70e 100644 --- a/Lib/sysconfig.py +++ b/Lib/sysconfig.py @@ -104,6 +104,11 @@ @@ -86,7 +86,7 @@ index 122d441bd1..2d354a11da 100644 _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', 'scripts', 'data') -@@ -263,11 +281,40 @@ def _extend_dict(target_dict, other_dict): +@@ -261,11 +279,40 @@ def _extend_dict(target_dict, other_dict): target_dict[key] = value @@ -119,7 +119,7 @@ index 122d441bd1..2d354a11da 100644 + # we only change the defaults here, so explicit --prefix will take precedence + # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe + if (scheme == 'posix_prefix' and -+ _PREFIX == '/usr' and ++ sys.prefix == '/usr' and + 'RPM_BUILD_ROOT' not in os.environ): + _extend_dict(vars, _config_vars_local()) + else: @@ -129,10 +129,10 @@ index 122d441bd1..2d354a11da 100644 # On Windows we want to substitute 'lib' for schemes rather # than the native value (without modifying vars, in case it diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py -index b6dbf3d52c..4f06a7673c 100644 +index 3468d0ce02..ff31010427 100644 --- a/Lib/test/test_sysconfig.py +++ b/Lib/test/test_sysconfig.py -@@ -110,8 +110,19 @@ def test_get_path(self): +@@ -119,8 +119,19 @@ def test_get_path(self): for scheme in _INSTALL_SCHEMES: for name in _INSTALL_SCHEMES[scheme]: expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) @@ -153,7 +153,7 @@ index b6dbf3d52c..4f06a7673c 100644 os.path.normpath(expected), ) -@@ -335,7 +346,7 @@ def test_get_config_h_filename(self): +@@ -353,7 +364,7 @@ def test_get_config_h_filename(self): self.assertTrue(os.path.isfile(config_h), config_h) def test_get_scheme_names(self): @@ -162,7 +162,7 @@ index b6dbf3d52c..4f06a7673c 100644 if HAS_USER_BASE: wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) -@@ -347,6 +358,8 @@ def test_symlink(self): # Issue 7880 +@@ -365,6 +376,8 @@ def test_symlink(self): # Issue 7880 cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) diff --git a/SOURCES/00329-fips.patch b/00329-fips.patch similarity index 69% rename from SOURCES/00329-fips.patch rename to 00329-fips.patch index 5cda8e7..6d9944e 100644 --- a/SOURCES/00329-fips.patch +++ b/00329-fips.patch @@ -1,7 +1,7 @@ -From 5cedde59cde3f05af798a7cb5bc722cb0deb4835 Mon Sep 17 00:00:00 2001 +From 11deb3112bd90bc2dce2fcd4a1f5975c08b91360 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 12 Dec 2019 16:58:31 +0100 -Subject: [PATCH 1/6] Expose blake2b and blake2s hashes from OpenSSL +Subject: [PATCH 1/5] Expose blake2b and blake2s hashes from OpenSSL These aren't as powerful as Python's own implementation, but they can be used under FIPS. @@ -29,10 +29,10 @@ index 73d758a..5921360 100644 computed = m.hexdigest() if not shake else m.hexdigest(length) self.assertEqual( diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index af6d1b2..980712f 100644 +index 2998820..b96001e 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c -@@ -1079,6 +1079,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, +@@ -1128,6 +1128,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, } @@ -74,7 +74,7 @@ index af6d1b2..980712f 100644 #ifdef PY_OPENSSL_HAS_SHA3 /*[clinic input] -@@ -2067,6 +2102,8 @@ static struct PyMethodDef EVP_functions[] = { +@@ -2116,6 +2151,8 @@ static struct PyMethodDef EVP_functions[] = { _HASHLIB_OPENSSL_SHA256_METHODDEF _HASHLIB_OPENSSL_SHA384_METHODDEF _HASHLIB_OPENSSL_SHA512_METHODDEF @@ -84,7 +84,7 @@ index af6d1b2..980712f 100644 _HASHLIB_OPENSSL_SHA3_256_METHODDEF _HASHLIB_OPENSSL_SHA3_384_METHODDEF diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h -index fb61a44..1e42b87 100644 +index 84e2346..7fe03a3 100644 --- a/Modules/clinic/_hashopenssl.c.h +++ b/Modules/clinic/_hashopenssl.c.h @@ -743,6 +743,156 @@ exit: @@ -248,16 +248,16 @@ index fb61a44..1e42b87 100644 #ifndef _HASHLIB_SCRYPT_METHODDEF #define _HASHLIB_SCRYPT_METHODDEF #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */ --/*[clinic end generated code: output=b339e255db698147 input=a9049054013a1b77]*/ -+/*[clinic end generated code: output=1d988d457a8beebe input=a9049054013a1b77]*/ +-/*[clinic end generated code: output=4734184f6555dc95 input=a9049054013a1b77]*/ ++/*[clinic end generated code: output=f0bfddb963a21208 input=a9049054013a1b77]*/ -- -2.43.0 +2.47.1 -From 2a12baa9e201f54560ec99ad5ee1fa5b0006aa39 Mon Sep 17 00:00:00 2001 +From ea9d5c84e25b5c04c2823e1edee4354dd6b2b7a5 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 25 Jul 2019 17:19:06 +0200 -Subject: [PATCH 2/6] Disable Python's hash implementations in FIPS mode, +Subject: [PATCH 2/5] Disable Python's hash implementations in FIPS mode, forcing OpenSSL --- @@ -445,10 +445,10 @@ index a8bad9d..1b1d937 100644 + if (_Py_hashlib_fips_error(exc, name)) return NULL; \ +} while (0) diff --git a/configure.ac b/configure.ac -index 1876f77..1875d1e 100644 +index 9270b5f..a9eb2c9 100644 --- a/configure.ac +++ b/configure.ac -@@ -7439,7 +7439,8 @@ PY_STDLIB_MOD([_sha2], +@@ -7482,7 +7482,8 @@ PY_STDLIB_MOD([_sha2], PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes], [], @@ -459,13 +459,13 @@ index 1876f77..1875d1e 100644 PY_STDLIB_MOD([_crypt], [], [test "$ac_cv_crypt_crypt" = yes], -- -2.43.0 +2.47.1 -From bca05b7fdb8dcab21ef80db1d59dd5daa835d84b Mon Sep 17 00:00:00 2001 +From 29a7b7ac9e18a501ed78bde7a449b90c57d44e24 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Fri, 29 Jan 2021 14:16:21 +0100 -Subject: [PATCH 3/6] Use python's fall back crypto implementations only if we +Subject: [PATCH 3/5] Use python's fall back crypto implementations only if we are not in FIPS mode --- @@ -552,13 +552,13 @@ index dd61a9a..6031b02 100644 get_builtin_constructor = getattr(hashlib, '__get_builtin_constructor') -- -2.43.0 +2.47.1 -From c9a79f0aafd28677e3e0b8a1f6410105a71ff071 Mon Sep 17 00:00:00 2001 +From 59accf544492400c9fd32a8e682fb6f2206e932e Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 31 Jul 2019 15:43:43 +0200 -Subject: [PATCH 4/6] Test equivalence of hashes for the various digests with +Subject: [PATCH 4/5] Test equivalence of hashes for the various digests with usedforsecurity=True/False --- @@ -712,21 +712,21 @@ index 6031b02..5bd5297 100644 class KDFTests(unittest.TestCase): -- -2.43.0 +2.47.1 -From e972a838729ea84a0f2e0ca8e88ae1bfc129e7d8 Mon Sep 17 00:00:00 2001 +From 21efadd8b488956482bdc6ccd91c37dcef705129 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 26 Aug 2019 19:39:48 +0200 -Subject: [PATCH 5/6] Guard against Python HMAC in FIPS mode +Subject: [PATCH 5/5] Guard against Python HMAC in FIPS mode --- - Lib/hmac.py | 13 +++++++++---- + Lib/hmac.py | 12 +++++++++--- Lib/test/test_hmac.py | 10 ++++++++++ - 2 files changed, 19 insertions(+), 4 deletions(-) + 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/Lib/hmac.py b/Lib/hmac.py -index 8b4f920..20ef96c 100644 +index 8b4eb2f..8930bda 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -16,8 +16,9 @@ else: @@ -741,16 +741,9 @@ index 8b4f920..20ef96c 100644 # The size of the digests returned by HMAC depends on the underlying # hashing module used. Use digest_size from the instance of HMAC instead. -@@ -48,17 +49,18 @@ class HMAC: - msg argument. Passing it as a keyword argument is - recommended, though not required for legacy API reasons. - """ -- - if not isinstance(key, (bytes, bytearray)): - raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).__name__) - +@@ -55,10 +56,12 @@ class HMAC: if not digestmod: - raise TypeError("Missing required parameter 'digestmod'.") + raise TypeError("Missing required argument 'digestmod'.") - if _hashopenssl and isinstance(digestmod, (str, _functype)): + if _hashopenssl.get_fips_mode() or (_hashopenssl and isinstance(digestmod, (str, _functype))): @@ -762,7 +755,7 @@ index 8b4f920..20ef96c 100644 self._init_old(key, msg, digestmod) else: self._init_old(key, msg, digestmod) -@@ -69,6 +71,9 @@ class HMAC: +@@ -69,6 +72,9 @@ class HMAC: self.block_size = self._hmac.block_size def _init_old(self, key, msg, digestmod): @@ -773,7 +766,7 @@ index 8b4f920..20ef96c 100644 digest_cons = digestmod elif isinstance(digestmod, str): diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py -index a39a2c4..b7b24ab 100644 +index 1502fba..7997073 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -5,6 +5,7 @@ import hashlib @@ -812,7 +805,7 @@ index a39a2c4..b7b24ab 100644 @unittest.skipUnless(sha256_module is not None, 'need _sha256') def test_with_sha256_module(self): h = hmac.HMAC(b"key", b"hash this!", digestmod=sha256_module.sha256) -@@ -481,6 +489,7 @@ class SanityTestCase(unittest.TestCase): +@@ -489,6 +497,7 @@ class UpdateTestCase(unittest.TestCase): class CopyTestCase(unittest.TestCase): @@ -820,7 +813,7 @@ index a39a2c4..b7b24ab 100644 @hashlib_helper.requires_hashdigest('sha256') def test_attributes_old(self): # Testing if attributes are of same type. -@@ -492,6 +501,7 @@ class CopyTestCase(unittest.TestCase): +@@ -500,6 +509,7 @@ class CopyTestCase(unittest.TestCase): self.assertEqual(type(h1._outer), type(h2._outer), "Types of outer don't match.") @@ -829,270 +822,5 @@ index a39a2c4..b7b24ab 100644 def test_realcopy_old(self): # Testing if the copy method created a real copy. -- -2.43.0 - - -From b12202196a78b877dcd32cfea273051b60038a41 Mon Sep 17 00:00:00 2001 -From: Petr Viktorin -Date: Wed, 25 Aug 2021 16:44:43 +0200 -Subject: [PATCH 6/6] Disable hash-based PYCs in FIPS mode - -If FIPS mode is on, we can't use siphash-based HMAC -(_Py_KeyedHash), so: - -- Unchecked hash PYCs can be imported, but not created -- Checked hash PYCs can not be imported nor created -- The default mode is timestamp-based PYCs, even if - SOURCE_DATE_EPOCH is set. - -If FIPS mode is off, there are no changes in behavior. - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1835169 ---- - Lib/py_compile.py | 4 +++- - Lib/test/support/__init__.py | 14 +++++++++++++ - Lib/test/test_cmd_line_script.py | 2 ++ - Lib/test/test_compileall.py | 11 +++++++++- - .../test_importlib/source/test_file_loader.py | 6 ++++++ - Lib/test/test_py_compile.py | 11 ++++++++-- - Lib/test/test_zipimport.py | 2 ++ - Python/import.c | 20 +++++++++++++++++++ - 8 files changed, 66 insertions(+), 4 deletions(-) - -diff --git a/Lib/py_compile.py b/Lib/py_compile.py -index 388614e..fd9a139 100644 ---- a/Lib/py_compile.py -+++ b/Lib/py_compile.py -@@ -70,7 +70,9 @@ class PycInvalidationMode(enum.Enum): - - - def _get_default_invalidation_mode(): -- if os.environ.get('SOURCE_DATE_EPOCH'): -+ import _hashlib -+ if (os.environ.get('SOURCE_DATE_EPOCH') and not -+ _hashlib.get_fips_mode()): - return PycInvalidationMode.CHECKED_HASH - else: - return PycInvalidationMode.TIMESTAMP -diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py -index fd9265c..fcd1ea7 100644 ---- a/Lib/test/support/__init__.py -+++ b/Lib/test/support/__init__.py -@@ -2346,6 +2346,20 @@ def sleeping_retry(timeout, err_msg=None, /, - delay = min(delay * 2, max_delay) - - -+def fails_in_fips_mode(expected_error): -+ import _hashlib -+ if _hashlib.get_fips_mode(): -+ def _decorator(func): -+ def _wrapper(self, *args, **kwargs): -+ with self.assertRaises(expected_error): -+ func(self, *args, **kwargs) -+ return _wrapper -+ else: -+ def _decorator(func): -+ return func -+ return _decorator -+ -+ - @contextlib.contextmanager - def adjust_int_max_str_digits(max_digits): - """Temporarily change the integer string conversion length limit.""" -diff --git a/Lib/test/test_cmd_line_script.py b/Lib/test/test_cmd_line_script.py -index 1b58882..d6caff1 100644 ---- a/Lib/test/test_cmd_line_script.py -+++ b/Lib/test/test_cmd_line_script.py -@@ -286,6 +286,7 @@ class CmdLineTest(unittest.TestCase): - self._check_script(zip_name, run_name, zip_name, zip_name, '', - zipimport.zipimporter) - -+ @support.fails_in_fips_mode(ImportError) - def test_zipfile_compiled_checked_hash(self): - with os_helper.temp_dir() as script_dir: - script_name = _make_test_script(script_dir, '__main__') -@@ -296,6 +297,7 @@ class CmdLineTest(unittest.TestCase): - self._check_script(zip_name, run_name, zip_name, zip_name, '', - zipimport.zipimporter) - -+ @support.fails_in_fips_mode(ImportError) - def test_zipfile_compiled_unchecked_hash(self): - with os_helper.temp_dir() as script_dir: - script_name = _make_test_script(script_dir, '__main__') -diff --git a/Lib/test/test_compileall.py b/Lib/test/test_compileall.py -index 9cd92ad..4ec29a1 100644 ---- a/Lib/test/test_compileall.py -+++ b/Lib/test/test_compileall.py -@@ -806,14 +806,23 @@ class CommandLineTestsBase: - out = self.assertRunOK('badfilename') - self.assertRegex(out, b"Can't list 'badfilename'") - -- def test_pyc_invalidation_mode(self): -+ @support.fails_in_fips_mode(AssertionError) -+ def test_pyc_invalidation_mode_checked(self): - script_helper.make_script(self.pkgdir, 'f1', '') - pyc = importlib.util.cache_from_source( - os.path.join(self.pkgdir, 'f1.py')) -+ - self.assertRunOK('--invalidation-mode=checked-hash', self.pkgdir) - with open(pyc, 'rb') as fp: - data = fp.read() - self.assertEqual(int.from_bytes(data[4:8], 'little'), 0b11) -+ -+ @support.fails_in_fips_mode(AssertionError) -+ def test_pyc_invalidation_mode_unchecked(self): -+ script_helper.make_script(self.pkgdir, 'f1', '') -+ pyc = importlib.util.cache_from_source( -+ os.path.join(self.pkgdir, 'f1.py')) -+ - self.assertRunOK('--invalidation-mode=unchecked-hash', self.pkgdir) - with open(pyc, 'rb') as fp: - data = fp.read() -diff --git a/Lib/test/test_importlib/source/test_file_loader.py b/Lib/test/test_importlib/source/test_file_loader.py -index f35adec..62087c6 100644 ---- a/Lib/test/test_importlib/source/test_file_loader.py -+++ b/Lib/test/test_importlib/source/test_file_loader.py -@@ -16,6 +16,7 @@ import types - import unittest - import warnings - -+from test import support - from test.support.import_helper import make_legacy_pyc, unload - - from test.test_py_compile import without_source_date_epoch -@@ -237,6 +238,7 @@ class SimpleTest(abc.LoaderTests): - loader.load_module('bad name') - - @util.writes_bytecode_files -+ @support.fails_in_fips_mode(ImportError) - def test_checked_hash_based_pyc(self): - with util.create_modules('_temp') as mapping: - source = mapping['_temp'] -@@ -268,6 +270,7 @@ class SimpleTest(abc.LoaderTests): - ) - - @util.writes_bytecode_files -+ @support.fails_in_fips_mode(ImportError) - def test_overridden_checked_hash_based_pyc(self): - with util.create_modules('_temp') as mapping, \ - unittest.mock.patch('_imp.check_hash_based_pycs', 'never'): -@@ -293,6 +296,7 @@ class SimpleTest(abc.LoaderTests): - self.assertEqual(mod.state, 'old') - - @util.writes_bytecode_files -+ @support.fails_in_fips_mode(ImportError) - def test_unchecked_hash_based_pyc(self): - with util.create_modules('_temp') as mapping: - source = mapping['_temp'] -@@ -323,6 +327,7 @@ class SimpleTest(abc.LoaderTests): - ) - - @util.writes_bytecode_files -+ @support.fails_in_fips_mode(ImportError) - def test_overridden_unchecked_hash_based_pyc(self): - with util.create_modules('_temp') as mapping, \ - unittest.mock.patch('_imp.check_hash_based_pycs', 'always'): -@@ -432,6 +437,7 @@ class BadBytecodeTest: - del_source=del_source) - test('_temp', mapping, bc_path) - -+ @support.fails_in_fips_mode(ImportError) - def _test_partial_hash(self, test, *, del_source=False): - with util.create_modules('_temp') as mapping: - bc_path = self.manipulate_bytecode( -diff --git a/Lib/test/test_py_compile.py b/Lib/test/test_py_compile.py -index c4e6551..81fd962 100644 ---- a/Lib/test/test_py_compile.py -+++ b/Lib/test/test_py_compile.py -@@ -141,13 +141,16 @@ class PyCompileTestsBase: - importlib.util.cache_from_source(bad_coding))) - - def test_source_date_epoch(self): -+ import _hashlib - py_compile.compile(self.source_path, self.pyc_path) - self.assertTrue(os.path.exists(self.pyc_path)) - self.assertFalse(os.path.exists(self.cache_path)) - with open(self.pyc_path, 'rb') as fp: - flags = importlib._bootstrap_external._classify_pyc( - fp.read(), 'test', {}) -- if os.environ.get('SOURCE_DATE_EPOCH'): -+ if _hashlib.get_fips_mode(): -+ expected_flags = 0b00 -+ elif os.environ.get('SOURCE_DATE_EPOCH'): - expected_flags = 0b11 - else: - expected_flags = 0b00 -@@ -178,7 +181,8 @@ class PyCompileTestsBase: - # Specifying optimized bytecode should lead to a path reflecting that. - self.assertIn('opt-2', py_compile.compile(self.source_path, optimize=2)) - -- def test_invalidation_mode(self): -+ @support.fails_in_fips_mode(ImportError) -+ def test_invalidation_mode_checked(self): - py_compile.compile( - self.source_path, - invalidation_mode=py_compile.PycInvalidationMode.CHECKED_HASH, -@@ -187,6 +191,9 @@ class PyCompileTestsBase: - flags = importlib._bootstrap_external._classify_pyc( - fp.read(), 'test', {}) - self.assertEqual(flags, 0b11) -+ -+ @support.fails_in_fips_mode(ImportError) -+ def test_invalidation_mode_unchecked(self): - py_compile.compile( - self.source_path, - invalidation_mode=py_compile.PycInvalidationMode.UNCHECKED_HASH, -diff --git a/Lib/test/test_zipimport.py b/Lib/test/test_zipimport.py -index 14c1971..bcd1466 100644 ---- a/Lib/test/test_zipimport.py -+++ b/Lib/test/test_zipimport.py -@@ -190,6 +190,7 @@ class UncompressedZipImportTestCase(ImportHooksBaseTestCase): - TESTMOD + pyc_ext: (NOW, test_pyc)} - self.doTest(pyc_ext, files, TESTMOD) - -+ @support.fails_in_fips_mode(ImportError) - def testUncheckedHashBasedPyc(self): - source = b"state = 'old'" - source_hash = importlib.util.source_hash(source) -@@ -204,6 +205,7 @@ class UncompressedZipImportTestCase(ImportHooksBaseTestCase): - self.assertEqual(mod.state, 'old') - self.doTest(None, files, TESTMOD, call=check) - -+ @support.fails_in_fips_mode(ImportError) - @unittest.mock.patch('_imp.check_hash_based_pycs', 'always') - def test_checked_hash_based_change_pyc(self): - source = b"state = 'old'" -diff --git a/Python/import.c b/Python/import.c -index 54232a1..236786b 100644 ---- a/Python/import.c -+++ b/Python/import.c -@@ -3829,6 +3829,26 @@ static PyObject * - _imp_source_hash_impl(PyObject *module, long key, Py_buffer *source) - /*[clinic end generated code: output=edb292448cf399ea input=9aaad1e590089789]*/ - { -+ PyObject *_hashlib = PyImport_ImportModule("_hashlib"); -+ if (_hashlib == NULL) { -+ return NULL; -+ } -+ PyObject *fips_mode_obj = PyObject_CallMethod(_hashlib, "get_fips_mode", NULL); -+ Py_DECREF(_hashlib); -+ if (fips_mode_obj == NULL) { -+ return NULL; -+ } -+ int fips_mode = PyObject_IsTrue(fips_mode_obj); -+ Py_DECREF(fips_mode_obj); -+ if (fips_mode < 0) { -+ return NULL; -+ } -+ if (fips_mode) { -+ PyErr_SetString( -+ PyExc_ImportError, -+ "hash-based PYC validation (siphash24) not available in FIPS mode"); -+ return NULL; -+ }; - union { - uint64_t x; - char data[sizeof(uint64_t)]; --- -2.43.0 +2.47.1 diff --git a/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch b/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch similarity index 93% rename from SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch rename to 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch index 5603025..02f7357 100644 --- a/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch +++ b/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch @@ -16,10 +16,10 @@ https://github.com/GrahamDumpleton/mod_wsgi/issues/730 2 files changed, 8 insertions(+), 50 deletions(-) diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py -index 756d5e329f..5d09775efc 100644 +index 75a56f7830..c2509fced1 100644 --- a/Lib/test/test_threading.py +++ b/Lib/test/test_threading.py -@@ -1007,39 +1007,6 @@ def noop(): pass +@@ -1100,39 +1100,6 @@ def noop(): pass threading.Thread(target=noop).start() # Thread.join() is not called @@ -56,14 +56,14 @@ index 756d5e329f..5d09775efc 100644 - self.assertEqual(out, b'') - self.assertEqual(err, b'') - - def test_start_new_thread_at_exit(self): + def test_start_new_thread_at_finalization(self): code = """if 1: - import atexit + import _thread diff --git a/Lib/threading.py b/Lib/threading.py -index 8dcaf8ca6a..ed0b0f4632 100644 +index 064c74d40f..9e3abacd42 100644 --- a/Lib/threading.py +++ b/Lib/threading.py -@@ -1586,29 +1586,20 @@ def _shutdown(): +@@ -1587,29 +1587,20 @@ def _shutdown(): global _SHUTTING_DOWN _SHUTTING_DOWN = True diff --git a/SOURCES/00397-tarfile-filter.patch b/00397-tarfile-filter.patch similarity index 76% rename from SOURCES/00397-tarfile-filter.patch rename to 00397-tarfile-filter.patch index 3ef4d59..7c87d73 100644 --- a/SOURCES/00397-tarfile-filter.patch +++ b/00397-tarfile-filter.patch @@ -1,19 +1,24 @@ -From 73d2995223c725638d53b9cb8e1d26b82daf0874 Mon Sep 17 00:00:00 2001 +From ddd8064257a1916726b784d43f18e889ea1634f7 Mon Sep 17 00:00:00 2001 From: Petr Viktorin -Date: Mon, 6 Mar 2023 17:24:24 +0100 +Date: Tue, 2 Jul 2024 11:40:37 +0200 Subject: [PATCH] CVE-2007-4559, PEP-706: Add filters for tarfile extraction (downstream) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit Add and test RHEL-specific ways of configuring the default behavior: environment variable and config file. + +Co-Authored-By: Tomáš Hrnčiar --- - Lib/tarfile.py | 47 +++++++++++++-- + Lib/tarfile.py | 47 +++++++++++-- Lib/test/test_shutil.py | 2 +- - Lib/test/test_tarfile.py | 123 ++++++++++++++++++++++++++++++++++++++- - 3 files changed, 163 insertions(+), 9 deletions(-) + Lib/test/test_tarfile.py | 147 +++++++++++++++++++++++++++++++++++++-- + 3 files changed, 185 insertions(+), 11 deletions(-) diff --git a/Lib/tarfile.py b/Lib/tarfile.py -index 02f5e3b..f7109f3 100755 +index e1487e3..89b6843 100755 --- a/Lib/tarfile.py +++ b/Lib/tarfile.py @@ -71,6 +71,13 @@ __all__ = ["TarFile", "TarInfo", "is_tarfile", "TarError", "ReadError", @@ -30,7 +35,7 @@ index 02f5e3b..f7109f3 100755 #--------------------------------------------------------- # tar constants -@@ -2217,11 +2224,41 @@ class TarFile(object): +@@ -2218,11 +2225,41 @@ class TarFile(object): if filter is None: filter = self.extraction_filter if filter is None: @@ -38,7 +43,7 @@ index 02f5e3b..f7109f3 100755 - 'Python 3.14 will, by default, filter extracted tar ' - + 'archives and reject files or modify their metadata. ' - + 'Use the filter argument to control this behavior.', -- DeprecationWarning) +- DeprecationWarning, stacklevel=3) + name = os.environ.get('PYTHON_TARFILE_EXTRACTION_FILTER') + if name is None: + try: @@ -72,16 +77,16 @@ index 02f5e3b..f7109f3 100755 + + 'and some mode bits are cleared. ' + + 'See https://access.redhat.com/articles/7004769 ' + + 'for more details.', -+ RuntimeWarning) ++ RuntimeWarning, stacklevel=3) + return tar_filter return fully_trusted_filter if isinstance(filter, str): raise TypeError( diff --git a/Lib/test/test_shutil.py b/Lib/test/test_shutil.py -index 5fd8fb4..501da8f 100644 +index 7bc5d12..88b4bdb 100644 --- a/Lib/test/test_shutil.py +++ b/Lib/test/test_shutil.py -@@ -1950,7 +1950,7 @@ class TestArchives(BaseTest, unittest.TestCase): +@@ -2096,7 +2096,7 @@ class TestArchives(BaseTest, unittest.TestCase): self.check_unpack_archive(format, filter='fully_trusted') self.check_unpack_archive(format, filter='data') with warnings_helper.check_warnings( @@ -91,10 +96,48 @@ index 5fd8fb4..501da8f 100644 def test_unpack_archive_tar(self): diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py -index c5fc76d..397e334 100644 +index 3fbd25e..9aa727e 100644 --- a/Lib/test/test_tarfile.py +++ b/Lib/test/test_tarfile.py -@@ -3097,8 +3097,8 @@ class NoneInfoExtractTests(ReadTest): +@@ -727,7 +727,17 @@ class MiscReadTestBase(CommonReadTest): + tarfile.open(tarname, encoding="iso8859-1") as tar + ): + directories = [t for t in tar if t.isdir()] +- with self.assertWarnsRegex(DeprecationWarning, "Use the filter argument") as cm: ++ with self.assertWarnsRegex( ++ RuntimeWarning, ++ re.escape( ++ 'The default behavior of tarfile extraction has been ' ++ 'changed to disallow common exploits ' ++ '(including CVE-2007-4559). ' ++ 'By default, absolute/parent paths are disallowed ' ++ 'and some mode bits are cleared. ' ++ 'See https://access.redhat.com/articles/7004769 ' ++ 'for more details.' ++ )) as cm: + tar.extractall(DIR, directories) + # check that the stacklevel of the deprecation warning is correct: + self.assertEqual(cm.filename, __file__) +@@ -740,7 +750,17 @@ class MiscReadTestBase(CommonReadTest): + tarfile.open(tarname, encoding="iso8859-1") as tar + ): + tarinfo = tar.getmember(dirtype) +- with self.assertWarnsRegex(DeprecationWarning, "Use the filter argument") as cm: ++ with self.assertWarnsRegex( ++ RuntimeWarning, ++ re.escape( ++ 'The default behavior of tarfile extraction has been ' ++ 'changed to disallow common exploits ' ++ '(including CVE-2007-4559). ' ++ 'By default, absolute/parent paths are disallowed ' ++ 'and some mode bits are cleared. ' ++ 'See https://access.redhat.com/articles/7004769 ' ++ 'for more details.' ++ )) as cm: + tar.extract(tarinfo, path=DIR) + # check that the stacklevel of the deprecation warning is correct: + self.assertEqual(cm.filename, __file__) +@@ -3144,8 +3164,8 @@ class NoneInfoExtractTests(ReadTest): tar.errorlevel = 0 with ExitStack() as cm: if cls.extraction_filter is None: @@ -105,7 +148,7 @@ index c5fc76d..397e334 100644 tar.extractall(cls.control_dir, filter=cls.extraction_filter) tar.close() cls.control_paths = set( -@@ -3919,7 +3919,7 @@ class TestExtractionFilters(unittest.TestCase): +@@ -3966,7 +3986,7 @@ class TestExtractionFilters(unittest.TestCase): with ArchiveMaker() as arc: arc.add('foo') with warnings_helper.check_warnings( @@ -114,7 +157,7 @@ index c5fc76d..397e334 100644 with self.check_context(arc.open(), None): self.expect_file('foo') -@@ -4089,6 +4089,123 @@ class TestExtractionFilters(unittest.TestCase): +@@ -4136,6 +4156,123 @@ class TestExtractionFilters(unittest.TestCase): self.expect_exception(TypeError) # errorlevel is not int @@ -235,9 +278,9 @@ index c5fc76d..397e334 100644 + self.check_trusted_default(tar, tempdir) + + - def setUpModule(): - os_helper.unlink(TEMPDIR) - os.makedirs(TEMPDIR) + class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase): + testdir = os.path.join(TEMPDIR, "testoverwrite") + -- -2.43.0 +2.44.0 diff --git a/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch b/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch new file mode 100644 index 0000000..8d4cdb6 --- /dev/null +++ b/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch @@ -0,0 +1,52 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 31 Mar 2025 20:29:04 +0200 +Subject: [PATCH] 00452: Properly apply exported CFLAGS for dtrace/systemtap + builds + +When using --with-dtrace the resulting object file could be missing +specific CFLAGS exported by the build system due to the systemtap +script using specific defaults. + +Exporting the CC and CFLAGS variables before the dtrace invocation +allows us to properly apply CFLAGS exported by the build system +even when cross-compiling. + +Co-authored-by: stratakis +--- + Makefile.pre.in | 4 ++-- + .../next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst | 2 ++ + 2 files changed, 4 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst + +diff --git a/Makefile.pre.in b/Makefile.pre.in +index 689f33d8ff..750559c58d 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -1574,7 +1574,7 @@ Python/frozen.o: $(FROZEN_FILES_OUT) + # an include guard, so we can't use a pipeline to transform its output. + Include/pydtrace_probes.h: $(srcdir)/Include/pydtrace.d + $(MKDIR_P) Include +- $(DTRACE) $(DFLAGS) -o $@ -h -s $< ++ CC="$(CC)" CFLAGS="$(CFLAGS)" $(DTRACE) $(DFLAGS) -o $@ -h -s $< + : sed in-place edit with POSIX-only tools + sed 's/PYTHON_/PyDTrace_/' $@ > $@.tmp + mv $@.tmp $@ +@@ -1584,7 +1584,7 @@ Python/import.o: $(srcdir)/Include/pydtrace.h + Modules/gcmodule.o: $(srcdir)/Include/pydtrace.h + + Python/pydtrace.o: $(srcdir)/Include/pydtrace.d $(DTRACE_DEPS) +- $(DTRACE) $(DFLAGS) -o $@ -G -s $< $(DTRACE_DEPS) ++ CC="$(CC)" CFLAGS="$(CFLAGS)" $(DTRACE) $(DFLAGS) -o $@ -G -s $< $(DTRACE_DEPS) + + Objects/typeobject.o: Objects/typeslots.inc + +diff --git a/Misc/NEWS.d/next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst b/Misc/NEWS.d/next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst +new file mode 100644 +index 0000000000..a287e0b228 +--- /dev/null ++++ b/Misc/NEWS.d/next/Build/2025-03-31-19-22-41.gh-issue-131865.PIJy7X.rst +@@ -0,0 +1,2 @@ ++The DTrace build now properly passes the ``CC`` and ``CFLAGS`` variables ++to the ``dtrace`` command when utilizing SystemTap on Linux. diff --git a/Python-3.12.9.tar.xz.asc b/Python-3.12.9.tar.xz.asc new file mode 100644 index 0000000..75a8cde --- /dev/null +++ b/Python-3.12.9.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmeiX7JfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwXTqw//VlGJA5CRDfljMwN9BmG2hdXB1B7Lj0PssuAo4A/lH99gb4DRVDS9LNjr +99WdH/fQQovx6rTbtyJnN8Vh7SSduBi/vOc5n5VOXZB0buqR0l+0wu4m43Slu6xP +fXO349Hr6585lemU8x54TrP756rSVUhy3T+krUuNDL9W1Wrp2yDCpt4tUoEhNXGw +DoYS8MrK/ygLNV/7p2DeMWOHNdbjKNH6rfzl60IAwAp7oANcyoj6Pho960bbeUDo +tb47Pw0WWZv3EuITP6bPa8+Z6dj096cFL3AQJ3ap16OduwiaOsGhqTfe4+kbp6ut +Gp/1HeIHzPbEV0E5K78RWHuzBYgU1oPGiMjlp7WkA7bP2OSTF7nM4EBkiiihk2qx +3d5VF9wpVRJ4AuR/aWcWcMnvD2ziSWfzZM3Z3VLnTaWYpuRkQp8TTiFr1vHqxMYm +p/8AozzBJMfOS6u/Q0WNAdk6x3VB0DXnTAETXQVIrex4DXqX/3WSMWK5/x/OyCh9 +ytdreIQYbv1KvlNQJkgpPb7jlUSXp8t9fHCXt4hszhJgtjwIj/+CuSeAgX0bhopV +XsqOBseDNhATg38mhwBVaeFKGRpxsKdpxcdqSEGKuhXtEI/hJmkpZGw49gy3xWxB +KlgRgKjCPw+BGAIVV9qvdtJzam8a09SKVcslqgF619q0byQoBmo= +=1TbP +-----END PGP SIGNATURE----- diff --git a/SOURCES/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch b/SOURCES/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch deleted file mode 100644 index e77ddd8..0000000 --- a/SOURCES/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +++ /dev/null @@ -1,483 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Victor Stinner -Date: Fri, 15 Dec 2023 16:10:40 +0100 -Subject: [PATCH] 00415: [CVE-2023-27043] gh-102988: Reject malformed addresses - in email.parseaddr() (#111116) - -Detect email address parsing errors and return empty tuple to -indicate the parsing error (old API). Add an optional 'strict' -parameter to getaddresses() and parseaddr() functions. Patch by -Thomas Dwyer. - -Co-Authored-By: Thomas Dwyer ---- - Doc/library/email.utils.rst | 19 +- - Lib/email/utils.py | 151 +++++++++++++- - Lib/test/test_email/test_email.py | 187 +++++++++++++++++- - ...-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + - 4 files changed, 344 insertions(+), 21 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst - -diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst -index 345b64001c..d693a9bc39 100644 ---- a/Doc/library/email.utils.rst -+++ b/Doc/library/email.utils.rst -@@ -58,13 +58,18 @@ of the new API. - begins with angle brackets, they are stripped off. - - --.. function:: parseaddr(address) -+.. function:: parseaddr(address, *, strict=True) - - Parse address -- which should be the value of some address-containing field such - as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and - *email address* parts. Returns a tuple of that information, unless the parse - fails, in which case a 2-tuple of ``('', '')`` is returned. - -+ If *strict* is true, use a strict parser which rejects malformed inputs. -+ -+ .. versionchanged:: 3.13 -+ Add *strict* optional parameter and reject malformed inputs by default. -+ - - .. function:: formataddr(pair, charset='utf-8') - -@@ -82,12 +87,15 @@ of the new API. - Added the *charset* option. - - --.. function:: getaddresses(fieldvalues) -+.. function:: getaddresses(fieldvalues, *, strict=True) - - This method returns a list of 2-tuples of the form returned by ``parseaddr()``. - *fieldvalues* is a sequence of header field values as might be returned by -- :meth:`Message.get_all `. Here's a simple -- example that gets all the recipients of a message:: -+ :meth:`Message.get_all `. -+ -+ If *strict* is true, use a strict parser which rejects malformed inputs. -+ -+ Here's a simple example that gets all the recipients of a message:: - - from email.utils import getaddresses - -@@ -97,6 +105,9 @@ of the new API. - resent_ccs = msg.get_all('resent-cc', []) - all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) - -+ .. versionchanged:: 3.13 -+ Add *strict* optional parameter and reject malformed inputs by default. -+ - - .. function:: parsedate(date) - -diff --git a/Lib/email/utils.py b/Lib/email/utils.py -index 81da5394ea..43c3627fca 100644 ---- a/Lib/email/utils.py -+++ b/Lib/email/utils.py -@@ -48,6 +48,7 @@ - specialsre = re.compile(r'[][\\()<>@,:;".]') - escapesre = re.compile(r'[\\"]') - -+ - def _has_surrogates(s): - """Return True if s contains surrogate-escaped binary data.""" - # This check is based on the fact that unless there are surrogates, utf8 -@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): - return address - - -+def _iter_escaped_chars(addr): -+ pos = 0 -+ escape = False -+ for pos, ch in enumerate(addr): -+ if escape: -+ yield (pos, '\\' + ch) -+ escape = False -+ elif ch == '\\': -+ escape = True -+ else: -+ yield (pos, ch) -+ if escape: -+ yield (pos, '\\') - --def getaddresses(fieldvalues): -- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" -- all = COMMASPACE.join(str(v) for v in fieldvalues) -- a = _AddressList(all) -- return a.addresslist -+ -+def _strip_quoted_realnames(addr): -+ """Strip real names between quotes.""" -+ if '"' not in addr: -+ # Fast path -+ return addr -+ -+ start = 0 -+ open_pos = None -+ result = [] -+ for pos, ch in _iter_escaped_chars(addr): -+ if ch == '"': -+ if open_pos is None: -+ open_pos = pos -+ else: -+ if start != open_pos: -+ result.append(addr[start:open_pos]) -+ start = pos + 1 -+ open_pos = None -+ -+ if start < len(addr): -+ result.append(addr[start:]) -+ -+ return ''.join(result) -+ -+ -+supports_strict_parsing = True -+ -+def getaddresses(fieldvalues, *, strict=True): -+ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. -+ -+ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in -+ its place. -+ -+ If strict is true, use a strict parser which rejects malformed inputs. -+ """ -+ -+ # If strict is true, if the resulting list of parsed addresses is greater -+ # than the number of fieldvalues in the input list, a parsing error has -+ # occurred and consequently a list containing a single empty 2-tuple [('', -+ # '')] is returned in its place. This is done to avoid invalid output. -+ # -+ # Malformed input: getaddresses(['alice@example.com ']) -+ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] -+ # Safe output: [('', '')] -+ -+ if not strict: -+ all = COMMASPACE.join(str(v) for v in fieldvalues) -+ a = _AddressList(all) -+ return a.addresslist -+ -+ fieldvalues = [str(v) for v in fieldvalues] -+ fieldvalues = _pre_parse_validation(fieldvalues) -+ addr = COMMASPACE.join(fieldvalues) -+ a = _AddressList(addr) -+ result = _post_parse_validation(a.addresslist) -+ -+ # Treat output as invalid if the number of addresses is not equal to the -+ # expected number of addresses. -+ n = 0 -+ for v in fieldvalues: -+ # When a comma is used in the Real Name part it is not a deliminator. -+ # So strip those out before counting the commas. -+ v = _strip_quoted_realnames(v) -+ # Expected number of addresses: 1 + number of commas -+ n += 1 + v.count(',') -+ if len(result) != n: -+ return [('', '')] -+ -+ return result -+ -+ -+def _check_parenthesis(addr): -+ # Ignore parenthesis in quoted real names. -+ addr = _strip_quoted_realnames(addr) -+ -+ opens = 0 -+ for pos, ch in _iter_escaped_chars(addr): -+ if ch == '(': -+ opens += 1 -+ elif ch == ')': -+ opens -= 1 -+ if opens < 0: -+ return False -+ return (opens == 0) -+ -+ -+def _pre_parse_validation(email_header_fields): -+ accepted_values = [] -+ for v in email_header_fields: -+ if not _check_parenthesis(v): -+ v = "('', '')" -+ accepted_values.append(v) -+ -+ return accepted_values -+ -+ -+def _post_parse_validation(parsed_email_header_tuples): -+ accepted_values = [] -+ # The parser would have parsed a correctly formatted domain-literal -+ # The existence of an [ after parsing indicates a parsing failure -+ for v in parsed_email_header_tuples: -+ if '[' in v[1]: -+ v = ('', '') -+ accepted_values.append(v) -+ -+ return accepted_values - - - def _format_timetuple_and_zone(timetuple, zone): -@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): - tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) - - --def parseaddr(addr): -+def parseaddr(addr, *, strict=True): - """ - Parse addr into its constituent realname and email address parts. - - Return a tuple of realname and email address, unless the parse fails, in - which case return a 2-tuple of ('', ''). -+ -+ If strict is True, use a strict parser which rejects malformed inputs. - """ -- addrs = _AddressList(addr).addresslist -- if not addrs: -- return '', '' -+ if not strict: -+ addrs = _AddressList(addr).addresslist -+ if not addrs: -+ return ('', '') -+ return addrs[0] -+ -+ if isinstance(addr, list): -+ addr = addr[0] -+ -+ if not isinstance(addr, str): -+ return ('', '') -+ -+ addr = _pre_parse_validation([addr])[0] -+ addrs = _post_parse_validation(_AddressList(addr).addresslist) -+ -+ if not addrs or len(addrs) > 1: -+ return ('', '') -+ - return addrs[0] - - -diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py -index 2a237095b9..4672b790d8 100644 ---- a/Lib/test/test_email/test_email.py -+++ b/Lib/test/test_email/test_email.py -@@ -16,6 +16,7 @@ - - import email - import email.policy -+import email.utils - - from email.charset import Charset - from email.generator import Generator, DecodedGenerator, BytesGenerator -@@ -3337,15 +3338,137 @@ def test_getaddresses_comma_in_name(self): - ], - ) - -+ def test_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" -+ alice = 'alice@example.org' -+ bob = 'bob@example.com' -+ empty = ('', '') -+ -+ # Test utils.getaddresses() and utils.parseaddr() on malformed email -+ # addresses: default behavior (strict=True) rejects malformed address, -+ # and strict=False which tolerates malformed address. -+ for invalid_separator, expected_non_strict in ( -+ ('(', [(f'<{bob}>', alice)]), -+ (')', [('', alice), empty, ('', bob)]), -+ ('<', [('', alice), empty, ('', bob), empty]), -+ ('>', [('', alice), empty, ('', bob)]), -+ ('[', [('', f'{alice}[<{bob}>]')]), -+ (']', [('', alice), empty, ('', bob)]), -+ ('@', [empty, empty, ('', bob)]), -+ (';', [('', alice), empty, ('', bob)]), -+ (':', [('', alice), ('', bob)]), -+ ('.', [('', alice + '.'), ('', bob)]), -+ ('"', [('', alice), ('', f'<{bob}>')]), -+ ): -+ address = f'{alice}{invalid_separator}<{bob}>' -+ with self.subTest(address=address): -+ self.assertEqual(utils.getaddresses([address]), -+ [empty]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ expected_non_strict) -+ -+ self.assertEqual(utils.parseaddr([address]), -+ empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Comma (',') is treated differently depending on strict parameter. -+ # Comma without quotes. -+ address = f'{alice},<{bob}>' -+ self.assertEqual(utils.getaddresses([address]), -+ [('', alice), ('', bob)]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('', alice), ('', bob)]) -+ self.assertEqual(utils.parseaddr([address]), -+ empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Real name between quotes containing comma. -+ address = '"Alice, alice@example.org" ' -+ expected_strict = ('Alice, alice@example.org', 'bob@example.com') -+ self.assertEqual(utils.getaddresses([address]), [expected_strict]) -+ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) -+ self.assertEqual(utils.parseaddr([address]), expected_strict) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Valid parenthesis in comments. -+ address = 'alice@example.org (Alice)' -+ expected_strict = ('Alice', 'alice@example.org') -+ self.assertEqual(utils.getaddresses([address]), [expected_strict]) -+ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) -+ self.assertEqual(utils.parseaddr([address]), expected_strict) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Invalid parenthesis in comments. -+ address = 'alice@example.org )Alice(' -+ self.assertEqual(utils.getaddresses([address]), [empty]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) -+ self.assertEqual(utils.parseaddr([address]), empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Two addresses with quotes separated by comma. -+ address = '"Jane Doe" , "John Doe" ' -+ self.assertEqual(utils.getaddresses([address]), -+ [('Jane Doe', 'jane@example.net'), -+ ('John Doe', 'john@example.net')]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('Jane Doe', 'jane@example.net'), -+ ('John Doe', 'john@example.net')]) -+ self.assertEqual(utils.parseaddr([address]), empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Test email.utils.supports_strict_parsing attribute -+ self.assertEqual(email.utils.supports_strict_parsing, True) -+ - def test_getaddresses_nasty(self): -- eq = self.assertEqual -- eq(utils.getaddresses(['foo: ;']), [('', '')]) -- eq(utils.getaddresses( -- ['[]*-- =~$']), -- [('', ''), ('', ''), ('', '*--')]) -- eq(utils.getaddresses( -- ['foo: ;', '"Jason R. Mastaler" ']), -- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) -+ for addresses, expected in ( -+ (['"Sürname, Firstname" '], -+ [('Sürname, Firstname', 'to@example.com')]), -+ -+ (['foo: ;'], -+ [('', '')]), -+ -+ (['foo: ;', '"Jason R. Mastaler" '], -+ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), -+ -+ ([r'Pete(A nice \) chap) '], -+ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), -+ -+ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], -+ [('', '')]), -+ -+ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], -+ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), -+ -+ (['John Doe '], -+ [('John Doe (comment)', 'jdoe@machine.example')]), -+ -+ (['"Mary Smith: Personal Account" '], -+ [('Mary Smith: Personal Account', 'smith@home.example')]), -+ -+ (['Undisclosed recipients:;'], -+ [('', '')]), -+ -+ ([r', "Giant; \"Big\" Box" '], -+ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), -+ ): -+ with self.subTest(addresses=addresses): -+ self.assertEqual(utils.getaddresses(addresses), -+ expected) -+ self.assertEqual(utils.getaddresses(addresses, strict=False), -+ expected) -+ -+ addresses = ['[]*-- =~$'] -+ self.assertEqual(utils.getaddresses(addresses), -+ [('', '')]) -+ self.assertEqual(utils.getaddresses(addresses, strict=False), -+ [('', ''), ('', ''), ('', '*--')]) - - def test_getaddresses_embedded_comment(self): - """Test proper handling of a nested comment""" -@@ -3536,6 +3659,54 @@ def test_mime_classes_policy_argument(self): - m = cls(*constructor, policy=email.policy.default) - self.assertIs(m.policy, email.policy.default) - -+ def test_iter_escaped_chars(self): -+ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), -+ [(0, 'a'), -+ (2, '\\\\'), -+ (3, 'b'), -+ (5, '\\"'), -+ (6, 'c'), -+ (8, '\\\\'), -+ (9, '"'), -+ (10, 'd')]) -+ self.assertEqual(list(utils._iter_escaped_chars('a\\')), -+ [(0, 'a'), (1, '\\')]) -+ -+ def test_strip_quoted_realnames(self): -+ def check(addr, expected): -+ self.assertEqual(utils._strip_quoted_realnames(addr), expected) -+ -+ check('"Jane Doe" , "John Doe" ', -+ ' , ') -+ check(r'"Jane \"Doe\"." ', -+ ' ') -+ -+ # special cases -+ check(r'before"name"after', 'beforeafter') -+ check(r'before"name"', 'before') -+ check(r'b"name"', 'b') # single char -+ check(r'"name"after', 'after') -+ check(r'"name"a', 'a') # single char -+ check(r'"name"', '') -+ -+ # no change -+ for addr in ( -+ 'Jane Doe , John Doe ', -+ 'lone " quote', -+ ): -+ self.assertEqual(utils._strip_quoted_realnames(addr), addr) -+ -+ -+ def test_check_parenthesis(self): -+ addr = 'alice@example.net' -+ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) -+ -+ # Ignore real name between quotes -+ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) -+ - - # Test the iterator/generators - class TestIterators(TestEmailBase): -diff --git a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst -new file mode 100644 -index 0000000000..3d0e9e4078 ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst -@@ -0,0 +1,8 @@ -+:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now -+return ``('', '')`` 2-tuples in more situations where invalid email -+addresses are encountered instead of potentially inaccurate values. Add -+optional *strict* parameter to these two functions: use ``strict=False`` to -+get the old behavior, accept malformed inputs. -+``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check -+if the *strict* paramater is available. Patch by Thomas Dwyer and Victor -+Stinner to improve the CVE-2023-27043 fix. diff --git a/SOURCES/Python-3.12.1.tar.xz.asc b/SOURCES/Python-3.12.1.tar.xz.asc deleted file mode 100644 index e695d62..0000000 --- a/SOURCES/Python-3.12.1.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmVyMspfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwWv5w/+JlGtfy+x+6mtauH1uOkt7n9PMQou1LcthDs5s41wuwjO7RbwnmJD6aDk -DqwLHheoq6Kjbl6PF1kG2T8ZbHkMudhnc5yH4eQG52IGNQ6evilxoC6AyhVg8ANi -+u6Juh9r2Hjz/LDWFB4hzwcOBKy0jYw98+A0uMvpPd2bmdFMBLQE0GTZCdrRsGYs -q0oysUX7uCJBfINp7XwiVGAK/6ma0nrr0A1ho6LCau+VGkDnJZdKZgIMyyxp6qL1 -7tMjb3LUpV3FWp57L2za59TaayApNf5BlanC+de6oKEhEJ8oEFyWxOx2GmXHZwch -ucj7Z1dxuI7fjNVkEvZ+JuheLGtB9mAmUZslXgUJf5wo49bCo9E4/ZlIFQk7VJR3 -Bm9VlQb5mMydB8QJbMy/BpgNjgKmEvBTnir37prJpUV/TL1YZT0eZ5JxCnlUIL/F -6cOzAE3zHPnvHcyHhKV3q5CoONdBtB3RWgS66m4eMneuWoNKaoEbO5IDxtKvCd1J -AKLmzCB0/KCWVUIYBTfJ8ytBVQA0Z2w8CZ7SC8asX4DocDCvxim1sQg5s8c4mzh+ -1JVbyqqEmf9m74Mqby0vICC6UVvgaPyiOxTphtRXLIYHUscLVn5+586RMYnM9nP4 -nEK+H/fq6Rcp1XEtIPzCG4IPUAYnuDLjbGQegltpKV/SAYn+DGg= -=dCpy ------END PGP SIGNATURE----- diff --git a/SOURCES/import_all_modules_py3_12.py b/SOURCES/import_all_modules_py3_12.py deleted file mode 100644 index 3930236..0000000 --- a/SOURCES/import_all_modules_py3_12.py +++ /dev/null @@ -1,171 +0,0 @@ -'''Script to perform import of each module given to %%py_check_import -''' -import argparse -import importlib -import fnmatch -import os -import re -import site -import sys - -from contextlib import contextmanager -from pathlib import Path - - -def read_modules_files(file_paths): - '''Read module names from the files (modules must be newline separated). - - Return the module names list or, if no files were provided, an empty list. - ''' - - if not file_paths: - return [] - - modules = [] - for file in file_paths: - file_contents = file.read_text() - modules.extend(file_contents.split()) - return modules - - -def read_modules_from_cli(argv): - '''Read module names from command-line arguments (space or comma separated). - - Return the module names list. - ''' - - if not argv: - return [] - - # %%py3_check_import allows to separate module list with comma or whitespace, - # we need to unify the output to a list of particular elements - modules_as_str = ' '.join(argv) - modules = re.split(r'[\s,]+', modules_as_str) - # Because of shell expansion in some less typical cases it may happen - # that a trailing space will occur at the end of the list. - # Remove the empty items from the list before passing it further - modules = [m for m in modules if m] - return modules - - -def filter_top_level_modules_only(modules): - '''Filter out entries with nested modules (containing dot) ie. 'foo.bar'. - - Return the list of top-level modules. - ''' - - return [module for module in modules if '.' not in module] - - -def any_match(text, globs): - '''Return True if any of given globs fnmatchcase's the given text.''' - - return any(fnmatch.fnmatchcase(text, g) for g in globs) - - -def exclude_unwanted_module_globs(globs, modules): - '''Filter out entries which match the either of the globs given as argv. - - Return the list of filtered modules. - ''' - - return [m for m in modules if not any_match(m, globs)] - - -def read_modules_from_all_args(args): - '''Return a joined list of modules from all given command-line arguments. - ''' - - modules = read_modules_files(args.filename) - modules.extend(read_modules_from_cli(args.modules)) - if args.exclude: - modules = exclude_unwanted_module_globs(args.exclude, modules) - - if args.top_level: - modules = filter_top_level_modules_only(modules) - - # Error when someone accidentally managed to filter out everything - if len(modules) == 0: - raise ValueError('No modules to check were left') - - return modules - - -def import_modules(modules): - '''Procedure to perform import check for each module name from the given list of modules. - ''' - - for module in modules: - print('Check import:', module, file=sys.stderr) - importlib.import_module(module) - - -def argparser(): - parser = argparse.ArgumentParser( - description='Generate list of all importable modules for import check.' - ) - parser.add_argument( - 'modules', nargs='*', - help=('Add modules to check the import (space or comma separated).'), - ) - parser.add_argument( - '-f', '--filename', action='append', type=Path, - help='Add importable module names list from file.', - ) - parser.add_argument( - '-t', '--top-level', action='store_true', - help='Check only top-level modules.', - ) - parser.add_argument( - '-e', '--exclude', action='append', - help='Provide modules globs to be excluded from the check.', - ) - return parser - - -@contextmanager -def remove_unwanteds_from_sys_path(): - '''Remove cwd and this script's parent from sys.path for the import test. - Bring the original contents back after import is done (or failed) - ''' - - cwd_absolute = Path.cwd().absolute() - this_file_parent = Path(__file__).parent.absolute() - old_sys_path = list(sys.path) - for path in old_sys_path: - if Path(path).absolute() in (cwd_absolute, this_file_parent): - sys.path.remove(path) - try: - yield - finally: - sys.path = old_sys_path - - -def addsitedirs_from_environ(): - '''Load directories from the _PYTHONSITE environment variable (separated by :) - and load the ones already present in sys.path via site.addsitedir() - to handle .pth files in them. - - This is needed to properly import old-style namespace packages with nspkg.pth files. - See https://bugzilla.redhat.com/2018551 for a more detailed rationale.''' - for path in os.getenv('_PYTHONSITE', '').split(':'): - if path in sys.path: - site.addsitedir(path) - - -def main(argv=None): - - cli_args = argparser().parse_args(argv) - - if not cli_args.modules and not cli_args.filename: - raise ValueError('No modules to check were provided') - - modules = read_modules_from_all_args(cli_args) - - with remove_unwanteds_from_sys_path(): - addsitedirs_from_environ() - import_modules(modules) - - -if __name__ == '__main__': - main() diff --git a/SOURCES/macros.python3.12 b/SOURCES/macros.python3.12 deleted file mode 100644 index 56cb141..0000000 --- a/SOURCES/macros.python3.12 +++ /dev/null @@ -1,91 +0,0 @@ -%__python3 /usr/bin/python3.12 -%python3_pkgversion 3.12 - -# The following are macros from macros.python3 in Fedora that are newer/different than those in the python3-rpm-macros package in RHEL 8. -# These macros overwrite/supercede some of the macros in the python3-rpm-macros package in RHEL. - -# nb: $RPM_BUILD_ROOT is not set when the macros are expanded (at spec parse time) -# so we set it manually (to empty string), making our Python prefer the correct install scheme location -# platbase/base is explicitly set to %%{_prefix} to support custom values, such as /app for flatpaks -%python3_sitelib %(RPM_BUILD_ROOT= %{__python3} -Ic "import sysconfig; print(sysconfig.get_path('purelib', vars={'platbase': '%{_prefix}', 'base': '%{_prefix}'}))") -%python3_sitearch %(RPM_BUILD_ROOT= %{__python3} -Ic "import sysconfig; print(sysconfig.get_path('platlib', vars={'platbase': '%{_prefix}', 'base': '%{_prefix}'}))") -%python3_version %(RPM_BUILD_ROOT= %{__python3} -Ic "import sys; sys.stdout.write('{0.major}.{0.minor}'.format(sys.version_info))") -%python3_version_nodots %(RPM_BUILD_ROOT= %{__python3} -Ic "import sys; sys.stdout.write('{0.major}{0.minor}'.format(sys.version_info))") -%python3_platform %(RPM_BUILD_ROOT= %{__python3} -Ic "import sysconfig; print(sysconfig.get_platform())") -%python3_platform_triplet %(RPM_BUILD_ROOT= %{__python3} -Ic "import sysconfig; print(sysconfig.get_config_var('MULTIARCH'))") -%python3_ext_suffix %(RPM_BUILD_ROOT= %{__python3} -Ic "import sysconfig; print(sysconfig.get_config_var('EXT_SUFFIX'))") -%python3_cache_tag %(RPM_BUILD_ROOT= %{__python3} -Ic "import sys; print(sys.implementation.cache_tag)") - -%_py3_shebang_s s -%_py3_shebang_P %(RPM_BUILD_ROOT= %{__python3} -Ic "import sys; print('P' if hasattr(sys.flags, 'safe_path') else '')") -%py3_shbang_opts -%{?_py3_shebang_s}%{?_py3_shebang_P} - -%py3_shebang_fix %{expand:\\\ - if [ -z "%{?py3_shebang_flags}" ]; then - shebang_flags="-k" - else - shebang_flags="-ka%{py3_shebang_flags}" - fi - %{__python3} -B %{_rpmconfigdir}/redhat/pathfix_py3_12.py -pni %{__python3} $shebang_flags} - -%py3_install() %{expand:\\\ - CFLAGS="${CFLAGS:-${RPM_OPT_FLAGS}}" LDFLAGS="${LDFLAGS:-${RPM_LD_FLAGS}}"\\\ - %{__python3} %{py_setup} %{?py_setup_args} install -O1 --skip-build --root %{buildroot} --prefix %{_prefix} %{?*} - rm -rfv %{buildroot}%{_bindir}/__pycache__ -} - -%py3_install_egg() %{expand:\\\ - mkdir -p %{buildroot}%{python3_sitelib} - %{__python3} -m easy_install -m --prefix %{buildroot}%{_prefix} -Z dist/*-py%{python3_version}.egg %{?*} - rm -rfv %{buildroot}%{_bindir}/__pycache__ -} - -%py3_install_wheel() %{expand:\\\ - %{__python3} -m pip install -I dist/%{1} --root %{buildroot} --prefix %{_prefix} --no-deps --no-index --no-warn-script-location - rm -rfv %{buildroot}%{_bindir}/__pycache__ - for distinfo in %{buildroot}%{python3_sitelib}/*.dist-info %{buildroot}%{python3_sitearch}/*.dist-info; do - if [ -f ${distinfo}/direct_url.json ]; then - rm -fv ${distinfo}/direct_url.json - sed -i '/direct_url.json/d' ${distinfo}/RECORD - fi - done -} - -# With $PATH and $PYTHONPATH set to the %%buildroot, -# try to import the Python 3 module(s) given as command-line args or read from file (-f). -# Respect the custom values of %%py3_shebang_flags or set nothing if it's undefined. -# Filter and check import on only top-level modules using -t flag. -# Exclude unwanted modules by passing their globs to -e option. -# Useful as a smoke test in %%check when running tests is not feasible. -# Use spaces or commas as separators if providing list directly. -# Use newlines as separators if providing list in a file. -%py3_check_import(e:tf:) %{expand:\\\ - PATH="%{buildroot}%{_bindir}:$PATH"\\\ - PYTHONPATH="${PYTHONPATH:-%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}}"\\\ - _PYTHONSITE="%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}"\\\ - PYTHONDONTWRITEBYTECODE=1\\\ - %{lua: - local command = "%{__python3} " - if rpm.expand("%{?py3_shebang_flags}") ~= "" then - command = command .. "-%{py3_shebang_flags}" - end - command = command .. " %{_rpmconfigdir}/redhat/import_all_modules_py3_12.py " - -- handle multiline arguments correctly, see https://bugzilla.redhat.com/2018809 - local args=rpm.expand('%{?**}'):gsub("[%s\\\\]*%s+", " ") - print(command .. args) - } -} - -# Environment variables used by %%pytest, %%tox or standalone, e.g.: -# %%{py3_test_envvars} %%{python3} -m unittest -%py3_test_envvars %{expand:\\\ - CFLAGS="${CFLAGS:-${RPM_OPT_FLAGS}}" LDFLAGS="${LDFLAGS:-${RPM_LD_FLAGS}}"\\\ - PATH="%{buildroot}%{_bindir}:$PATH"\\\ - PYTHONPATH="${PYTHONPATH:-%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib}}"\\\ - PYTHONDONTWRITEBYTECODE=1\\\ - %{?__pytest_addopts:PYTEST_ADDOPTS="${PYTEST_ADDOPTS:-} %{__pytest_addopts}"}\\\ - PYTEST_XDIST_AUTO_NUM_WORKERS=%{_smp_build_ncpus}} - -# This is intended for Python 3 only, hence also no Python version in the name. -%__pytest /usr/bin/pytest-%{python3_version} -%pytest %py3_test_envvars %__pytest diff --git a/SOURCES/pathfix_py3_12.py b/SOURCES/pathfix_py3_12.py deleted file mode 100644 index 1d7db3a..0000000 --- a/SOURCES/pathfix_py3_12.py +++ /dev/null @@ -1,199 +0,0 @@ -#!/usr/bin/env python3 - -import sys -import os -from stat import * -import getopt - -err = sys.stderr.write -dbg = err -rep = sys.stdout.write - -new_interpreter = None -preserve_timestamps = False -create_backup = True -keep_flags = False -add_flags = b'' - - -def main(): - global new_interpreter - global preserve_timestamps - global create_backup - global keep_flags - global add_flags - - usage = ('usage: %s -i /interpreter -p -n -k -a file-or-directory ...\n' % - sys.argv[0]) - try: - opts, args = getopt.getopt(sys.argv[1:], 'i:a:kpn') - except getopt.error as msg: - err(str(msg) + '\n') - err(usage) - sys.exit(2) - for o, a in opts: - if o == '-i': - new_interpreter = a.encode() - if o == '-p': - preserve_timestamps = True - if o == '-n': - create_backup = False - if o == '-k': - keep_flags = True - if o == '-a': - add_flags = a.encode() - if b' ' in add_flags: - err("-a option doesn't support whitespaces") - sys.exit(2) - if not new_interpreter or not new_interpreter.startswith(b'/') or \ - not args: - err('-i option or file-or-directory missing\n') - err(usage) - sys.exit(2) - bad = 0 - for arg in args: - if os.path.isdir(arg): - if recursedown(arg): bad = 1 - elif os.path.islink(arg): - err(arg + ': will not process symbolic links\n') - bad = 1 - else: - if fix(arg): bad = 1 - sys.exit(bad) - - -def ispython(name): - return name.endswith('.py') - - -def recursedown(dirname): - dbg('recursedown(%r)\n' % (dirname,)) - bad = 0 - try: - names = os.listdir(dirname) - except OSError as msg: - err('%s: cannot list directory: %r\n' % (dirname, msg)) - return 1 - names.sort() - subdirs = [] - for name in names: - if name in (os.curdir, os.pardir): continue - fullname = os.path.join(dirname, name) - if os.path.islink(fullname): pass - elif os.path.isdir(fullname): - subdirs.append(fullname) - elif ispython(name): - if fix(fullname): bad = 1 - for fullname in subdirs: - if recursedown(fullname): bad = 1 - return bad - - -def fix(filename): -## dbg('fix(%r)\n' % (filename,)) - try: - f = open(filename, 'rb') - except IOError as msg: - err('%s: cannot open: %r\n' % (filename, msg)) - return 1 - with f: - line = f.readline() - fixed = fixline(line) - if line == fixed: - rep(filename+': no change\n') - return - head, tail = os.path.split(filename) - tempname = os.path.join(head, '@' + tail) - try: - g = open(tempname, 'wb') - except IOError as msg: - err('%s: cannot create: %r\n' % (tempname, msg)) - return 1 - with g: - rep(filename + ': updating\n') - g.write(fixed) - BUFSIZE = 8*1024 - while 1: - buf = f.read(BUFSIZE) - if not buf: break - g.write(buf) - - # Finishing touch -- move files - - mtime = None - atime = None - # First copy the file's mode to the temp file - try: - statbuf = os.stat(filename) - mtime = statbuf.st_mtime - atime = statbuf.st_atime - os.chmod(tempname, statbuf[ST_MODE] & 0o7777) - except OSError as msg: - err('%s: warning: chmod failed (%r)\n' % (tempname, msg)) - # Then make a backup of the original file as filename~ - if create_backup: - try: - os.rename(filename, filename + '~') - except OSError as msg: - err('%s: warning: backup failed (%r)\n' % (filename, msg)) - else: - try: - os.remove(filename) - except OSError as msg: - err('%s: warning: removing failed (%r)\n' % (filename, msg)) - # Now move the temp file to the original file - try: - os.rename(tempname, filename) - except OSError as msg: - err('%s: rename failed (%r)\n' % (filename, msg)) - return 1 - if preserve_timestamps: - if atime and mtime: - try: - os.utime(filename, (atime, mtime)) - except OSError as msg: - err('%s: reset of timestamp failed (%r)\n' % (filename, msg)) - return 1 - # Return success - return 0 - - -def parse_shebang(shebangline): - shebangline = shebangline.rstrip(b'\n') - start = shebangline.find(b' -') - if start == -1: - return b'' - return shebangline[start:] - - -def populate_flags(shebangline): - old_flags = b'' - if keep_flags: - old_flags = parse_shebang(shebangline) - if old_flags: - old_flags = old_flags[2:] - if not (old_flags or add_flags): - return b'' - # On Linux, the entire string following the interpreter name - # is passed as a single argument to the interpreter. - # e.g. "#! /usr/bin/python3 -W Error -s" runs "/usr/bin/python3 "-W Error -s" - # so shebang should have single '-' where flags are given and - # flag might need argument for that reasons adding new flags is - # between '-' and original flags - # e.g. #! /usr/bin/python3 -sW Error - return b' -' + add_flags + old_flags - - -def fixline(line): - if not line.startswith(b'#!'): - return line - - if b"python" not in line: - return line - - flags = populate_flags(line) - return b'#! ' + new_interpreter + flags + b'\n' - - -if __name__ == '__main__': - main() diff --git a/SOURCES/Yhg1s.gpg b/Yhg1s.gpg similarity index 100% rename from SOURCES/Yhg1s.gpg rename to Yhg1s.gpg diff --git a/SOURCES/check-pyc-timestamps.py b/check-pyc-timestamps.py similarity index 98% rename from SOURCES/check-pyc-timestamps.py rename to check-pyc-timestamps.py index 1b174a1..8378c3e 100644 --- a/SOURCES/check-pyc-timestamps.py +++ b/check-pyc-timestamps.py @@ -16,7 +16,6 @@ LEVELS = (None, 1, 2) # list of globs of test and other files that we expect not to have bytecode not_compiled = [ '/usr/bin/*', - '/usr/lib/rpm/redhat/*', '*/test/badsyntax_*.py', '*/tokenizedata/bad_coding.py', '*/tokenizedata/bad_coding2.py', diff --git a/SOURCES/idle3.appdata.xml b/idle3.appdata.xml similarity index 100% rename from SOURCES/idle3.appdata.xml rename to idle3.appdata.xml diff --git a/SOURCES/idle3.desktop b/idle3.desktop similarity index 100% rename from SOURCES/idle3.desktop rename to idle3.desktop diff --git a/SPECS/python3.12.spec b/python3.12.spec similarity index 81% rename from SPECS/python3.12.spec rename to python3.12.spec index 5ce84bd..9d7e594 100644 --- a/SPECS/python3.12.spec +++ b/python3.12.spec @@ -1,6 +1,3 @@ -%global __python3 /usr/bin/python3.12 -%global python3_pkgversion 3.12 - # ================== # Top-level metadata # ================== @@ -16,12 +13,12 @@ URL: https://www.python.org/ # WARNING When rebasing to a new Python version, # remember to update the python3-docs package as well -%global general_version %{pybasever}.1 +%global general_version %{pybasever}.9 #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 4%{?dist} -License: Python +Release: 2%{?dist} +License: Python-2.0.1 # ================================== @@ -34,8 +31,12 @@ License: Python # Main Python, i.e. whether this is the main Python version in the distribution # that owns /usr/bin/python3 and other unique paths # This also means the built subpackages are called python3 rather than python3X -# RHEL: Disabled by default +# By default, this is determined by the %%__default_python3_pkgversion value +%if "%{?__default_python3_pkgversion}" == "%{pybasever}" +%bcond_without main_python +%else %bcond_with main_python +%endif # If this is *not* Main Python, should it contain `Provides: python(abi) ...`? # In Fedora no package shall depend on an alternative Python via this tag, so we do not provide it. @@ -61,40 +62,40 @@ License: Python # Whether to use RPM build wheels from the python-{pip,setuptools,wheel}-wheel packages # Uses upstream bundled prebuilt wheels otherwise +# Only F39+ has a pip new enough to work with Python 3.12 +%if 0%{?fedora} >= 39 || 0%{?rhel} >= 10 %bcond_without rpmwheels +%else +%bcond_with rpmwheels +%endif # If the rpmwheels condition is disabled, we use the bundled wheel packages # from Python with the versions below. # This needs to be manually updated when we update Python. -%global pip_version 23.2.1 +%global pip_version 24.3.1 %global setuptools_version 67.6.1 %global wheel_version 0.40.0 # All of those also include a list of indirect bundled libs: # pip # $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) %global pip_bundled_provides %{expand: -Provides: bundled(python3dist(cachecontrol)) = 0.12.11 -Provides: bundled(python3dist(certifi)) = 2023.5.7 -Provides: bundled(python3dist(chardet)) = 5.1 -Provides: bundled(python3dist(colorama)) = 0.4.6 -Provides: bundled(python3dist(distlib)) = 0.3.6 -Provides: bundled(python3dist(distro)) = 1.8 -Provides: bundled(python3dist(idna)) = 3.4 -Provides: bundled(python3dist(msgpack)) = 1.0.5 -Provides: bundled(python3dist(packaging)) = 21.3 -Provides: bundled(python3dist(platformdirs)) = 3.8.1 -Provides: bundled(python3dist(pygments)) = 2.15.1 -Provides: bundled(python3dist(pyparsing)) = 3.1 +Provides: bundled(python3dist(cachecontrol)) = 0.14 +Provides: bundled(python3dist(certifi)) = 2024.8.30 +Provides: bundled(python3dist(distlib)) = 0.3.9 +Provides: bundled(python3dist(distro)) = 1.9 +Provides: bundled(python3dist(idna)) = 3.7 +Provides: bundled(python3dist(msgpack)) = 1.0.8 +Provides: bundled(python3dist(packaging)) = 24.1 +Provides: bundled(python3dist(platformdirs)) = 4.2.2 +Provides: bundled(python3dist(pygments)) = 2.18 Provides: bundled(python3dist(pyproject-hooks)) = 1 -Provides: bundled(python3dist(requests)) = 2.31 +Provides: bundled(python3dist(requests)) = 2.32.3 Provides: bundled(python3dist(resolvelib)) = 1.0.1 -Provides: bundled(python3dist(rich)) = 13.4.2 -Provides: bundled(python3dist(setuptools)) = 68 -Provides: bundled(python3dist(six)) = 1.16 -Provides: bundled(python3dist(tenacity)) = 8.2.2 +Provides: bundled(python3dist(rich)) = 13.7.1 +Provides: bundled(python3dist(setuptools)) = 70.3 Provides: bundled(python3dist(tomli)) = 2.0.1 -Provides: bundled(python3dist(typing-extensions)) = 4.7.1 -Provides: bundled(python3dist(urllib3)) = 1.26.16 -Provides: bundled(python3dist(webencodings)) = 0.5.1 +Provides: bundled(python3dist(truststore)) = 0.10 +Provides: bundled(python3dist(typing-extensions)) = 4.12.2 +Provides: bundled(python3dist(urllib3)) = 1.26.20 } # setuptools # vendor.txt files not in .whl @@ -115,7 +116,7 @@ Provides: bundled(python3dist(typing-extensions)) = 4.4 Provides: bundled(python3dist(zipp)) = 3.7 } # wheel -# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheel-*.whl wheel/vendored/vendor.txt) +# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheeldata/wheel-*.whl wheel/vendored/vendor.txt) %global wheel_bundled_provides %{expand: Provides: bundled(python3dist(packaging)) = 23 } @@ -146,6 +147,14 @@ Provides: bundled(python3dist(packaging)) = 23 %bcond_with valgrind %endif +# In RHEL 9+, we obsolete/provide Platform Python from regular Python +# This is only appropriate for the main Python build +%if 0%{?rhel} >= 9 && %{with main_python} +%bcond_without rhel8_compat_shims +%else +%bcond_with rhel8_compat_shims +%endif + # ===================== # General global macros # ===================== @@ -199,11 +208,27 @@ Provides: bundled(python3dist(packaging)) = 23 %global py_INSTSONAME_optimized libpython%{LDVERSION_optimized}.so.%{py_SOVERSION} %global py_INSTSONAME_debug libpython%{LDVERSION_debug}.so.%{py_SOVERSION} +# The -O flag for the compiler, optimized builds +# https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3 +%global optflags_optimized -O3 +# The -O flag for the compiler, debug builds +# -Wno-cpp avoids some warnings with -O0 +%global optflags_debug -O0 -Wno-cpp +# Remove the default -O2 flag, our flags are applied in %%build/%%install +%global __global_compiler_flags %(echo '%{__global_compiler_flags}' | sed 's/-O[[:digit:]]//') + # Disable automatic bytecompilation. The python3 binary is not yet be # available in /usr/bin when Python is built. Also, the bytecompilation fails # on files that test invalid syntax. %undefine py_auto_byte_compile +# When a main_python build is attempted despite the %%__default_python3_pkgversion value +# We undefine magic macros so the python3-... package does not provide wrong python3X-... +%if %{with main_python} && ("%{?__default_python3_pkgversion}" != "%{pybasever}") +%undefine __pythonname_provides +%{warn:Doing a main_python build with wrong %%__default_python3_pkgversion (0%{?__default_python3_pkgversion}, but this is %pyshortver)} +%endif + %if %{with main_python} # To keep the upgrade path clean, we Obsolete python3.X from the python3 # package and python3.X-foo from individual subpackages. @@ -229,7 +254,8 @@ BuildRequires: bluez-libs-devel BuildRequires: bzip2 BuildRequires: bzip2-devel BuildRequires: desktop-file-utils -BuildRequires: expat-devel +# See the runtime requirement in the -libs subpackage +BuildRequires: expat-devel >= 2.6 BuildRequires: findutils BuildRequires: gcc-c++ @@ -246,7 +272,6 @@ BuildRequires: libappstream-glib BuildRequires: libb2-devel %endif BuildRequires: libffi-devel -BuildRequires: libnsl2-devel BuildRequires: libtirpc-devel BuildRequires: libGL-devel BuildRequires: libuuid-devel @@ -259,7 +284,7 @@ BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: python-rpm-macros BuildRequires: readline-devel -BuildRequires: redhat-rpm-config +BuildRequires: redhat-rpm-config >= 127 BuildRequires: sqlite-devel BuildRequires: gdb @@ -276,6 +301,7 @@ BuildRequires: valgrind-devel BuildRequires: xz-devel BuildRequires: zlib-devel +BuildRequires: systemtap-sdt-devel BuildRequires: /usr/bin/dtrace # workaround http://bugs.python.org/issue19804 (test_uuid requires ifconfig) @@ -313,11 +339,6 @@ Source1: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz.a # The release manager for Python 3.12 is Thomas Wouters Source2: https://github.com/Yhg1s.gpg -# Sources for the python3.12-rpm-macros -Source3: macros.python3.12 -Source4: import_all_modules_py3_12.py -Source5: pathfix_py3_12.py - # A simple script to check timestamps of bytecode files # Run in check section with Python that is currently being built # Originally written by bkabrda @@ -331,7 +352,7 @@ Source11: idle3.appdata.xml # (Patches taken from github.com/fedora-python/cpython) -# 00251 # cae5a6abc5df08239c85b83e4e250b6f2702e4f5 +# 00251 # 6a4ec74157aa01f1ada9f29f30a371cd9e5369e8 # Change user install location # # Set values of base and platbase in sysconfig from /usr @@ -380,14 +401,17 @@ Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-g # - https://access.redhat.com/articles/7004769 Patch397: 00397-tarfile-filter.patch -# 00415 # 83e0fc3ec7bc38055c536f482578a10f6efcc08c -# [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (#111116) +# 00452 # eb11d070c5af7d1b5e47f4e02186152d08eaf793 +# Properly apply exported CFLAGS for dtrace/systemtap builds # -# Detect email address parsing errors and return empty tuple to -# indicate the parsing error (old API). Add an optional 'strict' -# parameter to getaddresses() and parseaddr() functions. Patch by -# Thomas Dwyer. -Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +# When using --with-dtrace the resulting object file could be missing +# specific CFLAGS exported by the build system due to the systemtap +# script using specific defaults. +# +# Exporting the CC and CFLAGS variables before the dtrace invocation +# allows us to properly apply CFLAGS exported by the build system +# even when cross-compiling. +Patch452: 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch # (New patches go here ^^^) # @@ -407,14 +431,6 @@ Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-par # Descriptions, and metadata for subpackages # ========================================== -# Require alternatives version that implements the --keep-foreign flag and fixes rhbz#2203820 -Requires: alternatives >= 1.19.2-1 -Requires(post): alternatives >= 1.19.2-1 -Requires(postun): alternatives >= 1.19.2-1 - -# When the user tries to `yum install python`, yum will list this package among -# the possible alternatives -Provides: alternative-for(python) %if %{with main_python} # Description for the python3X SRPM only: @@ -444,6 +460,12 @@ Provides: python%{pybasever}%{?_isa} = %{version}-%{release} Recommends: %{_bindir}/python %endif +%if %{with rhel8_compat_shims} +Provides: platform-python = %{version}-%{release} +Provides: platform-python%{?_isa} = %{version}-%{release} +Obsoletes: platform-python < %{pybasever} +%endif + # Python interpreter packages used to be named (or provide) name pythonXY (e.g. # python39). However, to align it with the executable names and to prepare for # Python 3.10, they were renamed to pythonX.Y (e.g. python3.9, python3.10). We @@ -489,7 +511,6 @@ Documentation for Python is provided in the %{pkgname}-docs package. Packages containing additional libraries for Python are generally named with the "%{pkgname}-" prefix. -For the unversioned "python" executable, see manual page "unversioned-python". %if %{with main_python} # https://fedoraproject.org/wiki/Changes/Move_usr_bin_python_into_separate_package @@ -521,12 +542,12 @@ Summary: Python runtime libraries %if %{with rpmwheels} Requires: %{python_wheel_pkg_prefix}-pip-wheel >= 23.1.2 # Bundled libb2 is CC0, covered by grandfathering exception -License: Python and CC0 +License: Python-2.0.1 AND CC0-1.0 %else Provides: bundled(python3dist(pip)) = %{pip_version} %pip_bundled_provides # License manually combined form Python + pip -License: Python and CC0 and MIT and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) +License: Python-2.0.1 AND CC0-1.0 AND MIT AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND LGPL-2.1-only AND MPL-2.0 AND (Apache-2.0 OR BSD-2-Clause) %endif %unversioned_obsoletes_of_python3_X_if_main libs @@ -549,6 +570,14 @@ Recommends: (%{pkgname}-tkinter%{?_isa} = %{version}-%{release} if tk%{?_isa}) # The zoneinfo module needs tzdata Requires: tzdata +# The requirement on libexpat is generated, but we need to version it. +# When built with expat >= 2.6, but installed with older expat, we get: +# ImportError: /usr/lib64/python3.X/lib-dynload/pyexpat.cpython-....so: +# undefined symbol: XML_SetReparseDeferralEnabled +# This breaks many things, including python -m venv. +# Other subpackages (like -debug) also need this, but they all depend on -libs. +Requires: expat >= 2.6 + %description -n %{pkgname}-libs This package contains runtime libraries for use by Python: - the majority of the Python standard library @@ -570,13 +599,6 @@ Requires: (python3-rpm-macros if rpm-build) # On Fedora, we keep this to avoid one additional round of %%generate_buildrequires. %{!?rhel:Requires: (pyproject-rpm-macros if rpm-build)} -# Require alternatives version that implements the --keep-foreign flag and fixes rhbz#2203820 -Requires(postun): alternatives >= 1.19.2-1 - -# python3.12 installs the alternatives master symlink to which we attach a slave -Requires(post): %{pkgname} -Requires(postun): %{pkgname} - %unversioned_obsoletes_of_python3_X_if_main devel %if %{with main_python} @@ -600,6 +622,12 @@ Provides: 2to3 = %{version}-%{release} Conflicts: %{pkgname} < %{version}-%{release} +%if %{with rhel8_compat_shims} +Provides: platform-python-devel = %{version}-%{release} +Provides: platform-python-devel%{?_isa} = %{version}-%{release} +Obsoletes: platform-python-devel < %{pybasever} +%endif + %description -n %{pkgname}-devel This package contains the header files and configuration needed to compile Python extension modules (typically written in C or C++), to embed Python @@ -624,13 +652,6 @@ Provides: idle = %{version}-%{release} Provides: %{pkgname}-tools = %{version}-%{release} Provides: %{pkgname}-tools%{?_isa} = %{version}-%{release} -# Require alternatives version that implements the --keep-foreign flag and fixes rhbz#2203820 -Requires(postun): alternatives >= 1.19.2-1 - -# python3.12 installs the alternatives master symlink to which we attach a slave -Requires(post): %{pkgname} -Requires(postun): %{pkgname} - %description -n %{pkgname}-idle IDLE is Python’s Integrated Development and Learning Environment. @@ -668,12 +689,12 @@ Requires: %{pkgname}-libs%{?_isa} = %{version}-%{release} Requires: %{python_wheel_pkg_prefix}-setuptools-wheel Requires: %{python_wheel_pkg_prefix}-wheel-wheel %else -Provides: bundled(python%{python3_pkgversion}dist(setuptools)) = %{setuptools_version} +Provides: bundled(python3dist(setuptools)) = %{setuptools_version} %setuptools_bundled_provides -Provides: bundled(python%{python3_pkgversion}dist(wheel)) = %{wheel_version} +Provides: bundled(python3dist(wheel)) = %{wheel_version} %wheel_bundled_provides # License manually combined from Python + setuptools + wheel -License: Python and MIT and ASL 2.0 and (ASL 2.0 or BSD) +License: Python-2.0.1 AND MIT AND Apache-2.0 AND (Apache-2.0 OR BSD-2-Clause) %endif %unversioned_obsoletes_of_python3_X_if_main test @@ -702,12 +723,11 @@ Requires: %{pkgname}-idle%{?_isa} = %{version}-%{release} %unversioned_obsoletes_of_python3_X_if_main debug -# Require alternatives version that implements the --keep-foreign flag and fixes rhbz#2203820 -Requires(postun): alternatives >= 1.19.2-1 - -# python3.12 installs the alternatives master symlink to which we attach a slave -Requires(post): %{pkgname} -Requires(postun): %{pkgname} +%if %{with rhel8_compat_shims} +Provides: platform-python-debug = %{version}-%{release} +Provides: platform-python-debug%{?_isa} = %{version}-%{release} +Obsoletes: platform-python-debug < %{pybasever} +%endif %description -n %{pkgname}-debug python3-debug provides a version of the Python runtime with numerous debugging @@ -727,24 +747,6 @@ The debug runtime additionally supports debug builds of C-API extensions %endif # with debug_build -# We package the python3.12-rpm-macros in RHEL8 as to properly set the -# %%__python3 and %%python3_pkgversion macros as well as provide modern -# versions the current base macros. -%package -n %{pkgname}-rpm-macros -Summary: RPM macros for building RPMs with Python %{pybasever} -License: MIT -Provides: python-modular-rpm-macros == %{pybasever} -Conflicts: python-modular-rpm-macros > %{pybasever} -Requires: python3-rpm-macros -BuildArch: noarch - -%description -n %{pkgname}-rpm-macros -RPM macros for building RPMs with Python %{pybasever} from the python%{pyshortver} module. -If you want to build an RPM against the python%{pyshortver} module, you need to add: - - BuildRequire: %{pkgname}-rpm-macros. - - # ====================================================== # The prep phase of the build: # ====================================================== @@ -753,10 +755,18 @@ If you want to build an RPM against the python%{pyshortver} module, you need to %gpgverify -k2 -s1 -d0 %autosetup -S git_am -n Python-%{upstream_version} +# Verify the second level of bundled provides is up to date +# Arguably this should be done in %%check, but %%prep has a faster feedback loop +# setuptools.whl does not contain the vendored.txt files +if [ -f %{_rpmconfigdir}/pythonbundles.py ]; then + %{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) --compare-with '%pip_bundled_provides' + %{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheeldata/wheel-*.whl wheel/vendored/vendor.txt) --compare-with '%wheel_bundled_provides' +fi + %if %{with rpmwheels} rm Lib/ensurepip/_bundled/pip-%{pip_version}-py3-none-any.whl -rm Lib/test/setuptools-%{setuptools_version}-py3-none-any.whl -rm Lib/test/wheel-%{wheel_version}-py3-none-any.whl +rm Lib/test/wheeldata/setuptools-%{setuptools_version}-py3-none-any.whl +rm Lib/test/wheeldata/wheel-%{wheel_version}-py3-none-any.whl %endif # Remove all exe files to ensure we are not shipping prebuilt binaries @@ -773,11 +783,6 @@ rm -r Modules/_decimal/libmpdec rm configure pyconfig.h.in -# Python 3.12 requires autoconf 2.71 which is not available in RHEL, -# we verified that it builds also with autoconf 2.69 therefore we -# are unpinning it -sed -i 's/AC_PREREQ(\[2.71/AC_PREREQ(\[2.69/' configure.ac - # ====================================================== # Configuring and building the code: # ====================================================== @@ -857,7 +862,6 @@ BuildPython() { --with-computed-gotos=%{computed_gotos_flag} \ --with-dbmliborder=gdbm:ndbm:bdb \ --with-system-expat \ - --with-system-ffi \ --with-system-libmpdec \ --enable-loadable-sqlite-extensions \ --with-dtrace \ @@ -897,12 +901,12 @@ BuildPython() { # See also: https://bugzilla.redhat.com/show_bug.cgi?id=1818857 BuildPython debug \ "--without-ensurepip --with-pydebug" \ - "-O0 -Wno-cpp" + "%{optflags_debug}" %endif # with debug_build BuildPython optimized \ "--without-ensurepip %{optimizations_flag}" \ - "" + "%{optflags_optimized}" # ====================================================== # Installing the built code: @@ -1007,14 +1011,14 @@ EOF %if %{with debug_build} InstallPython debug \ %{py_INSTSONAME_debug} \ - -O0 \ + "%{optflags_debug}" \ %{LDVERSION_debug} %endif # with debug_build # Now the optimized build: InstallPython optimized \ %{py_INSTSONAME_optimized} \ - "" \ + "%{optflags_optimized}" \ %{LDVERSION_optimized} # Install directories for additional packages @@ -1059,11 +1063,8 @@ done # Switch all shebangs to refer to the specific Python version. # This currently only covers files matching ^[a-zA-Z0-9_]+\.py$, # so handle files named using other naming scheme separately. -# - RHEL 8 note: we use %%{SOURCE5} instead of pathfix.py, because in RHEL 8 we -# ship our own versioned pathfix_py3_12.py in this package, but during -# bootstrap it's not yet installed. LD_LIBRARY_PATH=./build/optimized ./build/optimized/python \ - %{SOURCE5} \ + %{_rpmconfigdir}/redhat/pathfix.py \ -i "%{_bindir}/python%{pybasever}" -pn \ %{buildroot} \ %{buildroot}%{_bindir}/*%{pybasever}.py \ @@ -1157,6 +1158,25 @@ ln -s ./python3-debug %{buildroot}%{_bindir}/python-debug %endif %endif +%if %{with rhel8_compat_shims} +# Provide RHEL8 backwards compatible symbolic links in %%_libexecdir +mkdir -p %{buildroot}%{_libexecdir} +ln -s %{_bindir}/python%{pybasever} %{buildroot}%{_libexecdir}/platform-python +ln -s %{_bindir}/python%{pybasever} %{buildroot}%{_libexecdir}/platform-python%{pybasever} +ln -s %{_bindir}/python%{pybasever}-config %{buildroot}%{_libexecdir}/platform-python-config +ln -s %{_bindir}/python%{pybasever}-config %{buildroot}%{_libexecdir}/platform-python%{pybasever}-config +ln -s %{_bindir}/python%{pybasever}-`uname -m`-config %{buildroot}%{_libexecdir}/platform-python%{pybasever}-`uname -m`-config +# There were also executables with %%{LDVERSION_optimized} in RHEL 8, +# but since Python 3.8 %%{LDVERSION_optimized} == %%{pybasever}. +# We list both in the %%files section to assert this. +%if %{with debug_build} +ln -s %{_bindir}/python%{LDVERSION_debug} %{buildroot}%{_libexecdir}/platform-python-debug +ln -s %{_bindir}/python%{LDVERSION_debug} %{buildroot}%{_libexecdir}/platform-python%{LDVERSION_debug} +ln -s %{_bindir}/python%{LDVERSION_debug}-config %{buildroot}%{_libexecdir}/platform-python%{LDVERSION_debug}-config +ln -s %{_bindir}/python%{LDVERSION_debug}-`uname -m`-config %{buildroot}%{_libexecdir}/platform-python%{LDVERSION_debug}-`uname -m`-config +%endif +%endif + # Remove large, autogenerated sources and keep only the non-optimized pycache for file in %{buildroot}%{pylibdir}/pydoc_data/topics.py $(grep --include='*.py' -lr %{buildroot}%{pylibdir}/encodings -e 'Python Character Mapping Codec .* from .* with gencodec.py'); do directory=$(dirname ${file}) @@ -1165,29 +1185,6 @@ for file in %{buildroot}%{pylibdir}/pydoc_data/topics.py $(grep --include='*.py' rm ${directory}/{__pycache__/${module}.cpython-%{pyshortver}.opt-?.pyc,${module}.py} done -# Python RPM macros for python3.12-rpm-macros -mkdir -p %{buildroot}%{rpmmacrodir}/ -install -m 644 %{SOURCE3} \ - %{buildroot}/%{rpmmacrodir}/ - -# Add scripts that are being used by python3.12-rpm-macros -mkdir -p %{buildroot}%{_rpmconfigdir}/redhat -install -m 644 %{SOURCE4} %{buildroot}%{_rpmconfigdir}/redhat/ -install -m 644 %{SOURCE5} %{buildroot}%{_rpmconfigdir}/redhat/ - -# All ghost files controlled by alternatives need to exist for the files -# section check to succeed -# - Don't list /usr/bin/python as a ghost file so `yum install /usr/bin/python` -# doesn't install this package -touch %{buildroot}%{_bindir}/unversioned-python -touch %{buildroot}%{_mandir}/man1/python.1.gz -touch %{buildroot}%{_bindir}/python3 -touch %{buildroot}%{_mandir}/man1/python3.1.gz -touch %{buildroot}%{_bindir}/pydoc3 -touch %{buildroot}%{_bindir}/pydoc-3 -touch %{buildroot}%{_bindir}/idle3 -touch %{buildroot}%{_bindir}/python3-config - # ====================================================== # Checks for packaging issues # ====================================================== @@ -1272,119 +1269,10 @@ CheckPython optimized %endif # with tests -# ====================================================== -# Scriptlets for alternatives on rhel8 -# ====================================================== -%post -# Alternative for /usr/bin/python -> /usr/bin/python3 + man page -alternatives --install %{_bindir}/unversioned-python \ - python \ - %{_bindir}/python3 \ - 300 \ - --slave %{_bindir}/python \ - unversioned-python \ - %{_bindir}/python3 \ - --slave %{_mandir}/man1/python.1.gz \ - unversioned-python-man \ - %{_mandir}/man1/python3.1.gz - -# Alternative for /usr/bin/python -> /usr/bin/python3.12 + man page -alternatives --install %{_bindir}/unversioned-python \ - python \ - %{_bindir}/python3.12 \ - 211 \ - --slave %{_bindir}/python \ - unversioned-python \ - %{_bindir}/python3.12 \ - --slave %{_mandir}/man1/python.1.gz \ - unversioned-python-man \ - %{_mandir}/man1/python3.12.1.gz - -# Alternative for /usr/bin/python3 -> /usr/bin/python3.12 + related files -# Create only if it doesn't exist already -EXISTS=`alternatives --display python3 | \ - grep -c "^/usr/bin/python3.12 - priority [0-9]*"` - -if [ $EXISTS -eq 0 ]; then - alternatives --install %{_bindir}/python3 \ - python3 \ - %{_bindir}/python3.12 \ - 31200 \ - --slave %{_mandir}/man1/python3.1.gz \ - python3-man \ - %{_mandir}/man1/python3.12.1.gz \ - --slave %{_bindir}/pydoc3 \ - pydoc3 \ - %{_bindir}/pydoc3.12 \ - --slave %{_bindir}/pydoc-3 \ - pydoc-3 \ - %{_bindir}/pydoc3.12 -fi - -%postun -# Do this only during uninstall process (not during update) -if [ $1 -eq 0 ]; then - alternatives --keep-foreign --remove python \ - %{_bindir}/python3.12 - - alternatives --keep-foreign --remove python3 \ - %{_bindir}/python3.12 - - # Remove link python → python3 if no other python3.* exists - if ! alternatives --display python3 > /dev/null; then - alternatives --keep-foreign --remove python \ - %{_bindir}/python3 - fi -fi - - -%post devel -alternatives --add-slave python3 %{_bindir}/python3.12 \ - %{_bindir}/python3-config \ - python3-config \ - %{_bindir}/python3.12-config - -%postun devel -# Do this only during uninstall process (not during update) -if [ $1 -eq 0 ]; then - alternatives --keep-foreign --remove-slave python3 %{_bindir}/python3.12 \ - python3-config -fi - -%post idle -alternatives --add-slave python3 %{_bindir}/python3.12 \ - %{_bindir}/idle3 \ - idle3 \ - %{_bindir}/idle3.12 - -%postun idle -# Do this only during uninstall process (not during update) -if [ $1 -eq 0 ]; then - alternatives --keep-foreign --remove-slave python3 %{_bindir}/python3.12 \ - idle3 -fi - -# ====================================================== -# Files for each RPM (sub)package -# ====================================================== - -%files -n %{pkgname}-rpm-macros -%{rpmmacrodir}/macros.python%{pybasever} -%{_rpmconfigdir}/redhat/import_all_modules_py3_12.py -%{_rpmconfigdir}/redhat/pathfix_py3_12.py - %files -n %{pkgname} %doc README.rst -# Alternatives -%ghost %{_bindir}/unversioned-python -%ghost %{_mandir}/man1/python.1.gz -%ghost %{_bindir}/python3 -%ghost %{_mandir}/man1/python3.1.gz -%ghost %{_bindir}/pydoc3 -%ghost %{_bindir}/pydoc-3 - %if %{with main_python} %{_bindir}/pydoc* %{_bindir}/python3 @@ -1396,6 +1284,11 @@ fi %{_bindir}/python%{LDVERSION_optimized} %{_mandir}/*/*3* +%if %{with rhel8_compat_shims} +%{_libexecdir}/platform-python +%{_libexecdir}/platform-python%{pybasever} +%{_libexecdir}/platform-python%{LDVERSION_optimized} +%endif %if %{with main_python} %files -n python-unversioned-command @@ -1505,7 +1398,6 @@ fi %{dynload_dir}/grp.%{SOABI_optimized}.so %{dynload_dir}/math.%{SOABI_optimized}.so %{dynload_dir}/mmap.%{SOABI_optimized}.so -%{dynload_dir}/nis.%{SOABI_optimized}.so %{dynload_dir}/ossaudiodev.%{SOABI_optimized}.so %{dynload_dir}/_posixshmem.%{SOABI_optimized}.so %{dynload_dir}/pyexpat.%{SOABI_optimized}.so @@ -1517,10 +1409,6 @@ fi %{dynload_dir}/termios.%{SOABI_optimized}.so %{dynload_dir}/unicodedata.%{SOABI_optimized}.so %{dynload_dir}/_uuid.%{SOABI_optimized}.so -%{dynload_dir}/xxlimited.%{SOABI_optimized}.so -%{dynload_dir}/xxlimited_35.%{SOABI_optimized}.so -%{dynload_dir}/_xxsubinterpreters.%{SOABI_optimized}.so -%{dynload_dir}/xxsubtype.%{SOABI_optimized}.so %{dynload_dir}/zlib.%{SOABI_optimized}.so %{dynload_dir}/_zoneinfo.%{SOABI_optimized}.so @@ -1621,12 +1509,6 @@ fi %{pylibdir}/zoneinfo -%dir %{pylibdir}/__phello__/ -%dir %{pylibdir}/__phello__/__pycache__/ -%{pylibdir}/__phello__/__init__.py -%{pylibdir}/__phello__/spam.py -%{pylibdir}/__phello__/__pycache__/*%{bytecode_suffixes} - %if "%{_lib}" == "lib64" %attr(0755,root,root) %dir %{_prefix}/lib/python%{pybasever} %attr(0755,root,root) %dir %{_prefix}/lib/python%{pybasever}/site-packages @@ -1676,23 +1558,26 @@ fi %{_bindir}/python%{pybasever}-config %{_bindir}/python%{LDVERSION_optimized}-config %{_bindir}/python%{LDVERSION_optimized}-*-config -# Alternatives -%ghost %{_bindir}/python3-config - %{_libdir}/libpython%{LDVERSION_optimized}.so %{_libdir}/pkgconfig/python-%{LDVERSION_optimized}.pc %{_libdir}/pkgconfig/python-%{LDVERSION_optimized}-embed.pc %{_libdir}/pkgconfig/python-%{pybasever}.pc %{_libdir}/pkgconfig/python-%{pybasever}-embed.pc +%if %{with rhel8_compat_shims} +%{_libexecdir}/platform-python-config +%{_libexecdir}/platform-python%{pybasever}-config +%{_libexecdir}/platform-python%{LDVERSION_optimized}-config +%{_libexecdir}/platform-python%{pybasever}-*-config +%{_libexecdir}/platform-python%{LDVERSION_optimized}-*-config +%endif + %files -n %{pkgname}-idle %if %{with main_python} %{_bindir}/idle* %else %{_bindir}/idle%{pybasever} -# Alternatives -%ghost %{_bindir}/idle3 %endif %{pylibdir}/idlelib @@ -1726,7 +1611,17 @@ fi %{dynload_dir}/_testmultiphase.%{SOABI_optimized}.so %{dynload_dir}/_testsinglephase.%{SOABI_optimized}.so %{dynload_dir}/_xxinterpchannels.%{SOABI_optimized}.so +%{dynload_dir}/_xxsubinterpreters.%{SOABI_optimized}.so %{dynload_dir}/_xxtestfuzz.%{SOABI_optimized}.so +%{dynload_dir}/xxlimited.%{SOABI_optimized}.so +%{dynload_dir}/xxlimited_35.%{SOABI_optimized}.so +%{dynload_dir}/xxsubtype.%{SOABI_optimized}.so + +%dir %{pylibdir}/__phello__/ +%dir %{pylibdir}/__phello__/__pycache__/ +%{pylibdir}/__phello__/__init__.py +%{pylibdir}/__phello__/spam.py +%{pylibdir}/__phello__/__pycache__/*%{bytecode_suffixes} # We don't bother splitting the debug build out into further subpackages: # if you need it, you're probably a developer. @@ -1796,7 +1691,6 @@ fi %{dynload_dir}/grp.%{SOABI_debug}.so %{dynload_dir}/math.%{SOABI_debug}.so %{dynload_dir}/mmap.%{SOABI_debug}.so -%{dynload_dir}/nis.%{SOABI_debug}.so %{dynload_dir}/ossaudiodev.%{SOABI_debug}.so %{dynload_dir}/_posixshmem.%{SOABI_debug}.so %{dynload_dir}/pyexpat.%{SOABI_debug}.so @@ -1808,10 +1702,6 @@ fi %{dynload_dir}/termios.%{SOABI_debug}.so %{dynload_dir}/unicodedata.%{SOABI_debug}.so %{dynload_dir}/_uuid.%{SOABI_debug}.so -%{dynload_dir}/xxlimited.%{SOABI_debug}.so -%{dynload_dir}/xxlimited_35.%{SOABI_debug}.so -%{dynload_dir}/_xxsubinterpreters.%{SOABI_debug}.so -%{dynload_dir}/xxsubtype.%{SOABI_debug}.so %{dynload_dir}/zlib.%{SOABI_debug}.so %{dynload_dir}/_zoneinfo.%{SOABI_debug}.so @@ -1831,6 +1721,13 @@ fi %{_libdir}/pkgconfig/python-%{LDVERSION_debug}.pc %{_libdir}/pkgconfig/python-%{LDVERSION_debug}-embed.pc +%if %{with rhel8_compat_shims} +%{_libexecdir}/platform-python-debug +%{_libexecdir}/platform-python%{LDVERSION_debug} +%{_libexecdir}/platform-python%{LDVERSION_debug}-config +%{_libexecdir}/platform-python%{LDVERSION_debug}-*-config +%endif + # Analog of the -tools subpackage's files: # None for now; we could build precanned versions that have the appropriate # shebang if needed @@ -1848,7 +1745,11 @@ fi %{dynload_dir}/_testmultiphase.%{SOABI_debug}.so %{dynload_dir}/_testsinglephase.%{SOABI_debug}.so %{dynload_dir}/_xxinterpchannels.%{SOABI_debug}.so +%{dynload_dir}/_xxsubinterpreters.%{SOABI_debug}.so %{dynload_dir}/_xxtestfuzz.%{SOABI_debug}.so +%{dynload_dir}/xxlimited.%{SOABI_debug}.so +%{dynload_dir}/xxlimited_35.%{SOABI_debug}.so +%{dynload_dir}/xxsubtype.%{SOABI_debug}.so %{pylibdir}/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}.py %{pylibdir}/__pycache__/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}%{bytecode_suffixes} @@ -1876,60 +1777,181 @@ fi # ====================================================== %changelog -* Mon Feb 19 2024 Charalampos Stratakis - 3.12.1-4 -- Add Red Hat configuration for CVE-2007-4559 +* Mon Mar 31 2025 Charalampos Stratakis - 3.12.9-2 +- Properly apply exported CFLAGS for dtrace/systemtap builds +Resolves: RHEL-85727 -* Thu Jan 18 2024 Charalampos Stratakis - 3.12.1-3 +* Tue Feb 04 2025 Charalampos Stratakis - 3.12.9-1 +- Update to 3.12.9 +- Security fix for CVE-2025-0938 +Resolves: RHEL-77264 + +* Tue Dec 03 2024 Charalampos Stratakis - 3.12.8-1 +- Update to 3.12.8 +- Security fix for CVE-2024-9287 and CVE-2024-12254 +Resolves: RHEL-64877, RHEL-70450 + +* Tue Oct 29 2024 Troy Dawson - 3.12.6-2 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 + +* Mon Sep 09 2024 Tomáš Hrnčiar - 3.12.6-1 +- Update to 3.12.6 +Resolves: RHEL-57397 + +* Fri Aug 23 2024 Charalampos Stratakis - 3.12.5-2 +- Security fix for CVE-2024-8088 +Resolves: RHEL-55923 + +* Wed Aug 07 2024 Tomáš Hrnčiar - 3.12.5-1 +- Update to 3.12.5 +- Security fix for CVE-2024-6923 +Resolves: RHEL-53036 + +* Wed Jul 17 2024 Charalampos Stratakis - 3.12.4-4 +- Build Python with -O3 +- https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3 + +* Thu Jul 11 2024 Charalampos Stratakis - 3.12.4-3 +- Fix issues uncovered by static analysis +Resolves: RHEL-45021 + +* Thu Jul 04 2024 Tomáš Hrnčiar - 3.12.4-2 +- Require expat >= 2.6 to prevent errors when creating venvs with older expat + +* Wed Jul 03 2024 Tomáš Hrnčiar - 3.12.4-1 +- Update to 3.12.4 +Resolves: RHEL-44054 + +* Wed Jul 03 2024 Tomáš Hrnčiar - 3.12.3-1 +- Update to 3.12.3 + +* Mon Jun 24 2024 Troy Dawson - 3.12.2-8 +- Bump release for June 2024 mass rebuild + +* Tue Jun 11 2024 Charalampos Stratakis - 3.12.2-7 +- Enable importing of hash-based .pyc files under FIPS mode +Resolves: RHEL-40769 + +* Tue May 28 2024 Charalampos Stratakis - 3.12.2-6 - Support OpenSSL FIPS mode - Disable the builtin hashlib hashes except blake2 +Resolves: RHEL-39066 -* Wed Dec 20 2023 Charalampos Stratakis - 3.12.1-2 -- Disable bootstrap +* Wed Apr 24 2024 Charalampos Stratakis - 3.12.2-5 +- Add Red Hat configuration for CVE-2007-4559 +Resolves: RHEL-33847 -* Wed Dec 20 2023 Tomáš Hrnčiar - 3.12.1-1 -- Initial package -- Fedora contributions by: - Björn Esser - Bohuslav Kabrda - Charalampos Stratakis - Dan Horák - David Malcolm - Dennis Gilmore - Florian Weimer - Gwyn Ciesla - Igor Gnatenko - Iryna Shcherbina - Jaroslav Škarvada - Jason ティビツ - Kalev Lember - Karsten Hopp - Lumir Balhar - Marcel Plch - Matej Stuchlik - Michal Cyprian - Michal Toman - Miro Hrončok - Nicolas Chauvet - Orion Poplawski - Patrik Kopkan - Peter Robinson - Petr Šplíchal - Petr Viktorin - Rex Dieter - Richard W.M. Jones - Robert Kuska - Sahana Prasad - Stephen Gallagher - Than Ngo - Thomas Spura - Till Maas - Tomáš Hrnčiar - Tomas Mraz - Tomas Orsava - Tomas Radej - Toshio Kuratomi - Victor Stinner - Ville Skyttä - Yaakov Selkowitz - Zbigniew Jędrzejewski-Szmek +* Tue Apr 23 2024 Miro Hrončok - 3.12.2-4 +- Remove the nis module, drop the dependency on libnsl2 +* Thu Mar 21 2024 Miro Hrončok - 3.12.2-3 +- Fix tests for XMLPullParser with Expat 2.6.0 +- Move all test modules to the python3-test package, namely: + - __phello__ + - _xxsubinterpreters + - xxlimited + - xxlimited_35 + - xxsubtype + +* Mon Mar 04 2024 Lumír Balhar - 3.12.2-2 +- Add provides and symbolic links for compatibility with platform-python +Resolves: RHEL-27855 + +* Wed Feb 07 2024 Tomáš Hrnčiar - 3.12.2-1 +- Update to 3.12.2 + +* Fri Jan 26 2024 Fedora Release Engineering - 3.12.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 3.12.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Dec 18 2023 Lumír Balhar - 3.12.1-2 +- Security fix for CVE-2023-27043 (rhbz#2196190) + +* Fri Dec 08 2023 Tomáš Hrnčiar - 3.12.1-1 +- Update to 3.12.1 +- Own stray directories in /usr/lib64/python3.12 +- Fixes: rhbz#2252143 + +* Thu Oct 05 2023 Yaakov Selkowitz - 3.12.0-2 +- Use bundled libb2 in RHEL builds + +* Mon Oct 02 2023 Miro Hrončok - 3.12.0-1 +- Update to 3.12.0 final + +* Tue Sep 19 2023 Miro Hrončok - 3.12.0~rc3-1 +- Update to 3.12.0rc3 + +* Wed Sep 06 2023 Tomáš Hrnčiar - 3.12.0~rc2-1 +- Update to 3.12.0rc2 + +* Mon Aug 07 2023 Tomáš Hrnčiar - 3.12.0~rc1-1 +- Update to 3.12.0rc1 + +* Wed Aug 02 2023 Charalampos Stratakis - 3.12.0~b4-3 +- Remove extra distro-applied CFLAGS passed to user built C extensions +- https://fedoraproject.org/wiki/Changes/Python_Extension_Flags_Reduction + +* Fri Jul 21 2023 Fedora Release Engineering - 3.12.0~b4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jul 12 2023 Miro Hrončok - 3.12.0~b4-1 +- Update to 3.12.0b4 + +* Wed Jun 21 2023 Tomáš Hrnčiar - 3.12.0~b3-2 +- Backport upstream patch to add PyType_GetDict() function + +* Tue Jun 20 2023 Tomáš Hrnčiar - 3.12.0~b3-1 +- Update to 3.12.0b3 + +* Tue Jun 13 2023 Python Maint - 3.12.0~b2-3 +- Rebuilt for Python 3.12 + +* Tue Jun 13 2023 Python Maint - 3.12.0~b2-2 +- Bootstrap for Python 3.12 + +* Wed Jun 07 2023 Tomáš Hrnčiar - 3.12.0~b2-1 +- Update to 3.12.0b2 + +* Mon May 29 2023 Miro Hrončok - 3.12.0~b1-2 +- Use wheels from RPMs, at least on Fedora 39+ +- On older Fedora releases, declare bundled() provides and a complex License tag + +* Tue May 23 2023 Tomáš Hrnčiar - 3.12.0~b1-1 +- Update to 3.12.0b1 + +* Wed Apr 05 2023 Tomáš Hrnčiar - 3.12.0~a7-1 +- Update to 3.12.0a7 + +* Thu Mar 23 2023 Miro Hrončok - 3.12.0~a6-2 +- Increase the test timeout during package build + +* Wed Mar 08 2023 Tomáš Hrnčiar - 3.12.0~a6-1 +- Update to 3.12.0a6 + +* Wed Feb 08 2023 Tomáš Hrnčiar - 3.12.0~a5-1 +- Update to 3.12.0a5 + +* Fri Jan 20 2023 Fedora Release Engineering - 3.12.0~a4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jan 11 2023 Tomáš Hrnčiar - 3.12.0~a4-1 +- Update to 3.12.0a4 + +* Mon Dec 19 2022 Miro Hrončok - 3.12.0~a3-2 +- No longer patch the default bytecode cache invalidation policy + +* Wed Dec 07 2022 Tomáš Hrnčiar - 3.12.0~a3-1 +- Update to 3.12.0a3 + +* Tue Nov 15 2022 Tomáš Hrnčiar - 3.12.0~a2-1 +- Update to 3.12.0a2 +- Fixes: rhbz#2133847 + +* Thu Oct 27 2022 Miro Hrončok - 3.12.0~a1-2 +- Finish initial bootstrap of Python 3.12.0a1 + +* Wed Oct 26 2022 Tomáš Hrnčiar - 3.12.0~a1-1 +- Initial Python 3.12 package forked from Python 3.11 diff --git a/sources b/sources new file mode 100644 index 0000000..f1eb8d3 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (Python-3.12.9.tar.xz) = c840b14aa21e6a963d18c06ebaafb551d9c9a101b3866417e762fc4a2fde071a7a25fa257faba2956c7344bbc2413ed61690a712d26fba4d0dbeaa50e49b2574