diff --git a/00251-change-user-install-location.patch b/00251-change-user-install-location.patch index 1622e53..dc29bca 100644 --- a/00251-change-user-install-location.patch +++ b/00251-change-user-install-location.patch @@ -30,10 +30,10 @@ Co-authored-by: Lumír Balhar 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/Lib/site.py b/Lib/site.py -index 672fa7b000..0a9c5be53e 100644 +index 924b2460d9..51b5baca93 100644 --- a/Lib/site.py +++ b/Lib/site.py -@@ -377,8 +377,15 @@ def getsitepackages(prefixes=None): +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): return sitepackages def addsitepackages(known_paths, prefixes=None): diff --git a/00329-fips.patch b/00329-fips.patch index 5cda8e7..8a7780f 100644 --- a/00329-fips.patch +++ b/00329-fips.patch @@ -750,7 +750,7 @@ index 8b4f920..20ef96c 100644 raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).__name__) if not digestmod: - raise TypeError("Missing required parameter 'digestmod'.") + raise TypeError("Missing required argument 'digestmod'.") - if _hashopenssl and isinstance(digestmod, (str, _functype)): + if _hashopenssl.get_fips_mode() or (_hashopenssl and isinstance(digestmod, (str, _functype))): diff --git a/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch b/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch index 5603025..7146a82 100644 --- a/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch +++ b/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch @@ -16,10 +16,10 @@ https://github.com/GrahamDumpleton/mod_wsgi/issues/730 2 files changed, 8 insertions(+), 50 deletions(-) diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py -index 756d5e329f..5d09775efc 100644 +index 00d9e591c7..3314319fec 100644 --- a/Lib/test/test_threading.py +++ b/Lib/test/test_threading.py -@@ -1007,39 +1007,6 @@ def noop(): pass +@@ -1089,39 +1089,6 @@ def noop(): pass threading.Thread(target=noop).start() # Thread.join() is not called @@ -60,10 +60,10 @@ index 756d5e329f..5d09775efc 100644 code = """if 1: import atexit diff --git a/Lib/threading.py b/Lib/threading.py -index 8dcaf8ca6a..ed0b0f4632 100644 +index 98cb43c697..ee647f8549 100644 --- a/Lib/threading.py +++ b/Lib/threading.py -@@ -1586,29 +1586,20 @@ def _shutdown(): +@@ -1585,29 +1585,20 @@ def _shutdown(): global _SHUTTING_DOWN _SHUTTING_DOWN = True diff --git a/00397-tarfile-filter.patch b/00397-tarfile-filter.patch index 3ef4d59..3ead891 100644 --- a/00397-tarfile-filter.patch +++ b/00397-tarfile-filter.patch @@ -235,9 +235,9 @@ index c5fc76d..397e334 100644 + self.check_trusted_default(tar, tempdir) + + - def setUpModule(): - os_helper.unlink(TEMPDIR) - os.makedirs(TEMPDIR) + class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase): + testdir = os.path.join(TEMPDIR, "testoverwrite") + -- 2.43.0 diff --git a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch index e77ddd8..352fef8 100644 --- a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +++ b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch @@ -72,7 +72,7 @@ index 345b64001c..d693a9bc39 100644 .. function:: parsedate(date) diff --git a/Lib/email/utils.py b/Lib/email/utils.py -index 81da5394ea..43c3627fca 100644 +index aa949aa933..af2fb14754 100644 --- a/Lib/email/utils.py +++ b/Lib/email/utils.py @@ -48,6 +48,7 @@ @@ -81,7 +81,7 @@ index 81da5394ea..43c3627fca 100644 + def _has_surrogates(s): - """Return True if s contains surrogate-escaped binary data.""" + """Return True if s may contain surrogate-escaped binary data.""" # This check is based on the fact that unless there are surrogates, utf8 @@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): return address diff --git a/00418-don-t-generate-sbom-in-make-regen-all.patch b/00418-don-t-generate-sbom-in-make-regen-all.patch new file mode 100644 index 0000000..d41da28 --- /dev/null +++ b/00418-don-t-generate-sbom-in-make-regen-all.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Thu, 8 Feb 2024 15:53:26 +0100 +Subject: [PATCH] 00418: Don't generate sbom in make regen-all +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The script and make target, added in Python 3.12.2, assumes a fixed +location of pip wheel and other bundled libraries, resulting in an +error and failed build when not found. +Reported upstream: https://github.com/python/cpython/issues/114240 +and https://github.com/python/cpython/issues/114244 + +Co-Authored-By: Tomáš Hrnčiar +--- + Makefile.pre.in | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/Makefile.pre.in b/Makefile.pre.in +index dd5e69f7ab..40097647b5 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -1320,9 +1320,10 @@ regen-limited-abi: all + regen-all: regen-cases regen-opcode regen-opcode-targets regen-typeslots \ + regen-token regen-ast regen-keyword regen-sre regen-frozen \ + regen-pegen-metaparser regen-pegen regen-test-frozenmain \ +- regen-test-levenshtein regen-global-objects regen-sbom ++ regen-test-levenshtein regen-global-objects + @echo +- @echo "Note: make regen-stdlib-module-names and make regen-configure should be run manually" ++ @echo "Note: make regen-stdlib-module-names, make regen-configure and make regen-sbom " ++ @echo "should be run manually" + + ############################################################################ + # Special rules for object files diff --git a/python3.12.spec b/python3.12.spec index 5ce84bd..60d2071 100644 --- a/python3.12.spec +++ b/python3.12.spec @@ -16,12 +16,12 @@ URL: https://www.python.org/ # WARNING When rebasing to a new Python version, # remember to update the python3-docs package as well -%global general_version %{pybasever}.1 +%global general_version %{pybasever}.2 #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 4%{?dist} -License: Python +Release: 1%{?dist} +License: Python-2.0.1 # ================================== @@ -65,18 +65,18 @@ License: Python # If the rpmwheels condition is disabled, we use the bundled wheel packages # from Python with the versions below. # This needs to be manually updated when we update Python. -%global pip_version 23.2.1 +%global pip_version 24.0 %global setuptools_version 67.6.1 %global wheel_version 0.40.0 # All of those also include a list of indirect bundled libs: # pip # $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) %global pip_bundled_provides %{expand: -Provides: bundled(python3dist(cachecontrol)) = 0.12.11 -Provides: bundled(python3dist(certifi)) = 2023.5.7 +Provides: bundled(python3dist(cachecontrol)) = 0.13.1 +Provides: bundled(python3dist(certifi)) = 2023.7.22 Provides: bundled(python3dist(chardet)) = 5.1 Provides: bundled(python3dist(colorama)) = 0.4.6 -Provides: bundled(python3dist(distlib)) = 0.3.6 +Provides: bundled(python3dist(distlib)) = 0.3.8 Provides: bundled(python3dist(distro)) = 1.8 Provides: bundled(python3dist(idna)) = 3.4 Provides: bundled(python3dist(msgpack)) = 1.0.5 @@ -92,8 +92,9 @@ Provides: bundled(python3dist(setuptools)) = 68 Provides: bundled(python3dist(six)) = 1.16 Provides: bundled(python3dist(tenacity)) = 8.2.2 Provides: bundled(python3dist(tomli)) = 2.0.1 +Provides: bundled(python3dist(truststore)) = 0.8 Provides: bundled(python3dist(typing-extensions)) = 4.7.1 -Provides: bundled(python3dist(urllib3)) = 1.26.16 +Provides: bundled(python3dist(urllib3)) = 1.26.17 Provides: bundled(python3dist(webencodings)) = 0.5.1 } # setuptools @@ -115,7 +116,7 @@ Provides: bundled(python3dist(typing-extensions)) = 4.4 Provides: bundled(python3dist(zipp)) = 3.7 } # wheel -# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheel-*.whl wheel/vendored/vendor.txt) +# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheeldata/wheel-*.whl wheel/vendored/vendor.txt) %global wheel_bundled_provides %{expand: Provides: bundled(python3dist(packaging)) = 23 } @@ -389,6 +390,16 @@ Patch397: 00397-tarfile-filter.patch # Thomas Dwyer. Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +# 00418 # 153905265371131e1227ace0dfef34a5c5efde59 +# Don't generate sbom in make regen-all +# +# The script and make target, added in Python 3.12.2, assumes a fixed +# location of pip wheel and other bundled libraries, resulting in an +# error and failed build when not found. +# Reported upstream: https://github.com/python/cpython/issues/114240 +# and https://github.com/python/cpython/issues/114244 +Patch418: 00418-don-t-generate-sbom-in-make-regen-all.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -755,8 +766,8 @@ If you want to build an RPM against the python%{pyshortver} module, you need to %if %{with rpmwheels} rm Lib/ensurepip/_bundled/pip-%{pip_version}-py3-none-any.whl -rm Lib/test/setuptools-%{setuptools_version}-py3-none-any.whl -rm Lib/test/wheel-%{wheel_version}-py3-none-any.whl +rm Lib/test/wheeldata/setuptools-%{setuptools_version}-py3-none-any.whl +rm Lib/test/wheeldata/wheel-%{wheel_version}-py3-none-any.whl %endif # Remove all exe files to ensure we are not shipping prebuilt binaries @@ -1876,6 +1887,10 @@ fi # ====================================================== %changelog +* Fri May 03 2024 Lumír Balhar - 3.12.2-1 +- Update to 3.12.2 +Resolves: RHEL-33685 + * Mon Feb 19 2024 Charalampos Stratakis - 3.12.1-4 - Add Red Hat configuration for CVE-2007-4559 diff --git a/sources b/sources index b9328ce..2c3fe1d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (Python-3.12.1.tar.xz) = 44cf06b89ade692d87ca3105d8e3de5c7ce3f5fb318690fff513cf56f909ff5e0d0f6a0b22ae270b12e1fe3051b1bde3ec786506ec87c810b1d02e92e45dff07 -SHA512 (Python-3.12.1.tar.xz.asc) = 1c85237b5921fbf940ded4e038d99c8d02682fcb357b5de761eb5bebf94142b308a11654fc6312129663727e2ce1f546fbb5a5a3747d7dc02fc7dced9cb968fd +SHA512 (Python-3.12.2.tar.xz) = 2ccfae7b9f95d8e15ea85d3f66eea5f6a8fdcaffc0b405095fecb33efc0df50b831c1215542910ced948b54e6de1f7242b0b8b9afc5f89079451c552430d7d9f +SHA512 (Python-3.12.2.tar.xz.asc) = fb477acb49864a662b1586db79e80fd8ebab85d4e5e14acd3bfb5afc3dbe8d6b9bf97eb518dfb77662e27040d400f451ed7575fe1264a6cc0d9feb06e4f2dc84