import UBI python3.12-3.12.5-2.el8_10
This commit is contained in:
parent
28fa5f87fc
commit
f903336518
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/Python-3.12.3.tar.xz
|
||||
SOURCES/Python-3.12.5.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
3df73004a9b224d021fd397724e8bd4f9b6cc824 SOURCES/Python-3.12.3.tar.xz
|
||||
d9b83c17a717e1cbd3ab6bd14cfe3e508e6d87b2 SOURCES/Python-3.12.5.tar.xz
|
||||
|
@ -30,10 +30,10 @@ Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
|
||||
3 files changed, 71 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/Lib/site.py b/Lib/site.py
|
||||
index 924b2460d9..51b5baca93 100644
|
||||
index 924cfbecec..e2871ecc89 100644
|
||||
--- a/Lib/site.py
|
||||
+++ b/Lib/site.py
|
||||
@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None):
|
||||
@@ -398,8 +398,15 @@ def getsitepackages(prefixes=None):
|
||||
return sitepackages
|
||||
|
||||
def addsitepackages(known_paths, prefixes=None):
|
||||
|
@ -60,10 +60,10 @@ index 2e4b860b97..3066b23ee1 100644
|
||||
code = """if 1:
|
||||
import _thread
|
||||
diff --git a/Lib/threading.py b/Lib/threading.py
|
||||
index 98cb43c697..ee647f8549 100644
|
||||
index 0bba85d08a..b256e3273f 100644
|
||||
--- a/Lib/threading.py
|
||||
+++ b/Lib/threading.py
|
||||
@@ -1585,29 +1585,20 @@ def _shutdown():
|
||||
@@ -1587,29 +1587,20 @@ def _shutdown():
|
||||
|
||||
global _SHUTTING_DOWN
|
||||
_SHUTTING_DOWN = True
|
||||
|
@ -1,19 +1,24 @@
|
||||
From 73d2995223c725638d53b9cb8e1d26b82daf0874 Mon Sep 17 00:00:00 2001
|
||||
From ddd8064257a1916726b784d43f18e889ea1634f7 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <encukou@gmail.com>
|
||||
Date: Mon, 6 Mar 2023 17:24:24 +0100
|
||||
Date: Tue, 2 Jul 2024 11:40:37 +0200
|
||||
Subject: [PATCH] CVE-2007-4559, PEP-706: Add filters for tarfile extraction
|
||||
(downstream)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Add and test RHEL-specific ways of configuring the default behavior: environment
|
||||
variable and config file.
|
||||
|
||||
Co-Authored-By: Tomáš Hrnčiar <thrnciar@redhat.com>
|
||||
---
|
||||
Lib/tarfile.py | 47 +++++++++++++--
|
||||
Lib/tarfile.py | 47 +++++++++++--
|
||||
Lib/test/test_shutil.py | 2 +-
|
||||
Lib/test/test_tarfile.py | 123 ++++++++++++++++++++++++++++++++++++++-
|
||||
3 files changed, 163 insertions(+), 9 deletions(-)
|
||||
Lib/test/test_tarfile.py | 147 +++++++++++++++++++++++++++++++++++++--
|
||||
3 files changed, 185 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/Lib/tarfile.py b/Lib/tarfile.py
|
||||
index 02f5e3b..f7109f3 100755
|
||||
index e1487e3..89b6843 100755
|
||||
--- a/Lib/tarfile.py
|
||||
+++ b/Lib/tarfile.py
|
||||
@@ -71,6 +71,13 @@ __all__ = ["TarFile", "TarInfo", "is_tarfile", "TarError", "ReadError",
|
||||
@ -30,7 +35,7 @@ index 02f5e3b..f7109f3 100755
|
||||
|
||||
#---------------------------------------------------------
|
||||
# tar constants
|
||||
@@ -2217,11 +2224,41 @@ class TarFile(object):
|
||||
@@ -2218,11 +2225,41 @@ class TarFile(object):
|
||||
if filter is None:
|
||||
filter = self.extraction_filter
|
||||
if filter is None:
|
||||
@ -38,7 +43,7 @@ index 02f5e3b..f7109f3 100755
|
||||
- 'Python 3.14 will, by default, filter extracted tar '
|
||||
- + 'archives and reject files or modify their metadata. '
|
||||
- + 'Use the filter argument to control this behavior.',
|
||||
- DeprecationWarning)
|
||||
- DeprecationWarning, stacklevel=3)
|
||||
+ name = os.environ.get('PYTHON_TARFILE_EXTRACTION_FILTER')
|
||||
+ if name is None:
|
||||
+ try:
|
||||
@ -72,16 +77,16 @@ index 02f5e3b..f7109f3 100755
|
||||
+ + 'and some mode bits are cleared. '
|
||||
+ + 'See https://access.redhat.com/articles/7004769 '
|
||||
+ + 'for more details.',
|
||||
+ RuntimeWarning)
|
||||
+ RuntimeWarning, stacklevel=3)
|
||||
+ return tar_filter
|
||||
return fully_trusted_filter
|
||||
if isinstance(filter, str):
|
||||
raise TypeError(
|
||||
diff --git a/Lib/test/test_shutil.py b/Lib/test/test_shutil.py
|
||||
index 5fd8fb4..501da8f 100644
|
||||
index 7bc5d12..88b4bdb 100644
|
||||
--- a/Lib/test/test_shutil.py
|
||||
+++ b/Lib/test/test_shutil.py
|
||||
@@ -1950,7 +1950,7 @@ class TestArchives(BaseTest, unittest.TestCase):
|
||||
@@ -2096,7 +2096,7 @@ class TestArchives(BaseTest, unittest.TestCase):
|
||||
self.check_unpack_archive(format, filter='fully_trusted')
|
||||
self.check_unpack_archive(format, filter='data')
|
||||
with warnings_helper.check_warnings(
|
||||
@ -91,10 +96,48 @@ index 5fd8fb4..501da8f 100644
|
||||
|
||||
def test_unpack_archive_tar(self):
|
||||
diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
|
||||
index c5fc76d..397e334 100644
|
||||
index 3fbd25e..9aa727e 100644
|
||||
--- a/Lib/test/test_tarfile.py
|
||||
+++ b/Lib/test/test_tarfile.py
|
||||
@@ -3097,8 +3097,8 @@ class NoneInfoExtractTests(ReadTest):
|
||||
@@ -727,7 +727,17 @@ class MiscReadTestBase(CommonReadTest):
|
||||
tarfile.open(tarname, encoding="iso8859-1") as tar
|
||||
):
|
||||
directories = [t for t in tar if t.isdir()]
|
||||
- with self.assertWarnsRegex(DeprecationWarning, "Use the filter argument") as cm:
|
||||
+ with self.assertWarnsRegex(
|
||||
+ RuntimeWarning,
|
||||
+ re.escape(
|
||||
+ 'The default behavior of tarfile extraction has been '
|
||||
+ 'changed to disallow common exploits '
|
||||
+ '(including CVE-2007-4559). '
|
||||
+ 'By default, absolute/parent paths are disallowed '
|
||||
+ 'and some mode bits are cleared. '
|
||||
+ 'See https://access.redhat.com/articles/7004769 '
|
||||
+ 'for more details.'
|
||||
+ )) as cm:
|
||||
tar.extractall(DIR, directories)
|
||||
# check that the stacklevel of the deprecation warning is correct:
|
||||
self.assertEqual(cm.filename, __file__)
|
||||
@@ -740,7 +750,17 @@ class MiscReadTestBase(CommonReadTest):
|
||||
tarfile.open(tarname, encoding="iso8859-1") as tar
|
||||
):
|
||||
tarinfo = tar.getmember(dirtype)
|
||||
- with self.assertWarnsRegex(DeprecationWarning, "Use the filter argument") as cm:
|
||||
+ with self.assertWarnsRegex(
|
||||
+ RuntimeWarning,
|
||||
+ re.escape(
|
||||
+ 'The default behavior of tarfile extraction has been '
|
||||
+ 'changed to disallow common exploits '
|
||||
+ '(including CVE-2007-4559). '
|
||||
+ 'By default, absolute/parent paths are disallowed '
|
||||
+ 'and some mode bits are cleared. '
|
||||
+ 'See https://access.redhat.com/articles/7004769 '
|
||||
+ 'for more details.'
|
||||
+ )) as cm:
|
||||
tar.extract(tarinfo, path=DIR)
|
||||
# check that the stacklevel of the deprecation warning is correct:
|
||||
self.assertEqual(cm.filename, __file__)
|
||||
@@ -3144,8 +3164,8 @@ class NoneInfoExtractTests(ReadTest):
|
||||
tar.errorlevel = 0
|
||||
with ExitStack() as cm:
|
||||
if cls.extraction_filter is None:
|
||||
@ -105,7 +148,7 @@ index c5fc76d..397e334 100644
|
||||
tar.extractall(cls.control_dir, filter=cls.extraction_filter)
|
||||
tar.close()
|
||||
cls.control_paths = set(
|
||||
@@ -3919,7 +3919,7 @@ class TestExtractionFilters(unittest.TestCase):
|
||||
@@ -3966,7 +3986,7 @@ class TestExtractionFilters(unittest.TestCase):
|
||||
with ArchiveMaker() as arc:
|
||||
arc.add('foo')
|
||||
with warnings_helper.check_warnings(
|
||||
@ -114,7 +157,7 @@ index c5fc76d..397e334 100644
|
||||
with self.check_context(arc.open(), None):
|
||||
self.expect_file('foo')
|
||||
|
||||
@@ -4089,6 +4089,123 @@ class TestExtractionFilters(unittest.TestCase):
|
||||
@@ -4136,6 +4156,123 @@ class TestExtractionFilters(unittest.TestCase):
|
||||
self.expect_exception(TypeError) # errorlevel is not int
|
||||
|
||||
|
||||
@ -239,5 +282,5 @@ index c5fc76d..397e334 100644
|
||||
testdir = os.path.join(TEMPDIR, "testoverwrite")
|
||||
|
||||
--
|
||||
2.43.0
|
||||
2.44.0
|
||||
|
||||
|
@ -19,7 +19,7 @@ Co-Authored-By: Thomas Dwyer <github@tomd.tel>
|
||||
create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst
|
||||
|
||||
diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst
|
||||
index 345b64001c..d693a9bc39 100644
|
||||
index 6ba42491d6..6bd45200d8 100644
|
||||
--- a/Doc/library/email.utils.rst
|
||||
+++ b/Doc/library/email.utils.rst
|
||||
@@ -58,13 +58,18 @@ of the new API.
|
||||
@ -72,7 +72,7 @@ index 345b64001c..d693a9bc39 100644
|
||||
.. function:: parsedate(date)
|
||||
|
||||
diff --git a/Lib/email/utils.py b/Lib/email/utils.py
|
||||
index aa949aa933..af2fb14754 100644
|
||||
index 1de547a011..e53abc8b84 100644
|
||||
--- a/Lib/email/utils.py
|
||||
+++ b/Lib/email/utils.py
|
||||
@@ -48,6 +48,7 @@
|
||||
@ -255,7 +255,7 @@ index aa949aa933..af2fb14754 100644
|
||||
|
||||
|
||||
diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py
|
||||
index a373c53c7c..c616398eb1 100644
|
||||
index fc8d87974e..ef8aa0d53c 100644
|
||||
--- a/Lib/test/test_email/test_email.py
|
||||
+++ b/Lib/test/test_email/test_email.py
|
||||
@@ -16,6 +16,7 @@
|
||||
|
@ -1,28 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Karolina Surma <ksurma@redhat.com>
|
||||
Date: Wed, 10 Apr 2024 15:35:04 +0200
|
||||
Subject: [PATCH] 00425: Only check for 'test/wheeldata' when it's actually
|
||||
used
|
||||
|
||||
We build Python in Fedora 39+ with option `--with-wheel-pkg-dir`
|
||||
pointing to a custom wheel directory and delete the contents of
|
||||
upstream's `test/wheeldata`. Don't include the directory in the test set
|
||||
if the wheels are used from a different location.
|
||||
---
|
||||
Lib/test/test_tools/test_makefile.py | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/Lib/test/test_tools/test_makefile.py b/Lib/test/test_tools/test_makefile.py
|
||||
index 17a1a6d0d3..9ce874033d 100644
|
||||
--- a/Lib/test/test_tools/test_makefile.py
|
||||
+++ b/Lib/test/test_tools/test_makefile.py
|
||||
@@ -66,6 +66,9 @@ def test_makefile_test_folders(self):
|
||||
)
|
||||
used.append(relpath)
|
||||
|
||||
+ if sysconfig.get_config_var('WHEEL_PKG_DIR'):
|
||||
+ test_dirs.remove('test/wheeldata')
|
||||
+
|
||||
# Check that there are no extra entries:
|
||||
unique_test_dirs = set(test_dirs)
|
||||
self.assertSetEqual(unique_test_dirs, set(used))
|
@ -0,0 +1,121 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: "Miss Islington (bot)"
|
||||
<31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Mon, 12 Aug 2024 02:35:17 +0200
|
||||
Subject: [PATCH] 00436: [CVE-2024-8088] gh-122905: Sanitize names in
|
||||
zipfile.Path.
|
||||
|
||||
---
|
||||
Lib/test/test_zipfile/_path/test_path.py | 17 +++++
|
||||
Lib/zipfile/_path/__init__.py | 64 ++++++++++++++++++-
|
||||
...-08-11-14-08-04.gh-issue-122905.7tDsxA.rst | 1 +
|
||||
3 files changed, 81 insertions(+), 1 deletion(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
|
||||
|
||||
diff --git a/Lib/test/test_zipfile/_path/test_path.py b/Lib/test/test_zipfile/_path/test_path.py
|
||||
index 06d5aab69b..90885dbbe3 100644
|
||||
--- a/Lib/test/test_zipfile/_path/test_path.py
|
||||
+++ b/Lib/test/test_zipfile/_path/test_path.py
|
||||
@@ -577,3 +577,20 @@ def test_getinfo_missing(self, alpharep):
|
||||
zipfile.Path(alpharep)
|
||||
with self.assertRaises(KeyError):
|
||||
alpharep.getinfo('does-not-exist')
|
||||
+
|
||||
+ def test_malformed_paths(self):
|
||||
+ """
|
||||
+ Path should handle malformed paths.
|
||||
+ """
|
||||
+ data = io.BytesIO()
|
||||
+ zf = zipfile.ZipFile(data, "w")
|
||||
+ zf.writestr("/one-slash.txt", b"content")
|
||||
+ zf.writestr("//two-slash.txt", b"content")
|
||||
+ zf.writestr("../parent.txt", b"content")
|
||||
+ zf.filename = ''
|
||||
+ root = zipfile.Path(zf)
|
||||
+ assert list(map(str, root.iterdir())) == [
|
||||
+ 'one-slash.txt',
|
||||
+ 'two-slash.txt',
|
||||
+ 'parent.txt',
|
||||
+ ]
|
||||
diff --git a/Lib/zipfile/_path/__init__.py b/Lib/zipfile/_path/__init__.py
|
||||
index 78c413563b..42f9fded21 100644
|
||||
--- a/Lib/zipfile/_path/__init__.py
|
||||
+++ b/Lib/zipfile/_path/__init__.py
|
||||
@@ -83,7 +83,69 @@ def __setstate__(self, state):
|
||||
super().__init__(*args, **kwargs)
|
||||
|
||||
|
||||
-class CompleteDirs(InitializedState, zipfile.ZipFile):
|
||||
+class SanitizedNames:
|
||||
+ """
|
||||
+ ZipFile mix-in to ensure names are sanitized.
|
||||
+ """
|
||||
+
|
||||
+ def namelist(self):
|
||||
+ return list(map(self._sanitize, super().namelist()))
|
||||
+
|
||||
+ @staticmethod
|
||||
+ def _sanitize(name):
|
||||
+ r"""
|
||||
+ Ensure a relative path with posix separators and no dot names.
|
||||
+
|
||||
+ Modeled after
|
||||
+ https://github.com/python/cpython/blob/bcc1be39cb1d04ad9fc0bd1b9193d3972835a57c/Lib/zipfile/__init__.py#L1799-L1813
|
||||
+ but provides consistent cross-platform behavior.
|
||||
+
|
||||
+ >>> san = SanitizedNames._sanitize
|
||||
+ >>> san('/foo/bar')
|
||||
+ 'foo/bar'
|
||||
+ >>> san('//foo.txt')
|
||||
+ 'foo.txt'
|
||||
+ >>> san('foo/.././bar.txt')
|
||||
+ 'foo/bar.txt'
|
||||
+ >>> san('foo../.bar.txt')
|
||||
+ 'foo../.bar.txt'
|
||||
+ >>> san('\\foo\\bar.txt')
|
||||
+ 'foo/bar.txt'
|
||||
+ >>> san('D:\\foo.txt')
|
||||
+ 'D/foo.txt'
|
||||
+ >>> san('\\\\server\\share\\file.txt')
|
||||
+ 'server/share/file.txt'
|
||||
+ >>> san('\\\\?\\GLOBALROOT\\Volume3')
|
||||
+ '?/GLOBALROOT/Volume3'
|
||||
+ >>> san('\\\\.\\PhysicalDrive1\\root')
|
||||
+ 'PhysicalDrive1/root'
|
||||
+
|
||||
+ Retain any trailing slash.
|
||||
+ >>> san('abc/')
|
||||
+ 'abc/'
|
||||
+
|
||||
+ Raises a ValueError if the result is empty.
|
||||
+ >>> san('../..')
|
||||
+ Traceback (most recent call last):
|
||||
+ ...
|
||||
+ ValueError: Empty filename
|
||||
+ """
|
||||
+
|
||||
+ def allowed(part):
|
||||
+ return part and part not in {'..', '.'}
|
||||
+
|
||||
+ # Remove the drive letter.
|
||||
+ # Don't use ntpath.splitdrive, because that also strips UNC paths
|
||||
+ bare = re.sub('^([A-Z]):', r'\1', name, flags=re.IGNORECASE)
|
||||
+ clean = bare.replace('\\', '/')
|
||||
+ parts = clean.split('/')
|
||||
+ joined = '/'.join(filter(allowed, parts))
|
||||
+ if not joined:
|
||||
+ raise ValueError("Empty filename")
|
||||
+ return joined + '/' * name.endswith('/')
|
||||
+
|
||||
+
|
||||
+class CompleteDirs(InitializedState, SanitizedNames, zipfile.ZipFile):
|
||||
"""
|
||||
A ZipFile subclass that ensures that implied directories
|
||||
are always included in the namelist.
|
||||
diff --git a/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
|
||||
new file mode 100644
|
||||
index 0000000000..1be44c906c
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
|
||||
@@ -0,0 +1 @@
|
||||
+:class:`zipfile.Path` objects now sanitize names from the zipfile.
|
@ -1,18 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmYVDdNfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
|
||||
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
|
||||
YwU8Vg//aP8bxzPTDIM9Af1LLJj5LNLIuZOl5QysWQVbakoCpS8Z8ZiK3LyzGi7H
|
||||
pQ5uJEnRjhULnOi+va2TPBDqiYvY1CkVizYzmUe1dMtzHdJUBE1TzybfON02JzPD
|
||||
62oDHxUC1hvITyLE8tjnsgBuP9bbYYHnS+qqmDgBWS1M60i4bqcBiSdlWZp7ZTI4
|
||||
KIxIy9eyNujHnNQrQQ1oqIoj7ty1Hrtkfqia/3cVq7rkQT8HecBIW0K82WuIXizm
|
||||
/Ua/TQslTJsypslFYpoJBoIkWG2nk7RhJvfU5iLxQHen6cr7JOUo/u3jv0DIJyJs
|
||||
LdBWG6noTIiqKJb65UswLUxexM5f3Y7gLEZ4FCqlbAOAPG16xwwC8Xd7LIF33cHK
|
||||
133BvYCkwdl0MCpmsQuxi8i6Kql0MaEqJ9MEj6UN66ZJVpRx8hOm2FtZGhn5ZNxx
|
||||
r5C2zXGw/IjXeS01wgD8cSRVA0XJdN4bu88vmvhqMuezg3CDF5bX85isoFUaLUjS
|
||||
c5Lv1HNrqPiaWHOctnvzasy0djpwze+WCzsXFMI6VfejPpYwNlhmnxS7i3R9A4RK
|
||||
gBwViMd5q5rwx365tCfRfGcBW6OOvrHZalhSGYmUw13sBarFliW9CvN4ghN9kWbN
|
||||
YQwSggf5KD6v5mAAyReMrOJTyBG6B5hMlxKai5CzbRLlG25T2wI=
|
||||
=ZQxz
|
||||
-----END PGP SIGNATURE-----
|
18
SOURCES/Python-3.12.5.tar.xz.asc
Normal file
18
SOURCES/Python-3.12.5.tar.xz.asc
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmayiFtfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
|
||||
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
|
||||
YwUr4g//VyVs9tvbtiSp8pGe8f1gYErEw54r124sL/CBuNii8Irts1j5ymGxcm+l
|
||||
hshPK5UlqRnhd5dCJWFTvLTXa5Ko2R1L3JyyxfGd1hmDuMhrWsDHijI0R7L/mGM5
|
||||
6X2LTaadBVNvk8HaNKvR8SEWvo68rdnOuYElFA9ir7uqwjO26ZWz9FfH80YDGwo8
|
||||
Blef2NYw8rNhiaZMFV0HYV7D+YyUAZnFNfW8M7Fd4oskUyj1tD9J89T9FFLYN09d
|
||||
BcCIf+EdiEfqRpKxH89bW2g52kDrm4jYGONtpyF8eruyS3YwYSbvbuWioBYKmlxC
|
||||
s51mieXz6G325GTZnmPxLek3ywPv6Gil9y0wH3fIr2BsWsmXust4LBpjDGt56Fy6
|
||||
seokGBg8xzsBSk3iEqNoFmNsy/QOiuCcDejX4XqBDNodOlETQPJb07TkTI2iOmg9
|
||||
NG4Atiz1HvGVxK68UuK9IIcNHyaWUmH8h4VQFGvc6KV6feP5Nm21Y12PZ5XIqJBO
|
||||
Y8M/VJIJ5koaNPQfnBbbI5YBkUr4BVpIXIpY5LM/L5sUo2C3R7hMi0VGK88HGfSQ
|
||||
KV4JmZgf6RMBNmrWY12sryS1QQ6q3P110GTUGQWB3sxxNbhmfcrK+4viqHc83yDz
|
||||
ifmk33HuqaQGU7OzUMHeNcoCJIPo3H1FpoHOn9wLLCtA1pT+as4=
|
||||
=t0Rk
|
||||
-----END PGP SIGNATURE-----
|
@ -16,7 +16,7 @@ URL: https://www.python.org/
|
||||
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
%global general_version %{pybasever}.3
|
||||
%global general_version %{pybasever}.5
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
@ -65,37 +65,31 @@ License: Python-2.0.1
|
||||
# If the rpmwheels condition is disabled, we use the bundled wheel packages
|
||||
# from Python with the versions below.
|
||||
# This needs to be manually updated when we update Python.
|
||||
%global pip_version 24.0
|
||||
%global pip_version 24.2
|
||||
%global setuptools_version 67.6.1
|
||||
%global wheel_version 0.40.0
|
||||
# All of those also include a list of indirect bundled libs:
|
||||
# pip
|
||||
# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt)
|
||||
%global pip_bundled_provides %{expand:
|
||||
Provides: bundled(python3dist(cachecontrol)) = 0.13.1
|
||||
Provides: bundled(python3dist(certifi)) = 2023.7.22
|
||||
Provides: bundled(python3dist(chardet)) = 5.1
|
||||
Provides: bundled(python3dist(colorama)) = 0.4.6
|
||||
Provides: bundled(python3dist(cachecontrol)) = 0.14
|
||||
Provides: bundled(python3dist(certifi)) = 2024.7.4
|
||||
Provides: bundled(python3dist(distlib)) = 0.3.8
|
||||
Provides: bundled(python3dist(distro)) = 1.8
|
||||
Provides: bundled(python3dist(idna)) = 3.4
|
||||
Provides: bundled(python3dist(msgpack)) = 1.0.5
|
||||
Provides: bundled(python3dist(packaging)) = 21.3
|
||||
Provides: bundled(python3dist(platformdirs)) = 3.8.1
|
||||
Provides: bundled(python3dist(pygments)) = 2.15.1
|
||||
Provides: bundled(python3dist(pyparsing)) = 3.1
|
||||
Provides: bundled(python3dist(distro)) = 1.9
|
||||
Provides: bundled(python3dist(idna)) = 3.7
|
||||
Provides: bundled(python3dist(msgpack)) = 1.0.8
|
||||
Provides: bundled(python3dist(packaging)) = 24.1
|
||||
Provides: bundled(python3dist(platformdirs)) = 4.2.2
|
||||
Provides: bundled(python3dist(pygments)) = 2.18
|
||||
Provides: bundled(python3dist(pyproject-hooks)) = 1
|
||||
Provides: bundled(python3dist(requests)) = 2.31
|
||||
Provides: bundled(python3dist(requests)) = 2.32.3
|
||||
Provides: bundled(python3dist(resolvelib)) = 1.0.1
|
||||
Provides: bundled(python3dist(rich)) = 13.4.2
|
||||
Provides: bundled(python3dist(setuptools)) = 68
|
||||
Provides: bundled(python3dist(six)) = 1.16
|
||||
Provides: bundled(python3dist(tenacity)) = 8.2.2
|
||||
Provides: bundled(python3dist(rich)) = 13.7.1
|
||||
Provides: bundled(python3dist(setuptools)) = 70.3
|
||||
Provides: bundled(python3dist(tomli)) = 2.0.1
|
||||
Provides: bundled(python3dist(truststore)) = 0.8
|
||||
Provides: bundled(python3dist(typing-extensions)) = 4.7.1
|
||||
Provides: bundled(python3dist(urllib3)) = 1.26.17
|
||||
Provides: bundled(python3dist(webencodings)) = 0.5.1
|
||||
Provides: bundled(python3dist(truststore)) = 0.9.1
|
||||
Provides: bundled(python3dist(typing-extensions)) = 4.12.2
|
||||
Provides: bundled(python3dist(urllib3)) = 1.26.18
|
||||
}
|
||||
# setuptools
|
||||
# vendor.txt files not in .whl
|
||||
@ -200,6 +194,13 @@ Provides: bundled(python3dist(packaging)) = 23
|
||||
%global py_INSTSONAME_optimized libpython%{LDVERSION_optimized}.so.%{py_SOVERSION}
|
||||
%global py_INSTSONAME_debug libpython%{LDVERSION_debug}.so.%{py_SOVERSION}
|
||||
|
||||
# The -O flag for the compiler, optimized builds
|
||||
# https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3
|
||||
%global optflags_optimized -O3
|
||||
# The -O flag for the compiler, debug builds
|
||||
# -Wno-cpp avoids some warnings with -O0
|
||||
%global optflags_debug -O0 -Wno-cpp
|
||||
|
||||
# Disable automatic bytecompilation. The python3 binary is not yet be
|
||||
# available in /usr/bin when Python is built. Also, the bytecompilation fails
|
||||
# on files that test invalid syntax.
|
||||
@ -397,14 +398,9 @@ Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-par
|
||||
# CVE-2023-52425. Future versions of Expat may be more reactive.
|
||||
Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
|
||||
|
||||
# 00425 # a563ac3076a00f0f48b3f94ff63d91d37cb4f1e9
|
||||
# Only check for 'test/wheeldata' when it's actually used
|
||||
#
|
||||
# We build Python in Fedora 39+ with option `--with-wheel-pkg-dir`
|
||||
# pointing to a custom wheel directory and delete the contents of
|
||||
# upstream's `test/wheeldata`. Don't include the directory in the test set
|
||||
# if the wheels are used from a different location.
|
||||
Patch425: 00425-only-check-for-test-wheeldata-when-it-s-actually-used.patch
|
||||
# 00436 # c76cc2aa3a2c30375ade4859b732ada851cc89ed
|
||||
# [CVE-2024-8088] gh-122905: Sanitize names in zipfile.Path.
|
||||
Patch436: 00436-cve-2024-8088-gh-122905-sanitize-names-in-zipfile-path.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
@ -852,6 +848,7 @@ BuildPython() {
|
||||
ConfName=$1
|
||||
ExtraConfigArgs=$2
|
||||
MoreCFlags=$3
|
||||
MoreCFlagsNodist=$4
|
||||
|
||||
# Each build is done in its own directory
|
||||
ConfDir=build/$ConfName
|
||||
@ -891,7 +888,7 @@ BuildPython() {
|
||||
$ExtraConfigArgs \
|
||||
%{nil}
|
||||
|
||||
%global flags_override EXTRA_CFLAGS="$MoreCFlags" CFLAGS_NODIST="$CFLAGS_NODIST $MoreCFlags"
|
||||
%global flags_override EXTRA_CFLAGS="$MoreCFlags" CFLAGS_NODIST="$CFLAGS_NODIST $MoreCFlags $MoreCFlagsNodist"
|
||||
|
||||
%if %{without bootstrap}
|
||||
# Regenerate generated files (needs python3)
|
||||
@ -914,12 +911,14 @@ BuildPython() {
|
||||
# See also: https://bugzilla.redhat.com/show_bug.cgi?id=1818857
|
||||
BuildPython debug \
|
||||
"--without-ensurepip --with-pydebug" \
|
||||
"-O0 -Wno-cpp"
|
||||
"%{optflags_debug}" \
|
||||
""
|
||||
%endif # with debug_build
|
||||
|
||||
BuildPython optimized \
|
||||
"--without-ensurepip %{optimizations_flag}" \
|
||||
""
|
||||
"" \
|
||||
"%{optflags_optimized}"
|
||||
|
||||
# ======================================================
|
||||
# Installing the built code:
|
||||
@ -1024,7 +1023,7 @@ EOF
|
||||
%if %{with debug_build}
|
||||
InstallPython debug \
|
||||
%{py_INSTSONAME_debug} \
|
||||
-O0 \
|
||||
"%{optflags_debug}" \
|
||||
%{LDVERSION_debug}
|
||||
%endif # with debug_build
|
||||
|
||||
@ -1893,6 +1892,26 @@ fi
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Fri Aug 23 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.5-2
|
||||
- Security fix for CVE-2024-8088
|
||||
Resolves: RHEL-55939
|
||||
|
||||
* Wed Aug 07 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.12.5-1
|
||||
- Update to 3.12.5
|
||||
- Security fix for CVE-2024-6923
|
||||
Resolves: RHEL-53075
|
||||
|
||||
* Thu Jul 25 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.4-3
|
||||
- Properly propagate the optimization flags to C extensions
|
||||
|
||||
* Wed Jul 17 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.4-2
|
||||
- Build Python with -O3
|
||||
- https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3
|
||||
|
||||
* Fri Jun 28 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.12.4-1
|
||||
- Update to 3.12.4
|
||||
Resolves: RHEL-44074
|
||||
|
||||
* Tue Jun 11 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.3-2
|
||||
- Enable importing of hash-based .pyc files under FIPS mode
|
||||
Resolves: RHEL-40776
|
||||
|
Loading…
Reference in New Issue
Block a user