Compare commits
5 Commits
ebaab7ae1e
...
9dd7f8a0e5
Author | SHA1 | Date |
---|---|---|
Tomáš Hrnčiar | 9dd7f8a0e5 | |
Miro Hrončok | 9df59a4c8b | |
Lumir Balhar | 3d6c7f0451 | |
Tomáš Hrnčiar | d33666c7bb | |
Charalampos Stratakis | 307cfce683 |
|
@ -0,0 +1,2 @@
|
|||
3df73004a9b224d021fd397724e8bd4f9b6cc824 Python-3.12.3.tar.xz
|
||||
a02c000e85f7a1acd7eaa4db66654833ea68c047 Python-3.12.3.tar.xz.asc
|
|
@ -30,10 +30,10 @@ Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
|
|||
3 files changed, 71 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/Lib/site.py b/Lib/site.py
|
||||
index 672fa7b000..0a9c5be53e 100644
|
||||
index 924b2460d9..51b5baca93 100644
|
||||
--- a/Lib/site.py
|
||||
+++ b/Lib/site.py
|
||||
@@ -377,8 +377,15 @@ def getsitepackages(prefixes=None):
|
||||
@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None):
|
||||
return sitepackages
|
||||
|
||||
def addsitepackages(known_paths, prefixes=None):
|
||||
|
@ -129,7 +129,7 @@ index 122d441bd1..2d354a11da 100644
|
|||
# On Windows we want to substitute 'lib' for schemes rather
|
||||
# than the native value (without modifying vars, in case it
|
||||
diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
|
||||
index b6dbf3d52c..4f06a7673c 100644
|
||||
index 1137c2032b..8fc2b84f52 100644
|
||||
--- a/Lib/test/test_sysconfig.py
|
||||
+++ b/Lib/test/test_sysconfig.py
|
||||
@@ -110,8 +110,19 @@ def test_get_path(self):
|
||||
|
@ -153,7 +153,7 @@ index b6dbf3d52c..4f06a7673c 100644
|
|||
os.path.normpath(expected),
|
||||
)
|
||||
|
||||
@@ -335,7 +346,7 @@ def test_get_config_h_filename(self):
|
||||
@@ -344,7 +355,7 @@ def test_get_config_h_filename(self):
|
||||
self.assertTrue(os.path.isfile(config_h), config_h)
|
||||
|
||||
def test_get_scheme_names(self):
|
||||
|
@ -162,7 +162,7 @@ index b6dbf3d52c..4f06a7673c 100644
|
|||
if HAS_USER_BASE:
|
||||
wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
|
||||
self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
|
||||
@@ -347,6 +358,8 @@ def test_symlink(self): # Issue 7880
|
||||
@@ -356,6 +367,8 @@ def test_symlink(self): # Issue 7880
|
||||
cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
|
||||
self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))
|
||||
|
||||
|
|
|
@ -750,7 +750,7 @@ index 8b4f920..20ef96c 100644
|
|||
raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).__name__)
|
||||
|
||||
if not digestmod:
|
||||
raise TypeError("Missing required parameter 'digestmod'.")
|
||||
raise TypeError("Missing required argument 'digestmod'.")
|
||||
|
||||
- if _hashopenssl and isinstance(digestmod, (str, _functype)):
|
||||
+ if _hashopenssl.get_fips_mode() or (_hashopenssl and isinstance(digestmod, (str, _functype))):
|
||||
|
|
|
@ -16,10 +16,10 @@ https://github.com/GrahamDumpleton/mod_wsgi/issues/730
|
|||
2 files changed, 8 insertions(+), 50 deletions(-)
|
||||
|
||||
diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py
|
||||
index 756d5e329f..5d09775efc 100644
|
||||
index 2e4b860b97..3066b23ee1 100644
|
||||
--- a/Lib/test/test_threading.py
|
||||
+++ b/Lib/test/test_threading.py
|
||||
@@ -1007,39 +1007,6 @@ def noop(): pass
|
||||
@@ -1100,39 +1100,6 @@ def noop(): pass
|
||||
threading.Thread(target=noop).start()
|
||||
# Thread.join() is not called
|
||||
|
||||
|
@ -56,14 +56,14 @@ index 756d5e329f..5d09775efc 100644
|
|||
- self.assertEqual(out, b'')
|
||||
- self.assertEqual(err, b'')
|
||||
-
|
||||
def test_start_new_thread_at_exit(self):
|
||||
def test_start_new_thread_at_finalization(self):
|
||||
code = """if 1:
|
||||
import atexit
|
||||
import _thread
|
||||
diff --git a/Lib/threading.py b/Lib/threading.py
|
||||
index 8dcaf8ca6a..ed0b0f4632 100644
|
||||
index 98cb43c697..ee647f8549 100644
|
||||
--- a/Lib/threading.py
|
||||
+++ b/Lib/threading.py
|
||||
@@ -1586,29 +1586,20 @@ def _shutdown():
|
||||
@@ -1585,29 +1585,20 @@ def _shutdown():
|
||||
|
||||
global _SHUTTING_DOWN
|
||||
_SHUTTING_DOWN = True
|
||||
|
|
|
@ -0,0 +1,243 @@
|
|||
From 73d2995223c725638d53b9cb8e1d26b82daf0874 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <encukou@gmail.com>
|
||||
Date: Mon, 6 Mar 2023 17:24:24 +0100
|
||||
Subject: [PATCH] CVE-2007-4559, PEP-706: Add filters for tarfile extraction
|
||||
(downstream)
|
||||
|
||||
Add and test RHEL-specific ways of configuring the default behavior: environment
|
||||
variable and config file.
|
||||
---
|
||||
Lib/tarfile.py | 47 +++++++++++++--
|
||||
Lib/test/test_shutil.py | 2 +-
|
||||
Lib/test/test_tarfile.py | 123 ++++++++++++++++++++++++++++++++++++++-
|
||||
3 files changed, 163 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/Lib/tarfile.py b/Lib/tarfile.py
|
||||
index 02f5e3b..f7109f3 100755
|
||||
--- a/Lib/tarfile.py
|
||||
+++ b/Lib/tarfile.py
|
||||
@@ -71,6 +71,13 @@ __all__ = ["TarFile", "TarInfo", "is_tarfile", "TarError", "ReadError",
|
||||
"OutsideDestinationError", "SpecialFileError", "AbsolutePathError",
|
||||
"LinkOutsideDestinationError"]
|
||||
|
||||
+# If true, use the safer (but backwards-incompatible) 'tar' extraction filter,
|
||||
+# rather than 'fully_trusted', by default.
|
||||
+# The emitted warning is changed to match.
|
||||
+_RH_SAFER_DEFAULT = True
|
||||
+
|
||||
+# System-wide configuration file
|
||||
+_CONFIG_FILENAME = '/etc/python/tarfile.cfg'
|
||||
|
||||
#---------------------------------------------------------
|
||||
# tar constants
|
||||
@@ -2217,11 +2224,41 @@ class TarFile(object):
|
||||
if filter is None:
|
||||
filter = self.extraction_filter
|
||||
if filter is None:
|
||||
- warnings.warn(
|
||||
- 'Python 3.14 will, by default, filter extracted tar '
|
||||
- + 'archives and reject files or modify their metadata. '
|
||||
- + 'Use the filter argument to control this behavior.',
|
||||
- DeprecationWarning)
|
||||
+ name = os.environ.get('PYTHON_TARFILE_EXTRACTION_FILTER')
|
||||
+ if name is None:
|
||||
+ try:
|
||||
+ file = bltn_open(_CONFIG_FILENAME)
|
||||
+ except FileNotFoundError:
|
||||
+ pass
|
||||
+ else:
|
||||
+ import configparser
|
||||
+ conf = configparser.ConfigParser(
|
||||
+ interpolation=None,
|
||||
+ comment_prefixes=('#', ),
|
||||
+ )
|
||||
+ with file:
|
||||
+ conf.read_file(file)
|
||||
+ name = conf.get('tarfile',
|
||||
+ 'PYTHON_TARFILE_EXTRACTION_FILTER',
|
||||
+ fallback='')
|
||||
+ if name:
|
||||
+ try:
|
||||
+ filter = _NAMED_FILTERS[name]
|
||||
+ except KeyError:
|
||||
+ raise ValueError(f"filter {filter!r} not found") from None
|
||||
+ self.extraction_filter = filter
|
||||
+ return filter
|
||||
+ if _RH_SAFER_DEFAULT:
|
||||
+ warnings.warn(
|
||||
+ 'The default behavior of tarfile extraction has been '
|
||||
+ + 'changed to disallow common exploits '
|
||||
+ + '(including CVE-2007-4559). '
|
||||
+ + 'By default, absolute/parent paths are disallowed '
|
||||
+ + 'and some mode bits are cleared. '
|
||||
+ + 'See https://access.redhat.com/articles/7004769 '
|
||||
+ + 'for more details.',
|
||||
+ RuntimeWarning)
|
||||
+ return tar_filter
|
||||
return fully_trusted_filter
|
||||
if isinstance(filter, str):
|
||||
raise TypeError(
|
||||
diff --git a/Lib/test/test_shutil.py b/Lib/test/test_shutil.py
|
||||
index 5fd8fb4..501da8f 100644
|
||||
--- a/Lib/test/test_shutil.py
|
||||
+++ b/Lib/test/test_shutil.py
|
||||
@@ -1950,7 +1950,7 @@ class TestArchives(BaseTest, unittest.TestCase):
|
||||
self.check_unpack_archive(format, filter='fully_trusted')
|
||||
self.check_unpack_archive(format, filter='data')
|
||||
with warnings_helper.check_warnings(
|
||||
- ('Python 3.14', DeprecationWarning)):
|
||||
+ ('.*CVE-2007-4559', RuntimeWarning)):
|
||||
self.check_unpack_archive(format)
|
||||
|
||||
def test_unpack_archive_tar(self):
|
||||
diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
|
||||
index c5fc76d..397e334 100644
|
||||
--- a/Lib/test/test_tarfile.py
|
||||
+++ b/Lib/test/test_tarfile.py
|
||||
@@ -3097,8 +3097,8 @@ class NoneInfoExtractTests(ReadTest):
|
||||
tar.errorlevel = 0
|
||||
with ExitStack() as cm:
|
||||
if cls.extraction_filter is None:
|
||||
- cm.enter_context(warnings.catch_warnings(
|
||||
- action="ignore", category=DeprecationWarning))
|
||||
+ cm.enter_context(warnings.catch_warnings())
|
||||
+ warnings.simplefilter(action="ignore", category=RuntimeWarning)
|
||||
tar.extractall(cls.control_dir, filter=cls.extraction_filter)
|
||||
tar.close()
|
||||
cls.control_paths = set(
|
||||
@@ -3919,7 +3919,7 @@ class TestExtractionFilters(unittest.TestCase):
|
||||
with ArchiveMaker() as arc:
|
||||
arc.add('foo')
|
||||
with warnings_helper.check_warnings(
|
||||
- ('Python 3.14', DeprecationWarning)):
|
||||
+ ('.*CVE-2007-4559', RuntimeWarning)):
|
||||
with self.check_context(arc.open(), None):
|
||||
self.expect_file('foo')
|
||||
|
||||
@@ -4089,6 +4089,123 @@ class TestExtractionFilters(unittest.TestCase):
|
||||
self.expect_exception(TypeError) # errorlevel is not int
|
||||
|
||||
|
||||
+ @contextmanager
|
||||
+ def rh_config_context(self, config_lines=None):
|
||||
+ """Set up for testing various ways of overriding the default filter
|
||||
+
|
||||
+ return a triple with:
|
||||
+ - temporary directory
|
||||
+ - EnvironmentVarGuard()
|
||||
+ - a test archive for use with check_* methods below
|
||||
+
|
||||
+ If config_lines is given, write them to the config file. Otherwise
|
||||
+ the config file is missing.
|
||||
+ """
|
||||
+ tempdir = pathlib.Path(TEMPDIR) / 'tmp'
|
||||
+ configfile = tempdir / 'tarfile.cfg'
|
||||
+ with ArchiveMaker() as arc:
|
||||
+ arc.add('good')
|
||||
+ arc.add('ugly', symlink_to='/etc/passwd')
|
||||
+ arc.add('../bad')
|
||||
+ with (
|
||||
+ os_helper.temp_dir(tempdir),
|
||||
+ support.swap_attr(tarfile, '_CONFIG_FILENAME', str(configfile)),
|
||||
+ os_helper.EnvironmentVarGuard() as env,
|
||||
+ arc.open() as tar,
|
||||
+ ):
|
||||
+ if config_lines is not None:
|
||||
+ with configfile.open('w') as f:
|
||||
+ for line in config_lines:
|
||||
+ print(line, file=f)
|
||||
+ yield tempdir, env, tar
|
||||
+
|
||||
+ def check_rh_default_behavior(self, tar, tempdir):
|
||||
+ """Check RH default: warn and refuse to extract dangerous files."""
|
||||
+ with (
|
||||
+ warnings_helper.check_warnings(
|
||||
+ ('.*CVE-2007-4559', RuntimeWarning)),
|
||||
+ self.assertRaises(tarfile.OutsideDestinationError),
|
||||
+ ):
|
||||
+ tar.extractall(tempdir / 'outdir')
|
||||
+
|
||||
+ def check_trusted_default(self, tar, tempdir):
|
||||
+ """Check 'fully_trusted' is configured as the default filter."""
|
||||
+ with (
|
||||
+ warnings_helper.check_no_warnings(self),
|
||||
+ ):
|
||||
+ tar.extractall(tempdir / 'outdir')
|
||||
+ self.assertTrue((tempdir / 'outdir/good').exists())
|
||||
+ self.assertEqual((tempdir / 'outdir/ugly').readlink(),
|
||||
+ pathlib.Path('/etc/passwd'))
|
||||
+ self.assertTrue((tempdir / 'bad').exists())
|
||||
+
|
||||
+ def test_rh_default_no_conf(self):
|
||||
+ with self.rh_config_context() as (tempdir, env, tar):
|
||||
+ self.check_rh_default_behavior(tar, tempdir)
|
||||
+
|
||||
+ def test_rh_default_from_file(self):
|
||||
+ lines = ['[tarfile]', 'PYTHON_TARFILE_EXTRACTION_FILTER=fully_trusted']
|
||||
+ with self.rh_config_context(lines) as (tempdir, env, tar):
|
||||
+ self.check_trusted_default(tar, tempdir)
|
||||
+
|
||||
+ def test_rh_empty_config_file(self):
|
||||
+ """Empty config file -> default behavior"""
|
||||
+ lines = []
|
||||
+ with self.rh_config_context(lines) as (tempdir, env, tar):
|
||||
+ self.check_rh_default_behavior(tar, tempdir)
|
||||
+
|
||||
+ def test_empty_config_section(self):
|
||||
+ """Empty section in config file -> default behavior"""
|
||||
+ lines = ['[tarfile]']
|
||||
+ with self.rh_config_context(lines) as (tempdir, env, tar):
|
||||
+ self.check_rh_default_behavior(tar, tempdir)
|
||||
+
|
||||
+ def test_rh_default_empty_config_option(self):
|
||||
+ """Empty option value in config file -> default behavior"""
|
||||
+ lines = ['[tarfile]', 'PYTHON_TARFILE_EXTRACTION_FILTER=']
|
||||
+ with self.rh_config_context(lines) as (tempdir, env, tar):
|
||||
+ self.check_rh_default_behavior(tar, tempdir)
|
||||
+
|
||||
+ def test_bad_config_option(self):
|
||||
+ """Bad option value in config file -> ValueError"""
|
||||
+ lines = ['[tarfile]', 'PYTHON_TARFILE_EXTRACTION_FILTER=unknown!']
|
||||
+ with self.rh_config_context(lines) as (tempdir, env, tar):
|
||||
+ with self.assertRaises(ValueError):
|
||||
+ tar.extractall(tempdir / 'outdir')
|
||||
+
|
||||
+ def test_default_from_envvar(self):
|
||||
+ with self.rh_config_context() as (tempdir, env, tar):
|
||||
+ env['PYTHON_TARFILE_EXTRACTION_FILTER'] = 'fully_trusted'
|
||||
+ self.check_trusted_default(tar, tempdir)
|
||||
+
|
||||
+ def test_empty_envvar(self):
|
||||
+ """Empty env variable -> default behavior"""
|
||||
+ with self.rh_config_context() as (tempdir, env, tar):
|
||||
+ env['PYTHON_TARFILE_EXTRACTION_FILTER'] = ''
|
||||
+ self.check_rh_default_behavior(tar, tempdir)
|
||||
+
|
||||
+ def test_bad_envvar(self):
|
||||
+ with self.rh_config_context() as (tempdir, env, tar):
|
||||
+ env['PYTHON_TARFILE_EXTRACTION_FILTER'] = 'unknown!'
|
||||
+ with self.assertRaises(ValueError):
|
||||
+ tar.extractall(tempdir / 'outdir')
|
||||
+
|
||||
+ def test_envvar_overrides_file(self):
|
||||
+ lines = ['[tarfile]', 'PYTHON_TARFILE_EXTRACTION_FILTER=data']
|
||||
+ with self.rh_config_context(lines) as (tempdir, env, tar):
|
||||
+ env['PYTHON_TARFILE_EXTRACTION_FILTER'] = 'fully_trusted'
|
||||
+ self.check_trusted_default(tar, tempdir)
|
||||
+
|
||||
+ def test_monkeypatch_overrides_envvar(self):
|
||||
+ with self.rh_config_context(None) as (tempdir, env, tar):
|
||||
+ env['PYTHON_TARFILE_EXTRACTION_FILTER'] = 'data'
|
||||
+ with support.swap_attr(
|
||||
+ tarfile.TarFile, 'extraction_filter',
|
||||
+ staticmethod(tarfile.fully_trusted_filter)
|
||||
+ ):
|
||||
+ self.check_trusted_default(tar, tempdir)
|
||||
+
|
||||
+
|
||||
class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase):
|
||||
testdir = os.path.join(TEMPDIR, "testoverwrite")
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -72,7 +72,7 @@ index 345b64001c..d693a9bc39 100644
|
|||
.. function:: parsedate(date)
|
||||
|
||||
diff --git a/Lib/email/utils.py b/Lib/email/utils.py
|
||||
index 81da5394ea..43c3627fca 100644
|
||||
index aa949aa933..af2fb14754 100644
|
||||
--- a/Lib/email/utils.py
|
||||
+++ b/Lib/email/utils.py
|
||||
@@ -48,6 +48,7 @@
|
||||
|
@ -81,7 +81,7 @@ index 81da5394ea..43c3627fca 100644
|
|||
|
||||
+
|
||||
def _has_surrogates(s):
|
||||
"""Return True if s contains surrogate-escaped binary data."""
|
||||
"""Return True if s may contain surrogate-escaped binary data."""
|
||||
# This check is based on the fact that unless there are surrogates, utf8
|
||||
@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'):
|
||||
return address
|
||||
|
@ -255,7 +255,7 @@ index 81da5394ea..43c3627fca 100644
|
|||
|
||||
|
||||
diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py
|
||||
index 2a237095b9..4672b790d8 100644
|
||||
index a373c53c7c..c616398eb1 100644
|
||||
--- a/Lib/test/test_email/test_email.py
|
||||
+++ b/Lib/test/test_email/test_email.py
|
||||
@@ -16,6 +16,7 @@
|
||||
|
@ -266,7 +266,7 @@ index 2a237095b9..4672b790d8 100644
|
|||
|
||||
from email.charset import Charset
|
||||
from email.generator import Generator, DecodedGenerator, BytesGenerator
|
||||
@@ -3337,15 +3338,137 @@ def test_getaddresses_comma_in_name(self):
|
||||
@@ -3352,15 +3353,137 @@ def test_getaddresses_comma_in_name(self):
|
||||
],
|
||||
)
|
||||
|
||||
|
@ -412,7 +412,7 @@ index 2a237095b9..4672b790d8 100644
|
|||
|
||||
def test_getaddresses_embedded_comment(self):
|
||||
"""Test proper handling of a nested comment"""
|
||||
@@ -3536,6 +3659,54 @@ def test_mime_classes_policy_argument(self):
|
||||
@@ -3551,6 +3674,54 @@ def test_mime_classes_policy_argument(self):
|
||||
m = cls(*constructor, policy=email.policy.default)
|
||||
self.assertIs(m.policy, email.policy.default)
|
||||
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
From 60d40d7095983e0bc23a103b2050adc519dc7fe3 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Fri, 3 May 2024 14:17:48 +0200
|
||||
Subject: [PATCH] Expect failures in tests not working properly with expat with
|
||||
a fixed CVE in RHEL
|
||||
|
||||
---
|
||||
Lib/test/test_pyexpat.py | 1 +
|
||||
Lib/test/test_sax.py | 1 +
|
||||
Lib/test/test_xml_etree.py | 3 +++
|
||||
3 files changed, 5 insertions(+)
|
||||
|
||||
diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py
|
||||
index 43cbd27..27b1502 100644
|
||||
--- a/Lib/test/test_pyexpat.py
|
||||
+++ b/Lib/test/test_pyexpat.py
|
||||
@@ -793,6 +793,7 @@ class ReparseDeferralTest(unittest.TestCase):
|
||||
|
||||
self.assertEqual(started, ['doc'])
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_reparse_deferral_disabled(self):
|
||||
started = []
|
||||
|
||||
diff --git a/Lib/test/test_sax.py b/Lib/test/test_sax.py
|
||||
index 9b3014a..646c92d 100644
|
||||
--- a/Lib/test/test_sax.py
|
||||
+++ b/Lib/test/test_sax.py
|
||||
@@ -1240,6 +1240,7 @@ class ExpatReaderTest(XmlTestBase):
|
||||
|
||||
self.assertEqual(result.getvalue(), start + b"<doc></doc>")
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_flush_reparse_deferral_disabled(self):
|
||||
result = BytesIO()
|
||||
xmlgen = XMLGenerator(result)
|
||||
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
|
||||
index 9c382d1..62f2871 100644
|
||||
--- a/Lib/test/test_xml_etree.py
|
||||
+++ b/Lib/test/test_xml_etree.py
|
||||
@@ -1424,9 +1424,11 @@ class XMLPullParserTest(unittest.TestCase):
|
||||
self.assert_event_tags(parser, [('end', 'root')])
|
||||
self.assertIsNone(parser.close())
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_simple_xml_chunk_1(self):
|
||||
self.test_simple_xml(chunk_size=1, flush=True)
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_simple_xml_chunk_5(self):
|
||||
self.test_simple_xml(chunk_size=5, flush=True)
|
||||
|
||||
@@ -1651,6 +1653,7 @@ class XMLPullParserTest(unittest.TestCase):
|
||||
|
||||
self.assert_event_tags(parser, [('end', 'doc')])
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_flush_reparse_deferral_disabled(self):
|
||||
parser = ET.XMLPullParser(events=('start', 'end'))
|
||||
|
||||
--
|
||||
2.44.0
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Karolina Surma <ksurma@redhat.com>
|
||||
Date: Wed, 10 Apr 2024 15:35:04 +0200
|
||||
Subject: [PATCH] 00425: Only check for 'test/wheeldata' when it's actually
|
||||
used
|
||||
|
||||
We build Python in Fedora 39+ with option `--with-wheel-pkg-dir`
|
||||
pointing to a custom wheel directory and delete the contents of
|
||||
upstream's `test/wheeldata`. Don't include the directory in the test set
|
||||
if the wheels are used from a different location.
|
||||
---
|
||||
Lib/test/test_tools/test_makefile.py | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/Lib/test/test_tools/test_makefile.py b/Lib/test/test_tools/test_makefile.py
|
||||
index 17a1a6d0d3..9ce874033d 100644
|
||||
--- a/Lib/test/test_tools/test_makefile.py
|
||||
+++ b/Lib/test/test_tools/test_makefile.py
|
||||
@@ -66,6 +66,9 @@ def test_makefile_test_folders(self):
|
||||
)
|
||||
used.append(relpath)
|
||||
|
||||
+ if sysconfig.get_config_var('WHEEL_PKG_DIR'):
|
||||
+ test_dirs.remove('test/wheeldata')
|
||||
+
|
||||
# Check that there are no extra entries:
|
||||
unique_test_dirs = set(test_dirs)
|
||||
self.assertSetEqual(unique_test_dirs, set(used))
|
|
@ -16,12 +16,12 @@ URL: https://www.python.org/
|
|||
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
%global general_version %{pybasever}.1
|
||||
%global general_version %{pybasever}.3
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 3%{?dist}
|
||||
License: Python
|
||||
Release: 1%{?dist}
|
||||
License: Python-2.0.1
|
||||
|
||||
|
||||
# ==================================
|
||||
|
@ -66,18 +66,18 @@ License: Python
|
|||
# If the rpmwheels condition is disabled, we use the bundled wheel packages
|
||||
# from Python with the versions below.
|
||||
# This needs to be manually updated when we update Python.
|
||||
%global pip_version 23.2.1
|
||||
%global pip_version 24.0
|
||||
%global setuptools_version 67.6.1
|
||||
%global wheel_version 0.40.0
|
||||
# All of those also include a list of indirect bundled libs:
|
||||
# pip
|
||||
# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt)
|
||||
%global pip_bundled_provides %{expand:
|
||||
Provides: bundled(python3dist(cachecontrol)) = 0.12.11
|
||||
Provides: bundled(python3dist(certifi)) = 2023.5.7
|
||||
Provides: bundled(python3dist(cachecontrol)) = 0.13.1
|
||||
Provides: bundled(python3dist(certifi)) = 2023.7.22
|
||||
Provides: bundled(python3dist(chardet)) = 5.1
|
||||
Provides: bundled(python3dist(colorama)) = 0.4.6
|
||||
Provides: bundled(python3dist(distlib)) = 0.3.6
|
||||
Provides: bundled(python3dist(distlib)) = 0.3.8
|
||||
Provides: bundled(python3dist(distro)) = 1.8
|
||||
Provides: bundled(python3dist(idna)) = 3.4
|
||||
Provides: bundled(python3dist(msgpack)) = 1.0.5
|
||||
|
@ -93,8 +93,9 @@ Provides: bundled(python3dist(setuptools)) = 68
|
|||
Provides: bundled(python3dist(six)) = 1.16
|
||||
Provides: bundled(python3dist(tenacity)) = 8.2.2
|
||||
Provides: bundled(python3dist(tomli)) = 2.0.1
|
||||
Provides: bundled(python3dist(truststore)) = 0.8
|
||||
Provides: bundled(python3dist(typing-extensions)) = 4.7.1
|
||||
Provides: bundled(python3dist(urllib3)) = 1.26.16
|
||||
Provides: bundled(python3dist(urllib3)) = 1.26.17
|
||||
Provides: bundled(python3dist(webencodings)) = 0.5.1
|
||||
}
|
||||
# setuptools
|
||||
|
@ -116,7 +117,7 @@ Provides: bundled(python3dist(typing-extensions)) = 4.4
|
|||
Provides: bundled(python3dist(zipp)) = 3.7
|
||||
}
|
||||
# wheel
|
||||
# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheel-*.whl wheel/vendored/vendor.txt)
|
||||
# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheeldata/wheel-*.whl wheel/vendored/vendor.txt)
|
||||
%global wheel_bundled_provides %{expand:
|
||||
Provides: bundled(python3dist(packaging)) = 23
|
||||
}
|
||||
|
@ -370,6 +371,12 @@ Patch329: 00329-fips.patch
|
|||
# https://github.com/GrahamDumpleton/mod_wsgi/issues/730
|
||||
Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch
|
||||
|
||||
# 00397 #
|
||||
# Red Hat configuration for tarfile extraction (CVE-2007-4559, PEP-706)
|
||||
# see KB for documentation:
|
||||
# - https://access.redhat.com/articles/7004769
|
||||
Patch397: 00397-tarfile-filter.patch
|
||||
|
||||
# 00415 # 83e0fc3ec7bc38055c536f482578a10f6efcc08c
|
||||
# [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (#111116)
|
||||
#
|
||||
|
@ -379,6 +386,22 @@ Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-g
|
|||
# Thomas Dwyer.
|
||||
Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch
|
||||
|
||||
# 00422 # a353cebef737c41420dc7ae2469dd657371b8881
|
||||
# Fix tests for XMLPullParser with Expat 2.6.0
|
||||
#
|
||||
# Feeding the parser by too small chunks defers parsing to prevent
|
||||
# CVE-2023-52425. Future versions of Expat may be more reactive.
|
||||
Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
|
||||
|
||||
# 00425 # a563ac3076a00f0f48b3f94ff63d91d37cb4f1e9
|
||||
# Only check for 'test/wheeldata' when it's actually used
|
||||
#
|
||||
# We build Python in Fedora 39+ with option `--with-wheel-pkg-dir`
|
||||
# pointing to a custom wheel directory and delete the contents of
|
||||
# upstream's `test/wheeldata`. Don't include the directory in the test set
|
||||
# if the wheels are used from a different location.
|
||||
Patch425: 00425-only-check-for-test-wheeldata-when-it-s-actually-used.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||
|
@ -704,13 +727,13 @@ The debug runtime additionally supports debug builds of C-API extensions
|
|||
# setuptools.whl does not contain the vendored.txt files
|
||||
if [ -f %{_rpmconfigdir}/pythonbundles.py ]; then
|
||||
%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) --compare-with '%pip_bundled_provides'
|
||||
%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheel-*.whl wheel/vendored/vendor.txt) --compare-with '%wheel_bundled_provides'
|
||||
%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheeldata/wheel-*.whl wheel/vendored/vendor.txt) --compare-with '%wheel_bundled_provides'
|
||||
fi
|
||||
|
||||
%if %{with rpmwheels}
|
||||
rm Lib/ensurepip/_bundled/pip-%{pip_version}-py3-none-any.whl
|
||||
rm Lib/test/setuptools-%{setuptools_version}-py3-none-any.whl
|
||||
rm Lib/test/wheel-%{wheel_version}-py3-none-any.whl
|
||||
rm Lib/test/wheeldata/setuptools-%{setuptools_version}-py3-none-any.whl
|
||||
rm Lib/test/wheeldata/wheel-%{wheel_version}-py3-none-any.whl
|
||||
%endif
|
||||
|
||||
# Remove all exe files to ensure we are not shipping prebuilt binaries
|
||||
|
@ -1336,10 +1359,6 @@ CheckPython optimized
|
|||
%{dynload_dir}/termios.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/unicodedata.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/_uuid.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/xxlimited.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/xxlimited_35.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/_xxsubinterpreters.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/xxsubtype.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/zlib.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/_zoneinfo.%{SOABI_optimized}.so
|
||||
|
||||
|
@ -1440,12 +1459,6 @@ CheckPython optimized
|
|||
|
||||
%{pylibdir}/zoneinfo
|
||||
|
||||
%dir %{pylibdir}/__phello__/
|
||||
%dir %{pylibdir}/__phello__/__pycache__/
|
||||
%{pylibdir}/__phello__/__init__.py
|
||||
%{pylibdir}/__phello__/spam.py
|
||||
%{pylibdir}/__phello__/__pycache__/*%{bytecode_suffixes}
|
||||
|
||||
%if "%{_lib}" == "lib64"
|
||||
%attr(0755,root,root) %dir %{_prefix}/lib/python%{pybasever}
|
||||
%attr(0755,root,root) %dir %{_prefix}/lib/python%{pybasever}/site-packages
|
||||
|
@ -1540,7 +1553,17 @@ CheckPython optimized
|
|||
%{dynload_dir}/_testmultiphase.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/_testsinglephase.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/_xxinterpchannels.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/_xxsubinterpreters.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/_xxtestfuzz.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/xxlimited.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/xxlimited_35.%{SOABI_optimized}.so
|
||||
%{dynload_dir}/xxsubtype.%{SOABI_optimized}.so
|
||||
|
||||
%dir %{pylibdir}/__phello__/
|
||||
%dir %{pylibdir}/__phello__/__pycache__/
|
||||
%{pylibdir}/__phello__/__init__.py
|
||||
%{pylibdir}/__phello__/spam.py
|
||||
%{pylibdir}/__phello__/__pycache__/*%{bytecode_suffixes}
|
||||
|
||||
# We don't bother splitting the debug build out into further subpackages:
|
||||
# if you need it, you're probably a developer.
|
||||
|
@ -1622,10 +1645,6 @@ CheckPython optimized
|
|||
%{dynload_dir}/termios.%{SOABI_debug}.so
|
||||
%{dynload_dir}/unicodedata.%{SOABI_debug}.so
|
||||
%{dynload_dir}/_uuid.%{SOABI_debug}.so
|
||||
%{dynload_dir}/xxlimited.%{SOABI_debug}.so
|
||||
%{dynload_dir}/xxlimited_35.%{SOABI_debug}.so
|
||||
%{dynload_dir}/_xxsubinterpreters.%{SOABI_debug}.so
|
||||
%{dynload_dir}/xxsubtype.%{SOABI_debug}.so
|
||||
%{dynload_dir}/zlib.%{SOABI_debug}.so
|
||||
%{dynload_dir}/_zoneinfo.%{SOABI_debug}.so
|
||||
|
||||
|
@ -1662,7 +1681,11 @@ CheckPython optimized
|
|||
%{dynload_dir}/_testmultiphase.%{SOABI_debug}.so
|
||||
%{dynload_dir}/_testsinglephase.%{SOABI_debug}.so
|
||||
%{dynload_dir}/_xxinterpchannels.%{SOABI_debug}.so
|
||||
%{dynload_dir}/_xxsubinterpreters.%{SOABI_debug}.so
|
||||
%{dynload_dir}/_xxtestfuzz.%{SOABI_debug}.so
|
||||
%{dynload_dir}/xxlimited.%{SOABI_debug}.so
|
||||
%{dynload_dir}/xxlimited_35.%{SOABI_debug}.so
|
||||
%{dynload_dir}/xxsubtype.%{SOABI_debug}.so
|
||||
|
||||
%{pylibdir}/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}.py
|
||||
%{pylibdir}/__pycache__/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}%{bytecode_suffixes}
|
||||
|
@ -1690,6 +1713,28 @@ CheckPython optimized
|
|||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Fri May 03 2024 Lumír Balhar <lbalhar@redhat.com> - 3.12.3-1
|
||||
- Update to 3.12.3
|
||||
Related: RHEL-33690
|
||||
|
||||
* Fri May 03 2024 Lumír Balhar <lbalhar@redhat.com> - 3.12.2-3
|
||||
- Move all test modules to the python3-test package, namely:
|
||||
- __phello__
|
||||
- _xxsubinterpreters
|
||||
- xxlimited
|
||||
- xxlimited_35
|
||||
- xxsubtype
|
||||
|
||||
* Fri May 03 2024 Lumír Balhar <lbalhar@redhat.com> - 3.12.2-2
|
||||
- Fix tests for XMLPullParser with Expat with fixed CVE
|
||||
|
||||
* Fri May 03 2024 Lumír Balhar <lbalhar@redhat.com> - 3.12.2-1
|
||||
- Update to 3.12.2
|
||||
Resolves: RHEL-33690
|
||||
|
||||
* Mon Feb 19 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.1-4
|
||||
- Add Red Hat configuration for CVE-2007-4559
|
||||
|
||||
* Thu Jan 18 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.1-3
|
||||
- Support OpenSSL FIPS mode
|
||||
- Disable the builtin hashlib hashes except blake2
|
||||
|
|
4
sources
4
sources
|
@ -1,2 +1,2 @@
|
|||
SHA512 (Python-3.12.1.tar.xz) = 44cf06b89ade692d87ca3105d8e3de5c7ce3f5fb318690fff513cf56f909ff5e0d0f6a0b22ae270b12e1fe3051b1bde3ec786506ec87c810b1d02e92e45dff07
|
||||
SHA512 (Python-3.12.1.tar.xz.asc) = 1c85237b5921fbf940ded4e038d99c8d02682fcb357b5de761eb5bebf94142b308a11654fc6312129663727e2ce1f546fbb5a5a3747d7dc02fc7dced9cb968fd
|
||||
SHA512 (Python-3.12.3.tar.xz) = 4a2213b108e7f1f1525baa8348e68b2a2336d925e60d0a59f0225fc470768a2c8031edafc0b8243f94dbae18afda335ee5adf2785328c2218fd64cbb439f13a4
|
||||
SHA512 (Python-3.12.3.tar.xz.asc) = c291ec5b5e4f8deba867cc517624dd9a174745f04061ef737e58f3d52b9b30318264aec350e339fe88ccb493809ca1a90a378e86d86b8ec4a4f578b1a5843624
|
||||
|
|
Loading…
Reference in New Issue